The National Post recently published an article demonstrating how some Federal Government organizations are still refusing to obtain crucial cyber defence services. A report from the National Security and Intelligence Committee of Parliamentarians (NSICOP) found that the government’s centralized IT service, Shares Services Canada (SSC), the Communications Security Establishment (CSE) have established a “very strong” cyber defence system. However only 43 out of 169 of Federal Government organizations are required to receive all of their digital services such as networks, emails, and data centres, from the SSC, which provides some with the opportunity to resist and thus create cybersecurity concerns for their institutions, as well as the rest of the government. David McGuinty described that these organizations are putting “them, their data, their people, their systems, and the government” at a “considerable risk”.
The NSICOP made two recommendations following this report review to the government. Firstly, that it continues to strengthen its cyber defence frameworks, and secondly, that all federal organizations use the cyber defence services of the SSC and the CSE to “the greatest extent possible”, both to which the Treasury Board Secretariat accepted.
For instance, in 2020, the CSE found that a crown corporation’s network was compromised by a cyber threat, that, although was mitigated, still suffered the loss of “significant amount of information”. At the time of said cybersecurity attack, the committee found that the crown corporation had not been adequately following CSE’s recommendation to implement SSC’s Enterprise Internet Service.
The NSICOP report outlined some of the major repercussions as a result of cyber security attacks in the 2010s and illustrated the enormous costs for the government to recover from a particular cybersecurity attack when a department, agency, or crown corporation does not sufficiently protect itself.
Read the full article from the National Post.