The steelmaker is also keeping a close eye on possible risks associated with artificial intelligence
How serious is Algoma Steel about cybersecurity?
Very serious, according to documents filed this month with securities regulators.
So far, the Sault steelmaker has yet to experience a material cybersecurity breach, but the company disclosed in its most recent sustainability report that 100 per cent of its salaried employees have completed mandatory cybersecurity training.
Cybersecurity is activity designed to shield computer programs, networks and systems against digital attacks.
Cyberattacks can extort money using ransomware.
They can also interrupt a company’s business, and change or destroy sensitive information.
“To strengthen our human defence layer, we maintain a comprehensive cybersecurity awareness and training program for all employees,” Algoma Steel said in a sustainability report released on June 4.
The company’s audit and risk management committee receives at least four updates on the issue each year.
Algoma’s most recent staffing levels show it has about 335 salaried employees, working as front line supervisors, shift co-ordinators and planners, as well as office and technical professionals.
“Periodic deep-dive sessions are conducted to provide detailed insights into key risk areas, along with the mitigation strategies in place to address them,” the company reports.
“Our cybersecurity program is aligned with the NIST Cybersecurity Framework, and we conduct recurring third-party maturity assessments to benchmark and continuously improve our capabilities.
“We are also actively progressing toward compliance with NIST SP 800-171, which we anticipate will be a requirement for participation in Canadian government-sponsored projects.
“To strengthen our human defence layer, we maintain a comprehensive cybersecurity awareness and training program for all employees.
“This includes ongoing education as well as simulated phishing campaigns to reinforce vigilance and reduce susceptibility to social engineering threats.”
Algoma Steel is also keeping a close eye on possible risks involving artificial intelligence.
“We have established an Artificial Intelligence (AI) Committee which includes the development of a responsible abd ethical use of AI policy to guide employee use of AI technologies.
“As we expand the use of AI, we are aligning our governance approach with the NIST Risk Management Framework (“RMF”) playbook for AI, with oversight provided by the chief financial officer.
“This includes implementing appropriate risk controls, validation processes, and maintaining a human-in-the-loop review model to ensure that no AI-driven changes are deployed to production environments without appropriate oversight and approval.”
