Canadian Government Executive - Volume 26 - Issue 05

12 / Canadian Government Executive // January/February 2021 cybersecurity Each layer of this approach builds upon one another and serves as a reinforced feedback loop. However, should there be a new emerging threat that stands to evade current practices, newly revised legislation would need to take shape and reinforced again right down to how em- ployees maintain operations and business continuity. Legislative overhaul Privacy legislation established at the turn of the twenty-first century is no longer in line with the cybersecurity threats that stand to wreak havoc on government insti- tutions and their data. Legislative reform needs to take into consideration these on-going and emerging issues to adapt quickly and appropriately to the changing landscape. How are Canadian laws going to be updated and continuously revised to re- spond and evolve as these shifts occur in real-time? Can there be a readily available mechanism in place to ensure an appro- priate legal response that will protect the rate of innovation, but not compromise on- line data security? The conceptual framework of Devel- opment Legislation Opportunities (Dev- LegisOps) provides a response to the cur- rent and impending security threats that stand to cause immense damage to civilian information. DevLegisOps would entail a more agile and responsive approach, one that considers all avenues, has a desig- nated path for redevelopment and advise- ment, but also continuously looks for im- provement. A special task force or series of committees may need to be established to constantly reinforce this initiative. War for talent becomes heightened The Canadian public sector employs mil- lions of people from coast to coast. As it currently stands, there are millions of cybersecurity roles vacant within govern- ment bodies around the world. This va- cancy rate poses a huge global threat. At the domestic level in Canada, the global pandemic presents a unique opportunity to hire for these numerous gaps in cyber- security roles, given the non-necessity to work in the nation’s capital and utilize the remote work functionality. The faster new talent is hired, on-boarded, and trained, the better-equipped governments will be to prepare and respond in the event of a breach. Is your cyber hygiene up to code? More than ever, ensuring government sector employees have a thorough under- standing of the foundational principles of cyber protection is paramount. Cyber hygiene refers to a series of best practices for users that help maintain the health of the entire system and protect their identity and the identity of others from being compromised. For instance, when employees are not working in front of their government-issued devices – tab- lets, phones, or laptops, they should make sure these devices are locked and pass- word-protected to ensure illegitimate ac- cess to the intuition’s VPN does not take place. This is ever-more important given the remote access by employees under lockdown conditions caused by the global pandemic. Another means to prevent unwanted ac- cess is to ensure all software is up-to-date, ensuring the latest, legitimate patches are installed regularly. IT departments can ensure these habits are adhered to by properly documenting all active enter- prise equipment and programs and take the necessary steps to close-off accounts and access to employees that leave the organization. Employees should also be prompted to change passwords frequent- ly. These seemingly small steps can reduce the likelihood that a government agency’s network is not breached. What’s next for Canadian government institutions The SolarWinds breach, like countless oth- ers, highlights the implications of our col- lective inaction – a compromised system that is far too accessible for hackers looking to take advantage. But more importantly, SolarWinds should kick start a wide-sweep- ing response across all three government jurisdictions to proactively lobby for more comprehensive and evolving measures to address a cyber threat landscape that shows no signs of slowing down. With the right talent, policy approach, and know- how, the Canadian public sector can take the country in a forward-thinking direc- tion, one that is equipped and empowered to further develop a citizen trust model in the twenty-first century. References: 1. https://www.businessinsider . com/solarwinds-hack-explained- government-agencies-cyber- security-2020-12#:~:text=The%20 victims,left%20them%20 vulnerable%20to%20 hackers.&text=And%20since%20 the%20hack%20was,the%20 Wall%20Street%20Journal%20 reported. 2. Ibid. 3. https://www.priv.gc.ca/en/ opc-news/news-and-an- nouncements/2017/equifax- breach-171019/ 4. https://www.bnnbloomberg.ca/ desjardins-says-employee-who- stole-personal-data-also-ac- cessed-credit-card-info-1.1360652 5. https://www.itworldcanada.com/ article/data-privacy-day-warning- organizations-that-succeed-take- privacy-seriously/426506 6. https://www.paloaltonetworks . com/cyberpedia/what-is-a-zero- trust-architecture 7. Ibid. 8. https://www.fedscoop.com/agen- cies-zero-trust-solarwinds/ 9. https://gcn.com/arti- cles/2021/01/04/solarwinds-pre- vention-remediation.aspx 10.Ibid. 11. https://digitalguardian.com/blog/ what-cyber-hygiene-definition- cyber-hygiene-benefits-best- practices-and-more Brian Chidester is the Principal Indus- try Strategist for Public Sector at OpenText and the host of “The Govern- ment Huddle with Brian Chidester” pod- cast from Government Marketing Uni- versity. He is responsible for growing OpenText’s Public Sector practice while also ensuring the success of its public sector customers. Cyber hygiene refers to a series of best practices for users that help maintain the health of the entire system and protect their identity and the identity of others from being compromised.