Membership Login FR

What's New

Debugging Cyber Policy



The third sectors processing power in cybersecurity policy


Rattling off data of cybersecurity attacks on Canadians seems an all too repetitive task. Daily, publicly available information is published on the staggering economic and human costs of cybersecurity attacks on our country, whether on small business, municipalities, individuals, or the critical infrastructure that keeps the lights on and food on the shelves. The massive demand for thousands of cyber workers that can be easily viewed by scrolling any job site or the millions of dollars lost to ransomware attacks supports the need to strengthen public policy in cybersecurity.


Canada is no stranger to cyber attacks. A decade ago, the federal government reported an attack requiring our Department of Finance and Treasury Board to disconnect from the Internet. It was ultimately disclosed that sensitive information was stolen and that it took over six months to recover (Hackers stole secret Canadian government data | CBC News).  In May of 2020, the Canadian Security Intelligence Service (CSIS) and the Canadian Security Establishment (CSE) issued a rare joint statement highlighting the elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the COVID-19 pandemic[1]. The report highlighted that CSIS saw an “increased risk of foreign interference and espionage due to the extraordinary effort of our businesses and research centres,” to confront the Pandemic with evidence-based science. The tip of the iceberg.


Cyber attacks are frequently targeting all sectors to steal Intellectual Property, state and trade secrets[2]. Thieving seagulls hover over the innovations driving our efforts to reduce climate change, develop new medicines and treatments, and produce technological advances that strengthen prosperity and improve lives.


The drum has been beaten, and the bells have been rung.


Yet, the public policy ecosystem in Canada remains uncertain and misaligned on the path forward. Unlike our allies and adversaries, Canada remains without a comprehensive cyber policy[3]. As Gold, Parsons, Poetranto highlight, the approach remains “ad hoc, spasmodic.” It’s easy to point fingers at governments for the crawling nature of cyber public policy development. With technology developing at lightning speed along with tactics and methods, keeping up with bad actors is a challenging task for policymakers and our elected leaders. Democracies are not intended to move forward without debate and deliberation. Checks and balances are the point.


Add a series of minority governments in Ottawa where passing even important legislation is a challenge, and it is no wonder a comprehensive and transparent policy approach has not been enabled. Provincial and municipal governments are underfunded and lacking a full understanding of the extent to which data resiliency extends. The very definition of cybersecurity is confusing and ever-expanding, with some interpreting the term as privacy rights or cyberbullying and rightfully so. For others, it is the protection of our factories, ports, and critical infrastructure. Policy development in cybersecurity is cumbersome because of the confusion over the term and breadth of which this policy domain extends. Pointing fingers at Canadian public policy for cyber, is in tune to poking a stick at the fog.


The path to maximizing our civil resources is utilizing the collective effort of Canadian society through meaningful coordination of assets. Every day whether in government, the private sector, or civil society, well-intentioned Canadians are working 24/7 to prevent and mitigate attacks.


Skrzeszewski and Cubberley capture the concept well in describing how the Internet has enhanced the social convergence of three societal sectors. Previously, public policy was often based on two clearly defined sectors – the for-profit or private sector and the government or public sector. [4] The Internet has prompted a re-emergence of the third sector, the non-profit or sometimes described as the civil society sector. The third sector has emerged with a critical role of acting as a coordinating field for the three-sector approach to social, economic, and cultural goals. Not associated directly with the government, civil society organizations may play multiple roles and frequently serve as an alternative for delivering services, where gaps exist in a traditional private-public arrangement[5]. There is a blurring but positive role between sectors that civil society has the perspective to coordinate.


It’s that coordination by arms-length organizations that are producing the effectiveness in mitigating attacks. Whether within the thriving cyber ecosystems of San Antonio or Israel, it is the collaboration of the three sectors delivering success. Civil society is engaging through the Paris Call, the Charter of Trust and other international forums calling for trust and security in cyberspace. Domestic expertise residing outside of government is a necessary component of a comprehensive cybersecurity strategy. Canada can debug and strengthen its cyber policies by opening the door to a thorough engagement with civil society. 


As Megan Stifel of the Global Cyber Alliance has pointed out, many of cyber best policy practices were developed by civil society through multi-stakeholder processes.


Collectively, we can have a measurable impact[6] on mitigating and preventing cyberattacks on Canadians. In a world where trust is critical, sharing and collaborating is not a simple task. It is, however, the only way and the Canadian way.





Author: Jeremy Depow | Director, Policy and Stakeholder Relations




[2] Shackelford & Bohm, Securing North American Critical Infrastructure: A Comparative Case Study in Cybersecurity Regulation, 40 Can.-U.S. L.J. 61, 2016

[3] Canada’s Scattered and Uncoordinated Cyber Foreign Policy: A Call for Clarity (

[4] A New Vision of Community and Economic Development: A Multidimensional Convergence of Government, Business, and the Social Sectors with the Internet (


[6] The Importance of Civil Society in the World of Cybersecurity - GCA | Global Cyber Alliance | Working to Eradicate Cyber Risk


Stepscan, CyberNB and UNB collaborate on pioneering gait-based biometric security.

