The National Cyber Threat Notification System (NCTNS) is Canada’s early warning service for cyber security offered by the Cyber Centre. It provides Canadian organizations with timely notifications on potential cyber threats to their systems. These threats may introduce cyber risk to an organization’s network. These threats include:
- technical vulnerabilities
- system compromises
- malware infections
NCTNS is a free service available to Canadian organizations of any size from any sector.
On this page
Benefits of NCTNS
NCTNS provides subscribers with information about cyber threats to their networks. Subscribing to NCTNS complements your organization’s existing cyber security practices by automatically:
- notifying your organization about observed vulnerabilities or malware infections that may introduce cyber risk to your networks
- providing your organization with better visibility on your external threat surface
How NCTNS works
The Cyber Centre ingests threat information from a variety of internal and external sources to help identify cyber threats to NCTNS subscribers. NCTNS compares this threat information with your organization’s Internet-facing network assets. If a cyber threat is found, NCTNS automatically sends your organization a notification. Each notification contains a description of the threat, the affected network asset, and a priority level.
Figure 1: How NCTNS works
Long description - Diagram showing how NCTNS works.
NCTNS subscribers from any sector submit information to NCTNS about their Internet-facing technology assets. NCTNS collects threat data from a variety of internal and external sources and compares it with organizations’ Internet-facing network assets. If a cyber threat is found, NCTNS automatically sends a notification. Organizations can receive NCTNS notifications via email, through an application programming interface (API), or both.
How NCTNS sends notifications
Your organization can choose to receive notifications through:
- email reports with links to technical details in 3 formats
- CSV
- JSON
- HTML
- an application programming interface (API)
- both email and API
When NCTNS sends notifications
If your organization receives a notification, it means that NCTNS has identified a cyber threat to your network.
These threats include:
- technical vulnerabilities
- system compromises
- malware infections
What to do when you receive a notification
Notifications contain technical details about the threat, coupled with information to support your organization in mitigating the threat. It is important to remember that a notification is not a confirmation of a security incident.
The Cyber Centre website contains helpful information to support organizations responding to cyber threats, including those identified by NCTNS. It provides free cyber security guidance developed by our cyber experts. Consult our guidance on common threats reported by NCTNS for more information.
Scope of NCTNS
NCTNS is a tool that complements your organization’s existing cyber security measures. It can be a valuable addition to your network defence strategy.
NCTNS is a notification service. Subscribers who wish to report cyber incidents should consult the Cyber Centre’s guidance for reporting cyber incidents.
Subscribe to NCTNS
To subscribe to NCTNS, email the Cyber Centre at contact@cyber.gc.ca. If you’re an existing Cyber Centre subscriber, contact your Cyber Centre engagement lead.
You will be asked to provide the following information:
- contact details for the individuals who will be receiving and actioning the notifications
- a list of your organization’s Internet-facing network assets, which can include
- IP addresses
- IP ranges
- domains
- autonomous system numbers (ASNs)
The network assets you provide must be Internet-facing, located in Canada, and owned or administered by your organization.
Modifying or updating your information
If you would like to update your assets, organization details, points of contact, or any other information related NCTNS, please contact the Cyber Centre.