I will call this meeting to order.
Welcome to meeting number 27 of the House of Commons Standing Committee on Government Operations and Estimates. The committee is meeting today from 3:32 p.m. to 5:32 p.m. We will hear from Shared Services Canada as part of the committee's study on procurement practices within Shared Services Canada, and then we'll discuss committee business.
I would like to take this opportunity to remind all participants at this meeting that screenshots or taking photos of your screen are not permitted.
To ensure an orderly meeting, I would like to outline a few rules as follows. Interpretation in this video conference will work very much like in a regular committee meeting. You have the choice at the bottom of your screen of floor, English or French. Before speaking, please wait until I recognize you by name. When you are ready to speak, you can click on the microphone icon to activate your mike. When you are not speaking, your mike should be on mute.
To raise a point of order during the meeting, committee members should ensure their microphone is unmuted and say “point of order” to get the chairman's attention. The clerk and the analysts are participating in the meeting virtually today. If you need to speak with them during the meeting, please email them at the committee email address. The clerk can also be reached on his mobile phone.
For those people who are participating in the committee room, please note that masks are required unless seated and when physical distancing is not possible.
I will now invite the witnesses to make their opening statements.
Go ahead, Mr. Glover.
Thank you, Mr. Chair and members of the committee, for your invitation to discuss the Gartner Canada report that you received on the network sourcing decision matrix benchmark. I am pleased to be here today to address any questions the committee may have with respect to the report.
Mr. Chair, I want to state at the outset that I have the utmost respect for this committee and its important function in our democracy. I greatly support the work of the committee and I am committed to helping its members better understand how Shared Services Canada is working to modernize our networks in order to better serve Canadians.
I am here today to provide you with as much information as possible to aid you in this work. It is also why, when responding to the committee's request, I included additional information that was not originally requested, but which I hope will be helpful to the committee and answers questions that members had previously posed to me and members of my organization.
However, I am bound, as the president of Shared Services Canada, to steward our information in a manner that respects different priorities, including our democratic processes, the integrity of proprietary information and national security. That said, know that I am fully committed to assisting the committee with your endeavour to understand the network space.
As president of Shared Services, I support the in providing federal public servants with the tools and the IT infrastructure they need to deliver the programs and services Canadians expect in a digital era—services that are delivered on secure and reliable networks.
When it was created, Shared Services Canada inherited many different independent and non-standardized departmental networks. I would encourage members to review the “Network Modernization Way Forward” document, in particular pages 11 through 15, for details of what we inherited and what has changed over time. Our work is ongoing as we continue to take an enterprise approach to modernization. This means we will continue to consolidate, standardize and modernize our networks right across government.
It is essential that the Canadian government keep pace. As the pandemic has shown, it is even more critical in a crisis. Over the past year, we were able to respond quickly when urgent changes were needed and adoption of solutions were required at an unprecedented speed. We were able to increase our network capacity, provide widespread secure, remote access and roll out collaboration tools that allowed public servants to work securely, as well as remotely.
However, the complexity and the pace of change in the digital environment means that we need to be prepared for significant and ongoing upgrades and technical innovations, such as software-defined infrastructure, where critical IT infrastructure and functions like data centres are fully automated and programmable. We also need to ensure that we have the IT infrastructure that can take advantage of emerging technology such as artificial intelligence, machine learning, 5G capacity and potential innovations that might transform federal service delivery, such as multi-user supercomputers and in time, quantum computing.
As we go forward, we are engaging with industry in advance of setting up long-term contracting vehicles to deliver a common set of services to all government departments and partners, rather than the customized services that exist today. To that end, SSC is developing a modern enterprise network and security strategy to increase network, cloud and mobile access and ensure agile service delivery to all our partners. The new model aligns with government priorities to allow us to work smarter and more efficiently, as well as more reliably.
In developing this strategy, we must consult with third parties to ensure our approach is responsive, reflective of industry trends and has sound governance. In this context, SSC proactively engaged Gartner, an industry-leading research firm. We asked Gartner to review our network and security documentation, to give us advice on developing an approach for decision-making for future network equipment sourcing and to look at specific case studies within SSC to provide insight and advice on decisions that we have made on sourcing equipment.
