Individual Post Archive
« Resona to fight fraud with customer cut-off time for ATMs | Main | Electronic Crime Scene Investigation: A Guide for First Responders »

February 16, 2005

Government 'vulnerable' to cyber attacks

TheStar.com - Government 'vulnerable' to cyber attacks

Digital security lax: Auditor-general
Issue not taken seriously, Fraser says

BRUCE CAMPION-SMITH
OTTAWA BUREAU

OTTAWA—The warning is simple — leave your back door open every night and eventually there'll be a break-in.

That's the message Auditor-General Sheila Fraser has for the federal government and for Canadians after describing lax digital security that leaves its computers full of personal information vulnerable to hackers.

"Sensitive data, including information on the privacy of Canadians, payroll and financial transactions, program information ... are at increased risk of unauthorized disclosure, modification, or loss — possibly without being detected," the auditor-general's report warns.

"In some cases the weaknesses had been exploited and gone undetected."

Citing the growing number of "cyber incidents," Fraser suggests that only luck has spared the government from a major breach of its computer systems.

She expressed frustration that almost three years after it was flagged as a problem, many government computers still don't meet minimum levels of security. "I'm really disappointed this issue isn't being taken more seriously," Fraser said yesterday at a news conference. "It's not just getting the attention it should be within government."

But she stressed that a government that collects a host of sensitive personal information on everything from passports to income tax to employment insurance needs to take action immediately to close the loopholes.

"This is serious and needs to be dealt with," Fraser said. She refused to single out what departments are most vulnerable but cited the government's own survey of 90 departments — 46 responded and only one met standards. Fraser notes how the government's own "vulnerability assessments" revealed "significant weaknesses that could be exploited."

Treasury Board President Reg Alcock said later there are attacks on a "regular basis... everything from minor hackers trying to attack websites through to people coming in at databases.

"We don't know of any ... serious breaches," Alcock said.

He said the government is working on new procedures to ensure departments comply with security standards.

In her report released yesterday, Fraser gave Ottawa passing grades for making improvements on everything from reforming its management of human resources to the licensing and regulation of nuclear reactors.

It was a marked change for Fraser who a year ago used words like "shocking" and "blatant misuse" to lay bare the sponsorship scandal.

Fraser did serve up some tough words yesterday, criticizing the way the government has funnelled billions of dollars to arm's-length foundations that aren't subject to adequate oversight.

And she said the government has been slow to improve the governance of Crown corporations. She found that 15 large Crown corporations reported that more than one-third of board members' terms had expired — some for more than one year. "Recent developments in the private sector have raised the bar for corporate governance and this area will require much more attention," Fraser said.

Alcock later said yesterday that he plans to unveil changes tomorrow to improve the way crown corporations are run.

Fraser also scolded Transport Canada for dragging its feet in its review of the rent it charges the operators of airports, such as Pearson airport. She said the review, launched back in 2001 and still not finished, could have significant financial implications for airports, airlines and even passengers, who could benefit if rents are rolled back.

"It's taken too long to get resolved," she said.

She also raised flags about the way aid money is spent at a time when the federal government is set to hand out tens of millions for tsunami relief.

The Canadian International Development Agency, responsible for handing out $2.6 billion a year in assistance, has moved toward giving grants with little control over how the money is spent, Fraser revealed yesterday.

"Grant payments are usually given with few conditions," the report said.

February 16, 2005 at 07:27 AM in Security | Permalink | TrackBack (6) | Top of page | Blog Home