Finance Department at risk of big-impact cyberattack, say internal documents

OTTAWA — The federal Finance Department is facing a medium risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations, says a newly released internal analysis.

Finance, like other federal departments, publicly discloses a handful of its corporate risks — but a list obtained by The Canadian Press provides a deeper look at the key concerns for 2018-19 that had been left out of the public’s view.

Unlike the public report, the internal analysis gauges both the likelihood and severity for seven risks facing Finance Minister Bill Morneau’s department.

“Of the seven corporate risks… five are now considered key corporate risks because of their significant risk score (high and medium-high level) and their link to the departmental mandate,” said the document, prepared in late February for deputy finance minister Paul Rochon and restricted to ”very limited distribution.”

The information and accompanying briefing note were obtained under the Access to Information Act.

The analysis says given the sensitivity of data under Finance’s control and the prevalence of security incidents in the public and private sectors, there’s a “medium” likelihood of a breach or disruption with a ”significant” impact. Such an event would affect the department’s ”capability to provide policy options and advice and to execute critical government operations,” it said.

Departmental systems have been targeted by cyberattacks in the past.

In 2011, assaults crippled computers at the Finance Department and Treasury Board. The attacks were later linked to efforts — possibly originating in China — to gather data on the potential takeover of a Canadian potash company.

To address each risk, the department laid out mitigation strategies. For instance, its plan to boost IT security includes specific measures such as more collaboration with Shared Services Canada, the agency responsible for the centralized federal email system and data consolidation.

In an email Tuesday, department spokesman Jack Aubry said Finance has taken several steps to improve cybersecurity, including segregating the IT network that holds budget information, making changes to ensure the safe exchange of sensitive information within government and raising awareness of security issues.

Finance’s IT infrastructure is overseen by Shared Services Canada, Aubry added.

“Threats in cyberspace are complex and rapidly evolving; now more than ever, cybersecurity is of paramount importance,” he said. “Evolving cyberthreats to IT security require constant vigilance and continue to be rigorously monitored.”

The internal list of risks also features four additional threats that were not made public in the spring. Here’s a rundown of corporate risks that didn’t make the cut, and their ratings:

— The risk Finance will be unable to attract and retain staff with the specialized skills and expertise needed to meet all the demands for sound and timely policy analysis and advice. Likelihood: medium. Impact: significant.

— The risk the department will be unable to fulfil its objectives of enhanced business effectiveness and collaboration because it lacks a formal, consistent structure to store and manage information and to classify documents. Likelihood: medium. Impact: moderate.

— The risk Finance won’t be able to meet both client and implementation expectations on government-wide projects. It’s an issue because of the centralization of government services, the dependency on other departments and difficulties with the delivery of some initiatives. It points to the troubled Phoenix payroll system for public employees as one example of a government-wide project. Likelihood: medium. Impact: moderate.

— The risk of failure in supporting systems and processes that would affect the timely and accurate delivery of tax and transfer payments to provinces, territories and indigenous governments. Likelihood: low. Impact: significant.

Just Posted

RCMP on scene of collision near Rimbey

Hwy 53 down to one lane at collision scene

Is the fate of Red Deer’s Parsons House solely in the hands of the province?

Demolition of old police station next door to begin this fall

Fundraiser to help keep kids warm in Blackfalds

Community Warmth Fall Fundraiser

Piper Creek Foundation gets a new name

Red Deer subsidized housing program for seniors

Reveen returns to Red Deer

Presented by Friends of Red Deer Regional Hospital

WATCH: Red Deer students take part in annual run

Dawe/St. Pat’s Run reaches 40th anniversary

Rafael Nadal to skip tournaments in Asia because of bad knee

MADRID — Rafael Nadal says he will not play in upcoming tournaments… Continue reading

Canadian crabs with bad attitude threaten coastal Maine ecosystem

BIDDEFORD, Maine — Canadians are known as friendly folks, but these crabby… Continue reading

UK lawmakers: ‘Wild West’ cryptocurrencies need regulation

LONDON — British lawmakers have backed calls for greater regulation of cryptocurrencies… Continue reading

Proposed class action lawsuit on trailing commissions filed against CIBC

TORONTO — A class action lawsuit regarding trailing commissions paid to discount… Continue reading

Saskatchewan family reunited with dog that bolted during July 2017 farm visit

MOOSE JAW, Sask. — A family in Moose Jaw, Sask., is overjoyed… Continue reading

Ex-aide is star witness of panel probing French crisis

PARIS — A former security aide of French President Emmanuel Macron who… Continue reading

German doctors: Pussy Riot poisoning ‘highly plausible’

BERLIN — German doctors treating a member of Russian protest group Pussy… Continue reading

Smile Cookie fundraiser campaign for Reading College kicks off

Fundraising campaign runs Sept. 12-18 for program that helps children improve their reading

Most Read