* Canada lacks round-the-clock incident response center
* Government has already promised more money for security
* Report follows 2011 hacking incident
By Andrea Hopkins
Oct 23 Canada's response to cyber threats has
been slow and incomplete, the federal Auditor General said in a
report on Tuesday that cited bad communication and part-time
monitoring as weaknesses in the nation's computer and
infrastructure security system.
The federal Conservative government has made limited
progress in patching cracks in the security of Canada's physical
and information technology network since a cyber attack crippled
the Finance Department and Treasury Board in 2011, Auditor
General Michael Ferguson said.
Ferguson criticized poor monitoring of threats, noting the
Canadian Cyber Incident Response Center is still not operating
24 hours a day or seven days a week, as was intended when the
center was set up seven years ago.
"This restriction on operating hours can delay the detection
of emerging threats and the sharing of related information among
stakeholders," the report concluded.
The report comes nearly two years after the government was
forced to shut down Internet access in key departments after
servers linked to China infiltrated computer systems at the
Finance Department and Treasury Board. The January 2011 attack
was linked with attempts to gather data about a potential
takeover of Potash Corp of Saskatchewan, the world's
biggest fertilizer producer.
The opposition Liberals seized on the report as evidence the
government has not done enough to shore up security after the
"Cyber criminals ... don't keep bankers' hours. I wonder why
the government of Canada should be keeping those hours when
cyber criminals are working 24 hours a day?" Liberal leader Bob
Rae said in Parliament.
Prime Minister Stephen Harper said his government has
accepted the recommendations in the report and would spend more
to improve security.
"The Auditor General's general conclusion ... is that the
government has made progress in securing its systems, in
improving communications and in building partnerships with
owners and operations of critical infrastructure, but there is
more work to be done," Harper told Parliament.
"The government is continuing to make investments to deal
with these problems."
Canada is trying to shore up protection for the country's
infrastructure and IT assets, including government information
systems and private-sector players who operate pipelines, power
plants, broadcasters, banking systems and manufacturing and
The annual report from the federal spending watchdog is the
first audit of the government's cyber-security strategy, which
it launched in 2010.
The report said the government will spend another C$13
million ($13.2 million) over the next five years to boost
monitoring at the response center to 15 hours a day, seven days
a week, still a far cry from the round-the-clock coverage
The government, which receives advance copies of the Auditor
General report, said last week that it will spend an additional
C$155 million over five years on cyber security, raising
speculation the report would be damning.
The report comes less than a week after U.S. Defense
Secretary Leon Panetta said cyberspace is the battlefield of the
future, with attackers already going after banks and developing
the ability to strike U.S. power grids and government systems.
U.S. banks and financial institutions have been under
sustained attack in recent weeks by suspected Iranian hackers
thought to be responding to economic sanctions aimed at forcing
Tehran to negotiate over its nuclear program.