Cybersecurity: Canada accelerates, with Quebec on the front line
The launch of the Canadian In-Sec-M cluster—an $80 million investment by Quebec to support research, development, and marketing—and the creation of the first ministry of cybersecurity and digital in North America: these 2 initiatives show the momentum generated by the desire for Canada—and more specifically Quebec—to address cybersecurity issues.
Canada’s cybersecurity industry generated $2.9 billion in sales in 2018, according to figures from the Canadian Association of Defence and Security Industries (CADSI). That year, the market was made up of nearly 350 companies specialising in the field , representing around 22,500 jobs in the country’s economy.
More than half of this business volume (50.7%) came from infrastructure solutions (cybersecurity infrastructure services and solutions for network and data protection) with bundled solutions (11.9%) and encryption (9%) far behind.
More recent figures (2022) provided by In-Sec-M, Canada’s cybersecurity industry cluster, show a rapidly emerging market of 400 SMEs specialising in cybersecurity.
The creation of the In-Sec-M cluster, a “business catalyst”
The Canadian market is therefore not composed—at least for the time being—of large groups. This is what motivated the creation, in 2017, of the Canadian cybersecurity industry cluster, In-Sec-M, which defines itself as a “business catalyst” for companies, learning and research centres, and governments.
“If we compare Canada with the English, German, or French markets, we have historically had few large groups, unlike France with Atos, Thales, etc. In Canada, we mainly have large foreign groups—such as IBM, Deloitte, or BAE—that have become the main contractors. These large companies have their own supply chain, which Canadian SMEs sometimes find difficult to integrate. This is starting to change, which is why In-Sec-M was created in 2017, with the aim of federating the ecosystem,” said Antoine Normand, CEO at BlueBear LES, a publisher of forensic software solutions, and Chairman at In-Sec-M.
Canada, as a federal state, also has various agencies involved in cybersecurity. “We have the Royal Canadian Mounted Police, the Canadian Centre for Cyber Security, the Communications Security Establishment (CSE)… These organisations cover cross-cutting themes common to all Canadian provinces, such as aviation or financial institutions,” explained Marcel Labelle, President and General Manager of Cybereco, a non-profit organisation that brings together cybersecurity experts from various organisations in Quebec and Canada.
Quebec: a province with strong ecosystems
If we take the specific case of Quebec, we can see that this province has a very strong “cybersecurity” ecosystem, including more than 21,000 people with cybersecurity skills and 600 researchers and doctoral students in the field of AI.
“When we talk about cybersecurity ecosystems, three elements are important: capital, public and private contractors, and researchers. That’s how you manage an innovation sector. You should know that Quebec is number one in Canada in terms of university chairs specialising in cybersecurity, with Concordia, Laval, Montreal, Sherbrooke, and Polytechnique universities employing world-renowned researchers,” said Frédéric Bove, Director General of Prompt, one of Quebec’s nine industrial research clusters (or RSRI, for Regroupements sectoriels de recherche industrielle).
North America’s first ministry of cybersecurity and digital
In early January 2022, the Quebec government also created North America’s first ministry of cybersecurity and digital. This new structure is headed by Éric Caire, former Minister for Digital Transformation and Member of Parliament for La Peltrie (a provincial electoral district of Quebec).
“This confirms that our government is giving itself all the means to face the challenges of digital transformation, the management of its information resources, and the cybersecurity of public data,” said Éric Caire in a press release.
Frédéric Bove (Prompt) added: “This is a major event that will make it possible to give a common direction, with a significant investment envelope: 4 billion dollars. This ministry will give coherence to the protection actions of the other ministries and will boost companies by encouraging them to create and perform in this field, in conjunction with the Ministry of the Economy and Innovation.
Establishing a digital identity for citizens
One of the main projects of this ministry will be to set up a digital citizen identity, allowing simplified access to government services. “This is a very good signal to the market. This project will have influence throughout Canada. The Government of Quebec will influence the Government of Canada to create interoperability between the digital identity models of the Canadian provinces. However, it will be necessary to gain the trust of citizens who are still somewhat critical of their government. But on the industry side, we see this as an important signal,” said Antoine Normand (BlueBear LES).
“On the issue of digital identity, we know that there can be a Canadian standard, but provinces like Quebec can opt for a higher, more demanding standard,” said Frédéric Bove (Prompt).
The new ministry also wishes to decompartmentalise the Quebec government’s databases to better serve the population and improve the management of ministries, organisations, and public institutions. This young government body was previously attached to the Treasury Board. The latter was responsible for managing public funds and was therefore very “budgetary compliance” oriented, which did not give it the room for manoeuvre necessary for the agility required from such a ministry.
“All the activities linked to the Cloud or to hosting and servers, and all the people working on the themes of the State’s cyber defence and digital transformation (i.e. around 4,000 people) have been grouped together in the same place,” noted Antoine Normand.
“The creation of this ministry was necessary. We had to act very early on, because one of the major problems in this area is the delay that we can experience in relation to cybercriminals. The further ahead of the game we are, the better,” concluded Frédéric Bove.
It is worth noting that Canada often ranks among the countries most affected by ransomware. According to the Canadian Centre for Cyber Security, in the first half of 2021, more than 50% of Canadian victims of ransomware attacks were critical infrastructure providers, including the energy, health, and manufacturing sectors.
And the estimated average cost of a data breach (a category of compromise that includes ransomware) is 6.35 million Canadian dollars (4.56 million euros). The measures taken and the financial resources put on the table by Canada and Quebec are therefore a step in the right direction.
80 million dollars to boost synergies
Another topical issue in Québec is the adoption—last September—of the so-called “Bill 25” by the National Assembly of Québec. “This law establishes a specific legal framework for personal data. It has many similarities with the European GDPR. Indeed, people here are becoming aware of the emergence of personal information protection. The Québec government has therefore decided to legislate in that direction,” noted Marcel Labelle.
Québec finally announced in May that it would inject $80 million over the next four years to support research, development, and commercialisation in the field of cybersecurity. The funds will benefit the CSIN (Cyber Security Innovation Network), whose mission will be to develop a robust national ecosystem and foster collaboration between universities, the private sector, non-profit organisations, and the country’s government bodies. One of the areas of focus for the CSIN will be to increase research and development and to train cybersecurity specialists, thereby addressing the talent and expert shortage.
This skills shortage will be one of the many issues addressed at the first edition of the FIC North America, which will be held at the Palais des Congrès de Montréal on 1-2 November. This new event will bring together American, Canadian, and European ecosystems and will address local and regional responses to a more global issue.
- Digital transition
- Cyber industrial safety
- Security and Stability in Cyberspace
- Cyber risks
- Operational security
- Antifraud action
- Digital identity & KYC
- Digital Sovereignty