Services and tools catalogue for critical infrastructure – Canadian Centre for Cyber Security

Services and tools catalogue for critical infrastructure – Canadian Centre for Cyber Security

Summary

The Canadian Centre for Cyber Security (the Cyber Centre) publishes a consolidated catalogue of services, tools and programmes aimed at strengthening cyber resilience across Canada’s critical infrastructure (CI) sectors. The catalogue explains how organisations can onboard with the Cyber Centre, the role of its Partnerships team, and the breadth of guidance, readiness programmes, detection tools and community initiatives available to public and private partners.

The page highlights core offerings such as the Cyber Security Readiness Goals (CRGs), alerts and advisories, Assemblyline for automated malware analysis, the Aventail indicators-of-compromise sharing platform, the BeAVER threat repository, the Howler triage platform, time-sensitive cyber flashes, incident handling support, the Common Criteria and CMVP certification programmes, audit tools, threat briefings, and a range of education and community activities (Big Dig, GeekWeek, Learning Hub, Get Cyber Safe).

The catalogue also explains access models (open online access vs onboarding for Systems of Importance), and closes with an appendix explaining the Traffic Light Protocol (TLP) levels used for information sharing.

Source

Source: https://cyber.gc.ca/en/guidance/hidden/services-tools-catalogue-critical-infrastructure

Key Points

1. The Cyber Centre is Canada’s technical authority on cyber security and provides guidance, services and tailored support for critical infrastructure operators and other organisations.
2. Onboarding to some tools requires designation as a System of Importance (SOI) and coordination with the Partnerships team (email: partnerships-partenariats@cyber.gc.ca).
3. Cyber Security Readiness Goals (CRGs) offer 36 practical, cross-sector goals and a self-assessment toolkit to lift baseline cyber hygiene across organisations of any size.
4. Alerts, advisories and cyber flashes keep partners informed of vulnerabilities, active threats and fast-moving incidents; some notices are restricted to registered recipients and carry TLP labels.
5. Assemblyline (open-source) and the Assemblyline Malware web portal enable automated malware detection, file analysis and sample exchange with the Cyber Centre.
6. Aventail provides vetted IoC feeds in machine-to-machine (STIX/TAXII/MISP) and web-platform forms for automated defensive actions and integration with security products.
7. BeAVER is an unclassified repository of threat analysis reports accessible by web and API for machine-speed threat intelligence use.
8. Howler is an open-source alert triage platform that streamlines SOC workflows and empowers detection engineers and analysts.
9. Certification programmes—Common Criteria and CMVP—help organisations procure evaluated, standards-based products (including future post-quantum validations) to harden cryptography and devices.
10. Incident handling support, threat briefings, the National Cyber Threat Notification Service (NCTNS) and CyberPosture scorecards provide operational situational awareness and response assistance.
11. Audit tools, training (Learning Hub), public awareness (Get Cyber Safe) and collaboration events (Big Dig, GeekWeek) bolster capability development and community sharing.
12. The Traffic Light Protocol (TLP) appendix clarifies disclosure rules (TLP:red, amber, green, clear) for responsible information sharing.

Context and relevance

This catalogue bundles the Cyber Centre’s practical resources and operational services that directly support resilience of Canada’s critical systems — energy, finance, health, transportation and government services. For CI operators, the collection reduces friction when seeking vetted guidance, threat intelligence feeds, analysis tools and accredited procurement routes. It also reflects broader trends: increased sharing of machine-readable threat intelligence, reliance on open-source defensive tooling, and preparation for quantum-era cryptography.

Why should I read this?

Quick answer: if your organisation keeps anything critical online, you’ll want to know what free and partner-only services the Cyber Centre offers — from push notifications about compromises to tools that let you analyse malware or plug vetted IoCs straight into your firewall. It’s basically the cheat-sheet for getting aligned with national cyber defence without reinventing the wheel.

Author’s take (punchy)

This is essential reading for security leads and CISOs in Canada’s CI sectors. The catalogue is a one-stop map of operational services and certification routes that make real, practical improvements to defence and procurement. If you manage risk, triage alerts, or buy network equipment, skim the CRGs, Assemblyline, Aventail and CMVP sections now — the detail matters.