Finance Department at risk of big-impact cyberattack, say internal documents

OTTAWA — The federal Finance Department is facing a medium risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations, says a newly released internal analysis.

Finance, like other federal departments, publicly discloses a handful of its corporate risks — but a list obtained by The Canadian Press provides a deeper look at the key concerns for 2018-19 that had been left out of the public’s view.

Unlike the public report, the internal analysis gauges both the likelihood and severity for seven risks facing Finance Minister Bill Morneau’s department.

“Of the seven corporate risks… five are now considered key corporate risks because of their significant risk score (high and medium-high level) and their link to the departmental mandate,” said the document, prepared in late February for deputy finance minister Paul Rochon and restricted to ”very limited distribution.”

The information and accompanying briefing note were obtained under the Access to Information Act.

The analysis says given the sensitivity of data under Finance’s control and the prevalence of security incidents in the public and private sectors, there’s a “medium” likelihood of a breach or disruption with a ”significant” impact. Such an event would affect the department’s ”capability to provide policy options and advice and to execute critical government operations,” it said.

Departmental systems have been targeted by cyberattacks in the past.

In 2011, assaults crippled computers at the Finance Department and Treasury Board. The attacks were later linked to efforts — possibly originating in China — to gather data on the potential takeover of a Canadian potash company.

To address each risk, the department laid out mitigation strategies. For instance, its plan to boost IT security includes specific measures such as more collaboration with Shared Services Canada, the agency responsible for the centralized federal email system and data consolidation.

In an email Tuesday, department spokesman Jack Aubry said Finance has taken several steps to improve cybersecurity, including segregating the IT network that holds budget information, making changes to ensure the safe exchange of sensitive information within government and raising awareness of security issues.

Finance’s IT infrastructure is overseen by Shared Services Canada, Aubry added.

“Threats in cyberspace are complex and rapidly evolving; now more than ever, cybersecurity is of paramount importance,” he said. “Evolving cyberthreats to IT security require constant vigilance and continue to be rigorously monitored.”

The internal list of risks also features four additional threats that were not made public in the spring. Here’s a rundown of corporate risks that didn’t make the cut, and their ratings:

— The risk Finance will be unable to attract and retain staff with the specialized skills and expertise needed to meet all the demands for sound and timely policy analysis and advice. Likelihood: medium. Impact: significant.

— The risk the department will be unable to fulfil its objectives of enhanced business effectiveness and collaboration because it lacks a formal, consistent structure to store and manage information and to classify documents. Likelihood: medium. Impact: moderate.

— The risk Finance won’t be able to meet both client and implementation expectations on government-wide projects. It’s an issue because of the centralization of government services, the dependency on other departments and difficulties with the delivery of some initiatives. It points to the troubled Phoenix payroll system for public employees as one example of a government-wide project. Likelihood: medium. Impact: moderate.

— The risk of failure in supporting systems and processes that would affect the timely and accurate delivery of tax and transfer payments to provinces, territories and indigenous governments. Likelihood: low. Impact: significant.

Just Posted

WATCH: Rappelling down Red Deer’s Stantec Building a thrilling, scary experience

Advocate reporter chronicles his trip down the 13-storey buildling

Red Deer raises $60,000 for Make-A-Wish Foundation

27 brave residents rappell down Stantec Building

People hurt in rollover near Red Deer

Occupants of a vehicle that rolled south of Hwy 11A were airlifted… Continue reading

Eager-beaver cannabis entrepreneurs already waiting outside Red Deer City Hall

Appications will be accepted on a first-come basis starting on Tuesday

Like father like son: Red Deer area Dreeshen family dedicates life to public service

There are three jobs that could be considered the Dreeshen family business:… Continue reading

WATCH: Gazebo groundbreaking in Waskasoo

Fifty per cent of the $100,000 project is funded by a provincial government grant

Woman killed in collision near Olds

A woman is dead after a collision west of Olds Saturday afternoon.… Continue reading

Evacuation numbers remain at nearly 1,000 as B.C. wildfires rage on

SUMMERLAND, B.C. — Officials in British Columbia’s Okanagan region hope that fire… Continue reading

Survivors recount deadly Missouri duck boat sinking

BRANSON, Mo. — “Grab the baby!” Those were the last words Tia… Continue reading

HMCS St. John’s to return to Halifax after six-month deployment overseas

HALIFAX — The countdown is on for the homecoming of a Halifax-class… Continue reading

Trump says lawyer taping him may be ‘illegal’

BRIDGEWATER, N.J. — The Latest on President Donald Trump and his onetime… Continue reading

Spieth part of 3-way tie for British lead as Woods lurks

CARNOUSTIE, Scotland — Jordan Spieth has a share of the lead in… Continue reading

WWII hero’s lost Purple Heart returned to his family

NEW YORK — A lost Purple Heart medal has been returned to… Continue reading

California girl, 2, accidentally shot and killed by boy, 4

SAN BERNARDINO, Calif. — Authorities say a 4-year-old boy accidentally shot and… Continue reading

Most Read


Five-day delivery plus unlimited digital access for $185 for 260 issues (must live in delivery area to qualify) Unlimited Digital Access 99 cents for the first four weeks and then only $15 per month Five-day delivery plus unlimited digital access for $15 a month