Skip to main content

FBI Director Robert Mueller spoke on Thursday, warning that he expected cyber threats to pass terrorism as the country’s top threat. Former NSA chief Michael Hayden said in an interview at the conference that new laws were needed. “The Net is inherently insecure,” Mr. Hayden said. “We need to quit admiring the problem and move out. No position could be worse than the one we’re in now.”

British Columbia's government is vulnerable to cybersecurity threats and needs to be unwavering in its search for possible attacks, said the province's auditor general.

In a report released Thursday, Russ Jones outlined how an audit by his office found security vulnerabilities ranking from medium to critical in more than half of the government's Web applications that it reviewed.

Mr. Jones said the security audit, conducted from December, 2012, to February, 2013, produced a swift response from the government to erect security protections.

But the report concludes the government must do more to stay abreast of security threats because cybercriminals are always looking for new ways to steal information.

The 26-page audit, titled Information Technology Compendium, said 56 per cent of government Web applications reviewed in the report were not adequately protected and contained one or more cybersecurity risks, ranking from medium to critical. The audited scanned the security vulnerability of 80 government Web applications and found more than half were not adequately protected and contained security risks.

The report stated there are 1,500 of the government applications and 437 are public. Web applications are programs embedded into websites to perform specific functions.

"The government of British Columbia uses its websites to interact with its citizens, provide program information and offer online services," the report stated. "Online services include, but are not limited to, applying for a medical service plan, social assistance, permits and licences, legal services, completing a land title search and researching property assessments."

Mr. Jones said his audit did not identify any security breaches, but the major theme of the audit was to reveal the constant and ever-present cybersecurity threat facing the government and the personal information of British Columbians.

"These vulnerabilities could allow cybercriminals to access confidential information or cause malicious activity," the report said. "Based on the high number of critical, high and medium vulnerabilities found per web application, we determined that public-facing web applications are not adequately protected from cybersecurity threats."

Mr. Jones makes four recommendations to ensure government cybersecurity vulnerabilities are monitored, investigated and prevented.

He would like to see the government's Office of the Chief Information Officer incorporate a compliance review of government ministries for cybersecurity policies and standards.

Bette-Jo Hughes, the government's chief information officer, stated in the report that her office communicated the need to tighten security to all ministries. "Ministries have reviewed the vulnerabilities of their applications, developed their mitigation plans and are working to complete implementation," she said.

Mr. Jones said cybersecurity threats require constant government vigilance. "I really think that going forward, as long as they take a look and implement the recommendations that we've put forth, the public interest will be well-served," he said in an interview.

Interact with The Globe