Security Experts:

Auditor Warns Canada Lagging on Cybersecurity

OTTAWA - Canada "has been slow" to set up firewalls to protect against cyber threats to critical infrastructure, leaving the nation vulnerable to crippling attacks, the auditor general warned Tuesday.

In a report, Auditor General Michael Ferguson said the government has made only "limited progress" over the past decade to safeguard electrical grids, telecommunications infrastructure, banking systems, manufacturing and transportation, as well as its own computers.

A key agency set up seven years ago to monitor cyber threats 24/7, called the Canadian Cyber Incident Response Centre, is still not fully functioning, leaving evening and weekend gaps in its security coverage, he said.

Also, incidents were not reported in a timely manner nor shared with the appropriate agencies, he said.

Opposition parties pounced on the report to accuse the government of being "recklessly ill-prepared" to protect Canadians who are increasingly reliant on the Internet, against cyber attacks.

Public Safety Minister Vic Toews conceded some shortcomings revealed by the audit, but insisted the Tory government is committed to ensuring "Canada's critical infrastructure is well-insulated from cyber threats."

"It wasn't until 2010 that people became (fully) aware of the nature of cyber threats," he said. Ottawa announced stepped up security efforts that year but in January 2011, a cyber attack was still able to paralyze its computers, leading to a revamp of the network now being undertaken.

The report notes the frequency and severity of electronic attacks through the Internet are accelerating, which Toews confirmed at a press conference.

Attacks by ordinary hackers, organized criminal groups and state-sponsored entities are "constant," Toews said.

Subscribe to the SecurityWeek Email Briefing
view counter