Cyber security report says Canada at risk

Oct 23, 2012 | News

Auditor General Michael Ferguson

Auditor General Michael Ferguson

By Claire McCormack

Auditor General Michael Ferguson. COURTESY FLICKR

Canada still has a long way to go to protect itself from cyber-attacks, according to a report released Tuesday by the Auditor General on the state of Canadian cyber security.

“Since 2001, the Government of Canada has made commitments to address the cyber threats to Canada’s critical infrastructure. Despite several past strategies and funding, we found that progress in achieving these commitments has been slow,” Auditor General Michael Ferguson said in the report, but added that since 2010 there have been significant improvements.

Ferguson criticized the government’s new cyber watch organization, the Canadian Cyber Incident Response Centre for its incomplete coverage of cyber monitoring.

The response centre does not operate 24/7.
“After seven years of existence, CCIRC still does not monitor cyber threats to critical infrastructure full time,” Ferguson said.

“There is a risk that there will be a delay in the sharing of critical information linked to newly discovered vulnerabilities or active cyber events reported to CCIRC after operating hours,” Ferguson said.

Wayne Boone, a professor at Carleton University with the Canadian Centre of Intelligence and Security Studies, said the government needs to draw on experts and students to help fill the gaps in cyber security monitoring and coordination.

“We’re very happy to help out, we’re very happy to work in a co-ordinating manner up to and including duty time in the response centre,” Boone told Humber News. “There’s so much opportunity for volunteerism.”

The report also looked at cyber security issues among departments such as CSIS, the Communications Security Establishment, the Privy Council office, the departments of Finance, Public Safety, Justice, Natural Resources and the Treasury.

Canada’s Cyber Security Strategy was launched in 2010 and aimed to co-ordinate information security measures among such government agencies but Ferguson’s report says co-ordination efforts have been slow.

“Cyber security has not gotten, and focused attention from anybody,” Andrew Graham, professor at the school of policy studies at Queen’s University, told Humber News.

“This is really an issue that has spread across all governments and across all of the private sector, and the sad part is getting all those people is a virtual impossibility without a crisis,” Graham said.

Despite that, the creation of Shared Services Canada is a promising development said Boone.

“Shared services Canada could in fact be the information system security panacaea for the future of secure intergovernmental and intra-governmental processing. You really need to take a centralized approach because of the incredible interconnectivity within and amongst federal departments and agencies,” Boone said.

Public Safety Minister Vic Toews responded to the report in parliament Tuesday.
“Our government is continuously working to enhance cyber security in Canada by identifying threats and vulnerabilities, and by preparing for and responding to all types of cyber incidents,” Toews said.