Government Operations committee  Mr. Chair, I'll quickly add in on what Canadians can do. The first thing is this: Don't reuse passwords on accounts that you really care about. In fact, don't reuse passwords. We recommend that Canadians use things like password managers, something that will autogenerate some ra

Government Operations committee  In the supply chain integrity checks, we check a number of things—the type of equipment, the vulnerability, foreign ownership control and influence, and many other aspects. Then we come up with a risk rating. If the risk rating is too high, the department, in this case Shared Ser

Government Operations committee  As Monsieur Perron has said, the Government of Canada does not have any Huawei technology operating on our networks. We put our equipment purchasing, any equipment purchased, through our supply chain integrity process.

Government Operations committee  The supply chain integrity process is there to ensure that all decisions made are made to ensure the safety and security of Canadians' information and Canadian networks and Government of Canada networks, in this case with Shared Services Canada.

Government Operations committee  In terms of the formal program, it goes back to the initial stand-up of Shared Services Canada. However, there was supply chain integrity advice given well before that, in the years leading up to it and before my involvement in cybersecurity, which has been about 14 or 15 years.

Government Operations committee  Thank you. There are a couple of things I would just add. The first one is that if the system is connected to the Internet, it has to be kept up to date. That's where our legacy environment just isn't connected in that same way. This is where a modern environment does change the

Government Operations committee  Mr. Chair, I'd actually refer back to our national cyber-threat assessment, which we issued in November 2020. We listed four states as the primary threats to Canada: China, Russia, North Korea and Iran. We mentioned that intellectual property theft is one aspect of this, but crit

Government Operations committee  It is, absolutely. In fact, that is something I said with the National Post. One of the concerns we have is that when ransomware is deployed against a victim such as a critical infrastructure provider, because of the way technology is merging together, it means that to defend the

Government Operations committee  It depends. We work with all levels of government, and we work with critical infrastructure providers. We make sure that all the information is provided and available. We try to build individual relationships with companies. In general, we have a very receptive audience. They all

Government Operations committee  No, Mr. Chair. Crown corporations have a unique status. We are able to provide the same levels of service that we do for all federal organizations. Just because of their structure, their chief executives tend to have more flexibility in terms of what they decide, more like the pr

Government Operations committee  Well, as I said, we are able to provide the full range of services that we do for the federal government. It is by far our biggest client, but those are optional for Crown corporations. They make the choice. We have made the offer to every one of them to work with them just as we

Government Operations committee  Mr. Chair, I think I'll turn to my colleague—

Government Operations committee  We're really talking about two different things, Mr. Chair. I think there's the number of data breaches that have happened. The Privacy Commissioner of Canada, in our national cyber-threat assessment where we highlight this, said that 28 million Canadians last year had their info

Government Operations committee  I think that would be a pretty unlikely scenario, to be frank, because that wasn't what we saw happening here. We saw Canadians being impersonated in this activity where they were using their legitimate credentials, so essentially logging in as them. I think that's kind of my ove

Government Operations committee  That's a great question, and you have the right group here. It's the tripartite that would really look to say how we would make sure the government is robust. Marc would lead that as the CIO for the government. So yes, the answer is that, in some cases, legacy does work in our fa