By Stephen Cook, The Canadian Press
OTTAWA — The organization in charge of providing physical security to Parliament is looking to improve its cybersecurity.
The Parliamentary Protective Service is considering using cloud-based software services but needs guidance on how to do it without putting its data at risk. According to a request for proposals posted Monday, it’s hoping to hire a contract cybersecurity specialist to teach staff about security standards and advise them on what to look for in software vendors.
“The expertise of a cybersecurity specialist is being sought to help ensure appropriate safeguards are in place for applications and systems for the PPS administration,” reads an email from Joseph Law, chief of staff to the service’s director, senior RCMP officer Jane MacLatchy.
The results of the contract will set terms to use in software selection.
Storing data online and hiring outside firms to maintain an organization’s software can be more efficient than doing it internally but comes with its own risks: It means outsourcing not just the information-technology work to keep software updated and functioning, but some of the security that keeps sensitive material safe from hackers.
In December, the Communications Security Establishment, Canada’s cyberspying agency, said China was responsible for compromising several service providers as early as 2016. According to indictments issued by the United States, state-sponsored hacking of “managed service providers” led to the thefts of data from dozens of clients, including the personal information of more than 100,000 workers in the U.S. navy.
“Cybersecurity is one of the most serious economic and national security challenges facing Canada and its allies,” noted the release.