Province, CRA suspends some services
CHARLOTTETOWN – An Internet security concern has shutdown some online services in P.E.I.
A smart phone user checks their bank account with an online banking app from CIBC in Ottawa on Friday, April 1, 2011. THE CANADIAN PRESS/Sean Kilpatrick
In a statement issued Wednesday, the province said many services offered by the provincial government are being temporarily suspended to deal with an Internet vulnerability associated with the Heartbleed Bug, which has affected websites across the globe.
Government officials are calling the shutdown a “preventative measure,” and said some online services will be temporarily suspended to safeguard the integrity of the information the government holds.
“Staff are working to resolve this matter and will restore services as soon as possible,” said the release from the finance department.
The same major international security concern forced the shutdown of electronic filing services at the Canada Revenue Agency, and there are concerns the problem could affect other government systems as well.
The tax agency temporarily cut off public access to its electronic services Wednesday, saying the action was taken as a precaution.
“We have received information concerning an Internet security vulnerability named the Heartbleed Bug,” the agency said in a statement posted on its website.
“As a preventative measure, the CRA has temporarily shut down public access to our online services to safeguard the integrity of the information we hold.”
The shutdown came after the Canadian Cyber Incident Response Centre (CCIRC) issued a warning to system administrators about the coding flaw. It recommended that system operators unable to plug in an immediate fix get off the grid.
The affected services at CRA include EFILE, NETFILE, My Account, My Business Account and Represent a Client.
The agency said it is working to restore safe and secure access as soon as possible.
It was unclear just how long it might take to ensure the agency’s computers are secure, but Revenue Minister Kerry-Lynne Findlay indicated it could be some time before the system was back up and running, noting that the agency would post updated information on its website “daily.”
“We’re investigating, we’re working on it,” Findlay told reporters.
However long it takes, the revenue agency tried to reassure tax filers Wednesday, suggesting that people unable to file on time as a result of the shutdown would not be penalized.
“Please note that consideration will also be given to taxpayers who are unable to comply with their filing requirements because of this service interruption,” the agency said on its website.
It is a busy time of year for the tax agency, as people file returns electronically and track the progress of refunds online.
As of the end of March, the agency had received 6.7 million returns, with 84 per cent filed electronically.
The computer bug was reportedly detected last week by Internet security experts in Finland and researchers at Google, but only revealed widely within the online security community on Monday.
Heartbleed affects open-source software called OpenSSL that’s at the very core of millions of applications used to encrypt Internet communications.
And experts warn that its impact on consumers could be significant.
It can reveal the contents of a computer server’s memory, including private data such as user names, passwords, and credit card numbers.
But the flaw also allows hackers to obtain copies of a server’s digital keys, and use them to impersonate other servers and fool people into thinking they are using a legitimate website.
As Canada’s tax collection agency was making the decision to go offline, a number of large websites, such as Google, Facebook and Yahoo said that they were either fixing the problem or had already dealt with the threat.
Canada’s major banks were also scrambling to reassess their systems, with at least two assuring clients that measures were in place to prevent any loss of information.
“TD already has put in place defences to protect customers from this potential threat, and is adding additional, layered security, so customers can conduct their banking securely and without their data being at risk,” said Barbara Timmins, a spokeswoman at TD Bank Group.
“While we don’t recommend any specific actions to TD customers as a result of this vulnerability, we always recommend that customers change their passwords regularly,” she added.
“That said, TD has intelligent and multi-layered authentication, so there are multiple safeguards in place to protect customers.”
RBC spokesman Jason Graham added that while the bank takes every threat seriously, RBC websites “have not been affected by the Heartbleed security bug.”
While the problem is international in nature, Opposition NDP Leader Tom Mulcair was quick to pounce on the Harper Conservatives for failing to adequately protect and provide services to Canadians.
“The Conservatives are such poor public managers that they can’t deliver the grain, they can’t even deliver the mail and now at tax time they can’t even communicate with Canadians through the revenue agency,” Mulcair said.
Liberal Leader Justin Trudeau, however, was prepared to cut the Tories some slack, saying he would support any measures needed to battle the bug.
By Journal Pioneer staff & The Canadian Press