Gartner made a number of recommendations—which have been shared with you—to ensure that our documentation follows industry standard practices, to help us standardize how we source our equipment through open and competitive procurements and to provide us with review mechanisms for when we need to deviate from this approach. These recommendations have provided Shared Services Canada with approaches to help balance business, technical, security and procurement risks and to create a network strategy that fosters accountability and transparency.
We subsequently updated our strategy paper and posted it on Canada.ca.
The “Network Modernization Way Forward” paper solicits feedback from industry partners and attempts to document our future state. This strategy will of course evolve as SSC continues to work with industry as part of its collaborative procurement process and to keep pace with the changes in technology and advancements in innovation.
To do our work, we need positive, functional vendor relationships. I take disclosure seriously. I take disclosure of information that would affect this relationship extremely seriously. I am mindful of the powers of the House of Commons for the production of documents and the role of members in holding the government to account. Part of my job as a senior public servant is to reconcile the exercise of those privileges with others, including national security, cabinet confidence and the confidentiality of business information.
In the report that I provided I itemized each and every redaction and included the reasons used to protect the information deemed confidential, in keeping with the practices of public disclosures of such information.
Making this information public would not only be making public Gartner's intellectual property and commercially sensitive information, but it could also be detrimental to the vendors included in this research. We looked at the report and only took out parts that would be a security risk or could jeopardize industry relationships and partners.
We take very seriously, Mr. Chair, the need for transparency, along with the need to protect the proprietary information of the companies that have entrusted us with it.
Thank you. We are now ready to answer your questions.
Thank you, Mr. Chair, and I want to thank the witnesses for being here.
Mr. Glover, I do want to say thank you. I see Mr. Davies, who's amongst us today, and I certainly have been hearing good reports from the vendor community with the work being done by Mr. Davies. You certainly did a good hire there from what I hear in the community. I'm not directly involved, but I wanted to say that through you, Mr. Chair.
Mr. Glover, I'm not going to question the reasons why you've redacted. You provided some good analysis, and it's incumbent upon us, parliamentarians, if I compare it to defence procurements, to ask for all the requirements that were included in a certain procurement. For obvious reasons of national security, those requirements would not be provided to this committee, even though we asked for them. I understand why you have made those redactions, and I will accept that.
I want to get back to the issue at hand. I know you and I had a discussion back in November, just before the holidays, with regard to having.... I'm going to quote another Gartner report, regarding the whole issue of having two OEMs within the network, whether it was through the WAN, the LAN or data centres, and the importance of that.
At that time, you recognized that SSC did have some work to do in order to not rely so much on one particular vendor and to provide two OEM environments within those network blocks.
I know that SSC is now engaging the vendor community. What I'm hearing now is that SSC has done that before. It did that in 2014 through another procurement engagement, so as president of Shared Services Canada, how will you demonstrate to the vendor community that this time around you're serious and that you want to change the one OEM environment into a two OEM environment?
How will you demonstrate to the vendor community those short-term goals?
The short answer is transparency and documentation. If you refer to some of the attachments that I included in response to the committee's request, we intend to be very transparent with you, with the vendor community and with all Canadians about what we inherited, where we are today and where we want to be moving forward.
We will also work with industry so that it understands what our objectives are and why, so that companies can think about the technologies they are developing, and we can integrate them into our forward procurements. We are also moving to open source, which will make it easier for us to allow more vendors into that ecosystem.
That, frankly, is not always a guarantee that different vendors will win. We've done two open, generic procurements, and one happened to be won by Cisco, a company that is the subject of a lot of attention here. Another one was won by Juniper.
We will be open and transparent. We will consult with industry on what we need and why. We will invite industry to help us refine our technology requirements to take advantage of state-of-the-art technologies moving forward, and we will be moving to the more open-source, software-defined, zero-trust types of networks that Gartner speaks to. Every one of our actions will be fully transparent.
The final thing I will say is that, in line with the recommendations from Gartner, oftentimes we get requirements from departments saying we have to go sole source. It has to be plug and play. They can't accept anything else, because the risk is too high. We've implemented a review committee that looks at each and every one of those, and challenges those requirements to make sure that they are what is claimed.
