Canada’s Update to Classified Documents System Could Raise Hacking Risks

But the current system is 'out of date and unsustainable.'

by Jordan Pearson
Dec 2 2016, 11:00am

Image: Shutterstock

Canada's track record with handling top secret information hasn't been great as of late. A recent government report showed that in the last year, there were 10,000 incidents where classified or "protected" documents had been mishandled or stored improperly.

Now, Public Services and Procurement Canada wants a new system to reduce security breaches whenever a third party contracts with the government for a project requiring security clearance. The current system, the department stated in a request for proposals posted on Monday, is "largely out of date and unsustainable."

The procurement department is seeking proposals to overhaul a system that handles everything from security clearance for governmental or commercial site visits, to classified documents and who gets access to them. The system also interfaces with the country's federal police force, the RCMP, and its domestic security agency, CSIS, to perform background checks.

The new system, which will be built at a cost of up to $11 million, will also be able to digitize and automate the handling of classified documents, since the current system is paper-intensive and requires manual work. The request for proposals states that the government wishes to "reduce, if not eliminate" paper-dependent processes.

Read More: FBI Arrests NSA Contractor on Suspicion of Leaking Hacking Tools

According to Tim Richardson, a lecturer in the University of Toronto's commerce department with a specialization in computer security, moving classified documents from paper to digital and putting them in a centralized location is like catnip to hackers.

"Anytime you put something in digital form, and aggregate it, it makes it easier to steal," Richardson said. "A fundamental premise of digitization is that you can easily index things and manipulate them to come up with conclusions, but it also makes them more vulnerable."

The official listed as the point of contact for the request for proposals did not respond to Motherboard's request for comment.

As you can probably imagine, the notion that such a system might be vulnerable to hackers isn't news to the government. The request for proposals notes that the system must be resistant to DDoS attacks, be designed to refuse unauthorized access, and ensure that information entered into the system hasn't been tampered with.

At the very least, digitizing classified documents and storing them securely should ensure that nighttime security guards wandering around Parliament stop finding top secret documents in unlocked cabinets.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.