Language selection

Government of Canada / Gouvernement du Canada

Search

Minister of Digital Government Appearance Before the House of Commons Standing Committee on Government Operations and Estimates (OGGO) - Main Estimates 2021–22 and Departmental Plans 2021–22 - May 26, 2021

Notice to readers

This report contains either personal or confidential information, or information related to security, which has been redacted in accordance with the Access to Information Act.

On this page

Opening statement and overview

Speech for the Honourable Joyce Murray, Minister of Digital Government, to the Standing Committee on Government Operations and Estimates (OGGO)

Main Estimates 2020–21 and Departmental Plans 2021–22 (Digital Government Portfolio)

Check against delivery

Thank you, Mr. Chair.

It’s a pleasure to join you here today.

I’d like to acknowledge that I’m joining you from my home in Vancouver on the unceded territories of the Musqueam, Squamish and Tsleil-Waututh First Nations.

I would like to thank the Committee for inviting me here to discuss the 2021–22 Main Estimates and the 2021–22 Departmental Plan for the Digital Government portfolio.

I am pleased to be joined today by:

  • Marc Brouillard, Acting Chief Information Officer of Canada
  • Karen Cahill, Assistant Secretary and Chief Financial Officer
  • Paul Glover, President of Shared Services Canada (SSC)
  • Samantha Hazen, Assistant Deputy Minister and Chief Financial Officer at SSC

After my remarks, my officials and I would be happy to answer any questions members may have.

Mandate and vision

Mr. Chair, as the Minister responsible for the government’s digital transformation, part of my mandate is to work with my ministerial colleagues to provide federal public servants with the tools and strategies they need to design and deliver the services Canadians expect in the digital era — services that are secure, reliable, accessible and easy to use.

We are focused on four areas:

  • modernizing how the government replaces, builds and manages major information technology (IT) systems
  • improving service delivery
  • coordinating government digital operations through collaborative tools and secure data-sharing
  • training and recruiting public servants with digital skills and diverse perspectives to design services that meet the needs of all Canadians

Work in these four areas advances our vision of convenient, seamless digital Government of Canada services that put the needs of citizens and businesses first.

While there is still much work ahead, we are making important progress.

The investments we’re discussing here today will play a major part in updating our systems and rolling out better and more powerful tools so we can improve Canadians’ access to trusted digital services.

Main Estimates, 2021–22

In the Main Estimates, SSC is seeking additional funding to provide modern, reliable and secure IT infrastructure in support of government priorities and digital delivery of programs and services to Canadians.

This new funding includes:

  • $93.2 million for enabling digital services to Canadians by optimizing the efficiency and performance of IT systems throughout government
  • $37.3 million for IT modernization initiatives that will leverage cloud and consolidate email, data centres and network systems
  • $36.5 million for the costs of core IT services, which includes funding to support new full-time staff and partner initiatives
  • $13.5 million for secure video conferencing
  • $6.7 million to support IT services, infrastructure and services that directly support our response to the COVID-19 pandemic
  • $14.1 million to enhance the integrity of Canada’s borders and asylum system, as well as respecting newly signed collective agreements and making federal government workplaces more accessible

We’re also seeking $282,000 for the Treasury Board of Canada Secretariat (TBS) to contribute to the Open Government Partnership, the leading global forum for advancing open government around the world.

Departmental Plan

With regard to the 2021–22 Departmental Plan, Mr. Chair, our digital government teams will work with departments on several important initiatives.

For example, we are:

  • modernizing IT with new modular methods to plan, replace and manage mission-critical legacy systems
  • improving service by ensuring that outward-facing digital platforms and components are consistent across the government and designed for the person or organization using them
  • implementing a modern, strategic enterprise-management approach to information and data stewardship as well as IT operations, tools and assets
  • identifying and tackling long-standing institutional barriers to digital innovation inherent in traditional siloed leadership and processes

In taking an enterprise approach, SSC is working to solidify network capacity and security, equip and empower employees to collaborate, and support partners in the design and delivery of their digital service offering to Canadians.

 Conclusion

Mr. Chair, from responding effectively in times of crisis to delivering benefits to low-income Canadians to timely service from Service Canada, digital capacity underpins our ability to deliver on every priority and policy we implement.

Thank you, Mr. Chair.

We would now be pleased to take questions from the Committee.

Overview of Standing Committee on Government Operations and Estimates (OGGO)

Committee members

Name and role Party Riding OGGO member since
Chair

Robert Kitchen

Conservative

Souris–Moose Mountain

October 2020 (Chair since October 2020)
Vice-Chairs

Francis Drouin

Liberal

Glengarry–Prescott–Russell

January 2016 (Vice-Chair since February 2020)

Julie Vignola

Bloc Québécois

Beauport–Limoilou

February 2020 (Vice-Chair since February 2020)
Members

Steven MacKinnon
Parliamentary Secretary (Public Services and Procurement Canada (PSPC))

Liberal

Gatineau

September 2017

Rachael Harder

Conservative

Lethbridge

February 2021

Pierre Paul-Hus
PSPC Critic

Conservative

Charlesbourg–Haute-Saint-Charles

October 2020

Kelly McCauley

Conservative

Edmonton West

January 2016

Matthew Green
PSPC Critic
TBS Critic

New Democratic Party

Hamilton Centre

February 2020

Majid Jowhari

Liberal

Richmond Hill

January 2018

Irek Kusmierczyk

Liberal

Windsor–Tecumseh

February 2020

Patrick Weiler

Liberal

West Vancouver–Sunshine Coast–Sea to Sky Country

February 2020

TBS-related Committee activity: 43rd Parliament, 2nd Session

Anticipated business

  • 2021–22 Supplementary Estimates (A)
  • Strengthening the protection of the public interest within the Public Servants Disclosure Protection Act
  • Government’s response to the COVID-19 pandemic
  • Administration of the Canada Student Service Grant and WE Charity
  • Shipbuilding procurement
  • IT infrastructure improvements
  • NucTech contracts

On March 10, 2021, the Committee adopted the following motion: That, in the context of its study of the Supplementary Estimates (C) 2020–21, the Committee send for, from TBS, all monthly COVID-19 expenditures reports and COVID-19 spending data as disclosed by the chief financial officers of all respective departments and that these documents be provided to the Committee no later than Wednesday, March 17, 2021, and then update this Committee on a monthly basis by the 15th of the month.

TBS has provided three of these reports to the Committee (March 17, April 15 and May 11, 2021), as well as the information submitted by organizations to TBS (April 23, 2021). The information is now also available publicly on InfoBase (as of May 12, 2021).

Main Estimates 2021–22 and Departmental Plans 2021–22

Meeting summaries
May 12, 2021: President of the Treasury Board appearing with TBS officials

The President of the Treasury Board began with opening remarks describing the Main Estimates 2021–22 government-wide and for Treasury Board, including funding for economic support for Canadians, vaccine funding and virtual care. The Departmental Plan 2021–22 for TBS highlighted the support and guidance for the COVID-19 response, working with the Department of Finance Canada on the government’s financial impacts, support for a supportive and inclusive workplace, reducing greenhouse gas emissions, and reducing burden in regulatory affairs.

The Committee asked a variety of questions on the items in the Main Estimates 2021–22 and the TBS Departmental Plan 2021–22. The members were interested in the TBS initiatives related to diversity and inclusion, and the target diversity and inclusion numbers for executives set out in the Departmental Plan. Members also expressed curiosity about TBS’s involvement in the approval of COVID-related contracts and expenditures (for example, the Canada Emergency Wage Subsidy). Mme Julie Vignola (Bloc Québécois) expressed particular interest in the Phoenix damages file and the improvements set out by TBS to enhance bilingualism in the public service.

Other relevant parliamentary activity

Procurement practices within SSC

Meeting summaries
April 28, 2021: SSC President, Paul Glover, and Deputy Chief Technology Officer, Matt Davis, appearing

Mr. Glover provided an overview of the procurement practices within SSC to the Committee in his opening remarks and offered to provide the Committee with any additional information the Committee would find helpful. SSC will continue to modernize and standardize the networks across government to allow for being able to react quickly to the needs of departments. SSC is also working on improving IT infrastructure to support advancing technology. Mr. Glover also reviewed the recommendations provided by the Gartner report submitted to the Committee by SSC, Network Sourcing Decision Matrix Benchmark: Final Report.

Exchanges on the reasoning behind certain redactions in the documents previously provided by SSC were tense at times. Mr. Glover explained the responsibilities and reasoning behind the redactions for Cabinet confidences and national security. Members were also curious about the advancements and modernization SSC has made in procurement processes and the procurement process with Cisco products.

Other relevant parliamentary activity
  • March 31, 2021: Gartner Report submitted to Committee

Supplementary Estimates (C) 2020–21 and Departmental Results Reports 2020–21

Meeting summaries
April 12, 2021: Follow-up meeting to TBS appearance on Supplementary Estimates (C) 2020–21

Mr. Glenn Purves gave an opening statement to provide the Committee with additional context for the amounts provided in the documents provided by TBS on March 17, 2021. Mr. Purves welcomed the Committee’s feedback on the documents and encouraged the Committee to request more detailed information on any specific measure from the responsible departments. The final expenditures for the fiscal year 2020–21 will be available in the Public Accounts, which are expected to be tabled in the fall 2021.

Members expressed frustration at the level of detail provided by TBS in the March 17, 2021, documents and requested that the next reporting be the detailed information provided by all departments. TBS committed to providing reporting with the detailed level of information as requested by the Committee. TBS officials explained how reporting was done by departments every month through Titan and the ways in which parliamentarians and Canadians can rely on GC InfoBase to find the expenditure information. Members had many questions relating to details of other department expenditures, which TBS does not track.

March 10, 2021: Supplementary Estimates (C) 2020–21 and Departmental Results Reports 2020–21

Members were cordial and polite with the witnesses. Questions were technical at times in nature. Members were inquisitive about the funding to the Public Health Agency of Canada for vaccines and personal protective equipment and were interested in a breakdown of the information. The members were also keen to receive further information about the Phoenix damages payments and how those funds were being reported on. Questions also focused on the reduction of greenhouse gas emissions and the official languages white paper. Members were supportive of TBS’s initiative to promote fiscal transparency.

Interest in TBS / MDGO Portfolio

Conservative

  • Contracts awarded to Cisco
  • Products and services provided by the Canadian Digital Service
  • Tracking of COVID spending

Liberal

  • Reduction of greenhouse gas emissions

Bloc Québécois

  • Amounts allocated for Phoenix damages payments (including taxation)
  • Methods of calculations for expenses related to COVID-19

New Democratic Party

  • Procurement assessments
Other relevant parliamentary activity

Government response to COVID-19

Meeting summaries
February 17, 2021: Information Commissioner

The Information Commissioner began by reiterating that the right to access cannot be ignored, even during an emergency. She outlined the ways in which departments and agencies should be working to help with this right to access to ensure accountability. The government has not met expectations; however, there are some encouraging signs such as institutions regaining ability to process access to information requests. The postponement of the Access to Information and Privacy (ATIP) Online Request system and the delay in the Access to Information Act review is disappointing. There were, and continue to be, steps that can be taken immediately that do not require legislative change. Mme Maynard outlined the measures in the submission she sent to the President of the Treasury Board.

The Information Commissioner was critical of the leadership and guidance provided by the Treasury Board and reiterated throughout the meeting that concrete action was not being taken. The Commissioner is concerned about the ability for the access to information and privacy (ATIP) process to keep up and the lack of resources (both in human resources (HR) and IT technology). The Commissioner expressed concern with the way in which reporting is done by TBS, including monthly departmental statistics and a better understanding of the current situation with ATIP shops. The Commissioner believes that vaccine contracts could be disclosed with the protection of certain elements in them. She also reinforced that proactive disclosure would solve a lot of the strain on the ATIP Online Request system, using examples such as Australia.

The Committee adopted a motion moved by Mr. Kelly McCauley (Conservative Party of Canada (CPC)) to re-adopt the Committee’s 2017 Report (Strengthening the Protection of the Public Interest within the Public Servants Disclosure Protection Act) and request a government response. The Committee will also request that the President of the Treasury Board appear for a progress update on the recommendations.

January 27, 2021: Parliamentary Budget Officer

The meeting started late due to votes in the House of Commons.

The Parliamentary Budget Officer gave brief opening remarks on the progress of the tablings and projections his office has released, including the projections and analysis on the items outlined in the Federal Economic Statement 2020. The Parliamentary Budget Officer is expecting to deliver the new shipbuilding cost analysis to the Committee on time (by the end of the month).

Interest in TBS / MDGO Portfolio

Conservative

  • Issues with secrecy within the public sector
  • Transparency of procurement contracts related to COVID

Liberal

Bloc Québécois

  • Transparency of procurement contracts related to COVID

New Democratic Party

Briefing on the Parliamentary Budget Officer’s reports

Meeting summaries
December 2, 2020: Parliamentary Budget Officer

The Parliamentary Budget Officer gave brief opening remarks on the change in timing in the Supply cycle and raised concerns about the authorities approved in legislation for COVID-19 relief, making it difficult to track the government’s spending.

Interest in TBS / MDGO Portfolio

Conservative

  • Transparency of COVID spending by the government
  • Personal protective equipment procurement and contracts
  • Treasury Board approval for COVID relief programs

Liberal

  • Quality of information provided to Finance Committee (FINA) in the 43-1 Parliament by Finance

Bloc Québécois

  • Quality of Information provided on GC InfoBase by TBS for COVID-related spending

New Democratic Party

  • Quality of Information provided on GC InfoBase by TBS for COVID-related spending
  • Critical of IT infrastructure programs
Other relevant parliamentary activity

Supplementary Estimates (B) 2020–21

Meeting summaries
November 30, 2020: President of the Treasury Board

Members were mostly cordial with witnesses but expressed frustration at the answers provided in response to questions related to transparency. Questions focused on the responsibility of the requirements under the Official Languages Act for any new implementation of programs, as well as a request for clarity on the process. Members were also concerned with the lack of clarity in terms of the amount of funds allocated toward COVID-19 measures, as well as any future spending into these measures. The President also spoke of the Greening Government Strategy that was released earlier this week and the progress of Canada’s Centre for Regulatory Innovation.

Interest in TBS / MDGO Portfolio

Conservative

  • Transparency of COVID spending by the government

Liberal

Bloc Québécois

  • Requested a clear chart of COVID-19 measures, spending to date, and future planned spending for each measure

New Democratic Party

  • Parliamentary Budget Officer criticism at lack of transparency with COVID-19 spending by the government
  • Requested a clear chart of COVID-19 measures, spending to date, and future planned spending for each measure
Other relevant parliamentary activity (Question Period, Written Questions, debate, tablings)

Main Estimates 2020–21

Meeting summaries

November 25, 2020: Minister of Digital Government

The Members were primarily concerned with network security and the IT issues that the Government of Canada faces. The CPC members were seized with the issue of quantum computing and how Canada is working towards preventing an attack by this system. The CPC and NDP members also wanted more information and updates on the access to information progress that the government has made after the initial problems in the spring. The Minister of Digital Government and officials highlighted that access to information requests and transparency remain a priority for the government. SSC and TBS officials spoke of the efforts being made by the government to modernize and maintain the IT systems, while ensuring security is a priority.

The Committee carried all votes referred to the Committee on the Main Estimates 2020–21 on division.

November 4, 2020: President of the Treasury Board

Members were mostly cordial with the witnesses but were sometimes impatient with lengthier responses. The questions focused on the themes of transparency and accountability by the Treasury Board in spending and procurement policies. The comment in the most recent Parliamentary Budget Officer Report on the lack of transparency in Supplementary Estimates (B) was brought to the attention of the witnesses by several members. Members were also concerned about the mental health of public servants throughout the pandemic and the use of leave code 699, as well as the future of working from home (such as the purchase of home office furniture and the divesting of buildings). Officials from the Department of Finance Canada were also asked about plans for the tabling of a Budget, which does not yet have a determined date.

Interest in TBS / MDGO Portfolio

Conservative

  • Cyber security concerns (quantum computing)
  • Divesting of public service buildings (future of working from home)

Liberal

  • Phoenix stabilization

Bloc Québécois

  • Stabilization of Phoenix and NextGen

New Democratic Party

Chair: Robert Kitchen (Manitoba: Souris–Moose Mountain) – Conservative member

Robert Kitchen
  • Elected as the Member of Parliament for the riding of Souris–Moose Mountain in 2015.
  • Educated as a chiropractor and served on several provincial and federal committees prior to entering politics in 2015.
  • Served as a member on the Health Committee in the 43-1 Parliament and as the Vice-Chair on the Veterans Affairs Committee in the 42nd Parliament.
  • Has previously subbed for Conservative members on the OGGO Committee in past Parliament.

1st Vice-Chair: Francis Drouin (Ontario: Glengarry–Prescott–Russell) – Liberal member

Francis Drouin
  • Elected as the Member of Parliament for the riding of Glengarry–Prescott–Russell in 2015.
  • A member of the Standing Committee on Government Operations and Estimates and the Standing Committee on Agriculture and Agri-Food. Also a previous member of both those committees in the 42nd Parliament.
  • Prior to his election, Mr. Drouin worked as a special assistant in the Office of the Ontario Premier.

