Difference between revisions of "ESA Backgrounder (Strategy)"

From wiki
Jump to navigation Jump to search
Line 2: Line 2:
 
[[File:GOC ESA.jpg|center|link=http://www.gcpedia.gc.ca/wiki/Government_of_Canada_Enterprise_Security_Architecture_(ESA)_Program]]
 
[[File:GOC ESA.jpg|center|link=http://www.gcpedia.gc.ca/wiki/Government_of_Canada_Enterprise_Security_Architecture_(ESA)_Program]]
 
<div class="center">
 
<div class="center">
{| style="border: 1px solid #000000; border-image: none;" width="1000px"  
+
{| style="border: 2px solid #000000; border-image: none;" width="1000px"  
 
|-
 
|-
 
! style="background: #e1caf7; color: black" width="175px" scope="col" " | [[Government of Canada Enterprise Security Architecture (ESA) Program|ESA Program Overview]]   
 
! style="background: #e1caf7; color: black" width="175px" scope="col" " | [[Government of Canada Enterprise Security Architecture (ESA) Program|ESA Program Overview]]   

Revision as of 08:36, 2 September 2020

Overview of the ESA Backgrounder

The cyber security threat landscape is complex and evolving, and recent trends indicate that the cyber threats are becoming more persistent, more sophisticated, more difficult to detect, and more difficult to attribute to their source. Furthermore, threat actors are no longer limited to individuals looking for notoriety and include hacktivists, terrorist organizations, organized crime and nation states. It is important to recognize that GC networks and systems are lucrative targets and have already proven to be vulnerable to cyber threats.

The GC is actively taking steps to respond to these threats. In February 2012, a Memorandum to Cabinet that addressed strengthening GC cyber systems was approved. It was followed by the approval of a Treasury Board Submission in April 2012, which included funding to address three areas related to securing GC systems: Improve Our Understanding of the Cyber Threat Landscape, Strengthen Defensive Capabilities, and Establish Incident Response and Recovery Capabilities. These three areas are addressed under the umbrella of the GC Enterprise Security Architecture (ESA) program and are explained in more detail below.

The Strengthening the Security of Federal Cyber Systems: A Backgrounder (aka the "GC ESA Backgrounder"), is an overview of the GC IT Security Strategy that will support the delivery of a secure GC IT architecture and expand on the three areas listed above. For more details about the Backgrounder, please read the GC ESA Backgrounder.


Purpose and Scope of the Backgrounder

The purpose of the GC ESA Backgrounder is to characterize the content of the Memorandum to Cabinet and associated Treasury Board submission and to expand on the IT security focus areas that will be addressed by the GC in the next few years through the ESA program. The rationale for providing this Backgrounder is to honour the GC's obligation to be transparent and forthcoming with respect to its planned activities.

The scope of the Backgrounder is limited to IT security. However, it is recognized that the problem space is much broader than IT security and other security aspects need to be addressed, including education and awareness, personnel security, physical security, business continuity, supply chain, etc. For more information about the purpose and scope, please read the GC ESA Backgrounder.


Relationship to Canada's Cyber Security Strategy

Canada’s Cyber Security Strategy (CCSS), published by Public Safety Canada in 2020, is national in scope and is comprised of three fundamental pillars:

  • Securing GC systems,
  • Partnering to secure vital cyber systems outside the federal Government, and
  • Helping Canadians to be secure on-line.

The Backgrounder fits into the first pillar of Canada's Cyber Security Strategy by articulating the GC’s plans for the next few years with regards to IT security. For more information on how the ESA Program Backgrounder relates to Canada's Cyber Security Strategy, please read the GC ESA Backgrounder.


Area 1: Improve our understanding of the cyber threat landscape

An integral part of the overall GC IT strategy is understanding who is trying to exploit GC networks and systems, by what means, and for what purpose because this provides critical input to improve the security posture of GC cyber systems. The GC will expand its cyber intelligence gathering and analysis capabilities in order to improve its understanding of the motivations and techniques of adversaries and to help position defensive capabilities to block sophisticated cyber threats before they reach GC systems. This will be accomplished by enhancing the GC's ability to detect and defend against sophisticated cyber threats by monitoring GC IT systems and infrastructure, as well as devoting more resources to analyze the threats and determine how to best defend against them. Resulting knowledge and innovation from this activity will be instrumental in helping to strengthen the security posture of GC IT systems and infrastructure.

For more information about the first IT security area of focus for the GC, please read the GC ESA Backgrounder.

Area 2: Strengthen defensive capabilities

Enhancing the security posture of GC systems and networks requires a comprehensive IT security program that includes requirements definition and development of IT security architectures and design patterns that can be used to implement defence-in-depth IT security capabilities. The GC has established the ESA program to address these areas. Over the next several years, the GC will focus on eight topics, or areas of focus, as described in the ESA Program Overview page.

For more information about the second IT security area of focus for the GC, please read the GC ESA Backgrounder.

Area 3: Establish incident response and recovery capabilities

Even with the additional protective measures highlighted above, cyber incidents will inevitably occur. Response and recovery from more severe cyber incidents can take a significant amount of time and have a serious impact on ongoing GC operations. To address this issue, the GC will establish a comprehensive incident response and recovery capability in order to provide more rapid response to serious incidents affecting GC systems, thereby minimizing the impact on day-to-day operations and ensuring the continued delivery of trusted service to Canadians.

Incident response and recovery will include:

  • Assessment of the extent of the damage (e.g., data compromise);
  • Restoration of the affected systems to a healthy state;
  • Implementation of security measures to ensure GC systems are protected from the threat in the future; and
  • Communication of the event and the associated remediation measures to others, in accordance with the Government of Canada Cyber Security Event Management Plan (GC CSEMP).

It is recognized that the expertise necessary to recover from incidents is limited and non-uniform across GC departments and agencies. The GC will develop training to educate IT security professionals in this area. In addition, the GC will establish an incident recovery capability whereby experts can be deployed as needed to help expedite incident recovery efforts.

For more information about the third IT security area of focus for the GC, please read the GC ESA Backgrounder.


References