Federal Budget 2022: More money for cybersecurity, fighting misinformation

The Liberals have promised to add $875.2 million over five years to the planned government cybersecurity-related spending, according to the latest proposed federal budget.

Announced this afternoon, Budget 2022 also proposes to provide $238.2 million per year after the initial five year period for additional measures to address the rapidly evolving cyber threat landscape. The budget still has to be passed by Parliament.

The spending will include:
–$263.9 million over five years, starting in 2022-23, and $96.5 million annually ongoing to enhance the Communications Security Establishment’s (CSE’s) abilities to launch offensive cyber operations to prevent and defend against cyber attacks. The CSE is a division within the Defence Department that is responsible for protecting federal IT networks;
–$180.3 million over five years, starting in 2022-23, and $40.6 million per year ongoing to enhance CSE’s abilities to prevent and respond to cyberattacks on critical infrastructure;
–$178.7 million over five years, starting in 2022-23, and $39.5 million annually ongoing to expand cyber security protection for small departments, agencies, and Crown corporations; and,
–$252.3 million over five years, starting in 2022-23, and $61.7 million per year ongoing for CSE to make critical government systems more resilient to cyber incidents.

There would also be extra money to help cybersecurity researchers in fields such as quantum computing and artificial intelligence.

The budget proposes $17.7 million over five years, starting in the fiscal 2022-23 year, and an annual $5.5 million thereafter until 2031-32, for CSE to establish a unique research chair program to fund academics conducting research on cutting-edge technologies relevant to CSE’s activities. Researchers awarded these grants will split their time between peer-reviewed publishable research and classified research at CSE.

The budget also proposes funding to fight online misinformation from adversaries. Global Affairs Canada would get $13.4 million over five years, starting in the new fiscal year that begins at the end of April, with $2.8 million per year ongoing after that. The money would go to renew and expand the G7 Rapid Response Mechanism, which was created by the G7 nations in 2019 to confront the threat of disinformation and protect G7 democracies from foreign threats. Since then, says the budget, the program has played a key role in detecting and identifying foreign interference and state-sponsored disinformation against democracies, and also in monitoring federal elections in Canada.

To support Canadian research to combat misinformation and disinformation, the budget proposes giving the Privy Council Office $10 million over five years to continue co-ordinating, developing, and implementing government-wide measures designed to fight these threats. The Privy Council is the secretariat to the cabinet, and the clerk of the Privy Council is the head of the civil service.

David Shipley, CEO of New Brunswick’s Beauceron Security, said he is glad to see extra spending for both offensive and defensive cyber operations. The additional funding to prevent and respond to attacks on critical infrastructure, including hospitals, is also welcome. “I would like to have seen funding made available directly to hospitals instead of just bolstering CSE’s capability,” he added. “The budget did identify funding for higher education institutions to protect research, which is a win and a model for what should be done for hospitals.”

The biggest challenge for federal and private sector co-operation, particularly with critical infrastructure, is the lack of mandatory breach reporting to the CSE in addition to a federal or provincial privacy commissioner, and liability protection similar to laws passed in the U.S., he noted. “CSE can have all the talent, tech and money in the world but if a critical infrastructure provider doesn’t tell them about a breach or agree to have them assist, it’s not going to amount to much.”

“I was also hoping to see more money to directly help small and medium-size businesses with the growing cost of getting cyber secure. There’s clearly more work to be done to make it easier for them to afford enhancing their security, particularly at a time when they’re coming out of the pandemic and trying to rebuild their businesses.”

However, he would have liked to see at least some funding go to Canadian small and medium-sized businesses as well as municipalities to help improve their cybersecurity posture. “It’s good to invest money directly into federal departments such as CSE, but we should be trying to improve the security of small and medium businesses and municipalities,” he said in an interview. “They’re the ones that get hit the most.”

Comments are closed.