2nd Vice-Chair: Julie Vignola (Quebec: Beauport–Limoilou) – Bloc Québécois member

Julie Vignola
  • Elected as the Member of Parliament for the riding of Beauport–Limoilou in 2019.
  • Bloc Québécois Critic for Public Services and Procurement and Government Operations.
  • Former high school teacher and vice-principal.
  • Interested in and involved with various community well-being organizations, for example, Lions Club, Canada World Youth.
  • Advocate for Quebec’s independence.

Steven MacKinnon (Quebec: Gatineau): Liberal member, Parliamentary Secretary to the Minister of Public Services and Procurement

Steven MacKinnon
  • Elected as the Member of Parliament for the riding of Gatineau in 2015.
  • Parliamentary Secretary to the Minister of Public Services and Procurement.
  • Previously a non-voting member of the Standing Committee on Public Accounts and the Standing Committee on Government Operations and Estimates.
  • Previously a member of the Standing Committee on Finance.
  • Prior to his election, Mr. MacKinnon was a senior vice president at a global consultancy firm.
  • Mr. MacKinnon served as an advisor to former Prime Minister Paul Martin and former New Brunswick Premier Frank McKenna.

Rachael Harder (Lethbridge, Alberta): Conservative member

Rachael Harder
  • Elected as the Member of Parliament for the riding of Lethbridge in 2015.
  • Official Opposition Critic for Digital Government.
  • Formerly served as the Shadow Minister for Status of Women and the Shadow Minister for Youth and Persons with Disabilities.
  • Previously served as the Chair of the Standing Committee on Access to Information, Privacy and Ethics (ETHI) in the 43-1 Parliament.
  • Serves as a member on the Standing Committee on Natural Resources (RNNR).

Pierre Paul-Hus (Quebec: Charlesbourg–Haute-Saint-Charles): Conservative member

Pierre Paul-Hus
  • Elected as the Member of Parliament for the riding of Charlesbourg–Haute-Saint-Charles in 2015.
  • Official Opposition Critic for Public Services and Procurement.
  • Role as the lead editor for the PRESTIGE Media Group giving him experience with business, political and cultural sectors in Quebec City.
  • Previously served as the Official Opposition Critic for Public Safety and Emergency Preparedness.
  • Served as Vice Chair of the Standing Committee on Public Safety and National Security (SECU) in the 43-1 and the 42nd Parliament.
  • Also a current member of the Canada-China Relations Committee (CACN).

Kelly McCauley (Alberta: Edmonton West): Conservative member

Kelly McCauley
  • Elected as the Member of Parliament for the riding of Edmonton West in the 2015.
  • Previously served on the Standing Committee on Government Operations and Estimates.
  • Served on the Executive Committee of the Board of Northlands, the Board of Alberta Aviation Museum.
  • Chairperson of the Employmnet Insurance Board of Referees for Edmonton and Northern Alberta.
  • Hospitality professional (managing hotels and convention centres).

Matthew Green (Ontario: Hamilton Centre): New Democratic Party member

Matthew Green
  • First elected in the 2019 federal election in the riding of Hamilton Centre (formerly held by New Democratic Party (NDP) MP David Christopherson).
  • NDP Critic for Treasury Board, National Revenue, Public Services and Procurement, and Deputy Critic for Ethics.
  • Former Councillor for the City of Hamilton (2014 to 2018).
  • Member of the House of Commons Standing Committee on Public Accounts (PACP).
  • Member of the Canada-Africa Parliamentary Association (CAAF) and the Canadian Section of ParlAmericas (CPAM).

Majid Jowhari (Ontario: Richmond Hill): Liberal member

Majid Jowhari
  • Elected as the Member of Parliament for the riding of Richmond Hill in the 2015.
  • Previously a member of the Standing Committee on Government Operations and Estimates and the Standing Committee on Industry, Science and Technology.
  • A member of the Standing Committee on Government Operations and Estimates and the Standing Committee on Industry, Science and Technology.
  • Prior to his election, Jowhari was a licensed Professional Engineer from 1995 to 1999 and founded his own boutique consulting firm to provide advice to chief financial officers.
  • In 2018, the Canadian Alliance on Mental Illness and Mental Health named Majid Jowhari as a Parliamentary Mental Health Champion.

Irek Kusmierczyk (Ontario: Windsor–Tecumseh): Liberal member, Parliamentary Secretary to the Minister of Employment, Workforce Development and Disability Inclusion

Irek Kusmierczyk
  • Elected as the Member of Parliament for the riding of Windsor–Tecumseh in the 2019.
  • A member of the Standing Committee on Government Operations.
  • Parliamentary Secretary to the Minister of Employment, Workforce Development and Disability Inclusion.
  • Prior to his election, Mr. Kusmierczyk was a city councillor for the Windsor City Council.

Patrick Weiler (West Vancouver–Sunshine Coast–Sea to Sky Country): Liberal member

Patrick Weiler
  • Elected as the Member of Parliament for the riding of West Vancouver–Sunshine Coast–Sea to Sky Country in 2019.
  • Member of the Standing Committee on Natural Resources.
  • Environmental and natural resource management lawyer.
  • Represented First Nations, municipalities, small businesses and non-profits on environmental and corporate legal matters within this riding.
  • He is a champion of the Liberal government’s Pan-Canadian Framework on Clean Growth and Climate Change.

Overview of digital government during the COVID-19 pandemic (Office of the Chief Information Officer, Shared Services Canada, the Canadian Digital Service and the Digital Transformation Office)

Issue

What has the government done on the digital front to address operational and service delivery challenges related to the COVID-19 pandemic?

Key facts

  • The Office of the Chief Information Officer (OCIO) is working with SSC, the Canadian Digital Service and the Digital Transformation Office to support the operation of government IT infrastructure and systems and maintain continuity of critical federal services.
  • The Digital Transformation Office is coordinating the whole-of-government approach to online citizen service at Canada.ca/coronavirus with Health Canada, the Public Health Agency of Canada, the Privy Council Office and Service Canada.
  • In response to the pandemic, SSC significantly increased the capacity to handle the surge for remote connectivity and rolled out new collaboration tools (for example, Microsoft Teams) enterprise-wide which provided essential support to departments for remote work during the pandemic.
  • Following COVID, secure remote access capacity was increased to support 300,000 simultaneous connections, which represents roughly 72% of the employees working for federal entities supported by SSC.
  • Over 282,855 accounts for Microsoft Office 365 were created, supporting employees across the government with collaborative tools.
  • The mobile phone inventory grew by 45,000 new accounts during the pandemic. This includes smartphones (voice, text, data) and regular mobile devices (voice, text).

Response

  • We are accelerating our efforts for digital transformation during this pandemic to continue advancing an open, secure and resilient digital government.
  • We are actively supporting the ongoing operation of IT infrastructure and systems and have also increased the federal network’s capacity so that critical services can continue.
  • We are ensuring that departments and public servants have the knowledge, tools and equipment they need to work remotely. This includes procuring and provisioning new devices and equipment, and rapidly deploying new cloud-based collaboration and communication systems government-wide.
  • Working with many departments since early March, the Digital Transformation Office has been coordinating the whole-of-government web presence in response to COVID-19, constantly improving the user experience through evidence-based updates on Canada.ca/coronavirus.
  • The Canadian Digital Service is helping Canada respond to the COVID-19 crisis by working with departments and other jurisdictions to build new open source tools and services such as GC Notify, a tool that provides any department with the ability to send email or text notifications quickly.
  • SSC is building on its strong experience working remotely to build its hybrid workplace of the future.
  • SSC will maximize the workforce potential to ensure an engaged, enabled and empowered workforce focused on employee engagement and organizational performance.
  • SSC will power world-class technology for government by attracting, retraining and enable a diverse and capable workforce using efficient collaboration tools and modern workspace.

Background

The COVID-19 pandemic continues to transform the government’s operational and service landscape. In mounting its response, the government is accelerating its digital transformation, delivering results that directly support Canadians during this time of crisis while strengthening the government’s foundation for becoming a more open, people-centric and resilient digital government into the future.

TBS’s OCIO is working with SSC, the Canadian Digital Service and Digital Transformation Office to actively support the ongoing operation of the government’s IT infrastructure and systems and maintain continuity of critical federal services.

In parallel, SSC and OCIO are ensuring that departments and public servants have the knowledge, tools and equipment they need to work remotely. This includes procuring and provisioning new devices and equipment, and rapidly deploying new cloud-based collaboration and communication systems government-wide.

OCIO is in continuous contact with the Canadian Centre for Cyber Security to maintain awareness of the global cyber threat environment, including regular scanning for new vulnerabilities that may impact the Government of Canada.

OCIO is working closely with departments and agencies to support service delivery by strengthening business continuity planning, identifying critical services, and focusing committee forward agendas on COVID-19-related efforts. This includes working with SSC and Public Safety Canada to identify critical service interdependencies, including between services identified in departmental service inventories, critical services and the IT systems that support them.

TBS has reached out to chief information officers from all departments to understand their unmet staffing needs in priority areas, and to develop a tool to centrally identify and deploy talent to the most-needed areas. This includes repurposing and upgrading features on the Talent Cloud platform to create GC Talent Reserve, a tool to capture staffing needs and available talent. This will be used initially for the chief information officer community, and OCIO is working with the Office of the Chief Human Resources Officer to determine its suitability for wider use.

TBS is actively supporting government in managing its legislative and policy responsibilities during the COVID-19 response, including those related to information management. Key activities include system modifications and website notifications, as well as regular guidance to departments and agencies. OCIO also improved the searchability of open government resources, including datasets and infographics, related to COVID-19 by creating a COVID-19-specific search functionality on Open.canada.ca.

OCIO is engaging within the Government of Canada, as well as across Canadian jurisdictions, sectors and internationally to establish strong lines of communication, share best practices, and support a coordinated response by chief information officers to the COVID-19 pandemic.

On the global stage, this includes engaging partners through key forums like the Digital Nations, the Open Government Partnership, and the Organisation for Economic Co-operation and Development (OECD).

At the national level, OCIO is leveraging its role as co-chair of the Public Sector Chief Information Officer Council and the Chief Information Officer Strategy Council to bring together chief information officers from provincial and territorial public sectors, and from Canada’s public and private sectors, respectively, for coordinative action on COVID-19 challenges.

OCIO is also exploring opportunities to leverage private sector expertise to support the COVID-19 response. This includes launching a task force to act as a coordinative hub for all information management / information technology (IM/IT) COVID-19 vendor offers of support across government.

The Digital Transformation Office is working with lead COVID-19 departments to ensure that the COVID-19 information and services provided through Canada.ca/coronavirus are provided in an integrated, whole-of-government way. It’s providing rapid prototyping and usability research and testing skills to key COVID-19 files, such as vaccines, public health guidelines, travel, ArriveCAN, the Canada Recovery Benefit, the Canada Emergency Wage Subsidy, and the Canadian Emergency Response Benefit. Moreover, the Digital Transformation Office has put in place a performance measurement framework to gather, evaluate and improve the performance of top COVID-19 information and services so that departments and agencies have data and direct feedback from citizens and businesses to support improvements.

On a national level, the Digital Transformation Office established a COVID-19 web working group with provincial and territorial counterparts to improve the coordination of COVID-19 efforts across jurisdictions, including sharing usability testing results and feedback received from citizens and business through Canada.ca.

The Canadian Digital Service is helping Canada respond to the COVID-19 crisis by working with departments, other jurisdictions and sectors to build new open source tools and services and leverage existing ones.

For example, the Canadian Digital Service is helping combat misinformation during COVID-19 with GC Notify, working with Health Canada to launch a new notification service that has sent more than 5 million messages to Canadians to provide them with up-to-date and accurate information on COVID-19 that they can trust.

The Canadian Digital Service also collaborated with Employment and Social Development Canada and Canada Revenue Agency to launch an online service that has already helped more than 1 million Canadians receive personalized advice on financial help available to them from the government during the pandemic.

This includes partnering with public and non-profit partners (including the Canada School of Public Service) to leverage available open source tools and services for effective collaboration and service delivery through the Open Call initiative.

SSC’s response to the pandemic focused on five key pillars, namely, Workforce, Workplace, Technology, Operations and Communications. A rigorous governance framework was established at the onset of the pandemic, supported at the highest level by the President. A tiger team was stood up to provide leadership at the tactical level on SSC’s response. The Office of Audit and Evaluation involved the Departmental Audit Committee from the outset, providing monthly meetings that allowed SSC’s senior leadership to obtain independent advice and feedback on key risks as well as regular SSC operations. The Office of Audit and Evaluation established a COVID-19 strategy team to support the department in its response to the crisis and beyond.

SSC was able to maintain operations and a portion of its workforce was already working remotely. An operational sustainability initiative was implemented. This initiative included establishing depth charts that identified senior leaders and employees in roles supporting critical services, and provided backup employees for these roles. Additionally, SSC established movement facilitation letters when the provincial borders were closed with view to ensuring these employees could access SSC buildings as required to maintain critical operations.

Digital Strategy

Issue

In May 2021, Canada’s Minister of Digital Government will be releasing the Digital Strategy for the Government of Canada.

Key facts

  • On November 20, 2019, the Government of Canada announced the Honourable Joyce Murray as Minister of Digital Government, with a mandate to lead work across government in its transition to a more digital government and improved services to citizens.
  • The OCIO, SSC and the Canadian Digital Service, have worked collaboratively to support the operation of government IT infrastructure and systems and maintain continuity of critical federal services.
  • Four key areas of work to enable digital transformation have been identified:
    • modernizing how the government replaces, builds and manages major IT systems
    • providing services to people when and where they need them
    • taking a coordinated approach to digital operations
    • transforming how we work, recognizing that this isn’t just an IT challenge, it’s also a culture challenge
  • The strategy is an online, evergreen plan that lays out the necessary steps to transition to a truly digital government that employs up-to-date technology to deliver the type of services citizens and residents expect in a digital age. The strategy, along with the Digital Operations Strategic Plan and the Government of Canada’s Digital Standards, will provide the framework for the government to deliver secure, reliable and easy-to-access services to citizens, residents and businesses.

Response

  • The Government of Canada is accelerating its digital transformation and strengthening its foundation for a more open, people-centric and resilient digital government, now and into the future.
  • This includes enabling new ways to deliver more secure, reliable and easy to use services to Canadians.
  • The Digital Strategy is an iterative plan to transform Canadians’ experience with the Government of Canada and offers the level of service we have all come to expect in the digital age.
  • The Digital Strategy outlines four key areas of work to deliver secure, reliable and easy-to-access services to citizens, residents and businesses:
    • first, we are modernizing the way that we replace, build and manage major IT projects
    • second, the government is also exploring options for new platforms, tools and services, designed for the people they serve, that make it easier for Canadians to find and use services
    • third, we are building and strengthening our foundational infrastructure to support whole-of-government operations, meet departments’ digital operational needs, and continue to protect information, people and assets to deliver trusted programs and services to citizens, whether digital or in person
    • finally, this accelerated transformation includes looking at ways to transforming the institutional barriers to digital change within government, ensuring we always have the right digital skills, in the right places, supported by a strong, enabling leadership that empowers the change
  • Throughout this transformation, we continue to advance the Digital Standards and Digital Operations Strategic Plan to ensure that users and their needs are at the heart of our services, programs and operations.

Background

On November 20, 2019, the Government of Canada announced the first stand-alone Minister of Digital Government, with clear mandate letter commitments to lead work across government to transition to a more digital government and improve citizen service.

Mandate and actions to date

In this role, the Minister will lead the development and implementation of the Digital Strategy and programming at TBS and SSC, including efforts to identify core and at-risk IT systems and platforms, to assemble the expertise needed to effectively implement major transformation projects, and to renew SSC.

The Minister is also mandated with leading work on the Next Generation Human Resources and Pay System, with accelerating progress on a new strategy to create a single online window for all government services, and with supporting several key ministers in digitally transforming their services as well as leveraging both digital technologies like artificial intelligence (AI) and digital approaches like open source and open data.

This ministerial mandate builds on the Government of Canada’s work during the last mandate to lay the building blocks for digital government. This included amending the Financial Administration Act to formalize the role of the Chief Information Officer of the Government of Canada in legislation and elevate the function to a deputy minister–level position in order to strengthen management of government IT and support government-wide digital transformation.

The Government of Canada also announced its Digital Standards that establish how all public servants should work differently in the digital age. This includes ensuring that services, programs and operations are user-centric, and that the Government of Canada leverages digital technologies and methods to deliver the high-quality citizen services Canadians expect. The standards were recently updated with further guidance on how departments and agencies can fully integrate the standards into their work.

This includes responsibly and ethically leveraging AI in service delivery. The Government of Canada’s world-leading Directive on Automated Decision-Making and Algorithmic Impact Assessment tool supports the responsible, human rights–based use of automated decision-making systems by helping departments and agencies assess and mitigate any associated impacts. The Government of Canada has also created an AI source list to support departments and agencies in procuring ethical and effective AI solutions, services and products that enable improved, digital-age public services.

