{"id":170292,"date":"2018-07-10T22:33:17","date_gmt":"2018-07-11T02:33:17","guid":{"rendered":"https:\/\/canadianinquirer.net\/v1\/?p=170292"},"modified":"2018-07-10T22:33:17","modified_gmt":"2018-07-11T02:33:17","slug":"finance-department-at-risk-of-big-impact-cyberattack-say-internal-documents","status":"publish","type":"post","link":"https:\/\/canadianinquirer.net\/v1\/2018\/07\/10\/finance-department-at-risk-of-big-impact-cyberattack-say-internal-documents\/","title":{"rendered":"Finance Department at risk of big impact cyberattack, say internal documents"},"content":{"rendered":"
\"Finance,<\/a>
Finance, like other federal departments, publicly discloses a handful of its corporate risks \u2014 but a list obtained by The Canadian Press provides a deeper look at the key concerns for 2018-19 that had been left out of the public’s view. (Pixabay photo)<\/figcaption><\/figure>\n

OTTAWA \u2014 \u00a0The federal Finance Department is facing a medium risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations, says a newly released internal analysis.<\/p>\n

Finance, like other federal departments, publicly discloses a handful of its corporate risks \u2014 \u00a0but a list obtained by The Canadian Press provides a deeper look at the key concerns for 2018-19 that had been left out of the public’s view.<\/p>\n

Unlike the public report, the internal analysis gauges both the likelihood and severity for seven risks facing Finance Minister Bill Morneau’s department.<\/p>\n

\u201cOf the seven corporate risks… five are now considered key corporate risks because of their significant risk score (high and medium-high level) and their link to the departmental mandate,\u201d said the document, prepared in late February for deputy finance minister Paul Rochon and restricted to \u201cvery limited distribution.\u201d<\/p>\n

The information and accompanying briefing note were obtained under the Access to Information Act.<\/p>\n

The analysis says given the sensitivity of data under Finance’s control and the prevalence of security incidents in the public and private sectors, there’s a \u201cmedium\u201d likelihood of a breach or disruption with a \u201csignificant\u201d impact. Such an event would affect the department’s \u201ccapability to provide policy options and advice and to execute critical government operations,\u201d it said.<\/p>\n

Departmental systems have been targeted by cyberattacks in the past.<\/p>\n

In 2011, assaults crippled computers at the Finance Department and Treasury Board. The attacks were later linked to efforts \u2014 \u00a0possibly originating in China \u2014 \u00a0to gather data on the potential takeover of a Canadian potash company.<\/p>\n

To address each risk, the department laid out mitigation strategies. For instance, its plan to boost IT security includes specific measures such as more collaboration with Shared Services Canada, the agency responsible for the centralized federal email system and data consolidation.<\/p>\n

In an email Tuesday, department spokesman Jack Aubry said Finance has taken several steps to improve cybersecurity, including segregating the IT network that holds budget information, making changes to ensure the safe exchange of sensitive information within government and raising awareness of security issues.<\/p>\n

Finance’s IT infrastructure is overseen by Shared Services Canada, Aubry added.<\/p>\n

\u201cThreats in cyberspace are complex and rapidly evolving; now more than ever, cybersecurity is of paramount importance,\u201d he said. \u201cEvolving cyberthreats to IT security require constant vigilance and continue to be rigorously monitored.\u201d<\/p>\n

The internal list of risks also features four additional threats that were not made public in the spring. Here’s a rundown of corporate risks that didn’t make the cut, and their ratings:<\/p>\n

\u2014 \u00a0The risk Finance will be unable to attract and retain staff with the specialized skills and expertise needed to meet all the demands for sound and timely policy analysis and advice. Likelihood: medium. Impact: significant.<\/p>\n

\u2014 \u00a0The risk the department will be unable to fulfil its objectives of enhanced business effectiveness and collaboration because it lacks a formal, consistent structure to store and manage information and to classify documents. Likelihood: medium. Impact: moderate.<\/p>\n

\u2014 \u00a0The risk Finance won’t be able to meet both client and implementation expectations on government-wide projects. It’s an issue because of the centralization of government services, the dependency on other departments and difficulties with the delivery of some initiatives. It points to the troubled Phoenix payroll system for public employees as one example of a government-wide project. Likelihood: medium. Impact: moderate.<\/p>\n

\u2014 \u00a0The risk of failure in supporting systems and processes that would affect the timely and accurate delivery of tax and transfer payments to provinces, territories and indigenous governments. Likelihood: low. Impact: significant.<\/p>\n

These risks come in addition to the three that were flagged publicly by the Finance Department in the spring. Here are the previously released risks and their ratings, which were contained in the internal document:<\/p>\n

\u2014 \u00a0The risk of unauthorized IT network access or disruptions. Likelihood: medium. Impact: significant.<\/p>\n

\u2014 \u00a0The risk Ottawa’s financial position and capacity to meet borrowing requirements will take a negative hit from failed transactions or financial losses linked to department activities related to issuing market debt securities and management of liquid financial assets. Likelihood: low. Impact: significant.<\/p>\n

\u2014 \u00a0The risk that threats \u2014 \u00a0such as the uneven pace of global economic recovery, the emergence of international protectionist policies and rising domestic debt levels \u2014 \u00a0could leave the department without infrastructure and resources needed to meet urgent challenges. The department, it warned, could also lose the capability to ensure effective co-ordinated action by responsible agencies \u2014 \u00a0domestically and internationally \u2014 \u00a0to address a situation that affects the integrity and reputation of Canada’s financial system. Likelihood: low. Impact: significant.<\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

OTTAWA \u2014 \u00a0The federal Finance Department is facing a medium risk of a cyberattack that could deliver a significant blow …<\/p>\n","protected":false},"author":33,"featured_media":110907,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[18],"tags":[53040,53041],"class_list":["post-170292","post","type-post","status-publish","format-standard","has-post-thumbnail","category-news-ca","tag-cyberattack","tag-federal-finance-department","mauthors-andy-blatchford","mauthors-the-canadian-press"],"_links":{"self":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/170292","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/users\/33"}],"replies":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/comments?post=170292"}],"version-history":[{"count":0,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/posts\/170292\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media\/110907"}],"wp:attachment":[{"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/media?parent=170292"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/categories?post=170292"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/canadianinquirer.net\/v1\/wp-json\/wp\/v2\/tags?post=170292"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}