House Standing Committee on National Defence Appearance, Chief, CSE – September 28

Table of contents

• Appearance details
• Key Highlights and Prep Material
  • Minister’s Opening Remarks
  • Key Topics
  • Potential Questions and Answers
  • Mandate Letter
• Issue notes
  • CSE Accountability, Oversight and Review
  • Foreign Interference and the Democratic Process
  • Top Cybersecurity Points
  • Cyber Security and Cyber Capabilities
  • Russian Cyber Threats to Canada
  • Ransomware
  • Protecting Canada’s Telecommunications Systems
  • Growth, Recruitment, and Retention at CSE
• Background Material
  • Committee Membership and Profiles
  • Committee backgrounder
  • Additional Media Lines
  • Additional Q and A's

Appearance details

Date: September 28, 2023
Location: 035-B, West Block
Time: 3:30 – 5:30pm

Appearing:

• Bill Blair
  Minister of National Defence (First Hour)


• Caroline Xavier
  Chief, Communications Security Establishment


• Bill Matthews
  Deputy Minister, Department of National Defence


• Gen Wayne Eyre,
  Chief of the Defence Staff, Department of National Defence


• Col Robin Holman
  Judge Advocate General, Department of National Defence


• DND Senior Official - TBD


• Details: Opportunity for Minister of National Defence to discuss his Mandate Letter and priorities to the Standing Committee on National Defence.

Key Highlights and Prep Material

Event: Standing Committee Appearance – Ministerial Priorities
Speaker: MND Date: September 28, 2023
Length: 5 Minutes (currently 776 words; 6-6.5 mins @ 125 WPM)
Themes: State of the World, Leadership Guidance and Expectations, Culture Change, Procurement.
Vetters: CPCC, D Strat A, Mat/IE PA, NORAD Pol, D NATO Pol, DIP Pol, D Parl A, SJS

Minister's remarks

Link forthcoming

Key Topics – High-level

• As Canada’s national cyber security and foreign signals intelligence agency, CSE has unique technical and operational capabilities.
• The Communications Security Establishment Act (the CSE Act) sets out five aspects of our mandate: cyber security and information assurance; foreign intelligence; defensive cyber operations; active cyber operations; and technical and operation assistance. We use our technical expertise in all five aspects of our mandate. We do so to keep Canadians safe and secure.
• CSE’s foreign signals intelligence program provides Canada’s senior decision-makers with insights into the activities, motivations, capabilities, and intentions of foreign adversaries, and the international readiness and foreign reactions to a variety of diverse global events.
• CSE’s intelligence reporting also identifies hostile state activities, and the CSE Act authorizes us to assist the Department of National Defence and the Canadian Armed Forces.
• We support Canadian military operations and protect forces deployed abroad through advanced cyber techniques. For example, CSE could protect Canadian forces by disrupting an adversary’s ability to communicate or providing intelligence regarding an imminent threat.
• The CSE Act gives CSE the legal authority to conduct cyber operations to disrupt foreign-based threats to Canada. This includes active cyber operations to degrade, disrupt, respond to, or interfere with the capabilities, intentions or activities of foreign individuals, states, and organizations.
• If there are reasonable grounds to believe that a foreign state or actor constitutes a threat to the security of Canada and/or Canadian military forces, we are prepared to take appropriate action to address the threat.
• We continue to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.
• CSE is responsible for handling sensitive and highly classified information. We take this responsibility very seriously to ensure our standards are upheld and our intelligence is well protected. Due to the nature of our work, we can’t discuss highly sensitive operational matters or intelligence in public, but rest assured we are defending Canadians and the Government of Canada every day.

India

• CSE leverages all aspects of its mandate to counter hostile state activity. We work closely with federal partners and international allies to defend Canada’s interests, in accordance with our mandate and authorities.
• CSE can neither confirm nor deny any specific operations, capabilities or targets for operational security reasons. However, Canadians can be assured that CSE’s foreign signals intelligence provides Canada’s decision-makers with actionable insights on a range of foreign-based threats, including the activities of hostile states, cybercriminals and violent extremists.

Distributed Denial of Service (DDoS)

• The Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) have received reports of several distributed denial of service campaigns, also known as DDoS attacks, targeting the Government, provinces and territories, as well as the financial and transportation sectors.
• On Friday, September 22, 2023, CSE issued a warning urging the Canadian cyber security community especially the operators of government and critical infrastructure web sites to adopt a heightened state of vigilance, and to bolster their awareness of and protection against malicious cyber threats.
• CSE observed that it’s not uncommon to see increased distributed denial of service (DDoS) campaigns against NATO countries that support Ukraine, or host visits from Ukrainian government officials.
• On Friday, September 15, 2023, the Canadian Centre for Cyber Security (Cyber Centre) published a statement and a cyber alert on Cyber.gc.ca warning Canadians of several distributed denial of service (DDoS) campaigns targeting the Government of Canada, provinces and territories, as well as the financial and transportation sectors.
• CSE and the Cyber Centre are continuously monitoring the threats from state sponsored threat actors, especially China, Russia, North Korea and Iran.
• CSE continues to monitor Russia-backed cyber actors and share threat-related information with Canadians and Canadian organizations in a timely basis.
• The Government of Canada has systems and tools in place to monitor, detect and investigate potential threats, and takes active measures as required. CSE continues to work with its cyber security partners to ensure the Government’s networks and infrastructure are well defended against cyber threats.

Foreign Interference

• Canadians should be aware about covert and deceptive activities conducted by foreign states, including the People’s Republic of China and its ruling Chinese Communist Party, with the intent to influence the results of democratic elections at all levels of government in Canada. Although Canada’s electoral system is strong, foreign interference can erode trust and threaten the integrity of our democratic institutions, political system, fundamental rights and freedoms, and ultimately, our sovereignty.
• Although CSE was the Chair of the SITE Task Force for the 2019 and 2021 federal elections, CSE, CSIS, the RCMP, and Global Affairs Canada are individually responsible to investigate and respond to any instances of foreign interference activity that fall under their specific departmental mandates. SITE Task Force partners advised and contextualized information that was presented to the Panel; however, it is their decision in terms of whether the information meets the threshold make a public statement.
• CSE cannot speak to what types of classified information (or the details) that was shared with the political parties, the Privy Council Office, or the Panel for security reasons. This same restriction applies to those members of the political parties cleared to receive information/briefings from SITE.

