OTTAWA - The federal government's slow response to rapidly growing cybersecurity threats has left Canada vulnerable to hacker attacks by organized crime, terrorists and foreign states, the auditor general's latest report says.

The report found that despite over a decade of commitments and hundreds of millions of dollars in spending, the government is scrambling to keep up with the threat and has failed to make measurable progress in its ability to defend and protect Canada's critical infrastructure.

That leaves everything vulnerable to hackers, including banking and telecommunications systems, the power grid and government agencies.

"Officials are concerned that cyber threats are evolving faster than the government can keep pace," Auditor General Michael Ferguson said.

Among the problems the auditor highlighted is that the Canadian Cyber Incident Response Centre (CCIRC) - an information hub created in 2005 - is out of the loop and unable to share critical information with governments, the private sector and foreign allies on new cyber threats.

Originally intended to operate around the clock, it's open only during Ottawa business hours, five days a week - a problem when cyber threats are global and attacks can spread rapidly.

The feds have since promised to extend CCIRC's hours, but the centre still won't operate 24 hours a day as recommended.

Federal agencies are also failing to pass critical information to CCIRC, as is Communications Security Establishment Canada, the government's IT intelligence unit.

"You need somebody who will connect all of the dots," Ferguson said of CCIRC.

Some progress has been made since 2010, when the federal government implemented a cybersecurity strategy, but the audit notes a plan to guide its implementation has yet to be written.

Auditors also point out it took a significant - and internationally embarrassing - cyber attack on the Treasury Board and Finance Canada networks in January 2011 to push the feds to take action.

The attack - linked to servers based in China - was an attempt to steal sensitive information. It cost several million dollars and left government workers at those agencies without full Internet access for some eight months.

Public Safety Minister Vic Toews said the government is taking the challenge of building a "robust and resilient system" seriously.

"The dynamic nature of the cyber threat is one thing that governments have had to learn to respond to," he said. "The attacks aren't simply one or two a year. This is on a constant basis."

Last week, the Conservative government announced it is boosting its cybersecurity funding from $90 million to $155 million over five years.

OTTAWA — The federal government's slow response to rapidly growing cybersecurity threats is leaving Canada vulnerable to hacker attacks by organized crime, terrorists and foreign states, the auditor general's latest report says.

The report found that despite more than 11 years of commitments and millions of dollars in spending, the federal government is scrambling to keep up with the growing national security threat and has failed to make measurable progress in its ability to defend and protect Canada's critical infrastructure.

That leaves everything vulnerable to hackers, including banking and telecommunications systems, the electricity grid and government agencies.

"Officials told us that the government has concerns that the cyber threat environment is evolving more rapidly than the government's ability to keep pace," the report states.

Among the problems highlighted in the audit is that the Canadian Cyber Incident Response Centre (CCIRC) — an information hub created in 2005 — is out of the loop and failing in its mandate to share critical information to governments, the private sector and foreign allies on new cyber threats.

Originally meant to operate around the clock, it's open only during Ottawa business hours, five days a week — a problem when cyber threats are global and attacks can spread rapidly.

The feds have since promised to extend CCIRC's hours, but the centre still won't operate 24 hours a day as recommended.

Other federal agencies that work with the private sector, including Communications Security Establishment Canada (CSEC), are also failing to pass critical information to CCIRC, the report says.

Some progress was made starting in 2010 when the federal government implemented a cybersecurity strategy but the audit notes a comprehensive plan to guide its implementation has yet to be written.

Auditors also point out it took a significant — and internationally embarrassing — cyber attack on the Treasury Board and Finance Canada in January 2011 to push the feds to take action.

The attack — linked to servers based in China — tried to steal sensitive information from those networks. It cost several million dollars and left government workers at the agencies without full Internet access for some eight months.

Last week, Public Safety Minister Vic Toews announced the government is boosting funding to its cybersecurity strategy from $90 million to $155 million over five years.