Terms and Conditions for Grants and Contributions under the Cyber Security Cooperation Program

1.0 Authority

The Minister’s authority to make transfer payments is provided for by section 6(1)(c) of the Department of Public Safety and Emergency Preparedness Act, S.C. 2005, ch.10. It provides that the Minister of Public Safety and Emergency Preparedness may, in exercising his or her powers and in performing his or her duties and functions, and with due regard to the powers conferred on the provinces and territories, make grants or contributions.

Sections 4(1)(m), (o), (p) and (q) of the Emergency Management Act assigns responsibility to the Minister for such things as promoting the adoption of standards and best practices and the conduct of research with respect to emergency management while section 6(1) assigns responsibility to the Minister to identify the risks that are within or related to his area of responsibility.

2.0 Purpose

The Department of Public Safety and Emergency Preparedness’s (the Department) Cyber Security Cooperation Program (CSCP) aims to contribute to the federal government’s leadership role in advancing cyber security in Canada. By enabling close collaboration with other levels of governments, the private sector, academia, and non-governmental organizations, the CSCP’s purpose will be to commission research and yield comprehensive results that help position Canadian governments, businesses, and citizens to better anticipate trends, adapt to a changing environment, and remain on the leading edge of innovation in cyber security.

3.0 Duration

The current terms and conditions for the CSCP will be valid from the date they receive approval from the Treasury Board Secretariat until March 31, 2024.

4.0 Objectives

In alignment with the goals and priorities of the new National Cyber Security Strategy (NCSS), the CSCP is comprised of the following three streams and related objectives:

  1. Security and Resilience: The number and complexity of cyber threats continues to increase. The goal of this stream is to incentivize research and action in the area of cyber resilience. This includes projects that aim to encourage national action to bolster the security and resilience of Canadian systems to cyber threats, and to increase the national cyber security baseline across the country. Funding will be provided for projects that enhance the capacity to prevent, mitigate, and respond to advanced cyber attacks targeting Canadian systems and institutions, and help defend critical government and private sector systems. This includes supporting activities that not only encourage and assist non-federal partners to better protect themselves, but also ensure that Canadian cyber systems are prepared for and can take advantage of rapid technological advancements.
  2. Cyber Innovation: Canada will need to develop innovative cyber security tools and areas of cyber specialization if it is to remain at the forefront of emerging technology and raise a new generation of connected, cyber-capable Canadians. The goal of this stream is to position Canada to take advantage of the economic benefits that can derive from innovations in the cyber security field. Funding will be provided for projects that assist Canadian governments, businesses and citizens in anticipating trends, and that address emerging threats to cyber security posed by disruptive and emerging technologies. This includes support for advanced research and development, and for projects that advance cyber security skills and knowledge in Canada.
  3. Effective Leadership: Canada’s success in cyber security will depend on multiple actors working together on complex and evolving issues. The goal of this stream is for the Government to demonstrate leadership and promote national coordinated action to advance cyber security knowledge, skills and innovation in Canada. Funding will be provided to support projects that enhance stakeholders’ collaboration and coordination in increasing the body of knowledge and understanding of cyber security issues, and ensure that Canadian values and interests are strengthened, preserved and defended. This includes projects that increase public awareness of cyber threats, as well as projects that begin to address the fundamental gap in available current Canadian data and metrics related to cyber security, with a view to improve decision-making.

5.0 Expected Results / Performance Measurement Strategy

The CSCP contributes to the achievement of departmental and governmental objectives of building a safe and resilient Canada, and enhancing Canada’s resilience to cyber events and incidents. It falls under section 1.1 (National Security) and section 1.1.3 (Cyber Security) of the Department’s Program Inventory.

The CSCP plays a critical role in working towards the expected outcomes and goals of the new “National Cyber Security Strategy: Canada’s Vision of Security and Prosperity in the Digital Age”. It aims to help Canada address evolving cyber threats, realize the economic benefits of cyber security and enhance national collaboration and engagement of stakeholders.

Expected Results

Expected Results

Key performance measures and indicators

The understanding of cyber vulnerabilities and threats is enhanced among stakeholders.

Percentage of stakeholders that indicate having an increased awareness of cyber threats and vulnerabilities.

Research funded through the CSCP helps to ensure that the Department’s decision making is evidence-based.

Percentage of CSCP research projects cited in National Cyber Security Directorate (NCSD) policy and guidance documents.

Non-federal Canadian systems and information are less vulnerable and better secured against cyber threats.

Percentage of stakeholders that indicate an overall improvement of their cyber security posture.

Percentage of stakeholders that indicate that they are adopting cyber best practices.

The Department will draw on the horizontal performance measurement strategy for the NCSS, to ensure that appropriate indicators are established and to promote an effective evaluation of the program.

6.0 Eligible Recipients

Grants and Contributions may be provided to the following classes of Recipients:

  1. Canadian not-for-profit organizations;
  2. Canadian academic and research institutions;
  3. Provincial, territorial and local governments and authorities; and,
  4. Canadian individual researchers and professionals.

