ESA Backgrounder (Strategy)

From wiki
Revision as of 09:34, 2 September 2020 by Greggory.elton (talk | contribs) (Created page with "<div class="center"><div style="float: right; z-index: 10; position: absolute; right: 0; top: 1;">File:JoinusonGCconnex.png|link=http://gcconnex.gc.ca/groups/profile/2785549...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
JoinusonGCconnex.png
ESAcontactus.png
GOC ESA.jpg
ESA Program Overview ESA Foundation ESA Artifacts ESA Initiatives ESA Tools and Templates ESA Reference Materials Glossary
ESA Backgrounder ESA Program Charter ESA Program Implementation Framework ESA Framework

Overview of the ESA Backgrounder

The cyber security threat landscape is complex and evolving, and recent trends indicate that the cyber threats are becoming more persistent, more sophisticated, more difficult to detect, and more difficult to attribute to their source. Furthermore, threat actors are no longer limited to individuals looking for notoriety and include hacktivists, terrorist organizations, organized crime and nation states. It is important to recognize that GC networks and systems are lucrative targets and have already proven to be vulnerable to cyber threats.

The GC is actively taking steps to respond to these threats. In February 2012, a Memorandum to Cabinet that addressed strengthening GC cyber systems was approved. It was followed by the approval of a Treasury Board Submission in April 2012, which included funding to address three areas related to securing GC systems: Improve Our Understanding of the Cyber Threat Landscape, Strengthen Defensive Capabilities, and Establish Incident Response and Recovery Capabilities. These three areas are addressed under the umbrella of the GC Enterprise Security Architecture (ESA) program and are explained in more detail below.

The Strengthening the Security of Federal Cyber Systems: A Backgrounder (aka the "GC ESA Backgrounder"), is an overview of the GC IT Security Strategy that will support the delivery of a secure GC IT architecture and expand on the three areas listed above. For more details about the Backgrounder, please read the GC ESA Backgrounder.


Purpose and Scope of the Backgrounder

The purpose of the GC ESA Backgrounder is to characterize the content of the Memorandum to Cabinet and associated Treasury Board submission and to expand on the IT security focus areas that will be addressed by the GC in the next few years through the ESA program. The rationale for providing this Backgrounder is to honour the GC's obligation to be transparent and forthcoming with respect to its planned activities.

The scope of the Backgrounder is limited to IT security. However, it is recognized that the problem space is much broader than IT security and other security aspects need to be addressed, including education and awareness, personnel security, physical security, business continuity, supply chain, etc. For more information about the purpose and scope, please read the GC ESA Backgrounder.


Relationship to Canada's Cyber Security Strategy

Canada’s Cyber Security Strategy (CCSS), published by Public Safety Canada in 2020, is national in scope and is comprised of three fundamental pillars:

  • Securing GC systems,
  • Partnering to secure vital cyber systems outside the federal Government, and
  • Helping Canadians to be secure on-line.

The Backgrounder fits into the first pillar of Canada's Cyber Security Strategy by articulating the GC’s plans for the next few years with regards to IT security. For more information on how the ESA Program Backgrounder relates to Canada's Cyber Security Strategy, please read the GC ESA Backgrounder.


Area 1: Improve our understanding of the cyber threat landscape

An integral part of the overall GC IT strategy is understanding who is trying to exploit GC networks and systems, by what means, and for what purpose because this provides critical input to improve the security posture of GC cyber systems. The GC will expand its cyber intelligence gathering and analysis capabilities in order to improve its understanding of the motivations and techniques of adversaries and to help position defensive capabilities to block sophisticated cyber threats before they reach GC systems. This will be accomplished by enhancing the GC's ability to detect and defend against sophisticated cyber threats by monitoring GC IT systems and infrastructure, as well as devoting more resources to analyze the threats and determine how to best defend against them. Resulting knowledge and innovation from this activity will be instrumental in helping to strengthen the security posture of GC IT systems and infrastructure.

For more information about the first IT security area of focus for the GC, please read the GC ESA Backgrounder.

Area 2: Strengthen defensive capabilities

Enhancing the security posture of GC systems and networks requires a comprehensive IT security program that includes requirements definition and development of IT security architectures and design patterns that can be used to implement defence-in-depth IT security capabilities. The GC has established the ESA program to address these areas. Over the next several years, the GC will focus on eight topics, or areas of focus, as described in the ESA Program Overview page.

For more information about the second IT security area of focus for the GC, please read the GC ESA Backgrounder.

Area 3: Establish incident response and recovery capabilities

Even with the additional protective measures highlighted above, cyber incidents will inevitably occur. Response and recovery from more severe cyber incidents can take a significant amount of time and have a serious impact on ongoing GC operations. To address this issue, the GC will establish a comprehensive incident response and recovery capability in order to provide more rapid response to serious incidents affecting GC systems, thereby minimizing the impact on day-to-day operations and ensuring the continued delivery of trusted service to Canadians.

Incident response and recovery will include:

  • Assessment of the extent of the damage (e.g., data compromise);
  • Restoration of the affected systems to a healthy state;
  • Implementation of security measures to ensure GC systems are protected from the threat in the future; and
  • Communication of the event and the associated remediation measures to others, in accordance with the Government of Canada Cyber Security Event Management Plan (GC CSEMP).

It is recognized that the expertise necessary to recover from incidents is limited and non-uniform across GC departments and agencies. The GC will develop training to educate IT security professionals in this area. In addition, the GC will establish an incident recovery capability whereby experts can be deployed as needed to help expedite incident recovery efforts.

For more information about the third IT security area of focus for the GC, please read the GC ESA Backgrounder.


References

Retrieved from "https://wiki.gccollab.ca/index.php?title=ESA_Backgrounder_(Strategy)&oldid=31732"