As many of you know, the US National Institute on Standards and Technology (NIST) recently published its Framework on Critical Infrastructure Security. Here is one of many articles about it that gives a good summary.
Does Canada need something similar? If so, who would be the appropriate authority to issue it? Will the US framework spill over in any event to Canada, to set a civil standard of care for cybersecurity practices?
A number of American lawyers are advising that boards of directors of ‘critical infrastructure’ operations — a very broad class — have to be aware of these guidelines, . . . [more]