Canadian Cyber Incident Response Centre (CCIRC)
CCIRC is Canada's national coordination centre responsible for reducing the cyber risks faced by Canada’s key systems and services. These systems, such as banks or phone service providers, are known as critical infrastructure.
CCIRC works within Public Safety Canada in partnership with provinces, territories, municipalities, private sector organizations and international counterparts. It also coordinates the national response to any serious cyber security incident.
Threats and Incidents
Critical infrastructure organizations, businesses and provincial/ territorial/municipal governments who have concerns or information about cyber security threats or incidents, should contact the CCIRC as soon as possible
To stay updated:
- Review cyber security bulletins and technical reports
- Follow the CCIRC RSS Feed
- Learn more about cyber security technical advice and guidance
The CCIRC issues alerts and advisories to their partners on potential, imminent or actual cyber threats, vulnerabilities or incidents affecting Canada's critical infrastructure.
Working in partnership with CCIRC
Truly effective cyber security requires collaboration and partnership. Contact the CCIRC if your organization is interested in partnering with CCIRC.
Products and services available to CCIRC partners:
- Advice and support to prepare for and mitigate cyber events.
In addition to the technical advice and guidance, partners also receive early detection indicators, summary, trend and operational analysis. They also regularly send out technical information on cyber threats, vulnerabilities, risks and incidents. These information resources help partners better understand the cyber risks and make informed decisions.
- Technical advice and support to respond to and recover from targeted attacks.
CCIRC provides its partners with technical advice, and performs malware analysis and forensics. In addition to its own expertise, CCIRC can draw on broader Government expertise and resources to help develop timely mitigation and recovery advice.
- Access to trusted forum for information sharing and collaboration.
CCIRC partners have access to the Community Portal, a collaboration tool for organizations, where they can share information and gain access to expertise and peer support. This portal is used to share CCIRC’s documents and publications and, in turn, partners can post documents of their own or report cyber incidents.
Information sharing levels
All CCIRC’s cyber awareness products for their partners have one of four information sharing levels, commonly known as the Traffic Light Protocol (TLP):
RED: Non-disclosable information and distribution is restricted to personnel. The information can only be disseminated with an agreement from the data owner.
AMBER: Limited disclosure and restricted dissemination for official use only — NOT for publication or broadcast in a public venue.
GREEN: Information can be shared with others, but not published or posted on the web.
WHITE: Information that is for the public. Unrestricted dissemination (publication, web-posting or broadcast) and any member can publish the information (subject to copyright.)
A TLP level is identified by organization offering the information (the source). If a product does not have a level, the information will be assumed to be AMBER, and the source be assumed to be RED. If a recipient has any doubt about the information sharing level being used, they should contact the source to clarify before taking any further action.
Cyber Security News Releases
October 2, 2017
August 16, 2016
February 9, 2016
Cyber Security - Publications and Reports
- Date modified: