Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 1 - 60 of 162
View Andrew Cash Profile
NDP (ON)
View Andrew Cash Profile
2015-06-04 12:35
Mr. Chair, this has been just a fascinating discussion.
Thank you all for being here.
I'd like to talk about the importance of cybersecurity in the context of emerging disruptive technologies. Maybe we could start with Mr. Horgan, and if I do interrupt, forgive my rudeness but you know we don't have a lot of time.
View Andrew Cash Profile
NDP (ON)
View Andrew Cash Profile
2015-06-04 12:39
Both of you, Dr. Sullivan, and Mr. Horgan spoke a lot about and we share the concern about retaining talent in Canada. During the debates around Bill C-51, a number of business leaders wrote an open letter raising alarms around Bill C-51. I want to quote a small bit from the letter:
Most importantly we ask for data security. We know that many of our clients, including our government, will only host services in Canada because of the invasive privacy issues in the U.S. The U.S. tech industry has already lost billions in revenue because of this, and we don't want it to happen here.
Is there a concern here in Canada around the sorts of invasive technology breaches we're seeing in the U.S? Is there a concern here in Canada around this and its impact on exactly what we're talking about here, retaining talent and building disruptive technologies?
View Mathieu Ravignat Profile
NDP (QC)
View Mathieu Ravignat Profile
2015-05-26 11:48
Concerns have been raised about the security issues for Shared Services Canada particularly with regard to Bell's involvement. I'd like to know what you have to say about that. Do you think that Bell, for example, has the necessary expertise? How are you ensuring that data is being protected while this transition is going on?
View Mathieu Ravignat Profile
NDP (QC)
View Mathieu Ravignat Profile
2015-05-26 11:51
Are you confident that the players at the table, Bell, Microsoft, and so on have a good sense of what our security needs are with regard to data, particularly within the public service and in serving the public?
View Malcolm Allen Profile
NDP (ON)
View Malcolm Allen Profile
2015-05-13 15:57
Thank you to all the witnesses for coming.
Mr. Scott-Douglas, I'd like to keep on the theme that my colleague Mr. Woodworth talked about, and that's the issue of security—albeit, as Ms. Cheng has pointed out, it's really about the auditor looking at the processes and plans; it's not the implementation thereof, but whether there's some structured plan to be secure. I wrote down quickly what I thought I heard you say. Albeit the Auditor General was looking to see that everything would be updated by 2012, you're saying now that 80% are approved and 64% are signed off by deputy heads. Is that correct?
View Malcolm Allen Profile
NDP (ON)
View Malcolm Allen Profile
2015-05-13 15:59
I think that's where the 64% that's been signed off comes from. We've gone from 50% to 64%, it would seem, from what should have been 100% in 2012. I guess we're moving along by millimetres. I would be hard pressed to say that we're inching along, because that would be too fast. There's incremental movement, albeit it's too slow.
There's ample evidence from last year—not in the report, I must admit—of cyber breaches in some of the departments that, Ms. Cheng, you actually looked at in this audit. I agree with my good friend and colleague Mr. Woodworth that it's not just about cyber breaches, but clearly that's the most egregious part when it comes to the protection of data that's confidential.
Last year, we clearly saw that at Transport Canada. It's one of the departments that's actually in this audit and that is talked about.
Mr. Scott-Douglas, do you know whether Transport Canada is actually finished its particular piece? Has it gotten to the end? Is it one of the 64% that signed off?
I see a nod of the head, so....
View Malcolm Allen Profile
NDP (ON)
View Malcolm Allen Profile
2015-05-13 16:01
Thank you.
As we look at the security pieces, one of the things I find troubling, to be truthful, is the speed at which we move along, Mr. Scott-Douglas. I recognize, sir, that you're not responsible for writing these for all these departments. They report to you as to whether they've done them or not. I understand that. It would be nice to have the departments here to understand why exactly they're so slow. Clearly, when it's of such critical importance and the Treasury Board Secretariat puts a great emphasis on it.... You have a person responsible for making sure that we have things secure. Why are things so slow when there's a real sense that it needs to be done, that it's very important that it be done?
From 2012 to 2015 we've literally gone up 14%. That's not quite true; it's only 14% more than that. If you actually break it down, it's less, about a 7% increase. Do you have any sense, sir, of why it is that slow?
