MONTREAL -- Quebec shut down nearly 4,000 of its websites on Sunday as a preventative measure after the government discovered a major security flaw affecting computer systems around the world.
Minister Responsible for Digital Transformation and Access to Information Eric Caire explained that all sites are being scanned for possible threats caused by the "Log4j" flaw.
Log4j is a widely deployed Java-based logging utility used around the globe, and the federal government issued a warning Friday that "active scanning and exploitation of this vulnerability have been observed."
"On Friday the 10th, we received, like everyone else on the planet, a status report on a computer security flaw that affects many systems," Caire said in a news conference.
The flaw "allows an attacker to break into a server" and then introduce malicious code and thus "take control of the server" and all the data it contains.
The offending element is part of a widely-used open source Apache library. Fortunately, there is a patch to fix the security problem.
"We need to scan all of our systems," said Caire. "We're kind of looking for a needle in a haystack."
He added that no activity has been detected suggesting that a hacker has accessed the system.
"It's a decision preventive not reactive," said Caire.
The government closed 3,992 sites and some are back online. The education and higher education ministries' sites were not accessible on Sunday.
