Skip to main content Start of content

OGGO Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

Previous day publication Next day publication
Skip to Document Navigation Skip to Document Content






House of Commons Emblem

Standing Committee on Government Operations and Estimates


NUMBER 027 
l
2nd SESSION 
l
43rd PARLIAMENT 

EVIDENCE

Wednesday, April 28, 2021

[Recorded by Electronic Apparatus]

  (1535)  

[English]

     I will call this meeting to order.
    Welcome to meeting number 27 of the House of Commons Standing Committee on Government Operations and Estimates. The committee is meeting today from 3:32 p.m. to 5:32 p.m. We will hear from Shared Services Canada as part of the committee's study on procurement practices within Shared Services Canada, and then we'll discuss committee business.
    I would like to take this opportunity to remind all participants at this meeting that screenshots or taking photos of your screen are not permitted.
    To ensure an orderly meeting, I would like to outline a few rules as follows. Interpretation in this video conference will work very much like in a regular committee meeting. You have the choice at the bottom of your screen of floor, English or French. Before speaking, please wait until I recognize you by name. When you are ready to speak, you can click on the microphone icon to activate your mike. When you are not speaking, your mike should be on mute.
    To raise a point of order during the meeting, committee members should ensure their microphone is unmuted and say “point of order” to get the chairman's attention. The clerk and the analysts are participating in the meeting virtually today. If you need to speak with them during the meeting, please email them at the committee email address. The clerk can also be reached on his mobile phone.
    For those people who are participating in the committee room, please note that masks are required unless seated and when physical distancing is not possible.
    I will now invite the witnesses to make their opening statements.
    Go ahead, Mr. Glover.

[Translation]

    Thank you, Mr. Chair and members of the committee, for your invitation to discuss the Gartner Canada report that you received on the network sourcing decision matrix benchmark. I am pleased to be here today to address any questions the committee may have with respect to the report.

[English]

     Mr. Chair, I want to state at the outset that I have the utmost respect for this committee and its important function in our democracy. I greatly support the work of the committee and I am committed to helping its members better understand how Shared Services Canada is working to modernize our networks in order to better serve Canadians.
    I am here today to provide you with as much information as possible to aid you in this work. It is also why, when responding to the committee's request, I included additional information that was not originally requested, but which I hope will be helpful to the committee and answers questions that members had previously posed to me and members of my organization.
    However, I am bound, as the president of Shared Services Canada, to steward our information in a manner that respects different priorities, including our democratic processes, the integrity of proprietary information and national security. That said, know that I am fully committed to assisting the committee with your endeavour to understand the network space.
    As president of Shared Services, I support the Minister of Digital Government in providing federal public servants with the tools and the IT infrastructure they need to deliver the programs and services Canadians expect in a digital era—services that are delivered on secure and reliable networks.
    When it was created, Shared Services Canada inherited many different independent and non-standardized departmental networks. I would encourage members to review the “Network Modernization Way Forward” document, in particular pages 11 through 15, for details of what we inherited and what has changed over time. Our work is ongoing as we continue to take an enterprise approach to modernization. This means we will continue to consolidate, standardize and modernize our networks right across government.
    It is essential that the Canadian government keep pace. As the pandemic has shown, it is even more critical in a crisis. Over the past year, we were able to respond quickly when urgent changes were needed and adoption of solutions were required at an unprecedented speed. We were able to increase our network capacity, provide widespread secure, remote access and roll out collaboration tools that allowed public servants to work securely, as well as remotely.
    However, the complexity and the pace of change in the digital environment means that we need to be prepared for significant and ongoing upgrades and technical innovations, such as software-defined infrastructure, where critical IT infrastructure and functions like data centres are fully automated and programmable. We also need to ensure that we have the IT infrastructure that can take advantage of emerging technology such as artificial intelligence, machine learning, 5G capacity and potential innovations that might transform federal service delivery, such as multi-user supercomputers and in time, quantum computing.
    As we go forward, we are engaging with industry in advance of setting up long-term contracting vehicles to deliver a common set of services to all government departments and partners, rather than the customized services that exist today. To that end, SSC is developing a modern enterprise network and security strategy to increase network, cloud and mobile access and ensure agile service delivery to all our partners. The new model aligns with government priorities to allow us to work smarter and more efficiently, as well as more reliably.
    In developing this strategy, we must consult with third parties to ensure our approach is responsive, reflective of industry trends and has sound governance. In this context, SSC proactively engaged Gartner, an industry-leading research firm. We asked Gartner to review our network and security documentation, to give us advice on developing an approach for decision-making for future network equipment sourcing and to look at specific case studies within SSC to provide insight and advice on decisions that we have made on sourcing equipment.
    Gartner made a number of recommendations—which have been shared with you—to ensure that our documentation follows industry standard practices, to help us standardize how we source our equipment through open and competitive procurements and to provide us with review mechanisms for when we need to deviate from this approach. These recommendations have provided Shared Services Canada with approaches to help balance business, technical, security and procurement risks and to create a network strategy that fosters accountability and transparency.
    We subsequently updated our strategy paper and posted it on Canada.ca.
     The “Network Modernization Way Forward” paper solicits feedback from industry partners and attempts to document our future state. This strategy will of course evolve as SSC continues to work with industry as part of its collaborative procurement process and to keep pace with the changes in technology and advancements in innovation.
    To do our work, we need positive, functional vendor relationships. I take disclosure seriously. I take disclosure of information that would affect this relationship extremely seriously. I am mindful of the powers of the House of Commons for the production of documents and the role of members in holding the government to account. Part of my job as a senior public servant is to reconcile the exercise of those privileges with others, including national security, cabinet confidence and the confidentiality of business information.
    In the report that I provided I itemized each and every redaction and included the reasons used to protect the information deemed confidential, in keeping with the practices of public disclosures of such information.
     Making this information public would not only be making public Gartner's intellectual property and commercially sensitive information, but it could also be detrimental to the vendors included in this research. We looked at the report and only took out parts that would be a security risk or could jeopardize industry relationships and partners.
    We take very seriously, Mr. Chair, the need for transparency, along with the need to protect the proprietary information of the companies that have entrusted us with it.

  (1540)  

[Translation]

    Thank you. We are now ready to answer your questions.

[English]

    Thank you, Mr. Glover. We appreciate your presentation.
    We will now begin our first round of questioning. We'll start with Ms. Harder for six minutes.
    Thank you, Chair, and of course, welcome Mr. Glover, and thank you for your opening remarks.
    I'll just start off with I guess a very simple question, and that is, who instructed the redactions from the Gartner report? When the committee requested it on March 22, 2021, the motion requested that the Gartner report be submitted to us in an unredacted form.
    Who asked for those redactions to be made?
    The short answer is, I did. As president of Shared Services Canada, as I outlined in my opening remarks, I have an obligation to protect national security and confidential business information. I also sought legal counsel and was advised that my actions are consistent with those responsibilities.
    There are several redactions surrounding the SSC's procurement process and the impacts that could occur if a competitive request for a proposal were held, rather than an original equipment manufacturer or OEM-specific procurement from the SSC. That's on several pages within this report.
    Can you explain why those redactions would be made in those areas?
    As per my letter, each of the redactions is indicated with a listing, so it would either have been for confidential business information reasons for the companies that were not comfortable with the disclosure of that information—
    In this case—on page 78, for example—it's actually because.... You list the reason as cabinet confidence. What I'm interested in, then, is that, to do the Gartner report, they had access to all of the information.
    Why were they given access to something that is under cabinet confidence?
    The majority of the redactions are related to confidential business information—
    No, I'm sorry; let me clarify, because I don't know whether you understood.
    Page 78 says that it's “cabinet confidence”. Cabinet confidence is listed as the reason.
    Why was cabinet-confidential information shared with Gartner?
    Mr. Chair, may I have a moment to look at the page in question?
    I don't think you need to look at the page. The question is quite simple. Why would information that is cabinet confidence information be shared with Gartner?
    Mr. Chair, I'm trying to look at the very specifics to make sure that I provide the member with a full answer. I would be happy to follow up—
    No, it's okay. We can answer this today, I think.
    If it's truly confidential, if it's truly held under cabinet confidence, then it should not have been shared with Gartner.
    Why was it shared with Gartner, but the members of Parliament within this committee cannot see it?
     Mr. Chair, I had a chance to look at the page in reference to the member's questions. Gartner was not able to see any specific cabinet confidences. It speaks to cabinet meetings, their potential existence, which is a confidentiality issue and is not to be disclosed. Therefore, Gartner was not disclosed any cabinet confidential information.
    Okay, so if they weren't disclosed any cabinet confidence information, then why is that section redacted? You're saying, on one hand, that it is cabinet confidential, and then, on another hand, you're saying that's not the case.
    Mr. Glover, through the chair, which is it?

