Pin It
Favourite

Wednesday, July 18, 2018

Halifax police at high risk of cybersecurity threats

A letter from HRM's auditor general says there has been little improvement since significant IT problems were first identified 18 months ago.

Posted By on Wed, Jul 18, 2018 at 2:50 PM

click to enlarge Maybe they can hire breach teen. - VIA ISTOCK
  • via iStock
  • Maybe they can hire breach teen.

Attention hackers and bored teenagers: the Halifax Regional Police computer systems are woefully insecure and the department has done little to fix the problem over the past 18 months.

Auditor general Evangeline Colman-Sadd outlined her office's concerns about HRP's cybersecurity in a letter sent July 6 to the Board of Police Commissioners.

In the now-public document, Colman-Sadd writes that an external consultant report from 2016 “identified serious security deficiencies” in HRP’s IT security.

Worse, though, is that very few of those problems have been fixed in the last year-and-a-half.

“From discussions with HRP management, we understand a number of the issues identified by the consultant have yet to be addressed in the 18 months since HRP received the report,” writes the AG.

The consultant report by KPMG investigated the likelihood of something going wrong within HRP's information technology systems and what the impact would be if those events occurred.

KPMG highlighted 67 security concerns—35 of which were labelled high-impact and high in likelihood.

The police have pinned the blame on fixing those problems as due to a lengthy recruitment process to hire a new chief information security officer.

But the auditor general says a delay of 18 months in “addressing a large number of significant IT security matters is concerning.

“Issues which have a high likelihood of occurring and a high impact if they do, need immediate attention.”

The police department previously refused to release a copy of KPMG's “Cyber Threat Assessment” to The Coast even after a Freedom of Information request.

Police inspector and HRP FOIPOP coordinator Donald Mosher claimed back in February that releasing even a redacted version of the report, or any emails about its contents, “could reasonably be expected to harm the security” of the police department’s systems.

The Coast appealed that decision, but there’s been no update on whether the documents will be released.

The provincial Freedom of Information web portal, meanwhile, is still down, 100-plus days after its own security flaws were exposed.

In a public response letter sent Wednesday, the board of commissioners and HRP management reassures the municipality that the police have the “necessary controls and practices in place today to protect citizens.”

We're all going to have to take their word on that, though.

“Discussing the specific findings [of the consultant report ]has the potential to introduce further risk,” says the letter.

The office of the auditor general had planned to perform its own audit of HRP’s information technologies systems later this fiscal year.

But as that investigation would likely just repeat what was found by KPMG, instead Colman-Sadd says her office will wait until Spring of 2019 in the hopes that the police will finally be able to fix the flaws in their system.

Meanwhile, the department says it's acting “thoroughly and proactively” to make the necessary changes, starting with the recent hire of Atlantic Security Conference co-founder Andrew Kozma as HRP's new CISO.

Kozma is in charge of developing a strategic view of security and operations for HRP, and will act as the police department's liaison for all IT-related matters with partner agencies.

Tags: , , , , , , , ,

Survey Asks

Is it too early to buy Halloween candy?

  • Yes
  • No

View Results

Comments

Subscribe to this thread:

Add a comment

Remember, it's entirely possible to disagree without spiralling into a thread of negativity and personal attacks. We have the right to remove (and you have the right to report) any comments that go against our policy.

Coast Top Ten

Opinionated

    White noise

    OPINIONATED »

    White noise

    posted by REBECCA THOMAS, Aug 30/18

    Letting your guard down to party loud and proud in the streets is a privilege students of colour don’t often have. comments      2


More »

Reality Bites

More »

Shoptalk

More »

In Print This Week

Vol 26, No 16
September 13, 2018

Cover Gallery »


Real Time Web Analytics

© 2018 Coast Publishing Ltd.