Evidence of meeting #28 for Procedure and House Affairs in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was security.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Noon

Chief Information Officer, House of Commons

Louis Bard

That's a very, very expensive question.

Noon

Voices

Oh, oh!

Noon

Chief Information Officer, House of Commons

Louis Bard

No, no, there's no doubt that we always work really hard on our awareness campaigns for the members, providing you with information kits, documents, doing your inventory, assessing your computers. We have laptop clinics. When you come back from a summer recess, we watch in the chambers to make sure that there are no surprises you're bringing back for us on your laptop from your riding. We try to be ahead of the game and to be able to help you as much as we can.

However, you are the person running the constituency office, so you need to have those best practices to redo your risk assessment, to have a package that you review regularly to make sure that you understand your risk and understand the issues and if there are any threats or anything like this. And yes, we can always refresh that and help you with that.

The same kind of exercise can be applied to your family. You can use the same material to apply security within your own house, because the same questions will apply on how you set it up. Do you have good protection? Do you maintain your antivirus? There are so many things you can do. How do you do your banking, and who has access to what?

Noon

Conservative

Harold Albrecht Kitchener—Conestoga, ON

I do appreciate the offer that your department makes, each time we come back from our constituencies, to look at our laptops. I've always taken advantage of that, and I think that's very helpful.

Is there a process similar to this that would sort of prod or nudge our constituency office staff to be sure that they're also engaging in a similar repetitive review process to be sure that...? Or do we have to be proactive on that as individual MPs?

Noon

Chief Information Officer, House of Commons

Louis Bard

If members are interested, I think we can give you a package that can be used to assess your own situation. We can find ways to review this on a regular basis to make sure that we prompt you to look at this.

Noon

Conservative

Harold Albrecht Kitchener—Conestoga, ON

I don't know how frequently that would happen, but if on a “regular basis” we would get updates and recommendations from your office and possibly an offer to even remotely review what we're doing and what we're not doing, I would find that helpful.

Thank you, Mr. Chair.

Noon

Conservative

The Chair Joe Preston

Thank you very much.

Mr. Lukiwski.

Noon

Conservative

Tom Lukiwski Regina—Lumsden—Lake Centre, SK

Thank you.

I just want to go back for a moment to the vulnerability issue. I appreciate all that you do and continue to do while we're in the parliamentary precinct, but my question is what happens when we leave the precinct? Obviously cabinet ministers travel extensively on an international basis, but individual members also do. We have parliamentary associations that are constantly going abroad. How vulnerable are members when they're outside the precinct? We still have to be in contact. In the case of cabinet ministers, there's a lot of parliamentary work that goes on whether they're in Ottawa or in China or some other location. How vulnerable are those members who are travelling internationally?

Noon

Chief Information Officer, House of Commons

Louis Bard

I think there's a high level of vulnerability, especially if you travel to foreign countries, because they probably know you are coming and somehow they will be watching you or observing who is out there and will follow you through the process. This is where your choice of technologies and what you use when you're travelling is so critical. As an example, if you are bringing confidential documents, secret documents, on your laptop, you are very vulnerable if you lose that laptop, if you have not secured the documents, encrypted the documents, encoded the documents, waterproofed the documents: there are so many things you can do to secure a document. At the same time, I will not bring secret documents while I'm travelling. I will find other ways to move these documents around.

12:05 p.m.

Conservative

Tom Lukiwski Regina—Lumsden—Lake Centre, SK

Are there any specific protocols you would suggest for those members who may be travelling internationally, or are they just vulnerable no matter what they do? A lot of this is common sense, and we understand that. But are there any specific protocols or provisions that you might suggest or that you're looking into based on the fact that we may be targeted by Anonymous or other groups now?

12:05 p.m.

Chief Information Officer, House of Commons

Louis Bard

I will give the same comments I gave last year when we were looking at developing committee reports. Often the problem with security is that people don't assess what they intend to do while they're travelling. You should really assess those risks before you travel, and then we can put in place proper measures to help you during your travel through some specific packages, specific tools, or specific telephones or BlackBerrys. There are all kinds of things we can do to help you: don't use your cellular phone, use a land line.... As a preventive measure, before you go we need to understand the purpose of the trip and what you intend to do, and from there, based on the risk, we can really identify the solutions.

12:05 p.m.

Conservative

The Chair Joe Preston

You have a minute left.

12:05 p.m.

Conservative

Tom Lukiwski Regina—Lumsden—Lake Centre, SK

Thank you very much.

Is there any history of any member's computer system being hacked? If so, what process do you follow there?

12:05 p.m.

Chief Information Officer, House of Commons

Louis Bard

We follow the same thing as the IT acceptable use policies on a regular basis.

It's happened at the caucus level, on your caucus web server. We've helped many of you with your caucus servers when there has been infiltration, corruption, spam, and things like that. This has happened with members' laptops that have been infected with viruses.

When we detect something, the first thing we do is inform the member and then request permission to remove that PC or that laptop to help restore the situation very rapidly. We do this on an individual private basis with every member of Parliament. If we notice a situation, we try to find a compromise and identify the threats. If I cannot at one point solve the issue with the member, I will go to the whip. That's the protocol.

There have been a lot of instances over the last 19 years I've been here, but I have to say that each time we've been able to correct the situation to the member's satisfaction. Never in the last 19 years have we lost access to our network, been paralyzed for days, or had to shut down the network. Touch wood—we have been able to keep things running.

12:05 p.m.

Conservative

The Chair Joe Preston

Thank you.

Now to Madame Charlton. And I understand you're sharing your time with Madame Latendresse.