View Alain Giguère Profile
NDP (QC)
We spoke earlier about how information technology is evolving and the security challenges that that poses for the departments. It is a matter of knowing how much budget cuts have affected security upgrades within the departments. A lot of money went into such upgrades in the past, but despite all that, security is still at risk.
Can we expect that situation to quickly improve?
View Alain Giguère Profile
NDP (QC)
Obviously, we want to avoid this sort of thing as much as possible, but if wrongdoing is committed and the department does not have the resources to remedy or even recognize it, are there people in your units who can be contacted and who can help to fix this problem?
View Marc-André Morin Profile
NDP (QC)
Something is limiting e-commerce. There are pockets of resistance where e-commerce is not developing as quickly as it should.
What regulations, what measures, could we put in place to give users some sense of security so that they are not always worried about the security of their data or financial information and so that they are not victims of fraud or abuse?
View Mathieu Ravignat Profile
NDP (QC)
View Mathieu Ravignat Profile
2015-03-12 12:25
Okay.
My questions will now be for the Shared Services Canada representatives.
When a system is centralized, concerns are raised in terms of security, information loss and a reduction in service quality. I mainly want to talk about security.
I know that Bell was awarded the private contract. What mechanisms are in place to ensure that Bell is working with the departments to ensure the security of Canadians?
View Mathieu Ravignat Profile
NDP (QC)
View Mathieu Ravignat Profile
2015-03-12 12:26
In the call for proposals for that contract, was there clear criteria with regard to what level of security was expected from the company?
View Mathieu Ravignat Profile
NDP (QC)
View Mathieu Ravignat Profile
2015-03-10 16:10
In the context of some rather significant cuts to Shared Services Canada, how are you going to ensure security in this new environment?
View Jack Harris Profile
NDP (NL)
I thank you for pointing that out. I had made note of that. Thank you for the specificity in what you think is the priority.
In an article in March, a deputy commander of Canadian Joint Operations Command, in a general quote, stated that of the challenges facing the tri-command, NORAD, CJOC, and NORTHCOM in the U.S., the major challenges are cybersecurity, defence against chemical, biological, radiological, and nuclear agents, and security and defence in the north.
I think we've talked about security and defence in the north, but I want to ask you how NORAD would be prepared for dealing with cybersecurity as one category, and the other is the defence against chemical, biological, radiological, and nuclear agents as a separate category. Perhaps you could briefly deal with those issues separately, with cyberdefence and the others, because it seems to me that some of those threats might be part of this aviation issue you talked about, the general aviation. Is that the focus of your concern about these issues? Could you elaborate?
View Jack Harris Profile
NDP (NL)
Through you: okay. I just wanted to get that straight to understand it a little better.
I'm going to jump around a little, because I have questions here and there.
General Loos, just looking at your experience here, you recently came from the command of cyber-defence. I wonder if you—either of you—could comment on the Canadian priorities in terms of cyber-defence, both in the north and generally speaking. Are we looking at cyber-defence as it affects primarily military assets? Where else would you go beyond that in terms of the capability of what the priorities are for cyber-defence in Canada?
View Élaine Michaud Profile
NDP (QC)
Thank you very much, Mr. Chair.
In relation to NORAD, I would like to delve a little more into the issue of cyberspace, which I think is quite important.
In addition to defending its own networks, does NORAD play a role in cyberspace or more specifically in North American cybersecurity and alerts?
View Anne-Marie Day Profile
NDP (QC)
Will there be a return to a long census form, so that researchers, Canadians and various groups can have access to the data and information they need to function?
View Anne-Marie Day Profile
NDP (QC)
I think everyone has realized the impact of the budget cuts as far as the long form census is concerned. Working with the new system is incredibly challenging.
Shared Services Canada is asking for $1.8 million for additional costs related to providing core IT services to client departments and agencies.
Which client departments and agencies are involved? It appears on page 2-83 of the supplementary estimates. What is the reason for these additional costs?
View Robert Chisholm Profile
NDP (NS)
Thank you very much, Mr. Chairman, and if I can stop talking, I will share some of my time with Mr. Brahmi.