In addition to the above list, Contributions may also be provided to the following class of Recipients:

  1. Canadian for-profit organizations.

7.0 Nature and Type of Eligible Initiatives or Projects

The nature and type of initiatives or projects that are considered eligible for funding must be aligned with the objectives of one of the CSCP’s three streams, as listed under Section 3.0 of the current Terms and Conditions document. They may include the following:

Nature and Type of Eligible Initiatives or Projects

Stream

Potential Initiatives or Projects Eligible for Funding

Security and Resilience

  • Research and development of new technologies and tools for increasing the security and resilience of Canadian cyber systems, including for the prevention, mitigation and/or response to cyber attacks.
  • Development and dissemination of knowledge products, training or best practices aimed at increasing stakeholders’ understanding of technological advancements, cyber threats and vulnerabilities.
  • Support for non-federal partners’ implementing actions to better protect their systems and information.

Cyber Innovation

  • Research and development of innovative cyber security tools, products and solutions, including for addressing threats posed by disruptive and emerging technologies (e.g., Internet of Things, Smart Cities, Fintech, quantum computing, etc).
  • Academic research to expand the cyber knowledge base, with a view to help identify and anticipate upcoming trends.
  • Support for training and other educational programs to advance cyber security skills and knowledge, and increase the number of cyber security professionals in the Canadian workforce. These projects could include:
    • Workshops, colloquiums, conferences and other educational forums and programs.
    • Development and dissemination of materials to support training and education.
    • Other projects promoting STEM (science, technology, engineering, mathematics) fields across all levels of education.
  • Increase the availability and access of cyber innovations, including through the commercialization of new technologies.

Effective Leadership

  • Projects and initiatives that aim to increase public awareness of cyber threats, such as public awareness campaigns or other communication activities.
  • Projects and initiatives to generate/gather metrics and data to support decision-making, such as the production and analysis of datasets.
  • Projects and initiatives that promote collaboration and the exchange of information and knowledge among multiple stakeholders.

8.0 Eligible Expenditures

Funds may only be used for eligible expenditures that have been identified in a budget approved by the Department. Eligible expenditures will be those that are incurred by the Recipient, are reasonable, incremental, directly related to, and required to carry out the project activities.

Eligible expenses include:

  1. salaries and wages for permanent or temporary professional, clerical, technical and administrative services, and stipends (including expenses for international staff);
  2. consultation fees, and audit fees;
  3. training or educational fees (e.g. courses, workshops, etc.);
  4. conference room and meeting room rentals;
  5. office equipment and minor capital acquisitions net of disposal (less than $5,000 per acquisition);
  6. reasonable travel and living expenses related to the delivery of the project, including transportation rental fees;
  7. honoraria, defined as time limited remuneration for a volunteer service or participation in project delivery that is consistent with, and essential to the attainment of, the project’s objectives;
  8. computer services, library expenses, research costs and collection and analysis of statistics;
  9. public awareness and educational activities consistent with the project’s objectives;
  10. translation and simultaneous interpretation activities;
  11. hospitality (meals and refreshments), only in the context of research projects where focus groups are undertaken;
  12. shipping charges, postage, licenses, and other fees; and,
  13. federal and provincial taxes (only after credits and reimbursements have been considered).

Other eligible expenses:

Administrative & overhead costs which may not be explicitly incurred for the purpose of the delivery of the project, but enable its achievement, could be considered as other eligible expenses. These costs may not be effectively tracked to the project. Therefore, they will be apportioned to the project based on a reasonable methodology predefined in writing by the Recipient, in the budget request submitted at the onset of the agreement. Combined, these expenses should not exceed 15% of the total eligible project costs funded by the Department.

The nature of these costs should not be covered under any of the other above categories. They may include:

  1. office supplies;
  2. printing;
  3. publishing;
  4. distribution; and,
  5. promotion.

Ineligible expenses:

  1. capital costs, such as land, buildings, vehicles and most other major capital costs (more than $5,000 per acquisition);
  2. hospitality (meals, beverages or refreshments, and entertainment);*
  3. rent, normal utilities such as electricity, heat, water and telephone, maintenance of offices and other buildings, insurance and taxes; and,
  4. contributions to Employment Insurance, the Canada Pension Plan, the Workers’ Compensation Board, the Provincial Pension Plan or other Employee Benefit Plans.

*Food and refreshment may be considered eligible costs in the context of research projects where focus groups are undertaken.

9.0 Maximum Amount Payable and Period

Funding amounts will be determined based on an assessment of the Recipient’s planned activities and budget submission, previous financial performance, and capacity of the Recipient to achieve results.  The CSCP’s review authorities will also take into consideration similar projects and other sources of funding. Assistance will be provided at the minimum level required to ensure the project can proceed within the proposed time, location and scope, and to further the CSCP’s objectives and expected results. Any contributions made to for-profit organizations are not intended to allow the business to generate profits or to increase the value of the business.

The maximum amount of financial assistance payable to each Recipient will be limited by the Vote appropriated for this purpose, the availability of the CSCP funds and the number of successful applicants. The maximum funding amount shall not exceed $300,000 annually per Contribution. In the case of for-profit organizations, the maximum funding amount shall not exceed $100,000 annually per Contribution. The maximum funding amount shall not exceed $150,000 annually per Grant.