  (1545)  

    Again, Mr. Chair, in response to the member's question, Gartner was not disclosed any cabinet confidences. They speak to cabinet—
    Then, through you, Mr. Chair, why is the information redacted and why has Mr. Glover given the excuse that it is held under cabinet confidence to do the blacking out?
    Mr. Chair, I'm attempting to answer the member's question.
    No, you're attempting to skirt the member's question, through you, Chair.
    I have a point of order, Mr. Chair.
    For the sake of those who are listening, for those of us who are part of this debate and want to hear an answer to this particular question, and for the benefit of the translators as well, I simply ask that we allow the witness to respond to the question and provide a fulsome answer.
    Mr. Kusmierczyk, I think Mr. Glover is able to answer the question and I would ask that everyone be respectful of everyone's time and try to recognize that the time commitment in asking those questions is very short and to be respectful of that.
     I have stopped the clock for you, Ms. Harder, so I will restart it.
    Please proceed.
    Thank you, Chair.
    Chair, when I look at this, this is Gartner's report and they wrote something in that report that is considered cabinet confidence.
    Why were they able to write something that is considered cabinet confidence? Why do they have information that the MPs at this committee cannot have access to?
    Mr. Chair, again I'm happy to attempt to respond to the member's question.
    Gartner did not. The redaction was made under an interpretation that I had whereby they speak to processes about future meetings, and any references to future meetings that the government may have could be considered a cabinet confidence. They did not have access to it. They hypothesized—
    Through you, Mr. Chair, why did they have access to that information if it is cabinet confidence? If it's not truly cabinet confidence, then why can that page not be made known to this committee?
    As I was attempting to finish, Mr. Chair, it speaks to when meetings may occur and that, as I understand it and have been advised, is a cabinet confidence. They did not have access to it. For me to suggest when cabinet may or may not consider something on a hypothesis is not appropriate to be disclosed.
    I can happily check with our counsel again—
    Mr. Chair, I'm sorry. Is Mr. Glover trying to say that Gartner just supposed that these future meetings might happen, and that this information wasn't actually supplied to Gartner?
    Mr. Chair, that is correct. It is common knowledge, when we are doing procurements, that sometimes Treasury Board approval is sought and that is then through Treasury Board meetings. If and when Treasury Board is required to do that is not something that would be disclosed publicly.
    Thank you, Mr. Glover.
    Thank you, Ms. Harder.
    We'll now go to Mr. Drouin for six minutes.
     Thank you, Mr. Chair, and I want to thank the witnesses for being here.
    Mr. Glover, I do want to say thank you. I see Mr. Davies, who's amongst us today, and I certainly have been hearing good reports from the vendor community with the work being done by Mr. Davies. You certainly did a good hire there from what I hear in the community. I'm not directly involved, but I wanted to say that through you, Mr. Chair.
    Mr. Glover, I'm not going to question the reasons why you've redacted. You provided some good analysis, and it's incumbent upon us, parliamentarians, if I compare it to defence procurements, to ask for all the requirements that were included in a certain procurement. For obvious reasons of national security, those requirements would not be provided to this committee, even though we asked for them. I understand why you have made those redactions, and I will accept that.
    I want to get back to the issue at hand. I know you and I had a discussion back in November, just before the holidays, with regard to having.... I'm going to quote another Gartner report, regarding the whole issue of having two OEMs within the network, whether it was through the WAN, the LAN or data centres, and the importance of that.
    At that time, you recognized that SSC did have some work to do in order to not rely so much on one particular vendor and to provide two OEM environments within those network blocks.
    I know that SSC is now engaging the vendor community. What I'm hearing now is that SSC has done that before. It did that in 2014 through another procurement engagement, so as president of Shared Services Canada, how will you demonstrate to the vendor community that this time around you're serious and that you want to change the one OEM environment into a two OEM environment?
    How will you demonstrate to the vendor community those short-term goals?

  (1550)  

    The short answer is transparency and documentation. If you refer to some of the attachments that I included in response to the committee's request, we intend to be very transparent with you, with the vendor community and with all Canadians about what we inherited, where we are today and where we want to be moving forward.
    We will also work with industry so that it understands what our objectives are and why, so that companies can think about the technologies they are developing, and we can integrate them into our forward procurements. We are also moving to open source, which will make it easier for us to allow more vendors into that ecosystem.
    That, frankly, is not always a guarantee that different vendors will win. We've done two open, generic procurements, and one happened to be won by Cisco, a company that is the subject of a lot of attention here. Another one was won by Juniper.
    We will be open and transparent. We will consult with industry on what we need and why. We will invite industry to help us refine our technology requirements to take advantage of state-of-the-art technologies moving forward, and we will be moving to the more open-source, software-defined, zero-trust types of networks that Gartner speaks to. Every one of our actions will be fully transparent.
    The final thing I will say is that, in line with the recommendations from Gartner, oftentimes we get requirements from departments saying we have to go sole source. It has to be plug and play. They can't accept anything else, because the risk is too high. We've implemented a review committee that looks at each and every one of those, and challenges those requirements to make sure that they are what is claimed.
    If it has to be specific, because it's plug and play, the risk is too high or timing, we will accept that and we'll be transparent about it. When it's not, we have a better process now to push back, rather than simply accept because they say it must be sole sourced. We now challenge each and every one of those.
    I know it continues to be of great concern, and I guess they're looking toward your leadership to make sure this happens. In the past, I heard other stories about fact that, yes, we're making all of these plans and we want to implement open-source procurement or generic procurements, but because we spent the whole time planning and not meeting our deadlines, it became an emergency and we had to sole source.
    How are you going to combat that within SSC and your client departments, to ensure that this doesn't happen and companies get to have a fair say and a fair chance?
     Thank you, Mr. Chair, for the member's question.
    I don't mean to be repetitive, but it goes back to the way forward document, and working with industry to lay out multi-year plans. If you look at some of the documents that we tabled with you, they're short, medium and long term about where we want to go, where we need industry to be with us as part of that journey, recognizing that this won't happen overnight.
    They have full line of sight to our short-, medium- and long-term strategic plans, and the ability to work with us as the technology changes. One of the largest criticisms I have heard from industry is that we go to them with “we know the solution”, and because of that, we turn away a lot of potential innovation and opportunities. That's why we want to work with them before we finalize plans.
    The bottom line is that they will know where we want to go, short-, medium- and long-term. We will consult with them and we will evolve that plan with them.
    Thank you, Mr. Glover, and thank you, Mr. Drouin.
    I will now go to Ms. Vignola for six minutes.

