Refine by MP, party, committee, province, or result type.
Information & Ethics committee That's a really good question. I would argue that it's mostly related to the data that are transiting within NRCan's business—the science and the research associated with it. For natural resources, it's outside of my ability to answer. I do not know.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee Absolutely. If we were to investigate a physical device, this would be done, first of all, within a personnel security engagement. At this stage, they would absolutely do a review of the impact on security, and they would engage the scope of the actual investigation. IT would get engaged.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee The government is no different from any other organization. When you use government networks, you have certain obligations as an employee to ensure that your use of the equipment complies with government policies. Clearly, a forensic analysis in particular can't be carried out without the knowledge of the people involved.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee Absolutely. A reminder pops up automatically every time someone connects to the virtual private network. The department regularly reminds employees of their obligations. In fact, we’re in the middle of cybersecurity month. Our department is therefore taking steps to make employees aware of this reality.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee If we were to use that particular tool, it would be with a great deal of transparency with the organization and the employee involved.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee That's correct.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee We did not to my knowledge, but within the framework on privacy impact assessment, departments have the ability to work within what is called personal information banks. Those contain predetermined types of information that we as a department would want to access from our employees.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee That's correct.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee On the programs, that's correct.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee NRCan has that.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee From a commercial perspective, there's an interest in some of the technology, the breakthroughs or the scientific information that would have potential—
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee We work with our service provider. We work closely with Shared Services Canada to make sure that the network is monitored and protected. Similarly, we work with our central agencies to support it from a cybersecurity threat perspective, and we maintain this equipment. We keep it up to date.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee There are many threats. A lot of what NRCan works on has commercial value, so there's an external threat, for sure. That's always the case.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee There are many areas of business, such as energy, where NRCan is interesting for foreign entity or domestic reasons. It is always the nature of the business. The interesting challenge within NRCan is the open nature of the science culture. It's definitely a challenge for us to maintain the proper balance of sharing information with key stakeholders and protecting important assets.
February 6th, 2024Committee meeting
Pierre Pelletier
Information & Ethics committee It was mostly from a readiness perspective. As an IT organization, I think it's perfectly normal for us to keep up to date and stay current with the technological advances. The technology is always advancing and evolving. The threat vectors are also advancing and people get more sophisticated, so I think it's properly normal for an organization to make sure that it maintains a certain degree of technology savviness.
February 6th, 2024Committee meeting
Pierre Pelletier