Funding agreements may be in the form of multi-year funding. No project will extend beyond March 31, 2024.

10.0 Stacking Limit

The Department will ensure that contributions made under the funding program do not cover expenses already covered through another funding program or strategy. To that effect, Applicants/Recipients will be required to disclose all confirmed and potential sources of funding (governmental and non-governmental) for a proposed project, before the start and at the end of a project.

Where possible and appropriate, the cost of an eligible activity will be shared between the Department, the Recipient and/or external funders. The Department will ensure that the total Canadian government funding (federal/provincial/territorial/municipal assistance) does not exceed 75% of the total eligible expenditures. 

11.0 Method of Payment

Grants:

Payments will be issued in the form of instalments, unless the full amount is required in a single payment to meet the objectives of the grant.

Payments can be made up to a portion of the grant amount prior to completion of the project, as determined by an assessed level of risk.

Recipients must meet, and continue to meet, the specific Terms and Conditions of the Grant Agreement, prior to payments being made.

Contributions:

Payments for contributions, including advance payments, will be issued to Recipients pursuant to the provisions of the Treasury Board Policy on Transfer Payments and based on the reimbursement of eligible expenditures. Payments can be made up to a portion of the contribution amount, based on a cash flow requirement and on a Risk Assessment of the Recipient. The assessed level of risk will also determine requirements for a holdback provision to be included in the Agreement.

Progress payments will be issued to reimburse the Recipient for expenditures made. They will be based upon receipt and acceptance by the Department of interim financial and non-financial project reports outlining the activities and expenditures to date.

Where advance payments are required for the successful implementation of the project, they will be issued in accordance with the Recipient’s cash flow requirements and the Agreement’s risk profile.

Recipients must meet, and continue to meet, the specific Terms and Conditions of the Contribution Agreement, prior to payments being made.

Provided that the recipient has met the Terms and Conditions of the Contribution Agreement, a final payment will be made only upon receipt and acceptance of a final financial statement covering the duration of the project. When deemed necessary by the Risk Assessment, audited financial reports will be requested for the project.

12.0 Application Process and Requirements

A Call for Proposals (CFP) will be issued up to twice per fiscal year. Each CFP will be posted on the CSCP website for a duration of three weeks and will lay out the specific application requirements, such as the necessary forms and guidelines.

For the Department to consider a project proposal, all applicants will be required to provide the following supporting material:

Depending on the nature and duration of the project, the following additional supporting material could be requested:

In addition, to prevent the risk of conflict of interest, the recipient must:

Unsolicited proposals submitted outside of the official Call for Proposals timeframe could be considered, at the discretion of the CSCP. In such cases, Applicants should consult the CSCP to discuss their project prior to submitting a completed application.

13.0 Review Process and Assessment Criteria

 

Proposals for consideration under the CSCP will be reviewed against program criteria by the selection committee. The selection committee will be chaired by the Director General, National Cyber Security Directorate (NCSD) or their delegate, and made up of officials from federal departments and agencies responsible for cyber security, appointed to the selection committee by the Department’s Senior Assistant Deputy Minister, National Security.

In reviewing the eligibility of Recipients for grants, NCSD will use the following criteria:

In reviewing and recommending proposals, NCSD will take into consideration, as applicable and appropriate:

In reviewing and recommending proposals, NCSD will have evaluation criteria for each call for proposals and category. In addition to the eligibility criteria and priorities identified under each stream, applications will be assessed on their merit, level of risk, and alignment with the program objectives.

14.0 Monitoring and Reporting

Grants:

Recipients will be required to report on results achieved, to support the CSCP’s performance measurement strategy and departmental reporting. Specific reporting requirements will be included within each Grant Agreement.

Contributions:

A schedule of reporting requirements will be included within each Contribution Agreement.

Recipients are required to provide the Department with reports outlining the activities undertaken in support of their approved project. Reports are to include the results to be achieved with the funding provided under the CSCP, and the methods used. In addition, Recipients will be required to provide detailed financial reports outlining the costs incurred in relation to their approved project, including a final accounting of eligible expenditures.

Based on an assessed level of risk as identified by Recipients and assessed by the Department’s internal review committee, Recipients may be required to provide the Department with an update on progress towards eligible activities, as deemed necessary. This will be used for monitoring and reporting purposes, to determine whether objectives and targets are being (or are likely to be) met.

15.0 Official Languages

The Department will work with Applicants/Recipients in their preferred official language. All material and information related to the program will be made available by the Department in both official languages.

The Recipients’ communication with, and delivery of services or benefits to the public will be made available in both official languages, in accordance with the Official Languages Act and the Treasury Board’s policies and directives on official languages.

16.0 Intellectual Property

If a project produces intellectual property, the Recipient retains copyright of any work produced under the Contribution Agreement. However, in situations where the Department wishes to use the intellectual property produced by a Recipient, additional clauses may be included in the Contribution Agreement or the Department may negotiate a licence with the Recipient.

Date modified: