Evidence of meeting #9 for Government Operations and Estimates in the 43rd Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was digital.
A video is available from Parliament.
5:10 p.m.
Conservative
The Chair Conservative Robert Gordon Kitchen
Thank you.
We will now go for a minute and a half to Ms. Vignola. I think, Ms. Vignola, you might get five extra seconds.
5:10 p.m.
Bloc
Julie Vignola Bloc Beauport—Limoilou, QC
Okay.
Earlier, you were talking about the fact that one of the big obstacles you face is fear of change.
Have you tapped into public servants' expertise to find solutions to this type of issue, that is, fear of change and others that come to mind?
If we want public servants to have the reflex to recognize an issue when they see one, rather than have them say, well, if I saw it then someone else will surely see it too, the best way is to include them in the solution and work openly with them.
Do you work openly with public servants to resolve the issues you encounter when rolling out new technologies?
5:10 p.m.
President, Shared Services Canada
Just briefly in response to the member's question, the ITSN tool we're using is from BDM, which is one of the Gartner magic quadrant companies.
The short answer to the second question is that, yes, we are tapping into all sources. Again, my approach is that we don't have all the answers. We need to work with people who have done this, and we try to bring them in so they feel as though they are part of the solution. It is being done with them, not to them. We strike advisory committees, for example, on NextGen, with people who have done pay transformations in other large private sector companies. We work closely with the unions and with employee groups to help guide us so that we're learning from those who've done it, and we're learning from the people who have to do it and who are going to have to live with it, to make sure it's a user-centric but also an informed approach.
5:10 p.m.
Conservative
The Chair Conservative Robert Gordon Kitchen
Thank you, Ms. Vignola. One minute and 35 seconds goes by very quickly in questions and answers.
Mr. Green, you have one minute and 35 seconds.
5:10 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Thank you very much, Mr. Chair.
Breaking news on Reuters today is that Amazon's web services are seeing widespread outages. What is the contingency when our vendors, such as potentially Amazon, crash on a global scale?
5:10 p.m.
Acting Chief Information Officer of Canada, Treasury Board Secretariat
Do you want me to take a crack at that, Paul?
5:10 p.m.
Acting Chief Information Officer of Canada, Treasury Board Secretariat
I think part of our resiliency and our disaster recovery is not to be dependent on any single infrastructure or any single environment. The cloud offers an opportunity like never before, where it's very easy to stand up a parallel environment on the Amazon web services in one of our end-state data centres or in the Azure Cloud environment. Therefore, we would not be vulnerable to any one single point of failure. That's a critical aspect.
5:10 p.m.
NDP
Matthew Green NDP Hamilton Centre, ON
Given the vulnerabilities, we've heard a lot about Huawei and 5G and a lot of real hysteria around that, rightly or wrongly.
My question to you is whether there are any perceived vulnerabilities we might have from, say, friendly eyes peeking into our vulnerable data, given the back doors that are also in some of the American companies you've already talked about.
November 25th, 2020 / 5:10 p.m.
Acting Chief Information Officer of Canada, Treasury Board Secretariat
For all security matters, we have standards that define the requirements for different levels of protection of information. On the personal information and operational information it is Protected A, B and C, and on the national security side it's classified secret and top secret. For each one of those categorizations, we specify the minimum requirements.
Even for protected information, information about Canadians, we require encryption and different controls to make sure no one can access that data except the right people. Those controls are there for that reason, and I'm confident in them.
5:15 p.m.
Conservative
The Chair Conservative Robert Gordon Kitchen
Thank you, Mr. Green, and thank you for the answer.
We will now go to Mr. Paul-Hus.
You have three minutes.
5:15 p.m.
Conservative
Dane Lloyd Conservative Sturgeon River—Parkland, AB
I think I'll take that tying on for Mr. Paul-Hus.
On the question on quantum computing, there is a significant number of risks we're seeing. As you said earlier, everything can be decrypted, and I do recognize that there are some leading companies in Canada that are working to address these challenges.
On another line of questioning, I was asking the minister about the threat to the supply chain when we start to distribute the COVID-19 vaccines. What efforts are being taken to protect the supply chain to ensure that organized crime or possibly even state actors are not using malware or ransomware to really seize up our system and basically hold us for ransom? I see a huge potential here. It's been raised to me by stakeholders.
5:15 p.m.
President, Shared Services Canada
In response to the previous question, also part of the strategy is no single points of failure and redundancy.
