Finance Department at risk of big-impact cyberattack, say internal documents

A newly released internal analysis says the federal Finance Department faces a moderate risk of a cyberattack that could deliver a significant blow to its ability to carry out some crucial government operations.

Finance, like other federal departments, publicly discloses a handful of its corporate risks, but a list obtained by The Canadian Press provides a deeper look at the key concerns for 2018-19 that had been left out of the public's view.

Unlike the public document, the internal analysis gauges both the likelihood and severity for seven corporate risks facing Finance Minister Bill Morneau's department.

The analysis says given the sensitivity of data under Finance's control and the prevalence of security incidents in the public and private sectors, there's a medium risk of a breach or disruption that delivers a significant hit to the department's reputation and ability to provide policy advice and execute critical government operations.

The internal list, obtained under the Access to Information Act, also features four additional threats that were not made public in the department's annual report, released in the spring.

They range from the risk the department will be unable to attract and retain skilled staff for key positions, to the lack of a formal, consistent structure to store and manage information.