The Government of Canada is also building a policy framework that supports government-wide digital transformation. This includes the Policy on Service and Digital, which took effect April 1, 2020. This policy suite establishes a set of now-integrated rules that will guide how the Government of Canada manages service delivery, accessibility, information and data, IT, and cyber security in order to deliver better, user-centric services in the digital era.

Finally, the Government of Canada has established new organizations designed to support the transition to a more digital government. The Digital Transformation Office is leading the integration of the Government of Canada’s web presence on Canada.ca and improving it so that people can find and use the information and services they need, regardless of the department or agency that provides them. Fundamental to this work is measuring the performance of Canada.ca’s top tasks and providing guidance to departments and agencies on how to improve their top tasks to better meet the needs of citizens and businesses. The Canadian Digital Service helps federal organizations design and deliver services that meet the needs of citizens, including through GC Notify that allows departments to quickly and easily send emails and text messages to service users. To date, 110 services have sent over 11.8 million notifications through GC Notify. On July 31, 2020, the Canadian Digital Service and Health Canada also released COVID Alert, Canada’s free COVID-19 exposure notification app. The app was developed in collaboration with partners in the private sector and with provincial governments.

Additionally, the Digital Academy at the Canada School of Public Service equips public servants with the skills they need to deliver digital age service excellence.

Digital Strategy and Budget 2021

The Minister is leading the implementation of a Digital Strategy for government organized across four key areas:

  • using modular methods to modernize the way we replace, build and manage mission-critical IT systems
  • designing services for the people that use them so that they are reliable, secure, timely, accessible and easy to use from any device
  • taking a whole-of-government approach to data stewardship and IT operations, tools and assets
  • transforming the institutional barriers to change that have held us back in the past

Building on this existing strategy, Budget 2021 reinforces the government’s commitment to generational investments in Canada’s IT ecosystem. These include investments to acquire new technologies and tools to protect taxpayer information, the modernization of Canada’s benefit delivery systems, accelerating plans to ensure all Canadians have access to broadband Internet, establishing a new Data Commissioner to inform government and business approaches to data-driven issues, as well as a range of supporting investments to address the overall technical debt across government.

Budget 2021 outlines an ambitious next phase for Canada’s digital transformation, with over $2.5 billion invested in both the highest-impact services – like benefits, taxes and immigration – with over $1 billion of that amount dedicated to modernizing critical IT systems, strengthening cyber security efforts, and providing coordinated and informed centralized support to our government-wide transformation effort.

This includes $88 million over four years, starting in 2022–23, and $25.8 million ongoing, to TBS to renew and expand the capacity of the Canadian Digital Service and further improve how the government delivers digital services to Canadians. It also provides $34 million to the Office of the Chief Information Officer to provide strategic direction and leadership in the areas of information management, IT, security, privacy and access to information across the Government of Canada.

TBS continues to work actively with its partners across the Government of Canada to concretely advance the digital government mandate and to improve services to Canadians. This includes efforts to improve governance while empowering teams to be agile and focus on designing user-centred services.

Shared Services Canada (SSC)

SSC undertook a number of significant initiatives to support Government of Canada operations during the pandemic. Others include:

Secure remote access and collaboration tools
  • The department quickly expanded the government’s secure remote access capacity by more than 106%, and currently has capacity for up to 283,622 simultaneous connections; on an average day, there are more than 195,000 public servants accessing the network on a daily basis.
  • SSC established a temporary cloud-based system with a suite of Microsoft 365 tools, including 40 departments enabled with Microsoft Teams, to provide a collaborative platform that allowed public servants to have meetings online, chats, and share documents easily, among other things.
  • The government’s teleconference service usage increased by 212.5% since February 2020. More than 5 million teleconference minutes were used per day in June and current usage is 2 million minutes per day.
  • Expediting the rollout of other collaboration tools to facilitate virtual work.
  • Pre-COVID-19, video conferencing was a secondary option to in-person meetings; today, video conferencing is now the default, advancing the goal of a digital government.
Digital service delivery
  • Accelerated cloud hosting solutions in production with six departments.
  • Closed 91 legacy data centres bringing our total number of data centres closed to 300.
Procurement modernization
  • SSC is actively working with industry to make procurement simpler, faster and less administratively burdensome for businesses working with the federal government.
  • SSC’s Centre of Expertise in Agile and Innovative Procurement piloted utilizing an open business intelligence platform, “TECH2GOV” Digital Marketplace to access hundreds of Canadian technology companies that can provide immediate solutions in their areas of specialization.
  • The Centre of Expertise in Agile and Innovative Procurement launched agile procurement pilots where vendors collaborated throughout the procurement process and played a pivotal role in the design of the solution.

Main Estimates, 2021–22

2021–22 Main Estimates: Shared Services Canada (SSC)

Issue

The 2021–22 Main Estimates for SSC were tabled in Parliament on February 25, 2021. Main Estimates provide an overview of spending requirements for the upcoming fiscal year.

Key facts

  • With the approval of 2021–22 Main Estimates, the Department’s reference levels will decrease by $147.1 million, from $2,055.2 million in the 2020–21 Main Estimates to $1,908.1 million in the 2021–22 Main Estimates.
  • The overall decrease of $147.1 million is due to a decrease in SSC’s reference levels of $347.2 million, which is offset by an increase of $199.2 million for new items and transfers as well as a $0.9 million increase in Statutory Employee Benefit Plan.
  • The main cause of the $347.2 million decrease from the previous year is the reduction in funding related to various projects and initiatives from Budget 2017 and Budget 2018, including a decrease of $170.1 million for the existing Workload Migration Program, as well as a decrease $114.2 million related to the existing Information Technology (IT) Refresh Program.
  • The largest new funding element included in the $199.2 million in new funding relates to the continuation of the IT Refresh Program, totalling $93.2 million.

Response

  • SSC will invest funding to provide modern, reliable and secure IT infrastructure in support of government priorities and digital delivery of programs and services to Canadians.

Background

With the approval of 2021–22 Main Estimates, the Department’s reference levels will decrease by ($147.1) million, from $2,055.2 million to $1,908.1 million.

The net decrease of ($147.1) million is attributable to the following:

New funding: total new funding $194.6 million
  • A total of $93.2 million for enabling digital services to Canadians: Information Technology (IT) Refresh Program, which serves to optimize the efficiency and performance of IT systems throughout the Government of Canada’s IT ecosystem, ultimately mitigating risks related to IT asset downtime, system failures and risks associated with IT security. This new funding is a drawdown of remaining funding earmarked in Budget 2018 to support the continuation of the IT Refresh Program, initially created in 2019 as a Budget 2018 measure “Enabling Digital Services to Canadians.”
  • A total of $37.3 million for IT modernization initiatives that will leverage both cloud and workload migration initiatives, which includes the consolidation and modernization of email, data centres and network systems. This includes projects and activities that advance and/or foster a digitally enabled workforce, such as advancing Microsoft Office 365 in the cloud.
  • A total of $36.5 million for the costs of core IT services. This amount includes two items: funding to support costs associated to onboarding new full-time equivalents (FTEs) in the Government of Canada at a rate of 4% or $700 per FTE, and funding associated to partner projects/initiatives.
  • A total of $6.8 million for secure video conferencing as part of the expansion of the current Secure Communications for National Leadership to better support Cabinet and Cabinet committee meetings and to enhance effective communications as ministers continue to work and participate in meetings from a distance. This initiative is led by the Privy Council Office (PCO) in partnership with the Communications Security Establishment and SSC.
  • A total of $6.7 million to support IT services, infrastructure and services that directly support the government’s response to the COVID-19 pandemic.
  • A total of $6.6 million to enhance the integrity of Canada’s borders and asylum system as part of the Budget 2019 measure. SSC’s role is to enhance interoperability and improve asylum IT systems to provide the necessary network and system hardware upgrades under the direction of Immigration, Refugees and Citizenship Canada and to provide supporting core IT services.
  • A total of $4.5 million for newly signed collective agreements.
  • A total of $3.0 million to make federal government workplaces more accessible as part of the Budget 2019 measure for the Accessibility, Accommodations and Adaptive Computer Technology (AAACT) Program. This funding will bolster the capacity of the AAACT Program to identify, remove and prevent technological barriers facing public servants with disabilities in federal government workplaces.
Transfers: total net transfer $4.6 million
  • An increase of $2.7 million from the Canada School of Public Service (CSPS). This amount was previously invoiced annually to CSPS; however, given that the funding model for the CSPS changed, this funding will now be made permanent through a reference level transfer.
  • An increase of $2.3 million from Public Services and Procurement Canada (PSPC) for reduced accommodation requirements such as power consumption costs and space costs as a result of data centre consolidations.
  • An increase of $1.2 million from PSPC to provide IT services related to program planning activities in support of the Laboratories Canada’s Phase 1 activities of the Federal Science and Technology Infrastructure Initiative.
  • A decrease of $1.6 million in Vote 1 for the realignment of funding from Operating to Personnel to support HR requirements within the Corporate Services Branch and the Data Centre Services Branch.
Other adjustments: net decrease ($347.2) million

A number of adjustments totalling $347.2 million are related to multi-year initiatives and projects where funding profiles changed due to the initial profile of the approved funding and/or adjustments made thereafter, via re-profiling of funding, to align with the progress of each initiative.

A breakdown of the adjustments by initiative/project is as follows:

  • a net decrease of ($170.1) million for the Workload Migration and Cloud Architecture Program
  • a decrease of ($114.2) million related to the 2018–19 IT Refresh Program time-limited funding, which was from 2018–19 to 2020–21
  • a decrease of ($47.2) million for mission-critical projects (Budget 2017)
  • a net decrease of ($15.7) million for various projects and initiatives, including ($9.4) million for projects and initiatives related to time limited Budget 2018 funding
Net increase $0.9 million: Employee Benefit Plan
  • A net increase of $0.9 million (statutory) in the Employee Benefit Plan
Vote Netted Revenues Authority: total nil net effect
  • An increase of Vote Netted Revenue (VNR) authority of $70.0 million in Vote 5. An extension was granted by TBS for a policy exemption to the Directive on Charging and Special Financial Authorities in order for SSC to use funds received for capital expenditures under a VNR authority. [redacted]

The total 2021–22 Main Estimates is $1,908.1 million.

Overview of Main Estimates 2021–22: TBS

Issue

What is contributing to the net increase in Vote 1, Program Expenditures, in TBS’s 2021–22 Main Estimates?

Key facts

  • TBS is seeking parliamentary approval for Vote 1, Program Expenditures authorities of $281.1 million in the 2021–22 Main Estimates, which includes $21.4 million in planned spending under the leadership of the Minister of Digital Government.

Response

  • Spending plans for TBS to support the Minister of Digital Government in 2021–22 will continue to increase digitally enabled services and ensure they are supported by reliable and secure digital infrastructure.
  • The Canadian Digital Service will use $21.6 million for COVID-19-related services and anticipated new priority government measures to help Canadians through the pandemic, as well as the core work of the Canadian Digital Service.
  • These increases are partially offset by the sunsetting of time-limited funding initiatives of $200,000 by SSC.
  • Together, these account for the net increase of $21.4 million when compared to last year’s Main Estimates under the Minister of Digital.

Background

The net increase of $21.4 million when compared to last year’s Main Estimates is explained as follows:

  • The increase in funding as a result of new funding initiatives of $21.6 million:
    • $12.3 million funding for the Canadian Digital Service to provide critical digital products and services (COVID-19). This funding will be used for the COVID Alert, notably for its cloud computing costs and security review, to accelerate the implementation of Notify, specifically for COVID-19-related services and for the digital service teams to deliver anticipated new priority government measures to help Canadians through the pandemic.
    • $9.3 million funding to continue the Canadian Digital Service. This funding will be used to build on the Canadian Digital Service’s initial work and continue the planned evolution of moving into deeper and more complex service redesign challenges, partnering with core service departments.
  • Sunsetting of time-limited funding initiatives and a reduction of funding authorities compared to the previous year of -$0.2 million:
    • Application Modernization Initiative (transfer from SSC): -$0.2 million

Overall, this results in a net increase of $21.4 million in 2021–22 under the leadership of the Minister of Digital Government.

Departmental Plans 2021–22

Departmental Plan 2021–22 for Shared Services Canada (SSC)

Issue

SSC’s 2021–22 Departmental Plan was tabled February 25, 2021. It provides an account of the department’s mandate, priorities and resources for the upcoming year.

Response

  • The digital world continues to grow quickly, with innovations in technological capabilities and use by Canadians. The Government of Canada’s digital transformation must keep pace so that every Canadian can access any federal government service, at any time, from any device.
  • Under my new strategic direction, the Government of Canada is an open, service-oriented organization that operates and delivers programs, information and user-centric services securely, and in simple, modern and effective ways optimized for a digital world.
  • SSC will continue to implement its enterprise approach to managing digital infrastructure and services. Focus remains on the Government of Canada in its entirety, moving away from providing unique services for each department and agency. Working with federal partners and customers allows leveraging of collective knowledge, expertise and working relationships to ensure the Government of Canada remains responsive, resilient and relevant for Canadians.
  • The department’s priorities are aligned to four key areas: network and security, collaboration tools, application modernization and enabling the enterprise. By keeping these priorities top-of-mind, SSC will work towards achieving the seven departmental results under its sole core responsibility – Common Government of Canada Information Technology (IT) Operations.
  • The enterprise approach proved instrumental in supporting the government’s pandemic response by allowing SSC and its partners to respond quickly and scale efforts to meeting the changing demand to deliver responsive modern digital services essential to the livelihood of millions of Canadians. These efforts will continue.

If pressed on specific initiatives:

Priority Description Key initiatives for 2021–22
Network and Security Networks are fast, reliable and secure
  • Cloud and Internet Connectivity Upgrades
  • Network Modernization
  • Secure Cloud Enablement and Defence
  • Cyber and IT Security Program
  • Secret Secure Remote Access
Collaboration Tools Public servants have the digital tools needed for a modern workplace
  • Microsoft Office 365 Deployment
  • Standardize and Simplify Email
  • Telecom Modernization
  • Implement Science Collaboration Project
Application Modernization Digital government is supported by modern systems and applications
  • Workload Migration and Data Centre Closure
  • Critical IT Repair and Replacement
  • Development and Evolution of the Cloud Operating Model
  • Modernizing a Human Resources and Pay System
Enabling the Enterprise Critical elements to a successful transition to an enterprise approach are in place.
  • Customer-Led Projects
  • Deliver the Canadian Digital Exchange Platform
  • Establish Artificial Intelligence and Automation Service
  • Enterprise IT Service Management
  • Enterprise Service Delivery Solutions
  • Funding Model for Enterprise IT Services
  • Modernization of IT Procurement

Background

The Departmental Plan provides parliamentarians and Canadians with information on SSC’s mandate, priorities and resources for the upcoming year. It describes SSC’s core responsibility and departmental results, departmental priorities for 2021–22 and how the work of the department will support the government’s mandate, commitments and priorities.

SSC’s Departmental Plan acknowledges the important role SSC 3.0 will play in the digital transformation of the department. The Departmental Plan has been structured to reflect the close alignment between the SSC 3.0 priorities and the department’s core responsibility, results and initiatives.

Annex: specific initiatives
  • Network modernization: SSC is working to deliver continuous upgrades to meet increasing demand for higher bandwidth for users, reductions of single points of failure, and standardization and modernization of networks. Work will be done to bring the network closer to a utility model, simplifying network access, and making the network widespread and easy to use.
  • Cyber and IT Security Program: This program will ensure appropriate funding for all government departments and agencies so that a security baseline can be met through targeted security product upgrades.
  • Microsoft Office 365 Deployment: SSC will continue to roll out Microsoft Office 365, a suite of tools that enables new levels of efficiency and collaboration via the cloud.
  • Modernization of Human Resources and Pay System: The Next Generation HR and Pay (NextGen) initiative will focus on iterative testing of solutions and pilots to provide an evidence-based recommendation to the government regarding the replacement of the current pay system (Phoenix) as well as 34 separate HR systems. The process will build on ongoing engagement with key stakeholders, such as employees and managers, HR practitioners, compensation advisors and bargaining agents to simplify processes where possible and ensure the proposed solution meets the needs and expectations of government employees.
  • Establish Artificial Intelligence and Automation Service: SSC will establish an AI and Robotic Process Automation Centre of Excellence. Its capabilities will ensure SSC is able to derive business value from predictive analytics, big data, AI and process automation and optimization.
  • Funding Model for Enterprise IT Services: Work continues with government departments and agencies on a revised funding model to support an enterprise approach for IT service delivery. Coupled with Treasury Board standards and policy, the funding model will ensure a predictable, cost-effective and transparent provision of enterprise IT services to government departments and agencies and create incentives for departments to modernize.
  • Modernization of IT procurement: In 2021–22, SSC will begin the next iteration of Government of Canada network managed services through the establishment of network services procurement vehicles that will enable delivery towards a reliable, fast and scalable network. Interested vendors are being encouraged to include in their response a socio-economic strategy to increase the participation of Canada’s priority groups in the process.

TBS 2021–22 Departmental Plan

Issue

What spending did TBS present to Parliament in its 2021–22 Departmental Plan?

Key facts

  • Departmental Plans have been part of ongoing efforts to improve reporting to Parliament over the last 25 years.
  • TBS’s Departmental Plan includes $7.02 billion in total planned spending, in all categories, including transfers for government-wide initiatives.
  • 2,024 FTEs will help achieve results in the Departmental Plan.

Response

  • The Government of Canada is committed to ensuring that digital services are efficient, secure and simple to use for Canadians.
  • To implement the objectives of digital government, spending plans for TBS in 2021–22 will continue to increase digitally enabled services and ensure they are supported by reliable and secure digital infrastructure.
  • TBS will lead the implementation of generational investments to update and replace outdated IT systems and modernize the way government delivers benefits and services, putting Canadians’ needs and expectations first.

Background

TBS’s 2021–22 Departmental Plan presents $7,022.1 million in total planned spending, which includes a total of 2,024 total FTEs.

The breakdown of these planned departmental expenditures consists of:

  • $3,703.1 million and 303 FTEs to spending oversight to improve the accountability of how taxpayer dollars are spent, as well as strengthen the clarity and consistency of financial and performance reporting. In addition, TBS will support the government’s response to the COVID-19 pandemic by:
    • helping departments draft proposals for implementing government policies and programs to respond to the pandemic
    • tracking, in partnership with the Department of Finance Canada, the fiscal impact of the government’s pandemic response to inform and support decision-making across government      
  • $104.4 million and 608 FTEs to administrative leadership as TBS leads government-wide initiatives, develops policies, and sets the strategic direction for federal government administration. As well, TBS will work with departments to better manage government assets, improve project management, and make government operations greener. In addition, TBS will support the government’s response to the COVID-19 pandemic by:
    • delivering services, including the COVID Alert app
    • leading the implementation of generational investments to update and replace outdated IT systems and modernize the way government delivers benefits and services to Canadians
  • advancing open government, including by undertaking a comprehensive review of the Access to Information Act
  • $3,114.1 million and 414 FTEs to employer responsibilities as TBS develops policies and sets the strategic direction for people and workplace management in the public service. As well, work with departments to ensure compliance with official languages legislation, negotiate in good faith with public sector unions, and lead the implementation of the Pay Equity Act in the core public administration and the Royal Canadian Mounted Police (RCMP). In addition, TBS will work with departments to prepare the public service for the future by:
    • exploring enhanced flexibility in working arrangements
    • achieving a more diverse and inclusive public service
  • modernizing business practices in anticipation of adopting the next generation HR and pay system
  • $9 million and 57 FTEs to regulatory oversight as TBS work with departments to improve regulatory transparency, modernize the regulatory system, and reduce administrative burden on Canadian businesses by:
    • reviewing the Red Tape Reduction Act
    • overseeing targeted regulatory reviews to remove bottlenecks to economic growth and innovation
    • working with other governments to reduce regulatory barriers to trade and investment, while continuing to support the health, safety and environmental protection objectives of the Government of Canada
  • $91.5 million and 642 FTEs to internal services.

The Minister of Digital Government’s mandate is to lead the Government of Canada’s digital transformation, so every Canadian can access any federal government service at any time from any device.

The COVID-19 pandemic is a devastating circumstance that served to accelerate generational digital transformation. It now compels the Government of Canada to put forward an ambitious plan to build back better and requires dedication and innovation in how we deliver. Canadians expect responsive services and transactions with their government, supported by reliable and secure digital infrastructure.

To do so, in 2021–22, under the administrative leadership core responsibility, TBS aims to achieve the following departmental result: government service delivery is digitally enabled and meets the needs of Canadians, including the following departmental result indicators:

  • degree to which clients are satisfied with the delivery of Government of Canada services, expressed as a score out of 100; target at least 60
  • percentage of high-volume Government of Canada services that meet service standards; target at least 80%
  • percentage of high-volume Government of Canada services that are fully available online; target at least 80%
  • usage of high-volume Government of Canada online services, as a percentage of all service delivery channels, including in person and telephone; target at least 75%
  • percentage of Government of Canada websites that provide digital services to citizens securely; target 100%
  • degree to which clients complete tasks on Government of Canada websites; target to be determined as it is a new indicator

As well as the following departmental result, Canadians have timely access to government information, including the following departmental result indicators:

  • number of datasets available to the public; target at least 1,000 new datasets
  • percentage of access to information requests responded to within legislated timelines; target at least 90%
  • percentage of personal information requests responded to within legislated timelines; target at least 85%

Budget 2021

Budget 2021: investments in digital government

Issue

How will investments included in Budget 2021 support digital government in Canada?

Key facts

  • Budget 2021 proposed to invest a total of $101.4 billion over the next three years.
  • The Budget includes $648 million over seven years to TBS and Employment and Social Development Canada to continue implementing Benefit Delivery Modernization, invest in Service Canada’s IT systems and related activities, and support service delivery to Canadians

Response

  • Budget 2021 recognizes the critical role played by digital government and provides the investments needed to continue the government’s digital transformation and ensure a resilient digital government for the future.
  • Proposed key investments outlined in the budget will enable the government to improve and defend our cyber networks, repair and replace critical IT infrastructure, and continue to help departments move digital applications to modern computing facilities.
  • Budget 2021 investments will also allow continued work on the Benefit Delivery Modernization program and support the government’s future service delivery to Canadians.
  • We look forward to working together to ensure the investments made through Budget 2021 continue to strengthen the Government of Canada’s ability to meet the needs and expectations of Canadians, now and into the future.

Background

Budget 2021 proposed to invest a total of $101.4 billion over the next three years, which is forecasted to result in a deficit of $354.2 billion in 2021–21. The deficit is further forecasted to decline to $30.7 billion in 2025–26, approximately 1% of gross domestic product (GDP).

To support digital government, Budget 2021 committed:

  • $88 million over four years, with $25.8 million ongoing, to the Canadian Digital Service to continue to design and deliver digital government services
  • $34 million over five years, with $7 million ongoing, to the Office of the Chief Information Officer to continue to provide strategic direction and leadership in the areas of information management, IT, security, privacy and access to information across the Government of Canada
  • $456.3 million over five years, starting in 2021–22, with $60.7 million in remaining amortization and $62.2 million ongoing, to SSC and the Communications Security Establishment, to ensure the security of Canadians’ information (allocation of funds between SSC and Communications Security Establishment is not publicly disclosed)
  • $215 million over five years to SSC to continue to help government departments and agencies assess digital applications and data, and then decommission or move them to modern computing facilities
  • $300 million over three years to SSC to continue work to repair and replace critical IT infrastructure.

Other Budget 2021 investments supporting the government’s digital service delivery include:

Investments to enable government operations
  • $45 million over two years to ensure that the Office of the Chief Human Resources Officer has the capacity necessary to address HR, pay and pension policy matters on behalf of the Government of Canada
  • $267 million over five years for National Defence to upgrade the critical information systems it relies on to manage its assets, finances and HR
  • $4 million over five years to Office of the Commissioner of Lobbying of Canada to improve the resilience and capabilities of the office’s IM/IT systems used to ensure transparent lobbying in Canada
Investments to enable service delivery
  • $1 billion over six years, starting in 2021–22, to the Universal Broadband Fund
  • $648 million over seven years to Employment and Social Development Canada and TBS to continue implementing Benefit Delivery Modernization, invest in Service Canada’s IT systems and related activities, and support service delivery to Canadians
  • $43.9 million over three years to the Canada Revenue Agency to accelerate the ongoing work with digital government and Employment and Social Development Canada, and to develop the first phase of an e-payroll solution; TBS will co-chair a steering committee with the Privy Council Office to oversee the implementation of this project
  • $9 million in 2021–22 to fund Health Canada to ensure continued availability of the federal digital tools for COVID-19
  • $428.9 million over five years, with $398.5 million in remaining amortization, starting in 2021–22, to develop and deliver an enterprise-wide digital platform that would gradually replace the legacy Global Case Management System; this will enable improved application processing and support for applicants, beginning in 2023
  • $41.7 million over three years, starting in 2021–22, to the Canada Revenue Agency to reduce processing time for T1 adjustments (that is, corrections to people’s general income tax return) by making online self-service more user-friendly and improving automated processing of T1 adjustments
  • $88.2 million over five years, starting in 2021–22, with $13 million ongoing, to the Parole Board of Canada, the Royal Canadian Mounted Police, and Public Safety Canada to reduce application fees, create an online application portal, and support community organizations that help people navigate the pardon application process
Investments in privacy and cyber security
  • $330.6 million over five years, starting in 2021–22, with $1.6 million in remaining amortization, and $51.2 million ongoing, to the Canada Revenue Agency to invest in new technologies and tools that match the growing sophistication of cyber threats, and to ensure the Canada Revenue Agency’s workforce has the specialized skills to proactively monitor threats and better safeguard Canadian data
  • Up to $443.8 million over 10 years, starting in 2021–22, in support of the Pan-Canadian Artificial Intelligence Strategy
Investments in data
  • $17.6 million over five years, starting in 2021–22, and $3.4 million per year ongoing, to create a Data Commissioner to inform government and business approaches to data-driven issues; an additional $8.4 million over five years, starting in 2021–22, and $2.3 million ongoing, to the Standards Council of Canada to continue its work to advance industry-wide data governance standards
  • Up to $5 million over two years, starting in 2021–22, to Statistics Canada to work with partners to enhance the availability of business condition data, better ensuring that the government’s support measures are responsive to the needs of Canadian businesses and entrepreneurs

Cyber security

Cyber security overview: Government of Canada’s roles and responsibilities

Issue

How is cyber security addressed in the Government of Canada, including cyber threats that may pose a risk to government infrastructure, or when aimed at private enterprise?

Key facts

  • TBS, SSC and the Communications Security Establishment are the primary stakeholders with responsibility for ensuring the government’s cyber security posture is effective and continues to evolve.
  • The RCMP is the primary investigative department on all cyber security incidents dealing with actual or suspected cybercrime of non-state origin on the government’s infrastructure.
  • The Policy on Service and Digital outlines the roles and responsibilities of departments for specific aspects of cyber security.
  • The Policy on Government Security outlines the roles and responsibilities for lead security agencies.
  • Government of Canada departments and agencies play an integral role in establishing governance to ensure the integrated management of service, information, data, IT and cyber security within their department.

Response

  • Government of Canada departments and agencies, in collaboration with lead security agencies, are responsible for ensuring that cyber security risks are assessed and mitigated within their organization.
  • Together, TBS, SSC and the Communications Security Establishment work to ensure the government’s cyber security posture is current and effective.
  • We have robust systems and tools in place to monitor, detect and investigate potential threats, and take active measures to address and neutralize these threats.
  • The government will continuously work to enhance cyber security in Canada by preparing for all types of cyber incidents, protecting Canadians and their data.

Background

Overview

The Government of Canada works continuously to enhance cyber security in Canada by preventing attacks through robust security measures, identifying cyber threats and vulnerabilities, and by preparing for and responding to all kinds of cyber incidents to better protect Canada and Canadians.

The government has improved its enterprise capacity to detect, defend and respond to cyber threats; centralized Internet access points; launched an enterprise security architecture program; established the foundation of a Government of Canada Cyber Security Program; and implemented a whole-of-government incident response plan.

Recent investments

Budget 2018 investments included the implementation of a new National Cyber Security Strategy, including the establishment of the Canadian Centre for Cyber Security (Cyber Centre) within the Communications Security Establishment. Funding was allocated for the following four initiatives to strengthen protection of the government’s networks and information:

  • Government of Canada Secret Infrastructure (GCSI) to offer classified (up to Secret) network service to a wider Government of Canada audience
  • endpoint visibility, awareness and security to provide the government with a comprehensive understanding of its IT assets and the ability to protect these assets and respond effectively to cyber security events
  • small departments and agencies study to conduct a study and cost-benefit analysis to migrate all small departments and agencies to secure SSC-managed Internet connections
  • Secure Cloud Enablement and Defence Project to establish new private, secure, dedicated connections between the government and major cloud service providers to minimize cyber security risks

Budget 2021 provided additional funding to the Secure Cloud Enablement and Defence Project to further improve the infrastructure, increase bandwidth, availability, and the resources to facilitate connectivity for departments.

Roles and responsibilities

Government departments and agencies have responsibility to ensure cyber security within their organization. The Policy on Service and Digital for specific aspects of cyber security, such as:

  • integrating cyber security in overall governance of service, information, data and IT
  • designating an Official for Cyber Security who is responsible for departmental cyber security management function
  • including cyber security in departmental planning in alignment with enterprise-wide plan approved by the Chief Information Officer of Canada

TBS, SSC and the Communications Security Establishment are the primary stakeholders with responsibility for ensuring the government’s cyber security posture is effective and able to respond to evolving threats.

TBS provides strategic oversight of government cyber security event management to ensure effective coordination of major security events and support government-wide decision-making. The Chief Information Officer for the Government of Canada, at TBS, sets IT security policy along with other delegated powers.

SSC provides IT security infrastructure (design, deploy and operate). In conjunction with TBS and the Communications Security Establishment, SSC also provides security and privacy by design as part of the establishment of new services. The security of goods and services acquired through SSC is evaluated at all stages of the procurement process to ensure what we buy from suppliers is as safe from cyber security threats as possible.

The Communications Security Establishment houses the Canadian Centre for Cyber Security (Cyber Centre) which monitors government systems and networks for malicious activities and cyber attacks, as well as leads the government’s operational response to cyber security events. The Cyber Centre works to protect and defend the country’s valuable cyber assets and works side by side with the private and public sectors, including critical infrastructure, to solve Canada’s most complex cyber issues.

The Cyber Centre leads the “Get Cyber Safe,” a national public awareness campaign to inform Canadians about cyber security and the simple steps they can take to protect themselves online.

Given the cross-cutting nature of cyber security, a number of other federal departments and agencies play a role in various aspects of cyber security:

Public Safety Canada leads national cyber security policy and strategy by, for example:

  • coordinating the overall response to significant national cyber events through the Government Operations Centre working closely with TBS
  • working with Canadian and international governments, associations, academia and industry to continually advance cyber security both domestically and internationally

The RCMP is the primary investigative department on all cyber security incidents dealing with actual or suspected cybercrime of non-state origin on the government’s infrastructure. They also lead the investigative response to suspected criminal national security cyber incidents and assist domestic and international partners with advice and guidance on cybercrime threats.

The Canadian Security Intelligence Service is the primary department responsible for investigating threats against information systems and critical infrastructure posed by foreign state actors and terrorists.

National Defence / Canadian Armed Forces is the primary department responsible for addressing cyber threats, vulnerabilities or security incidents against or on military systems.

GC Cyber Security Event Management Plan (GC CSEMP)

TBS develops and maintains the Government of Canada Cyber Security Event Management Plan.

The GC CSEMP is the whole-of-government incident response plan under the oversight of the TBS, providing an operational framework which outlines the stakeholders and actions required to ensure that cyber security events are addressed in a consistent, coordinated and timely fashion across the government.

TBS is responsible for strategic oversight of government cyber security event management to ensure effective coordination of major security events and to support government-wide decision-making.

TBS works closely with the Communications Security Establishment and its Canadian Centre for Cyber Security (Cyber Centre), who leads the government’s operational response to cyber security events. The Cyber Centre works to protect and defend the country’s valuable cyber assets and works side by side with the private and public sectors, including critical infrastructure, to solve Canada’s most complex cyber issues. The Cyber Centre monitors government systems and networks for malicious activities and cyber attacks.

The GC CSEMP latest update of the plan took effect in April 2020 and is available publicly on Canada.ca. The update was made to reflect the creation of the Canadian Centre for Cyber Security as well as lessons learned since 2018 and was not related to the COVID-19 pandemic.

Lessons learned from the recent cyber incidents in the summer 2020 (credential stuffing incident) are being captured and will be integrated into the next refresh of the GC CSEMP, scheduled for this year.

Keeping Canadians safe from cyber threats during the COVID-19 pandemic

COVID-19 has presented cybercriminals and fraudsters with an effective lure to encourage victims to visit fake websites, open email attachments, and click on text message links. These various forms of communication typically impersonate health organizations and can pretend to be from the Government of Canada.

TBS amended the Standard on Email Management in 2020 to enhance email domain protection by requiring the implementation of Domain-based Message Authentication, Reporting, and Conformance (DMARC). This email authentication protocol reduces the ability of cyber actors to impersonate trusted brands to perpetrate fraudulent activity and allows the Government of Canada to detect email spoofing.

The Cyber Centre, in coordination with industry partners, is taking action that is contributing to the removal of a number of fraudulent sites that have spoofed organizations such as the Public Health Agency of Canada, the Canada Revenue Agency, and the Canada Border Services Agency.

The Cyber Centre has also been working to protect the Government of Canada through continued monitoring of important government programs against cyber threats (including COVID-related benefits such as Canadian Emergency Response Benefit and others), enabling cyber security monitoring/defence for cloud usage across the government, and evaluating cloud applications, including for the Public Health Agency of Canada.

The Cyber Centre shares advice and guidance to help clients make informed decisions when using remote access services, and selecting, installing and using video-teleconferencing tools.

Canadian Internet Registration Authority (CIRA) partnered with the Cyber Centre to integrate its Canadian threat intelligence feed into a free DNS Firewall service that provides online privacy and security to individuals and families across Canada, based on defensive measures that have already been in place to protect the government’s own systems.

