The Office of the Auditor General of the Canada revealed in an audit made public October 23 that "the cyber threat environment is evolving more rapidly than the Canada government´s ability to keep pace".
The objective of audit on "Protecting Canadian Critical Infrastructure Against Cyber Threats" of the "2012 Fall Report of the Auditor General of Canada" was to determine whether:
1. selected federal departments and agencies are helping to secure Canada’s critical infrastructure from cyber threats by leading and coordinating activities in partnership with provinces, territories, and the private sector;
2. leadership roles and responsibilities for securing information systems that are important to the operation of the Government of Canada are clear and are being fulfilled as intended;
3. prevention and preparedness efforts required to protect Canada’s critical infrastructure against cyber threats are successfully in place.
Since 2001, the Government of Canada has made commitments to address the cyber threats to Canada’s critical infrastructure. Despite several past strategies and funding, the Canada´s progress in achieving these commitments has been slow.
However, since 2010, with the announcement of Canada’s Cyber Security Strategy and of the National strategy and action plan for critical infrastructure, the government has made progress in securing its systems against cyber threats and in improving communications and building some partnerships with owners and operators of critical infrastructure.
Today, despite the Government of Canada’s commitments and investments in system security, cyber incidents were not reported in a timely manner and cyber threat information was not properly shared with appropriate departments.
Hereinafter, the audit recommendations:
- Public Safety Canada should develop an interdepartmental action plan with deliverables and timelines for Canada’s Cyber Security Strategy (2010) to guide the implementation of the strategy and measure progress.
- Public Safety Canada should ensure that all sector networks are fully established and operating as outlined in the National strategy and action plan for critical infrastructure so that they can be an effective tool in helping to secure critical infrastructure in order to deliver the objectives of Canada’s Cyber Security Strategy.
- Public Safety Canada should increase the Canadian Cyber Incident Response Centre’s ability to maintain situational awareness of cyber threats to Canada’s critical infrastructure and to increase the Centre’s ability to communicate this information to critical infrastructure owners and operators.
- Treasury Board of Canada Secretariat, in cooperation with Shared Services Canada, should update relevant policies and plans to reflect the new information technology security roles and responsibilities of Shared Services Canada.
Read the chapter about "Protecting Canadian Critical Infrastructure Against Cyber Threats" here:
Cross-posted from Stefano Mele