On this page
Onboarding to services and tools
This section describes the Cyber Centre’s cyber security mandate and the role of the Partnerships team to support Canadian critical infrastructure (CI).
Cyber Centre support to critical infrastructure
The Cyber Centre is part of the Communications Security Establishment Canada (CSE) and is Canada’s technical authority on cyber security. The Cyber Centre is the single unified source of cyber expert advice, guidance, services and support for Canadians and Canadian organizations.
Under Section 17 of the CSE Act, the Cyber Centre is authorized to provide cyber security and information assurance to help protect the electronic information or information infrastructures of federal institutions and designated systems of importance (SOI). SOI refer to Canadian organizations or entities that have been officially designated by the Cyber Centre as providing or supporting CI.
With access to unique foreign intelligence, the Cyber Centre can stay ahead of emerging threats. Their objective is to raise Canada’s cyber security bar so that Canadians can live and work online safely and with confidence.
Role of the Partnerships team
The Partnerships team within the Cyber Centre promotes cyber resilience to Canadian CI organizations by offering services and tools. Generally, these services and tools can be accessed online without pre-registration. However, certain tools require an onboarding process, which involves:
designating a Canadian CI organization as a SOI
enabling access to the services and tools
To get onboarded, contact the Partnerships team by email at partnerships-partenariats@cyber.gc.ca.
Cyber security guidance
This service/tool is offered to: Canadian CI sectors private industries public organizations
The Cyber Centre is the central knowledge base and provider of advice and guidance for cyber security best practices, security architecture, emerging technologies and threat assessments. An organization’s cyber security posture can be improved by following the Cyber Centre’s expert advice and guidance.
The Cyber Centre publishes relevant advice and guidance on topics that keep CI partners informed, such as:
In addition to publications, the Cyber Centre can provide tailored advice and guidance on a wide variety of cyber security topics, for example:
cyber security best practices
protecting enterprise information
security architecture
emerging technologies
cross-domain solutions
security assessment and authorization
electronic emissions security
cloud security
The Cyber Centre may not be able to provide specific, tailored advice for all requests. Instead, organizations will be directed to existing and related advice and guidance from the Cyber Centre or partner agencies.
To find publications and subscribe to the web feed, browse the Cyber Centre’s security guidance.
Cyber security readiness
The Cyber Centre provides resources to help Canadian organizations and CI increase their cyber security readiness.
Cyber Security Readiness Goals
This service/tool is offered to: Canadian CI sectors private industries public organizations
Implement foundational cyber security practices to strengthen an organization’s cyber security posture.
The cross-sector Cyber Security Readiness Goals (CRGs) consist of 36 foundational, realistic and achievable goals. The CRGs are intended for use by Canadian organizations regardless of size or sector and can also be leveraged by all CI operators. Each goal is linked to concrete recommended actions that, if taken, will elevate the cyber security posture of Canadian organizations and CI.
The CRGs provide a self-assessment toolkit that organizations can use to track their progress to improve their cyber security posture. The CRGs can help management and executives make informed decisions and prioritize investments in cyber security.
More information
Services and tools
The Cyber Centre contributes to improving the cyber security ecosystem by releasing some of its cyber resilience tools to the open-source community.
Expand | collapse all
Alerts and advisories
This service/tool is offered to: Canadian CI sectors private industries public organizations
Be informed of cyber vulnerabilities and threats affecting Canada’s CI. The Cyber Centre issues alerts and advisories on potential, imminent or actual cyber vulnerabilities affecting Canada’s CI.
Alerts raise awareness of recently identified cyber threats that may impact cyber information assets. Alerts also provide additional detection and mitigation advice. An alert can be viewed as an advanced advisory for products that need more amplification because:
they are broadly used
the impact is critical, or
an active exploitation has been reported
Advisories are the first level of the Cyber Centre’s cyber threat communications and are the most frequently produced. They are used to communicate information about product vulnerabilities and software security updates. They are published when specific trigger criteria are met to provide a timely report on current vulnerabilities and available updates. All advisories are published on the Cyber Centre’s website. They can also be accessed through RSS web feeds.