Cyber security at SSC

Issue

The Government of Canada, like every other government and private sector organization in the world, is subject to persistent and constantly evolving cyber threats. As more government services move online, the associated risks to Canadians’ and the Government of Canada’s information is increasing exponentially.

Key facts

  • SSC is responsible for managing the security and network infrastructure for its partners and clients. SSC is also responsible for securing the network perimeter and managing the government’s secret infrastructure. There are 50 wide area networks supported by SSC, enabling digital communications for approximately 377,000 government users nationally and internationally.
  • SSC is continually updating its security infrastructure and software to leverage the latest security measures to better protect its networks.
  • SSC collaborates with the Canadian Centre for Cyber Security and TBS-OCIO for cyber security event management (incident identification, prevention, detection, response and recovery).
  • The National Security and Intelligence Review Agency, recently the target of a cyberattack on their email system, is not a SSC partner department, but an optional client that does not receive its email through secure SSC services.
  • Recently exploited vulnerabilities to SolarWinds and Microsoft Exchange have increased our need to be able to respond to cyber incidents quickly and pivot to new technologies.

Response

  • SSC’s role as the government’s IT service provider is to manage, support and secure the infrastructure required to deliver services to the government and ensure that departments can deliver their services to Canadians.
  • SSC inherited more than 50 different departmental network infrastructures and has been on a journey to simplify, standardize and improve its cyber security. Given increasing cyber threats, we have accelerated our actions in priority areas.
  • Since 2015, the Government of Canada has invested approximately $576.7 million in cyber and IT security infrastructure projects to evolve and enhance the security posture of critical government systems. These investments include automated vulnerability detection, network device authentication, migrating applications from legacy at-risk data centres to modern housing solutions, and secure remote access migration, to name a few.
  • SSC continues to deploy enterprise-level services, which provides consistency and standardization across the environment to reduce complexity. This allows SSC to maximize the productivity of scarce resources and establish a baseline security standard across all organizations.
  • When a cyber security event occurs, SSC collaborates with the Cyber Centre and TBS-OCIO to coordinate with affected SSC-managed departments and agencies to determine root causes, limit any impact and undertake recovery.
  • The Government of Canada is continually updating its technology to support a more agile public service working in service to Canadians and to ensure the security of the information it collects.

Background

Overview

The domain of cyber security is dynamic, with a threat environment that is constantly evolving. While no measures can prevent 100% of cyber incidents, the Government of Canada is committed to making the safety and security of Canadians’ information a top priority.

The Government of Canada is continuously working to enhance cyber security in Canada by preventing attacks through robust security measures, identifying cyber threats and vulnerabilities, and preparing for and responding to all kinds of cyber incidents to better protect Canada and Canadians.

The Government of Canada operates under the Policy on Government Security and the supporting Directive on Security Management.

Canada’s Cyber Security Strategy was developed in 2010 and renewed in 2017 (as the National Cyber Security Strategy (NCSS)), to strengthen government cyber systems and critical infrastructure sectors, support economic growth, and protect Canadians as they connect to each other and to the world. SSC advances and supports the NCSS as an integrated operational and support capability for security service delivery and management. It supports the NCSS domain of Secure and Resilient Canadian Systems, and its programs bolster the government’s directive to secure and strengthen its IT architecture on an enterprise-wide scale.

SSC’s cyber and IT security initiatives will continue to contribute to strengthening security by protecting Canadians and our critical IT infrastructure from cyber threats. This is a priority outlined in the Government’s election platform, the Speech from the Throne, and reiterated by the Prime Minister in the mandate letter addressed to the Minister of Public Safety and Emergency Preparedness.

Roles and responsibilities

TBS is responsible for strategic oversight of government cyber security event management to ensure effective coordination of major security events and to support government-wide decision-making. TBS’s CIO of the Government of Canada sets IT security policies and develops foundation guidelines and direction for security controls.

The Communications Security Establishment 24/7/365 Canadian Centre for Cyber Security (the “Cyber Centre”) monitors government systems and networks for malicious activities and cyberattacks, and provides tailored monitoring of SSC-managed infrastructure. The Communications Security Establishment provides foreign signals intelligence from across the globe. It provides advice, guidance and services to protect electronic information and infrastructures of importance to the government. It also provides technical and operational assistance to federal law enforcement and security agencies, and works on joint projects to strengthen the government’s security posture.

The Cyber Centre is also mandated to inform and support Canadians on protecting themselves against cyberattacks. It provides cyber alerts to the public, prepares the annual National Cyber Threat Assessment, and produces weekly security reports. The Cyber Centre’s infrastructure is not supported by SSC; as such, it is fully responsible for the security of its networks, infrastructure and applications.

SSC provides the IT security infrastructure (design and operation). In conjunction with TBS and the Communications Security Establishment, SSC also provides security and privacy by design as part of the establishment of new services. The security of goods and services at all stages of the procurement process is evaluated to ensure what SSC buys from suppliers is as safe from cyber security threats as possible.

Although most of the security systems used to protect the government are designed and managed by SSC, the Cyber Centre also uses an array of its own complementary solutions to supplement the SSC-managed security systems (for example, Host-Based Sensor for monitoring and protection of government endpoints).

SSC and the Cyber Centre have robust systems and tools in place to monitor, detect, investigate, and mitigate potential threats and their impacts.

During cyber events, SSC collaborates with the Cyber Centre and TBS to coordinate with affected SSC-managed departments to determine root causes, limit any impact and undertake recovery.

Cyber and Information Technology Security Program

After a review of all in-flight security projects, SSC determined the need for a higher level of coordination and collaboration through a security program. SSC needs to have a proper overview of all projects to ensure that they are working well together, supporting each other, efficiently using its limited resources (that is, people and funds), and reducing overlapping functions. SSC needs a program management capability to facilitate the iterative delivery of capabilities and solutions to meet the demands of a digital government. The security program will be a specialized, light-weight governance in the form of a Program Management Office to provide oversight, planning, reference architecture, roadmaps of security projects, and capabilities funded by an annual allotment to incubate new initiatives.

Key cyber and IT security projects

The following projects and programs aim to solidify the Government of Canada’s IT foundation by increasing network reliability and strengthening security:

  • Administrative Access Controls Services: This project will ensure that management of administrative privileges for the 43 partner departments is done government-wide by SSC. Currently, access to systems and controls is provided by individual departments, whereas this project will result in centralized controls for the Government of Canada.
  • Canadian Network for the Advancement of Research, Industry and Education (CANARIE): This project will implement the Government of Canada Science Network with a secure perimeter and provide science departments with access to CANARIE.
  • Endpoint Visibility, Awareness and Security: This project will provide government-wide visibility of Internet-connected devices on Government of Canada networks. This will allow the government to quickly and systematically identify IT vulnerabilities, and prioritize the remediation of known vulnerabilities and risks. Vulnerability Management Services will provide the government with the ability to provide integrated and automated vulnerability detection and remediation across the government.
  • Enterprise Perimeter Security: This project will enhance the security of the government’s Internet perimeter through timely and consistent monitoring, detection and implementation of cyber threat mitigation measures.
  • Enterprise Vulnerability Monitoring and Compliance: In concert with and complementary to the Enterprise Perimeter Security project, this project will enhance the monitoring capability of government IT systems. It will enable the ability to proactively monitor for any advanced threats to the government systems and services.
  • Government of Canada Internal Centralized Authentication Service: This project will provide a new Government of Canada–wide credential (username, password) that is accessible across departments. It will enable two-factor authentication similar to what Canadian banks use for secure interaction with their clients.
  • Government of Canada Secret Infrastructure (GCSI): The GCSI project is made up of three components:
    • GCSI Expansion, which will consolidate the majority of the existing 31 Secret infrastructures currently supported by SSC, so that they may be operated more securely and cost effectively
    • GCSI High Availability, which will provide the addition of high-availability and disaster recovery capabilities that are considered an operational necessity to support the availability requirements for GCSI
    • Voice over Internet Protocol (VoIP) Classified Unified Communications, which will leverage the SSC current portfolio of unified communications solutions and services to implement Secret VoIP and video conferencing services on GCSI
  • Network Device Authentication: This project will centralize life-cycle management of non-person entity certificates and provide reports on authentication, authorization and auditing transactions for the purpose of security auditing as well as compliance and service improvement.
  • Secure Cloud Enablement and Defence: This project will establish a network security zone to reduce exposure to cyber threats and improve performance and reliability between the Government of Canada and external partners / cloud service providers for secure cloud enablement. Dedicated connections to cloud service providers will enable secured management, monitoring, and access of unclassified and off-premise cloud services.
  • Secure Remote Access Migration: This project will provide public servants with the ability to securely connect to their departmental data and information system from a remote location using their government-furnished laptop, tablet or mobile device.
  • Security Information and Event Management (SIEM): This project will implement incident response, cyber threat intelligence feeds and a central logging service functionality. Once implemented, the SIEM project will allow the government to predict, detect and respond to cyber threats and risks.
  • Smart Phone for Classified: The project will implement and operate secure mobile communications services for classified (Secret) information. The service will support up to 300 secure communications for senior leadership users.
  • Small Departments and Agencies Study: This initiative will analyze the connectivity of small departments and agencies to SSC-managed Internet connection points and secure cloud access, ensuring they receive cyber monitoring by the Cyber Centre. This will also provide the opportunity to investigate and develop a minimum viable prototype to evaluate the options and costs to efficiently migrate all small departments and agencies to SSC-managed Internet gateways and look at offering rationalized and consolidated network and security services to SSC mandatory clients, effectively transitioning them to SSC partners.

Security and information management during COVID-19

Issue

In the context of the COVID-19 pandemic a large portion of the public service is working from home. Concerns have been raised regarding potential risks associated with security and information management.

Key facts

  • In her letters to the President of the Treasury Board on April 2, 2020, and April 28, 2020, the Information Commissioner of Canada reminded the government of the importance of documenting decisions and proactively disclosing data during these extraordinary times.
  • On May 28, 2020, the President wrote to his Cabinet colleagues encouraging ministers to proactively publish as much information as possible related to COVID-19 and reminded them of the importance of ensuring best practices in information management.
  • TBS released an updated version of the Guideline on Service and Digital in November 2020 that provided organizations with the most current advice and guidance for the strategic management of information and data.

Response

  • The government remains committed to managing information securely and effectively, in accordance with its sensitivity, while ensuring transparency, openness and accountability to Canadians.
  • All public servants are expected to manage, secure and document information according to legislative requirements and Treasury Board policies, whether working on-site or remotely, and regardless of the tools they use.
  • Tools that are publicly available can only be used for unclassified, non-sensitive discussions that would be permitted in an open, public setting.
  • Robust systems are in place to monitor, detect and investigate potential cyber security threats to information that may result from working remotely.
  • Safeguards such as encryption, encrypted virtual private network (VPN), encrypted storage devices, and upgraded tablets have been used to protect information while ensuring employees can continue delivering trusted services and programs to Canadians.
  • Guidance has been provided to departments and agencies emphasizing the importance of documenting decision and adhering to information management security requirements and to notify departments that security policy requirements for the protection of government assets remain in place, whether in the office or off-site.

Background

Government of Canada employees were reminded of the requirements to manage information securely and effectively in accordance with its sensitivity and all relevant policy and legislative requirements while working remotely. These requirements are set out in legislation, including the Library and Archives Act, as well as in Treasury Board policy instruments, including the Policy on Service and Digital and Directive on Service and Digital, and the Policy on Government Security, including the Directive on Security Management.

These requirements include the obligation of employees to document decisions and activities of business value. This includes information, regardless of medium or form, which is created or acquired because it enables and documents decision-making in support of programs, services and ongoing operations, or supports departmental reporting, performance and accountability requirements. Information of business value, no matter where it is created or collected, is required to be transferred to and stored in the appropriate organizational corporate repository.

Employees are also required to ensure the security and proper handling of sensitive information, consistent with the security categorization of the information, as outlined in the Policy on Government Security instruments. This means respecting security markings and making sure that appropriate tools, devices and methods are used to store, transmit, use and protect the information. In the case of third-party applications, such as Zoom and Google Drive, their use is acceptable for unclassified information. Employees have been reminded to use approved government tools and services for collaboration and communication, such as Office 365, Microsoft Teams and GC Tools, wherever possible.

TBS continues to provide guidance to organizations on information management and security. Last April, we released guidance entitled “Managing government information when working remotely” as well as a toolkit (accessible only on the Government of Canada network) to further guide employees in managing government information when working remotely. The toolkit has been updated regularly since its initial release to ensure it provides the most relevant and up-to-date guidance.

TBS also co-hosted a virtual Security Summit in October 2020 and reinforced the important leadership role of the government security community to continue to provide direction and guidance to employees on the protection of government information. This message was again re-emphasized to Government of Canada chief security officers in an email from TBS in January of this year.

TBS hosted a virtual event last November for over 1,600 public servants to launch the Policy on Service and Digital with a focus on the integrated approach of the policy that brings together technology, information and data, services and cyber security. This event coincided with the release of updated policy guidance that provides organizations with the most current advice and guidance for the strategic management of information and data.

Government cyber security events (GCKey, SolarWinds, Microsoft Exchange, third-party supplier ransomware incident)

Issue

The Government of Canada’s response to cyber incidents such as GCKey, SolarWinds, Microsoft Exchange and the recent third-party supplier incident.

Key facts

  • On August 5, 2020, the Government of Canada was made aware of a credential stuffing attack against the GCKey service.
  • Of the roughly 12 million active GCKey credentials in Canada, the passwords and usernames of just over 9,300 GCKey credentials were used by bad actors to access government accounts.
  • On December 13, 2020, SolarWinds disclosed a security advisory outlining recent malicious activity impacting SolarWinds Orion Platform resulting from a supply chain compromise.Footnote 1 SolarWinds Orion software products are used to help monitor networks for problems.
  • In early March 2021, Microsoft announced that they detected four zero-day vulnerabilities being exploited to compromise on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Microsoft released out-of-band patches to address all four vulnerabilities.
  • On March 12, 2021, a third-party printing services supplier to the government was impacted by a ransomware cyber event. Upon its detection, the supplier shut down all external access to their systems. This attack was not directed at the Government of Canada, nor its IT infrastructure.

Response

  • The Government of Canada, like many other public and private sector organizations in the world, faces ongoing and persistent cyber threats.
  • The government has robust systems and tools in place to monitor, detect and investigate potential threats, and to neutralize threats when they occur.
  • TBS, the Canadian Centre for Cyber Security, SSC and other partners work closely together to investigate and respond to the cyber events as soon as alerted, and to make data, applications and systems secure for Canadians.
  • We work continuously to protect Canadians’ data and personal information against cyber threats. We will continue to work to identify cyber threats and vulnerabilities and preparing for and responding to all types of cyber incidents.

Background

In this past fiscal year, the Government of Canada experienced four notable cyber security events: GCKey credential stuffing attack, SolarWinds supply chain compromise, the exploitation of Microsoft Exchange critical vulnerabilities, and a ransomware incident at a third-party printing service that has contracts with the Government of Canada. The incidents are the result of threats faced by public and private sector organizations alike.

GCKey

On August 5, 2020, the Government of Canada was made aware of a credential stuffing attackFootnote 2 against the GCKey service. The GCKey itself was not compromised and the credentials used did not originate from the service. Around the same time, a similar attack was mounted against the Canada Revenue Agency. Of the roughly 12 million active GCKey credentials in Canada, the passwords and usernames of just over 9,300 GCKey credentials were used by bad actors to access government accounts. In response, the government revoked the affected credentials and put in place measures to prevent further attempts to access its services with these compromised credentials. These measures blocked subsequent attacks.

In addition to the impact on GCKey users, the Canada Revenue Agency identified suspicious activities occurring between early July and August 15, 2020, on approximately 48,500 of the more than 14 million Canada Revenue Agency user accounts. Service Canada and Canada Revenue Agency took additional safety measures to protect account holders by deactivating the compromised accounts, temporarily removing some online abilities, and adding additional security measures to the account sign-in process.

To better coordinate Government of Canada–wide efforts, a Government of Canada–wide response was triggered under the Government of Canada Cyber Security Event Management Plan (GC CSEMP). The Office of the Chief Information Officer of the Government Canada issued an official statement to the public about the incident on August 15, 2020, with a follow-up statement on September 17, 2020.

On August 31, 2020, a proposed class proceeding was filed in Federal Court. The action concerns the unauthorized disclosure to a third party of the personal and financial information of thousands of Canadians from their online accounts with the Government of Canada–branded credential service, the Canada Revenue Agency, and My Service Canada.

The government has implemented additional security features such as multifactor authentication (MFA), to help Canadians protect their accounts, and advancing efforts around digital identity. In Canada, pilots and projects are currently underway that allow users to log in with their provincial trusted digital identities to access federal government services in a timely and secure way.

The government also makes available, tools and resources to the public to assist them in protecting their personal information, for example, Get Cyber Safe, publications at the Canadian Centre for Cyber Security, and Slam the Scam.