  (1555)  

[Translation]

    Thank you very much, Mr. Chair.
    Thank you, Mr. Glover and Mr. Davies, for being here today.
    Ms. Harder asked why Gartner Canada had access to information that we did not. Your response was that the cabinet meeting dates were hypothetical. So Gartner Canada would have made assumptions about the meeting dates.
    If they are just assumptions, why is that a cabinet confidence? I don't understand.
    Thank you for your question.

[English]

    I would be happy to again consult with legal counsel, take a further review of this and respond in writing.
    My answer is the one that I have. It's the one where my understanding is that speaking about cabinet and when it may or may not choose to meet is a potential confidence and is not to be disclosed. Gartner was not provided with any specific cabinet confidential information. The fact that they referenced it is not something that I should continue to promulgate or include in public disclosures. That is my understanding of the reasoning.
    I understand that is not sitting well with a number of the committee members today. I'm happy to review that again with legal counsel to make sure that answer is complete, but that is my answer today. It is based on significant consultation and a very serious review of each and every one of those redactions.
    However, I'm happy to revisit and update my answer if I missed anything.

[Translation]

    You were just talking about consultations on the redacted portions of the document. Did you consult with Gartner Canada to determine which parts of the document needed to be redacted?
    Thank you for your question.
    Of course, we consulted Gartner Canada to get their perspective.

[English]

    We definitely consulted with Gartner, as this is their confidential business information. It is their proprietary information about their analysis of the industry and the methodologies they use to rank and provide advice to not just us but many international clients globally. Absolutely we consulted with Gartner.

[Translation]

    Quantitative methodology is methodology. We know what that is. If parts of it are confidential, we will consult our university and college books.
    You were saying earlier that some departments had specific requirements for restructuring their networks. Is it possible that those requirements may be influenced by particularly strong lobbies? Is it possible that they were influenced over and above the security issues?
    Once again, thank you for your question.
    In my opinion, it's definitely possible.

[English]

    Without a doubt it is possible that there is lobbying that occurs. These are huge procurements. Look at the dollar values that I shared with you that we do, and for every winner of a procurement that we do, there are multiple losers.
    Absolutely, every single one of these firms employs lobbyists who are attempting this, at all levels.
     It's why the integrity of this process is incredibly important to me. It's so that it is able to withstand the lobbying that we know occurs constantly.

[Translation]

    In your remarks, you said that Shared Services Canada, SSC, had decided to use an enterprise approach.
    What does that mean, “an enterprise approach”?
    And, is this just the case for SSC or for all departments?
    I'm not sure I understand your question.
    What does “an enterprise approach” consist of?
    I hadn't understood the word “enterprise”. Thank you.

[English]

    An enterprise approach is one where we look at all of the departments as a whole—as the enterprise—and rather than running each individual departmental network, we want to move them to simplified standardized networks. Even when we have, for example, a lot of Juniper gear or Cisco gear or any of the others that you see in the ecosystem we have, it can be configured differently and is non-standardized.
    Think about Interac terminals that we all work with every day. What if each one of those was configured a little bit differently or required a slightly different way to operate for you? We want an enterprise approach, so the user experience is the same and consistent. That will allow us to aggregate requirements to obtain a better price for Canadians, improve our service and, frankly, reduce costs over time while increasing reliability.
    It's part of that Gartner.... Remove the number of vendors and move to a smaller, more stable, predictable environment. That's what we mean by the enterprise approach.

  (1600)  

[Translation]

    By all appearances and according to whistleblowers, the decision to focus on a single company is made in advance, before the process is even started. How does one ensure that the process is competitive using this enterprise approach? In other words, how does an enterprise approach ensure a competitive process?

[English]

    Thank you, Ms. Vignola. Unfortunately, we're at the end of your time.
     Mr. Glover, you can maybe respond to that in writing to the committee, please, if you feel comfortable. It would be greatly appreciated.
    We'll now go to Mr. Green for six minutes.
    Mr. Chair, we heard in the testimony that the witness suggested there might be some alarm over what we're hearing in terms of the rationale around cabinet confidence. I listened with interest to Ms. Harder's line of questioning and Ms. Vignola's line of questioning. I certainly tend to agree. I need to better understand this idea of a hypothetical proactive cabinet confidence.
     I'll state it in the form of a comment, not even as a question, Mr. Chair. We've been at this committee. Many of you know that I sit on public accounts. I have been dogged about having this government actually be open by default like they talk about. It's often the case, Mr. Chair, that we get the cabinet confidence blockade from cabinet itself, but I'm not sure that I've ever heard of a staffer or bureaucrat coming to committee to say that they have taken it upon themselves to proactively not disclose hypothetical, in a future-case scenario, information that should be readily made available to members of this committee.
    Through you, what precedent did the witness refer to when taking it upon himself to use this hypothetical rationale of cabinet confidence?
    Thank you, Mr. Chair for the member's question.
    I will undertake to follow up in writing given the number of times this has come up.
    In response today, it is the advice that I received from legal counsel that speaking about when cabinet may or may not choose to meet is not something that is to be disclosed.
    Through you, Mr. Chair, whose legal counsel?
    Mr. Chair, the Department of Justice provides advice to me.
    Did they cite in their advice a precedent of other scenarios where this would be the case?
    Mr. Chair, again, the advice provided to me is privileged. I interpret that. It is my understanding—
    Can I ask, through you, Mr. Chair, to Mr. Glover...?
    Mr. Glover, I'll ask you two questions. I don't know this. This isn't a personal thing. I'm just asking. How long have you been in your role in this department? How many times in your role or in your levels of senior management within this department have you seen this proactive use of rationale for cabinet confidence?
     Mr. Chair, the answer to that question is that I have been at Shared Services Canada for over two years. In this role, because we do not do a lot, this would be the first time, but as a senior official, this would not be the first time that I have seen this and been told not to speak about when Cabinet may or may not choose to meet and what it should choose to meet on. The attendance, the dates, sir, as I understand it, are confidential.
    I'll accept that, and I'll look for whatever you have in writing.
    In your cover letter, Mr. Glover, you stated that you:
...recognize the text of the motion and the privilege enjoyed by members of the House of Commons, and for this reason, should the Chair feel that it remains important to access an unredacted version, we [could] be open to discussing the circumstances under which the confidentiality of [the] sensitive information can be assured.
    Given that, how could committee members gain access to unredacted versions of this report, and what are the risks associated with releasing this report unredacted to the public? I guess my third question is this. Understanding that statement, why wouldn't you just have provided it to us under those circumstances to begin with?

