Public Accounts Committee on April 23rd, 2013

Thank you for the question.

The first point I would make is that the 15-7 is meant to cover our time zones from coast to coast. That's the first point, if you were wondering why we picked up 15. The second point I would make is that we tried to strike a balance between good user resources and providing that responsive service. We felt that 15-7 plus 24-hour phone line accessibility did that. The third point I would briefly make is that in that period that we've now augmented our capacity, there hasn't been a phone call that came in that would have indicated to us that there's a challenge, so we haven't faced that situation.

I'm looking to my colleague here, but I'm not aware of any calls. Until it doesn't work, I would suggest that we're equipped right now to give a good response to calls, should they come in.

Thank you for the question.

Mr. Chair, may I go back for a second to the earlier statement that things must have changed a lot in 20 years? When I was doing science and I was testing my abilities vis-à-vis my staff when they were briefing me on cyber-issues, I made reference to my having learned Fortran and APL. They shook their heads as if I were in a different world. Yes, things have changed a lot. I'm not even sure those languages exist anymore.

Going back more specifically to the question, the third pillar of our cyber-strategy deals with empowering Canadians to take the right action. I find in the question a very important statement to be understood. It goes back to the earlier question as well about rules and responsibilities. There are a lot of us around the table and there's a reason for this. We all have a piece of the action on cyber-safety, cyber-security. What's true in government is also true in our society. We need the private sector—big, small, medium—our colleagues from the provinces and territories, and we need each and every Canadian. The third pillar addresses that very point, and I think it's fair to say that we have a very active campaign on cyber-safety that speaks to each and every Canadian. In my words, “tricks” or things have been provided that they should be affording themselves.

Members of the committee will probably know, as a result of background, that 80% of Canadians are now online, either for business reasons or social reasons, so there is exposure there. The government is not there to do and tell them everything, so there is an empowerment component to the cyber-strategy that is quite important. We have a campaign and we have put money into that campaign, but at the end of the day it's for each and every Canadian to also assume their responsibilities, and rightly so.

If I may, Mr. Chairman, I'll ask Madam Clairmont to answer.

In terms of awareness, on Public Safety's website we have what we call “Get Cyber Safe”. It's a website where citizens can look at various things they can do to keep themselves safe. We are of the same mind as you are in the sense that it is a partnership. It requires the private sector, levels of government, and also our citizenry.

In addition, we're linked to “Stop. Think. Connect.”, a cyber-awareness program that is co-sponsored in part by some private sector companies in the U.S. The Department of Homeland Security also offers citizens opportunities to assess their cyber-risk profile.

Thank you for the question; I appreciate it. Yes, Shared Services Canada's mandate clearly outlines the steps we need to take to secure the infrastructure. So we've already started consolidating that infrastructure across the 43 departments, harmonizing the practices and the approaches that are taken in every department to secure those systems.

As you can imagine, before our creation every department would do what they could in their own ways at different levels of spending and of effort. Clearly now we're able to do this horizontally to ensure consistency, and also to ensure compliance with standards that are established through the Treasury Board. That is an important step forward.

Now we're also redesigning those services to have security by design to embed security principles, to embed security throughout the means by which those services inside the government will be consumed, and that's been fairly important.

Finally I would add that on the procurement side we've enhanced the security requirements that exist with the prospect of being able to secure both the goods and services that we purchase as a government through the department. That will enhance our ability to deploy and ensure the safety of that equipment and the services that leverage it.

To my knowledge, the 10 networks are active. The Auditor General's observations were related to a certain point to the fact that the sectors were not all equal.

We are currently working on developing a document that will provide directions, because not all these sectors were managed by Public Safety Canada. We chair an intersectorial table, where members come and we can coordinate our work, but different sectors are managed by different departments. Therefore, we are developing a guide that will be ready in December 2013. A draft version will be available in June 2013. It will help the various departments ensure that the sectors are complete and that the activities in those sectors are as well.

The sectors also have a certain responsibility. It is not just incumbent upon the government to gather these people together; they must also create the links they need within their sector to ensure they are well represented. So we are going to increase the number of meetings because I think it is important. These sectors do not work only on cyberspace, but also in terms of general infrastructure. We are going to increase the weight given to the cyberspace issue in these infrastructure tables.

We are doing what we need to with respect to the Auditor General's observations, which we feel were appropriate in that area.

I guess the issue was: are all the members of the various sectors participating in the sector networks?

One thing we're doing, which we're on track to finish in June of this year, is to reach out to the sectors and to the departments that are involved with them, and ascertain whether they have the correct membership on each of the sector networks. That work is under way—just to confirm that.

Yes, absolutely we will. It's a partnership, though, so we'll want to consult with the sectors, with private sectors, to see who they think is most appropriate. Absolutely, our role is to coordinate these things and make sure they happen, and that's what we're doing.

Yes.

If I may, Mr. Chair, Mr. Gordon will answer that one.