With respect to this question, I was afraid you were going to ask that, and I don't want to jinx it. We are very good in this space. We block literally billions of attacks. We are one of the few governments that have not been subject to ransomware. We catch them in the firewall, and we have been able to stop them. I don't want to jinx it, and I don't want to say we are perfect, but we have some of the best security postures in terms of how we design the network and the protection on it. I think our track record speaks for itself.
5:15 p.m.
Conservative
Dane Lloyd Conservative Sturgeon River—Parkland, AB
I certainly hope so, but that leads me to ask questions related to the CERB hack that happened on the CRA website this summer. Why was it that the Government of Canada's systems weren't capable of preventing people from going into people's CRA accounts and applying for CERB, changing their banking info and basically stealing money from Canadians? Where was the failure there, and how are we working to address that?
5:15 p.m.
Acting Chief Information Officer of Canada, Treasury Board Secretariat
One of the large challenges of the credential stuffing attacks is that they are reusing credentials taken elsewhere and impersonating a valid Canadian. From the system's perspective, they are going through the system in a normal way; they aren't going through a back door. There were no compromises. There was a slight exploitation on the CRA system in the early phase that was addressed, but since then, all of the patterns were people impersonating other Canadians.
We were able to see them because we looked for patterns at the back end of those behaviours. For example, large amounts of failed log-ins give us a hint that someone is trying to brute-force the system. We don't see that they've broken in, but we do see that there are signs that they are trying. That allows us to do the forensic research to determine if there were any fraudulent transactions on the system.
5:15 p.m.
Conservative
The Chair Conservative Robert Gordon Kitchen
Mr. Lloyd, I'm sorry. That's three minutes.
Mr. MacKinnon, you have three minutes.
5:15 p.m.
Liberal
Steven MacKinnon Liberal Gatineau, QC
Thank you, Mr. Chair.
I will go back to what I was saying at the beginning to Madam Minister.
Clearly, Shared Services Canada has come a long way in terms of network access, cloud computing, desktop software, data centre migration, and more.
Mr. Glover, you and your team have done an enormous amount of work compared to how things were several years ago. In two minutes, tell us where you are headed now. What are the organization's key priorities as you look to the future, especially post–COVID-19?
5:15 p.m.
President, Shared Services Canada
Thank you for the question and for your kind words.
I am grateful to you for that.
For us, moving forward, we have a document. It's available publicly. It's called SSC 3.0. It aligns with the minister's digital vision. It clearly lays out what we believe were the priorities before COVID, and it was reaffirmed during COVID. These continue to be our priorities moving forward.
First, it's what you've talked about and asked me about today. It is the network. In order to be digital, in order to be connected and in order to do what we're doing today, we need a good network, and not a good network but a great network, a commercial great network that functions like a utility.
In order to be digital, public servants and Canadians need to be able to access this. It's all about the connectivity in the network, and we need to make sure that we have one of the best, because it is being stressed each and every day. We have to deal with the legacy stuff we inherited, fix it, replace it, modernize it and move to simplified, standardized, software-defined zero trust networks moving forward. That's job one.
Job two is the collaboration tools and things like Microsoft Teams, Office 365 and Zoom to make sure that public servants have the tools they need. When we were created eight years ago, it was about email. It's not about email anymore. It's about Dropbox. It's about OneDrive. It's about cloud. People interact differently.
If you talk to the younger generation, you'll know that they don't send emails. They wouldn't know what emails are. We need to make sure that we give them the tools they need to be able to do their job. That includes voice-over-Internet. That includes video.
These things are collapsing, and we need to give them the tools they need. The inspectors who are out walking the field need connectivity. They need access on mobile devices so they can do their jobs. We need to equip the public service with the tools they need to serve Canadians.
Finally, with respect, it was said that SSC was all about closing data centres. No, it's not. We are going to close data centres. We did a record number last year, and I will keep closing them, but as Marc said earlier, it's about the health of the applications in there. I don't want to close a data centre and move crappy applications. We want to move good applications. It doesn't make any sense to take an old, outdated application and move it into the cloud. It's still an old, outdated application.
We will close data centres. We want to move them to end state, because that responds to MP Green's question on no single points of failure and redundancy. Those data centres have redundancy built into them. If one goes down, it goes to the other. We have to focus on what the departments do, and that's the health of their applications moving forward.
Those are the three areas. They served us very well through COVID. They accelerated what we were doing. We continue to believe that those are the right things, and we want to do those, as the minister said, in utilizing an enterprise approach.
