Minister of Finance Bill Morneau speaks to reporters as he arrives for Question Period in the House of Commons on Parliament Hill in Ottawa on June 18, 2018. THE CANADIAN PRESS/Justin Tang

Federal Finance Department at risk of big-impact cyberattack, say internal documents

The federal Finance Department faces a moderate risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations.

The federal Finance Department is facing a medium risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations, says a newly released internal analysis.

Finance, like other federal departments, publicly discloses a handful of its corporate risks — but a list obtained by The Canadian Press provides a deeper look at the key concerns for 2018-19 that had been left out of the public’s view.

Unlike the public report, the internal analysis gauges both the likelihood and severity for seven risks facing Finance Minister Bill Morneau’s department.

“Of the seven corporate risks… five are now considered key corporate risks because of their significant risk score (high and medium-high level) and their link to the departmental mandate,” said the document, prepared in late February for deputy finance minister Paul Rochon and restricted to ”very limited distribution.”

The information and accompanying briefing note were obtained under the Access to Information Act.

The analysis says given the sensitivity of data under Finance’s control and the prevalence of security incidents in the public and private sectors, there’s a “medium” likelihood of a breach or disruption with a ”significant” impact. Such an event would affect the department’s ”capability to provide policy options and advice and to execute critical government operations,” it said.

Departmental systems have been targeted by cyberattacks in the past.

In 2011, assaults crippled computers at the Finance Department and Treasury Board. The attacks were later linked to efforts — possibly originating in China — to gather data on the potential takeover of a Canadian potash company.

To address each risk, the department laid out mitigation strategies. For instance, its plan to boost IT security includes specific measures such as more collaboration with Shared Services Canada, the agency responsible for the centralized federal email system and data consolidation.

Related: Feds’ unheralded $102B rainy day fund kept for the improbable, like cyberattacks

Related: Liberals to dig deeper, aim higher on gender equality in 2018 federal budget

The internal list also features four additional threats that were not made public in the spring. Here’s a rundown of corporate risks that didn’t make the cut, and their ratings:

  • — The risk Finance will be unable to attract and retain staff with the specialized skills and expertise needed to meet all the demands for sound and timely policy analysis and advice. Likelihood: medium. Impact: significant.
  • — The risk the department will be unable to fulfil its objectives of enhanced business effectiveness and collaboration because it lacks a formal, consistent structure to store and manage information and to classify documents. Likelihood: medium. Impact: moderate.
  • — The risk Finance won’t be able to meet both client and implementation expectations on government-wide projects. It’s an issue because of the centralization of government services, the dependency on other departments and difficulties with the delivery of some initiatives. It points to the troubled Phoenix payroll system for public employees as one example of a government-wide project. Likelihood: medium. Impact: moderate.
  • — The risk of failure in supporting systems and processes that would affect the timely and accurate delivery of tax and transfer payments to provinces, territories and indigenous governments. Likelihood: low. Impact: significant.
  • These risks come in addition to the three that were flagged publicly by the Finance Department in the spring. Here are the previously released risks and their ratings, which were contained in the internal document:
  • — The risk of unauthorized IT network access or disruptions. Likelihood: medium. Impact: significant.
  • — The risk Ottawa’s financial position and capacity to meet borrowing requirements will take a negative hit from failed transactions or financial losses linked to department activities related to issuing market debt securities and management of liquid financial assets. Likelihood: low. Impact: significant.
  • — The risk that threats — such as the uneven pace of global economic recovery, the emergence of international protectionist policies and rising domestic debt levels — could leave the department without infrastructure and resources needed to meet urgent challenges. The department, it warned, could also lose the capability to ensure effective co-ordinated action by responsible agencies — domestically and internationally — to address a situation that affects the integrity and reputation of Canada’s financial system. Likelihood: low. Impact: significant.

Andy Blatchford, The Canadian Press

Like us on Facebook and follow us on Twitter.

Just Posted

21 per cent of ballots returned in electoral referendum

Percentage of screened ballots in Cariboo likely higher than average due to mailout schedule

Spray painting in Tatton-Station Road and 108 Water Treatment Plant areas

The weekly police report for the South Cariboo area

Pickup in ditch on Highway 97 near 103 Mile

A pickup truck ended up in the ditch this morning on Highway… Continue reading

About the Canucks

The weekly sports column for the 100 Mile Free Press

VIDEO: B.C. legislature clerk, sergeant at arms suspended for criminal investigation

Clerk of the House Craig James, Sergeant-at-arms Gary Lenz on administrative leave

Watchdog calls for probe into police board spending on former Victoria police chief

Police Complaint Commissioner says accountable and transparent review is in public interest

South Korean named Interpol president in blow to Russia

South Korea’s Kim Jong Yang was elected as Interpol’s president edging out a longtime veteran of Russia’s security services.

E. coli outbreak linked to romaine lettuce sickens 18 people in Ontario, Quebec

The Canadian Food Inspection Agency says it’s working with U.S. authorities to determine the source of the romaine lettuce those who got ill were exposed to.

Trump defies calls to punish crown prince for writer’s death

The U.S. earlier sanctioned 17 Saudi officials suspected of being responsible for or complicit in the Oct. 2 killing, but members of Congress have called for harsher actions, including cancelling arms sales.

British, EU leaders to meet as Brexit deadline looms

The U.K. and the European Union agreed last week on a 585-page document sealing the terms of Britain’s departure.

Richard Oland was killed ‘in a rage,’ prosecutor tells son’s murder trial

The verdict from Oland’s 2015 murder trial was set aside on appeal in 2016. Richard Oland, 69, was found dead in his Saint John office on July 7, 2011.

B.C.’s HMCS Edmonton rescues two more sea turtles

Warship credited with a turtle rescue earlier in November

Former NHL player and coach Dan Maloney dies at 68

Maloney coached the Toronto Maple Leafs and Winnipeg Jets

Most Read