ADGA Group (“ADGA”), a longstanding defence and security Canadian partner since 1967, plays a pivotal role in the cybersecurity landscape. We provide a broad range of security solutions that span both defence and security lines of business.

Recently, our Security Line of Business Head, Jean-François Séguin, sat down with Vanguard Radio to discuss our involvement in cybersecurity and the Canadian Program for Cybersecurity Certification (CP-CSC).

ADGA’s Comprehensive Approach to Cybersecurity

Our approach to security is holistic, encompassing strategy development, program design, emergency management, business continuity planning, maturity assessments, and audits. We conduct cybersecurity program reviews, compliance checks, threat and risk assessments, and threat intelligence operations.

Our expertise has now extended to supply chain security within the defence sector, ensuring that both physical and electronic security measures are in place and aligned with federal requirements. We emphasize building robust internal cybersecurity capabilities, investing in skilled security teams, and developing comprehensive security policies.

These efforts are aimed at creating sustainable cybersecurity programs that prioritize continuous monitoring and improvement. They also address cybersecurity as a core component of business operations, rather than a peripheral concern.

The CP-CSC Program: A New Standard for Cybersecurity in Canada

The CP-CSC program is an initiative led by Public Services and Procurement Canada (PSPC) to enhance the security of sensitive government information housed within private sector systems. This program mirrors the U.S. Cybersecurity Maturity Model Certification (CMMC), which is mandatory for defence contractors in the United States.

The CP-CSC aims to protect the supply chain between Canada and the U.S., ensuring that vendors handling sensitive information meet rigorous cybersecurity standards—with the CP-CSC program expected to have significant implications for Canadian defence vendors.

While requirements are being finalized, it is anticipated that mandatory cybersecurity contract requirements will be introduced in late 2024 or early 2025. ADGA is already preparing for these changes by aligning our practices with the U.S. National Institute of Standards and Technology (NIST) SP 800-171 standard, which is expected to inform the CP-CSC requirements in Canada.

Challenges and Implications for Canadian Vendors

The CP-CSC program will bring a standardized approach to cybersecurity, thus raising the baseline for security across Canada’s defence supply chain. However, the implementation of rigorous standards will not be without challenges. Achieving compliance will require significant investment in cybersecurity infrastructure, personnel, and ongoing management, resulting in increased costs for defence vendors.

Despite the potential difficulties, we view the CP-CSC program as a positive development for the overall security of the defence sector.

Preparing for the Future of Canadian Cybersecurity

Overall, the CP-CSC program represents a significant step forward for Canadian cybersecurity. While the transition may present challenges—including higher costs and the need for comprehensive compliance efforts—the benefits of standardized security practices are expected to outweigh the initial hurdles.

At ADGA, we remain committed to supporting our clients and the broader defence community through these changes, offering our expertise and guidance to help vendors navigate the new cybersecurity certification landscape.

As we continue to adapt and refine our approach, ADGA stands ready to launch our service to help industry partners with their CP-CSC certification in the near future.