That means investment.
Evidence of meeting #56 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was departments.
A video is available from Parliament.
Evidence of meeting #56 for Public Accounts in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was departments.
A video is available from Parliament.
5:10 p.m.
Associate Head, Canadian Centre for Cyber Security, Communications Security Establishment
Yes—as we have in the past as well with our cyber-defence services.
5:10 p.m.
Conservative
The Chair Conservative John Williamson
Thank you very much.
Two more members will be asking questions.
Mr. McCauley, you have the floor for five minutes.
5:15 p.m.
Conservative
Kelly McCauley Conservative Edmonton West, AB
Thanks, Chair.
Mr. Hayes, I want to go back to you. In paragraph 7.19, you mentioned that you can't report some findings publicly “because doing so [would] reveal vulnerabilities” and pose a national security risk—which is fine—and said “we...reported them directly to the departments”.
Do you have assurances from the departments that these items will be addressed? Also, are these departments reporting back to you that these issues are being addressed?
5:15 p.m.
Deputy Auditor General, Office of the Auditor General
Yes. The departments responded to us on our recommendations, and we will be going back in to follow up to make sure that they are addressed. That was one of the reasons we wanted it in the report: so that it was completely transparent and you could ask us whether we have done our job.
5:15 p.m.
Conservative
Kelly McCauley Conservative Edmonton West, AB
Is there a timeline on when they have committed to address this issue?
5:15 p.m.
Deputy Auditor General, Office of the Auditor General
Based on the recommendation we made, there was an importance to act immediately. At this point in time, I don't think there was a specific time frame in the response, but we will be looking at whether or not actions have been taken.
5:15 p.m.
Conservative
5:15 p.m.
Deputy Auditor General, Office of the Auditor General
It was a monitoring and oversight kind of issue from the central agency perspective.
5:15 p.m.
Conservative
Kelly McCauley Conservative Edmonton West, AB
Okay.
One of my colleagues in the House had an Order Paper question about data breaches. It came back with, like, 2,400 pages of data breaches suffered by the government. This was in November 2021, a year and a half ago. Could any of these data breaches be directly linked to perhaps some of the shortcomings that you've identified in our security around it?
5:15 p.m.
Deputy Auditor General, Office of the Auditor General
I'm not in a position to say that. I guess what I would say in response is that the importance of preventing, detecting and acting is one of the points of emphasis from our report. Part of being in a position to be able to do that is making sure that the controls that have been established are being put in place and the monitoring and oversight are being done effectively. That is the posture that needs to be taken.
5:15 p.m.
Conservative
Kelly McCauley Conservative Edmonton West, AB
Okay.
Ms. Luelo, you mentioned that we need to spend more money to stop falling further behind. How much? Have you identified this solely for TBS or are you speaking on behalf of Mr. Perron, who needs more money as well, or department wide...? How much money?
5:15 p.m.
Deputy Minister, Chief Information Officer of Canada, Treasury Board Secretariat
In terms of a dollar value, from an overall government perspective I think the digital spend that we do is substantial, and the largest issue we have is around delivery against the work that we've committed to do. I would suggest that it is less about spending more money on digital and more about being more focused and prioritized in which digital work needs to go, applying the right resources to it and—
5:15 p.m.
Conservative
Kelly McCauley Conservative Edmonton West, AB
I'm sorry. Did I hear wrong? I thought I heard from you that we need to invest more and spend more money to stop falling further behind.
March 30th, 2023 / 5:15 p.m.
Deputy Minister, Chief Information Officer of Canada, Treasury Board Secretariat
We need to invest more consistently. The funding model.... The way that government funds, at least to my understanding—and I'm by no means an expert—is on annual rolling basis or a programmatic view. It is also done in a very decentralized way, and that is where I would say we have challenges.
From a spend perspective, to just double-click on what Rajiv said, we do need to continue to spend in the cybersecurity, and we do need to be able to spend on skills. All of that together is the spend envelope, but we do not have a forecast, if that's the question you're asking.
5:15 p.m.
Conservative
Kelly McCauley Conservative Edmonton West, AB
Okay.
Let me just ask you this. The main estimates just came out. Was there satisfactory money in there for what we need to do from your department?
5:15 p.m.
Associate Head, Canadian Centre for Cyber Security, Communications Security Establishment
From a cyber centre perspective, budget 2022 did provide a significant amount of money to CSE.
5:15 p.m.
Associate Head, Canadian Centre for Cyber Security, Communications Security Establishment
From a cloud perspective, a lot of the monitoring we do is directly proportional to the transition or migration of departments to the cloud. As the departments migrate to the cloud, our needs will potentially grow, but currently we are able to monitor....
5:15 p.m.
Conservative
Kelly McCauley Conservative Edmonton West, AB
I have just one last question. I'm not sure, but maybe it's for Mr. Perron
The data centres have been discussed at OGGO meetings for seven years. I remember Mr. Parker coming in and describing the data centres.
Explain this to me in simple terms. Are we migrating some of the data over to the cloud? If so, are there money savings that should be experienced in the data centres, or is this apples and oranges?
5:15 p.m.
President, Shared Services Canada
Thank you for the question, Mr. Chair. It's very complicated, but I think I will start the answer.
When we close legacy data centres and bring these workloads into an enterprise data centre, yes, there are savings, because the scale and infrastructure in the enterprise data centre give us better reliability and security.
5:20 p.m.
Conservative
5:20 p.m.
Conservative
The Chair Conservative John Williamson
Give me one second, Mr. McCauley.
You're past your time. I'm going to let Mr. Perron speak, but, if you interrupt, I will cut the time.
Mr. Perron, I know you said it's a complicated answer, so you have the floor for about 30 seconds.
Thank you.
5:20 p.m.
President, Shared Services Canada
We try to avoid what we call “lift and shift” by taking a workload from a legacy data centre and bringing it to the cloud. There is an element of modernization, and there is a business there. I think, as my colleague explained a bit earlier, the analysis of each case depends on the effort we'll put into the modernization and how we are going to spread.... I think I can provide you with more, if you are interested.
In the last supplementary estimates C, we had savings in PSPC, which funded its transfer back to SSC. That's because we are consuming less space and closing legacy data centres. Thus, there are savings with the consolidation—at least within the infrastructure.
Thank you.