Frequently Asked Questions

General Questions

What is the Cybersecurity Initiatives Program?

This collaborative, national program is designed to strengthen cybersecurity at Canada’s research and education organizations by aligning, coordinating, and funding cybersecurity initiatives that are identified as priorities through extensive consultations with stakeholders across the sector.

Who funds this program?

The federal government department Innovation, Science and Economic Development Canada (ISED), is funding CANARIE to coordinate, align, and invest in the initiatives of the program.

Who can join the Cybersecurity Initiatives Program?

Participation is open to Eligible Organizations (see criteria below). Participation is limited to one application per organization.

What are the criteria for being considered an “Eligible Organization (EO)”?

To be eligible to participate in this program, an organization must be:

Is there a deadline for participating in the Cybersecurity Initiatives Program (CIP)?

Eligible Organizations can apply to the program until March 31, 2023 but funding for the CIP continues to March 31, 2024. Your organization can only access funded initiatives once its participation in the CIP is confirmed. The sooner your organization participates in the CIP, the longer it will be able to benefit from the funded initiatives.

For CIP participants, is there a deadline for signing up for funded initiatives?

Yes. Each funded initiative will have a deadline for its deployment/access or for application. The deadline for deploying the first funded initiative, CIRA DNS Firewall, is March 31, 2023.

Are we obligated to implement all the initiatives funded through CIP?

There is no such obligation, but CIP-funded initiatives are intended to integrate with each other to strengthen cybersecurity at the organization level, and in turn the overall security of the entire sector.

NREN Partner Questions

What is the NREN?

Canada’s National Research and Education Network (NREN) connects Canada’s researchers, educators, and innovators to each other and to data, technology, and colleagues around the world. It also connects to a global web of more than 100 NRENs around the world, all dedicated to the unique needs of the research and education sector. Thirteen provincial and territorial partners and the federal partner, CANARIE, form Canada’s NREN.

What is the role of the NREN’s provincial and territorial partners in the Cybersecurity Initiatives Program?

The provincial and territorial partners in the NREN will work with CANARIE to communicate, lead, coordinate, and support delivery of the funded initiatives.

How is the Cybersecurity Initiatives Program related to the Canadian Shared Security Operations Centre (CanSSOC) Proof of Concept, the National Research and Education Network (NREN) SIEM project, and the ON-CHEC program in Ontario?

These are all complementary initiatives that build cybersecurity expertise, capacity, and the ability to share threat intelligence across the research and education sector.

It seems like there are a lot of national and regional security initiatives all trying to solve the same problem. Why so many initiatives?

Securing research and education is a complex challenge that requires the alignment and coordination of complementary solutions provided by different organizations. We are collaborating with other initiatives/partners toward our collective goal of securing Canada’s research and education sector.

This program is part of a broader strategy with CANARIE’s national and international partners to align to a common approach for securing the research and education sector. With this approach, all regional, national, and global cybersecurity programs available to the sector will be searchable and accessible through a central website and brand identity. More details about this new site and brand will be announced in early 2021.

Participation Obligations

What are my organization’s obligations if we join this program and execute the Organization Cybersecurity Collaboration Agreement (OCCA)?

Per the OCCA, the Eligible Organization will:

  1. At its discretion, select initiative(s), and for each selected initiative undertake the following, where necessary, to participate:
    • Apply for, and participate in, initiative to support cybersecurity of the Organization.
    • Execute additional agreement(s) for each initiative, where required.
    • Participate in onboarding and training delivered by Initiative Partners.
    • Participate in community collaboration related to the initiative, including online tools such as Slack.
  2. Identify an IT lead to undertake IT requirements specific to each initiative (support is available from the Initiative Partners where required).
  3. Provide feedback on potential emerging initiatives.
  4. Provide a final report for each initiative that the Organization has participated in, using a template provided by CANARIE.

What are CANARIE’s obligations under this program?

Per the OCCA, working with its NREN Partners, CANARIE will facilitate the delivery of cybersecurity-related projects and initiatives to Organizations [that participate in the CIP]. Those initiatives are funded in whole or in part by CANARIE.

Will my organization get direct funding through this initiative?

