Canada throws money at cybersecurity shortcomings
The Canadian government has unlocked $155 million in funding to bolster cyber security, just as the Auditor General issued a negative report.
In its Fall 2012 report, the Auditor General found that the government has failed to deliver on key promises made in 2001, when it said that it would partner with private sector organizations to protect critical national infrastructure (CNI). These partnerships have not been established in all sectors, and coverage is incomplete.
"This lack of progress limits Public Safety Canada's ability to communicate with critical infrastructure owners and operators," said the Auditor General's report.
Some of the $155 million, announced in mid-October by Vic Toews, Public Safety minister, will go to the Canadian Cyber Incident Response Centre, but $13.4 million will be spent on bringing the Canadian Cyber Incident Response Centre (CCIRC) up to par. Launched seven years ago to collect and disseminate cyber threat information, it is still not operating on a 24/7 basis as originally intended, said the report, and many stakeholders still fail to understand its role.
The extra money will increase staffing from seven to 23 and get it running 15 hours per day, seven days per week.
Although the Canadian Cyber Security Strategy, announced in 2010, drew the issue into clear focus, it too has suffered from a lack of follow-through, said the Auditor General. It does not yet have an action plan to guide its implementation, said the report, which called for an interdepartmental action plan to help get things done, and monitor progress.
Not including the latest funding round, the Canadian Government has earmarked $780 million in funding since 2001 for security agencies where CNI protection was one of the goals, according to the report. The Auditor General could not find out how much was specifically earmarked for guarding CNI.