Ukraine/Geopolitical Events

• The Government of Canada’s cyber defence team, including CSE, is constantly reviewing measures to ensure our systems and information networks remain secure. We have tools in place to monitor, detect, and investigate potential threats, and to take active measures to address them.
• We can confirm that CSE has been tracking cyber threat activity associated with the current crisis. CSE has been sharing valuable cyber threat intelligence with key partners in Ukraine and continues to work with the Canadian Armed Forces (CAF) in support of Ukraine.
• As the situation has deteriorated, CSE’s Cyber Centre continues to monitor the cyber threat environment in Canada and globally, including cyber threat activity directed at critical infrastructure networks, operational and information technology (OT/IT). We recently issued reminder to the Canadian cyber security community to adopt a heightened state of vigilance and bolster awareness and protection against malicious cyber threats.
• CSE is aware of an increase in Russian state-aligned hacktivist groups seeking to Ukraine and its allies. 
• We remind Canadian critical infrastructure operators and defenders to be aware of the risks and take mitigations against known Russian-backed cyber threat activity. Now is the time to take defensive action and be proactive in network monitoring and applying appropriate mitigations.
• In addition to public advisories, the Cyber Centre continues to share valuable cyber threat information with Canadian critical infrastructure partners via protected channels. This information includes indicators of compromise, threat mitigation advice, and confidential alerts regarding new forms of malware, and other tactics, techniques, and procedures being used to target victims.

Indo-Pacific Strategy

• Budget 2023 announced $29.7M over five years for The Communications Security Establishment (CSE) to increase Canada’s foreign intelligence support to government partners in defence and security in the Indo-Pacific.
• In addition, CSE’s Canadian Centre for Cyber Security (Cyber Centre) will expand its delivery of cyber security advice and guidance to partners and stakeholders in the region.

Arctic

• CSE works to make sure the Government of Canada has the necessary intelligence to safeguard Canada’s Arctic sovereignty. This includes monitoring the intentions, capabilities, and investments of hostile state actors with respect to the Arctic.
• CSE chairs a multi-national signals intelligence forum which focuses on the Polar regions. We collaborate and coordinate with partners across the Government of Canada to ensure that our intelligence gathering efforts align with their needs.
• CSE also collaborates and coordinates with the rest of the Government of Canada, including DND/CAF, to ensure that Arctic intelligence requirements are well-understood and align with CSE efforts.
• CSE is aware of public reports that some Government of Canada websites were offline in mid-April (2023). CSE and its Canadian Centre for Cyber Security have observed that it’s not uncommon to see distributed denial-of-service (DDoS) attacks against countries hosting visits from Ukrainian government officials. While these incidents draw attention, they have very little impact on the systems affected.
• CSE and its Canadian Centre for Cyber Security continue to work closely with our cyber defence colleagues at the Treasury Board Secretariat – Office of the Chief Information Officer, and Shared Services Canada and other Government of Canada departments and agencies to ensure there are systems and tools in place to monitor, detect, and investigate potential threats, and to neutralize threats when they occur.
• The Government of Canada, like every other government and private sector organization in the world, is subject to ongoing and persistent cyberthreats.

Cyber threats to critical infrastructure

• CSE and its Canadian Centre for Cyber Security (Cyber Centre) continue to monitor for any developing cyber threats and share threat-information with our partners and stakeholders to help prevent incidents.
• As noted in the 2023-24 National Cyber Threat Assessment, we are concerned about the opportunities for critical infrastructure disruption, particularly about Internet-connected Operational Technology (OT) that underpins industrial processes. Internet-connected OT increases the threat surface of the organizations that employ it and increases the opportunity for cyber threat activity to have effects in the physical world.
• CSE, through the Cyber Centre, have been in contact with critical infrastructure operators to ensure they are aware of cyber threats related to geopolitical tensions. CSE continues to monitor Russia-backed cyber actors and share threat-related information with Canadians and Canadian organizations in a timely basis. 
• Recently, the Cyber Centre issued a Cyber Flash to partners. It noted that we had a confirmed report where a cyber threat actor had the potential to cause physical damage to Canadian critical infrastructure. As the prime minister said, we can report there was no physical damage to any Canadian energy infrastructure. But make no mistake: the threat is real.   
• We remain deeply concerned about the threat to critical infrastructure and urge critical infrastructure owners and operators to get in touch with us to work together to protect their systems.

Cyber security and recent cyber incidents

• Recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. CSE works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Ransomware poses a threat to Canada’s national security and economic prosperity. Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key. Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
• The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
• Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, small-and-medium enterprises as well as critical infrastructure owners and operators to raise Canada’s cyber security bar.

Recruitment and retention

• The Communications Security Establishment (CSE) is an employer of choice – we are fortunate that many talented people choose to work with us. Each year CSE receives on average, 10,000 to 15,000 applications from applicants with diverse skill sets and cultural backgrounds.
• Over the past several years, CSE has experienced continued and sustained growth. Since 2019, our workforce has grown from approximately 2600 employees to 3,232 full-time employees as of March 31, 2023. We believe that this growth, combined with our comparatively low attrition rate reflects the positive work environment, employee development and support programs we have in place.
• CSE has also been recognized as a Top Employer in 2020, 2021, 2022, and 2023, as well as one of Canada’s Top Employer for Youth for the past 7 years in a row.

Bill C-26

• The Government of Canada is taking action to protect vital services and systems that Canadians rely on every day, such as telecommunications services and financial, energy and transportation systems. To do this, the proposed legislation addresses the protection of Canada’s critical cyber systems that underpin those services and systems and expands upon the existing cyber security efforts of critical cyber systems operators, while enhancing collaboration between the federal government and private sector entities.
• In line with the National Cyber Security Strategy, the role of CSE and its Canadian Centre for Cyber Security (Cyber Centre) would be to provide technical cyber security expertise. Importantly, CSE would not receive any new authorities as part of Bill C-26.
• In support of Part 2 of Bill C-26, the Critical Cyber Systems Protection Act (CCSPA), CSE would leverage its existing mandate under the Communications Security Establishment Act (CSE Act) for cyber security and information assurance to provide technical advice and guidance to:
  • Operators designated under the CCSPA,
  • Regulators named in the CCSPA in support of their duties and functions,
  • Lead departments and their ministers, and
  • To the Minister of Public Safety in the exercise of his or her powers and functions under the CCSPA.
  • CSE would also receive reports of cyber security incidents and would provide these reports (or a subset thereof) to regulators, upon request.
• CSE is prohibited by law from targeting the private information of Canadians or any person in Canada – this is spelled out in the CSE Act. We take our responsibility to protect Canadian privacy very seriously.
• CSE operates under a robust system of independent oversight including the Intelligence Commissioner, NSIRA, and NSICOP.

