The federal government is betting on its half-a-billion-dollar national cybersecurity strategy to help make Canada a global hub for the growing cyber protection industry, but advocates warn that goal will be impossible to achieve without addressing Canada’s shortage of skilled cyber talent.

“It’s mission critical,” Katherine Thompson, chair of the Canadian Advanced Technology Alliance’s (CATA) cyber council, told The Hill Times. “I have clients who call me on a daily basis, who are basically pulling their hair out because they can’t find skilled talent.”

Ms. Thompson, who belongs to an association representing a large share of companies in the innovation economy, said there’s a “zero percentage” jobless rate in the cybersecurity industry in Canada right now.

As most Canadians and businesses plug into the internet and digital technology, new threats of hacking and online intrusions have emerged, creating a fast-growing need for cyber protection services. Threats can range from online nuisances to system-wide attacks affecting national security.

Demand for cyber talent, however, has exceeded supply, creating a crunch that experts warn could leave Canada’s homegrown industry trailing behind other countries unless the gap is addressed, never mind the risk of exposing more Canadians to online threats.

Ms. Thompson pointed to a 2017 multi-million-dollar investment by TD and Scotiabank into a cybersecurity innovation hub in Israel as an example.

“You’ve got two large North American banks that say, ‘Hey, I can find more skilled cybersecurity expertise in a country of 8.4 million people than in a continent of 340 million people.’ We have a problem,” Ms. Thompson said.

In June, Public Safety Minister Ralph Goodale (Regina-Wascana, Sask.) provided the public more details on Canada’s five-year $507-million cybersecurity strategy, first announced through the 2018 federal budget, and aimed at modernizing federal governments and providing resources for small businesses.

The strategy acknowledges a “shortage of cybersecurity talent” that makes it difficult for both the federal government and companies operating in Canada to attract and retain the people needed to improve security and prevent cyber attacks.

“Better cybersecurity knowledge and skills are needed. This extends from our children to our elderly, and from our small and medium business owners to our law enforcement agencies and corporate executives,” the strategy reads.

The June release didn’t provide specific solutions to addressing the issue, but at a press conference on June 12, Mr. Goodale had described it then as both a “huge challenge and huge opportunity.”

While void of solutions, Ms. Thompson said the strategy struck the right tone and hit on the right issues. However, she said the federal government ought to play a “supporting role” in enhancing cybersecurity for Canadians, rather than dictating it.

“It’s a strategy, not a solution,” she said. “And for industry, academia, it’s all issues on a daily basis, so we shouldn’t be looking to the federal government to solve them.”

A pillar of the national strategy is a one-stop website offering small- and medium-sized enterprises information on how to secure their businesses. Under the plan, the Canadian Centre for Cyber Security, housed in the Communications Security Establishment, will also cover protection for the entire federal government. It will be headed by Scott Jones, assistant deputy minister of IT security. Legislation is required to enact this national strategy; the government has not yet introduced a bill to do so.

Meanwhile, a recent Deloitte report, commissioned by the Toronto Financial Services Association, found the demand for cyber talent is increasing by seven per cent annually, and estimates that there will be more than 5,000 jobs in the cyber security sector to fill between now and 2021.

The report notes that the skills shortage is happening in other parts of the world as well, but that Canadian schools aren’t training enough people for the growing global field, which is expected to stand at 1.8 million employees by 2022.

Greg Wolfond, CEO of Toronto-based SecureKey, which provides identity and authentication networks for companies and is affiliated with the Council of Canadian Innovators, said even for his company, which is directly focused on cyber protection, finding talent can be a challenge.

“It’s a crunch all over,” said Mr. Wolfond. “It takes you to be diligent and spend the time to get the right people onto your team.

“Demand for [cybersecurity talent], like in all of tech, clearly outstrips supply.”

The federal government currently deploys SecureKey Concierge, an authentication system that allows Canadians to log into more than 80 government sites securely, including the Canada Revenue Agency website.

Mr. Wolfond said the government should look to high school education and getting more students interested in cyber technology. Another issue he noted was Canada’s ability to retain the talent coming out of its universities, with California often seen as an ideal destination for top graduates.

“It’s Cali or bust, right? We’re losing a lot of good talent,” he said.

Ms. Thompson said in the short term, it’s about getting people who already have adequate cyber skills and training and encouraging them to consider careers in digital protection. Over the long term, it’s about “developing the future cyber warrior,” and may require changing school curriculums, she said.

CATA is currently collaborating with the U.S. Department of Commerce on a cross-border Kindergarten-to-Grade 12 strategy called the National Initiative for Cybersecurity Education. The advocacy group will also soon launch a training program targeting veterans, in partnership with the Canadian Armed Forces and Veterans Affairs Canada, and another for recent graduates.

The spectre of electronic intrusion into government IT infrastructure and during elections has also risen against the backdrop of security concerns over foreign companies like Chinese company Huawei’s attempts to get into Canada’s 5G market, as well as Russian meddling during the 2016 U.S. presidential elections. The federal government is currently trying to ready the country for potential cyber meddling during the 2019 federal election.

The RCMP also noted that police departments across Canada have received 24,000 reports of cybercrime in 2016, a 58 per cent increase from 2014. The agency is planning to hire hundreds of workers to staff its $201-million National Cybercrime Coordination Unit, also announced in the 2018 budget, and stakeholders expect it may run into hiring issues. The unit will act as a hub for law enforcement to co-ordinate investigating cyber crimes.

Ms. Thompson also pointed to the lack of data and tracking about the need for cybersecurity in Canada. That’s in comparison the U.S. Department of Commerce, which does tracking so precise there’s a national heat map showing the concentration of unfilled cybersecurity jobs on display in its headquarters in Washington, D.C.

“We simply know we have a gap that’s growing, we just haven’t quantified it,” she said. “It’s kind of like shooting fish in a barrel.”

jlim@hilltimes.com
The Hill Times

Highlights of the National Cybersecurity Strategy

• Creating a new Canadian Centre for Cyber Security, housed within the CSE, to support leadership and collaboration within and between different levels of government, while providing a clear and trusted resource for Canadian citizens and businesses.
• The creation of the National Cybercrime Coordination Unit to expand the RCMP’s capacity to investigate cybercrime, establishing a co-ordination hub for both domestic and international partners.
• An unspecified amount of funding to foster innovation and economic growth, and the development of Canadian cyber talent.

Canada’s cybersecurity industry, at a glance

• Contributes $1.7-billion to Canada’s GDP and employs more than 11,000 people.
• Global cyber security industry forecasted to grow by 66 per cent by 2021.
• The federal government anticipates thousands of cyber protection jobs could be created for Canadians in the years ahead.
• Demand for cyber talent is increasing by seven per cent annually in Canada.
• There will be more than 5,000 jobs in the cyber security sector to fill in Canada between now and 2021.

—Public Safety Canada and Deloitte