SolarWinds supply chain compromise

On December 13, 2020, SolarWinds (a privately held American company) disclosed a security advisory outlining recent malicious activity impacting SolarWinds Orion Platform resulting from a supply chain compromise.Footnote 3 SolarWinds Orion software products are used to help monitor networks for problems.

SolarWinds has publicly stated that fewer than 18,000 of its 300,000+ global customers are believed to have been affected. Victims are understood to include the US government and consulting, technology and telecoms entities in North America, Europe, Asia, and the Middle East.

A Government of Canada–wide response was triggered under the GC CSEMP and the Cyber Centre, and TBS held regular Event Coordination Team meetings and worked collaboratively with SSC and stakeholders to assess, mitigate, analyze and communicate with the government.

To date, the Cyber Centre has not received any reports of government organizations being impacted by this incident.

About supply chain attacks

The Cyber Centre’s National Cyber Threat Assessment 2020 identifies supply chain vulnerabilities as an ever-present threat. Supply chain compromises can occur before or after the delivery of a product or service and during software and hardware updates. The Cyber Centre has assessed that these vulnerabilities will continue to be targeted over the next two years and encourage all Canadians to follow the Cyber Centre’s alerts and take any appropriate action that is required to ensure their networks and systems remain secure.

Exploitation of Microsoft Exchange critical vulnerabilities

In early March 2021, Microsoft announced that they detected four zero-day vulnerabilitiesFootnote 4 being exploited to compromise on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Microsoft released out-of-band patches to address all four vulnerabilities. The vulnerabilities did not affect cloud-based Exchange services.

Given the widespread use of Microsoft Exchange in the Government of Canada, and the critical nature of this vulnerability, as well as the potential for exploitation, this vulnerability triggered a Government of Canada–wide response under the GC CSEMP on March 3, 2021, in order to ensure a coordinated approach across the Government of Canada.

The risk of further impact to the government has been mitigated; however, the Cyber Centre continues to monitor the situation.

Third-party supplier ransomware incident

On March 12, 2021, a third-party printing services supplier to the government was impacted by a ransomware cyber event. Upon detecting the cyber event, the supplier shut down all external access to their systems. This third-party organization provides services to Canadian clients, including to some federal departments and agencies. This attack was not directed at the Government of Canada, nor its IT infrastructure.

Given the number of contracts with this particular supplier, a government-wide response under the GC CSEMP event was declared on March 17, 2021. The Office of the Privacy Commissioner was also advised at the same time.

The Cyber Centre performed an assessment of the supplier’s infrastructure. In addition, the Contract Security Program under PSPC also undertook at a compliance review with respect to security requirements of the contract(s). PSPC is expected to produce a report at the conclusion of the review. The report is expected mid-May 2021.

Data security and protection of personal information

Issue

Data security and the protection of personal information is paramount in Canada’s increasingly digitally enabled government.

Key facts

  • The Government of Canada has to be particularly vigilant to ensure the integrity of data and the protection of personal information.
  • The Communications Security Establishment stops approximately 2 billion malicious activities every day. This includes reconnaissance scans, attempts to install malicious software, and attempts to access databases.
  • Every month, SSC blocks 70 million malicious emails via its layered protection. For every email that arrives at the Canada.ca account, four other malicious emails have been filtered out by our email security infrastructure.
  • The Privacy Act requires that government institutions protect Canadians’ personal information. TBS privacy policies and guidelines support institutions to meet these obligations.
  • Since 2019, TBS has been implementing a Privacy Breach Action Plan, which focuses on strengthening the prevention and management of privacy breaches across government.
  • Recent cyberattacks have highlighted the need to continue to protect personal information.

Response

  • The Government of Canada is committed to protecting its data, IT infrastructure, and information – especially personal information of individuals – so Canadians can rely on a secure, stable and resilient digital government.
  • A number of policies guide federal organizations to build in privacy and security considerations, including the Policy on Service and Digital and the Digital Standards.
  • All new or significantly modified government programs that collect personal information must conduct Privacy Impact Assessments and provide them to the Office of the Privacy Commissioner and TBS.
  • SSC uses a holistic approach to IT security by ensuring that initiatives are built with security in mind from day one. This is Security by Design, and it is leveraged alongside a rigorous Security Assessment and Authorization process for organizations that are developing or modifying IT systems.
  • TBS has also been strengthening the prevention and management of privacy breaches across government through the Privacy Breach Action Plan, including those that might arise as a result of cyber incidents.
  • By modernizing our legislative frameworks, we are ensuring that privacy protection and data security are key considerations in Canada’s increasingly digitally enabled government.

Background

  • The government has improved its enterprise capacity to detect and defend against cyber threats, centralized Internet access points, launched an enterprise security architecture program, and implemented a whole-of-government incident response plan.
  • To support the government’s urgent response to the COVID-19 pandemic, TBS has issued an Interim Privacy Policy and related directives concerning privacy protection.
  • Effective from March 13, 2020, to March 31, 2021, the interim policy and related directives gave institutional heads the discretion to undertake a more condensed, but still rigorous, analysis of privacy considerations to ensure privacy is protected in the implementation of urgent COVID-19 initiatives. These measures were used to ensure that privacy continued to be protected as we move forward with the urgent benefits and supports that Canada needs to manage and respond to the pandemic.
  • The Office of the Chief Information Officer maintained regular contact with chief information officers across the Government of Canada to coordinate the government’s response to COVID-19 and the associated IT-related needs as well as assisting chief information officers in filling their unmet staffing needs.
  • SSC is the custodian of the largest portion of the government’s IT infrastructure. It works with other departments and agencies to help prevent cyber threats by protecting the government’s networks and information. SSC is responsible for planning, designing, building, operating and maintaining effective, efficient and responsive enterprise IT security infrastructure services to secure Government of Canada data and systems under its responsibility.Footnote 5
  • SSC has adopted a Project Governance Framework to manage IT projects. This ensures that privacy and security are considered at each stage of a project to decrease risks and effectively implement security controls in IT systems and services. SSC validates the security controls in place for all infrastructure through the Security Assessment and Authorization process and uses Privacy Impact Assessments to validate that the appropriate privacy safeguards are implemented and functioning, as intended.
Security assessment and authorization of IT systems
  • TheSecurity Assessment and Authorization service supports clients who are developing or modifying IT systems by helping to ensure the confidentiality, integrity and availability of their systems and data as part of their departmental IT security risk management activities.
  • Security Assessment and Authorization helps to validate that security requirements established for a system are met and that its controls and safeguards function as intended. Security Assessment and Authorization also formalizes the process for SSC’s acceptance of any residual risks associated with a system following organizational efforts to address them.
  • Together with Security by Design, Privacy Impact Assessments and Enterprise Architecture services, Security Assessment and Authorization helps protect the integrity and continuity of Government of Canada operations. They ensure the continuous maintenance and monitoring of IT systems are in place by providing rigorous analyses of the threats, vulnerabilities and risks for them and for other systems impacted by their operation.
  • By managing and mitigating the IT security risks of government IT systems and solutions, all organizations and their clients across the Government of Canada, including SSC, benefit.
Protection of personal information
  • Privacy breaches are defined as an improper or unauthorized creation, collection, use, disclosure, retention or disposition of personal information.
  • The Directive on Privacy Practices requires government institutions to establish plans and procedures for addressing privacy breaches in their institutions which must include roles and responsibilities and mandatory reporting of material privacy breaches.
  • In addition, the Policy on Service and Digital requires that institutions, when managing personal information or data, protect the privacy of individuals according to the Privacy Act and any other relevant legislation or policy agreement.
  • Material breaches are breaches that involve sensitive personal information – such as medical and financial information – and could reasonably be expected to cause injury or harm to the individual.
  • TBS supports institutions in the management of reported material breaches reported by institutions across government and identifies where additional guidance or training may be required.
  • Since 2019, TBS has been implementing the Privacy Breach Action Plan which focuses on strengthening the prevention and management of privacy breaches across government.
  • A Privacy Impact Assessment is an evaluation process ensuring the sound management and decision-making as well as careful consideration of privacy risks with respect to the creation, collection and management of personal information as part of government programs or activities.
  • Institutions are required to conduct Privacy Impact Assessments for new or substantially modified programs and activities involving the collection, use or disclosure of personal information and provide them to the Office of the Privacy Commissioner and to the TBS.
  • Through the development of a Privacy Impact Assessment, SSC validates that the appropriate privacy safeguards are implemented and functioning as intended. This ensures that personal information under the control of SSC (as per the Shared Services Canada Act) is appropriately protected. These privacy safeguards and processes include but are not limited to:
    • completing the Privacy Risks Checklist and Privacy Impact Assessments for enterprise initiatives to evaluate whether SSC’s systems and programs comply with the Privacy Act
    • identification of all personal information, which is managed (collected, used, disclosed, retained and disposed of) by an SSC Enterprise service
    • ensuring proper privacy standard acquisition clauses and conditions are included in all SSC enterprise contracts and evaluating vendors’ Privacy Management Plans
    • retaining and disposing of personal information in accordance with related privacy legislation and security standards
    • restricting or limiting the collection and use of personal information to only what is required
    • ensuring that personal information is only used for the intended purpose for which it was collected and/or generated
    • providing privacy training for staff who will be processing personal information

IT infrastructure

Emerging technologies (AI and quantum computing)

Issue

AI and quantum computing bring new challenges and opportunities. Governance and investments are required for the Government of Canada to adapt to these new technologies.

Key facts

  • The Government of Canada’s Directive on Automated Decision-Making was introduced in March 2019 and came into force on April 1, 2020. It encourages the responsible use of automation and AI in delivering services to Canadians.
  • SSC is actively working with science-based departments and agencies to develop methods for continuous improvement of High-Performance Compute service offerings, ensuring services are accessible, reliable, scalable and sustainable for the development of AI.
  • Together, these tools help ensure that the government’s use of technology leads to more efficient, accurate, consistent and interpretable decisions.
  • The Government of Canada relies on cryptography as an effective way to protect the confidentiality and integrity of information and to protect systems from cyberattacks.
  • Quantum computing threatens much of the cryptography used today to protect the confidentiality and integrity of information and to protect systems from cyberattacks.
  • Experts estimate that a large universal quantum computer could exist as early as the 2030s.
  • Virtually all systems used by the Government of Canada will need to be updated or replaced in the coming years to support quantum-safe cryptography to address this threat.

Response

Artificial intelligence
  • The Government of Canada is taking concrete steps in defining how AI should be used responsibly and ethically in the delivery of public services, in line with the principles of openness, transparency, equity of access, security and privacy, as well as the avoidance of bias.
  • The Directive on Automated Decision-Making sets out the rules for how federal departments and agencies must manage risks when using technologies like machine learning or AI.
  • TBS has also developed the Algorithmic Impact Assessment which helps assess the risks associated with the use of AI.
  • In 2020, SSC reinforced its commitment to its client base by creating a departmental AI program and by establishing an AI Centre of Excellence.
  • The strategic objective of the AI Program is to enable the government to derive business value through the application of best practices, capabilities and technologies.
Quantum computing
  • The Government of Canada is working with industry partners, allies and the broader international community to ensure that its cryptographic systems are resistant against attacks by quantum computers.
  • The unique capabilities of quantum computing will pose a threat to much of the cryptography the government uses today to protect the confidentiality and integrity of information and systems from cyberattacks.
  • PSPC is working with industry partners, to communicate the need for quantum-safe products and services, while the Communications Security Establishment participates in international standards development organizations to encourage the development of post-quantum cryptography standards.
  • Virtually all systems used by the Government of Canada will need to be updated or replaced in the coming years to support quantum-resistant cryptographic components, which may require significant investments.

Background

Artificial intelligence

AI can be described as IT that performs tasks that would ordinarily require biological brainpower to accomplish, such as making sense of spoken language, learning behaviours or solving problems.

Government of Canada Directive on Automated Decision-Making

The Government of Canada has been a leader in the development of guidance for AI use by the public sector:

  • Canada’s Directive on Automated Decision-Making, launched in March 2019, seeks to ensure that automated decision systems are deployed in a responsible manner that reduces risks to Canadians and federal institutions, and leads to more efficient, accurate, consistent and interpretable decisions made pursuant to Canadian law.
  • The directive includes a set of guiding principles which will help ensure departments use AI effectively and ethically.
  • The creation of this directive was done in collaboration with academics, industry leaders, civil society, and other governments to identify and mitigate various risks associated with using AI systems.
  • The Algorithmic Impact Assessment (AIA) tool, launched in May 2019, is a questionnaire designed to help government departments assess and manage the risks associated with deploying automated decision systems. The AIA also helps identify the impact level of automated decision systems under the Directive on Automated Decision-Making to ensure that the mitigation measures are proportional to the risks. The AIA was also developed in the open and is available to the outside world for sharing and re-use under an open licence.
Recent media coverage of National Defence’s use of artificial intelligence (AI) in human resources

On February 7, 2021, The Globe and Mail reported on National Defence’s use of AI to enhance hiring processes without completing and publishing an Algorithmic Impact Assessment (AIA). The federal department contracted Knockri and Plum – AI-driven Canadian hiring services – to help shortlist candidates as part of a campaign to improve diversity in the workplace. The companies conduct automated behavioural assessments and provide clients with measurements of the “personalities, cognitive abilities and social acumen” of applicants. The incident highlights the importance to continue working with our federal partners to ensure they are aware of the requirements and best practices of the Directive on Automated Decision-Making. This is critical to building public trust in the government and ensuring that we uphold our commitments to responsible AI in the public sector. Currently, there is only one Algorithmic Impact Assessment posted on Canada.ca.

Shared Services Canada (SSC) enablement role for AI

In 2020, SSC reinforced its commitment to its client base by creating a departmental AI program and by establishing an AI Centre of Excellence.

The strategic objective of the AI Program is to enable SSC and client departments to derive business value through the application of AI best practices, capabilities and technologies.

Quantum overview

Quantum computers have the potential to revolutionize computing, calculating in minutes what a supercomputer would take more than 10,000 years to do. Quantum computers are best suited to solve certain types of problems that are hard for classical computers, but which can be tackled using new algorithms developed specifically to exploit the often unintuitive properties of the world of quantum physics. Quantum computing researchers are actively working on new algorithms and approaches to harness the advantages of quantum computing in new fields.

Quantum computing threatens to break much of the cryptographic systems the Government of Canada uses today. Experts estimate that large universal quantum computers that are powerful enough to break much of the cryptography we use today will likely exist by sometime in the 2030s. While that’s an estimate, it’s something that the Government of Canada needs to be prepared for since cryptography is fundamental to cyber security. Without strong cryptography, electronic communications and systems used today would be threatened.

Government work underway to address risks posed by quantum computing

The Government of Canada has a strong interest in ensuring that its cryptographic systems are resistant against attacks by quantum computers, once fully realized. Work currently underway to address this includes:

  • The Government of Canada is working with industry partners, allies and the broader international community to develop and evaluate the next generation of quantum-resistant cryptography and design of new cryptographic components that are not vulnerable to quantum computers. In fall 2019, PSPC worked with industry partners to ensure they are aware that the requirements for quantum-safe products and services may become a standard part of the Government of Canada’s procurement process.
  • The Canadian Centre for Cyber Security is the lead agency on cryptography in the Government of Canada and provides advice and guidance on the use of cryptography to secure networks and information.
  • The Canadian Centre for Cyber Security is working closely with Canadian industry and academia and contributing to research and development in cryptography. These research results are incorporated into the advice and guidance which helps to protect the Government of Canada’s current sensitive information.
  • The Canadian Centre for Cyber Security is working with Government of Canada departments and agencies who hold information with a long intelligence life to protect systems against the confidentiality threat posed by quantum computers.
  • The Communications Security Establishment participates in cryptographic standards development which includes the development of post-quantum cryptography standards by National Institute on Standards and Technology.

Application modernization

Issue

Much of the Government of Canada’s applications, infrastructure and hosting environments are outdated, lack modern security, and are at constant risk of outages.

Key facts

  • Digital services to Canadians are underpinned by the applications and infrastructure on which they reside.
  • At present, only 36% of government applications are considered healthy.
  • Many of these applications and their associated data remain hosted in legacy data centres, which, while being maintained through the Information Technology (IT) Repair and Replacement Program, have greater risks of service interruptions, loss of data and security vulnerabilities.
  • SSC, in collaboration with TBS, supports the migration and modernization of these outdated and mission-critical government applications to safe and secure modern environments, either to the cloud or to a newer Enterprise Data Centre.
  • By adopting cloud computing, the government is better able to support a digitally enabled workforce and digital services for Canadians, particularly during this critical pandemic period.
  • Moving application workloads from on-premise environments to the cloud supports green IT initiatives by reducing the corresponding carbon footprint.
  • The protection and privacy of government data stored and processed in the cloud is a top priority for SSC and includes compliance monitoring.

