Opinion June 8, 2022

New cyber strategy must tackle chronic talent shortage

Trevor Neiman – Vice President, Policy and Legal Counsel, Business Council of Canada Jennifer J. Quaid – Executive Director, Canadian Cyber Threat Exchange

Digital Economy and Cybersecurity Skills and Talent

As published in the Hill Times

Last December, Prime Minister Justin Trudeau called on four senior cabinet ministers to develop a new national cyber security strategy as a part of their public safety, innovation, foreign affairs, and defence mandates.

It was welcome news, because both the frequency and severity of the cyber threats facing this country have increased drastically since the launch of the government’s current strategy six years ago. One need only look to last fall’s devastating cyberattack on Newfoundland and Labrador’s health-care system to understand the growing danger.

A renewed strategy will help ensure that government policy captures the full breadth of recent developments in cyberspace, from the emergence of cyber arms markets to the growing threat that state actors pose to our critical infrastructure.

While there will be plenty of advice offered to ministers and officials as they develop the new strategy, there is no path to building a more resilient and secure country that doesn’t address Canada’s chronic shortage of cybersecurity talent.

As with any fight for our national security, we must defend ourselves with a force of highly-skilled and well-trained professionals. Unfortunately, demand for cybersecurity workers continues to outpace supply. The result: more than 25,000 job openings in the field remain unfilled.

When cybersecurity teams are stretched thin, the consequences are real. In a survey of North American businesses, three-quarters of respondents attributed at least one cyber intrusion within the previous year to a lack of cybersecurity talent. Nearly half could attribute three or more intrusions to the talent shortage.

Governments are also experiencing the talent crunch. According to the RCMP, the organization tasked with thwarting cybercriminals, the Mounties’ inability to attract employees with specialized skills, including cybercrime expertise, poses a “great risk” to the force’s “operational effectiveness.”

To cultivate a legion of defenders, the federal government must work closer with businesses to attract and develop cyber talent. Here are four ways to do it:

1. Encourage greater collaboration. Trusted cybersecurity collaboration networks, such as the Canadian Cyber Threat Exchange, allow organizations to share information securely about potential threats, best practices, and defensive strategies. By enabling existing employees to leverage the collective knowledge and expertise of such networks, security operations can fight off more threats with fewer resources. To increase the depth and breadth of industry collaboration, the government should provide trusted networks with the financial and technical resources needed to expand their memberships and service offerings.

2. Scale proven training initiatives. Post-secondary institutions recognize the need to train new cyber talent and have taken important steps to boost enrollment rates. However, demand for entry-level cyber talent continues to fall short of supply. To complement the work of Canada’s colleges and universities, the federal government should scale upskilling initiatives that have a proven track record of success. Palette Skills’ Accelerated Cybersecurity Training Program is one potential candidate. Designed by industry experts, the eight-week program produces new, highly skilled cyber professionals ready to enter the field immediately upon graduation.

3. Leverage the immigration system. Canada’s immigration system is an important source of talent for businesses that urgently need workers to defend their critical assets. The government can help businesses find the talent they need by leveraging the successful Global Talent Stream to create a dedicated immigration pathway for international cybersecurity talent.

4. Tap non-traditional talent pools. Canada’s current pool of cybersecurity workers is not as diverse as it could be. Canada could increase the overall number of cybersecurity professionals through greater inclusion and diversity. To improve the current environment for underrepresented groups, the government should work with businesses to encourage more women and racialized Canadians to pursue careers in cybersecurity, establish organizational diversity goals, and address pay and promotion gaps. The government should also offer greater support to organizations, like the Rogers Cybersecure Catalyst, which empowers people from diverse backgrounds to launch careers in the cybersecurity sector.

In our highly connected world, spy agencies and law enforcement are no longer our primary protectors. Nursing homes, university campuses, and doctors’ offices are now all on the frontlines.

To ensure these organizations have the capacity to defend against attacks, the federal government’s next cyber strategy must encourage more collaboration as well as boost investments in talent attraction and development. Only with more skilled talent defending our critical assets can we hope to meet Canada’s cybersecurity challenges, which grow more urgent every day.