Evidence of meeting #31 for Procedure and House Affairs in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was threat.
A recording is available from Parliament.
11:25 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
I'm here as a technical expert. It's very inappropriate for me to provide any comments or suggestions in that regard.
11:25 a.m.
Conservative
The Chair Conservative Joe Preston
Thank you very much.
We'll go to a four-minute round.
Mr. Zimmer, you're starting us off.
April 3rd, 2012 / 11:25 a.m.
Conservative
Bob Zimmer Conservative Prince George—Peace River, BC
Thank you for coming today.
I asked this question at our last meeting. We ask for information and advice on how you can help us as parliamentarians, but I see this as an overall issue for Canadians in general. Canadians elected us, and we're their representatives; an attack on us is an attack on them. It can even happen in their daily lives that they're attacked or bullied or whatever you want to say.
I would ask you—you're the expert—how we would best protect ourselves from these IT threats in our jobs here and in our homes.
11:25 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
Some of the things that the CIO, Louis Bard, raised are good IT practices, many of which originate from our advice and guidance from an IT security point of view, and which would help prevent a lot of malicious activity from happening on networks or computers. Those are standards and guidance that could go a long way to making it very difficult for those seeking to do harm to do the harm that they do.
It also reduces vulnerabilities within our systems. There's no doubt that the Internet is a vulnerable place; there are many risks involved. As soon as you connect, there are risks associated with it. There are some steps to take to diminish those risks, but they will never go away entirely.
11:30 a.m.
Conservative
Bob Zimmer Conservative Prince George—Peace River, BC
Right.
I have another question. I'm sure you've dealt with the group Anonymous. I shouldn't assume that, but I want to ask you about your estimation of the membership of Anonymous. I think there are a bunch of different facets to it. There are the nefarious and there are the non-nefarious who want to be associated with the movement.
What would you say is the breakdown of serious criminal intent as part of the membership, as opposed to the number of association-seekers?
11:30 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
Unfortunately, I wouldn't be qualified to speak to their intent. What we look at is the techniques that are used by such groups and how to provide advice to prevent those things from being successful in our own systems.
So I would be unable to comment on that.
11:30 a.m.
Conservative
Bob Zimmer Conservative Prince George—Peace River, BC
Okay.
I have just one more, if I have time.
I want to know how your particular organization cooperates. How do we cooperate with other organizations overseas? How does that work, in terms of a relationship?
11:30 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
There are international partnerships with our direct counterparts, whereby we share information and technological capabilities with each other, because we have some common goals and objectives. Those would be our direct counterparts in the United States, the U.K., Australia, and New Zealand mostly—those whom we mostly deal with. More broadly, there are international groups in which we can cooperate, such as NATO.
11:30 a.m.
Conservative
11:30 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
There are venues for cooperation more broadly.
11:30 a.m.
Conservative
The Chair Conservative Joe Preston
Thank you, Mr. Zimmer.
Madame Latendresse, you're up for four minutes, please.
11:30 a.m.
NDP
Alexandrine Latendresse NDP Louis-Saint-Laurent, QC
Thank you.
Thank you very much, Ms. Moffa, for your remarks.
Anonymous was just mentioned once again. Anonymous is not a closed group. Almost certainly, whoever posted the video on YouTube and threatened the minister probably has absolutely no connection to any hackers in the United States, Australia or anywhere else. People know that anyone can do these things using the name Anonymous, so I think it would be extremely difficult to say with any certainty that Anonymous is doing this, or that Anonymous has any such intentions. Anyone can use this label on their activities. I sometimes find it hard to determine where we are in all of this, because for now, as we heard earlier, we are talking about someone somewhere who posted a video online on YouTube.
Yes, some people who say they are from Anonymous did hack into the American federal systems, for example, but that is not what we are talking about right now.
When security breaches occur and hackers get into the American federal system, are you in contact with them to know what happened and how you can update your tools to prevent these kinds of threats? Do you have any contact with them in that regard?
11:30 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
Who do you mean, exactly?
11:30 a.m.
NDP
Alexandrine Latendresse NDP Louis-Saint-Laurent, QC
I mean the American equivalent of your agency, for example.
11:30 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
Yes, yes.
11:30 a.m.
NDP
Alexandrine Latendresse NDP Louis-Saint-Laurent, QC
When security breaches occur in the U.S., you can discuss how to improve the system with them.
11:30 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
We share our experiences, so we can help one another in order to prevent or deal with problems when they do occur in our systems.
11:35 a.m.
NDP
Alexandrine Latendresse NDP Louis-Saint-Laurent, QC
Some problems occurred recently, a few months ago, I think, or not too long ago. Do you know if this has been done since? Has there been any dialogue in order to make the systems more effective and more secure?
11:35 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
I cannot comment on that, and I certainly cannot comment on other people's experiences. That is considered classified information.
11:35 a.m.
NDP
Alexandrine Latendresse NDP Louis-Saint-Laurent, QC
Coming back to Anonymous, if I understand correctly what you are saying, nothing has been done so far by anyone who reports to you.
11:35 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
That is correct.
11:35 a.m.
NDP
Alexandrine Latendresse NDP Louis-Saint-Laurent, QC
So you are here primarily to tell us about what you could do if something were to happen in the future, for example, if a hacker tried to—
11:35 a.m.
Deputy Chief, IT Security, Communications Security Establishment Canada
We are learning about the methods they use in an effort to prevent their actions in the future.