(Reuters) - Canada’s response to cyber threats has been slow and incomplete, the federal Auditor General said in a report on Tuesday that cited bad communication and part-time monitoring as weaknesses in the nation’s computer and infrastructure security system.
The federal Conservative government has made limited progress in patching cracks in the security of Canada’s physical and information technology network since a cyber attack crippled the Finance Department and Treasury Board in 2011, Auditor General Michael Ferguson said.
Ferguson criticized poor monitoring of threats, noting the Canadian Cyber Incident Response Center is still not operating 24 hours a day or seven days a week, as was intended when the center was set up seven years ago.
“This restriction on operating hours can delay the detection of emerging threats and the sharing of related information among stakeholders,” the report concluded.
The report comes nearly two years after the government was forced to shut down Internet access in key departments after servers linked to China infiltrated computer systems at the Finance Department and Treasury Board. The January 2011 attack was linked with attempts to gather data about a potential takeover of Potash Corp of Saskatchewan, the world’s biggest fertilizer producer.
The opposition Liberals seized on the report as evidence the government has not done enough to shore up security after the 2011 incident.
“Cyber criminals ... don’t keep bankers’ hours. I wonder why the government of Canada should be keeping those hours when cyber criminals are working 24 hours a day?” Liberal leader Bob Rae said in Parliament.
Prime Minister Stephen Harper said his government has accepted the recommendations in the report and would spend more to improve security.
“The Auditor General’s general conclusion ... is that the government has made progress in securing its systems, in improving communications and in building partnerships with owners and operations of critical infrastructure, but there is more work to be done,” Harper told Parliament.
“The government is continuing to make investments to deal with these problems.”
Canada is trying to shore up protection for the country’s infrastructure and IT assets, including government information systems and private-sector players who operate pipelines, power plants, broadcasters, banking systems and manufacturing and transportation systems.
The annual report from the federal spending watchdog is the first audit of the government’s cyber-security strategy, which it launched in 2010.
The report said the government will spend another C$13 million ($13.2 million) over the next five years to boost monitoring at the response center to 15 hours a day, seven days a week, still a far cry from the round-the-clock coverage originally planned.
The government, which receives advance copies of the Auditor General report, said last week that it will spend an additional C$155 million over five years on cyber security, raising speculation the report would be damning.
The report comes less than a week after U.S. Defense Secretary Leon Panetta said cyberspace is the battlefield of the future, with attackers already going after banks and developing the ability to strike U.S. power grids and government systems.
U.S. banks and financial institutions have been under sustained attack in recent weeks by suspected Iranian hackers thought to be responding to economic sanctions aimed at forcing Tehran to negotiate over its nuclear program.
Reporting By Andrea Hopkins; Editing by Stacey Joyce; and Peter Galloway