On August 3, Head of the Canadian Centre for Cyber Security (CCCS) Sami Khoury announced on LinkedIn that he is leaving the role after more than three years. Sami Khoury has been the longest serving head of the CCCS after it was created in 2011 and has led it into becoming a global leader in cyber security. While Khoury may not be the most outspoken of leaders, he has a great job of turning the CCCS from a fledgling organization still trying to find its place and footing to now being one of the most important, vital organizations in Canadian cyber security and defence.

While we all wish Sami Khoury best of luck in future endeavors, it looks like he may not be going too far. In his post, Khoury stated that he has started his new role as “Government of Canada Senior Official for Cybersecurity.”

Little to no public details exist yet about what this position is, but all indications is that this is a new senior government position that is meant to be the overall government-lead on on cyber security. If this is the case, this is something that everyone in industry and academia have been calling for. The lack of cabinet and senior levels of government’s attention on cyber security has been noticed and watched for many years. Despite progress in many areas by the CCCS, CSE, and others, the lack of management, commitment, and engagement by cabinet and other senior government officials means it is deprioritized at a time where it needs to be a front and center concern for the government.

I eagerly await to see if there is a bigger announcement by the government. Although this government loves to make an official announcement about everything, cyber security is often an area that does not, which sends the message that this government does not view cyber security as a serious issues. Nevertheless, we must recognize and commend the government when they make good actions like positive reinforcement with a child.

It remains to be seen what exactly this role is and what Khoury will be doing. We are due for the new National Cyber Security Strategy very soon, so we are likely to possibly not hear more until then. This could be an initial indication that the new National Cyber Security Strategy may drop soon, but at this point this is all rumor.

Update September 4 6:02 PM:

It looks like the Communications Security Establishment has recognized that not much information exists out there about what the Senior Government Official for Cyber Security is or does, so the Communications Security Establishment released a statement to clarify and linked to the official announcement. The position is a Treasury Board Secretariat position where he will work with Deputy Ministers to guide cyber security policy.

If this is what it sounds like, this may situate the Senior Government Official for Cyber Security as a central figure in the Deputy Minister Committee on Cyber Security. This Committee is the primary means that the government coordinates and sets cyber security policy throughout the government. In other words, Canada has long conducted cyber security policy by committee. An ADM cyber security committee subsequently supports this committee. I hope that Khoury and the role of senior government officials for cybersecurity will play an important role in better guiding government policy through these committees.

Update September 5, 8:20 PM: I received some clarification about where this role is situated in the government. The Senior Government Official for Cyber Security is not specifically a Treasury Board Secretariat position but a CSE position that reports to the Chief of CSE (who happens to be the Chair of the Deputy Minister Committee on Cyber Security). Although still with CSE, he'll work closely with TBS, the Privy Council Office, and others.

So, while the position will work with the DM Committee on Cyber Security, as I suspected, this will be only one pathway that is likely to play an important role in helping move the overall federal government's cyber security policy forward.

Share