I found your presentation and your brief interesting. I want to follow up on the whole level of the issue of coordination and cooperation that Mr. Norlock was talking about, but I want to do it this way. In July, the National Research Council suffered a major cyber-attack that included the infiltration of systems containing personal information. The response from the government was that they blamed China.
I want to ask you two questions. Could you give us some indication of how safe Canada's critical infrastructures are from cyber-attacks by state-sponsored actors? Also, could we be doing a much better job on the issue of coordination and cooperation?
View Robert Chisholm Profile
NDP (NS)
On the issue of better coordination in the public sector of agencies that are investigating our vulnerability, are we doing enough?
View Robert Chisholm Profile
NDP (NS)
A civilianized agency is not what I understand the other countries in the Five Eyes are doing. It's generally an intelligence-led activity.
View Tarik Brahmi Profile
NDP (QC)
View Tarik Brahmi Profile
2014-11-20 15:59
I would like to ask a question that is of great concern to the citizens of Saint-Jean-sur-Richelieu, where an attack was carried out by what is called a lone wolf.
Could you tell us about cybercrime and cyberterrorism in terms of the lone wolf? If we are not able to link a particular incident to a terrorist organization, how can we intervene?
Are there criteria for defining acts as analogous to terrorism because they took their inspiration from information on the Internet? If there are no such criteria, how can cyberspace be protected to prevent people with mental health issues from committing a terrorist act after getting information from terrorist organizations? People like that may have no link to, or knowledge of, terrorist organizations, but they may interpret certain messages in cyberspace as a call to commit terrorist acts.
View Robert Chisholm Profile
NDP (NS)
Thank you very much, Mr. Chairman.
I'll again share my time with Mr. Rafferty.
We've talked a bit about ISIL and their role in the cyber domain. There was apparently a conference recently hosted in Kuwait. Some of the Five Eyes were there. Canada wasn't. What is being done, or what should be done, to combat what ISIL is doing in the cyber domain?
View Robert Chisholm Profile
NDP (NS)
So you're saying the role, then, is to do the assessment and detection work here, or online.
View John Rafferty Profile
NDP (ON)
Thank you, Chair.
Thank you for being here, Mr. Rohozinski. I just want to follow up on some of Ms. Murray's comments with regard to lawful access and privacy.
You have some experience with other national governments. Should international norms and laws be developed to govern the cyber domain? Very briefly, can you tell us what's been done and what your own personal thoughts on privacy are?
View Alexandrine Latendresse Profile
NDP (QC)
If you consider where the technology was 10 years ago, when you appeared before the committee to discuss the various challenges and options around e-petitioning, do you think it would be easier to implement such a system today, in 2014, technologically speaking?
View Alexandrine Latendresse Profile
NDP (QC)
My last question is for Mr. Arsenault. Having studied computational linguistics at Université Laval, I have a bit of a personal interest in this.
I was wondering about the software you use to analyze the names of people who sign petitions.
Do you have a sense of how the software detects a name that appears suspicious?
View Alexandrine Latendresse Profile
NDP (QC)
That way, you're able to catch the Mickey Mouse's and other suspicious names on the list.
Thank you.
View Nathan Cullen Profile
NDP (BC)
Thank you kindly.
In 2013, CRA had 3,000 data breaches. A little less than 1% of those were reported to the Office of the Privacy Commissioner. Why was that number so low?
View Denis Blanchette Profile
NDP (QC)
At the same time, you spoke at length about cyber attacks, which originate internally and externally. My colleague, Jean-François, spoke about the capacity of splitting up the networks. That question has already been considered.
We know that one day, an attack will take place—it might originate internally or externally. We also know that one day, the defences will be penetrated. The true question is not whether it will happen, but rather how we will recover from that with respect to information.
Is the United States considering this capacity to recover, but especially recovering quickly? There are classic recovery plans, but if a number of incidents occur simultaneously—a natural disaster and a cyber attack, for example—we would be a clay-footed giant. We would be extremely weakened.
How is the capacity to recover from these kinds of incidents being considered on the cyber side?
View Jean-François Larose Profile
(QC)
Here is one last, quick question.
You mentioned testing le réseau—the grid, the cyber-system—with false Internet pages to see whether there would be attacks or not.
Are other measures of this type planned? Was it very effective? Could you give us some details on that?
