Feds need help tackling cyberthreats, internal report warns
A widow in her 70s, who once worked for the City of Toronto, lost her life-savings to a West African romance scam. (THE CANADIAN PRESS/FILE PHOTO)
OTTAWA — The Canadian government is “simply not up to the overall challenge” of fending off cyberthreats on its own and must partner with the private sector and the United States to tackle the problem, warns a federally commissioned report.
Canada is a prime target for cybercrime, state-sponsored attacks and lone hackers, and government officials have a crucial role to play in helping fend them off, the authors conclude.
“The productivity and competitiveness of Canada in the digital age will require a strong defence of its critical information and technical infrastructure,” the report says.
“Current efforts by government, industry and communities need to be better co-ordinated and more strategic.”
The Canadian Press used the Access to Information Act to obtain a final draft version of the April 2016 report on cyberthreat information-sharing protocols and policies in Canada and the United States.
The report comes amid growing concern about damaging intrusions into computer systems that expose personal information, commercial secrets and sensitive government data — endangering everything from credit ratings to national security.
The disclosure of pilfered Democratic Party emails proved embarrassing to presidential contender Hillary Clinton when published by WikiLeaks. The U.S. says Moscow led the attack, though Russia has denied involvement.
Three years ago, the Canadian government blamed a sophisticated, Chinese state-sponsored actor for a breach of the National Research Council’s networks that resulted in a shutdown of the research agency’s information-technology system. Beijing accused Canada of making irresponsible allegations.
However, Canada’s spy agency has openly warned that China and Russia are out to steal national secrets.
Under Canada’s cybersecurity strategy, the federal government is responsible for securing its own systems, working with the provincial governments and private sector to keep other systems safe and helping Canadians to protect themselves online.
The report, prepared for Public Safety Canada by consulting firm PricewaterhouseCoopers, found the government information-technology community is already overwhelmed with challenges such as aging systems and a move to cloud computing.
At the same time, few small businesses have full-time computer security staff.
The latest federal budget promised $77 million in new money over five years to bolster cybersecurity.
The report recommends broader engagement of the private sector, saying Canadian government budgets, resources and capabilities “are simply not up to the overall challenge.”
It calls for closer collaboration with the U.S. to take advantage of the billions of dollars Washington is spending on cybersecurity. It also urges more co-operation with small- and medium-sized businesses in developing solutions.
The report also cautions that any effort to ramp up surveillance and information-gathering to counter threats in cyberspace must be balanced with respect for privacy and personal liberties. It says that means building in strict criteria on the use of information as well as sufficient oversight.
Ottawa recently wrapped up a national cybersecurity consultation. The aim is to identify gaps and opportunities, come up with fresh ideas and capitalize on the advantages of new technology.
The recommendations of the commissioned report will be taken into account as part of the cybersecurity review, said Public Safety spokeswoman Karine Martel.
“Keeping Canadians safe while protecting their privacy rights remains a priority for the government and will be reflected in the policy and program decisions that stem from this ongoing review.”