The government needs a comprehensive plan to protect the country’s critical infrastructure, such as energy generation and distribution, financial institutions, food supply, communications, and healthcare, the report argued.
Threats against critical infrastructure include natural disasters, terrorism, hackers, vandals, neglect, and underinvestment by facility owners. Cyberattacks from foreign governments are adding a “whole new layer of vulnerability”, warned the report, Canada’s Critical Infrastructure: When is Safe Enough Safe Enough?
“What is missing is a cohesive and sustainable approach to Canada’s infrastructure. That approach should be led by the federal government, but must be accompanied by a healthy recognition that such leadership cannot carry the full responsibility for either identifying threats and risks, or doing something about them. That responsibility lies in many hands”, said the report’s author Andrew Graham.
Graham recommended a number of measures to improve the security of critical infrastructure: cataloguing critical infrastructure in the country; developing a common understanding of the threats and risks that drive mitigation in both the public and private sector; sharing of threat information more effectively; reinvesting to avoid increasing vulnerability through neglect; developing an adequate response capacity; educating the public about the risks; providing incentives for the private sector investment in critical infrastructure; and addressing the human dimension, in that systems can only work reliably when the personnel are equipped with the requisite skills, information, and tools.