No more negotiating with 42 departments. We work with the OCIO to set standards. We ask for their guidance and direction and then we do it, and we do it in a way that works. We create a process for exemptions when the enterprise approach doesn't work; I don't want to leave anybody with the impression that it's a one-size-fits-all all the time. As was said, we don't want to be reliant on one vendor for everything, and we know that one solution will not always work for all departments. We need to start with the common and then move to exceptions.
5:20 p.m.
Conservative
The Chair Conservative Robert Gordon Kitchen
Thank you, Mr. Glover. I appreciate that.
That ends our rounds of questioning.
I'd like to thank all the witnesses for showing up and appearing today and answering. We appreciate your coming on. You're welcome to sign off at this point in time. Thank you all for returning.
We have a little bit of committee business here to attend to before we adjourn, so I just ask the committee to bear with us for a little bit.
Committee, please bear in mind that we are still sitting in a public meeting while we're doing this business today, just so that you're aware of that and remember that as we discuss things.
There are two things that I'd like to cover. One is the vote on the main estimates, and two is the revised work plan on the COVID-19 pandemic.
The order of reference for the committee to study the main estimates expires on Friday, November 27, 2020. If the committee feels it has completed its consideration of the main estimates, then we can proceed to taking a decision on the votes that were referred to the committee.
In all, 23 votes in the main estimates for 2020-21 were referred to the committee. Unless anyone objects, I will seek the unanimous consent of the committee to group the votes together for a decision.
Is there unanimous consent to proceed in this manner?
5:20 p.m.
Some hon. members
Agreed.
5:20 p.m.
Conservative
The Chair Conservative Robert Gordon Kitchen
Shall all votes referred to the committee in the main estimates 2020-21 carry?
CANADA POST CORPORATION
Vote 1—Payments to the Corporation for special purposes..........$22,210,000
(Vote 1 agreed to on division)
CANADA SCHOOL OF PUBLIC SERVICE
Vote 1—Program expenditures..........$64,350,979
(Vote 1 agreed to on division)
CANADIAN INTERGOVERNMENTAL CONFERENCE SECRETARIAT
Vote 1—Program expenditures..........$5,531,372
(Vote 1 agreed to on division)
CANADIAN TRANSPORTATION ACCIDENT INVESTIGATION AND SAFETY BOARD
Vote 1—Program expenditures..........$30,034,773
(Vote 1 agreed to on division)
DEPARTMENT OF PUBLIC WORKS AND GOVERNMENT SERVICES
Vote 1—Operating expenditures..........$2,316,072,146
Vote 5—Capital expenditures..........$1,587,143,543
(Votes 1 and 5 agreed to on division)
NATIONAL CAPITAL COMMISSION
Vote 1—Payments to the Commission for operating expenditures..........$66,609,096
Vote 5—Payments to the Commission for capital expenditures..........$23,749,549
(Votes 1 and 5 agreed to on division)
OFFICE OF THE GOVERNOR GENERAL'S SECRETARY
Vote 1—Program expenditures..........$20,021,968
(Vote 1 agreed to on division)
OFFICE OF THE PARLIAMENTARY BUDGET OFFICER
Vote 1—Program expenditures..........$6,520,482
(Vote 1 agreed to on division)
OFFICE OF THE PUBLIC SECTOR INTEGRITY COMMISSIONER
Vote 1—Program expenditures..........$5,045,978
(Vote 1 agreed to on division)
PRIVY COUNCIL OFFICE
Vote 1—Program expenditures..........$148,367,516
(Vote 1 agreed to on division)
PUBLIC SERVICE COMMISSION
Vote 1—Program expenditures..........$78,358,024
(Vote 1 agreed to on division)
SENATE
Vote 1—Program expenditures..........$79,715,174
(Vote 1 agreed to on division)
SHARED SERVICES CANADA
Vote 1—Operating expenditures..........$1,674,997,553
Vote 5—Capital expenditures..........$286,370,379
(Votes 1 and 5 agreed to on division)
TREASURY BOARD SECRETARIAT
Vote 1—Program expenditures..........$254,165,851
Vote 5—Government contingencies..........$750,000,000
Vote 10—Government-wide Initiatives..........$31,030,279
Vote 20—Public Service Insurance..........$2,171,215,724
Vote 25—Operating Budget Carry Forward..........$1,600,000,000
Vote 30—Paylist Requirements.........$600,000,000
Vote 35—Capital Budget Carry Forward..........$600,000,000
(Votes 1, 5, 10, 20, 25, 30 and 35 agreed to on division)
Shall I report the votes back to the House?
5:20 p.m.
Some hon. members
Agreed.