Information & Ethics committee  That's a really good question. I would argue that it's mostly related to the data that are transiting within NRCan's business—the science and the research associated with it. For natural resources, it's outside of my ability to answer. I do not know.

Information & Ethics committee  Absolutely. If we were to investigate a physical device, this would be done, first of all, within a personnel security engagement. At this stage, they would absolutely do a review of the impact on security, and they would engage the scope of the actual investigation. IT would get engaged.

Information & Ethics committee  The government is no different from any other organization. When you use government networks, you have certain obligations as an employee to ensure that your use of the equipment complies with government policies. Clearly, a forensic analysis in particular can't be carried out without the knowledge of the people involved.

Information & Ethics committee  Absolutely. A reminder pops up automatically every time someone connects to the virtual private network. The department regularly reminds employees of their obligations. In fact, we’re in the middle of cybersecurity month. Our department is therefore taking steps to make employees aware of this reality.

Information & Ethics committee  If we were to use that particular tool, it would be with a great deal of transparency with the organization and the employee involved.

Information & Ethics committee  That's correct.

Information & Ethics committee  We did not to my knowledge, but within the framework on privacy impact assessment, departments have the ability to work within what is called personal information banks. Those contain predetermined types of information that we as a department would want to access from our employees.

Information & Ethics committee  That's correct.

Information & Ethics committee  On the programs, that's correct.

Information & Ethics committee  NRCan has that.

Information & Ethics committee  From a commercial perspective, there's an interest in some of the technology, the breakthroughs or the scientific information that would have potential—

Information & Ethics committee  We work with our service provider. We work closely with Shared Services Canada to make sure that the network is monitored and protected. Similarly, we work with our central agencies to support it from a cybersecurity threat perspective, and we maintain this equipment. We keep it up to date.

Information & Ethics committee  There are many threats. A lot of what NRCan works on has commercial value, so there's an external threat, for sure. That's always the case.

Information & Ethics committee  There are many areas of business, such as energy, where NRCan is interesting for foreign entity or domestic reasons. It is always the nature of the business. The interesting challenge within NRCan is the open nature of the science culture. It's definitely a challenge for us to maintain the proper balance of sharing information with key stakeholders and protecting important assets.

Information & Ethics committee  It was mostly from a readiness perspective. As an IT organization, I think it's perfectly normal for us to keep up to date and stay current with the technological advances. The technology is always advancing and evolving. The threat vectors are also advancing and people get more sophisticated, so I think it's properly normal for an organization to make sure that it maintains a certain degree of technology savviness.