Auditor General finds cybercrime understaffed | #cybercrime | #infosec

The AG’s office estimated that almost one-third of positions across the government were vacant

Article content

OTTAWA — Canada’s Auditor General has found the RCMP and other agencies tasked with dealing with cybercrime are under equipped and under-resourced to deal with crimes that are generating millions in profits to criminal gangs.

“We found breakdowns in response, coordination, enforcement, tracking, and analysis between and across the organizations responsible for protecting Canadians from cybercrime,” reads the Auditor General Karen Hogan’s report tabled in Parliament Tuesday morning.

Advertisement 2

Article content

The auditor looked closely at the RCMP, Communications Security Establishment Canada, CRTC and Public Safety to see how they were handling the issue.

It found the RCMP were significantly understaffed.

“We estimated that almost one third of positions across all teams were vacant. In our view, having a plan to reduce human resource gaps across all responsible organizations is an important component of an updated National Cyber Security Strategy,” reads the report.

Hogan said the RCMP isn’t doing enough to figure out why people are leaving and why they are failing to attract new talent, though money does seem to be a central issue.

“RCMP officials told us that compensation was the main reason for these staffing challenges. The officials also told us that individuals doing the same cybercrime technical work in the private sector were typically paid more.”

Hogan took data from the Canadian anti-fraud centre, a joint project of the RCMP, Competition Bureau and Ontario Provincial police received reports of more than $500 million in fraud last year, a number that is only predicted to grow. She said it’s likely only about five to 10 per cent of crime is actually reported.

Article content

Advertisement 3

Article content

Hogan described a complex process where cybercrimes today are reported to multiple different departments that often don’t communicate well together. She pointed to the Communications Security Establishment Canada, which took in about 10,000 reports last year.

CSEC,, Canada’s digital spy agency, is tasked with securing the networks of large federal government departments, critical infrastructure and can help private firms with cyber attacks, but they are not meant to investigate Canadians personal cyber crime issues.

She said roughly half of those 10,000 cases were found not to be within CSEC’s mandate, but the department didn’t follow up with many of those reports and redirect them to the right agency.

“We would have expected that they would have told those folks, you need to report this to a different place or pass it along to the organization that could have helped deal with their issue, but what we found is in 2,000 cases an individual never heard back,” Hogan said talking to MPs after the report was released.

She said that silence is unfair to Canadians who just want their issues properly addressed.

Advertisement 4

Article content

“Canadians are gonna find it confusing and probably frustrating that they don’t know what’s happened to a report that they’ve made,” she said.

Hogan found that the CRTC also seemed to lack a good system for dealing with criminal cases that might come through their anti-spam line.

The agency has had the responsibility of dealing with spam calls and complaints about them since 2014. The auditor general found in rare cases this has led to the agency coming across cybercrime cases that it has not always handed off to the proper authorities.

“We found that most of the cybercrime-linked reports were not investigated by the CRTC. We found that during the three years in our audit period, the CRTC conducted only six investigations into anti-spam violations with links to cybercrime-linked incidents.”

It also found that in one case the CRTC essentially interfered in another investigation falling to hold onto information that a police agency wanted.

“In one instance, to avoid being served with a search warrant by a law enforcement agency, the CRTC deleted evidence and returned electronic devices on an accelerated time frame to a person being investigated for violating the anti-spam legislation,” reads the report.

Advertisement 5

Article content

Hogan said overall there needs to be a one-stop shop for Canadians looking to report cybercrime.

“It shouldn’t be this confusing. Canadians should report their federal government, and then the government should figure out who should get the report and act on it promptly.”

National Post
[email protected]

Get even more deep-dive National Post political coverage and analysis in your inbox with the Political Hack newsletter, where Ottawa bureau chief Stuart Thomson and political analyst Tasha Kheiriddin get at what’s really going on behind the scenes on Parliament Hill every Wednesday and Friday, exclusively for subscribers. Sign up here.

Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark and sign up for our daily newsletter, Posted, here.

Article content

Source link


Click Here For The Original Source.


National Cyber Security