Thank you, Mr. Chair.
I want to start with the scope of this. If you take the NORAD facility as an example, this is a major breach. You said this was a mistake. The problem is that it isn't just a security issue; it's also an issue in terms of the trust and support that we have with our allies and NORAD. When they're turning to us to work with them, if things that should have been classified....
You're saying that, in retrospect, this was an error and it should have been classified. I find it hard to believe that when we're dealing with a NORAD facility there would have been any other conclusion other than it should be classified. That hurts us. It hurts us not just in terms of a security risk, but also in terms of working with our NORAD partners.
I'm confused now because the comments of Colonel Day seem to indicate that there was a mistake in the classification of the facility, the Canadian Joint Incident Response Unit in Trenton, and that should have perhaps been classified.
There was a definitive statement that the NORAD incident was a mistake. Perhaps in the incident where this was thrown in the garbage, the Canadian Joint Incident Response Unit blueprints should have been classified. But in the Auditor General's audit, we found that 99% of the security requirements checklists were not completed, were not done.
So it's not as if this is a one off. If we start with 99% not being done, should there not be an assessment being done in all of those instances, before contracts are awarded, especially if it's for something like a NORAD facility? But in general, is that not something that should be done? Is there a commitment to take us from 99% to zero?