I'm not sure I'd use the words “totally protected”, but we can manage those risks. Canada, and particularly the federal government in Canada, has a good process. We have a proven risk assessment methodology. In fact, the Government of Canada process is so good that I often use it with private sector clients.
What it comes down to is the application of what we know. If we correctly architect systems, correctly design systems, perform risk assessments, take seriously the guidance provided for our lead agencies in that space, if we look at, for example, the controls that are suggested by the Communications Security Establishment and ITSG-33, we can build systems that are quite secure and that certainly provide the level of security needed to protect this level of information.