Response

  • As government applications continue to deteriorate, we must prioritize investments to replace those applications that rely on aging IT and outdated infrastructure.
  • The 2021 federal budget announced $300 million to SSC over the next three years to repair and replace critical IT infrastructure and another $215 million to continue to help departments migrate digital applications to modern computing facilities.
  • The government is building the digital foundation for modern service delivery to Canadians by adopting cloud technologies, modernizing IT systems, as well as the IT infrastructure and networks on which they reside.
  • SSC in collaboration with TBS are supporting these efforts, ultimately improving overall application health to provide efficient, secure and stable digital services.
  • Over the last three years, the measure of overall health of the application portfolio has increased from 28% to 36%, which is progress, but we need to continue this trend.
  • TBS is providing departments and agencies with financial assistance to acquire the expertise to accelerate department readiness to modernize their applications.
  • SSC is providing core services to departments and agencies by assessing and modernizing IT infrastructure, and works with departments on new initiatives to further advance cloud adoption, standardize support, improve processes and service levels, and enhance security.
  • Cloud adoption presents great opportunities for better serving Canadians through agility, elasticity, improved service levels and enhanced security.

Background

To provide Canadians with important programs and services, federal government organizations depend on SSC to provide modern and reliable IT infrastructure and services.

To modernize/enhance government digital services, Budget 2018 proposed significant investments to address evolving IT needs and opportunities, while proactively addressing cyber security threats. TBS received $110 million over six years, starting in 2018–19, to be accessed by SSC’s partner departments and agencies to help them modernize their applications to migrate them from older data centres into more secure modern data centres or cloud solutions.

$110 million over six years to TBS, starting in 2018–19, to be accessed by SSC’s partner departments and agencies to help them migrate their applications from older data centres into more secure modern data centres or cloud solutions.

Modernizing applications

The Application Modernization Fund incentivizes departments and agencies to proactively evaluate their applications’ business value and technical risk for either modernization or decommissioning. It promotes a triaging approach by allocating funds to departments and agencies on a priority basis to ensure aging IT is addressed while establishing application portfolio management best practices, including sustainability planning.

As of March 31, 2021, TBS had disbursed $64 million to 18 SSC partner departments to support the application migration and modernization efforts. To date:

  • one department that has completed its modernization efforts, including migration to the cloud, and has embarked on their continuous modernization activities
  • eight departments/agencies in the planning (discovery phase) of their journey
  • nine departments/agencies are executing on their modernization and migration plans (execution phase)
Adopting cloud technologies

The government has implemented a “cloud first” adoption strategy and developed multiple guidance documents as cloud represents a fundamental shift in the modern and flexible delivery of digital services. Cloud services provide access to shared IT resources through “pay-for-use” models, similar to those for water and electrical utilities. Fully leveraging the speed, reliability and agility of modern cloud services, the government will be able to improve its digital service delivery to Canadians.

Update on cloud and workload modernization

Issue

SSC is helping to accelerate Government of Canada cloud adoption and workload modernization. Public cloud and state-of-the-art enterprise data centres also support of the Government of Canada’s response to COVID-19.

Key facts

  • SSC provides the government with access to commercially available cloud services for up to Protected B data.
  • As the government’s cloud services broker, SSC helps departments choose public cloud services or enterprise data centres to meet their business needs.
  • By adopting cloud computing, the government is able to better support a digitally enabled workforce and digital services for Canadians, particularly during this critical pandemic period.
  • Canadians can rest assured that their data is safe in the cloud.
  • SSC monitors compliance with Government of Canada–specified security requirements to ensure they are implemented and remain in place.
  • The government will not award contracts unless all security requirements are met and has policies in place that enforce where data resides (residency) and how it is controlled (sovereignty).

Response

  • The Government of Canada is leveraging cloud adoption to provide secure computing resources with greater agility, performance and security for core IT systems serving Canadians.
  • SSC established a contact centre in the cloud to deliver excellent client service while managing constantly evolving security threats.
  • In fiscal year 2019–20, SSC launched a Secure Cloud Enablement and Defence pilot with 10 partner departments, which established secure network connections from SSC-managed data centres to the public cloud.
  • In fiscal year 2020–21, funding was secured to scale up the pilot, now referred to as Secure Cloud to Ground.
  • SSC is working with departments to securely transition to the cloud. As of March 31, 2021, SSC fulfilled $113.9 million of cloud requests across the Government of Canada.
  • SSC is also advancing a number of enterprise solutions by leveraging cloud capabilities. These include:
    • migration of email systems to the cloud to provide more stable and integrated solutions to federal public servants
    • building contact centre solutions that enable client departments to scale up call centre capacity as needed
    • making collaborative tools such as Teams available to more than 300,000 employees
  • Cloud solutions have been leveraged as part of the effort to respond to the COVID-19 pandemic. For example:
    • a secure cloud-to-ground network connection for the Public Health Agency of Canada is supporting the National Vaccine Management Information Platform initiative and vaccine rollout
    • Employment and Social Development Canada’s cloud-based app enables Canadians to access the Canada Emergency Response Benefit
    • Canada Border Services Agency’s cloud-based ArriveCAN 2.0 supports the re-entry of Canadians after travelling

Background

SSC provides the Government of Canada with access to commercially available cloud services for up to Protected B data and state-of-the-art Enterprise Data Centres.

As the government cloud services broker, SSC helps departments choose public cloud services for their business needs.

By adopting cloud computing or in conjunction with Enterprise Data Centres, the Government of Canada will be able to better support a digitally enabled workforce and digital services for Canadians, particularly during this critical pandemic period.

Security

SSC works continuously with its security partners like the Canadian Centre for Cyber Security to ensure that Government of Canada–specified security requirements are implemented to mitigate threats to the confidentiality, integrity, and availability of data and business processes. As part of this, Supply Chain Integrity verifications are conducted to ensure that only trusted equipment, software and cloud services are used on Government of Canada systems.

Secure cloud enablement and defence

Secure Cloud Enablement and Defence provides secure and reliable enterprise-wide connectivity to public cloud services for data up to Protected B. Secure Cloud to Ground Connectivity was provisioned to multiple Government of Canada departments to facilitate their response to COVID-19.

Procurement

Procurement at Shared Services Canada (SSC)

Issue

SSC conducts innovative, open, fair and transparent procurement processes that are supported by a solid governance. Whenever possible, SSC uses competition to get the best value for Canadians.

Key facts

  • SSC procurement is guided by the principles of fairness, openness and transparency.
  • SSC is taking action to:
    • simplify procurement and increase access for small and medium enterprises (SMEs) and companies owned and operated by priority groups, such as Indigenous peoples and persons with disabilities
    • leverage its buying power to drive innovation and economic growth
  • SSC has in place a Procurement Governance Framework that provides procurement oversight, control, integration, risk management and decision-making to ensure transparency and accountability of decision-making.
  • SSC has created a Compliance and Quality Assurance Program to measure adherence and compliance with law, policy and governance.
  • SSC is piloting better vendor management tools to explore new ways in which to hold contractors accountable for poor performance or unacceptable behaviour, particularly in large-scale procurements.
  • SSC openly collaborates and consults with industry on its integrated procurement strategies and practices.

Response

SSC procurement adheres to Government of Canada procedures and transparency practices. Like other departments, SSC proactively discloses all awarded contracts over $10,000, competitive and non-competitive.

SSC supports market-based competition, where possible.

SSC fully justifies all instances of non-competitive contracts by referencing the legal authority found in the applicable trade agreements and the Government Contracts Regulations.

Examples of non-competitive contracts with a supplier may include:

  • to maintain substantial investments in IT infrastructure to maximize its useful life and make the best use out of government resources
  • to acquire essential, interchangeable or interoperable equipment to maintain the existing government IT infrastructure where:
    • the original equipment manufacturer is the only one that sells the product (and does not have a reseller network)
    • SSC can demonstrate that a change of supplier cannot be made for economic or technical reasons and would cause significant duplication of costs
BuyandSell

SSC openly competes generic requirements on BuyandSell (and if specifying a product by brand name because there is no sufficiently precise or intelligible way of describing the requirement, SSC will consider equivalent goods or services).

If the procurement is subject to trade agreements, SSC cannot hold a competition that is restricted to resellers of a specific product, unless SSC will consider equivalent goods or services that demonstrably fulfill the requirement.

Specifying a product by brand name should be unusual unless there is no other sufficiently precise or intelligible way of describing the requirement.

Network Solution Supply Chain (NSSC) vehicles
  • NSSC was established by way of an open, multi-phased, collaborative procurement process. All network procurements are subject to governance via the Network Infrastructure Requirement Review Committee for requirements exceeding $1 million.
  • For requirements that are able to be satisfied off the NSSC catalogues, where there is a justified branded requirement, procurements will be run through the NSSC vehicle and awarded to the contractor demonstrating the best value for the Crown.

Background

  • SSC procures the necessary IT assets and services to support digital services and program delivery to Canadians.
  • SSC procurement is conducted in a manner that enhances access, competition and fairness, and results in best value or optimal benefits to Canadians, and is guided by the following principles:
    • fairness, transparency, inclusiveness and integrity
    • market-based competition is the best vehicle for delivering the most efficient, effective and highest-value solutions
    • procurement supports economic growth, innovation, economic, socio-economic, innovation, and environmental and sustainability goals
    • positive industry relation and early engagement is key to successful procurement
Metrics
Procurement contracts
All SSC: other government department contracts
Fiscal year Competitive Non-competitive Total
2019–20 6,526 (64%)
$1.6 billion (87%)		 3,747 (36%)
$230.6 million (13%)		 10,273
($1.8 billion)
2020–21 7,739 (61%)
$2.4 billion (62%)		 5,012 (39%)
$1.4 billion (38%) 		12,751
($3.8 billion)
Network equipment-specific (SSC)table 4 note *
Fiscal year Competitive Non-competitive Total
2019–20 217 (49%)
$226.1 million (98%)		 224 (51%)
$4.8 million (2%)		 441
($230.9 million)
2020–21 396 (61%)
$186.1 million (95%)		 255 (39%)
$8.9 million (5%)		 651
($195.1 million)

Table 4 Notes

Table 4 Note 1

Communications/networking equipment, computer servers and peripherals, and networking software

Return to table 4 note * referrer

Greening: achievements
  • 2020 Electronic Product Environment Assessment Tool (EPEAT) Purchaser Award Winner for its leadership in sustainable electronics procurement for the sixth year in a row
  • Enterprise Data Centre Borden: Designed Leadership in Energy and Environmental Design (LEED) Silver
  • SAGE: significantly reduced use of Styrofoam and plastics in packaging of information and communication technology
  • WTD Print: procurement vehicle with requirements for Energy Star certification and stringent mandatory recycling
Small/medium enterprises (SSC-funded: fiscal year 2019–20)

Volume

  • Total SSC contracts: 2,855
  • 2,246 contracts to SMEs (79%)
  • 98% contracts to Canadian SMEs
  • 117 contracts to Indigenous SMEs

Value

  • Total SSC: $1.3 billion
  • $877 million awarded to SMEs (67%)
  • 97% awarded to Canadian SMEs
  • $35.8 million awarded to Indigenous SMEs

Fiscal year 2018–19 versus fiscal year 2019–20

  • 6% increase in number of contracts
  • $467 million increase value of contracts

2021 Winter Reports of the Auditor General of Canada: Procuring Complex Information Technology Solutions

Issue

The Auditor General tabled a performance audit report on procuring complex information technology solutions on February 25, 2021.

Key facts

  • The audit covered the period of April 1, 2018, to August 30, 2020, and implicates SSC, TBS, PSPC and Employment and Social Development Canada.
  • The Auditor General observed that federal organizations had made good progress towards modernizing procurement practices and adopting agile procurement.
  • The audit found that organizations did not provide enough guidance or training to staff related to agile procurement.
  • The audit noted that there were opportunities to strengthen governance to ensure that senior representatives were sufficiently engaged in procurement initiatives.
  • The audit noted that improvements are needed to detect and prevent integrity risks in procurement processes.
  • The audit made recommendations related to training on agile procurement, and on information management and the use of data analytics to support demonstration of fairness and integrity in procurement.

Response

  • The Government of Canada welcomes the Auditor General’s recommendations.
  • The government will continue to work across organizations and key stakeholders to develop and promote guidance and tools to support agile procurement.
  • SSC has governance frameworks in place to ensure that projects and procurements have appropriate governance and stakeholder engagement, and sound information management practices.
  • SSC is working closely with TBS and PSPC to foster a common understanding of agile procurements when undertaking transformational IT initiatives.
  • In 2019, SSC established a Centre of Expertise in Agile and Innovative Procurement supporting procurement officers in the implementation of agile and innovative procurements.
  • SSC will continue to work with the Office of the Chief Human Resources Officer at TBS and senior officials and users in other departments and agencies to define business needs and anticipate change management requirements for transformational IT initiatives, such as NextGen.
  • SSC uses data analytics to inform decision-making and will continue to augment its capabilities through a Departmental Analytics Strategy and roadmap. To help identify procurement integrity issues, SSC will be uploading its procurement data into the department’s Enterprise Data Repository.
  • SSC’s Compliance and Quality Assurance Program contributes to support the continuous improvement of information management practices in procurement

Background

Objective of the audit: This audit focused on whether selected departments planned and carried out agile procurements for complex IT solutions that supported the achievement of business outcomes and demonstrated the government’s commitment to fairness, openness and transparency in the process.

In particular, the audit examined the procurement processes for three major IT initiatives: Next Generation Human Resources and Pay (NextGen), Benefits Delivery Modernization, and Workplace Communication Services (WCS). While NextGen and Benefits Delivery Modernization used elements of agile procurement, WCS used a traditional procurement process.

Findings: Overall, the Office of the Auditor General found that the implicated departments made good progress towards adopting agile procurement practices. However, the Office of the Auditor General also found that:

  • the organizations rolled out agile procurement without enough training to staff or engagement with key stakeholders
  • monitoring of fairness, openness and transparency needed improvement in the areas of procurement integrity, tracking of fairness issues and information from third-party fairness monitors

Recommendations: The report makes five recommendations. TBS was implicated in two of the audit’s recommendations because of its central agency policy role and its involvement with the NextGen HR and Pay Initiative (TBS was lead between 2018 and 2020 before responsibility for the project was transferred to SSC). SSC was scoped into the audit on four of the audit’s recommendations related to the WCS and NextGen.

  1. To further support the government’s modernization of procurement, the Treasury Board of Canada Secretariat, Public Services and Procurement Canada, and Shared Services Canada should develop more comprehensive guidance and training for employees to improve understanding of agile procurement and how to apply collaborative methods.

    The Treasury Board of Canada Secretariat, with input from Public Services and Procurement Canada and Shared Services Canada, should also assess what skills, competencies, and experience procurement officers need to support agile approaches to complex IT procurements

  2. TBS, Employment and Social Development Canada, and SSC should ensure governance mechanisms are in place to engage senior representatives of concerned departments and agencies for each of the complex IT procurements we audited. This will be particularly important to support agile procurements of complex IT initiatives and their successful achievement of business outcomes.
  3. PSPC should continue to advance its use of data analytics so that it can identify procurement integrity issues.
  4. SSC should begin to use data analytics to improve its ability to identify procurement integrity issues.
  5. PSPC and SSC should improve their information management practices to help contracting authorities better demonstrate that procurement processes are fair. The departments should ensure that procurement records include, at a minimum, file histories, explanations of problems that arise (and how they were resolved) and all relevant decisions and communications with implicated parties.

TBS, PSPC, SSC, and Employment and Social Development Canada agree with the recommendations directed at their departments respectively.

Other background information

To deliver services efficiently, federal government organizations often need to procure new, complex information (IT) systems to replace aging ones. The government currently has about 21 large IT procurements underway, valued at over $6.6 billion.

While traditional procurement is linear, agile procurement is iterative and typically awards multiple small contracts. Agile procurement aims to achieve business outcomes by establishing close collaborations between procurement experts, end users (those who use the procured systems), and private sector suppliers, through multiple phases. It permits course corrections and helps federal organizations apply lessons learned. It is best used for complex projects in which it may not be clear at the outset what the best potential solution is to address business needs.

In 2017, the Prime Minister directed the Minister of Public Services and Procurement to modernize how the government procures these new systems. Since then, PSPC and SSC have introduced initiatives to meet this directive. Agile procurement, which they adopted in 2018, is one of them.

SSC has had a Procurement Governance Framework since July 2019, which was developed, implemented, and communicated, as appropriate, to provide procurement oversight, control, integration, risk management and decision-making for greater transparency and accountability. This framework tailors the required stakeholder oversight levels in relation to the size, scope, complexity and risks of the procurements.

In December 2019, SSC established the Centre of Expertise in Agile and Innovative Procurement, which is dedicated to supporting procurement officers in the implementation of agile and innovative procurements. The department has also undertaken significant efforts to launch and implement the Procurement Refresher and Essentials Program, which is continuously modernized. SSC will continue to ensure that employees involved in transformational IT procurements have a more comprehensive understanding of agile and collaborative procurement methods through refinements to guidance, training and support being provided to procurement officers.

The 2018 Office of the Auditor General examination of the implementation of the Phoenix pay system recommended that for all government-wide IT projects, mandatory independent reviews of the project’s key decisions be carried out to determine if they should proceed or not. Furthermore, it recommended that government ensure effective oversight is maintained and documented, and that it include the heads of concerned departments and agencies. The Standing Committee on Public Accounts endorsed these recommendations in February 2019.

