Finance at risk of major cyberattack: docs
The federal Finance Department is facing a medium risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations, says a newly released internal analysis. Finance, like other federal departments, publicly discloses a handful of its corporate risks — but a list obtained by The Canadian Press provides a deeper look at the key concerns for 2018-19 that had been left out of the public’s view.
Unlike the public report, the internal analysis gauges both the likelihood and severity for seven risks facing Finance Minister Bill Morneau’s department.
“Of the seven corporate risks ... five are now considered key corporate risks because of their significant risk score (high and medium-high level) and their link to the departmental mandate,” said the document, prepared in late February for deputy finance minister Paul Rochon and restricted to “very limited distribution.”
The information and accompanying briefing note were obtained under the Access to Information Act.
The analysis says given the sensitivity of data under Finance’s control and the prevalence of security incidents in the public and private sectors, there’s a “medium” likelihood of a breach or disruption with a “significant” impact. Such an event would affect the department’s “capability to provide policy options and advice and to execute critical government operations,” it said.
Departmental systems have been targeted by cyberattacks in the past.
In 2011, assaults crippled computers at the Finance Department and Treasury Board. The attacks were later linked to efforts — possibly originating in China — to gather data on the potential takeover of a Canadian potash company.
To address each risk, the department laid out mitigation strategies. For instance, its plan to boost IT security includes specific measures such as more collaboration with Shared Services Canada, the agency responsible for the centralized federal email system and data consolidation.