OTTAWA – Canada needs a central government authority for assessing IT security threats and coordinating effective risk management across the country, attendees of IT World Canada and founding sponsor Symantec’s GovSym public sector conference were told Wednesday.
Speaking as part of a panel discussion on cyber-crime and threat detection, the notion of a new intra-government organization was proposed by Ken Holmes, senior economic advisor at Public Works and Government Services. Holmes said such an organization would not only facilitate information sharing but conduct audits and reviews of plans or budgets related to cyber-security challenges. This organization could also serve as a central information and training centre where various government departments can share or exchange resources, he said.
“All the government IT people are doing the right things – they’re doing assessments, they’re putting in policies and programs,” he said. “The hole that needs to be filled is for a central authority coordinated with federal departments and key industries.”
Audience members at GovSym pointed out that to some extent, Public Safety and Emergency Preparedness Canada (PSEPC) is already beginning to perform that kind of function to federal departments, but Holmes suggested there are a number of incidents that continue to fly under the radar within the Canadian public sector. Recently, for example, Holmes said he received a message purportedly from the U.S. Treasury Department that was clearly a phishing attack.
“With all these bailouts, there’s a lot of money going around,” he pointed out. On the citizen side, Canada Revenue Agency recently reported a phishing scheme that attempted to lure users to share personal information for nefarious purposes.
The increased challenges around protecting public information comes as citizens demand greater electronic access to government services, experts at GovSym said. However, many citizens remain paranoid about the measures taken to protect them, said David Wallace, CIO for the City of Toronto. Wallace discussed a recent project by Canada’s largest city to include RFID tags that track the large garbage bins that were distributed to residents. Although the RFID tags were merely intended to assist with inventory purposes, Wallace said some Torontonians were immediately suspicious.
“They thought we were going to monitor their ‘data,’” he said, referring to the trash collected in the bins. “There was a real misperception, although we got past that. There’s a great deal of paranoia out there.”
At the same time, citizens are looking at governments to provide the kind of online experience offered them by private industry, said Symantec CIO David Thompson, who gave the keynote speech at GovSym. Thompson used the example of recent trip he took to Asia, where he realized he wanted to pay his property taxes. It didn’t take long before he was able to pull up his account information, make the necessary payment and move on. This would have taken place around 2:00 a.m. local time in San Francisco, where Thompson resides.
“Open access offers more freedom and the ability to enable more self-service,” Thompson said, adding that such accessibility also increases the potential risk exposure. “We’re seeing a significant shift from protecting the infrastructure to protecting the information itself.”
Besides hackers, phishing schemes and other external threats, attendees admitted that a great deal of the internal threats from government employees are creating questions around what kind of IT security policies will protect information while making working within the public sector bearable for new recruits. Wallace wondered aloud whether it was really feasible to monitor every government employee’s keystrokes, while others pointed out the range of personal devices that were coming into public sector organizations.
“This is the PC of the future,” said Daniel Larocque, vice-president of the Canadian public sector division of Open Text Corp. “The plus side is you can’t necessarily store as much information on this as you could on a PC.”
The one-day GovSym wrapped up on Wednesday.