Canada-China Relations committee  The one thing with cybersecurity is that it's a constantly changing environment. I would say that in this last year we've seen a large number of changes in the environment, and some of the things [Technical difficulty—Editor] the SolarWinds incident, for example. Also, product vu

Canada-China Relations committee  Thank you, Mr. Chair. When this issue came to light, we worked with Global Affairs. However, in this case I'm going to have to get back to you to confirm exactly when that happened, because I think you're asking about a specific time. I just want to make sure I give you an accur

Canada-China Relations committee  There are a few aspects to that. That specific incident was something we call an out-of-band patch alert. Microsoft was issuing something outside of the normal process. Normally, that's called Patch Tuesday, and so that immediately draws attention. From a cybersecurity agency per

Canada-China Relations committee  Thank you for the question, Mr. Chair. When we're talking about managed service providers, it's really the people that many companies rely upon to provide those services which makes them a very lucrative intelligence target. In the case that you mentioned, where the government

Public Safety committee  That's actually an issue that's near and dear to my heart. One of the things that we face in Canadian telecommunications infrastructure—and some more detail could probably be provided by colleagues at Innovation, Science, and Economic Development—is that our infrastructure tends

Public Safety committee  Yes.

Public Safety committee  I think there are a few things. We are taking quite a bit of action to try to raise that bar on cybersecurity, some them very public and some of them private. We are doing things. We have things that we call “strategic mitigation plans”, which directly address the threats mention

Public Safety committee  It's a program that's in place now. It can be looked at that way, but at a rate that is affordable for a small or medium-sized organization to attain. The ISO standards tend to be unaffordable for other than the largest organizations.

Public Safety committee  Absolutely, we know about them. It's always good to see any organization stand up. We have never claimed to have a monopoly on innovation or on addressing this problem. We try to come humbly to the table with our knowledge, knowing that others have expertise and will come at the

Public Safety committee  This is going to come across as a little bragging. These organizations all existed. Public Safety Canada, for example, had the Get Cyber Safe campaign ahead of time. At CSE we've had the IT security branch since the late forties or early fifties, primarily based on cryptography b

Public Safety committee  A bit of some of that might touch on some classified issues, but I can certainly talk about it and hope I answer your question fully. There are a few things. Typically, what we're talking about here is that the way the Internet routes itself is that it works on what is the cheap

Public Safety committee  Absolutely. We started with the telecommunications sector, where we see from a cybersecurity perspective that they're the root of so much, but then we've expanded that into the energy sector, particularly concentrating on the electricity sector from coast to coast. So we do have

Public Safety committee  That's a great question because it's something that we face in the government all the time. It really comes down to accessibility. Does every Canadian have the technology necessary to access using facial recognition? It's not foolproof. It is one factor. We always say there are

Public Safety committee  Absolutely, it's a much higher hurdle to jump over than if you have a simple and easily guessed password and you reuse your password.

Public Safety committee  I'll have to stick to the cyber advice, which would be our expertise. First, if you do see something, whether it's a text message that seems to be spam or an email, report that. There are various ways to do it to your service providers. If you fill in 7726, which spells “SPAM” o