CSE – Other facts

• CSE’s 2023-2024 Main Estimates are $965.9M, a net increase of $167.4M from the 2022-23 Main Estimates of $798.5M.
• CSE’s 2022-2023 budget is $948 million, total authorities.
• Since 2014, CSE and the Government of Canada have officially attributed 12 cyber incidents to nation-state and state-affiliated actors.
• CSE’s automated defences protect the Government of Canada from over 6 billion malicious actions a day.

Potential Questions and Answers

1. What is the mandate of CSE?

• CSE is the national signals intelligence agency for foreign intelligence and the technical authority for cyber security and information assurance.
• The Communications Security Establishment Act (the CSE Act) sets out the five aspects of our mandate:
  • Cyber security and information assurance: CSE acquires, uses, and analyzes information from the global information infrastructure, or from other sources, to provide advice, guidance and services to help protect electronic information and information infrastructures.
  • Foreign intelligence: CSE acquires, covertly or otherwise, information from or through the global information infrastructure, to provide foreign intelligence, in accordance with the Government of Canada’s intelligence priorities. 
  • Defensive cyber operations: CSE carries out activities on or through the global information infrastructure to help protect electronic information and information infrastructures that are of importance to the Government of Canada.
  • Active cyber operations: CSE carries out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security; and
  • Technical and operational assistance: CSE provides technical and operational assistance to federal law enforcement and security agencies, the Canadian Forces, and the Department of National Defence.
• The Communications Security Establishment (CSE) is committed to pursuing the objectives of equity and inclusion. Building an equitable, diverse, and inclusive environment at CSE is essential and is part of its obligation to Canadians.
• As a security and intelligence organization, promoting diversity at CSE allows the workplace to integrate broad perspectives, experiences, and worldviews into its operations. As a result, individuals can pursue CSE’s mission in a nurturing and welcoming environment.
• Working with equity-deserving groups both inside and outside of CSE on the promotion of equity, diversity and inclusion will enable CSE to evolve its processes, operations and policies in a manner that serves all Canadians effectively.
• In effort of working towards reconciliation, CSE continues to participate in the Government of Canada’s IT Apprenticeship Program for Indigenous Peoples, a program that matches First Nations, Inuit and Métis candidates to help them build the skills they need for an IT career in the federal public service.

CSE 2022-23 Annual Report

2. What are the key takeaways from CSE’s annual report?

• From 2022 to 2023, CSE produced over 3,000 foreign intelligence reports to alert and inform the Government of Canada about foreign-based threats and global events affecting Canada.
• From 2022 to 2023, CSE’s Cyber Centre responded to 2,089 cyber security incidents affecting federal institutions (957) and critical infrastructure partners (1,132).
• In 2022, CSE received 4 Ministerial Authorizations to carry out foreign cyber operations.
• In 2022, CSE’s Cyber Centre published a new National Cyber Threat Assessment which identifies key trends in the cyber threat landscape.
• CSE’s automated defences protected the Government of Canada from 2.3 trillion malicious actions, an average of 6.3 billion a day.
• CSE’s 2022 to 2023 total budget was $948 million and consists of 3,232 full-time, permanent employees.

Canadian Centre for Cyber Security (Cyber Centre)

3. What is the mandate of the Canadian Centre for Cyber Security?

• Defend Government of Canada networks and designated systems of importance.
• Advise and assist other levels of government and the operators of Canada’s critical infrastructure, such as banks, telecommunications companies and other companies that are essential for the functioning of our society and economy.
• Offer simple and effective tips that all Canadians can use to help keep themselves safer online.
• The Cyber Centre raises Canada’s collective cyber security bar so Canadians can live and work online safely and with confidence.
• CSE works closely with:
  • Federal government departments
  • Provinces, territories, and municipalities
  • Critical infrastructure
  • Canadian businesses
  • Academics
  • International partners

National Cyber Threat Assessment Report

4. What is the National Cyber Threat Assessment report? What information does it include?

• Every two years, the Cyber Centre publishes an unclassified threat report outlining the greatest cyber threats that Canadians are likely to face in the coming years.
• The key judgements in this report are based on reporting from multiple sources, including classified and unclassified information. The judgements are based on the Cyber Centre’s knowledge and expertise in cyber security and informed by CSE’s foreign intelligence mandate, which provides us with valuable insights on cyber threat activity around the world.
• The National Cyber Threat Assessment highlights four key observations: 
  • First, cybercrime is the most likely threat to impact Canadians now and in the years ahead.
  • Second, cybercriminals often succeed in their work because they exploit human and social behaviours. 
  • Third, ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers; and 
  • Finally, while cybercrime is the main threat, state-sponsored cyber programs of China, Russia, North Korea, and Iran pose a strategic threat to Canada.  

5. What are the primary concerns and observations made in the report?

• On October 28, 2022, CSE released its National Cyber Threat Assessment 2023-24 which provides an overview of five key cyber threat trends that are the most dynamic and impactful and that will continue to drive cyber threat activity to 2024:
• First, ransomware is a persistent threat to Canadian organizations. 
• Second, critical infrastructure is increasingly at risk from cyber threat activity.
• Third, State-sponsored cyber threat activity is impacting Canadians.
• Fourth, cyber threat actors are attempting to influence Canadians and degrade trust in online spaces; and
• Finally, disruptive technologies bring new opportunities and new threats.

6. The National Cyber Threat Assessment points to state-sponsored activities of China and Russia, as well as a few other countries, specifically. What is CSE doing to protect Government of Canada networks from these threats?

• CSE is the primary centralized voice and resource for senior leadership in Government on cyber security operational matters, including incident management, situation awareness, and technical advice and guidance.
• CSE defends Government of Canada cyber systems and respond to significant cyber security threats and incidents to reduce and mitigate harm to the Federal Government.
• CSE is a central resource for Government of Canada departments in support of their roles within their sectors. 
• CSE will also use this funding to contribute to Canada’s Middle East Strategy which supports security and stabilization efforts, development assistance and diplomatic engagement for Iraq, Syria, Lebanon and Jordan. CSE provides foreign intelligence support to the CAF mission.

