Border agency warns Shared Services Canada that IT failures pose security risk

Executives at the Canada Border Services Agency have warned of severe consequences — to national security, to taxpayers and to the economy — should the federal government's beleaguered tech support department not shape up.

CBSA president also concerned about rising costs, impact of computer failures on national economy

Documents obtained under access to information show CBSA executives are concerned about the tech support provided by Shared Services Canada. They warn IT failures could put national security and the economy at risk. (Canadian Press)

Executives at the Canada Border Services Agency have warned of severe consequences — to national security, to taxpayers and to the economy — should the federal government's beleaguered tech support department not shape up.

CBC News has obtained documents under the Access to Information Act that outline serious concerns about how Shared Services Canada is supporting the border services agency's IT infrastructure.

"As you are aware, CBSA asset failures would create a national security risk to the agency and to Canada [redacted]. On the commerce and travel side, the agency [redacted] would have a significant impact on the Canadian economy and would be noticed immediately for high-visibility media attention," CBSA president Linda Lizotte-MacPherson wrote in a January 29, 2016, letter to the president of Shared Services Canada.

Lizotte-MacPherson's letter explained how her department had found out, by chance and from another agency, about a report that said service and support agreements had lapsed for $5.7 million worth of IT equipment at "mission-critical and designated sites." Shared Services Canada is responsible for that equipment.

Shared Services is the federal department created in 2011 to take over the delivery of email, data centre and network services for 43 government agencies.

"I am concerned both with the state of the infrastructure and with the fact that the CBSA was not made aware of these risks or of the report by the SSC," wrote Lizotte-MacPherson.

She went on to say that while SSC had started to procure replacement equipment, no one could tell the border agency when the process would be completed.

In her correspondence, Lizotte-MacPherson asked SSC president Ron Parker to address pressing operational requirements by ensuring continuous and consistent tech support, delivering a detailed replacement strategy for equipment, along with an analysis of all aging infrastructure.

SSC ready for 'catastrophic failure events'

Parker responded at the end of February by explaining that SSC has made significant investments in CBSA infrastructure. He said his department has deployed spare parts, "to deal with potential catastrophic failure events." Parker also assured Lizotte-MacPherson that all SSC infrastructure is supported on a 24/7 basis.

Yet documents produced after the release of the federal budget on March 22, 2016, suggest problems continued.

When a cellphone died before, we went to The Source and bought a new one. Now it's weeks/months of delay making our way through SSC administrative processes.- Dave Beach, CBSA IT director

"At this point, there is no firm plan in place and the CBSA continues to have risk at mission-critical sites," wrote the border agency's director general and vice-president of IT.

In response to follow-up questions from CBC News, a spokesperson for CBSA said that the agency and SSC have since developed a list of IT assets at risk and that Shared Services has replaced "some immediate critical components." He added that they still need to nail down a detailed implementation plan for CBSA operations at the borders. 

There are also concerns about higher IT bills.

"The CBSA is developing estimates of the incremental financial impact on the agency and suspect it could be as high as $20 million a year," managers said in a memo for the executive vice-president. "For instance, a 'nominal' invoice for cellular devices has illustrated an increased cost to the agency of $1 million per year."

In another memo, CBSA IT director general Brendan Dunne noted funding pressures due to the unexpected bills 

A series of emails from CBSA employees in the field highlight how poor service from SSC affected people in practical ways.

At the remote Port of Stewart, B.C., which is on the border with Alaska, a request for an exterior ruggedized phone and line apparently fell on deaf ears. The phone was necessary for people wishing to cross the border between midnight and 8 a.m.

"There is a very long history of escalation, discussion and searches for process, but as of today, three months after the request, the phone has not been installed," Dunne wrote in a July 2015 email. "The CBSA was able to drill a hole in the wall of the port and fish the superintendent's existing phone line out to a makeshift setup."

Phone failures and red tape

A month later, Dunne also raised a number of concerns after a 48-hour telephone outage that affected several federal government departments.

"With this outage, VoIP (voice over internet protocol) has suffered some credibility issues with our border operations folks. VoIP is currently seen by some as not being 'ready' for our 7/24 law enforcement operations," wrote Dunne.

Another CBSA official raised another familiar complaint about SSC: red tape.

"When a cellphone died before, we went to The Source and bought a new one. Now it's weeks/months of delay making our way through SSC administrative processes. Especially a concern in Northern/remote communities, where access to a phone may very well be a health and safety issue," said Dave Beach, an IT director with CBSA.

Similar complaints have been raised by several other government departments. Earlier this month, Canada's chief statistician quit his post in protest over shoddy service by Shared Services Canada.