Canadian Cyber Incident Response Centre (CCIRC)

CCIRC helps ensure that many of the services which Canadians rely on daily are secure. It assists in securing the vital cyber systems of provinces, territories, municipalities and private sector organizations while collaborating closely with partners, including international counterparts and information technology vendors.

Many of CCIRC's products are available to the public, and the expertise of its highly trained and experienced staff is drawn upon to share information on cyber threats with partners. Additionally, when CCIRC becomes aware of malicious activities, it takes steps to notify owners of compromised systems, focusing on computers in critical infrastructure and provincial, territorial, or municipal government.

CCIRC highly recommends that organizations implement the Top 4 Strategies to Mitigate Targeted Cyber Intrusions. These strategies are among the most effective steps an organization can take to protect its systems against targeted cyber attacks. These strategies have been endorsed by numerous parties, including the Communications Security Establishment Canada (CSEC). By implementing these four strategies, organizations can prevent as much as 85% of targeted cyber attacks.

Mandate

In support of Public Safety Canada's mission to build a safe and resilient Canada, CCIRC contributes to the security and resilience of the vital cyber systems that underpin Canada's national security, public safety and economic prosperity.

As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber events. It does this by providing authoritative advice and support, and coordinating information sharing and event response.

What CCIRC Does

Owners and operators of vital cyber systems whose identities have been verified through an authentication and reference process have access to the following CCIRC products and services:

• Advice and support to prepare for and mitigate cyber events. CCIRC disseminates various technical and IT manager-focused products that offer guidance, early detection indicators, summary, trend, and operational analysis. Additionally, CCIRC shares technical information on threats, vulnerabilities, risks and incidents with its partners to enhance collective understanding of cyber threats and incidents and help ensure organizations have the information required to make informed decisions.
• Technical advice and support to respond to and recover from targeted attacks. CCIRC provides its partners with technical assistance, and performs malware analysis and forensics. In addition to its own expertise, CCIRC can draw on broader Government expertise and resources to help develop targeted mitigation and recovery advice.
• Access to trusted fora for information sharing and collaboration. CCIRC provides partners access to fora where they can share information within their communities of interest, or more broadly should they wish, and gain access reciprocally to information, expertise and peer support. The CCIRC Community Portal provides a common collaboration tool for organizations that are part of Canada's critical infrastructure sectors. CCIRC uses this portal to share its most recent documents and publications with its partners. In turn, partners have the option of posting documents of their own, and can also use this portal to report cyber incidents to CCIRC. For more information please contact CCIRC.

CCIRC works with domestic and international partners to address significant cyber security concerns. Organizations, including critical infrastructure organizations and provincial, territorial or municipal governments, that have concerns or information about cyber security incidents are encouraged to visit our Report a Cyber Security Incident page.