Prime Minister Stephen Harper and his neo-Conservatives must be smiling on one hand, while reacting on the other to the Auditor General’s report released on Tuesday.
Smiling because Auditor General Michael Ferguson indicates government is just too large for those governing to know what is going on and make common sense decisions.
Isn’t it Harper’s mantra to download, offload and just shut down areas of government that we’ve thought in the past were vital to our continued existence. See, for instance, the debates that are swirling about the reduction in scientists in many sectors. The most recent controversy surrounds closure of the Experimental Lake Area program which for 44 years has offered a unique opportunity for leading environmental scientists in the world to gain a better understanding of how to preserve, manage and protect fresh water.
Despite its reputation, the federal government is closing it to save expenses starting in March 2013.
But we digress.
The most shocking revelation to us, in a world which is evolving quicker than the speed of light, is Canada’s preparedness for cyber attacks which we’ve been told have already been attempted by people in China and other countries.
Ottawa’s cyber-attack response centre which is meant to monitor threats to online security around the clock has only been operating during daytime hours, according to the spending watchdog’s report.
The federal public safety department created the Canadian Cyber Incident Response Centre (CCIRC) in 2005 to help reduce the risk to critical infrastructure by monitoring and analyzing cyber threats to non-government systems 24 hours a day, seven days a week and providing the latest and best advice for protecting against attacks.
The response centre was staffed to operate from 8 a.m. to 4 p.m. five days a week, the audit found, although the federal government operations centre can page someone on call if a cyber attack or threat is reported after hours, according to a Toronto Star report.
We agree with the Auditor General’s report which states the centre should be working around-the-clock to ensure “timely detection and notification” of cyber threats as well as communicating with foreign allies working in different time zones.
“It’s important to have one place that can then take all of that information and figure out whether the threat is greater than the sum of the incidents,” said Ferguson.
The government’s reaction. Public Safety Minister Vic Toews announced that starting Nov. 5 — that’s less than two weeks after the report was released — that the centre would be operating 15 hours a day, seven days a week, with “experts on call around the clock when needed”.
At the same time he defended the government’s cybersecurity record, saying it had made “exceptional progress: in the face of emerging technological threats, according to the Star article.
That’s great to hear. Sounds like we might be catching up. But does it really sound like we’re ahead of the threat? Not in our mind.
When we think that our banking system, our electricity grids, and many other important avenues necessary for our survival could be attacked electronically, we think the issue is a very high priority.
Some may say it’s up to private corporations to make sure their data and their operations are protected from attack. That’s true. But at the same time, we’ve also experienced the advantages of an organization that can compile information on a broader scale and direct responses.
Another flag raised by the Auditor General was the lack of communication between various entities responsible for protecting our country’s assets from cyber attack.
Communications Security Establishment Canada (CSEC) took over responsibility for protecting government information systems from cyber threats from the response centre last year, but the audit found that despite the fact that the two agencies are supposed to be working together, CSEC does not routinely share things with CCIRC, the Star reported.
“CSEC told us it was concerned about sharing information because of the sensitive nature of the information it collects …,” says the audit.
It continued the two were supported to have worked things out by Aug. 2011, but have now agreed to resolve things by Nov. 30.
And just last week Toews announced the government will throw another $155 million over five years to boost the capacity of the response centre.
Such quick action. Certainly the Auditor General’s department earned its money on this part of its report. There was a problem and it wasn’t discovered until someone started digging. In an organization as big as our federal government how many more problems are there, how much are we squandering and how much is actually making a difference. The Auditor General’s report has many other interesting stories.