Workplace communication services

Since awarding of the Workplace Communication Services contract in 2017, SSC has put in place the Project Management Framework, which guides the effective management and delivery of the department’s projects throughout the project life cycle. The framework consists of tools such as a project control framework, integrated plans, risk registers, and the stakeholders’ responsibility and accountability matrix, which ensures continued alignment between all stakeholders to support the achievement of the desired business outcomes. The department’s Project Governance Framework documents and communicates the role of the various governance committees in providing effective oversight and a challenge function.

Network modernization

Issue

Government of Canada networks are aging, costly to maintain and unable to support modern services such as cloud, video and voice services. What is SSC doing to facilitate the end-to-end digital services public servants and Canadians need?

Key facts

  • SSC provides network services to more than 400,000 government users.
  • SSC inherited more than 50 different departmental network infrastructures.

Response

  • A high-performing and resilient enterprise network is an underpinning enabler of a digital government.
  • SSC is driving an enterprise approach by working with federal partners and clients to consolidate, modernize and standardize Government of Canada networks.
  • This enterprise approach is advanced, for example, by sharing network infrastructure across departments and agencies, developing open industry standards, and working with the Communications Security Establishment to design security safeguards into the network from the ground up.
  • SSC is leveraging emerging technologies to provide high-performing network services across the country, including northern and remote locations, to lower the total cost of ownership, and to automate and simplify network support.
  • SSC is collaborating with industry to ensure we align with global best practices, develop realistic transition plans, and maximize the use of competitive procurement vehicles.
  • SSC has outlined its proposed approach in its network modernization way forward document, which has been released for wider industry and peer group feedback and input.

Background

What are the emerging technologies that will support network modernization?

  • SSC will leverage emerging technologies such as software-defined networks (SDN), Zero Trust network architecture (ZTNA), next-generation wireless including Long-Term Evolution (LTE) and 5G technologies, AI and continuous network monitoring:
    • SDN is a network architecture paradigm that enables the network to be centrally controlled using software applications
    • ZTNA is a security strategy that is based on the principle that no user, application or device can be trusted
    • LTE (Long-Term Evolution) is a standard for wireless broadband cellular networks
    • 5G is the fifth generation technology standard for broadband cellular networks
    • AI refers to the simulation of human intelligence in machines that are programmed to think and analyze
    • continuous network monitoring is an automated approach to measuring the security and health of the network

What are some of the recent procurement activities?

  • Long-term: SSC has initiated five procurement streams for long-term solutions via the Government of Canada network services procurement process.
  • Short-term: SSC has recently competed a number of competitive procurements for:
    • network equipment for new buildings for small real property projects (awarded to Ruckus Networks)
    • network equipment refresh (awarded to Juniper Networks)
    • Wi-Fi equipment (in progress)
    • Wide Area Network routers (awarded to Cisco)
    • secure remote access equipment (in progress)
    • firewall equipment (to be initiated in summer 2021)

COVID-19 and service to Canadians

COVID Alert application

Issue

The national exposure notification app, COVID Alert, was developed to let users know that they may have been exposed to COVID-19.

Key facts

  • COVID Alert, a national exposure notification app, was launched July 31, after approximately 45 days of design and development efforts.
  • It was made available to provinces and territories as a public health tool intended to help individuals know that they may have been exposed to COVID-19. Onboarded provinces and territories include Ontario, Manitoba, Saskatchewan, Quebec, Newfoundland and Labrador, Nova Scotia, Prince Edward Island, New Brunswick and the Northwest Territories.
  • Metrics about app downloads and usage of one-time keys (OTKs) have been available in the public domain since the launch of the app on Canada.ca.
  • COVID Alert was developed by the Canadian Digital Service, using open-source code developed by volunteers from Shopify, as well as Bluetooth exposure notification technology co-developed by Apple and Google. It received security reviews from the Office of the Chief Information Officer at TBS, the Canadian Centre for Cyber Security and BlackBerry.
  • Engagement with the Office of the Privacy Commissioner began before the launch of the app and continues as improvements and features are added to the app.

Response

  • As Canadians continue to face the health and economic impacts of the pandemic, we need to work together to keep people safe and healthy and contain the virus.
  • One of the tools that some countries have found effective in helping to slow the spread of COVID-19 is exposure notification. That’s why the Government of Canada developed the COVID Alert app.
  • COVID Alert is just one of many tools the Government of Canada has made available to provinces and territories for Canadians to help protect them from the pandemic and keep them safe.
  • The COVID Alert app has been downloaded by millions of Canadians, but because there continues to be a low distribution of OTKs to people who test positive, COVID Alert hasn’t realized its potential.
  • The federal government has continued to engage with the provinces and territories – both those who have adopted COVID Alert and those who have not – to find ways to encourage uptake of the app and improve distribution of OTKs when people test positive.
  • We are continually assessing the value of COVID Alert in the dynamic context of the pandemic.

Background

Exposure notification uses Bluetooth technology via an application that is downloaded to mobile devices. This is different from conventional contact tracing done by public health officials, a manual process requiring extensive personal information.

As of May 6, COVID Alert app has been downloaded approximately 6.5 million times, with 32,1000 OTKs claimed in the app across nine provinces and territories. Low rates of OTK distribution continue to limit the effectiveness of the OTK-based service. Fewer than 5% of people in Canada diagnosed with COVID-19 have received an OTK to enter into COVID Alert. Of the COVID Alert users who tested positive for COVID and did receive an OTK from their provincial or territorial health authority, nearly all (over 80%) entered that OTK into the app. This indicates that users are willing and able to participate in the system. However, while there have been ongoing discussions with provinces and territories at all levels, OTK distribution is reliant on provinces and territories, which face limited capacity and competing priorities, including vaccine distribution. Downloads of COVID Alert have plateaued since December 2020.

Consideration is being given to a QR (Quick Response) Code exposure notification service (QR Code service) that could be introduced into the app with the potential to help to break the chain of transmission faster, by streamlining contact tracing for app users, businesses and organizations, and public health officials. It is also intended to help respond to the rise in variants of concern. The success of a QR Code service would depend on widespread uptake from provincial and territorial health authorities and businesses.

Supporting IT capacity of departments and employees during the pandemic

Issue

How did SSC support IT capacity of Government of Canada departments and agencies, and their employees working from home, during the COVID-19 pandemic?

Key facts

Enabling remote work and digital collaboration
  • SSC supported the government by accelerating the deployment of leading-edge collaboration tools, training and operational guidance to ensure that workers could safely and securely work remotely from home.
  • SSC delivered digital services at a time of great need, rolling out the temporary GC-COVID Collaboration System to over 40 departments and 100,000 users.
  • Successful enablement of Microsoft Teams also supported over 300,000 remote workers, including those on the front lines (for example, Health Canada, the Canada Revenue Agency and Employment and Social Development Canada).
  • Employees were able to gain reliable and secure access to email, video conferencing, text and audio calling, along with other collaboration tools having accessibility and security built in from the outset.
  • Initiatives that would normally have taken months or years were compressed into days and weeks.
Infrastructure (for example, network and secure remote access)
  • Increased total government secure remote access capacity, from 33% to 72%, supporting 300,000 simultaneous connections, thus allowing employees the ability to work from home.
  • Enterprise Internet bandwidth increased by over 50% enabling the government to stay connected with Canadians and allow for greater Government of Canada–wide information sharing. The utilization and demand are being closely monitored, and planning is underway to increase the bandwidth as required in fiscal year 2021–22 by another 33%, with the potential to go further.
  • Wi-Fi calling was activated for all 183,000 mobile accounts in the public service, allowing telecommunications in regions with little to no cellular coverage.
  • Teleconferencing time increased from 1.6 million minutes per day to over 5 million minutes per day, supporting collaborations from remote locations during the peak of the pandemic.
  • Over a thousand users enrolled for the secure executive emergency collaboration system, a Protected B network, through Microsoft Office 365 on Microsoft Cloud.
  • Webex service increased capacity by 350%, providing video conferencing, online meetings, screen-sharing and webinars. Video conferencing is now the default, rather than secondary to in-person meetings, a change advancing the goal of digital government.
  • Minimum email mailbox sizes were increased to 4 gigabytes, supporting increased use of email for communication while working from home.
Equipment (for example, tablets and mobiles)
  • Provided equipment (for example, laptops, tablets and mobiles) to public servants to enable them to remain productive while working from home, prioritizing 15,000 computers to the Canada Revenue Agency) and Employment and Social Development Canada, as well as deploying 92,000 mobile devices to public servants during the last year.
  • Delivered over 30,000 desktop devices to the government during COVID.
  • Over 1,000 federal first responders were enrolled for mobile Internet (for example, border officers, environmental enforcement officers, Royal Canadian Mounted Police).

Response

  • Providing tools needed by public servants to deliver services to Canadians is critical. This enables work to be performed remotely such as from home and to operate from anywhere in Canada.
  • Having reliable, flexible and secure technology enables government departments and agencies to adapt their services, support their teams, and implement responsive measures in a time of crisis.
  • SSC provided reliable, secure IT infrastructure, digital collaboration tools, and telecommunications services to Government of Canada departments and agencies delivering critical services to Canadians during the pandemic and so that workers could safely and securely work remotely from home. SSC enabled government employees to access their digital workspaces anywhere, anytime, by:
    • more than doubling the government’s secure network capabilities so that more public servants than ever before are equipped to access networks and systems while teleworking
    • significantly increasing Internet bandwidth to the Government of Canada
  • SSC worked diligently to support departments in ensuring that, despite the increased demand, Canadians received seamless services from the federal government.
  • For example, SSC worked with the Canada Revenue Agency and Employment and Social Development Canada to help launch the Canada Emergency Response Benefit and the Canada Emergency Wage Subsidy.
  • SSC worked with 15 key departments to set up new call centres and toll-free lines; examples include:
    • Global Affairs Canada for Canadians overseas trying to return home to Canada and to respond to travel-related enquiries
    • PSPC for the procurement of personal protective equipment and medical supplies to support health care workers
    • Employment and Social Development Canada for 1-800-O-Canada increased capacity to handle significant increase in call volume
  • SSC rolled out the temporary GC-COVID Collaboration System to over 40 departments and 100,000 users. Employees were able to gain reliable and secure access to email, video conferencing, text and audio calling, along with other collaboration tools having accessibility and security built in from the outset.

All of this was not part of the original plan. Initiatives that would normally have taken months or years were compressed into days and weeks, a credit to the SSC’s commitment to other departments and agencies.

Background

How many public servants can work remotely?

  • Building on pre-existing tools and approaches, SSC facilitated remote work for employees that needed to connect to the corporate IT infrastructure by increasing the secure remote access capacity for almost 300,000 simultaneous connections. This is more than double the capacity from the beginning of 2020.
  • Similarly, by accelerating the deployment of the Microsoft Office 365 collaboration system, SSC enabled users across the government to engage and collaborate remotely without the need to leverage secure remote access. This resulted in the creation of approximately 100,000 Microsoft Office 365 accounts during the pandemic, and approximately 1,000 accounts on a special Microsoft Office 365 tenant designed for emergency/backup communications for senior executives.
  • SSC continues to work with private sector vendors on expanding secure remote access capacity to support remote work.
  • In addition to increased network capacity, our government partners are taking action to limit non-critical network usage and reduce non-critical activities. Departments are responsible for determining what activities are deemed critical in order to meet their business objectives

Is the delivery of online services to Canadians affected by the COVID-19 pandemic?

  • Yes. The COVID-19 pandemic has led to more Canadians accessing services online than ever before.
  • Additionally, new services and benefits, such as the Canada Emergency Response Benefit, have placed an increased demand on government networks.
  • Our role has been to work with our government partners to ensure they have the infrastructure they need to continue delivering online services to Canadians.

How are we working with other departments during this pandemic?

  • SSC plays an important role in ensuring critical services for Canadians remain operational during emergency events.
  • SSC is working in close collaboration with the COVID-19 government lead – Public Safety under the Federal Emergency Response Plan – and our government partners.
  • SSC supported the government by accelerating the deployment of leading-edge collaboration tools, training and operational guidance so that workers could safely and securely work remotely from home. SSC rolled out the temporary GC-COVID Collaboration System to over 40 departments and 100,000 users.
  • Employees were able to gain reliable and secure access to email, video conferencing, text and audio calling, along with other collaboration tools having accessibility and security built in from the outset.

Supporting the Canadian Emergency Response Benefit and Canada Emergency Wage Subsidy:

  • SSC worked with Canada Revenue Agency and Employment and Social Development Canada to help launch the Canada Emergency Response Benefit and Canada Emergency Wage Subsidy.
  • SSC continue to work with Employment and Social Development Canada and Canada Revenue Agency to provide recommendations and remediation to support critical new and enhanced federal benefits for Canadians.
  • SSC provided the IT infrastructure Canada Revenue Agency needed for its MyAccount application to handle the more than 15 million Canadian Emergency Response Benefit applications received to date.

Supporting our first responders:

  • SSC enabled Mobile Broadband for First Responders for more than 1,000 users across the Government of Canada. This service provides essential personnel such as first responders and critical infrastructure supporters with priority mobile voice and data services in times of commercial congestion.

NextGen

Next Generation HR and Pay Initiative

Issue

Update on the Next Generation HR and Pay Initiative

Response

  • The NextGen HR and Pay is about testing pay solutions against pay requirements of federal departments. It is an iterative and agile testing process that will lead to a comprehensive recommendation about building the HR and pay solution for the future.
  • This initiative builds on the lessons learned from the development and implementation of Phoenix.
  • Through a competitive, agile procurement process, SAP was selected to work with the Government of Canada for preliminary testing of their Success Factors software, a software as a service solution with industry-leading HR and pay practices built into its configuration.
  • Since October 2020, we have worked with Canadian Heritage to establish the parameters to test the pay capabilities of SAP’s proposed solution. Future testing will include other organizations to test the diverse levels of pay and HR complexity required of the Government of Canada system.
  • The team is leveraging input and advice from other complex private and public sector organizations that have implemented a software as a service HR and pay to ensure the software can handle the complexities of the Government of Canada environment.

Background

Budget 2018 announced the government’s intention to move away from Phoenix and begin development of a pay system that will be better aligned with the complexity of the federal government’s HR and pay structure.

TBS received $16 million over two years, beginning in 2018–19, to explore replacement options for a next generation HR and pay solution.

In summer 2019, the government announced it had selected Ceridian, SAP and Workday as the vendors deemed qualified to deliver a next generation HR and pay solution for the Government of Canada.

In September 2019, the government announced that it will invest $117 million to co-design and deliver pilot projects for the NextGen HR and pay system.

In March 2020, after extensive evaluation, and testing, it was announced that SAP had been selected to work with our team on a pilot for a new HR and pay solution.

SAP was selected through a rigorous evaluation process which was open and transparent and placed users at the centre. The evaluations involved elements such measuring vendors against digital, privacy and security standards, as well as testing of hundreds of HR and pay scenarios, both simple and complex.

All three vendors remain qualified to work with the government in the future for HR and pay solutions. This means maximum flexibility for the government to access the solutions of multiple, best-in-class vendors, which is critical to the NextGen approach.

The NextGen team at SSC engaged SAP on a series of discussions to assess organizational capacity and readiness to work on NextGen under the current COVID-19 circumstances.

Initial focus of work with SAP included establishing governance and oversight, project management tools and protocols, and development of a detailed plan to pilot the solution in a core department.

Effective April 1, 2020, leadership for NextGen was transitioned from TBS to SSC. The Chief Human Resources Officer at TBS remains the business owner and a key collaborator of the NextGen initiative.

On October 14, 2020, the selection of the Canadian Heritage for the exploratory phase of the Next Generation HR and pay initiative was announced.

The government is working with the selected vendor (SAP) and Canadian Heritage to develop an approach to testing that reflects the needs of Canadian Heritage in the context of the core public service.

Canadian Heritage was selected as the exploratory phase department because their organization provides a good representation of the government’s HR complexities, including multiple occupational groups, regional representation, overtime and other considerations.

Throughout this process, the NextGen team is engaging with public service employees, leaders, HR advisors and technical specialists, as well as working hand in hand with bargaining agents in the development of a user-centric HR and pay solution.

As part of this pilot initiative, NextGen has involved over 890 employees from 20 federal organizations through 38 workshops and 90 working sessions with HR and pay practitioners, end users and technical experts. These activities form the basis for NextGen’s exploratory phase, and they will inform the next steps in the initiative.

The government will be making a decision this month about moving from the exploratory phase with SAP’s Success Factors into the design and experimentation phase, where configuring of the solution will occur.

Any testing undertaken will not affect employees’ actual pay. Testing will occur in a controlled environment that is not connected to payment systems. Canadian Heritage employees will continue to be paid through the Phoenix pay system while testing is completed.

The government continues to work with stakeholders, such as bargaining agents, employees, and HR and pay practitioners, and will continue to engage in an open and transparent manner so that the new solution can address the needs of a modern public service and its employees as soon as possible.

Over the next three years, NextGen will carry out additional pilots and a feasibility study. The details for the additional pilots and the feasibility study are being finalized, and learning from the exploratory phase will inform the planning for these future phases.

Ongoing stabilization of the Phoenix Pay System remains a top priority for the government and is being pursued by PSPC.

Page details

Date modified: