GOVERNING DIGITALLY ties and the disconcerting ambivalence of the City’s elected officials. Such incidents and findings are increasingly commonplace across the country – and if the CCCS assessment is correct, they are surely to become more so. To effectively meet the intensifying cyber-security imperative, then, two broad and inter-related governance dimensions of public sector readiness and response must be addressed. Mindset & Political Leadership: As highlighted by the Halifax Auditor General, cyber-security is under appreciated by a political class largely unaware or disinterested. At the federal level, even as the CCCS report underscores the need for wider national actions, the absence of a senior political or professional Office fixated on cybersecurity is a stark and worrisome contrast to Canada’s closest allies, notably the US and Australia. South of the border, President Biden issued an Executive Order on cyber-security in May 2021 which states: ‘The Federal Government must bring to bear the full scope of its authority and resources to protect and secure its computer systems.’ As the Order further observes: ‘In the end, the trust we place in our digital infrastructure should be proportional to how trustworthy and transparent that infrastructure is, and the consequences we will incur if that trust is misplaced.’ As a result, Congress formalized the Office to the National Cyber Director to advise the President and oversee the creation and implementation of the National Cyber Security Strategy released this year. This elevation of cyber-security has also galvanized more systemic openness through an expansion and strengthening of open-source principles, new workforce and skills initiatives, and heightened collaboration with industry. In Australia, there is a federal Cabinet Minister directly responsible for cybersecurity (and the crafting of a new ten-year plan). In June of this year, the Australian Prime Minister appointed the inaugural National Cyber Security Coordinator. This Australian model is particularly important in seeking to better align federalism and ‘national’ leadership. To this end, there are published Cyber Incident Management Arrangements which outline ‘the inter-jurisdictional coordination arrangements, roles and responsibilities, and principles for Australian government’ cooperation in response to national cyber incidents.’ The Office for Cyber-security has also established regional centres to deepen collaboration with state and local governments. To quote from the Australian Minister, the country’s ‘approach to cyber security recognizes that everyone has a role to play when it comes to securing our digital future – from all levels of governments, businesses, and everyday Australians.’ More importantly, such rhetoric is underpinning concrete action. A strong domestic mindset also enables international cooperation. The so-called ‘Quad Leaders’ Summit of May 2023 (bringing together leaders of the US, Australia, India, and Japan) focused directly on shared challenges and priorities: a set of Joint Principles for Cyber-Security and Critical Infrastructure was adopted, along with new research and policy partnerships amongst the four countries to enhance readiness and shared response capabilities. Mechanisms: Collaboration, Skills & Shared Learning The Government of Canada has not been without action, a point underscored by the creation and contributions of CCCS. As the first ever National Cyber Security Strategy from 2018 observes: ‘The federal government, in close collaboration with provinces, territories, and the private sector, will take a leadership role to advance cyber security in Canada and will, in coordination with allies, work to shape the international cyber security environment in Canada’s favour.’ Yet the absence of an explicit leadership architecture devoted to cyber-security is a major constraint. The Government of Canada seemingly, if indirectly, concurs. Last year’s findings of its own internal review of the (now very much dated) 2018 Strategy found significant shortcomings. The evaluation notes that various federal actors with cyber-security responsibilities remain disjointed while externally, the forging of collaborative governance mechanisms has been underwhelming. The Government’s review rightly concludes that ‘a strong and secure digital environment will depend on enhanced collaboration across federal organizations, as well as with a broad range of stakeholders nationally and internationally…. A whole-of-society approach to cyber security must include all imTo effectively meet the intensifying cyber-security imperative, then, two broad and inter-related governance dimensions of public sector readiness and response must be addressed. Winter 2023 // Canadian Government Executive / 25
RkJQdWJsaXNoZXIy NDI0Mzg=