Health committee  I think there are a lot of important elements. First, we do have advice and guidance for Canadians who are working from home with regard to the things they can do. In using Zoom, for example, as we are right now, you can be a lot more secure by using lobbies, waiting rooms, word passcodes and things like that, so that you can't be “Zoom-bombed”—the tool of the time—or something like that.

Health committee  I think one aspect we really look at is how to layer in multiple levels of cybersecurity. From my perspective, every piece of technology has some level of vulnerability. We really look to offset that. If one product doesn't work the way you expect, how do you layer it in? I'll use the example of my work device here, which is connected over VPN.

Health committee  I think it's very important, as I mentioned in my opening statements, to have cybersecurity designed from the start to understand what threats can be faced. Unfortunately, when we look at an application, typically we look at the benefits. We also need to look at how it can be misused from a cybersecurity perspective.

Health committee  Thank you for the question, Mr. Chair. There are actually many different ways we're working on to deal with this. Maybe Chief Superintendent Flynn would like to jump in as well, from the RCMP perspective. The first thing is that for anything that looks like it's impersonating the Government of Canada, we've been very active in trying to make sure that we are protecting both the brand and the integrity, so we're taking those offline very quickly, to the point where a lot of times that's happening before Canadians can fall victim to it.

Health committee  Good afternoon and thank you, Mr. Chair and committee members, for the invitation to appear today to discuss cybersecurity during the COVID-19 pandemic. As mentioned, I'm Scott Jones and I am the head of the Canadian Centre for Cyber Security at the Communications Security Establishment.

Government Operations committee  One of the things that we've really been looking at is that we're a net contributor. Because of our defence with the government, we contribute quite a bit of value to the cybersecurity ecosystem in the world. Our partners around the world value that. In fact, we're one of the top one or two contributors in a lot of things, so we do contribute quite a bit, and we get stuff back as well.

Government Operations committee  We continue to work with our partners. That's a decision that the government will take into account when it makes its decision. For us, we continue to see no change in our sharing.

Government Operations committee  One of the things for us is that we see no change in the sharing between all of our international allies, including what we share with them on cybersecurity.

Government Operations committee  I can't speak to what other countries have said. For us, we continue to build strong partnerships with our international partners, and that will be part of the decision.

Government Operations committee  One of the things for me is to always show that we provide strong value to our allies. Hopefully they'll see that we have really unique cybersecurity information that we share with them constantly.

Government Operations committee  Predominantly, we were looking for anybody who would try to impersonate the Government of Canada and, for example, set up a CERB-like site that looks to fake out Canadians, to pretend that it is CERB—

Government Operations committee  No, it is a cyber-threat, because they're using that as part of phishing. They use it to lure Canadians into revealing their private or confidential information. The second piece that we do look for, though, is that is we look to make sure we're ready to defend against denial of service attacks, so that the site remains up and available for Canadians.

Government Operations committee  We look to make sure that we evaluate every individual product and company on its own basis and then we try different mitigations, depending on where it comes from.

Government Operations committee  There are different risks. One of the things that we look for is—

Government Operations committee  For example, we look to see where the products are coming from, where they're being built, where the software is being written. In general, for most of this equipment it's not really a physical hardware issue; it's mostly software. Software right now is being written around the world.