Minister of Finance Bill Morneau speaks to reporters as he arrives for Question Period in the House of Commons on Parliament Hill in Ottawa on June 18, 2018. THE CANADIAN PRESS/Justin Tang

Federal Finance Department at risk of big-impact cyberattack, say internal documents

The federal Finance Department faces a moderate risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations.

The federal Finance Department is facing a medium risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations, says a newly released internal analysis.

Finance, like other federal departments, publicly discloses a handful of its corporate risks — but a list obtained by The Canadian Press provides a deeper look at the key concerns for 2018-19 that had been left out of the public’s view.

Unlike the public report, the internal analysis gauges both the likelihood and severity for seven risks facing Finance Minister Bill Morneau’s department.

“Of the seven corporate risks… five are now considered key corporate risks because of their significant risk score (high and medium-high level) and their link to the departmental mandate,” said the document, prepared in late February for deputy finance minister Paul Rochon and restricted to ”very limited distribution.”

The information and accompanying briefing note were obtained under the Access to Information Act.

The analysis says given the sensitivity of data under Finance’s control and the prevalence of security incidents in the public and private sectors, there’s a “medium” likelihood of a breach or disruption with a ”significant” impact. Such an event would affect the department’s ”capability to provide policy options and advice and to execute critical government operations,” it said.

Departmental systems have been targeted by cyberattacks in the past.

In 2011, assaults crippled computers at the Finance Department and Treasury Board. The attacks were later linked to efforts — possibly originating in China — to gather data on the potential takeover of a Canadian potash company.

To address each risk, the department laid out mitigation strategies. For instance, its plan to boost IT security includes specific measures such as more collaboration with Shared Services Canada, the agency responsible for the centralized federal email system and data consolidation.

Related: Feds’ unheralded $102B rainy day fund kept for the improbable, like cyberattacks

Related: Liberals to dig deeper, aim higher on gender equality in 2018 federal budget

The internal list also features four additional threats that were not made public in the spring. Here’s a rundown of corporate risks that didn’t make the cut, and their ratings:

  • — The risk Finance will be unable to attract and retain staff with the specialized skills and expertise needed to meet all the demands for sound and timely policy analysis and advice. Likelihood: medium. Impact: significant.
  • — The risk the department will be unable to fulfil its objectives of enhanced business effectiveness and collaboration because it lacks a formal, consistent structure to store and manage information and to classify documents. Likelihood: medium. Impact: moderate.
  • — The risk Finance won’t be able to meet both client and implementation expectations on government-wide projects. It’s an issue because of the centralization of government services, the dependency on other departments and difficulties with the delivery of some initiatives. It points to the troubled Phoenix payroll system for public employees as one example of a government-wide project. Likelihood: medium. Impact: moderate.
  • — The risk of failure in supporting systems and processes that would affect the timely and accurate delivery of tax and transfer payments to provinces, territories and indigenous governments. Likelihood: low. Impact: significant.
  • These risks come in addition to the three that were flagged publicly by the Finance Department in the spring. Here are the previously released risks and their ratings, which were contained in the internal document:
  • — The risk of unauthorized IT network access or disruptions. Likelihood: medium. Impact: significant.
  • — The risk Ottawa’s financial position and capacity to meet borrowing requirements will take a negative hit from failed transactions or financial losses linked to department activities related to issuing market debt securities and management of liquid financial assets. Likelihood: low. Impact: significant.
  • — The risk that threats — such as the uneven pace of global economic recovery, the emergence of international protectionist policies and rising domestic debt levels — could leave the department without infrastructure and resources needed to meet urgent challenges. The department, it warned, could also lose the capability to ensure effective co-ordinated action by responsible agencies — domestically and internationally — to address a situation that affects the integrity and reputation of Canada’s financial system. Likelihood: low. Impact: significant.

Andy Blatchford, The Canadian Press

Like us on Facebook and follow us on Twitter.

Just Posted

Multiple drivers with symptoms of liquor consumption in the past week

The weekly police report for the South Cariboo area

100 Mile Free Press and Ashcroft-Cache Creek Journal win Canadian Community Newspaper Award for Fire Fight

“[It] should be shared with all the people who told us their stories and trusted us with them”

Forest Grove’s Hootstock Festival says goodbye to old venue

After five years, the festival will move to the Forest Grove Community Hall grounds

Forest Grove is getting ready to rock with the 2018 Hootstock Music Festival

Nearly 30 acts from around Canada to show off their musical talents

Mile 108 teacher heads to B.C. offshore school in Egypt

‘I don’t know exactly what to expect, but that’s kind of what I’m excited for.’

Trudeau asks transport minister to tackle Greyhound’s western pullout

Prime Minister Justin Trudeau says he’s asked Transport Minister Marc Garneau to find solutions in Greyhound Canada’s absence.

Hub for mental health and addictions treatment opens at B.C. hospital

St. Paul’s Hospital HUB is an acute medical unit that includes 10 patient beds

Restaurant Brands International to review policy over poaching employees

One of Canada’s largest fast-food company to review ‘no-poach’ franchise agreements

Calgary family’s vacation ends in tragedy on Texas highway

Three people died and four others were injured in the crash

Union construction cost competitive, B.C. Building Trades say

Non-union firms can bid on infrastructure, but employees have to join international unions

Trudeau to shuffle cabinet ahead of Liberals’ team for 2019

Trudeau could lighten the work loads of cabinet ministers who currently oversee more than one portfolio

Car calls 911 on possible impaired B.C. driver

A luxury car automatically calls Princeton police to scene of crash involving alcohol

BC Games marks 40 years in 2018

Cowichan Games a milestone for BC Games Society

VIDEO: Life’s a beach at this B.C. sand sculpting contest

More than $50,000 was up for grabs at the annual contest held in Parksville

Most Read