Cyber Security

7. What support has CSE provided in response to recent cyberattacks?

• The Communications Security Establishment (CSE) continues to monitor the cyber threat environment, including cyber threat activity directed at critical infrastructure networks.
• CSE’s Cyber Centre has alerted Canadian critical infrastructure operators to evolving cyber threats to help make them aware of the risks. The Cyber Centre has also provided expert advice and tailored mitigation tips against cyber threat activity, for example the Ransomware playbook and Security considerations for critical infrastructure.  
• The Government of Canada has systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur. These systems and tools allow the Cyber Centre to share real-time threat information with critical infrastructure stakeholders.
• Another way that the Cyber Centre contributes to improving the cyber security ecosystem is by releasing some of its cyber defence tools to the open-source community, such as Assembly Line which is a malware detection and analysis tool.
• If Canadian companies have been impacted by any cyber threats, they are urged to contact CSE’s Cyber Centre.
• The Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) have received reports of several distributed denial of service campaigns, also known as DDoS attacks, targeting the Government, provinces and territories, as well as the financial and transportation sectors.
• On Friday, September 15, 2023, the Canadian Centre for Cyber Security (Cyber Centre) published a statement and a cyber alert on Cyber.gc.ca warning Canadians of several distributed denial of service (DDoS) campaigns targeting the Government of Canada, provinces and territories, as well as the financial and transportation sectors.
• The Government of Canada has systems and tools in place to monitor, detect and investigate potential threats, and takes active measures as required. CSE continues to work with its cyber security partners to ensure the Government’s networks and infrastructure are well defended against cyber threats.

Cyber Operations

8. Does CSE conduct foreign cyber operations?

• CSE may use active and defensive cyber operations to defend Canada or take online action against foreign cyber threats.
• This authority can also be used to defend systems designated by the Minister of National Defence as being of importance to the Government of Canada, such as:
  • Energy grids
  • Telecommunications networks
  • Healthcare databases
  • Banking systems
  • Elections infrastructure
• Defensive and active cyber operations must be authorized by the Minister of National Defence Cyber operations must not:
  • Target Canadians or anyone in Canada
  • Interfere with the course of justice
  • Interfere with the course of democracy
  • Cause death or bodily harm, either deliberately or by criminal negligence

Foreign Interference

9. Can you confirm there was foreign interference in the 2019 election?

• We are aware of the persistent threat of foreign interference.
• Throughout the federal election, the Security and Intelligence Threats to Elections (SITE) Task Force actively monitored the situation for signs of foreign interference.
• A Panel of non-partisan senior civil servants administered the Critical Election Incident Public Protocol, which includes a mandate during the caretaker period to inform the public if an incident or series of events occurred that threatened Canada’s ability to hold a free and fair election
• The Government of Canada did not detect foreign interference that threatened Canada’s ability to have a free and fair election, and that warranted public communication, as determined by the Panel under the Critical Election Incident Public Protocol.
• In the lead up to Canada’s 2021 federal election, CSE had defensive cyber operations authorities in place to protect the electronic infrastructure used by Elections Canada.
• Had there been malicious cyber activity targeting the election process, CSE would have been ready to act on it right away.

10. Why didn’t CSE and the Canadian Centre for Cyber Security help political parties during the 2019 and 2021 election?

• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference and disinformation, regardless of the source.
• CSE’s Cyber Centre works with the House of Commons (HoC) to protect HoC devices, systems and information, including those of MPs.
• In advance of the 2019 General Election, CSE and the Cyber Centre made the decision to offer cabinet ministers a 24/7 cyber hotline service, providing centralized support in the event they suspected their ministerial, parliamentary, or personal communications, e-mail or social media accounts were compromised.
• The hotline provided a 24/7 priority service in the case of a cyber incident and is still operational today.
• The Cyber Centre reached out to all registered federal political parties to determine their top-of-mind cyber security concerns. Based on that feedback, we offered guidance and threat briefings to meet those priorities.
• CSE will continue to actively work to ensure the protection of all Canadians, including MPs.

11. Why were Canadians not informed of this Chinese foreign interference? Did it not meet the threshold?

• We had advised the critical election incident protocol panel of the information, and it is their decision in terms of whether or not information meets the threshold make a public statement.

12. What threats are there to our elections from a foreign interference lens? What has CSE done to guard against this?

• CSE has provided an unclassified assessment of cyber threats to Canada’s democratic process in 2017, 2019, and 2021. Within each assessment, foreign interference is included as a key threat to Canada’s elections.
• In the lead up to and during the 2021 Federal Election, CSE worked with partners at the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the RCMP as the Security and Intelligence Threats to Elections Task Force (SITE).
• CSE’s role in SITE was to monitor for foreign threats and interference with electoral processes in Canada.
• If CSE were to become aware of a cyber threat, including those directed at a provincial electoral process, we would take appropriate action to address the threat.

13. Are you aware of foreign cyber threat activities targeting Canadian democratic institutions or processes?

• In CSE’s most recent report on Cyber Threats to Canada’s Democratic Process, we have assessed that state-sponsored actors with ties to Russia, China, and Iran are responsible for the majority of cyber threat activity against democratic processes worldwide.
• For example, state-sponsored actors have promoted content and messaging related to QAnon for the purpose of reaching voters in the US.
• These reports are intended to raise awareness and draw further attention to known state-sponsored cyber threat activity, including the tactics, techniques and procedures used to target Canada’s democratic processes.

14. Are Chinese or Russian state-sponsored actors attempting to disrupt Canadian democratic institutions or processes?

• CSE has assessed that both China and Russia, along with Iran, are responsible for the majority of cyber threat activity against democratic processes worldwide.
• Since 2015, over 90 percent of the cyber threat activity against democratic processes we observed by Russia, China and Iran targeted states and regions of strategic significance to them. 
• State-sponsored actors such as these, have taken advantage of domestic groups and movements in other countries and used the messages and reach of these domestic groups to better influence voters.
• Adopting cybersecurity best practices goes a long way to offsetting risks of exploitation by any cyber threat actor.

15. The National Cyber Threat Assessment points to state-sponsored activities of China and Russia, as well as a few other countries, specifically. What is CSE doing to protect Government of Canada networks from these threats?

• CSE is the primary centralized voice and resource for senior leadership in Government on cyber security operational matters, including incident management, situational awareness, and technical advice and guidance.
• CSE defends Government of Canada cyber systems and respond to significant cyber security threats and incidents to reduce and mitigate harm to the Federal Government.
• CSE is a central resource for Government of Canada departments in support of their roles within their sectors.

Russia and China

16. Are Chinese or Russian state-sponsored actors attempting to disrupt Canadian critical infrastructure?

• CSE has assessed that the state-sponsored programs of China, Russia, Iran, and North Korea pose the greatest strategic cyber threat to Canada.
• CSE has also assessed that it’s very likely that state-sponsored actors are attempting to develop capabilities that could disrupt critical infrastructure, such as the supply of electricity. The Cyber Centre published a cyber threat bulletin on the cyber threat to Canada’s electricity sector in 2020.
• These actors may also continue to target our critical infrastructure to collect information, position for future activity or attempt to intimidate Canadians.
• But CSE assesses it is unlikely that actors will use cyber activities to disrupt or harm critical infrastructure outside conflict scenarios.
• Adopting cybersecurity best practices goes a long way to offsetting risks of exploitation by any cyber threat actor.

17. The National Cyber Threat Assessment points to state-sponsored activities of China and Russia, as well as a few other countries, specifically. What is CSE doing to protect Government of Canada networks from these threats?

• CSE is the primary centralized voice and resource for senior leadership in Government on cyber security operational matters, including incident management, situational awareness, and technical advice and guidance.
• CSE defends Government of Canada cyber systems and respond to significant cyber security threats and incidents to reduce and mitigate harm to the Federal Government.
• CSE is a central resource for Government of Canada departments in support of their roles within their sectors. 

18. What is CSE doing in relation to the Russian Invasion of Ukraine and Russian Cyber Threats to Canada

• In light of Russia’s ongoing, unjustified military actions in Ukraine, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (the Cyber Centre) strongly encourage all Canadian organizations to take immediate action and bolster their online cyber defences.
• While we can’t speak to CSE’s specific operations, we can confirm that it has been tracking cyber threat activity and has the tools in place to monitor, detect, and investigate potential threats, and to take active measures to address them.
• CSE’s Cyber Centre continues to engage directly with Canada’s critical infrastructure operators to ensure they are aware of any evolving threats.
• CSE’s Cyber Centre issues alerts, advisories and events to raise the awareness of Canadians. For example:
  • CSE urges the Canadian cyber security community to adopt a heightened state of vigilance after one-year mark of Russia’s full-scale invasion of Ukraine
  • Joint cyber security advisory on Russian state-sponsored and criminal cyber threats to critical infrastructure

19. What has CSE done in relation to Russian disinformation campaigns?

• Based on its intelligence reporting, CSE has observed numerous Russian-backed disinformation campaigns online designed to support their actions.
• CSE observed coordinated efforts by Russia to create and spread disinformation. For example, controlled media outlets were directed to include doctored images of Canadian Forces Members on the front line and false claims about Canadian forces committing war crimes.
• CSE shared this information on social media as part of the Government of Canada’s efforts to help inform Canadians on how to help stop the spread and protect themselves from disinformation.
• CSE continues to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.

Threats to Critical Infrastructures

20. How is CSE protecting our critical Infrastructure?

• CSE continues to monitor the cyber threat environment, including cyber threat activity directed at critical infrastructure networks.
• CSE’s Cyber Centre has, and continues to share, cyber threat information with Canadian critical infrastructure operators so they are aware of the risks and threats. This information includes providing them with expert advice to mitigate against known Russian-backed cyber threat activity, in addition to other state and non-state cyber threats.
• The Cyber Centre has issued unclassified cyber security threat bulletins, such as a Reminder to Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity. We have also published helping advice and guidance documents such as the recent Top 10 IT security action bulletin or the Foundational cyber security actions for small organizations, reminding Canadian critical infrastructure operators and defenders to be aware of the risks and take necessary mitigations.
• Publishing cyber threat assessments, such as the cyber threat to Canada’s oil and gas sector report and offering tailored briefings to industry leaders and IT professionals.

21. How does CSE contribute to a secure Government of Canada cloud infrastructure?

• As noted in our 2021-2022 Annual Report, CSE continues to act as a pathfinder for the Government of Canada in migrating to the cloud.
• CSE was the first department to securely implement several commercial cloud applications, securing them with our cloud-based sensors and sharing the lessons learned with other departments.
• Over the past year, CSE has continued to shift workloads, services, tools, and applications to the cloud.
• This shift allows CSE to deploy new cyber defence tools more quickly and allows our employees to work and collaborate more easily.
• The Cyber Centre uses autonomous sensors to detect malicious cyber activity on government networks, systems, and cloud infrastructure. CSE uses three types of sensors:
  • network-based sensors
  • cloud-based sensors
  • host-based sensors
• These sensors securely gather system data and feed it back to the Cyber Centre for analysis. Some critical infrastructure partners, including provinces and territories, also send us technical data from system security logs. This helps us protect them and improves our analytics for the Government of Canada and other partners.

22. Is CSE spying on Canadians’ information contained in the Cloud?

• To be clear, CSE is not permitted to target Canadians or persons in Canada in our intelligence gathering.
• CSE strives to be as transparent as possible so that Canadians can be confident that we respect the law and protect their privacy.
• CSE and the Cyber Centre’s defensive tools are working continuously with strict privacy controls in place.
• We work with our federal partners to ensure the appropriate safeguards have been applied to ensure security and privacy of their information that are hosted in the cloud.

23. Why is the Cloud infrastructure important for the Government of Canada?

• Government of Canada organizations are increasingly leveraging cloud computing which has the potential to deliver agile, flexible, and cost-effective IT services.

24. To your knowledge, where do most of the cyber attacks or attempted attacks against Canada, originate from?

• “Cyber attacks” can originate from anywhere in the world. Where they originate doesn’t necessarily represent who is carrying out the activity.
• Cyber attacks can originate from anywhere in the world and wherever they’re originated from doesn’t necessarily represent where they are coming from.
• In our National Cyber Threat Assessment, CSE identified that the state-sponsored programs of China, Russia, North Korea, and Iran pose the greatest strategic cyber threat to Canada.
• Cybercrime is still the number one cyber threat activity affecting Canadians.

25. What has CSE done specifically to reduce the risks that Canadian research and development efforts could be compromised, specific points about what CSE is doing with Canadian universities, government science and research labs, and the private sector?