  (1605)  

    Mr. Chair, the answer to the member's question is that I could not presume how you would choose to conduct the study, what you would need and the time frames. In order for me to provide this fully unredacted, I need consent from all of the parties. That consultation takes time, and your letter did not afford that time.
    Does the consent of the parties supersede our privileges as members? This is beginning to feel like a prima facie violation of our privilege.
    The other factor here is that, even within that, there are some things, like national security and others, where I would not have been able to not redact that. We do not disclose certain information that would, frankly, be a playbook for those people who would wish to attack our networks. That would not be disclosed. I am not in a position to do that.
    I respect this committee's right to ask those questions, and I hope that this committee understands my rights and responsibilities to protect certain information.
    I'll just share by way of a closing comment.... This isn't through to you, Mr. Glover.
     I just want to share my alarm at this new-found, proactive, hypothetical rationale for cabinet confidence that hasn't gone to cabinet as a way for what I consider to be an increasing violation of transparency and open government from a government that claims to be open by default. I hope that we, as a committee and in a non-partisan way, can find ways in which staff could be instructed.... As I'm to understand, to members of this committee, through the mandate letters of the ministers, they're to be open by default.
    I just don't find that to be the case, and I'm startled by the precedent that this is going to now set for other senior levels of management that come before us and say, “Hypothetically, this could be cabinet confidence; therefore, we're not going to share it proactively.”
    Those are my concerns, and I look forward to the next round of questions. Thank you.
    Thank you, Mr. Green.
    Now we'll go to the second round of questioning.
    We will have five minutes with Mr. McCauley.
    Thanks, Mr. Chair.
    Mr. Glover, did you talk to the law clerk of the House for legal advice or just to the Department of Justice?
    Mr. Chair, I spoke to my legal counsel, who would be from the Department of Justice. I did not—
    Not the law clerk of the House....
    —speak to the law clerk. I did not.
    I want to go over your cover letter and—Mr. Green alluded to it—your comment that you'd be “open to discussing the circumstances”. Do you not find it offensive that here the Parliament of Canada passed a motion requesting information and you're only “open” to following a direction from Parliament?
    Do you understand how we view this?
    Mr. Chair, absolutely I understand how you view it. I would hope that the members also understand that my responsibility as a member of the executive branch is to protect national security and confidential business information. As others have said, those—
    I'm glad that you're open to discussing following the rules of Parliament.
    Let me ask you.... You often mentioned national security as a reason for redaction. On page 104, you redacted contact information for employees and Gartner offices. Is that a matter of national security? Can, perhaps, the Russians or the Communist Party of China not find your offices through Google? This gets to the whole point that, with regard to the items you've redacted, you're making excuses or what I think is false reasoning, but at the same time, you've redacted contact information for national security reasons.
     I have redacted that information for national security reasons, yes, and it is not something that someone would just find through Google. Unfortunately—

  (1610)  

    They wouldn't be able to find Gartner contact information through Google? Okay.
    Let me just—
    Mr. Chair, you can find some Gartner information but not all.
    Did the contract with Gartner specify information regarding proprietary information that they would not share with us?
    Mr. Chair, it did. The contract complies with standard contracting principles and obviously continues to operate under my obligations.
    You view it as your obligation. Okay.
    Who has—
    It's not a “view”, Mr. Chair. It is a requirement.
    Who has access to the unredacted report? How many people in your department and at what levels?
    I'm sorry, Mr. Chair. How many...?
    How many people in Shared Services Canada had full access to the unredacted report and at what levels are they?
    I would not be able to estimate off the top of my head how many people—
    Give me a ballpark.
    It would be a handful.
    What's a handful? Is that 10, 20, five?
    Again, I know that I'd speak about this with about five to six members of my immediate team. I would have to consult with them in terms of the number, but all would be—
    What levels are they?
    Excuse me, Mr. Glover and Mr. McCauley. I apologize for interrupting. The bells are ringing at this point in time, and procedurally we need to have unanimous consent to proceed.
    Because the bells are ringing for 30 minutes, and Mr. McCauley has a minute and 45 seconds left and then we have Mr. MacKinnon for five minutes, I would therefore suggest that we continue until Mr. MacKinnon finishes and then suspend for the vote. Do we have unanimous consent for that? I'm seeing thumbs-up.
     Thank you very much.
    I'm sorry for interrupting. I apologize.
    Mr. McCauley, you have the floor.
    Mr. Glover, if it's only a handful of your team, at what level are those employees, please? Are they at the deputy minister level, the ADM level...? What levels, please?
    Those would be at the assistant deputy minister level, with one exception at the director general level.
    Okay. You consider it proper that an ADM would have access to this information, but members of Parliament requesting this information should not receive it.
    The members of my staff who have seen this report are subject to protect the information around national security and confidential business information to the same standard that I am, so I am confident that they are—
    How many people know the data centre locations? You've redacted out the data centre locations for security reasons. How many people know where those locations are? I imagine it's quite a few.
    I would imagine that it's quite a few as well, yes, and the people who work in them, the people who support them, have all been appropriately security cleared and bonded for confidentiality.
    However, yes, given the size and the nature of them, there are a few.
    Members of Parliament cannot be trusted with that, but I assume that someone who has done drywall at the place knows where the location is and is trusted with that information—wonderful.
    That's not correct, Mr. Chair—
    One of the items you redacted out on page 78 comments on how the location is an “empty” building, yet you've redacted it out. What is so special about an empty building that you would redact that out from parliamentarians to read...?
    Mr. Chair, just to be clear on the drywall comment, the people, the trades, in there would not know the purpose of that building. They would be under strict orders—
    Are you serious? You're telling me that electricians—
    Mr. Chair, I'm absolutely serious.
    —and other people building a data centre wouldn't know that it's a data centre. I find that hard to believe.
    Thank you, Mr. McCauley, and thank you, Mr. Glover.
    We'll now go to Mr. MacKinnon for five minutes.
     Thank you very much, Mr. Chair.
    I want to thank our witnesses for being with us today and for their service to Canada.
    I want to take a moment to do a brief history lesson. Shared Services Canada was a creation, of course, of the Harper government, one that famously booked savings to create a phony deficit and under-resourced the organization such that it didn't have the people, the equipment or the dollars required to carry out the job it was given, which was fundamentally to provide the IT infrastructure and backbone for the Government of Canada.
    I find it intriguing that now, some five years later or so, we are questioning the president of Shared Services Canada on the very attempts to correct that state of affairs, or at least one very important element of his attempts to correct that state of affairs, and insisting that he divulge confidential information in a public setting in order to do so.
    Would Mr. McCauley or Ms. Harder or Madam Vignola insist that we divulge the codes for a fighter jet mission? Would they insist that we divulge passwords for critical infrastructure?

  (1615)  

    I have a point of order, Chair.
    I don't think they would do that.
     It is shocking to me that, in an era when cybersecurity—
    I have a point of order, please.
    —is among our largest threats, these members continue to insist that we divulge—
    Ms. Harder.
    Thank you, Chair. I appreciate your giving me the floor, and I appreciate my honourable colleague respecting you, in your position as chair, as he so urges others in this committee to do on a frequent basis.
    Chair, it would appear that the member who is speaking right now is actually misleading the committee and those who might be watching. The member who is speaking right now said that my colleagues and I—
    I apologize, Mr. Chair, but that's not a point of order.
    That is not a point of order.
    No, it is absolutely a point of order.
    That's for the chair to decide, not you, Francis.
    Order.
    Mr. MacKinnon, I have stopped your time.
    Thank you.
    Ms. Harder.
    Thank you.
    The member is saying that we would like to see that confidential information be made known to the committee. That actually hasn't been our request, though we would welcome that as well. Our request has been that the witness be able to tell us why it was redacted.
    I would very much appreciate, through you, Chair, if the member could stick to the facts and not mislead other individuals who are watching.
    Thank you, Ms. Harder.
    Mr. MacKinnon, please continue with your questioning.
    Thank you.
    The witness has sworn to and has taken an oath to uphold national security secrets, cabinet confidences and other critical information. He is owed the benefit of the doubt by this committee and the Parliament of Canada that he is following that oath to its total conclusion.
    In thanking Mr. Glover for his service, and especially for the work on building out the very network we're discussing today so that it may serve public servants everywhere in Canada in the pandemic environment, I want to ask him to describe a little bit the network environment he observed and inherited when he took this job. I know that it was in the midst of being repaired and redressed. I want to ask him to spell out what he discovered and his basic philosophy in maintaining and building that network infrastructure.
     This will hopefully answer other members' questions about why certain pieces of information have been withheld.
    On any given day, when I arrived at Shared Services two years ago, there were over 400 unplanned outages per day. This past year, we had almost 80-some thousand unplanned outages. That's about 200 a day. That's the state of the infrastructure, so we've made significant improvements. Of those unplanned outages, the number that are critical is pretty small but significant, and it's about 300—just a little less than 300 critical outages. That's where services to Canadians or public servants who need those services desperately to do their jobs are out for an extended period of time.
    We're racing to fix some of these old outdated systems faster than they are breaking to make sure that public servants have the tools they need to serve Canadians.
    The security issues that we, for example, why we wouldn't disclose the location of a data centre... On any given day, as Scott Jones testified to this very committee, there are two billion malicious activities that we intercept, each and every day. These are not theoretical cyber-threats. They are real. They are organized, and they would desperately love to know the details of our architecture and the location of that architecture.
    Therefore, absolutely, I will take my responsibility to protect that information, because they are assets of the nation that this government uses to serve Canadians.

