Premier unwavering in support for cabinet minister Opposition wants fired

Premier Stephen McNeil is offering unwavering support and high praise to a cabinet colleague who the official Opposition wants fired.

Internal Services Minister Patricia Arab was under fire Friday for overseeing a computer system officials in the department have called "vulnerable." That vulnerability went undetected for years, and allowed anyone to access government files with highly personal information on them by simply changing a URL.

Interim PC leader Karla MacFarlane said: "This was not a sophisticated hack. There was a lot of vulnerability and it is the minister's responsibility."

She pointed to a 2016 report by Nova Scotia's auditor general that warned the province about security problems with the system that the improperly accessed system is built upon.

Arab said she was troubled by the fact the access-to-information portal was open to unauthorized use, but wasn't offering her resignation.

"I appreciate the support that the premier has given to me. Really this job is an honour, being in cabinet is an honour," she said.

As for her boss, McNeil had nothing but praise for Arab.

"She's done an outstanding job," he told reporters after a raucous question period. 

"Every department has issues day in and day out," he said. "I congratulate this minister.... I believe the minister has acted appropriately in this matter and she has my full confidence."

Registered letters sent to affected people

The province has started sending out registered letters to the hundreds of people it felt were most vulnerable to financial losses because of potential unauthorized access to their personal information. 

Those people will be offered free credit-check services to ensure their identities hadn't been stolen.

Thousands of others will be contacted starting next week, according to Arab.

Provincial IT staff are working with the software developer, CSDC Systems, and with the company contracted to monitor and maintain the system, Unisys, examining the coding in the software to determine the weak link, according to Nova Scotia's chief information officer, Sandra Cascadden.

"The issue in the software could have happened one of a couple of ways: one is it existed in the way that the vendor, in this case, CSDC, wrote the software; or it could been caused by the way the implementer, in this case Unisys, would have implemented it," she said.

Cascadden said other systems developed by CSDC are being closely monitored.

"We are already anticipating that people are going to say, 'Hey look, a vulnerability. Let's pound on their front door ... or their back door' or any other way that they can so ... we already have eyes on that space."

Cascadden said the portal would not likely be up and running again until next week.