• CSE, in collaboration with CSIS, continues to engage with all these entities to provide broad and tailored unclassified threat briefings. CSE, through the Cyber Centre, has published practical steps organizations can proactively take to protect themselves. These publications are all available online. This is in addition to alerts and advisories published regularly to draw attention to security vulnerabilities or issues, such as the recent Cyber Alerts on state-sponsored actors and Russian intelligence malware. 
• Further, when CSE sees malign foreign cyber activities, the Cyber Centre works with its security and intelligence partners to alert the victims and assist with recovery.
• In certain instance CSE will also work government partners and allies to publicly attribute malicious cyber threat activity. 
• More recently, CSE has been working with ISED to assess the cyber security posture for recipients of strategic innovation funds, but it is important to note that all of the advice and guidance is publicly available for all Canadian organizations.

26. Does CSE need more resources?

• The global cyber security threat landscape is rapidly evolving. Cyber incidents, including significant critical infrastructure incidents, are increasing in number and sophistication.
• In Budget 2022, the Government of Canada made a significant investment in CSE with the announcement of $852.7M over 5 years, and $218.3M ongoing starting in 2027-28.
• With continued investment, CSE, and its security and intelligence partners, can help reduce the threat, strengthen our cyber defenses by raising the bar, and responding to and recovering from (fewer) incidents.
• CSE continues to use all the resources at its disposal to protect Canadians as the threats Canada faces continue to evolve.

27. Will the TBS-directed cuts will have any impact on CSE's operations?

• There are no cuts to CSE's 2023-2024 operating budget; however, we are currently examining the years ahead to meet the spending reductions outlined by TBS, which will include the reduction totals of $20M by 2026-2027 and will become permanent.
• CSE is well funded as a result of funding from Budget 2022 and we continue to maximize our resources and funds to meet our operational requirements and defend the Government of Canada.

Bill C-26

28. How will Bill C-26 strengthen government-industry collaboration?

• When it comes to strengthening cyber security, the interests of governments and industry are very much aligned.
• Through engagements such as this, government and industry are already working together to build resilience against cyber threats and protect our critical infrastructure.
• But there is more that can be done, building on our collaborative efforts and successes, and finding new ways to strengthen our partnerships. 
• This proposed legislation is intended to strengthen collaboration and cyber threat information sharing between the private sector and government.
• By improving the Government’s visibility into cyber threats and vulnerabilities targeting critical infrastructure, we can in turn, disseminate guidance and advice, sharing valuable information about threats and compromises, with CI sectors and operators.

29. The energy sector already has extensive regulatory requirements for cyber security (e.g. NERC CIP standards, CSA standards, regulations), how will CCSPA avoid duplication with these requirements?

• The CCSPA relies on regulations for implementing the Act, and will provide added specificity to the legislation to ensure harmonization and avoid overlap and duplication across sectors and jurisdictions.
• The legislation was intentionally drafted to allow for consultations with government and industry stakeholders, as this was deemed crucial in developing a regulatory regime.
• After Royal Assent, the Government will take a pragmatic, active and engaged partnership approach, consulting with governments and industry on the regulations necessary for implementing the CCSPA. 
• We will work with industry and regulators to examine ways to reduce regulatory duplication and consider the cumulative impacts of regulations on industry stakeholders.
• Existing regulatory frameworks, standards and best practices will be considered during regulation development to avoid duplication for jurisdictions and sectors that already have cyber regulations and standards in place.

30. Why is mandatory reporting under CCSPA required? Why not continue to build on the relationships built through a voluntary approach (e.g., Lighthouse, Blue Flame)?

• The new requirement for designated operators to report cyber incidents would provide the Government with invaluable insight into the cyber threat landscape in Canada. In turn, increased information sharing about threats will allow industry to take appropriate action to better protect their critical infrastructure.  
• Information received through mandatory incident reporting would be analyzed by CSE’s Cyber Centre and could be aggregated with other reports and information to:
  • provide designated operators with technical advice and guidance to respond to and recover from cyber incidents;
  • warn, without delay, other energy sector operators; and
  • inform Canadians of cyber security risks and trends, without disclosing confidential information.

• The form and manner for reporting cyber incidents, including thresholds, report contents and timelines will be determined in regulations in consultation with industry.
• Most importantly, for CCSPA to achieve its objective, it is imperative that incident reporting come into the CSE’s Cyber Centre because it is uniquely positioned to assess this reporting against its classified and unclassified data and provide technical advice and guidance to Canadians and Canadian businesses.

31. How are you engaging with provincial and territorial partners for CCSPA given FPT jurisdiction in the energy sector?

• The introduction of the CCSPA presents a great opportunity to demonstrate Government leadership towards national reach on cyber security.
• The Government is working closely with provinces and territories to discuss how to better protect Canada’s cyber systems through a comprehensive, collaborative Canadian cyber security protection framework.
• Importantly, this legislation can serve as a model for provinces, territories, and municipalities to help secure critical infrastructure outside federal jurisdiction.
• The CCSPA will complement existing provincial cyber security legislation and regulations to ensure alignment and harmonization, and avoid overlap and duplication, wherever possible.
• We will continue to engage with governments and industry throughout the legislative and regulatory process to ensure a fulsome approach to the implementation of the CCSPA, and one which will take into account shared responsibilities across jurisdictions in the energy sector.

32. What is the role of the Critical Cyber Systems Protection Act (CCSPA)?

• The Critical Cyber Systems Protection Act (CCSPA) provides a cyber security framework to critical infrastructure under federal jurisdiction.
• The CCSP would provide the Government of Canada with the authority to compel action to prevent compromise, or to minimize the impact of a compromise through the issuance of a cyber security direction (CSD). To Note: This authority is expected to be used only as a measure of last resort.

33. What obligations could be enforced on operators to protect critical cyber systems?

• CCSPA could create enforceable obligations for operators to protect cyber systems that underpin vital services and systems, including to
• Develop and implement a cyber security program (CSP) for their critical cyber systems within 90 days of being added to the schedule.
• Take steps to mitigate cyber security risks associated with supply chain and third-party products and services, and
• Report cyber security incidents to CSE and notify the appropriate regulator.

Baseline Cyber Threat Assessment: Cybercrime

34. What is the Baseline Cyber Threat Assessment on Cybercrime?

• This Baseline Cyber Threat Assessment report on Cybercrime builds on the assessments the Cyber Centre shared in the National Cyber Threat Assessment (NCTA) and is intended to inform cybersecurity professionals and the public about the threat to Canada and Canadians posed by global cybercrime.
• The assessment covers cybercrime’s early history, the development of the most significant cybercrime TTPs, and the current nature of the global cybercrime threat and its implications for Canada.
• The judgements in this assessment are based on the Canadian Centre for Cyber Security’s (Cyber Centre) knowledge and expertise in cyber security and further supported by input from the Royal Canadian Mounted Police (RCMP).