  (1620)  

    I assume that any decision, any procurement decision—
    Thank you, Mr. MacKinnon.
    Unfortunately, in respect of the time and with the vote, just so everyone is aware, we are going to suspend the meeting until after the vote and then we will reconvene after the vote with the questions.
    With that said, the meeting is suspended until after the vote.

  (1620)  


  (1655)  

     We will now resume the meeting with questions.
    Ms. Desbiens, please proceed, for two and a half minutes.

[Translation]

    My thanks to the witnesses for being here.
    Mr. Glover, one of your roles is to provide information to the Minister with respect to the systems modernization process and the proposals that are being made.
    Is all the information given to the Minister? Is any of it left out?
    Thank you for your question.

[English]

    Absolutely, I have a responsibility to keep the minister informed and aware of the activities of Shared Services Canada, but that also includes a certain separation, for example, on things like procurement decisions and others where it is the department's responsibility and not the minister's.
    It is difficult to overgeneralize, but there is definitely a regular flow of information. It is dependent upon the authorities and delegations with respect to the timing and the level of detail.

[Translation]

    Thank you for your response.
    Does Shared Services Canada tell the various departments and entities which vendor to choose, or are they free to select the company of their choice?

  (1700)  

[English]

    We set up the supply arrangements. Departments come to us with their requirements, and we go to market to fill them. We do that, either through competitive processes.... If you look at the materiel, that's about 87% of the time, a little over $1.13 billion. Sometimes we do that through a non-competitive process, because of the urgent nature of the requirement. That's about 13% of the time. It represents about $170 million. They come to us, and we're responsible for the procurement.

[Translation]

    Thank you.
    Do they need to confirm their choice with Shared Services Canada before moving forward, or do they have the final say?
    Do they sign the contracts?
    How does that part work?

[English]

    Frankly, it's pretty much final. If we go out through a competitive process, the requirements are the requirements. The submissions from industry are assessed against those requirements as per procurement policy. When a winner is selected, it has a right to supply.
    The departments do not get to veto that. They do not get to choose. We go through a fair, open and transparent process, and use the procurement policy.
    Thank you, Mr. Glover.
    We'll now go to Mr. Green, for two and a half minutes.
    How were the decisions made to buy Cisco?
    That's an exceptionally broad question. I don't want to frustrate the minister with my answer. If there's more precision—
    I appreciate the promotion, but I'm not quite there, as the opposition guy.
     I just received an interesting email about the possibility of staff being directed to buy. Are you directed to purchase Cisco?
    Thank you. That's much clearer.
    Departments will come to us with their requirements. There are times when they will say, “We can't accept interoperability. We don't have the time to test anything.” They want like-for-like. They make the case that we have to get, not necessarily Cisco, but it could be any vendor's gear. We must replace it with exactly the same vendor. That's the instance where Gartner has said that, when we are doing that, we should review them to make sure they are what the departments claim.
    We used to, not all the time but mostly, just accept those. We now review and challenge those requirements to make sure that there is an operational imperative, and that we cannot move to a more open and transparent process. They make the request, and they lay out the case and the reasoning why.
     I'm going to just take a shot in the dark. I'm drawing on a recollection that's pretty old, and I just want to make sure it's not the case.
    Does Cisco employ, or do your data centres employ, any Huawei technology?
    Mr. Chair, our data centres do not.
    Okay. Thank you.
    Thank you, Mr. Green.
    We will now go to Ms. Harder for five minutes.
    Thank you.
    Through you, Mr. Chair, I just want to go back to the conversation before. It was stated repeatedly that the information on page 78 was redacted because of cabinet confidence, but part of what we have there is, “[Blank] is currently an empty data hall awaiting new operations and would have unused capacity for 12-24 months”. Another one says that we know at blank centre, DCSL costs incurred for power support and maintenance are $4.5 million per year. Another quote is “[Data centre blank] incremental cost of power/cooling (2x over [blank]”.
    We're talking about bills. We're talking about the location of these centres. We're talking about the impact they have. We're talking about estimated costs. Why is this cabinet confidential information?
    I want to double-check my list, Mr. Chair, but that, to me—the location of the data centres—based on the member's question, would be national security. Those are assets, the workloads in them, what moves through them, including, unfortunately—I know it sounds strange—an empty data centre. We would not want to telegraph when we intend to fill that and where it will be to make it a target for those who might want to intercept traffic going in or out of that. We have every intention of filling that data centre.

  (1705)  

    Chair, what I find interesting is that there was a press release actually issued in 2018 after opening a data centre, and within the press release it gives the location of the data centre. In addition to that, I can just go online right now and google it. Why is this information being put in a press release, and I can google it right now and find out where these data centres are, but the witness thought it was necessary to revoke that information from the Gartner report?
    Thank you, Mr. Chair, for the member's question—
    Is that a breach in national security, then, that the information is out there on Google? Is that what the witness is suggesting?
    What the witness is trying to convey is that, depending upon the data centre, the nature of the workloads in it, absolutely, we would consider that of national significance and security, and would not proactively disclose that. I would not perpetuate that if somebody else has.
     I guess I'm just wondering, then.... When the department sent out the press release, because it came from the department that the witness oversees, were they breaching national security? Because that would seem to be what the witness is saying, then. You can't have it both ways.
    Thank you, Mr. Chair, for the member's question.
    I'm sure the member is aware we run literally hundreds of data centres, so it would depend on the nature of the workload. Not everything we do is secret, protected B. There are some things for which there isn't that sensitivity, absolutely, and it would be disclosable. It depends on the nature of the workload that goes through that and its security assessment. Those security assessments are also subject to change as the workload changes in them, and as the security posture and the intelligence of those actors looking to frankly intercept the data—
    The centre is the Borden centre, which is one of the four. I guess your department breached national security, then, when the press release went out.
    Mr. Chair, I'm not going to comment further.
    We've gone from it being cabinet confidence, and then it's a matter of national security, and then now no further comment. A press release went out from this witness's department that now makes him and his department guilty of putting out something that was in breach of national security, or he's “misfeeding” information to this committee trying to mislead us.
    Through you, Mr. Chair, which one is it?
    I'm sorry, Mr. Chair. I'm not sure.... I heard a statement, not a question.
    No, there was clearly a question. Did the department breach national security or is the witness trying to mislead the committee right now by giving us false information? It has to be one or the other.
     Thank you, Mr. Chair. I appreciate the clarity from the member.
    I can assure you I am in no way attempting to mislead the committee in any of my answers. Absolutely not.
    Okay, perfect.
    If the witness is not looking to mislead the committee, then national security was breached when the press release went out, which gave the location of the data centre in Borden. That's unfortunate. The member testifying to this committee, then, should perhaps have a review of his employment.
    Again, Mr. Chair, I'm not sure there was a question for me in that last....
    Thank you, Mr. Glover.
    We'll now go to Mr. Weiler for five minutes.
    I'd like to thank our two witnesses for joining our committee meeting today and for their ongoing service to our country.
    For my first question to the witness, the opposition voted down amendments to view these documents in camera or to have these in limited distribution. What would have been the risks and consequences if redacted information had been disclosed to the public?
    The security assessment, which is constantly changing and which is relevant to the previous member's question, is material here. As we move more services to digital and online, the number of threats are increasing, as I testified earlier. This is not my data. This is from Scott Jones from the CSE. We intercept and block two billion malicious events every single day. Those are only increasing and they're only getting more sophisticated.
    The risk here is that sensitive government operations could have been compromised. Services to Canadians could have been interrupted, stopped or brought down. As we have seen most frequently, there are attempts to obtain information about Canadians for financial gain elsewhere in the system. That is one part of this.
    The other part of this is our relationship with the vendors who take very seriously the technology that they deploy and provide to the Government of Canada to defend against some of these security threats. If they felt that their proprietary information was being disclosed or compromised, they may choose not to or they may alter the arrangement within which we would do that. This could have a material impact on the availability and the cost of those services to the Canadian taxpayer.

  (1710)  

    Thank you, Mr. Glover. I think we can all agree that we don't want that to be the outcome of such a measure.
    Aside from the Gartner report, your department also provided other documents to this committee last March 31. Could you speak to what those documents are and how they can be useful for this particular study we're working on?
    My attempt, as I stated in my opening, was to try to be transparent, recognizing the important nature of the study you are undertaking. We wanted to be very clear and transparent with you about where we are going with respect to the nature of the network. There's a lot of talk about interoperability and the enterprise approach. We have shared with you the “Network Modernization Way Forward” document.
    I think people often think of the network as one simple thing. We've tried to include diagrams for you, for industry and for every interested party on just how complex the network is, with the different topologies. There was a sense that it was just the Cisco environment. We tried to include all of the different vendors we have in that environment and to lay out where we're going. We also included our network and security strategy to demonstrate how we have been transparent with industry about what we are doing and how we intend to go from a strategic document in the “Way Forward” to something that is more technical in nature, and to share with you the types and nature of the conversations we are having.
    I also felt it would be helpful, so we put together information for parliamentarians about the nature of our work and what we've done. Given the number of questions that have been asked of me, there is a sense that we don't compete a lot of our procurements. We tried proactively to share with you the volume we do, how much of it is done competitively and how much of it is sole source, not just in sheer numbers, but what that represents in terms of dollar values.
    Because of previous interest and because we feel a social responsibility, we tried to include how much of those things go to small and medium-sized enterprises. With data, we were able to target indigenous-specific businesses. Moving forward, we hope to be able to expand that to more employment equity groups, women-led businesses and other employment equity-led businesses.
    Given the number of procurements that we do, while we are trying to advance that enterprise approach, we are also trying to encourage Canadian businesses of all sizes to interact with us.
     Thank you, Mr. Glover.
    I think that clarification will be very helpful for this committee, given the questions that have come up today and some of the studies we've been working on as well.
    Thank you, Mr. Weiler. The buzzer just went, so I appreciate that.
    We will now go to our third and final round, in light of the time constraints we had today. We'll start with Mr. McCauley for five minutes.
    Thanks, Mr. Chair.
    To the witness, I realize this is difficult sitting here, going through this. You've mentioned national security a lot. My colleague Ms. Harder was talking about your press release. I'm looking at a request for information issued by your department, and it lists the three addresses in Barrie, Gatineau, Borden—the exact address—and then for Montreal with “to be advised”. If it's so secret that you have to withhold it from parliamentarians, why would it be on the buy-and-sell website from your department?
    This is from January 22 of this year.

  (1715)  

    I'm sorry, Mr. Chair. Is it January 22 of this year? I just want to confirm.
    Yes.
    Thank you very much.
    I think, Mr. Chair, rather than speculate I would appreciate the opportunity to investigate the specifics and to report—
    I'm sorry. It was January 22, 2020, but still during your tenure.
     I would very much appreciate the opportunity to investigate this properly and report back in writing. The details will help accelerate that.
    You understand what I'm getting at. You've redacted stuff, or you've had Justice, your legal advice, redact stuff from Parliament. At the same time you're publishing it on the website for everyone in the world to see, but you're trying to withhold this information from Parliament, pretending—and I'm using that word “pretending” because obviously it's not confidential—that it's secret information. It leads me to believe that everything you've redacted here is for pretend reasons as well and not as you've displayed to us.
    I would just like to reassure the committee that my intention is not to withhold any information from this committee at all. It is to uphold my responsibilities with respect to my legal obligations to protect confidential business information and others. I definitely understand the—
    No, I understand it's not your intent, but it does appear otherwise.
    On page 78 you quoted cabinet confidence, blocking out the part on incremental costs of power and cooling. How is that cabinet confidence? This is not a Treasury Board submission with costs. I would understand that as cabinet confidence. This is not a Treasury Board submission. This is not even an RFI. It's just a ballpark cost from a consultant. I'm trying to wrap my head around, again, how this is cabinet confidence.
    There's a sense that this is precedent setting. I would point all committee members to the Access to Information Act, where it makes very clear that any vendor before or proposed to be before cabinet is a confidence. That was the interpretation used. My team, under my direction, was asked to consistently interpret and apply the access to information law.
    Do you realize that if you used that you could block everything? You could assume everything is before cabinet. Every single discussion from every MP, every vendor, eventually has to go through the Treasury Board process and a Treasury Board submission and, therefore, is cabinet confidence. Every RFI, every RFP, every quote would therefore, by this interpretation, be cabinet confidence. This conversation could be considered that because you could then go to Minister Murray and discuss this meeting and, therefore, refuse to ever say anything again.
    I find it a very shocking precedent that either your legal counsel or your department is trying to present this to us as cabinet confidence. It's not even anywhere close to the beginning of a Treasury Board submission. As a parliamentarian I'm dumbfounded at what Shared Services is presenting to us, withholding from us, or again I'll use the word “pretending” in its justification to withhold this information from Parliament.
    I think I'm pretty much out of time, but I would really hope that you go back to your legal folks and have a good talk and come back to this committee with the full report to us—unredacted.
     Thank you, Mr. McCauley.
    Thank you, Mr. Glover, and if you feel that.... If you can respond to that in writing, it would be appreciated if you could send that to the clerk. Thank you.
    We'll go now to Mr. Kusmierczyk for five minutes.
    Thank you very much, Mr. Chair.
    Thank you very much, Mr. Glover, for your excellent responses thus far. I want to talk a little bit about the information for parliamentarians, the network modernization and procurement document, which I found very helpful. I want to ask you just a general question and move away from the line of questioning about cabinet confidentiality and national security.
    In terms of network modernization, how has COVID changed or informed our thinking about network modernization and maybe procurement?

  (1720)  

    To give you the short answer, this is not anything that I would want attributed to me, but there are those who have said that the COVID pandemic has accelerated the shift to digital right across all aspects of society. We have certainly seen that within the departments we serve and their level of ambition to provide services digitally to Canadians. Increasingly, we are seeing the rollout of new technologies and new services to Canadians being done at record-setting paces. Call centres used to be these big physical buildings. We had to scramble in days, literally days, to figure out how to allow people to operate call centres from their home and kit them up to be able to do that.
    The network is increasingly important, moving forward. I think it's something that will be increasingly important for this country, frankly. Those who have access to the network with a strong signal will be able to access those incredible services. For those in remote or isolated communities, we're going to have to find a way to roll those out. The network is increasingly important. It connects us all. It is a way, increasingly, that government and businesses are delivering services.
    Collaboration tools like Zoom, Teams and others that we use accelerated that rollout. That's created new opportunities and new challenges in cybersecurity, as I said earlier. The threat landscape is changing, and changing fast. It is getting more sophisticated. They understand that there is more volume here and, therefore, more opportunity.
    From a procurement point of view, that means that, as we move forward, simplifying, standardizing while not relying on just one vendor, and making sure that cybersecurity is top of mind in everything we do will be incredibly important. That's why we talk about, and Gartner in its report talks about, those three pillars and monitoring so that we know what is happening and we can detect and respond far more proactively than we can now. That will require some standardization.
    I imagine that connecting literally tens of thousands, if not hundreds of thousands, of staff at home as opposed to in government office buildings will be something that is prioritized or that a premium will be placed on. I imagine that working remotely has maybe changed our thinking even more. Is that correct?
    Mr. Chair, the member's assumption is correct. We had, maybe on a busy day, 30,000 to 40,000 public servants working from home before the pandemic. In a snowstorm or ice storm it had gone up a little bit, but not much. We're at about 300,000.
    We don't call them “people” but “connections”, because people will connect and disconnect. We don't actually have connections for every single person, because not every single person is on at the same time. It's how we consolidate efficiencies. The numbers are staggeringly large in terms of public servants working from home, the network requirements to support that, and the bandwidth requirements, because we push more video now. They used to walk into a meeting room. The reliance on the network and on the bandwidth that's required is significantly higher.
    Mr. Glover, I really appreciate how forthright you've been throughout this entire process. I appreciate how you've communicated clearly with the committee. I appreciate how flexible you have been, too, and how you've always offered to provide information to this committee or come back with additional information. I just want to put that on the record.
    I really do appreciate the highest level of professionalism that you've demonstrated at this committee. You're always open to doing more, and that's something I very much appreciate. I want to put that on the record.
    I have a couple of questions, but I will save those for additional rounds. I believe I'm out of time.
     You can hear the buzzer going just now, so good timing. Thank you, Mr. Kusmierczyk.
    We'll now go to Ms. Desbiens.
     You have two and a half minutes.

  (1725)  

[Translation]

    Thank you, Mr. Chair.
    Mr. Glover, I agree with my colleague, we're very grateful to you for being with us and giving us your time.
    I understand that there are major security issues. I'd like to come back to security clearances. That may be where the solution lies. We are looking for solutions. You say that you don't always know how many people around you are authorized to read the reports.
    Could you send us a list of names or the number of people who have had access to the full unredacted report?

[English]

    Thank you, Mr. Chair, for the member's question.

[Translation]

    I am unable to provide an exact number.

[English]

    The principle here is to make sure that only those who need this information have it. Only those who need it to conduct their day-to-day responsibilities would be privy to this information.
    That goes back to that question about the drywaller and others. They would be appropriately security cleared, vetted and indoctrinated in order to be able to interact with this information, or with the data centre. For anybody involved in this, it is because it is a job function.

[Translation]

    Thank you for your response.
    Would it be possible to have a list, even if it is not comprehensive? It would be interesting to see who has access to the report and who doesn't. Given that it contains sensitive information, did Gartner Canada employees need to get security clearance to read it?

[English]

    I will be happy to undertake to provide a full response in terms of both Gartner and within SSC.
    I have a principle today.... I understand that the question is looking for something more precise, so I will undertake to provide that.

[Translation]

    As members of Parliament, could we not get security clearance in the same way as Gartner Canada? After all, we are elected officials who make up a restricted committee.
    Could that be a solution?

[English]

    I would have to consult with counsel on that.
    One of the things I was advised on was that, if I were to disclose this report, even in camera, it would be a disclosure and I would be in breach. There are some challenges there that I would have to consult further with counsel on.
    Thank you, Mr. Glover.
    We'll now go to Mr. Green for two and a half minutes.
    My friend and our guest from the Bloc raised a line of questioning that I also wish to pursue.
    Through you, Mr. Chair, to Mr. Glover, you mentioned that it is not often the case that you have this type of process in place in terms of requiring this type of security.
    I'm wondering. How is it then, given the sensitive nature of this, that you wouldn't have a more precise account of who would have had access to this? That seems like a material piece of information for somebody in your position.
    I apologize. Somebody said this is not something that happens normally. We are dealing with sensitive information, sensitive systems, all the time. Every department works with some degree—
    To be clear, this is cabinet confidentiality, used in a proactive way, that would preclude members of Parliament not having access but that members of his department would have access.
    Knowing that it's that sensitive, how would Mr. Glover not have a precise account for who would have access to this information? I find that very challenging.
    I want to be very clear that I have a sense that you have asked for precise numbers.
    I have these conversations with members of my direct management team, who have certain obligations and indoctrination that I am very clear on, and I trust that they have conversations relative to the functioning of their responsibility consistent with those delegations and their obligations. However, that prevents me from speculating and giving you the complete number.
    I can speak to you about my number of direct reports, but I would have to canvass them about what they have done within their chain of command. However, I have every confidence—

  (1730)  

     But you wouldn't know.
    I have every confidence that they would uphold their responsibilities.
    Would Cisco have received this report in its entirety, unredacted?
    No.
    Mr. Chair, I apologize for the directness of—
    What level of security clearance would Gartner have to have received to get the information it needed in order to make this report?
    I'll have to confirm what exactly the security requirements were, and I will happily provide that in writing. I can speculate now, but I want to provide a very precise answer to the member's question.
    Thank you, Mr. Green.
    Thank you, Mr. Glover, for offering to provide that in writing. We appreciate your sending that to the clerk.
    We'll now go to Ms. Harder, for five minutes.
    I would like to turn it over to my colleague, Mr. McCauley. He had a good line of questions.
    I think Mr. Paul-Hus is going to start off.
    Mr. Paul-Hus, please proceed.

[Translation]

    Good afternoon, Mr. Glover. Thank you for being here.
    Here is my first question: Why did you award all the contracts to Cisco, taking away any opportunity for the federal government to diversify?

[English]

    I would refer to the material I provided. We do not put all of the contracts in Cisco's hands. In fact, even when we procure Cisco equipment, it is not through direct relationships with Cisco. It is done either through a competitive process or a mini-competitive process with people who have prequalified to provide that type of equipment. It always goes through what we would describe as a reseller.

[Translation]

    The National Post reports that the Networks, Security and Digital Services Branch has awarded $210 million to Cisco.
    Of that amount, how much was awarded without a bidding process?

[English]

    In the documents I provided, on pages 11 through 15, you will see all of the different vendors, what we inherited and, over time, how that has evolved. It depends on the nature of the network, and which piece of it we are talking about, to see which portion Cisco has provided, more or less, over time as we move forward. That was all in full detail in the documents that were provided to the committee.

