A new report from Canada's auditor general says the federal government has made only limited progress toward improving cyber-security and protecting the country's critical infrastructure.
Auditor General Michael Ferguson looked at Canada's response to cybersecurity threats among other topics in his annual fall report. (Adrian Wyld/Canadian Press) In his latest report, released Tuesday in Ottawa, Michael Ferguson says his investigators found weaknesses in the mechanisms Ottawa has set up to counter a cyber attack.
Ferguson says progress was slowest between 2001 and 2009, when threats to vital government and private sector computer networks were rapidly evolving. He says the situation has improved since 2010, when the government announced a cyber-security strategy and a plan to protect critical infrastructure.
Still, Ferguson warns, Ottawa's coverage is incomplete. He singles out the Canadian Cyber Incident Response Centre (CCIRC) for scrutiny. It was established in 2005 with a mandate to share information about cyber security and monitor more threats around the clock.
Ferguson says that never happened. The centre today operates during business hours, Monday to Friday with a staff member on call after hours. The report notes the government plans to extend the centre's hours and keep it open seven days a week. But Ferguson's report questions whether that will be sufficient.
"As CCIRC is not operating around the clock, there is a risk that there will be a delay in the sharing of critical information linked to newly discovered vulnerabilities or active cyber events reported to CCIRC after operating hours.
The report also points out that while CCIRC is supposed to share information about cyber threats across federal government departs as well as with the provinces and the private sector, there have been breakdowns in communication. When auditors interviewed owners and operators of private sector infrastructure, they found some had never heard of CCIRC.
The report also found that in one case when federal government computers came under attack by hackers, "the CCIRC was not notified by the affected departments until more than one week after the intrusion was discovered, contrary to procedure."
And it says since CCIRC transferred responsibility for protecting government information systems to Communications Security Establishment Canada (CSEC) in 2011, CSEC has not been providing CCIRC with timely information about its findings.
More to come
Anda sedang membaca artikel tentang
Cyber-security gaps remain, auditor general says
Dengan url
http://politikduniabarat.blogspot.com/2012/10/cyber-security-gaps-remain-auditor.html
Anda boleh menyebar luaskannya atau mengcopy paste-nya
Cyber-security gaps remain, auditor general says
namun jangan lupa untuk meletakkan link
Cyber-security gaps remain, auditor general says
sebagai sumbernya
0 komentar:
Posting Komentar