Brokers struggling to convince clients of the need for proper cyber security can commiserate with senior Ottawa bureaucrats, who are reporting insufficient network security in some federal departments and agencies.
From internal documents obtained by the
Toronto Star that were part of a presentation to the chief information officer on Monday, state control of the government’s IT ‘incident management plan’ was too complex, with overlapping roles and unclear ‘accountabilities.’
“In order to maximize protection of (government) systems and information,” the presentation reads, “all corporate Internet access points . . . should be migrated to (the secured network) by end of fiscal year.”
The concerns were voiced just prior to an accusation that Chinese-backed hackers attempted to infiltrate the national Research Council’s network on Tuesday.
The documents reveal that even as the government accused Chinese-backed hackers of infiltrating the National Research Council’s network on Tuesday, senior bureaucrats warned of deficiencies in Ottawa’s response to threats to federal networks.
The presentation was initially prepared following the handling of the Heartbleed bug exploit, which involved a software vulnerability that forced the shutdown of Canada Revenue Agency’s electronic tax filing system back in April.
Stephen Arthuro Solis-Reyes, a 19-year old computer science student from London, Ont., was arrested that same month for allegedly using Heartbleed to obtain the tax information of 900 Canadians. (continued.)
#pb#
The documents also suggest a number of departments and agencies are not using the government’s secure network, but are using “unauthorized” Internet connections to conduct their business. It’s not clear how many government institutions are using unauthorized connections.
Back in December of last year, the federal Justice Department launched an internal phoney phishing email scam to 5,000 employees, which had almost 2,000 staff tricked into clicking on a phoney phishing link in the email.
The emails were made to look like a genuine communication from a government or financial institution, containing a link to a phoney website that was also made to look like the real thing.
According to research from the Ponemon Institute, an estimated 156 million phishing emails are sent daily, in the hopes that someone will click on the embedded link and unwittingly transferring confidential information.
Learn about the seven aggregations of cyber risk by clicking
here.
