The National Research Council had concerns about their IT security before the hack attack happened, and some of those concerns delayed their move to join Shared Services Canada. What the article doesn’t mention is that NRC also has a lot of legacy computer systems that wouldn’t integrate easily, and that was part of the concern with amalgamation. That said, amalgamation creates its own security risks because everything is in one place, so a well-placed hack there would have far broader implications than the current “federated” model, where individual systems can be isolated. Meanwhile, the Privacy Commissioner’s officer has confirmed that the attack breached a system that contained personal information, and they’re still assessing the damage.

Continue reading →