If it has to be specific, because it's plug and play, the risk is too high or timing, we will accept that and we'll be transparent about it. When it's not, we have a better process now to push back, rather than simply accept because they say it must be sole sourced. We now challenge each and every one of those.
Thank you, Mr. Chair, for the member's question.
I don't mean to be repetitive, but it goes back to the way forward document, and working with industry to lay out multi-year plans. If you look at some of the documents that we tabled with you, they're short, medium and long term about where we want to go, where we need industry to be with us as part of that journey, recognizing that this won't happen overnight.
They have full line of sight to our short-, medium- and long-term strategic plans, and the ability to work with us as the technology changes. One of the largest criticisms I have heard from industry is that we go to them with “we know the solution”, and because of that, we turn away a lot of potential innovation and opportunities. That's why we want to work with them before we finalize plans.
The bottom line is that they will know where we want to go, short-, medium- and long-term. We will consult with them and we will evolve that plan with them.
Thank you for your question.
I would be happy to again consult with legal counsel, take a further review of this and respond in writing.
My answer is the one that I have. It's the one where my understanding is that speaking about cabinet and when it may or may not choose to meet is a potential confidence and is not to be disclosed. Gartner was not provided with any specific cabinet confidential information. The fact that they referenced it is not something that I should continue to promulgate or include in public disclosures. That is my understanding of the reasoning.
I understand that is not sitting well with a number of the committee members today. I'm happy to review that again with legal counsel to make sure that answer is complete, but that is my answer today. It is based on significant consultation and a very serious review of each and every one of those redactions.
However, I'm happy to revisit and update my answer if I missed anything.
Once again, thank you for your question.
In my opinion, it's definitely possible.
Without a doubt it is possible that there is lobbying that occurs. These are huge procurements. Look at the dollar values that I shared with you that we do, and for every winner of a procurement that we do, there are multiple losers.
Absolutely, every single one of these firms employs lobbyists who are attempting this, at all levels.
It's why the integrity of this process is incredibly important to me. It's so that it is able to withstand the lobbying that we know occurs constantly.
I hadn't understood the word “enterprise”. Thank you.
An enterprise approach is one where we look at all of the departments as a whole—as the enterprise—and rather than running each individual departmental network, we want to move them to simplified standardized networks. Even when we have, for example, a lot of Juniper gear or Cisco gear or any of the others that you see in the ecosystem we have, it can be configured differently and is non-standardized.
Think about Interac terminals that we all work with every day. What if each one of those was configured a little bit differently or required a slightly different way to operate for you? We want an enterprise approach, so the user experience is the same and consistent. That will allow us to aggregate requirements to obtain a better price for Canadians, improve our service and, frankly, reduce costs over time while increasing reliability.
It's part of that Gartner.... Remove the number of vendors and move to a smaller, more stable, predictable environment. That's what we mean by the enterprise approach.
I'll just share by way of a closing comment.... This isn't through to you, Mr. Glover.
I just want to share my alarm at this new-found, proactive, hypothetical rationale for cabinet confidence that hasn't gone to cabinet as a way for what I consider to be an increasing violation of transparency and open government from a government that claims to be open by default. I hope that we, as a committee and in a non-partisan way, can find ways in which staff could be instructed.... As I'm to understand, to members of this committee, through the mandate letters of the ministers, they're to be open by default.
I just don't find that to be the case, and I'm startled by the precedent that this is going to now set for other senior levels of management that come before us and say, “Hypothetically, this could be cabinet confidence; therefore, we're not going to share it proactively.”
Those are my concerns, and I look forward to the next round of questions. Thank you.
Thank you very much, Mr. Chair.
I want to thank our witnesses for being with us today and for their service to Canada.
I want to take a moment to do a brief history lesson. Shared Services Canada was a creation, of course, of the Harper government, one that famously booked savings to create a phony deficit and under-resourced the organization such that it didn't have the people, the equipment or the dollars required to carry out the job it was given, which was fundamentally to provide the IT infrastructure and backbone for the Government of Canada.
I find it intriguing that now, some five years later or so, we are questioning the president of Shared Services Canada on the very attempts to correct that state of affairs, or at least one very important element of his attempts to correct that state of affairs, and insisting that he divulge confidential information in a public setting in order to do so.
Would Mr. McCauley or Ms. Harder or Madam Vignola insist that we divulge the codes for a fighter jet mission? Would they insist that we divulge passwords for critical infrastructure?
This will hopefully answer other members' questions about why certain pieces of information have been withheld.
On any given day, when I arrived at Shared Services two years ago, there were over 400 unplanned outages per day. This past year, we had almost 80-some thousand unplanned outages. That's about 200 a day. That's the state of the infrastructure, so we've made significant improvements. Of those unplanned outages, the number that are critical is pretty small but significant, and it's about 300—just a little less than 300 critical outages. That's where services to Canadians or public servants who need those services desperately to do their jobs are out for an extended period of time.
We're racing to fix some of these old outdated systems faster than they are breaking to make sure that public servants have the tools they need to serve Canadians.
The security issues that we, for example, why we wouldn't disclose the location of a data centre... On any given day, as Scott Jones testified to this very committee, there are two billion malicious activities that we intercept, each and every day. These are not theoretical cyber-threats. They are real. They are organized, and they would desperately love to know the details of our architecture and the location of that architecture.
Therefore, absolutely, I will take my responsibility to protect that information, because they are assets of the nation that this government uses to serve Canadians.
Thank you. That's much clearer.
Departments will come to us with their requirements. There are times when they will say, “We can't accept interoperability. We don't have the time to test anything.” They want like-for-like. They make the case that we have to get, not necessarily Cisco, but it could be any vendor's gear. We must replace it with exactly the same vendor. That's the instance where Gartner has said that, when we are doing that, we should review them to make sure they are what the departments claim.
We used to, not all the time but mostly, just accept those. We now review and challenge those requirements to make sure that there is an operational imperative, and that we cannot move to a more open and transparent process. They make the request, and they lay out the case and the reasoning why.
My attempt, as I stated in my opening, was to try to be transparent, recognizing the important nature of the study you are undertaking. We wanted to be very clear and transparent with you about where we are going with respect to the nature of the network. There's a lot of talk about interoperability and the enterprise approach. We have shared with you the “Network Modernization Way Forward” document.
I think people often think of the network as one simple thing. We've tried to include diagrams for you, for industry and for every interested party on just how complex the network is, with the different topologies. There was a sense that it was just the Cisco environment. We tried to include all of the different vendors we have in that environment and to lay out where we're going. We also included our network and security strategy to demonstrate how we have been transparent with industry about what we are doing and how we intend to go from a strategic document in the “Way Forward” to something that is more technical in nature, and to share with you the types and nature of the conversations we are having.
I also felt it would be helpful, so we put together information for parliamentarians about the nature of our work and what we've done. Given the number of questions that have been asked of me, there is a sense that we don't compete a lot of our procurements. We tried proactively to share with you the volume we do, how much of it is done competitively and how much of it is sole source, not just in sheer numbers, but what that represents in terms of dollar values.
Because of previous interest and because we feel a social responsibility, we tried to include how much of those things go to small and medium-sized enterprises. With data, we were able to target indigenous-specific businesses. Moving forward, we hope to be able to expand that to more employment equity groups, women-led businesses and other employment equity-led businesses.
Given the number of procurements that we do, while we are trying to advance that enterprise approach, we are also trying to encourage Canadian businesses of all sizes to interact with us.
To give you the short answer, this is not anything that I would want attributed to me, but there are those who have said that the COVID pandemic has accelerated the shift to digital right across all aspects of society. We have certainly seen that within the departments we serve and their level of ambition to provide services digitally to Canadians. Increasingly, we are seeing the rollout of new technologies and new services to Canadians being done at record-setting paces. Call centres used to be these big physical buildings. We had to scramble in days, literally days, to figure out how to allow people to operate call centres from their home and kit them up to be able to do that.
The network is increasingly important, moving forward. I think it's something that will be increasingly important for this country, frankly. Those who have access to the network with a strong signal will be able to access those incredible services. For those in remote or isolated communities, we're going to have to find a way to roll those out. The network is increasingly important. It connects us all. It is a way, increasingly, that government and businesses are delivering services.
Collaboration tools like Zoom, Teams and others that we use accelerated that rollout. That's created new opportunities and new challenges in cybersecurity, as I said earlier. The threat landscape is changing, and changing fast. It is getting more sophisticated. They understand that there is more volume here and, therefore, more opportunity.
From a procurement point of view, that means that, as we move forward, simplifying, standardizing while not relying on just one vendor, and making sure that cybersecurity is top of mind in everything we do will be incredibly important. That's why we talk about, and Gartner in its report talks about, those three pillars and monitoring so that we know what is happening and we can detect and respond far more proactively than we can now. That will require some standardization.
Once again, thank you, Mr. Glover and Mr. Davies, for your professionalism, for the great work you're doing and for keeping our government networks going during this time when we're facing many difficulties.
I'd like to go to the information for parliamentarians report dated February 24, 2021, on network modernization and procurement. In there you talked about how you published the “Network Modernization Way Forward” document. I believe, in your opening remarks, you talked about the short-term, medium-term and long-term strategies that you have or the department has for network modernization.
In about a minute, can you spend time demystifying or breaking down the short-term, medium-term and long-term vision that the department has?
Thank you very much for the question. Thank you, Mr. Chair.
One recommendation from the Gartner group was for us to be more specific with respect to timing. They broke their report down into short-term, medium-term and long-term objectives. One clear recommendation that came through that report was for us to spend time assessing the current state and then put together a plan with clear activities for the short term, medium term and longer term. They also overlaid in that report the guidance for us in terms of what they see from their technology road map when certain technologies are going to become more relevant. We took the advice from the Gartner group. We took some of it immediately and incorporated it into our updated “Network Modernization Way Forward” paper.
We're going to meet with industry later, on May 14, to give feedback to it. It's also important that this document helped us to have a good discussion with industry partners. We got feedback from 26 different partners on that modernization way forward that we then took in and incorporated and will incorporate into our plans moving forward.
Overall, I think I've probably talked a little bit longer, but this is a first time for me. Thank you.
As I said earlier—I would encourage members to take the time to read those documents, and I do hope you find them useful—we're at about $1.3 billion or $1.4 billion in procurements in 2019-20. Of that, 87% we would call competitive and, recognizing a member's question earlier, even when that is for requirements—a vendor—we force competition, as per questions from members here, to ensure the best possible price. That is part of what we do.
When there are urgent requirements, we have no choice. We have to go out. A particular system needs more memory. It can't keep up with the demands of COVID and the number of Canadians logging in. We need to do it quickly and surgically. We'll go out and do some non-competitive.... It's about 87%:13% in terms of competitive and non-competitive as it moves forward.
We're quite pleased with the number of small and medium-sized enterprises that are engaged in this. That, we think, is something that we would like to continue to do. We don't want to be just dealing with the large multinationals as this moves forward. We're quite happy with the number of small and medium-sized enterprises we are doing, but we would like to grow that number moving forward, and we would like to share with you better information about what we are doing moving forward on employment equity, on what we can be doing better for aboriginal businesses, Black-owned businesses, women-owned businesses, other employment equity and the disabled. We are improving our reporting requirements on that front.
I am pleased to say that in 2019 we awarded 117 contracts to indigenous businesses, for almost $36 million. It's good, but there's a long way to go to improve that number.
Thank you, Mr. Jowhari, for your questions.
That brings us to the end of our questioning today. I'd like to thank Mr. Glover and Mr. Davies for coming to committee and for answering questions from the committee members. That said, you're free to go.
This ends our public portion of the meeting. We were going to go in camera, but in light of the time and just in looking around the room, I suspect that what we were going to discuss in camera we can do at a later date.
I will indicate to committee members that you have received just today an update on the calendar and the calendar scheduling. Please take a look at that.
Also, just so you're aware, we have been trying to get the ministers to attend to talk about the main estimates. At this point in time, you will have heard today that the has provided us with a time. We're still waiting and have not heard from the .
That said, I wish you all a good night. Thank you very much. I declare the meeting adjourned.