In March, the Canada Revenue Agency’s website was shut down by its staff following an attack on Statistics Canada’s site. The precautionary measure was triggered by the identification of potential vulnerabilities related to the use of an open source web development tool. StatsCan and CRA were apparently the only two federal systems that had not updated their software to address that vulnerability.
The CRA/SC crash points to a lack of knowledge sharing. While the fallout seems to have been contained, the episode illustrates the benefits and barriers of open knowledge sharing in a large organization, especially one with lots of privacy and secrecy concerns.