Government Operations Committee on May 25th, 2020

Thank you very much.

We'll now go to Mr. Aboultaif, for six minutes, please.

Good afternoon, Minister. I hope you are keeping well with your family.

There was a story that came out showing hundreds of thousands of credentials being hacked from Zoom. There was a story also about Skype, some actual videos being stolen for external analysis where the users were unaware.

We've been using Zoom, as well as other methods such as Skype. How are we protecting sensitive information from being hacked or communicated over video chat? How are we making sure that sensitive information is not going into the wrong hands?

First, we understand that during a time of pandemic there are always those who look to take advantage of the crisis, and we're taking every precaution to ensure that Canadians and our systems are protected.

You refer to Zoom. In particular, I understand that the House of Commons is using zoom for virtual Parliament. It's widely known to be an insecure application, of course, but it is not used in the public service nor with Parliament for anything that is required to be confidential. It is only for matters that can be discussed and dealt with in the open that Zoom and that type of public tool are appropriate.

We have been providing guidance to public servants on what the appropriate tools are for which type of activity in supporting Canadians.

Minister, a lot of public servants are working from home, from politicians to everyone else. Different departments are operating from homes and there is some sensitive information being exchanged back and forth.

Are you aware of any sensitive information being leaked, or have you received any complaints of any kind or any reports of such an incident?

Mr. Aboultaif, I'll ask my officials to add to my answer because they will have more information about details, but I am not aware of any breaches.

We have rapidly increased the capacity of the secure networks to be able to support the public servants working from home. In fact, before this pandemic emergency, an average number of secure remote connections at a single point in a day was about 40,000. We are now up to 200,000 such connections, which means that there was a very fast and very effective transition to public servants working from home through secure networks. There have also been secure cloud-to-ground networks created for other types of specific work.

It's an important question and I think the public servants have been doing a great job to protect the integrity—

Minister, was any cybersecurity assessment done before we used Zoom, and since when has any Zoom application been used by the government in any capacity?

The answer is yes. Zoom is being used by government employees but only in circumstances where their communications are public, or can be public. For anything that is restricted or confidential, Zoom is not used. The chief information officer provides clear guidance on that, and again, I invite my officials to add.

I know in this format it's a little more difficult, but if there is anything they have to add, I welcome that.

Paul.

I have a quick question.

Definitely there were some breaches—I will verify—if I understood correctly the minister's aide. Was there any exchange of intelligence with other partners such as the Five Eyes, for example, on incidents happening to us or happening elsewhere within our allies?

Please give a very brief answer.

We're continually monitoring, and yes, the Centre for Cyber Security, which my ministry is a partner in, works closely with the Five Eyes to identify threats.

Thank you very much.

We'll now go to Mr. MacKinnon for six minutes, please.

Thank you, Mr. Chair.

I'm delighted to see my colleague the minister and the people who are with her today.

I'm extremely proud of what these people have been able to accomplish in terms of resources, having visited Shared Services Canada. The progress we're seeing at Shared Services Canada is quite remarkable. So, Madam Minister, I want to acknowledge the success of the men and women at Shared Services Canada who have provided public servants with access to the secure networks and technological tools they needed to maintain services to citizens during this crisis. I know that Shared Services Canada has often been the target of criticism, but this time it is showing us the way forward. We are very proud of what these people have been able to accomplish.

I'm sure my colleagues don't always appreciate that we highlight the success stories here, Madam Minister, but I think it's important that the women and men of our public service are recognized for the incredible work they have done.

There's a lot of talk lately that everyone is going to be able to work from home. We'll be able to empty all of our downtowns and no one will ever have to go back to the office again.

Minister, you've been working very hard on technology-enabled workplaces. That's work that goes on with Public Services and Procurement Canada as well, with respect to enabling flexibility, enabling unassigned workplaces and enabling the kinds of workplaces that we're really going to need going forward, and doing so in part using technology. Maybe we could have the benefit of your thinking on that.

Thanks, Mr. MacKinnon.

There has been certainly commentary in the public about the emergency we've been responding to with so much increase in digital tools and secure digital tools, and how that will translate into changes post-COVID. We are certainly thinking about what might be a strategy for going forward post-COVID.

I think we've all been surprised, and pleasantly surprised, as you mentioned, by how quickly we as a government were able to continue to serve Canadians, and not just that, ramp up service. As we know, almost a million Canadians applied for the CERB on day one.

I see this as a continuum. From 2018's budget of over $2 billion over five years there has been a very concentrated effort to have a more integrated approach to our information storage use and our digital government. That was an SSC budget. There has been a half a billion dollars put into the whole arena of cybersecurity and the creation of a collaborative approach to cybersecurity, which is really serving us very well as a government right now. On some of those building blocks of addressing the old data centres and migrating them, I think about 40% have now been migrated to modern data centres and the cloud.

Some of these fundamental pieces that may have not been given the attention they deserved over the years have really been a key focus of this government, which is what the ministry of digital government is all about. It's to continue focusing on better serving Canadians. Really, what we know is that it just is not good enough if the only channels the public has to get service from their government is through downloading PDFs and faxing documents, or potentially standing in line and waiting to see someone.

We've moved it into the modern era.

I know Mr. Chair's going to cut me off very soon, but I just want to perhaps point out or even ask.... We've spent a lot of time doing things as basic as putting WiFi into the new GC workplace standard, so that public servants across departments can collaborate and come together in new, modern workplaces and are able to use technology to unleash creativity. That's going to be an important part of the mix going forward as well. I'm just wondering if you have any closing thoughts on that, if we have any time left.

Unfortunately, we do not have any time left.

All right.

Since there was an open-ended question, Minister, if you care to respond to Mr. MacKinnon, I would ask you to do so in writing as soon as possible and send that response to our clerk.

That's excellent.

Ms. Vignola, you have the floor for six minutes.

Thank you Mr. Chair.

Good evening, Ms. Murray.

Indeed, the pivot that employees performed in recent months has been dramatic. Nonetheless, we will have many questions in this regard.

On May 8, the Acting Chief Information Officer told the committee that there was ongoing monitoring of the federal government network by the Communications Security Establishment.

What are the greatest risks, the major threats, to the federal government network? How is the federal government mitigating these risks and threats?

Thank you for that question, Madame Vignola.

I think one key is that we have an integrated approach to threats. There may have been a previous day when each of the ministries had to deal with its cybersecurity threats. We have a very collaborative approach right now, and that's through the Canadian Centre for Cyber Security.

One example of how this works well is in the creation of the new benefits, which happened so quickly, for example the emergency response benefit. There are cybersecurity officials who are monitoring that application to make sure there are no vulnerabilities and there are no attacks that succeed in disrupting our service.

It's a very collaborative approach. Each of the ministries has a clear and separate responsibility with respect to preventing and responding to cybersecurity threats and attacks. I think it has been working very well.

In your speech, you referred to fraudulent websites that were copying Government of Canada sites. How many of these websites have been detected? Were they all shut down?