A recent report from the federal auditor general has highlighted substantial deficiencies in the federal government’s response to the escalating number of dangerous cyberattacks. The audit, presented in the House of Commons, revealed that coordination among agencies responsible for safeguarding the government’s IT systems was inadequate during active attacks, leading to prolonged access to personal information by attackers.
According to the report, gaps in cybersecurity defenses pose a significant challenge to protecting critical information and managing cybersecurity risks effectively. While the three key agencies tasked with cyber defense have the necessary tools in place, not all government departments utilize the recommended protections, creating gaps in coordination and information sharing during cyber incidents.
The audit uncovered that CSE and Shared Services Canada successfully blocked a massive number of suspicious cybersecurity events over specific periods. However, there have been notable breaches in the past, such as the 2014 incident at the National Research Council Canada, resulting in substantial losses and extensive network rebuilding efforts.
Despite the rise in sophisticated cyber threats, the report flagged inconsistent use of essential cyber tools across federal organizations, impacting the government’s ability to detect and defend against cyberattacks effectively. The lack of uniform application of cybersecurity policies was highlighted as a risk factor, leaving sensitive government data vulnerable to state-sponsored hackers.
Furthermore, the audit emphasized the insufficient coordination among the key cyber organizations during active cyberattacks, leading to delays in response efforts. The report recommended a re-evaluation of cybersecurity incident management practices by the concerned departments to enhance response capabilities. Additionally, it pointed out the need for complete and up-to-date inventories of government IT devices to better understand vulnerabilities that could be exploited in cyberattacks.
In response to the audit findings, officials responsible for Shared Services Canada and the Treasury Board expressed their commitment to investing in enhanced monitoring and real-time threat detection. They stressed the importance of cybersecurity as a national priority and a fundamental element in maintaining public trust in government institutions.
CSE has consistently highlighted China as a significant cyberthreat to Canada, with other countries like Russia, Iran, North Korea, and India also posing cyber risks, according to their annual reports. The government remains vigilant in addressing cybersecurity challenges to safeguard personal information and critical systems from cyber threats.