View Charmaine Borg Profile
NDP (QC)
Thank you very much, Mr. Chairman.
I would like to thank all the witnesses for attending our meeting today. I would also like to thank them for their excellent testimony that has added some good points to our discussion.
I am going to ask you my first question. I have many questions and it is difficult to choose the one I am going to ask you first.
You all stated that in Canada there is a lack of data on the problems posed by identity theft, data loss and data breaches. For example, the lack of a mandatory notification system in Canada when data is lost or breached, has contributed to the problem because the privacy commissioner is not made aware of these situations.
Could you comment on that?
I also have a question specifically for you, Mr. Fernandez. Given that you focus on the technology development sector, perhaps you actually deal with this issue. Has it interfered with your ability to design security systems that could resolve problems related to identity theft?
View Jack Harris Profile
NDP (NL)
Would that be used then to follow up and try to prosecute somebody who was trying to do damage to Canadian computer systems? Is that part of the role?
View Élaine Michaud Profile
NDP (QC)
I would like to thank the witnesses for their presentations.
I will take advantage of this opportunity to get more details on the role that you play in terms of cyber-security and cyber-defence.
How does the mandate of your respective organizations differ from that of the Communications Security Establishment of Canada? What is your relationship with the CSEC? It is a bit unclear to me. What is the nature of your collaboration? How far do your mandates extend, both in terms of defence intelligence, and compared to the International Security and Intelligence Bureau? If you could provide me with some information on that subject, it would be greatly appreciated.
View Élaine Michaud Profile
NDP (QC)
I suppose that there is still a sharing of information or common strategies that could be implemented by the different organizations.
View Élaine Michaud Profile
NDP (QC)
Would it be advisable to increase the role that the Department of National Defence plays in cyber-security in Canada, or in your opinion, is the current system sufficient?
View Jack Harris Profile
NDP (NL)
General Rousseau, I'm interested in the question of cyberactivity. I just briefly looked at your opening remarks, so I don't know whether this has been dealt with before. I believe your presentation was that from the military point of view, your work is to ensure that military assets are defended against cyberattacks so that you could carry on in the event of an attempt to compromise your ability to operate as a military force.
To what extent can you assess that as being necessary? Do we have other actors who are actively pursuing the creation of offensive cyberactivities, and what is the extent of it? Are we worried about it? Do we know that there are actors who are developing that capability?
We are told that the Americans have an offensive cyber command that is exploring that sort of thing as well. I take it, first of all, that we don't at this point, but can you tell us which actors do have cyber capability or are developing them for use as a weapon in conflict?
View Jack Harris Profile
NDP (NL)
Would that include just military targets, or also disrupting civilian operations, such as finance, etc.?
View Jack Harris Profile
NDP (NL)
View Jack Harris Profile
NDP (NL)
Do you have a big capability in terms of manpower, or budget for that?
View Élaine Michaud Profile
NDP (QC)
Okay.
I will not make you repeat yourself for a fourth time. Thank you very much.
My next question is for Ms. Sloan.
You said that the committee could benefit from looking into an increased role for National Defence in the area of cyber defence. You probably have some ideas on how the Department of National Defence should increase its capacities in that area. How could that be done?
View Glenn Thibeault Profile
Ind. (ON)
View Glenn Thibeault Profile
2014-03-04 15:57
My question is for Mr. Maduri at BlackBerry.
As parliamentarians if we lose our phones we have a great IT department here and they can send what they term a kill pill to our phones to ensure that none of the data gets into the wrong hands. So for a consumer who loses their smartphone, their BlackBerry, that's equipped with a mobile wallet, is there something similar that they can trigger to erase or wipe personal information from their smartphones? If so, is there a cost to this for consumers?
View Murray Rankin Profile
NDP (BC)
View Murray Rankin Profile
2014-03-04 16:42
Thanks, Chair.
My first question is for Mr. Maduri. This may have come up, but I wanted to just confirm and give you a chance to plug my favourite technology, BlackBerry. Security and strength, you said, were some of the watchwords of BlackBerry, and you think this technology lets you leverage that very efficiently, if I understood your remarks. Is this technology something that BlackBerry has factored into its business plan as a key contributor going forward?
