Cyber Security Expert Panel’s Final Report

The scope of the report was to strengthen cyber resiliency in the broader public service (BPS). The BPS is made up of provincial government affiliated organizations in multiple sectors. In its report, the panel focused on education, child welfare, health, and municipal environments, which comprise of a large proportion of BPS organizations. Their mandate had 3 aims:

Identify and assess common and sector specific cyber security themes and challenges affecting BPS organizations
Review and advise on the government’s cyber security measures and risk mitigation efforts across multiple sectors of the BPS and,
Provide advice to the Minister of PBSD on specific topics through formal reports to improve the cyber security posture of BPS partners.

The report’s recommendations were primarily designed to inform internal BPS stakeholders, while others required action from the provincial government itself. The report also includes pieces that signal how the government may look to engaging and working with the private sector in ensuring that desired outcomes are met with BPS partners.

The full report can be found here including details on the panel’s methodology each of the panel’s recommendations:

Key Takeaways:

Although the BPS cyber security expert panel’s final report is designed for an internal audience, this report can help external stakeholders identify key themes that the panel views as priorities, and how the government will be changing its policies and practices to implement many of these changes.

Ontario’s Cyber Workforce:

The education component of the report clearly outlines that the panel is recommending foundational cyber literacy province wide and tackling a cyber security workforce shortage that is problematic across Canada. By including K-12 education, post-secondary, and continuous learning the report signals the government’s prioritization of cyber security skills in the workforce as a catalyst for economic development in communities across the province.

Vendor of Record Program:

The report also highlights the importance of improving, expanding, and communicating the capabilities of the Security Vendor of Record Program. This means that the government will be considering benefits and deficiencies within the existing VOR and will be looking to improve the Vendor of Record Program to ensure that the most current tools and products are available to BPS organizations.

Government Programs in Motion:

The report makes references several key BPS projects underway including:

Ontario Health’s six Regional Security Operation Centre (RSOC) pilots and regional governance mechanisms
Health Sector Cyber Security Operating Model
K-12 Cyber Protection Strategy and a planned pilot of K-12 Regional Cyber Hubs
The Ontario Cyber Security Higher Education Consortium
Grey County exploring shared cyber capabilities on behalf of 30+ municipalities
Ministry of Public and Business Service Delivery Vendor of Record Program

Next Steps:

This report is the government’s first major signal on cyber security since it’s re-election last spring. Relevant Ministries and their BPS partners will be responsible for the implementation of the recommendations, and much of this work is already underway.

As work continues, stakeholders who wish to engage the Ontario government on cyber security have the additional opportunity of finding alignment with the report’s recommendations and demonstrating to the government how they can deliver on shared priorities.

Footnote

If you are interested in learning more about the government’s implementation of the Cyber Security Expert Panel’s recommendations, Capital Hill Group’s consultants are available to advise on government engagement and discuss the implications of this report.