The bleeding within Eric Caire’s troops continues. Less than a year after taking office, the government’s Director-General for Information Security has tendered his resignation. An important advisor has also just left the ship.
• Also read: A digital transformation with no expertise and no staff for Éric Caire
• Also read: Éric Caire never advised SAAQ prior to the disastrous launch of their new digital platform
At the end of April, our Parliament Office announced that the Department for Cybersecurity and Digital was suffering from several vacant senior positions and a growing lack of IT expertise in the public sector.
However, the bleeding is far from stopped.
The government’s director general for information security, Luc St-Jean, has just resigned. This is in addition to the 25 senior positions that were already vacant at the CMN.
As a bonus, the main security adviser has also ended his mandate.
“I am now back home in the Sûreté du Québec where I will continue my career in security and technology with my colleagues to continue protecting the population and maintaining security in our province,” said Francis Coats on his LinkedIn Account.
He is one of Quebec’s most recognized security professionals.
The controversial company
According to our information, criticism of Minister Éric Caire and his deputy is mounting behind the scenes, in particular because they want to accelerate the digital transformation of the Quebec government.
Several resignations are said to have been motivated by ministerial orientations that deviate from cybersecurity best practices.
There’s a lot of frustration, we’re told. Cybersecurity expertise in senior management has been siphoned off in favor of the state Mandarins.
“Officials don’t want to change their work culture,” says a source familiar with the matter.
The leadership of Deputy Minister Pierre E. Rodrigue, notary and career civil servant, is being questioned.
The one who is “the first person in charge of the state’s digital transformation, information security and cybersecurity” has no experience or training in this field.
Lise Girard, who replaced cybersecurity expert Steve Waterhouse as the government’s Deputy Secretary for Information Security and Cybersecurity, is a lawyer and also a career civil servant. She also has no cybersecurity experience, internal complaints are raised.
More attractive, argues the MCN
The Department of Cybersecurity and Digital defends itself, arguing that there is “no loss of expertise” at the MCN. “On the contrary, as demonstrated by the 425 new employees who have joined the organization over the last year, the ministry is becoming more and more attractive,” explained the CMN’s “communications team”, without mentioning the loss of senior management.
In addition, more than 300 employees left the ministry’s ship last year.
The MCN also advocates that Ms Girard “quickly establishes her leadership, vision and expertise in this key area of the ministry”.
A quiet committee
Unlike Ontario, the committee of cybersecurity and digital experts set up by Minister Éric Caire last year has not yet presented an official report.
In June 2022, the Minister for Cybersecurity and Digital proudly set up a Committee of Cybersecurity and Digital Experts, as required by his ministry’s law.
“The expertise of the members, recognized in the industry and academic community, will provide significant input to the deliberations of the Department’s professionals,” he explained.
This committee consists of 12 members from civil society, industry and academia. They must provide the Minister with an advisory role, including on cybersecurity guidance and digital policies or strategies. However, according to our information, the Committee’s record is very poor.
“The stakeholders involved must exercise rigor and discretion in disclosing the information resulting from this work, so as not to jeopardize the potential vulnerabilities of the public infrastructures with which they are in contact,” stresses the MCN for its part.
Ontario ahead
Prime Minister François Legault likes to compare himself to Ontario.
In comparison, in 2022 the committee formed by the Ontario government released a comprehensive 41-page report based on a lot of data.
In it, he makes several recommendations to respond to Ontario’s top cybersecurity challenges that have been identified.
Both committees have essentially the same mission: to support the state in strengthening cybersecurity in the public sector.
“If the CMN produces a document of public interest in relation to this work, it will be communicated through official channels and will be available for inspection,” said Éric Caire’s Ministry communications team.
Can you share information about this story with us?
Do you have a scoop that might be of interest to our readers?
Write to us or call us directly at 1-800-63SCOOP.