A new report from Auditor General Karen Hogan paints a grim picture of Canada’s ability to defend itself against cyberattacks, saying the federal government’s systems remain fragmented, slow to respond, and years behind on basic security tasks.
Hogan’s audit, tabled in the House of Commons, found that while Ottawa has the tools to protect its networks, “important gaps remain in cyber security defence services, monitoring and response during active cyber attacks.”
The report reveals that 119 of 204 federal departments and agencies aren’t even required to use cybersecurity services provided by Shared Services Canada (SSC) and the Communications Security Establishment (CSE). Some agencies have voluntarily opted in, but the result, according to Hogan, is a “fragmented cyber security landscape” that puts sensitive government data and citizen information at risk.
Coordination failures among key departments also slowed down Ottawa’s response to a recent “major attack” on a federal department, delaying action by seven days and allowing hackers extended access to public servants’ personal information. The Auditor General found that efforts to improve collaboration and case management “have yet to receive funding.”
The report also slammed Shared Services Canada and the Communications Security Establishment for failing to maintain an accurate list of federal IT devices—ranging from laptops and smartphones to servers—making it harder to monitor or secure them. Work on this basic inventory began in 2017 and is now expected to drag on until at least 2027.
“Malicious actions, external events, and attacks involving the Canadian government’s digital systems are becoming more sophisticated and frequent,” Hogan warned on Tuesday. “A coordinated and comprehensive approach to the government’s cyber security posture, better collaboration and a current inventory of IT assets are key to safeguarding Canadians’ information and maintaining their trust in government IT systems.”
Reacting in a joint statement, Joël Lightbound, Minister of Government Transformation, Public Works and Procurement and Minister responsible for Shared Services Canada, and Shafqat Ali, President of the Treasury Board, said, “Cyber security is not only a technical responsibility—it is a national priority and a key pillar of public trust in government institutions.”
“We welcome the Auditor General’s recommendations, which provide valuable insight as we continue to strengthen the Government of Canada’s cyber defences. These findings build on the significant progress our government has made to modernize and secure the digital systems that support essential programs and services for Canadians,” added the broad statement that somehow praises themselves.
Want to see more of our stories on Google?
P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!