35. What were the key judgements from the assessment?

• The assessment looks at the strategic threat to Canada posed by the global cybercrime market.
• The key judgements of the assessment are:
  • Ransomware is almost certainly the most disruptive form of cybercrime facing Canada because it is pervasive and can have a serious impact on an organization’s ability to function.
  • CSE assess that organized cybercrime will very likely pose a threat to Canada’s national security and economic prosperity over the next two years.
  • Over the next two years, financially motivated cybercriminals will almost certainly continue to target high-value organizations in critical infrastructure sectors in Canada and around the world.
  • Russia and, to a lesser extent, Iran very likely act as cybercrime safe havens from which cybercriminals based within their borders can operate against Western targets.
  • We assess that Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals and allow them to operate with near impunity.

36. How is CSE responding the threats outlined in the assessment?

• This Baseline assessment is meant to give Canadians an accurate picture of the current threat of cybercrime in Canada. We all benefit greatly from living in one of the most Internet-connected nations in the world, and the risks identified in this report can be mitigated.
• The Cyber Centre takes the threat of cybercrime to Canadians and Canadian organizations very seriously. We continue to publish alerts to warn about active campaigns, as well as reports and guidance to raise awareness.
  • In July 2023, the Cyber Centre published an alert about ALPHV/BlackCat ransomware targeting Canadian industries. The Cyber Centre has also published joint cyber security advisories warning Canadians about Truebot malware and LockBit ransomware.
• The Cyber Centre also provides tailored advice and guidance products available on their website. If an organization believes they have been a victim of cybercrime or if they wish to receive additional supports to mitigate potential threats, they are invited to reach out to the Cyber Centre at any time – collaboration is key as we work to minimize the impacts of cybercrime in Canada.
• The Communications Security Establishment (CSE) operates within strict internal and external mechanisms to ensure its activities comply with the law and protect the privacy of Canadians and people in Canada.
• CSE is committed to being as open and transparent as possible, while still protecting classified matters of national security.
• CSE and its Canadian Centre for Cyber Security (Cyber Centre) publish numerous publications on their websites to enhance transparency and share information with Canadians.
• Some of those key publications include CSE's Annual Report, the National Cyber Threat Assessment (NCTA), Threats to Democratic Institutions Report (TDP), as well as various cyber threat alerts.
• In addition, in 2019, the government enhanced the review and oversight of CSE, as well as the broader security and intelligence community, following the Royal Assent of Bill C-59, The National Security Act.
• CSE is subject to ongoing review by two independent external review bodies:
• the National Security and Intelligence Review Agency (NSIRA); and
• the National Security and Intelligence Committee of Parliamentarians (NSICOP).
• Based on their distinct mandates, both NSIRA and NSICOP are responsible for reviewing Government of Canada national security and intelligence activities. Whereas NSIRA consists of Governor-in-Council appointees, NSICOP consists of members of Parliament and Senate.

Accountability, Review and Oversight Of CSE Activities

• Together the two organizations help ensure CSE and other members of the security and intelligence community are held accountable for their national security and intelligence activities.
• Through the publication of reports, NSIRA and NSICOP also increase transparency for Canadians on the activities of the security and intelligence community.
• To support their reviews, CSE provides both NSICOP and NSIRA with extensive access to information, documents, records, and subject matter experts.
• In addition to NSIRA and NSICOP, the Intelligence Commissioner (IC) provides oversight by approving authorizations for certain CSE and CSIS activities prior to their execution.
• Similar to review bodies, the Intelligence Commissioner prepares annual public reports that allows Canadians to have a better understanding of the activities CSE and CSIS undertake.
• CSE values independent, external review and oversight of their activities, and remains committed to a positive and ongoing dialogue with these important institutions.

Quick Facts

• This year, CSE’s internal compliance team conducted:
  • annual compliance knowledge accreditation
  • compliance incident handling
  • systematic operational monitoring
  • compliance outreach and education
  • annual compliance training
  • knowledge testing
  • routine monitoring
  • engagement initiatives

• CSE submitted a total of 6 Ministerial Authorizations to the IC in FY 2022-23:
  • 3 Foreign Intelligence Authorizations
  • 3 Cybersecurity Authorizations

• In 2022, the IC fully approved 4 of the 6 Authorizations. The IC partially approved 1 Cybersecurity Authorization. In this case, the Intelligence Commissioner approved the authorization with the exception of one activity, concluding that there was not enough information to establish whether the activity was covered by the CSE Act.
• CSE External Review bodies statistics in FY 2022-23:
  •  CSE contributed to 22 external reviews:
  • 17 by NSIRA
  • 4 by NSICOP
  • 1 by the Independent Special Rapporteur
  • CSE held 52 briefings, meetings or interviews with review staff
  • CSE responded to 502 questions from our review bodies

• CSE answered 89% of questions submitted by NSICOP and NSIRA by the requested due date.

• This year, CSE’s transparency activities included:
  • 4 public reports
  • 4 proactive disclosures
  • 11 parliamentary appearances
  • 14 media interviews
  • 34 Open Government releases
  • 53 Access to Information responses
  • multiple speeches, conferences and public events

