Feb 13, 2021
By Jeremy Logan
An internal review has uncovered weak security practices when it comes to information technology at Public Safety Canada from lax controls on the use of portable flash drives to inadequate awareness and training.
The review found employees who were no longer with the department “still had privileged access to the network” and that some current employees had unnecessary administrative access to “mission critical applications.”
The little-noticed internal audit of information technology security was completed last April and made public in July.
It called for several improvements to ensure the security and integrity of information at Public Safety, the umbrella department for the RCMP, the Canadian Security Intelligence Service, the Correctional Service and the Parole Board of Canada.
The report was completed seven months after the arrest of a director of an RCMP intelligence centre made international headlines.
Cameron Jay Ortis is charged under the Security of Information Act for allegedly revealing secrets to an unnamed recipient and planning to give additional classified information to an unspecified foreign entity.