Thank you.
The Auditor General, in her recent ArriveCAN report, has made some damning revelations about cybersecurity related to your department, as follows: “There were deficiencies in the testing of the ArriveCAN application” and “Cybersecurity testing completed by resources” that were “not security-cleared or identified on task authorizations”. Further, the Auditor General found that some of the “resources that were involved in the security assessments” did not have the proper “security clearance”.
Minister, how can we be assured that your government has the security of Canadians as their highest priority when companies that are being contracted to provide cybersecurity on your priorities are not even being cleared for security clearance? Can you guarantee to Canadians that none of their personal information using the ArriveCAN app was compromised by these companies that did not have security clearance?