Possible major infrastructure failure in Canada within 5 years

This is what awaits us according to this article at ITBusiness.ca. I think a report commissioned by Public Safety and Emergency Preparedness Canada must have some factual information in it. The PSEPC is looking at ways to protect Canada’s critical information infrastructure, much like the U.S. government’s Homeland Security policy for national security. How can we as individuals minimize this risk ?

Security in the IT industry was not a major, general concern before the sept. 11 attacks, unless your business or life depended on them. Even then, you’d have to be informed and educated about the tools and practices that help improve such security and most of it has targeted the individual citizen. When I explain I focus my work in security, most webmasters and of course friends and relatives still think this is only James Bond’s job, to protect Her Majesty.

An interesting excerpt from the article:

[…]increasing the adoption rate of alternative (non-Microsoft) software such as open source, licensing or certifying software professionals, and giving software product liability laws more teeth as ways to reduce the risk of CII disasters.

And very clearly:

The study also points to Microsoft’s dominance in the software market as increasing the risk of CII failure.[…] […]you need a judicious mix of different systems that are capable of talking to each other so you can get the best result with maximum functionality.

This brings to the forefront two major arguments of Free, Open Source software use advocates:

  • everyone should be using open-standards-based document / data formats
  • if you want to do that, having the choice between Open Source software and proprietary products means both must be based on open standards

One positive effect these government programs and policies are having is educating everyone on the possible threats and menaces that suround us, although it’s difficult to keep a good balance between productivity and good security policies (both personal and business).

I’d love to see more discussion about security when attending FOSS conferences and events. It’s been a long time since cryptography is only used by the military, financial and medical sectors.

More importantly, we are getting a clear picture of the huge costs of not demanding our governements and providers to be using open-source, open-standards based IT products. The idealist in me would add « always » but for now we have to put up with « whenever possible ».