Home » Cybersecurity » Cybersecurity Initiatives Program (CIP) » Frequently Asked Questions

Frequently Asked Questions

General Questions

+ What is the Cybersecurity Initiatives Program?
This collaborative, national program is designed to strengthen cybersecurity at Canada’s research and education organizations by aligning, coordinating, and funding cybersecurity initiatives that are identified as priorities through extensive consultations with stakeholders across the sector.
+ Who funds this program?
The federal government department Innovation, Science and Economic Development Canada (ISED), is funding CANARIE to coordinate, align, and invest in the initiatives of the program.
+ Who can join the Cybersecurity Initiatives Program?
Participation is open to Eligible Organizations (see criteria below). Participation is limited to one application per organization.
+ What are the criteria for being considered an “Eligible Organization (EO)”?
To be eligible to participate in this program, an organization must be:
– connected to the National Research and Education Network (NREN); and
– a member organization of an NREN Partner and have an autonomous network; and
– a post secondary institution, a non-federal research facility, or a Centre of Excellence.
+ Is there a deadline for participating in the Cybersecurity Initiatives Program (CIP)?
Eligible Organizations can apply to the program until March 31, 2023 but funding for the CIP continues to March 31, 2024. Your organization can only access funded initiatives once its participation in the CIP is confirmed. The sooner your organization participates in the CIP, the longer it will be able to benefit from the funded initiatives.
+ For CIP participants, is there a deadline for signing up for funded initiatives?
Yes. Each funded initiative will have a deadline for its deployment/access or for application. The deadline for deploying the first funded initiative, CIRA DNS Firewall, is March 31, 2023.

NREN Partner Questions

+ What is the NREN?
Canada’s National Research and Education Network (NREN) connects Canada’s researchers, educators, and innovators to each other and to data, technology, and colleagues around the world. It also connects to a global web of more than 100 NRENs around the world, all dedicated to the unique needs of the research and education sector. Thirteen provincial and territorial partners and the federal partner, CANARIE, form Canada’s NREN.
+ What is the role of the NREN’s provincial and territorial partners in the Cybersecurity Initiatives Program?
The provincial and territorial partners in the NREN will work with CANARIE to communicate, lead, coordinate, and support delivery of the funded initiatives.
+ How is the Cybersecurity Initiatives Program related to the Canadian Shared Security Operations Centre (CanSSOC) Proof of Concept, the National Research and Education Network (NREN) SIEM project, and the ON-CHEC program in Ontario?
These are all complementary initiatives that build cybersecurity expertise, capacity, and the ability to share threat intelligence across the research and education sector.
+ It seems like there are a lot of national and regional security initiatives all trying to solve the same problem. Why so many initiatives?
Securing research and education is a complex challenge that requires the alignment and coordination of complementary solutions provided by different organizations. We are collaborating with other initiatives/partners toward our collective goal of securing Canada’s research and education sector.

This program is part of a broader strategy with CANARIE’s national and international partners to align to a common approach for securing the research and education sector. With this approach, all regional, national, and global cybersecurity programs available to the sector will be searchable and accessible through a central website and brand identity. More details about this new site and brand will be announced in early 2021.

Participation Obligations

+ What are my organization’s obligations if we join this program and execute the Organization Cybersecurity Collaboration Agreement (OCCA)?
Per the OCCA, the Eligible Organization will:
1. At its discretion, select initiative(s), and for each selected initiative undertake the following, where necessary, to participate:
i. Apply for, and participate in, initiative to support cybersecurity of the Organization.
ii. Execute additional agreement(s) for each initiative, where required.
iii. Participate in onboarding and training delivered by Initiative Partners.
iv. Participate in community collaboration related to the initiative, including online tools such as Slack.2. Identify an IT lead to undertake IT requirements specific to each initiative (support is available from the Initiative Partners where required).3. Provide feedback on potential emerging initiatives.

4. Provide a final report for each initiative that the Organization has participated in, using a template provided by CANARIE.

+ What are CANARIE’s obligations under this program?
Per the OCCA, working with its NREN Partners, CANARIE will facilitate the delivery of cybersecurity-related projects and initiatives to Organizations [that participate in the CIP]. Those initiatives are funded in whole or in part by CANARIE.
+ Will my organization get direct funding through this initiative?
Some initiatives may provide funding to eligible organizations for activities such as staff training and software installation/configuration. In those cases, an additional agreement will be required between the participating organization and CANARIE. The OCCA does not provide direct funding to organizations; rather it funds initiatives that are delivered at no cost to eligible organizations.
+ My organization has already implemented/uses one of the funded initiatives under this program. Can we still benefit from the funding available in this program?
Yes. If your organization is eligible to participate in this program, you can still benefit from the funding it provides. By participating in the CIP and executing an OCCA, you will be able to have access to that initiative at no cost, effective the date that initiative launches or the date that you execute your OCCA, whichever comes later.

In the case of the first funded initiative, CIRA DNS Firewall, your costs will be covered under the CIP effective January 1, 2021, if your OCCA is signed by that date.
Also see: What are the criteria for being considered an “Eligible Organization (EO)”?

+ What if I don’t have the resources available to implement an initiative?
Your NREN Partner may be able to assist you. Please contact the representative at your NREN Partner organization.

Application Questions

+ How do I apply for a funded initiative?
Funded initiatives are available to eligible organizations that are participating in the Cybersecurity Initiatives Program. If your organization is eligible to participate in the CIP, the NREN Partner in your province or territory will contact you with a link to the program’s participation form. If you have questions about your organization’s eligibility, please contact your local NREN Partner.
+ What information is required on a participation form?
The form asks you for information that will help populate standard fields in the Organization Cybersecurity Collaboration Agreement (OCCA) with CANARIE. You can preview a sample participation form and OCCA.

Agreement Questions

+ What is the Organization Cybersecurity Collaboration Agreement (OCCA)?
The OCCA is an agreement between CANARIE and an Eligible Organization (EO) that has decided to participate in the Cybersecurity Initiatives Program. The Purpose of the OCCA is to formalize the Eligible Organization’s intent to collaborate and participate in national cybersecurity projects and initiatives, and benefit from CANARIE’s funding of those initiatives.

Preview a sample OCCA.

+ Is it possible to modify the Organization Cybersecurity Collaboration Agreement (OCCA)?
For consistency across the sector, all participants in the Cybersecurity Initiatives Program are required to execute the same agreement. The OCCA cannot be modified for individual participants.
+ Why do I have to execute another agreement if our institution is currently part of the Joint Security Project?
The Cybersecurity Initiatives Program is a new program, with different requirements, and requires a new agreement.