Thank you very much for the question.
The risk aversion I'm pointing to is that it is normal for organizations that are moving through modernization to learn lessons, and we are learning some lessons. What I want to avoid is our pulling back and saying we're going to stop because a couple of things weren't done properly. We're learning from those; we're implementing, and we were thoughtful about not doing our big systems first. For example, the old age security, EI and CPP systems will come later and we will have taken the opportunity to learn from some of the smaller systems that we've moved to the cloud.
I would say your question about a whole-of-government shutdown is absolutely something that is constantly on the minds of those on this team when we think about cyber—and Sony said that very well. The cloud still allows us to have all of the protections that the Centre for Cyber Security provides. This is a unique asset we have for the Government of Canada, one that makes me feel very comfortable—a different type of asset from what I had when I worked in the private sector.
So although we have learned some things, the incredible support that we get from the cyber centre is a “compensating control”, if I can say that.