The federal government has been slow to boot up an effective response to the rapidly growing threat of cyber-attacks on crucial systems, Canada's auditor general says.
In a report Tuesday, Michael Ferguson says the government has made limited progress in shoring up vital computer networks and has lagged in building partnerships with other players.
The federal cyber-incident response centre does not operate around the clock, the report says.
It says the shortcomings have left key networks - such as the one that ensures employment insurance benefits are delivered on time - exposed to attack.
Assaults that crippled computer systems at the Finance Department and Treasury Board in January 2011 have been linked to efforts - possibly originating in China - to gather data on the potential takeover of a Canadian potash company.
Ferguson said the cyber-attack cost taxpayers "several million dollars" in repairs, overtime and lost productivity.
A lessons-learned exercise after the intrusion revealed "ongoing vulnerabilities to government systems" and showed that restricted information was being stored on unsafe networks, the report says.
Officials told the auditor general that the threat from malicious hackers was evolving more quickly than the government's ability to keep pace.
Ferguson said the issue is important because computer-based systems form the backbone for much of Canada's critical infrastructure, including the energy, finance, telecommunications and manufacturing sectors as well as government information systems.
"Cyber-threats are real, cyber-threats are going to exist and you can't eliminate them," he told a news conference.
"But it's important for the government, in terms of its own systems, to make sure that they understand the types of threats and that they can be in front of them as far as possible."
Elsewhere in Tuesday's report, Ferguson found:
? National Defence and Veterans Affairs failed to inform injured ex-soldiers about their rights to benefits.
? Finance Canada has not published long-term projections of the effect of budget decisions on government revenues and debt.
? Planned changes to the old age security system will save government about $10 billion a year by the time they're fully implemented in 2029, the first time any such projection has been released.
? National Defence is falling perilously behind in the maintenance of its properties, including failures to meet fire-code regulations.
But the problems with cyber-security were the centrepiece of Ferguson's fall report to Parliament.
The auditor general looked at the activities of 11 federal agencies, including Public Safety, Treasury Board, the RCMP, the Canadian Security Intelligence Service and the Communications Security Establishment, the secretive electronic spy organization that is supposed to help secure systems.
Seven years after the Canadian Cyber Incident Response Centre was created to collect, analyse and share information about threats among various levels of government and the private sector, many were "still unclear" about the centre's role and mandate, says the report.
Further, the centre was still not operating on a 24-hour-a-day, 7-day-a-week basis, as originally intended, shutting down weekdays at 4 p.m. Ottawa time and closing for the weekend. The government plans to extend those hours to 9 p.m., seven days a week.
"This Conservative government is recklessly ill-prepared to protect sensitive information from cyber security threats," Liberal public safety critic Francis Scarpaleggia said.
