This week, I changed much of the tech behind this site. If you see anything that looks like a bug, please let me know!

Evidence of meeting #31 for Procedure and House Affairs in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was threat.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Toni Moffa  Deputy Chief, IT Security, Communications Security Establishment Canada
Robert Gordon  Special Advisor, Cyber Security, Canadian Cyber Incident Response Centre, Department of Public Safety and Emergency Preparedness
Commissioner James Malizia  Assistant Commissioner Protective Policing, Protective Policing Branch, Royal Canadian Mounted Police
Tony Pickett  Officer In Charge, Technological Crime Branch, Royal Canadian Mounted Police

11:25 a.m.

Conservative

The Chair Conservative Joe Preston

I'll allow a quick answer.

11:25 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

I'm here as a technical expert. It's very inappropriate for me to provide any comments or suggestions in that regard.

11:25 a.m.

Conservative

The Chair Conservative Joe Preston

Thank you very much.

We'll go to a four-minute round.

Mr. Zimmer, you're starting us off.

11:25 a.m.

Conservative

Bob Zimmer Conservative Prince George—Peace River, BC

Thank you for coming today.

I asked this question at our last meeting. We ask for information and advice on how you can help us as parliamentarians, but I see this as an overall issue for Canadians in general. Canadians elected us, and we're their representatives; an attack on us is an attack on them. It can even happen in their daily lives that they're attacked or bullied or whatever you want to say.

I would ask you—you're the expert—how we would best protect ourselves from these IT threats in our jobs here and in our homes.

11:25 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

Some of the things that the CIO, Louis Bard, raised are good IT practices, many of which originate from our advice and guidance from an IT security point of view, and which would help prevent a lot of malicious activity from happening on networks or computers. Those are standards and guidance that could go a long way to making it very difficult for those seeking to do harm to do the harm that they do.

It also reduces vulnerabilities within our systems. There's no doubt that the Internet is a vulnerable place; there are many risks involved. As soon as you connect, there are risks associated with it. There are some steps to take to diminish those risks, but they will never go away entirely.

11:30 a.m.

Conservative

Bob Zimmer Conservative Prince George—Peace River, BC

Right.

I have another question. I'm sure you've dealt with the group Anonymous. I shouldn't assume that, but I want to ask you about your estimation of the membership of Anonymous. I think there are a bunch of different facets to it. There are the nefarious and there are the non-nefarious who want to be associated with the movement.

What would you say is the breakdown of serious criminal intent as part of the membership, as opposed to the number of association-seekers?

11:30 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

Unfortunately, I wouldn't be qualified to speak to their intent. What we look at is the techniques that are used by such groups and how to provide advice to prevent those things from being successful in our own systems.

So I would be unable to comment on that.

11:30 a.m.

Conservative

Bob Zimmer Conservative Prince George—Peace River, BC

Okay.

I have just one more, if I have time.

I want to know how your particular organization cooperates. How do we cooperate with other organizations overseas? How does that work, in terms of a relationship?

11:30 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

There are international partnerships with our direct counterparts, whereby we share information and technological capabilities with each other, because we have some common goals and objectives. Those would be our direct counterparts in the United States, the U.K., Australia, and New Zealand mostly—those whom we mostly deal with. More broadly, there are international groups in which we can cooperate, such as NATO.

11:30 a.m.

Conservative

Bob Zimmer Conservative Prince George—Peace River, BC

So we have an active relationship now.

11:30 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

There are venues for cooperation more broadly.

11:30 a.m.

Conservative

Bob Zimmer Conservative Prince George—Peace River, BC

Thank you.

11:30 a.m.

Conservative

The Chair Conservative Joe Preston

Thank you, Mr. Zimmer.

Madame Latendresse, you're up for four minutes, please.

April 3rd, 2012 / 11:30 a.m.

NDP

Alexandrine Latendresse NDP Louis-Saint-Laurent, QC

Thank you.

Thank you very much, Ms. Moffa, for your remarks.

Anonymous was just mentioned once again. Anonymous is not a closed group. Almost certainly, whoever posted the video on YouTube and threatened the minister probably has absolutely no connection to any hackers in the United States, Australia or anywhere else. People know that anyone can do these things using the name Anonymous, so I think it would be extremely difficult to say with any certainty that Anonymous is doing this, or that Anonymous has any such intentions. Anyone can use this label on their activities. I sometimes find it hard to determine where we are in all of this, because for now, as we heard earlier, we are talking about someone somewhere who posted a video online on YouTube.

Yes, some people who say they are from Anonymous did hack into the American federal systems, for example, but that is not what we are talking about right now.

When security breaches occur and hackers get into the American federal system, are you in contact with them to know what happened and how you can update your tools to prevent these kinds of threats? Do you have any contact with them in that regard?

11:30 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

Who do you mean, exactly?

11:30 a.m.

NDP

Alexandrine Latendresse NDP Louis-Saint-Laurent, QC

I mean the American equivalent of your agency, for example.

11:30 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

Yes, yes.

11:30 a.m.

NDP

Alexandrine Latendresse NDP Louis-Saint-Laurent, QC

When security breaches occur in the U.S., you can discuss how to improve the system with them.

11:30 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

We share our experiences, so we can help one another in order to prevent or deal with problems when they do occur in our systems.

11:35 a.m.

NDP

Alexandrine Latendresse NDP Louis-Saint-Laurent, QC

Some problems occurred recently, a few months ago, I think, or not too long ago. Do you know if this has been done since? Has there been any dialogue in order to make the systems more effective and more secure?

11:35 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

I cannot comment on that, and I certainly cannot comment on other people's experiences. That is considered classified information.

11:35 a.m.

NDP

Alexandrine Latendresse NDP Louis-Saint-Laurent, QC

Coming back to Anonymous, if I understand correctly what you are saying, nothing has been done so far by anyone who reports to you.

11:35 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

That is correct.

11:35 a.m.

NDP

Alexandrine Latendresse NDP Louis-Saint-Laurent, QC

So you are here primarily to tell us about what you could do if something were to happen in the future, for example, if a hacker tried to—

11:35 a.m.

Deputy Chief, IT Security, Communications Security Establishment Canada

Toni Moffa

We are learning about the methods they use in an effort to prevent their actions in the future.