Item - 2022.AU12.4

Tracking Status

  • City Council adopted this item on June 15, 2022 without amendments and without debate.
  • This item was considered by the Audit Committee on June 6, 2022 and adopted without amendment. It will be considered by City Council on June 15, 2022.

AU12.4 - Auditor Generalís Cybersecurity Review: Open-Source Internet Data Intelligence Review

Decision Type:
ACTION
Status:
Adopted
Wards:
All

City Council Decision

City Council on June 15 and 16, 2022, adopted the following:

 

1. City Council adopt the confidential instructions to staff in Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General.

 

2. City Council direct that Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General be released publicly at the discretion of the Auditor General, after discussions with the appropriate officials at the City and its agencies and corporations.

 

Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General remains confidential at this time in accordance with the provisions of the City of Toronto Act, 2006, as it pertains to the security of the property of the City of Toronto and its agencies and corporations.  Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General will be made public at the discretion of the Auditor General, after discussions with the appropriate officials at the City and its agencies and corporations.

Confidential Attachment - The security of the property of the City of Toronto and its agencies and corporations

Background Information (Committee)

(May 20, 2022) Report from the Auditor General on Auditor Generalís Cybersecurity Review: Open-Source Internet Data Intelligence Review
https://www.toronto.ca/legdocs/mmis/2022/au/bgrd/backgroundfile-226323.pdf
Confidential Attachment 1 - Auditor Generalís Cybersecurity Review: Open-Source Internet Data Intelligence Review

AU12.4 - Auditor Generalís Cybersecurity Review: Open-Source Internet Data Intelligence Review

Decision Type:
ACTION
Status:
Adopted
Wards:
All

Confidential Attachment - The security of the property of the City of Toronto and its agencies and corporations

Committee Recommendations

The Audit Committee recommends that:

  

1. City Council adopt the confidential instructions to staff in Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General.

 

2. City Council direct that Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General be released publicly at the discretion of the Auditor General, after discussions with the appropriate officials at the City and its agencies and corporations.

Origin

(May 20, 2022) Report from the Auditor General

Summary

Cyber threats are on the rise and continue to evolve. Many municipalities in Canada and the U.S. have been affected by cyberattacks in recent years. The Toronto Transit Commission was recently hit by a ransomware attack in October 2021.1

 

In Canada, the estimated average cost of a data breach is $6.35 million.2 As cybersecurity threats expand and become more complex, the Auditor General continues to proactively examine the controls and evolving cyber threats to the City, its agencies and corporations, and make recommendations to improve cybersecurity.

 

Cyber attackers leverage the data available over the internet for an organization and its staff to launch cyberattacks. It is important that the data available over the internet is monitored, and actions are taken to reduce the cyberattack surface. We used Open-Source Intelligence (OSINT) gathering for data available on the internet to perform this review.

 

The objective of this review was to identify information available over the internet that may present cybersecurity risks to the City and its agencies and corporations. The organizations reviewed included:

 

·         City of Toronto

·         Toronto Police Service

·         Toronto Public Library

·         Toronto Transit Commission (TTC)

·         Toronto Hydro

 

This report contains two recommendations. The confidential findings and recommendations from our review are contained in the Confidential Attachment 1 to this report.

Background Information

(May 20, 2022) Report from the Auditor General on Auditor Generalís Cybersecurity Review: Open-Source Internet Data Intelligence Review
https://www.toronto.ca/legdocs/mmis/2022/au/bgrd/backgroundfile-226323.pdf
Confidential Attachment 1 - Auditor Generalís Cybersecurity Review: Open-Source Internet Data Intelligence Review

Motions

Motion to Adopt Item moved by Councillor Frances Nunziata (Carried)
Source: Toronto City Clerk at www.toronto.ca/council