[Translation]

    Thank you.
    I will give the rest of my time to Mr. McCauley.

[English]

    I have a couple of quick questions on the redaction, Mr. Glover. Did you have any role in that, or was it purely the legal advice you received? Was the report handed back to you saying, “Take this out, take this out”, or did you provide direction on what to look at?
    That's a very important question. I appreciate the opportunity to clarify.
    This is done at my direction as the deputy head. It is my responsibility and accountability. I turn to an access to information unit that is well trained in the administration of this, and it is directed on a standing order, not specific to this request but to all requests, to enforce the law strictly. When the unit is not clear about how to interpret it, it is to obtain legal advice.
    Specifically, I'm asking about things that were crossed out and redacted—not by you—things like SWOT plans, weaknesses, strengths, those kinds of items.
    Who looked at that and said that this was business confidence.

  (1735)  

     That would have been done by professionals, trained and well-experienced in the interpretation of the act.
     Were they from your department, though, or from Justice?
    From my department, Mr. Chair.
    Okay. I just want to ask you a question, just switching track, about Cisco and about the amount of sole sourcing. You mentioned that, out of $1.3 billion of procurement, 87% is competitively bid. You continued, though, and you talked about name branding. If your department specifies it has to be a Cisco brand, but then goes to competitive bids on who's delivering the Cisco-branded product, is that not a form of sole sourcing? Is that included in that 13%?
    You're not forcing, but when you're basically directing to use a Cisco product and going to vendors to deliver it, do you consider that a competitive bid?
    The interpretation is to the vendors, to the marketplace. If we target a specific vendor to provide the equipment, that is deemed a non-competitive sole source. The requirements may dictate Cisco, and then we could compete the Cisco requirements, so we would consider that to be competitive.
    Just walk me through. It says, “Contracts were issued to 25 different resellers of Cisco, 22 of which were [medium enterprises]”. These are contracts where you've told people that they have to use Cisco, and then you go to two or three installers—for lack of better words—to install.
    Do you consider that a sole source of Cisco, when you're basically directing people to use a Cisco product?
    There are two parts to that answer. From a procurement point of view, that is a competitive procurement, because the industry has been—
    Is it included in that 13% sole source or in the 87% you consider competitively bid?
    As I said, that would be in the 87% that was competitively bid. There were a number of firms competing for that business to ensure we obtained the best price for Canadians.
    Thanks.
    Thank you, Mr. Glover. If you feel that there's more you can add to that, then please do so. We'd appreciate that.
    We'll now go to Mr. Jowhari for five minutes.
    Thank you, Mr. Chair.
    Once again, thank you, Mr. Glover and Mr. Davies, for your professionalism, for the great work you're doing and for keeping our government networks going during this time when we're facing many difficulties.
    I'd like to go to the information for parliamentarians report dated February 24, 2021, on network modernization and procurement. In there you talked about how you published the “Network Modernization Way Forward” document. I believe, in your opening remarks, you talked about the short-term, medium-term and long-term strategies that you have or the department has for network modernization.
    In about a minute, can you spend time demystifying or breaking down the short-term, medium-term and long-term vision that the department has?
    Mr. Chair, for the first time I'm going to turn to Mr. Davies, the chief technology officer. He's far more capable of doing that quickly than me.
     Thank you very much for the question. Thank you, Mr. Chair.
    One recommendation from the Gartner group was for us to be more specific with respect to timing. They broke their report down into short-term, medium-term and long-term objectives. One clear recommendation that came through that report was for us to spend time assessing the current state and then put together a plan with clear activities for the short term, medium term and longer term. They also overlaid in that report the guidance for us in terms of what they see from their technology road map when certain technologies are going to become more relevant. We took the advice from the Gartner group. We took some of it immediately and incorporated it into our updated “Network Modernization Way Forward” paper.
    We're going to meet with industry later, on May 14, to give feedback to it. It's also important that this document helped us to have a good discussion with industry partners. We got feedback from 26 different partners on that modernization way forward that we then took in and incorporated and will incorporate into our plans moving forward.
    Overall, I think I've probably talked a little bit longer, but this is a first time for me. Thank you.

  (1740)  

     No worries. Is there any way that you could give us one of the characteristics—at least one characteristic—of what is the short term, what's the medium term and what's the long term, Mr. Glover?
    As a senior leader, I would describe it as stabilizing. It breaks too often. We need to assess it and fix its vulnerabilities and weaknesses. It is too complex. I want to standardize and simplify it moving forward, so that it is easier for us to maintain and far more predictable.
    I was speaking earlier about outages. Fully 30% of the outages are results of changes that are made. That interoperability that everybody talks about is not always guaranteed. It doesn't always work. We need to simplify. We need to standardize as we move forward.
    The future is software-defined zero trust. That is really where we need to get to more quickly, but we first have to stabilize the patient to stop the bleeding, then move to standardization and consistency and then to the longer term. Obviously, any opportunities we see to advance the longer term while we're doing the short term and the medium term we will attempt to harvest early.
     That would be the way I would chunk it out.
    That was great. Thank you. That's exactly what I was looking for.
    In your report, under “SSC Procurement by numbers”, although you mentioned it in response to my colleague MP Weiler, can you do a deep dive for us as it relates to competitive procurement and small and medium-sized businesses, as well as indigenous businesses?
    Give us some sense of the numbers. Give us some sense of dollars that we could share with those who may not have read the report.
    Absolutely.
    As I said earlier—I would encourage members to take the time to read those documents, and I do hope you find them useful—we're at about $1.3 billion or $1.4 billion in procurements in 2019-20. Of that, 87% we would call competitive and, recognizing a member's question earlier, even when that is for requirements—a vendor—we force competition, as per questions from members here, to ensure the best possible price. That is part of what we do.
    When there are urgent requirements, we have no choice. We have to go out. A particular system needs more memory. It can't keep up with the demands of COVID and the number of Canadians logging in. We need to do it quickly and surgically. We'll go out and do some non-competitive.... It's about 87%:13% in terms of competitive and non-competitive as it moves forward.
     We're quite pleased with the number of small and medium-sized enterprises that are engaged in this. That, we think, is something that we would like to continue to do. We don't want to be just dealing with the large multinationals as this moves forward. We're quite happy with the number of small and medium-sized enterprises we are doing, but we would like to grow that number moving forward, and we would like to share with you better information about what we are doing moving forward on employment equity, on what we can be doing better for aboriginal businesses, Black-owned businesses, women-owned businesses, other employment equity and the disabled. We are improving our reporting requirements on that front.
    I am pleased to say that in 2019 we awarded 117 contracts to indigenous businesses, for almost $36 million. It's good, but there's a long way to go to improve that number.
    Thank you.
    Thank you, Mr. Glover.
    Thank you, Mr. Jowhari, for your questions.
    That brings us to the end of our questioning today. I'd like to thank Mr. Glover and Mr. Davies for coming to committee and for answering questions from the committee members. That said, you're free to go.
    This ends our public portion of the meeting. We were going to go in camera, but in light of the time and just in looking around the room, I suspect that what we were going to discuss in camera we can do at a later date.
    I will indicate to committee members that you have received just today an update on the calendar and the calendar scheduling. Please take a look at that.
    Also, just so you're aware, we have been trying to get the ministers to attend to talk about the main estimates. At this point in time, you will have heard today that the Minister of Digital Government has provided us with a time. We're still waiting and have not heard from the minister from PSPC.
    That said, I wish you all a good night. Thank you very much. I declare the meeting adjourned.
Publication Explorer
Publication Explorer
ParlVU