One small section of flooring, one giant leap for access security.


Biometric security is becoming increasingly familiar, with fingerprints and facial measurements used to unlock doors and devices not only in secure facilities, but in everyday life.


Prince Edward Island-based Stepscan Technologies has developed a new technique for contactless security, believed to be the world’s first solution based on analyzing an individual’s footsteps using high-resolution, pressure-sensitive flooring. They turned to CyberNB as a cybersecurity expert to capitalize on this new technique. UNB’s research experts joined CyberNB and Stepscan to build on this success and test, validate and improve their solution. Thanks to CyberNB and Fredericton’s Knowledge Park, the platform will be installed and tested in the city’s new, state-of-the-art Cyber Centre to provide real-world evaluation.


“My team at UNB uses machine learning to better understand, assess, or control human movement and health,” said Dr. Erik Scheme, associate professor of electrical and computer engineering and director of the Health Technologies Lab at UNB. “This first-of-its-kind project is an exciting opportunity to apply our expertise in the real world to validate and improve Stepscan’s novel, touchless biometric solution.” 


Dr. Scheme partnered with Stepscan, who has developed the world's first modular pressure-sensitive flooring capable of capturing a sufficient number of footsteps of natural gait for this use. Stepscan’s proven technology is currently used in military and health contexts, and they were eager to explore this new application, developed by Stepscan’s research and development lead, Dr. Patrick Connor, through an NSERC-supported postdoctoral fellowship. The expertise in machine learning, human-machine interaction, gait analysis and biometrics found at UNB made the institution an ideal partner in the project.


“Through Dr. Connor’s research, we have shown that we are able to analyze various features of a person's gait and foot-floor interactions to differentiate individuals by their walking patterns," said Crystal Trevors, president and CEO of Stepscan Technologies. “We are thrilled to be working with UNB to expand our preliminary work and explore novel machine learning approaches to maximize the performance and robustness of this exciting application for our flooring system.”


Originally developed for medical applications, Stepscan’s interlocking, sensor-enabled tiles provide accurate, high-speed measurement of applied pressure and weight. The flooring can be used to support, among others, physical rehabilitation and fall risk assessment by mapping these measurements over time to understand a person’s gait.


‘Gait’ refers to the specific ways a person moves while walking, based on physical biology and years of learned movement. Muscle and joint movements affect the way a person’s feet touch the ground through the process of taking a step; this complex motion is highly unique and difficult to imitate, making it useful in verifying identity.


CyberNB is a cybersecurity-sector organization that supports collaboration across industry, government and research organizations. CyberNB is based in the new Cyber Centre at Fredericton’s Knowledge Park, Canada’s most advanced facility for cyber defence and critical infrastructure protection.


Stepscan tiles will be installed in this building and used to verify a user’s identity in conjunction with the building’s existing security measures, enabling the system’s accuracy and efficacy to be validated.


“This innovation will leverage gait analytics to enable two-factor authentication, requiring zero-touch high secure access when matched with proximity card systems,” said Tyson Johnson, CEO, CyberNB. “We are excited to support this Canadian innovation and to see this initially deployed in the Cyber Centre.”


Additional tiles will be installed at UNB, supporting further scientific exploration, experimentation and analysis of the technology in a controlled setting, as well as creating opportunities for students to develop in-demand expertise in cybersecurity, biometrics, machine learning and artificial intelligence.


“We are proud to support our researchers’ contributions to our region’s innovation economy through partnerships that match UNB expertise with industry needs,” said Dr. David MaGee, UNB’s vice-president (research). “This collaboration will no doubt create new potential, new knowledge and new learning opportunities.”


The project will run through May 2024 and is supported by the Government of Canada through $420,001 in funding from the Natural Sciences and Engineering Research Council’s Alliance Grants program and $275,000 through the Atlantic Canada Opportunities Agency’s Regional Economic Growth through Innovation program, as well as $200,000 from the New Brunswick Innovation Foundation. As a cyber defence collaborator, CyberNB will contribute $210,000 towards the high-security infrastructure access improvements. Stepscan and Knowledge Park will provide additional funding and in-kind support for tile hardware, installation and maintenance, and systems integration and data, valued at $455,000.



Additional quotes:


“NSERC Alliance grants support research projects led by strong, complementary and collaborative teams that will generate new knowledge and accelerate the application of research results to create benefits for Canada. We are pleased to support the University of New Brunswick and their partners from government, industry and not-for-profit who are taking big steps in biometric security and providing student training in this increasingly relevant field of research.”

- Marc Fortin, Vice-President, Research Partnerships, NSERC


“We are committed to supporting collaboration between industry and academia to accelerate important breakthroughs in research and technology. ACOA’s investment in UNB will support innovative developments and intellectual properties that will have lasting and significant benefits for cyber and digital health ecosystems in the Atlantic region.”

