Thank you, Chair.
I would like to thank the committee for giving me the opportunity to speak today about cybersecurity in the financial sector.
I'm the Executive Director of the Canadian Cyber Threat Exchange, CCTX. I'll highlight the work of the CCTX because I believe it has a direct bearing on the current focus of this committee's inquiries.
The CCTX is a not-for-profit organization established by the private sector with two broad mandates. First, we operate a cyber-threat information exchange to deliver actual intelligence to our members. Second, we provide a collaboration hub for the sharing of best practices among cybersecurity professionals. We're a relatively new organization, having commenced basic operational capacity just two years ago. I'll provide a few additional comments on our services in a minute.
The founding principles of the CCTX make it unique. First, our aim is to attract members from all sectors of the economy, not just those from critical infrastructure. We currently have members from accounting companies, law firms, the health sector, construction firms, entertainment companies, airport authorities and technology companies, among others.
Second, the large companies that founded the CCTX made it clear that the CCTX cannot be just for large organizations. We need to attract small and medium-sized organizations. In every sector of the economy, all sizes of organizations are experiencing cyber-attacks. We've grown from the initial nine founding members to just under 60 today, with additional applications being processed weekly.
In January this year, we changed our membership and fee structures to make membership more attractive to small and medium-sized organizations. Those changes have been really well received. Small organizations now represent 28% of our membership, and we're working to ensure this number grows significantly. As we increased the number of small organizations, we were developing cybersecurity reports and services specifically tailored to meet the needs of the small business owner.
I'll briefly highlight two of the service delivery areas.
We operate a cyber-threat information-sharing hub. Threat information is provided by participating member organizations. The threat intelligence received does not contain personal information, and the source of the information is anonymized.
The CCTX also receives cyber-threat information from the new cyber centre. We're pleased to be the first organization to sign a collaboration agreement with the new cyber centre. This is an important partnership for the CCTX and the government. We believe we will benefit from the full cybersecurity capability the government offers, and the government is going to benefit by our being able to extend the reach of what they're doing to small parts of the economy they no longer service, particularly those areas outside the core critical infrastructure.
The CCTX also offers its members an opportunity to provide threat-related information to the government, while keeping their identities anonymized. As we continue to grow, we'll provide the government with a broader understanding of how cyber-threats are impacting the entire Canadian economy.
This committee previously heard from witnesses on the importance of developing the cyber workforce required to defend the Canadian economy. The CCTX plays a role in assisting the private sector in developing and retaining the skills they require. Our cross-sector collaboration capability provides a variety of forms to bring together cybersecurity professionals to share best practices and ideas. Practitioners get together to discuss new topics such as the new techniques that are being used by attackers, new defence technologies and strategies, and changes in the legal landscape that companies should be aware of. We deliver this capability through monthly webinars and in-person collaboration events. The time employees devote to participating in these events contributes to their retention of their professional certifications.
Financial institutions understand the importance of collaboration, which is why all six of Canada's largest banks belong to the CCTX. The banks recognize that through collaboration they can raise their own defences and make it more expensive for the attacker. We provide a unique cross-sector sharing forum. As an example of the beneficial and unique relationship of the CCTX, work is being done through our portal between the financial institutions and telecommunications companies on a very specific cyber-threat.
Banks have built an impressive capability to defend their networks from cyber-attack, and they are now launching a new initiative through the CCTX. They would like to share their expertise with SMEs and are working with us in helping to raise the maturity of SMEs in every sector's supply chain, not just those relating to financial services. Each bank has identified an area of expertise and presentations have been developed that focus on the needs of small and medium-sized enterprises. We're currently working on the delivery mechanism for this important initiative.
Collaboration starts with building a trusted relationship. The CCTX provides an environment where the trust can flourish. We're building a community where members don't have to be operating in isolation. When a crisis occurs, they have a community to which they can reach out for assistance. Creating this organization that shares threats and best practices across sectors and all sizes of companies is a key pillar to achieving the desired level of security in order to protect Canada's economic prosperity. Collaboration means you don't have to do it all yourself because “none of us is as smart as all of us”.
I look forward to your questions.