View Charmaine Borg Profile
NDP (QC)
Do you think a mandatory system that would alert stakeholders of data breaches could reduce the risk of identify theft or fraud, while strengthening the confidence of consumers wanting to make mobile or electronic payments?
View Charmaine Borg Profile
NDP (QC)
When a data breach has occurred and a company's security system has been compromised, should the consumer in question be alerted, given that they could be a victim of identify theft?
View Charmaine Borg Profile
NDP (QC)
I agree, banks will often do that, but I was wondering more about sectors that don't adopt the latest technology.
This is for the SecureKey Technologies representative, but Ms. Pohlmann or Mr. Wilkes may want to respond as well.
In your view, are companies knowledgeable enough on how to build highly secure payment systems?
View Malcolm Allen Profile
NDP (ON)
View Malcolm Allen Profile
2014-02-24 16:33
Thank you to our witnesses and thank you to the Auditor General and his department again for putting the report together. I always find it fascinating.
To follow up on Mr. Albas' piece on security issues, I noticed through Treasury Board in your remarks on page five you talked about “greater collaboration with the private sector and other levels of government”.
In light of Mr. Albas' issue about security, which I share, I also jotted down the example of Target in the United States, albeit there were limited numbers of Canadians involved in that breach of security. It was more Americans than Canadians, but there certainly were Canadians affected because I know, sin of all sins, many Canadians do cross-border shop and they do use Target in the United States, and they can get a credit card there. That means they would be compromised as well.
What exactly does greater collaboration with the private sector mean vis-à-vis security?
View Malcolm Allen Profile
NDP (ON)
View Malcolm Allen Profile
2014-02-24 17:04
He's quite a taskmaster, this man from Hamilton.
Mr. Ferguson, on page 20 of your report, at exhibit 2.3, you have a table. I would encourage the folks from Veterans Affairs Canada to follow along, because the question will go to them subsequent to this.
You use the example of a Canadian veteran, just retired, who receives Canada pension plan benefits. During his military service, he was injured and he's eligible for disability benefits, which would come out of somewhere else. The veteran also wants to interact with the Government of Canada online to manage his benefits and also his taxes—that's Mr. Bennett at CRA—so he decides to access Service Canada's website.
Sir, you have a lovely chart here.
I freely admit to you, Mr. Bennett, that I once tried to go on your website, and as soon as you said, “I'll get back to you in five or ten days”, I said, “Thank you very much, but no thank you.” I didn't bother. The online password just takes far too long, in my view, to send through the mail to me after all the checks that you actually want from me, which clearly probably only I would know and that you actually asked for. There's good security, by the way, and I don't have a problem with that. The issue is that I'm not interested in your sending it to me in the mail—that's me personally—so I never did open it. It probably died on the Internet somewhere.
Mr. Ferguson, you've laid this thing out. Clearly, as we follow it through—and for the cameras, for the folks at home who don't have this in front of them—you literally ended up doing the same thing over and over again, except there are minor pieces. For instance, you sign in, or you use your GCKey, or you go to proof of identity, employment insurance, you need the access code, which gives you a four-digit number.
We can see that with My VAC it's actually quicker, because there is a certain number and I get in. I have to wait for you to send me something to get in and I have to wait for Mr. Bennett to send me something to get in, whereas My VAC lets me in as long as I have the proper security code. It's wonderful, actually. I think the other two groups ought to look at what you do, since you're giving benefits as well.
Actually, I agree with Mr. Woodsworth. No offence, Mr. Bennett, but more often than not, you usually are taking more than you are giving back, but that's your job and that's okay.
I'm getting benefits from EI, CPP, or OAS, etc. How come I can get benefits as a veteran from them, but I can't get them from you? That's an open question. I'll leave that for you folks to take back and think about while I wait 10 days for my thing that I'm never going to wait for, because I'm not going to ever end the thing....
Thank you, Mr. Ferguson, for the walk-through of what should be easy in life: to use a computer. I'm not technically in the dark. Yes, I'm a middle-age guy who has come to computers late in life, but I'm not a person who can't manage it. To be perfectly frank, if I were a vet and you were asking me to dance the dance, I'd be looking to call 1-800....
