#CyberFLASH: StatsCan says government’s IT agency providing ‘slower, lower quality services’

tories-census-scrubbed-20100721Setbacks and shortcomings at the federal government’s tech support agency could delay Statistics Canada’s release of “mission critical” information required by the Bank of Canada, Department of Finance and commercial banks, according to a report.

The document, submitted to Canada’s chief statistician Wayne Smith, is one among more than a dozen reports, drafted at Smith’s request from all of his directors general. Smith asked for the reports in an effort to fully understand the impact of Shared Services Canada (SSC) on his department.

The memos, obtained by CBC News under access to information laws, detail how yet another federal ministry is embroiled in a dispute with SSC over services standards, red tape, billing and the capacity of IT infrastructure to keep up with departmental demands.

SSC was created by the previous government to centralize and standardize information technology services in a bid to save money.

At the end of February, in the run-up to the 2016 Census, Smith shared the results of this report with Canada’s top civil servant, Privy Council clerk Michael Wernick. The correspondence is entirely redacted except for the subject line, which reads Heightened Program Risks at Statistics Canada.

“Numerous challenges in terms of reliability, timeliness, effectiveness and affordability are being experienced, impacting delivery of programs, projects and plans across all program areas,” wrote Lise Duquet, director general of the StatsCan informatics branch.

She said the savings expected from consolidating services under SSC have not materialized, pointing to how ongoing support from the IT Help Desk is now more costly than when StatsCan operated the email service.

Lack of accountability

Despite “harvesting” $38 million from Statistics Canada with the promise to upgrade IT infrastructure, Duquet said StatsCan was told it would have to cover the cost of migrating all information to new data centres — something she said the agency cannot afford without putting its programs at risk.

Read more here

#CyberFLASH: 2 Canadian companies approached by China after NRC cyberattack

online-surveillance-20141030Two Canadian companies were approached by Chinese businesses shortly after the National Research Council’s computers were hacked this summer, leaving them wondering whether the approach and the attack were linked.

Documents released under the Access to Information Act and obtained by CBC News offer insight into the consequences for private sector interests when a government institution they work with is breached.

The two companies were among those notified by the NRC in the days after the cyberattack that their data had been hacked. Both were subsequently approached by Chinese companies about their businesses.

The federal government blamed the attack on a Chinese state-sponsored actor.

One Canadian businessman wrote an email to the NRC saying, “It’s somewhat ironic, that Canada’s premier R&D organization, the NRC, although cutting edge with many new technologies, doesn’t seem to have equivalent cutting-edge protection of its computer networks setup.”

Read more here

#CyberFLASH: NRC hacks a security wake-up call

Quebec hacker

It could take a year or more for the Canadian government to recover after its chief information officer confirmed Chinese statesponsored hackers were found to be breaking into the networks of the National Research Council.

This “cyber intrusion’ into the NRC’s computer network was detected and confirmed by Communications Security Establishment Canada, which is now working with IT experts and security partners to create a new secure IT infrastructure for the NRC and the broader federal government.

It could take at least a year, officials say, simply to mitigate the risk of future cyber threats of this nature.

Meanwhile, data security companies working in the private sector are coming forward with suggestions for the NRC specifically, and Canadians in general, on how to better protect themselves online.

CloudMask, for example, is an information technology and security company based in Ottawa. It has received certification for its security technology by Shared Service Canada (SSC) for integration with its security infrastructure.

Read more here

Documents lift veil on cyber-security web behind Canadian government firewalls


OTTAWA — It only took one click for a federal worker to allow malware to infect about 1,800 computers at the Fisheries and Oceans Canada late last year. It took just a little longer for security staff to wipe the malicious code from workstations.

But it wasn’t as simple a job as it sounds.

Emails and incident response reports from the department charged with overseeing the IT infrastructure shared by 43 different government departments give a glimpse into how Shared Services Canada interacts with other departments, and how sophisticated email scams can bypass firewalls and successfully con federal workers with messages appearing to come from government agencies.

Read more here

Cyber-security centre staffing numbers jump

OTTAWA — The federal agency charged with monitoring and assessing threats to IT infrastructure in Canada will get a 300 per cent bump in bodies now that it is scheduled to expand its business hours.

Public Safety Canada says part of $13.4 million spending at the Canadian Cyber Incident Response Centre over the next five years will be used to raise the number of workers to 30 from the seven that are on the roster. That increase of 23 bodies will be needed to help the centre expand its operations to 15 hours a day, seven days a week, from bankers’ hours, Monday to Friday. A worker has been on call outside of business hours.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.