Item - 2022.AU12.4
Tracking Status
- City Council adopted this item on June 15, 2022 without amendments and without debate.
- This item was considered by the Audit Committee on June 6, 2022 and adopted without amendment. It will be considered by City Council on June 15, 2022.
AU12.4 - Auditor General’s Cybersecurity Review: Open-Source Internet Data Intelligence Review
- Decision Type:
- ACTION
- Status:
- Adopted on Consent
- Wards:
- All
City Council Decision
City Council on June 15 and 16, 2022, adopted the following:
1. City Council adopt the confidential instructions to staff in Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General.
2. City Council direct that Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General be released publicly at the discretion of the Auditor General, after discussions with the appropriate officials at the City and its agencies and corporations.
Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General remains confidential at this time in accordance with the provisions of the City of Toronto Act, 2006, as it pertains to the security of the property of the City of Toronto and its agencies and corporations. Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General will be made public at the discretion of the Auditor General, after discussions with the appropriate officials at the City and its agencies and corporations.
Confidential Attachment - The security of the property of the City of Toronto and its agencies and corporations
Background Information (Committee)
https://www.toronto.ca/legdocs/mmis/2022/au/bgrd/backgroundfile-226323.pdf
Confidential Attachment 1 - Auditor General’s Cybersecurity Review: Open-Source Internet Data Intelligence Review
AU12.4 - Auditor General’s Cybersecurity Review: Open-Source Internet Data Intelligence Review
- Decision Type:
- ACTION
- Status:
- Adopted
- Wards:
- All
Confidential Attachment - The security of the property of the City of Toronto and its agencies and corporations
Committee Recommendations
The Audit Committee recommends that:
1. City Council adopt the confidential instructions to staff in Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General.
2. City Council direct that Confidential Attachment 1 to the report (May 20, 2022) from the Auditor General be released publicly at the discretion of the Auditor General, after discussions with the appropriate officials at the City and its agencies and corporations.
Origin
Summary
Cyber threats are on the rise and continue to evolve. Many municipalities in Canada and the U.S. have been affected by cyberattacks in recent years. The Toronto Transit Commission was recently hit by a ransomware attack in October 2021.1
In Canada, the estimated average cost of a data breach is $6.35 million.2 As cybersecurity threats expand and become more complex, the Auditor General continues to proactively examine the controls and evolving cyber threats to the City, its agencies and corporations, and make recommendations to improve cybersecurity.
Cyber attackers leverage the data available over the internet for an organization and its staff to launch cyberattacks. It is important that the data available over the internet is monitored, and actions are taken to reduce the cyberattack surface. We used Open-Source Intelligence (OSINT) gathering for data available on the internet to perform this review.
The objective of this review was to identify information available over the internet that may present cybersecurity risks to the City and its agencies and corporations. The organizations reviewed included:
· City of Toronto
· Toronto Police Service
· Toronto Public Library
· Toronto Transit Commission (TTC)
· Toronto Hydro
This report contains two recommendations. The confidential findings and recommendations from our review are contained in the Confidential Attachment 1 to this report.
Background Information
https://www.toronto.ca/legdocs/mmis/2022/au/bgrd/backgroundfile-226323.pdf
Confidential Attachment 1 - Auditor General’s Cybersecurity Review: Open-Source Internet Data Intelligence Review