Government Operations committee  I can answer the first part of that question, Mr. Chair. The CRA has been proactively using different methods and third parties to look for signals that accounts have been identified and potentially compromised. This is anything from, again, going back to the capabilities where

Government Operations committee  Unless Scott knows the exact date, we would have to get back to you on the specifics. I've certainly been aware of it for many years. I've been here since 2016, but I couldn't specify an exact date.

Government Operations committee  Mr. Chair, to my knowledge, there have been no significant data breaches related to cyber-activity since the pandemic started. There was the credential stuffing incident from last summer, which as Mr. Jones talked about, wasn't a breach of our systems; it was people accessing the

Government Operations committee  I'm sorry. Please define “blocks”, as in—

Government Operations committee  On the technical aspects, maybe Mr. Perron or Mr. Jones would like to comment.

Government Operations committee  That they stop, yes.

Government Operations committee  Under the current model, if you had all services accessible under a single credential and that credential was compromised, there would obviously be an increased risk. What we're doing to address that is making sure this is bound not just through a credential but through a true di

Government Operations committee  I will answer the question first. I'll explain the difference between technical debt and legacy system risk. First, the older the systems, the more expensive it is to maintain them. It's like buying a car and not putting oil in the engine: sooner or later, you'll have to replac

Government Operations committee  The principle behind OneGC is that we don't want Canadians to have to try to understand and decode all of the government bureaucracy machinery behind it, and really have a single window for all services to Canadians. That's Canada.ca. To enable that to the next level, to take it

Government Operations committee  I can answer that. You are referring to the credential stuffing attack that took place last summer. The identities of some Canadians were stolen by other sources. We don't know what those sources are specifically, but we do know that there were other events that affected the Can

Government Operations committee  I'll let my colleague Mr. Jones answer that question.

Government Operations committee  There were some companies on the Government of Canada network that were using SolarWinds software, but because of our infrastructure and the capacity of Shared Services Canada and the Communications Security Establishment, they were able to determine what was going on and find th

Government Operations committee  Mr. Chair, my office is the one that publishes what we call the DOSP. If it's okay, I can start, and then I'm sure the other members will have more to add.

Government Operations committee  Thank you. The DOSP is a document that is updated every year. It provides a three-year integrated management plan for service, information, data and cybersecurity. The current DOSP has been updated and refreshed to reflect the accelerated digital transformation. I t's made up

Government Operations committee  Thank you, Mr. Chair. It's a pleasure to be with the committee again. I'm pleased to be joined today by Aaron Snow, the chief executive officer of the Canadian digital service, along with my colleagues from the Communications Security Establishment and Shared Services Canada. A