Some initiatives may provide funding to eligible organizations for activities such as staff training and software installation/configuration. In those cases, an additional agreement will be required between the participating organization and CANARIE. The OCCA does not provide direct funding to organizations; rather it funds initiatives that are delivered at no cost to eligible organizations.

We already have the best protections in place, and don’t see the value in implementing initiatives funded through the CIP.

CIP-funded initiatives are not intended to replace your existing protections, but to add a consistent layer of security to all organizations in Canada’s research and education sector. CIP-funded initiatives are intended to integrate with each other to strengthen cybersecurity at the organization level, and in turn the overall security of the entire sector.

For most organizations, CIP funding represents a significant cost savings to annual IT budgets that can be re-allocated to additional safeguards, training, or staff.

If your organization has already implemented the identical service as a CIP-funded initiative, participating in the CIP will automatically transition its cost to CANARIE. Once your enrolment in the CIP is complete, CANARIE will work directly with the Initiative Partner (vendor/service provider) to take over payments.

Our resources are limited, and we don’t have the time or staff to implement or maintain new initiatives.

This is where your NREN Partner comes in. Your NREN Partner staff have the expertise to act as an extension of your team. The first two CIP-funded initiatives, CIRA DNS Firewall and CanSSOC Threat Feed, are intended to be “set it and forget it” and require minimal ongoing maintenance. The CIRA DNS Firewall deployment takes less than an hour and technical onboarding to implement the CanSSOC Threat Feed takes less than two hours. NREN Partner staff can guide your team through each.

Application Questions

How do I apply for a funded initiative?

Funded initiatives are available to eligible organizations that are participating in the Cybersecurity Initiatives Program. If your organization is eligible to participate in the CIP, the NREN Partner in your province or territory will contact you with a link to the program’s participation form. If you have questions about your organization’s eligibility, please contact your local NREN Partner.

What information is required on a participation form?

The form asks you for information that will help populate standard fields in the Organization Cybersecurity Collaboration Agreement (OCCA) with CANARIE. You can preview a sample participation form and OCCA.

Agreement Questions

What is the Organization Cybersecurity Collaboration Agreement (OCCA)?

The OCCA is an agreement between CANARIE and an Eligible Organization (EO) that has decided to participate in the Cybersecurity Initiatives Program. The Purpose of the OCCA is to formalize the Eligible Organization’s intent to collaborate and participate in national cybersecurity projects and initiatives, and benefit from CANARIE’s funding of those initiatives.

Preview a sample OCCA.

Is it possible to modify the Organization Cybersecurity Collaboration Agreement (OCCA)?

For consistency across the sector, all participants in the Cybersecurity Initiatives Program are required to execute the same agreement. The OCCA cannot be modified for individual participants.

Why do I have to execute another agreement if our institution is currently part of the Joint Security Project?

The Cybersecurity Initiatives Program is a new program, with different requirements, and requires a new agreement.

CIRA DNS Firewall

We already have a firewall. How is this different?

Compared to your “regular” firewall that you use to block malicious traffic coming into your network, CIRA’s DNS Firewall blocks your users from accessing malicious sites from devices within your network. A significant number of data breaches are caused by staff or students clicking on a malicious link, either through phishing or unintentional browser activity. CIRA’s DNS Firewall adds a critical layer of security by blocking access to such sites, based on a real-time and historical analysis of global threat feeds. It also identifies and reports malicious activity back to your cybersecurity team and quarantines infected devices to mitigate further risk.

We already have a DNS Firewall from another vendor. Is there a benefit to switching?

Through the CIP, CANARIE is funding the implementation of the CIRA DNS Firewall at all eligible organizations. Given that most DNS Firewalls are priced on a per-FTE basis, for most organizations, the cost savings of the funded CIRA initiative is significant and those savings can be re-allocated to additional cybersecurity resources.

How can our organization access this initiative?

Please contact your NREN Partner in your province/territory.

If your organization is already enrolled in the CIP, your NREN Partner will send you a link to the CIRA Portal where you can set up your implementation of the DNS Firewall.