This is where I'm going back to you, Ms. Giliberti, about your 1-800 number. Does your system still function the way it does—and hopefully not for vets—for EI? If I get online and have a question, I go in the queue and wait. When it times out, the electronic voice says goodbye and hangs up. It never gives me a number that says I've contacted you. It never takes my number and says, like Sears Canada used to do, “If you wish to remain in the queue but not on the line, we'll call you.”
How is it the functionality of a department as large as yours is such that your electronic voice tells me goodbye? Then, when I say that I've called you, everyone says they don't have a record. Well, of course you don't. You hung up on me. If you hang up on me enough times, how many times am I going to call you back?
I look at both of you, Ms. Bastien and Ms. Giliberti. How do we integrate a service for folks at a moment when they're being asked to use electronic services and make it functional in a humane way so that it will function for them? I throw it open to either one of you. You can decide which one wants to answer it first.
View Alain Giguère Profile
NDP (QC)
Mr. Ferguson, earlier we were talking about the fact that a massive amount of money, some $377 million, was spent to design the Secure Channel infrastructure, which had a total price tag of $975 million. For a government set on balancing the budget, there are no savings to be had in this situation.
As we speak, do the departments have the staff to oversee the implementation of this computer system? If so, the government would not have to systematically hand over the bidding process to a private company, who would then be controlling another private company.
Do the departments and Treasury Board have the human resources that would be needed to contain these costs both now and in the future, because the price tag seems a bit too high to me?
View Glenn Thibeault Profile
Ind. (ON)
View Glenn Thibeault Profile
2014-02-13 16:04
Very quickly, the safeguards that are in place—I believe, Ms. Burke, you talked about that briefly—against fraud, identity theft, inaccurate tax reporting, I think would be three things we'd like to know about.
View Guy Caron Profile
NDP (QC)
I'll ask my question. You're free to try to answer it at a different time.
In terms of the protection of data, we've heard the story about the metadata being collected in airports. I'd like you to tell us how personal data, especially our personal financial data, will be protected against that type of intrusion. If it's possible, for example, for our security services to collect that metadata in airports the way they did, what would prevent anybody who potentially has a similar technology from doing the same?
View Murray Rankin Profile
NDP (BC)
View Murray Rankin Profile
2014-02-13 16:38
Finally, you mentioned that the RBC secure cloud is secure and behind your firewall, which I think is a terrific thing. Do you know whether other banks or other financial operations are having their data stored in a cloud that is under U.S. regulation, and therefore subject to the U.S.A. Patriot Act data protection concerns?
View Dan Harris Profile
NDP (ON)
Thank you, Mr. Chair.
Just to go back to the last point about online security, that alone is the biggest hurdle most businesses face. It's a very scary thing, when you're not very Internet or digitally literate, to start even considering all the implications. Of course, the privacy requirements and then the requirements by credit cards and the banks for the type of security—the security certificates and going through all those hurdles—are actually far more cumbersome than even filling out government grant applications, which also can be cumbersome from time to time.
Earlier, Mr. Smith, you were talking about key milestones and the ability to measure success. If my colleague, Mr. Kennedy Stewart, were here today, he would be very happy to hear you say that because he really feels it is important for us to actually measure success and measure the efficiency and efficacy of programs that we put in place.
Going back perhaps to the credit card rates that CFIB brought up, there is of course that requirement to honour all cards and the increasing fees that come into play, and when you add an online payment component to that.... Have you done any research on how much more cost that brings to small businesses?
View David Christopherson Profile
NDP (ON)
I now declare this 86th meeting of the public accounts committee of the House of Commons to order.
On your behalf, colleagues, I welcome our guests today. We have quite a few affected by this chapter. They were good enough to be here, and we appreciate that.
First off, on behalf of all the members, may I extend our apologies. We had a ruling from the Speaker, followed by a vote, all of which had to happen before we could leave the chamber. Our apologies for keeping you waiting.
Unless there are any interventions to the contrary, we will begin with our usual procedures.
Just going by the order that's on my paper here, we'll start with the Auditor General's opening remarks. Then we'll move to Mr. Guimont. Then we'll move to the Treasury Board, to Communications Security Establishment Canada, and last but not least, to Shared Services Canada. Following that, we will begin the usual rotation. My sense is that we should be okay time-wise, but we'll continue to monitor that as we go through.