Browse the Cyber Centre’s alerts and advisories.
Automated malware detection and file analysis
This service/tool is offered to: Canadian CI sectors private industries public organizations
Use Cyber Centre resources to automate the detection and analysis of malware. The Cyber Centre provides a free, open-source tool and service called Assemblyline that detects and analyzes malicious files.
Assemblyline
Assemblyline is a tool designed to help cyber defence teams automate the detection and analysis of malicious files. The tool recognizes when a large volume of files is received within the system and can automatically rebalance its workload. Users can add their own analytics, such as antivirus products or custom-built software, into Assemblyline. The tool is designed to be customized by the user and provides a robust interface for security analysts. Organizations can host their own version of Assemblyline to set up a malware sandbox and easily integrate into their existing cyber defence technologies.
Assembyline Malware web portal
Assembyline Malware is the Cyber Centre’s online suspicious binary file analysis service. It is a Cyber Centre implementation of the Assemblyline file and malware analysis system. This service allows partners to disclose and exchange malware samples with the Cyber Centre. It allows for timely and automated results that an organization can integrate into their internal cyber triage processes. The report for a submission (file, URL, or hash) generates a score and alerts the analyst of potentially malicious intent. The detailed report view provides additional details, such as:
Internet Protocol (IP) addresses
embedded URLs
extracted files
attributions and other service results if present in the submission
More information
Automated sharing of indicators of compromise (Aventail)
This service/tool is offered to: Canadian CI sectors private industries
Access Cyber Centre indicators of compromise (IoCs) and automate their intake into your infrastructure.
Aventail is a platform for real-time sharing of IoCs and supplies high-confidence IoCs discovered by the Cyber Centre that may indicate potential intrusions on a host system or network. This service provides partners with prompt information to identify and prevent cyber attacks. Using a threat intelligence platform, Aventail’s vetted, high-confidence IoCs may be paired with mitigation actions to automate part of network defence by blocking traffic to or from known malicious sites.
Aventail comes in 2 versions:
Machine-to-machine
Machine-to-machine (M2M) is a feed of validated IoCs shared through standardized cyber threat intelligence sharing protocols, such as Structured Threat Information Expression (STIX), Trusted Automated Exchange of Intelligence Information (TAXII1/2) and Malware Information Sharing Protocol (MISP). The feed is information shared by other government partners, for example, CERTs. Aventail-M2M integrates directly with several commercial security products, such as:
threat intelligence platforms
security information
event management platforms
firewalls
Aventail-M2M allows for the automated and secure exchange of IoCs from the Cyber Centre.
Aventail web platform
The Aventail web platform hosts the same information provided by the automated M2M service, but in a more user-friendly, visual interface. IoCs can be exported in a variety of formats and imported directly into commercial security products. The Aventail web platform also gives partners the ability to view and manage their M2M connections.
Common criteria
This service/tool is offered to: Canadian CI sectors private industries public organizations
Improve your security posture by deploying certified cyber security products. Certified products have been tested by accredited commercial laboratories against internationally recognized standards.
The Cyber Centre operates the Canadian Common Criteria program, which is a member of the international Common Criteria Recognition Arrangement (CCRA). The CCRA is an agreement among more than 30 countries that mutually recognize one another’s certifications, allowing CI organizations to procure from an extensive list of certified products. Technologies on the list include:
firewalls
routers
printers
mobility devices
systems, software applications, and more
Vendors, working with an independent testing laboratory, have their products evaluated against international standards and detailed security specifications designed by technical communities. These efforts are overseen by a national certification body which publishes the results of the evaluation.
More information
Cryptographic Module Validation Program
This service/tool is offered to: Canadian CI sectors private industries public organizations
Employ secure cryptography in your organization by selecting products certified by the Cryptographic Module Validation Program (CMVP).
The CMVP is a joint effort between the U.S. National Institute of Standards and Technology (NIST) and the Cyber Centre. The CMVP validates the cryptography within IT products using the 140 series of the Federal Information Processing Standards (FIPS). The CMVP relies on accredited commercial labs to perform testing against the standards.
