It is an architecture problem. The Financial Administration Act of Canada gives deputy ministers and the CEOs of Crown corporations the authority to decide if whether or not they will be part of the cyber‑defence program provided by the federal government. We believe that this is a significant weakness.
We're only as strong as our weakest link.
Our cyber‑defence system is well regarded nationally and internationally; it's a very solid system. However, if a cyber‑attack is launched on a department, agency or Crown corporation that is not protected by our defence system, that could be used as a gateway into the entire governmental system.
That's the reason we are recommending that the federal government amend The Financial Administration Act in order to require that all organizations and Crown corporations be protected by the system provided by Shared Services Canada and the Communications Security Establisment.