I guess I'll start by saying, I did work for CSE for about 12 years. I was in the cyber defence branch, so I was likely involved in these intrusions you spoke about, in some respect. That said, I no longer work for CSE and I don't want to speak on their behalf, but I'll kind of wave my hand a little bit.
You're right. There are actors around the world, both at a nation-state level and from a script kiddie—people just trying to break things—who are constantly attacking systems around the world. We're not really special—well, maybe we are special—but I think one of the challenges that a lot of organizations have is that when they get compromised, they don't really want to go and tell people because that creates negative press for them.
Essentially, what happens is that everyone ends up suffering in silence. Part of the work I did before I left CSE was to take one of the security tools that we built and open-source it, to release it to the security community so that we could actually bring up that security bar across the industry. From a transparency perspective, that's where we sit in terms of the security space.
To kind of pivot on to your question about the banks, I guess the point to that would be, I don't actually know how banks secure their systems. For me to say that I think they are in the best position to protect Canadian security would be kind of out of place. I would love it if they would be more open and honest about that, just like I would love it if Google and Facebook and all these companies would be very open and honest about how they do security things. At that point, we could all collectively bring up our security postures, and I think Canadian citizens would be a lot more trusting of all of the parts.