Unless there are concerns or questions to the contrary, I will now call on Mr. Ferguson, the Auditor General of Canada, to begin his opening remarks.
Mr. Ferguson, you have the floor, sir.
View Malcolm Allen Profile
NDP (ON)
View Malcolm Allen Profile
2013-04-23 16:06
Thank you, Mr. Chair.
Thank you to everyone for coming.
I feel as if I actually need a computer to track all of the places all of you go. I'm not quite sure how to track it. It would be nice to have a flow chart, actually, as to who does what, where, and who reports to whom. Quite frankly, all of your testimony quite clearly indicates there is a whole whack of you doing a whole whack of things—pardon the language—and I'm not so sure all of you are actually talking together anymore, but there's a whole whack of work being done.
Through you, Chair, if there's an overarching agency that actually has some sort of chart that shows who goes where, and who reports to whom, and what the systems are, it would be immensely helpful in tracking.
We know we have CCIRC and CSEC. We have Shared Services. We have another group over there, somewhere else. We have some engaged partners and some not engaged partners. Quite frankly, what I just heard of agencies that have bits here, bits there, in different departments, under different ministries, under different deputy ministers, and under different cabinet ministers is a bit of a mishmash, to be truthful. I don't see an overarching umbrella, with somebody holding the umbrella handle. Quite frankly, that's not encouraging, from my perspective.
Mr. Ferguson, what I think you were trying to indicate in your report was that we need cyber-security. It's an essential tool that's needed for government and for private sector. Somehow we need to have a managed system that works for both. I believe that's what the report was trying to indicate to us. I'm not so sure we have a system in which we actually have a sense of who's doing all of this.
I ask this question, Mr. Ferguson. You talked about CCIRC and the fact that the mandate was 24-7. Do you still believe that, sir, in the sense that we should still follow that mandate, or is that something you wouldn't be overly concerned with? We've heard from Mr. Guimont that we've increased the hours but not to where the mandate was.
View Malcolm Allen Profile
NDP (ON)
View Malcolm Allen Profile
2013-04-23 16:09
I noticed, Mr. Guimont, in your presentation you said we're up to 15 hours a day, seven days a week, which is an update from where the audit was. I suppose that's a positive. It's closer to 24 hours than the eight hours it was before. Then you're relying on a new telephone system, so that people are accessible 24 hours a day.
I hate to be naive about this and I'm not trying to be flippant, but that assumes you're awake by the telephone. If you're a heavy sleeper, you don't hear the telephone, and you're on call, what did we accomplish? I think the answer is self-evident: not much. I'll answer my own question.
The reality still is, sir, do you not believe that someone on active duty, not on-call duty...? Those are two different things. Being on call means you're available. I'm assuming the 15 hours are probably not the overnight hours, which are the on-call hours that people normally do. Are you saying to me that the on-call individuals are supposed to be awake at that time? Does that mean they're working that shift, looking at the phone to see if there is anybody contacting them?
View Lysane Blanchette-Lamothe Profile
NDP (QC)
Thank you.
I would like to talk a little bit about sector networks. First of all, people say that Public Safety Canada should ensure that all sector networks are fully established and operational, as set out in the national strategy and action plan.
My first question is simple. Are the 10 sector networks now operational? Can you provide me with some information about that development?
View Lysane Blanchette-Lamothe Profile
NDP (QC)
I imagine that you have addressed the issue with representatives that sit on these sector networks. We see that six out of 10 sector networks do not have representatives from industry groups considered to be the main stakeholders.
Are you saying that you are in no way responsible for that and that nothing will be put in place to improve the participation of sector networks?
View Lysane Blanchette-Lamothe Profile
NDP (QC)
If the composition of these networks is not satisfactory, are you going to take some responsibility and ensure that everything will be done so that it is satisfactory?
View Lysane Blanchette-Lamothe Profile
NDP (QC)
Thank you.
As for the private sector, we see that not all stakeholders are reporting to the CCIRC on attacks. It seems to be a problem. In fact, Mr. Ferguson mentioned in his report that without thorough knowledge of what is happening on the ground, it is difficult for the centre to analyze the situation and provide advice on the matter.
What could you do to improve reporting from the private sector?
Results: 1 - 60 of 162 | Page: 1 of 3

1
2
3
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data