Thanks for the question. I think I actually said that, although I also said that being turned off makes it the most secure network.
I think there are a few elements to that.
The password is something that has changed quite a bit. We are relooking at our password advice for that exact reason. More than changing passwords, we also encourage people to look at a second factor of authentication, so a little token that generates a random number. For some people, sometimes it's a message that says “Type in this code” when they're logging into a new device, etc. Turning on a second factor is actually a key cybersecurity element. For those of you with Twitter or Facebook or any social media accounts, you should all be using your second factor of authentication to log in, and we should be applying that to all of the systems in government.
Periodic password advice is something that made a lot of sense when you had only two passwords and two systems to log into, or one. I lost count at 90 of the number of passwords I have in my personal, private and professional life. I stopped counting. We are looking at how to balance security and convenience. Also, people tend to use easy passwords when there are so many. It's something that has to be looked at.