If your organization is not yet enrolled in the CIP:

  1. Your NREN Partner will send a link for the CIP Participation Form.
  2. After you submit this form, CANARIE will send you an Organization Cybersecurity Collaboration Agreement (OCCA) for execution.
  3. Once your organization executes the OCCA, your NREN Partner will send you a link to the CIRA Portal where you can set up your implementation of the DNS Firewall.

How long does it take to implement this initiative?

Configuring your organization’s settings on the CIRA Firewall takes about an hour.

What’s the time commitment for our team to maintain the CIRA DNS Firewall after it’s been implemented?

Maintenance of the DNS Firewall is minimal and will typically be less than an hour each month.

What kind of expertise do we need on our team to implement/maintain this initiative?

A member of your IT team with access to your network DNS servers will have the expertise required to implement and maintain the CIRA DNS Firewall. If your IT team does not have the resources to implement this initiative, please contact your NREN Partner. Your NREN Partner will ensure that your organization receives the support it needs to benefit from this initiative.

Are there specific cybersecurity tools we must have in place before we can benefit from this initiative?

No. There are no minimum requirements for your organization to benefit from the DNS Firewall.

CANSSOC Threat Feed

We already received the CanSSOC Threat Feed through our CIRA DNS Firewall. How is this different?

The source of threat intelligence is the same, but the level of protection offered by each is very different. The integrated CanSSOC Threat Feed is one of the intelligence sources that the CIRA DNS Firewall uses to determine which malicious DNS entries / sites to block from user access.

The direct CanSSOC Threat Feed service is ingested by your next-generation firewall to block external threats from entering your network. It provides threat protection from external sources trying to gain access to your network.

We already subscribe to several threat feeds. Do we still need the CanSSOC Threat Feed?

This initiative is not intended to replace threat feeds you may already have in place but to strengthen them with sector-specific intelligence. The CanSSOC Threat Feed may also contain other feeds that you subscribe to, such as the feed from the Canadian Centre for Cyber Security. The CanSSOC Threat Feed consolidates and curates several feeds, uniquely focused on risks for the research and education (R&E) sector. Due to the sophistication of today’s cybersecurity threats, a risk at one R&E organization can easily create a ripple effect for the entire sector. The Threat Feed enables Canada’s R&E sector to draw upon a collective nationally based defense to support organizations.

How can our organization access this initiative?

Please contact your NREN Partner in your province/territory.

If your organization is already enrolled in the CIP, your NREN Partner will send you a link to the CanSSOC Threat Feed selection form.

  1. Submit your CanSSOC Threat Feed selection.
  2. CANARIE will send you the CanSSOC Confidentiality Agreement to execute.
  3. Once the CanSSOC Confidentiality Agreement is in in place, your NREN Partner will be in touch to set up your technical implementation session so that you can begin to access the Threat Feed.

If your organization is not yet enrolled in the CIP:

  1. Your NREN Partner will send a link for the CIP Participation Form, where you can also select the CanSSOC Threat Feed.
  2. After you submit this form, CANARIE will send you an Organization Cybersecurity Collaboration Agreement (OCCA) for execution.
  3. Once your OCCA is executed, CANARIE will send you the CanSSOC Confidentiality Agreement to execute.
  4. Once the CanSSOC Confidentiality Agreement is in in place, your NREN Partner will be in touch to set up your technical implementation session so that you can begin to access the Threat Feed.

How long does it take to implement this initiative?

The technical onboarding session takes about two hours, fully guided by a representative from the NREN or CanSSOC.

How much maintenance is required?

CanSSOC has developed the Threat Feed with the intent that after a small amount of basic configuration, your organization can “set it and forget it” by using it in your end point detection devices.

What kind of expertise do we need on our team to benefit from this initiative?

The only expertise required is a firewall administrator with the skills and permission to access and make changes to your organization’s firewall.

Are there other cybersecurity tools we must have in place before we can benefit from this initiative?

No, but to maximize the Threat Feed’s value, a next-generation firewall is recommended. The CanSSOC Threat Feed readily integrates with the Cisco Firepower, Fortinet FortiGate, and Palo Alto Next Generation Firewall, but integrations with other next generation firewalls, and endpoint detection and protection devices are under development.