The Treasury Board is responsible for establishing the required policy framework within the Government of Canada with respect to the management and security of computer systems and networks.
Departments are responsible for protecting sensitive information and assets, such as computer and related systems, in accordance with Treasury Board policies.
Under the government security policy, the Royal Canadian Mounted Police, RCMP, is identified as a lead agency in physical and information technology security. The RCMP has been providing basic security advice to departments for many years which no doubt has reduced the number and impact of the occurrences of the theft of entire computer systems and components. In addition to the ongoing advice and guidance to departments in the areas of physical security and information technology security, the following specific measures have been taken:
Departments are encouraged to consult with the Treasury Board Secretariat, TBS, on matters of computer security and meetings are held with departments following the theft of computers or components. While TBS can work with departments to help establish additional methods of securing government assets and information, a theft should be reported to the RCMP in order for an investigation to be conducted.
The Deputy Comptroller General Branch at TBS is responsible for the policy of security for government assets. A document entitled “Guide to the Review of Material Management” is posted on the department's web site located at www.tbs-sct.gc.ca under Contract, Material and Risk Management. The main objectives of this policy are focused on the reduction of physical losses, optimizing the utilization of resources and ensuring value for money.
A guidance document entitled a “Guide to minimizing computer theft” was issued in June 1997 and is available at the RCMP's Internet site.
A RCMP investigator was seconded to the Ottawa-Carleton regional computer component theft team.
Each federal government department has a departmental security officer to deal with the RCMP. This individual is responsible for security issues particularly with respect to personnel and information technology.
Departmental security officers are members of an association that allows them to consult and share information on security issues. Each officer also reports to their respective deputy minister to keep him or her updated on matters of security.
A number of physical security devices were tested in government to lock down systems and prevent systems from being opened. For instance, computers can be bolted down to desktops.
One hundred per cent security is unattainable in any setting, nor would it be desirable because of prohibitive cost. We feel that with departments implementing the advice provided, component theft will be kept under control.