Overview
- Tabled in Parliament on Oct. 21, Auditor General Karen Hogan reported significant gaps in federal cybersecurity services, monitoring and incident response, and the responsible agencies agreed to her recommendations.
- Not all federal organizations follow the same security policies, and CSE reported uneven deployment of its defence sensors, creating coverage gaps across networks, systems and devices.
- Shared Services Canada and the CSE lack a current, comprehensive inventory of government devices, with an SSC effort launched in 2017 still unfinished.
- Insufficient information sharing slowed the government’s reaction to a major January 2024 cyberattack, allowing prolonged access to personal information, and a planned collaboration and incident case management platform had no funding at the time of the audit.
- In separate audits, Hogan found poor Canada Revenue Agency call-centre performance, military housing in disrepair and insufficient supply, and 35 long-term drinking water advisories persisting in First Nations communities.