Question Period Note: Supply chain integrity

Back to search

About

Reference number:
PSPC-2023-QP-00066
Date received:
Sep 6, 2023
Organization:
Public Services and Procurement Canada
Name of Minister:
Duclos, Jean-Yves (Hon.)
Title of Minister:
Minister of Public Services and Procurement

Issue/Question:

Concerns have been raised regarding the presence and/or access to the Canadian market of information and communication technology (ICT) products manufactured by Chinese-owned entities. There are claims that some of these entities have direct ties to the Chinese government. For example, companies such as TikTok, Huawei and Lenovo are often mentioned

Suggested Response:

  • The Government of Canada takes very seriously the security and privacy of its network infrastructure and any devices that access it
    • Shared Services Canada conducts a supply chain integrity review with support from the Communications Security Establishment for all IT purchases
    • This assessment ensures the security of the Government of Canada's IT infrastructure

If pressed on supply chain integrity review:

  • SSC relies on the Canadian Centre on Cyber Security (CCCS) as the government centre of excellence of the Supply Chain Integrity (SCI) review function
  • The SCI function, implemented in 2012, ensures that the goods and services purchased are as safe from cyber-security threats as possible
  • It applies to procurement in four areas: email, data centres, networks, and workplace technology devices, such as laptops, printers and cellular devices
  • Not only are these areas essential to the operation of government, but they are also the main targets of cyber threats
  • SSC will continuously work to enhance cyber security in Canada by collaborating across government to prepare for all types of cyber incidents

If pressed on TikTok:

  • TikTok was deemed by the Deputy Minister and Chief Information Officer of Canada as a risk to the privacy and security of government information
  • Shared Services Canada, which manages GC Smartphones blocked the application as per this direction on February 27, 2023

Background:

  • On June 6, 2023, an article was published in La Presse entitled “Faut-il avoir peur des appareils Lenovo ?” https://www.infomedia.gc.ca/tbs-sct/en/2023/06/04/250880487
    • The news article states that the Government of Canada has not banned equipment from Lenovo
    • The Communications Security Establishment (CSE) is quoted in the article. CSE confirmed that the Government of Canada has not banned equipment from Lenovo and mentions that they evaluate equipment on a case by case basis
    • TBS provides strategic oversight of Government cyber security event management
    • SSC provides IT security infrastructure (design, deploy and operate). In conjunction with TBS and CSE, SSC also provides security and privacy by design as part of the establishment of new services. The security of goods and services is evaluated during the procurement process by CSE and SSC
    • CSE houses the Canadian Centre for Cyber Security (CCCS) which monitors systems and networks for malicious activities and cyberattacks and leads the cyber event operational response
    • PSC leads national cyber security policy and strategy
    • The RCMP is the primary investigative department on all cyber security incidents dealing with actual or suspected cybercrime of non-state origin against GC infrastructure
    • CSIS is responsible for investigating threats against information systems and critical infrastructure posed by foreign state actors and terrorists
    • National Defence/Canadian Armed Forces is responsible for addressing cyber threats, vulnerabilities or security incidents against or on military systems
    • On February 27, 2023, the TBS Deputy Minister and Chief Information Officer of Canada announced that in pursuant to their responsibilities under section 4.4.1.9 of the Policy on Service and Digital, the DM and CIOC directed that the use of the TikTok application be blocked on Government of Canada devices as of 5pm EST on February 27, 2023. This decision was made after a review of the behavior of the application as it relates to our privacy and security standards, and impacts all organizations subject to the Policy on Service and Digital
    • Shared Services Canada, which manages GC Smartphones blocked the application as per this direction on February 27, 2023

Additional Information:

  • A number of departments and agencies play a role in cyber security, including Treasury Board of Canada Secretariat (TBS), Communications Security Establishment (CSE), Shared Services Canada (SSC), Public Safety Canada (PSC), Royal Canadian Mounted Police (RCMP), Canadian Security Intelligence Service (CSIS), and the Department of National Defence (DND)
    • All departments and agencies have a responsibility to ensure cyber security within their organization. TBS, SSC, and CSE are the primary stakeholders with responsibility for ensuring the Government’s cyber security posture is effective and able to respond to evolving threats