Bulletin

Cyber Security Certification Is Coming – What It Means for Canadian Defence Contractors

Reading Time 2 minute read
Share

Overview

Procurement Bulletin

Officially announced by (former) Minister of National Defence, Anita Anand at CANSEC 2023, the Canadian Program for Cyber Security Certification  (CP-CSC) will be established as a mandatory cybersecurity requirement for Government of Canada defence contractors. The CP-CSC aims to protect government data stored on third party systems, networks, and applications, in response to the growing number of cybersecurity attacks within Canada, including those targeting government and defence contractors.

Established though collaboration between Public Services and Procurement Canada, National Defence, and the Standards Council of Canada, the CP-CSC will align with Canada’s National Cyber Security Action Plan as well as its National Cyber Security Strategy goals [1]

The federal government allocated $25 million over three years for the creation of CP-CSC in Budget 2023.

Readers should note that consultations with the defense industry and other key players are expected to start in the coming months [2].

What Will It Do?

The CP-CSC will:

  • apply to select Canadian contracts on the basis of a risk framework, starting with defence contracts.
  • assist and expand the Canadian cyber security industry by creating a “sustainable and scalable solution” for cyber security certification.
  • introduce a Canadian Industrial Cyber Security Standard based on the standards established by the National Institute of Standards and Technology (NIST), to ensure it is developed “in lockstep” with the United-States’ cyber security certification.
  • allow for mutual recognition of certification between the two countries and internationally.
  • increase the baseline for cyber security of Canadian industry as a whole.
  • support the operational demands of the Canadian Armed Forces by maintaining supplier system integrity.

What’s Next and What to Expect

Although scheduled for release in July 2023, and identified for implementation in late 2024, as of the date of publication, the policy is not yet available. 

For small and medium-sized suppliers (SMEs), the Standards Council of Canada will offer voluntary cyber security certifications under the existing CyberSecure Canada standard.

Though it is not clear how Canada’s support to Ukraine will be covered under the CP-CSC, it is likely that much of Canada’s technical aid to Ukraine will be provided within the scope of this new defence policy.

[2] Consultation notices will be posted on the Government Electronic Tendering Service (GETS): CanadaBuys website.

Contact the Authors

For more information or to discuss a particular matter, please contact us.

Contact the Authors

Authors

  • Christopher Little, Associate | International Trade and Investment Law, Ottawa, ON | Toronto, ON, +1 613 696 6928, [email protected]
  • Marcia Mills, Partner | Co-Leader, National Security and Defence Group, Ottawa, ON | Toronto, ON, +1 613 696 6881, [email protected]
Christopher Little Ottawa Lawyer Christopher Little Associate | International Trade and Investment Law Ottawa, ON Toronto, ON +1 613 696 6928
Marcia Mills Ottawa Lawyer Marcia Mills Partner | Co-Leader, National Security and Defence Group Ottawa, ON Toronto, ON +1 613 696 6881
+1 416 943 8928

    You might be interested in...

    • Fostering a More Inclusive economy - $25 Million Allocated by the Federal Government for a New 2SLGBTQI+ Entrepreneurship Program, 7/12/2023
    • Clearing the Air: What We Know (And Don’t Know) About Canada’s New Emissions Disclosure Standard for Federal Procurement, 6/1/2023
    • ACPB and AMP: Effective date of amendments to the Act, 5/9/2023
    Upwards shot of empty escalator in front of tall modern buildings Bulletin Fostering a More Inclusive economy - $25 Million Allocated by the Federal Government for a New 2SLGBTQI+ Entrepreneurship Program The Federal Government has announced a $25-million investment into an 2SLGBTQI+ Entrepreneurship Program [1] (“the Program”) to increase opportunities in procurement, financing and mentorship for businesses owned by those with diverse sexualities and gender identities. The Program augments the Fe... Read more
    Stairs Bulletin Clearing the Air: What We Know (And Don’t Know) About Canada’s New Emissions Disclosure Standard for Federal Procurement The Standard on the Disclosure of Greenhouse Gas Emissions and the Setting of Reduction Targets (Standard) in federal procurement came into effect on 1 April 2023. The Standard is part of the Greening Government Strategy: A Government of Canada Directive. The Standard sets out requirements for fe... Read more
    modern architecture Bulletin ACPB and AMP: Effective date of amendments to the Act On June 2, 2023, the latest amendments to the Act respecting contracting by public bodies (Act) will come into force, specifically those listed below: Annual update requirement (45 days before the anniversary date of the authorization) (section 21.40) Obligation to inform the AMP (Autori... Read more