Public Accounts committee  I would like to add as well that in terms of our assessment of the CSPs, the cloud service providers, we do look at international standards such as ISO FedRAMP in the United States, as well as SOC 2 Type 2 reports, which are required in terms of the assessment process. We make su

Public Accounts committee  Hello. Thank you, Mr. Chair, and members of the committee, for the invitation to appear for the study of the Auditor General of Canada's report to Parliament on “Cybersecurity of Personal Information in the Cloud”. My name is Rajiv Gupta, and my pronouns are he and his. I'm the

Public Accounts committee  Thank you very much. As mentioned earlier, the Learning Hub is based at the Cyber Centre and provides training to improve the cybersecurity of Canada’s government and critical infrastructure organizations. During the 2021-22 fiscal year, the learning hub renewed its collaborati

Transport committee  From a CSE perspective, we have [Technical difficulty—Editor] in defensive cyber-operations that we have both legislation and the capability to perform.

Transport committee  Within Canada from the cyber centre perspective, we have not seen that uptick in attacks against Canadian infrastructure.

Transport committee  We engage these sectors regularly. We work with them. They are incredibly engaged in terms of the briefings we are giving. I feel they are definitely working and listening to the threat advisories we're putting out in terms of the enhanced vigilance and the effort to secure their

Transport committee  It's very difficult to rate from one to 10. I wouldn't be able to do that. What I will say is that they are engaged; they're competent; we know they're working on it. We're not a regulator, so I don't know exactly how they're mitigating their risks. What I do know is that they

Transport committee  I can start, Mr. Chair. We work on a voluntary basis. We certainly encourage all Canadian entities to report immediately to us. We're here to help and we're very happy to hear of them. In terms of what has happened in the U.S., we're definitely going to be working with our col

Transport committee  I'd probably turn that over as more of a policy question.

Transport committee  Mr. Chair, I'm unfamiliar with the index that the member is referring to, unfortunately.

Transport committee  Most importantly to me is that we start implementing the basics of cybersecurity right across the country. It's foundational, and it applies to every type of threat there is, whether it's Russia, ransomware, cybercrime or hacktivism. We've put out baseline advice and guidance jus

Transport committee  We work very closely with our provincial partners. I recently met with all of the provincial CISOs, chief information security officers, across Canada. We have good, collaborative efforts, and we really see this as a collaborative effort to be able to increase the cybersecurity i

Transport committee  I can answer, Mr. Chair. In our ransomware threat assessment we did highlight the links between Russia and some criminal organizations in saying that they were able to operate with relative impunity in the countries in which they operate.

Transport committee  I'd note that it's not a product of the cyber centre. I'm not entirely aware of it. I'm certainly up to speed on the products that we put out from the cyber centre. We put out our cyber-threat assessment and we update our advice and guidance regularly within the cyber centre's

Transport committee  I can start, Mr. Chair. Absolutely, as you've pointed out, highlighting that Colonial pipeline is important. We certainly took that incredibly seriously as well, and it was aligned with what we had predicted in our cyber-threat assessment. In December we went on a ransomware ca