OTTAWA — The federal government has left itself wide open to a cyber attack, like the one announced this week, because it still has not taken the threat seriously, say prominent Internet security experts.

Canada recently announced a Cyber Security Strategy that calls for the federal government to spend $90 million over five years to protect the country's secrets.

But "it's a joke," said Chris Davis, chief executive officer of Ottawa Internet security firm Defence Intelligence Inc. "One of the things I've always said to corporations is, 'if your budget for food, beverages and entertainment is larger than what you spend on security, then that is a real problem."

Rafal Rohozinski, chief executive of Ottawa's SecDev Group and best known for his discovery of an international cyber-espionage network in 2009, said the news that hackers broke into computer systems at the Department of Finance and Treasury Board of Canada Secretariat, should be the final wake-up call for Canada to begin taking cyber security seriously.

"There is a heightened awareness now to the seriousness (and impact) that these kinds of breaches can bring," he said. "The fact that government systems are as vulnerable as home computers shouldn't come as a surprise to anyone given the fact that budgets for IT aren't exactly generous and that this really hasn't been a big priority."

Rohozinski said it took the federal government more than seven years to draft its National Cyber Security Strategy, which is aimed at protecting such Canadian assets as the power grid and government departments from hackers. When the government finally presented its strategy in October it announced $18 million in funding annually toward the initiative.

That same month the British government announced its own five-year cyber security initiative, setting aside $1.1 billion for its plans. In 2009 the United States appointed a cyber-security czar and announced a $40-billion Comprehensive National Cybersecurity Initiative.

"The money Canada has allocated toward this task is really nowhere near the requirement that it needs," said Rohozinski

Through his company Defence Intelligence, which worked with the FBI in the U.S. as well as law enforcement officials from Spain last year to bring down a major worldwide network of infected computers called Mariposa, Davis tracks more than 175 million computers that are infected with some sort of virus or worm every month. He said his organization knows there are infected computers that could be used for malicious purposes everywhere, including stealing sensitive information from corporations or governments, and he believes it's long overdue for the government to take cyber security seriously.

"The number of compromised computers that we track is staggering," said Davis. "Everything from government, to Fortune 1000, United Nations and financial institutions and whatever."

Davis said some departments within the federal government have done a decent job of preparing for the future. He pointed to Communications Security Establishment Canada, a division of the Department of National Defence which monitors international Internet communications to safeguard Canadians, as an effective force working to protect Canada's electronic networks.

But, he said there is still far more to be done and without additional resources, the next hack on Canadian systems could be disastrous.

"I think the people (staff) within the federal government that do this work (now), don't need the wake up call. They are already overwhelmed and understaffed and underpaid," he said. "It's people higher up the line that need to realize there needs to be some priority placed on this."

On Thursday morning, Treasury Board Minister Stockwell Day revealed the serious cyber attack on key Canadian economic departments last month. Financial records were among the targets of international hackers.

"I wouldn't say it's the most aggressive (attack) but it was a significant one . . . We were able to shut things down and protect information," said Day.

In the attack hackers sent emails with virus-infected Adobe PDF files to senior bureaucrats. When the documents were opened, they infected their own computers.

The attack resulted in thousands of government employees being cut off from the Internet or having severely impeded Internet access as security crews combed through computer networks trying to remove the cause of the security breach.