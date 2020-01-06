Loading...

Council rooms are seen from outside the glass doors during a weekly city council meeting in Ottawa at Andrew S. Haydon Hall.

Wayne Cuddington / jpg

A technical feat will be responsible for protecting the city of Ottawa against hackers and scammers in a new position created by the municipal government and trying to strengthen confidence in its cyber defense.

The city is on the hunt for its first chief information security and digital risk officer who is responsible for building an IT risk management program.

Hackers and fraudsters regularly poke around the Ottawa municipal government and there have been controversial attacks on staff and systems.

IT falls under a new city portfolio – the innovative customer services department, which is a catch-all of industries, including human resources, communication and fleet services – and a new general manager who has the chores to strengthen the IT defense of the city.

Valerie Turner, who joined the city last August, was previously IT vice president at MD Financial Management. She has also held senior technical positions at the University of Ottawa, including chief technology officer and associate chief information officer.

Turner was not available for an interview Monday, but in a written response sent through the communications department, she said the new security manager will report her directly.

The role of the manager “will improve the security practices of the city by helping senior management stay abreast of the ever-changing landscape of cyber security,” Turner said.

Creating the position represents a “maturation” of the city’s security protocols, she said.

The salary range for the new position, based on a wage scale for 2019, is between $ 153,830 and $ 194,540.

Municipalities are becoming increasingly aware of their blind spots in the field of technology.

In 2019, the city of Toronto also created the position of chief information security officer to monitor cyber risks.

In Ottawa, the ability of the City Hall to protect itself against cyber attacks has been questioned a few times since an unfounded attack in 2014 when someone managed to point the website address of the city on a web page with a dancing banana.

In a subsequent IT risk management audit, the auditor general challenged the city to assess the governance structure for IT-related risks and to ensure that there are appropriate policies and procedures to identify and address hazards.

The 2015 audit has produced a number of disturbing findings.

The AG discovered that municipal staff had little control over IT risks and that the city was unable to manage risks. It was not even clear to the AG that IT risks were correctly identified and communicated in the management chain, thereby declaring the city to have largely a “low maturity level” for IT risk management.

When the AG checked the progress of the city on the eight audit recommendations in 2018, he discovered that none were completed, but seven were partially completed. The city’s IT department was still working in 2019 on completing all the work in the audit recommendations.

An AG investigation into an email scam, whereby the former city treasurer seduced nearly $ 100,000 into a fraud in 2018, determined that the city should pay more attention to educating employees about technology security, especially when it comes to fraud awareness.

The city conducted a “phishing” test of municipal officials in January 2018 to see what they do when a suspicious email arrives in their inbox. These types of tests are designed to measure how employees react when they are the subject of email attacks. The 2018 test resulted in a failure rate of 26.5 percent, compared to a sector average of 15 percent.

The AG investigation regarding the email scam led to various management actions, including a step to ensure that employees view a warning when they receive emails from outside the municipal government. The city also started with mandatory cyber awareness training for employees.

Meanwhile, the city is still looking for a permanent chief information officer, which is the best IT job at the town hall. Sandro Carlucci has been the acting CIO for about a year.

Turner said the city’s priority is to hire a chief information security and digital risk officer before considering the CIO.

jwilling@postmedia.com

twitter.com/JonathanWilling