Procuring and deploying FIPS-validated products ensures that organizations are using Cyber Centre–recommended cryptographic algorithms that have been implemented correctly. Deploying FIPS-validated products also follows the Cyber Centre’s best practices for cryptography. As part of the effort to ensure that GC networks are quantum-ready, the CMVP will be validating modules that implement NIST’s quantum-resistant cryptographic standards.
More information
Cyber incident handling support
This service/tool is offered to: Canadian CI sectors private industries public organizations
Use Cyber Centre resources for assistance in handling cyber incidents to minimize victim impacts and disruptions to business operations.
The Cyber Centre receives reports on cyber incidents from various sources. With permission, the Cyber Centre shares the information, without attribution, to trusted partners and communities. The Cyber Centre offers technical advice and support to help mitigate the impact of the incident, facilitate recovery and strengthen overall cyber security posture. It assists in strategic coordination, ensuring that response efforts are aligned and collaborative. The Cyber Centre also shares critical threat intelligence to prevent further incidents.
To report a cyber incident, use Report a cyber incident.
Cyber Security Audit Program
This service/tool is offered to: Canadian CI sectors private industries
Assess the extent to which cyber security governance, policy compliance, risk management and protective measures are sufficiently planned and applied to minimize the risk of electronic intrusion.
The Cyber Security Audit Program is part of a series of 4 tools for auditors to use to assess the cyber security status of their organizations. The tools were initially developed for government but can be used by all Canadian organizations. No previous IT security audit knowledge is required to use the tools, which include:
placemat: a one-page overview of cyber security audit criteria and key sub-criteria
audit guide: definitions of cyber security terms and an overview of a cyber security audit
preliminary survey tool: a tool to assess your organization’s overall cyber security status and determine gaps
audit program: a detailed document outlining the audit criteria and sub-criteria for many types of cyber security audits
More information
Cyber threat briefings
This service/tool is offered to: Canadian CI sectors
Receive bi-weekly updates on the cyber threat landscape for CI.
The Cyber Centre threat briefings are a space where IT security professionals working in CI sectors across Canada can learn about recent cyber incidents and the changing threat landscape. CI organizations can listen to Cyber Centre subject matter experts share their knowledge on a variety of topics and participate in community discussions. The briefings include:
a cyber threat review
upcoming events
community open discussion
Cyber threat notifications
This service/tool is offered to: Canadian CI sectors private industries
Receive cyber threat notifications for potential infection, misuse and vulnerabilities. Cyber threat notifications also provide situational awareness data and a peer-based comparison to other organizations within the same sector.
The Cyber Centre provides the following services for cyber threat notifications:
National Cyber Threat Notification Service
The National Cyber Threat Notification Service (NCTNS) is a service that notifies Canadian organizations, through email or API, of:
potentially misconfigured services
vulnerabilities
compromised infrastructure on their external-facing network assets
The NCTNS does not perform a scan of the organization’s network. Instead, it relies on data received from trusted open-source and commercial threat feeds and the Cyber Centre. Compromises that would trigger a notification include:
indications of the presence of malware
command and control servers
misuse of the network
Examples of vulnerable services include unencrypted internet exchange protocols and unsecure software and applications. An NCTNS notification does not confirm a data breach.
CyberPosture scorecards
The CyberPosture scorecards is a monthly report featuring events related to cyber activity and vulnerable services occurring on Canadian IP addresses owned or used by an organization. The Cyber Centre receives notifications of events in Canada and notifications reported by third parties. The Cyber Centre performs daily deduplication of redundant events and compiles results into the scorecards. The CyberPosture scorecards is a complementary service to the NCTNS.
Database of known cyber threats (BeAVER)
This service/tool is offered to: Canadian CI sectors private industries
Access Cyber Centre databases of cyber threats and use them to understand threats to an organization’s network.
Behavioural Analysis using Virtualization and Experimental Research (BeAVER) is an unclassified repository of millions of cyber threat analysis reports gathered by the Cyber Centre. The repository includes cyber threat intelligence, such as:
static analysis reports: file hash, entropy, file type
heuristic analysis reports: antivirus hits, intrusion detection system signature hits
dynamic analysis reports: packet capture, URLs, domains, IP addresses
In addition to the web interface, BeAVER data is also accessible through a RESTful API, allowing machine-speed access to the Cyber Centre’s cyber threat intelligence platform. The API is used by partners and Cyber Centre analysts for threat analysis.
Open-source triage platform (Howler)
This service/tool is offered to: Canadian CI sectors private industries public organizations
Elevate your security operations centre’s efficiency with Howler to efficiently triage alerts.
Howler is the Cyber Centre’s open-source triage platform that enables triage analysts to streamline their workflows and enhance alert-handling capabilities. Unlike other open-source products, Howler empowers triage analysts to take control of their entire workflow. It allows detection engineers to generate these alerts independently from analysts’ workflows.
More information
Time-sensitive alerts (cyber flashes)
This service/tool is offered to: Canadian CI sectors private industries
Be informed of active, time-sensitive threats to the GC and Canadian interests.
A cyber flash (CF) is a time-sensitive alert that describes an immediate or active security issue believed to be targeting the GC or systems of importance to the GC. Examples of situations that warrant a CF include:
the public release of an exploit that, is related to a previous advisory or alert
rapidly spreading malicious code
an imminent threat against the GC, CI and other related industry networks
denial-of-service activity
CFs often contain indicators of compromise and suggested actions to mitigate threats. CFs are only delivered to registered recipients via email and are marked with an appropriate Traffic Light Protocol (TLP) label. For more information on the TLP, refer to the Appendix below.
Education and community
The Cyber Centre contributes directly to the cyber security community by educating Canadians and working directly with partners. By helping Canadians develop and improve their skills and knowledge, the Cyber Centre is helping to build a more cyber-secure Canada.
Expand | collapse all
Big Dig
This service/tool is offered to: Canadian CI sectors private industries
The Big Dig is an annual, invitation-only, classified conference hosted by the Cyber Centre. It brings together participants from GC departments, Canadian industry, and the Five Eyes community. Over 2 weeks, participants set new standards in cyber innovation through collaboration and exploration. This critical operational initiative plays a vital role in developing cutting-edge cyber security solutions, directly advancing CSE’s mandate to promote a cyber-safe Canada.
Each year, the Big Dig ignites creativity, produces groundbreaking technologies and prototypes, and leaves participants inspired, empowered and ready to conquer new challenges in cyber defence.
Key points on the Big Dig include:
participation from Canada’s Five Eyes partners
the event receives over 200 applications and continues to grow each year
participants are divided into teams based on expertise and pre-selected interest areas
Top Secret clearance is required to participate
At the end of the event, teams present their findings and accomplishments to guests, executives, participants and key stakeholders. A winner is chosen by the audience.
Read more about the Big Dig.
Cyber Centre speakers for events
This service/tool is offered to: Canadian CI sectors private industries
Request a speaker from the Cyber Centre to give a presentation.
The Cyber Centre makes executives and staff available for speaking engagements, time and schedules permitting. This includes activities such as:
keynote speeches
panel appearances
addresses to company boards of directors
cyber security awareness briefings for employees
technical talks
More information
GeekWeek
This service/tool is offered to: Canadian CI sectors private industries
Participate in a collaborative, innovative, problem-solving workshop held at the Cyber Centre in Ottawa.
GeekWeek is an annual, invitation-only, unclassified, workshop organized by the Cyber Centre. It brings together key players in the field of cyber security from all over the world to generate solutions to vital problems facing the industry. The workshop is an opportunity for teams to collaborate in new ways and improve the overall cyber security landscape. GeekWeek representatives include:
critical incident response teams
CI partners: government, finance, health, academia
international cyber security partners
This 10-day workshop starts with meeting new team members and working on specialized projects. The projects are then presented to fellow participants and executives at the closing ceremonies on the last day of the event. Participants receive access to the code that they developed during GeekWeek. Participants may also subscribe to the tools that they used during the workshop.
