As part of October being cyber security awareness month, The Honourable Vic Toews, Canada’s Minister of Public Safety and the Honourable Christian Paradis, Minister of Natural Resources announced today a $90 million, five year investment to improve cyber security in the Canadian Government, businesses, and regular Canadians (press release). Minister Toews introduced a three-part strategy to both harden Canadian defenses and, more importantly I think, educating all Canadians on how to be safe online:

1. Securing Government systems – Canadians trust Government with their personal and corporate information, and also trust Government to deliver services to them. They also trust that the Government will act to defend Canada’s cyber sovereignty and protect and advance our national security and economic interests. The Government will put in place the necessary structures, tools and personnel to meet its obligations for cyber security.

2. Partnering to secure vital cyber systems outside the federal Government – Canada’s economic prosperity and Canadians’ security depend on the smooth functioning of systems outside the Government. In cooperation with provincial and territorial governments and the private sector, the Government will support initiatives and take steps to strengthen Canada’s cyber resiliency, including that of its critical infrastructure sectors.

3. Helping Canadians to be secure online – The Government will assist Canadians in getting the information they need to protect themselves and their families online, and strengthen the ability of law enforcement agencies to combat cybercrime.

Source: Public Safety Canada

Public Safety Canada has a website with links to what the Government is doing as well as what businesses and regular folks like us can do to be safe online. Minister Toews highlighted both internal threats (privacy, scams, etc) and external threats (foreign governments and others trying to get into government and business systems):

“A secure cyberspace is vital to sustaining and building Canada’s economic advantage. We all have a role to play,” said Minister Paradis. “The Government of Canada is doing its part to help secure Canada’s vital cyber systems, like those that protect our critical energy infrastructure, and to help Canadians protect themselves, their families and their personal information online.”

“The Strategy complements the efforts of the digital economy strategy in Canada and builds upon legislation introduced by the Government, such as anti-spam legislation set out in the Fighting Internet and Wireless Spam Act and amendments to the Criminal Code to create new offences related to obtaining, possessing and trafficking in identity documents or identity information,” said the Honourable Tony Clement, Minister of Industry.

I certainly think the $90 million is a great start towards helping beef up cyber security in Canada, but I wonder if any investment will plug the biggest hole in cyber security:

Us.

Yep, people. I think a lot of us already know that we should use better passwords. Every time the subject comes up the people with terribly passwords pipe right up with “yeah I use the same password for everything…” and that it’s a terrible password to begin with. I can’t even convince my wife to use better passwords, I don’t expect her to go to my level of passwords (almost all random, generated and stored in 1Password), but just something better than what she’s using now (granted she does use numbers and letters, which is better than “password”). Even from a government standpoint, the weak link in the chain for security is always the person who loses their laptop or keeps all their security settings wide open while using unsecured wifi at a coffee shop. The other side of the coin is making security so secure that people will defeat it by just not bothering with it or just doing the little things that make it worthless (like passwords on stickies).

Can the Government of Canada’s investment help? Sure I think so, if nothing else during this short bit of attention maybe more government laptops will get locked down and secured.