Ottawa needs more codebreakers – but spy agency says finding them isn’t easy

The federal government has pledged nearly $1 billion to boost its cybersecurity capabilities — but even the security agency tasked with the bulk of that work acknowledges that recruiting is tough.

Canada’s electronic spy agency, the Communications Security Establishment, is expected to receive significant funding to launch cyber operations and thwart attacks on government servers, power grids and hospitals.

The CSE, which collects and decodes signals intelligence and is also in charge of technology security for the government, says it receives 10,000 to 15,000 job applications a year. But only about one or two out of every 100 applicants are hired after skills testing and background security checks.

“It’s no secret that recruiting for high-tech organizations remains difficult and highly competitive,” said CSE spokesman Evan Koronewski.

“At CSE, the same is true due to the specific technical skills we require for many of our positions, the necessary security clearances, and the current requirement for successful candidates to relocate to the National Capital Region. .”

CSE is still determining how many code breakers and code creators it needs to meet the increased demand for its services. Koronewski wouldn’t say how many vacancies CSE is trying to fill. The agency has an annual attrition rate of about four percent, he said.

“We just don’t have the talent pool and without developing that talent pool, we’re going to be in a lot of trouble,” said John Zabiuk, chair of the cybersecurity program at the Northern Alberta Institute of Technology in Edmonton.

“Bidding war” for the best talents

As the number of ransomware and malware attacks increases, more companies and organizations are investing in their internal cybersecurity, he said.

“It’s kind of a crazy scramble right now for organizations trying to find cybersecurity skills and employees. And because of that, when they find a person, that person is so sought after,” Zabiuk said. .

Governments often find it difficult, if not impossible, to match these private sector salaries, he said.

“It becomes almost like a bidding war for employees, so unless you can play this game, you’re going to miss out on these talents,” he said.

The Communications Security Establishment Canada complex in Ottawa. The agency collects and decodes signals intelligence and is also in charge of technological security for the government. (Sean Kilpatrick/Canadian Press)

A quick browse on LinkedIn shows a handful of former CSE employees who have moved into senior positions at private companies.

Christyn Cianfarani is CEO of the Canadian Association of Defense and Security Industries, which represents hundreds of defense, security and cybersecurity companies. She said that because there’s not much in the recent federal budget to suggest the government will rely on private sector labor, she’s “preemptively pessimistic.”

“In a country as small as ours, we are all fighting for the same talent. This is the puzzle. How can they go it alone? It will be an endless shortage of resources,” she said. declared.

Could Ottawa work with the private sector?

Cianfarani pointed to a program run by the National Cyber ​​Security Center in the UK called Industry100 which brings together government and industry representatives to identify vulnerabilities and ward off cyberattacks.

Under the UK scheme, secondments from the private to the public sector last between one day, one week and one month. Participating organizations continue to pay the salaries of seconded employees, which are often higher than civil service salaries. Security permissions are still required.

“I refuse to believe that if the UK can figure out how to make classified networks, classified systems and the public-private domain tradable, we can’t understand that in Canada,” Cianfarani said.

“The siled approach that we know doesn’t work anymore. We think that should change and this budget hasn’t given us the warm fuzziness.”

Public Safety Minister Marco Mendicino, who helps oversee Ottawa’s national cybersecurity strategy, said one of his goals is to strengthen the cybersecurity workforce.

Part of that effort, he said, could involve looking abroad.

“I think we should create dedicated pathways to attract cybersecurity talent,” Mendicino said.

“We should never compromise safety just to hire someone. But what I’m talking about is working closely with provinces and provincial regulators to make sure that if someone comes in and has a strong degree or a degree that qualifies it, that bureaucracy and red tape doesn’t exist. That won’t stop us from integrating them as quickly as possible.”

For now, CSE said it is updating its recruiting programs and focusing on its co-op programs to bring in students.

“We recognize that there are challenges and limitations for those working in the security and intelligence community,” Koronewski said.

“But CSE’s job is to protect Canadians — our safety, our economy and our communities — and we take our job very seriously.