GeekWeek has produced innovations and advances in areas such as:
malware detection and analysis
spam and log analysis
mobile malware analysis systems
anti-ransomware
information-sharing technologies and standards
cyber sovereignty/geographic data flows
cyber health and forecasts
botnet traffic analysis
fly-away kit/laptops
More information
Get Cyber Safe
This service/tool is offered to: Canadian CI sectors private industries public organizations
Get Cyber Safe is the GC’s national public awareness campaign to inform Canadians and small Canadian businesses about cyber security. The campaign lists the simple steps Canadians and small Canadian businesses can take to help protect themselves online. The campaign is led by CSE, with advice and guidance from the Cyber Centre.
Get Cyber Safe offers a variety of bilingual and shareable resources on countless cyber security topics. The campaign makes complex cyber security topics easy to understand and uses a variety of eye-catching, humorous and engaging tactics to help all Canadians stay safe online.
Get Cyber Safe relies on partnerships to better reach the Canadian population. Organizations can submit partnership and collaboration ideas or requests for specific resources.
More information
Learning Hub
This service/tool is offered to: Canadian CI sectors private industries
Develop cyber security skills and knowledge in a formal learning environment.
The Cyber Centre Learning Hub is a source for leading-edge learning activities and programs for cyber security. The Learning Hub’s services include over 60 courses that can be provided through:
instructor-led classroom and virtual sessions
free self-paced e-learning
blended training
Cyber Centre partners can take advantage of courses on topics such as:
cyber security fundamentals
cyber security for Internet of Things devices
supply chain cyber security
cyber security considerations for consumers of managed services
secure software development
More information
Walk-the-talk sessions
This service/tool is offered to: Canadian CI sectors private industries
Enhance understanding of special topics of interest.
The Cyber Centre organizes ad hoc walk-the-talk sessions for IT security professionals working in CI sectors. These 30-minute virtual sessions contain actionable information on a topic of interest and are presented by the Cyber Centre or an industry partner. Previous walk-the-talk topics include:
securing IT and operational technology convergence
mitigating cyber threats by leveraging the National Cyber Threat Assessment 2025-2026 and CRGs
Royal Canadian Mounted Police National Cybercrime Coordination Centre
baseline cyber threat assessment: Cybercrime
the quantum threat to cyber security and post-quantum cryptography
living off the land and threat hunting
Appendix: Traffic Light Protocol (TLP)
TLP is a set of labels used to indicate the sharing boundaries that recipients apply to ensure responsible sharing of sensitive information. Each TLP level is described below.
TLP:red
For the eyes and ears of individual recipients only, no further disclosure.
Sources may use TLP:red when information cannot be effectively acted upon without significant risk for the privacy, reputation, or operations of the organizations involved. Recipients may therefore not share TLP:red information with anyone else. In the context of a meeting, for example, TLP:red information is limited to those present at the meeting.
TLP:amber + strict
Limited disclosure, recipients can only spread this on a need-to-know basis within their organization only.
Sources may use TLP:amber + strict when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may share TLP:amber + strict information with members of their own organization only, but only on a need-to-know basis to protect their organization and prevent further harm.
TLP:amber
Limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients.
Sources may use TLP:amber when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may share TLP:amber information with members of their own organization and its clients, but only on a need-to-know basis to protect their organization and its clients and prevent further harm.
TLP:green
Limited disclosure, recipients can spread this within their community.
Sources may use TLP:green when information is useful to increase awareness within their wider community. Recipients may share TLP:green information with peers and partner organizations within their community, but not via publicly accessible channels. TLP:green information may not be shared outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community.
TLP:clear
Recipients can spread this to the world, there is no limit on disclosure.
Sources may use TLP:clear when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:clear information may be shared without restriction.
For more information on the TLP, read Forum of Incident Response and Security Teams: Traffic Light Protocol.