Jenica Atwin, Member of Parliament for Fredericton, on behalf of the Honourable Mélanie Joly, Minister of Economic Development and Official Languages and Minister responsible for ACOA


“There is a powerfully synergistic combination of research expertise, industrial capability and emerging consumer need in this project. We believe that Dr. Scheme has precisely the right partners involved in this work to lead to a real Atlantic success story. Seeing the innovative new technology of gait biometrics emerge from Dr. Scheme’s research lab underscores the importance of the research grants that NBIF provides every day. By supporting students, equipment, and other needs associated with applied research via grants like the NB Innovation Research Chair, a fertile environment is created for impactful projects like this one.”

- Dr. Laura Richard, Director of Research, New Brunswick Innovation Foundation

Tenable Partners with CyberNB to Secure Canada’s Critical Infrastructure

Columbia, MD (June 10, 2021) -- Tenable®, Inc., the Cyber Exposure company, today announced it has become the first vulnerability management vendor to partner with CyberNB’s Critical Infrastructure Security Operations Center (CI-SOC) to increase the resilience and security of Canada’s critical infrastructure. Through the strategic partnership, Tenable will bring its risk-based vulnerability management and industrial security solutions to the CI-SOC, empowering critical infrastructure stakeholders to see, predict and reduce cybersecurity risk.


CI-SOC brings together data from multiple critical infrastructure owners and operators across all sectors. By leveraging Tenable’s industry-leading solutions within the CI-SOC, including and Tenable.ot, stakeholders gain deep visibility and analytics across this massive data set to understand their cyber risk posture. In addition, CyberNB members can now use Tenable’s technology to identify vulnerabilities, prioritize those with the greatest business impact and act quickly to reduce risk. The partnership will also facilitate information sharing between the private and public sectors, including best practices for protecting critical infrastructure against rising security threats.


“Our reliance on critical infrastructure continues to surge, bringing increased threats for owners and operators to manage. With a limited cybersecurity workforce, they are looking for smarter, more automated ways to understand and ultimately reduce their risk,” said Marty Edwards, vice president of OT security, Tenable. “We’re excited to partner with CyberNB to bring Tenable’s risk-based insights and predictive technologies to Canada’s critical infrastructure operators, enabling them to understand where they’re exposed, to what extent and how to most effectively reduce their risk.”


“In the cyber solutions market, we were looking to partner with a visionary leader that could help us paint a picture of the IT risks for small, medium and large businesses,” said Sheldon Shaw, VP of Innovation and Infrastructure at CyberNB. “We see the relationship with Tenable as a key capstone as we move forward.”


For more information about Tenable, visit

To learn more about CyberNB’s CI-SOC, visit


About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 30,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, more than 30 percent of the Global 2000 and large government agencies. Learn more at

CyberNB and FutureShield Collaborate to Support Critical Infrastructure Owners and Operators in Canada

CyberNB Inc. is pleased to announce a partnership with FutureShield Inc., a technology solution and consulting practice for physical & IT security, emergency management, and continuity that specializes in critical infrastructure protection. 


FutureShield is a Toronto-based company that has provided security and emergency manager clients with technology experience and software integration operational support for more than 30 years. President and Founder Cynthia Weeden will drive awareness for CyberNB’s Critical Infrastructure Security Operations Centre (CI-SOC) with industrial security leadership across Canada, as well as with the provincial and federal government.  


In addition to the CI-SOC, Weeden will promote CyberNB’s Critical Infrastructure Protection Network (CIPnet) membership program. CIPnet is Canada’s most extensive network of cybersecurity stakeholders, leveraging the power of collective impact to multiply opportunities for members at home and abroad. 


Finally, Weeden will ensure that critical infrastructure owners and operators and industrial security executives are aware of CyberNB’s Trust & Compliance initiatives, specifically the value of obtaining cybersecurity certification and demonstrating security and resilience through CyberNB’s Transparency Centre initiative with Lightship Security. 


If you are a critical infrastructure owner or operator with questions about the CI-SOC, CIPnet, or cybersecurity certification, please contact Cynthia Weeden at [email protected].

Frontline Safety and Security Article

New Brunswick Office of the Fire Marshal, in partnership with DRDC’s Canadian Safety & Security Program, CyberNB, the Atlantic Provinces Trucking Association, and Emergency Solutions International (ESI) Collaborate on Initiative to Ensure Secure Shipment of Hazardous Materials


Between 2009 and 2011, community risk assessments were conducted by Defence Research Development Canada (DRDC) across Canada. It was determined the top challenges around accidents during ground transportation of Hazardous Materials were:

  • Incidents often required resources beyond the community’s capabilities; 
  • Responders often were challenged to identify detailed specifics about the load;
  • Incidents caused costly disruption to the supply chain, such as closure of critical trucking routes, while materials were identified and tactical mitigation was performed.

Link to full article: