Thank you, Mr. Chair, for the question.
With respect to the National Research Council and the incident that occurred there, I will try to explain just very briefly. I've talked already about the capability around our security operations centre, but maybe we can reach back a couple of years to when we had a cyber-incident that happened at Treasury Board and at the Department of Finance. The Department of Finance and the Treasury Board were able to continue working because they were on the secure networks of the government. We were able to basically cut off their access to the Internet and they could carry on with business.
With the National Research Council it was much different. They were working outside the government networks. There were many distributed sites across the country and they had varied Internet connections at all of these different sites. The strategy was around the containment of that particular security incident. We worked very closely with the National Research Council in developing that particular plan. Obviously, we had to try to minimize the impact on their operations, so it wasn't as simple as Finance and Treasury Board and allowing them to continue to work. We had to work with them around the containment and to make sure we protected ourselves from the particular incident.
The first order of business was obviously to protect the rest of government from this particular threat. Using the security operations centre and our capable folks who work within Shared Services Canada we were able to do that, as a first instance.
Going forward, the entire program of Shared Services Canada is around upgrading as per the 2010 Auditor General's report on the state of IT infrastructure. By building new data centres we are building in security by design. By reducing the 50 wide-area networks and contracting with our supply chain integrity under national security exceptions, so we know of country of origin, etc., all of this is to put security by design into our new networks as we go forward.
On the issue around the National Research Council and the expense that was associated with it, the nature of that particular threat meant we actually had to physically replace all of the equipment, all of the networks, etc. This was a very sophisticated act as has been discussed in the media, and this necessitated a complete replacement. We couldn't just clean it and use it again. It required a complete, new infrastructure.
In nine or ten short weeks, again working closely with the Treasury Board, working with our security partners, leveraging the new data centres at Gatineau, we were actually able to create a brand new infrastructure working with the vendors' and the telcos' brand new wide-area networks, and create a green environment from which NRC can now operate. We are working closely now with NRC, National Research Council, to migrate their workloads from the contaminated site that's been contained, scrubbing that data and moving that into the new infrastructure.
That's just one example of what Shared Services Canada and the creation of Shared Services Canada can do with respect to security.