Mandate Letter

• A safe and secure cyber space is critical for the security, stability and prosperity of Canada.
• We know that the global cyber security threat landscape is rapidly evolving. Cyber incidents, including significant critical infrastructure incidents, are increasing in number and sophistication.
• The Government of Canada is equipped with the appropriate tools to respond to the challenge. There is a clear gap, particularly when it comes to this demand versus the resources we have available to respond to these challenges.
• That is why in the Minister’s mandate letter the Prime Minister specifically included three cyber related priorities to respond to the evolving threat environment. One of these priorities was ensuring that the Communications Security Establishment (CSE) is in a position to lead the national response to rapidly evolving cyber risks and threats, including through adequate resources.
• Every day, CSE uses its sophisticated cyber capabilities to identify and defend against threats to Canada’s information systems and networks.
• However, the number of incidents CSE is being called on to support and help recover from is increasing in frequency, severity and sophistication.
• To help address this growing challenge, CSE is working with Public Safety as well as other departments on a series of immediate policy and legislative initiatives to prevent cyberattacks, raise the bar for resilience, and manage current incidents.
• This work will also be done in close cooperation with our international allies.
• With adequate resources, CSE can reduce the threat, strengthen our cyber defences by raising the bar, and responding to and recovering from (fewer) incidents.
• The Minister was also tasked with working with the Minister of Public Safety, the Minister of Foreign Affairs, and the Minister of Innovation, Science and Industry, and other implicated ministers on the renewal of the National Cyber Security Strategy.
• The renewed strategy will outline Canada's long-term plan to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.
• As outlined in the Minister’s mandate letter we will also work to continue to advance the National Cyber Security Action Plan.
• This will help ensure that Canada is well positioned to address urgent and pressing cyber risks, and to ensure the security and integrity of Canada’s critical systems.
• For over 75 years, the CSE has been Canada’s national signals intelligence agency for foreign intelligence and the technical authority for cyber security and information assurance.
• CSE’s foreign signals intelligence program provides Canada’s senior decision-makers with insights into the activities, motivations, capabilities, and intentions of foreign adversaries, and the international readiness and foreign reactions to a variety of diverse global events.
• CSE’s sophisticated cyber and technical expertise helps identify, prepare for, and defend against the most severe and persistent cyber threats against Canada’s computer networks and systems.

CSE’s Mandate

• The Communications Security Establishment Act (the CSE Act) sets out five aspects CSE’s mandate:
  • cyber security and information assurance;
  • foreign intelligence;
  • defensive cyber operations;
  • active cyber operations;
  • and technical and operation assistance.

We use our technical expertise in all five aspects of our mandate. We do so to keep Canadians safe and secure.

Cyber Threat Environment

• As outlined in the National Cyber Threat Assessment report (NCTA 2020), over the last two years the number of cyber threat actors is rising, and they are becoming more sophisticated.
• Cybercrime continues to be the cyber threat that is most likely to affect Canadians and Canadian organizations, and CSE’s Cyber Centre judges that ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers.
• Ransomware is the most common cyber threat Canadian’s face, and it is on the rise.
• The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.

Mandate Letter Commitment Tracking

• CSE's ability to meet its mandate commitment to lead Canada’s response to rapidly evolving cyber risks and threats is likely to be affected by decisions made under upcoming initiatives, particularly the Defense Policy Review and the renewal of the National Cyber Security Strategy (NCSS), including funding granted by Treasury Board and Cabinet.
• Additional risks include the uncertainty associated with the rapidly changing cyber threat landscape and CSE's ability to recruit talent to meet the additional responsibilities imposed by these initiatives.
• CSE has undertaken several initiatives to attract talent such as: awareness campaigns to highlight its work and supporting the growing need for cyber and technology skills across Canada.
• CSE also maintains strong lines of communication with Treasury Board and Cabinet to ensure that funding is on track.

Specific Cyber Mentions in MND’s Mandate Letter

• Oversee the Communications Security Establishment to ensure that they are in a position to lead Canada’s response to rapidly evolving cyber risks and threats, including through adequate resources and close cooperation with our allies.
• Work with the Minister of Public Safety, the Minister of Foreign Affairs, and the Minister of Innovation, Science and Industry, and in collaboration with implicated ministers, to develop and implement a renewed National Cyber Security Strategy, which will articulate Canada's long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.
• Working with the Minister of Public Safety, Minister of Justice and Attorney General of Canada and Minister of Innovation, Science and Industry, and with the support of the Minister of Foreign Affairs, continue to advance the National Cyber Security Action Plan, ensuring Canada is well positioned to adapt to and combat cyber risks, and ensure the security and integrity of Canada’s critical systems.

Foreign Interference and the Democratic Process

• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference, regardless of the source.
• In the lead up to and during the 2021 Federal Election, the Communications Security Establishment (CSE), the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the Royal Canadian Mounted Police (RCMP) worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
• CSE’s Cyber Centre also worked with Elections Canada to help secure election systems and infrastructure.
• Our security and intelligence agencies coordinated integrated government efforts by raising awareness, monitoring, and reporting on threats, and providing advice to protect our democracy.
• CSE’s 2023-24 National Cyber Threat Assessment (NCTA) highlights how online foreign influence activities have become a new normal with adversaries seeking to influence elections and impact international discourse related to current events.
• SITE Task Force partners will continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
• While Canada’s democratic institutions and processes are strong and resilient, CSE continues to actively work to ensure their continued protection.

Reviews of Foreign Interference

• In March 2023, the Prime Minister announced measures to strengthen trust in Canada’s democracy.
• This included requesting NSICOP and NSIRA to review the impact of foreign interference in the 2019 and 2021 federal elections, and how Canada’s national security agencies handled the threat. NSIRA and NSICOP launched their reviews in March, with CSE receiving the first requests for information in April.
• The Prime Minister appointed an Independent Special Rapporteur (ISR) on Foreign Interference who published the first report and interim recommendations on May 23, 2023.
• The report:
  • Reaffirmed that the 2019 and 2021 federal elections were free and fair.
  • Acknowledges that foreign interference is a serious threat and makes recommendations to detect, deter, and counter it.
  • Found that there are shortcomings in the way intelligence is communicated and processed from security agencies through to government.
  • Concluded that a further public process is required to address issues relating to foreign interference, but there should not and need not be a separate Public Inquiry.
• CSE welcomes these external reviews into foreign interference in Canada’s elections and will continue to support them and Parliament moving forward.

Top Cybersecurity Points

• Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
• Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
• CSE’s Canadian Centre for Cyber Security (Cyber Centre) uses sensors to detect malicious cyber activity on government networks, systems and cloud infrastructure; and networks, systems and electronic infrastructures of importance to the Government of Canada.
• This year, CSE’s automated defences protected the Government of Canada from 2.3 trillion malicious actions, an average of 6.3 billion a day.
• It is critical that Canada has strong cyber defence capabilities as recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, this was outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Cyber security matters to all of us, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
• If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email at cyberincident@cyber.gc.ca or visit Incident Management.
• CSE utilizes its mandate to reduce the impact of cybercrime on Canadian businesses, organizations, and individuals.
• Ongoing efforts include:
  • collecting intelligence on cybercrime groups
  • enhancing cyber defences to protect critical systems against cybercrime threats
  • advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
  • using active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups.
• In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
  • target Canadians, Canadian businesses and institutions
  • launch ransomware attacks
  • solicit, buy and sell cybercrime goods and services
• These operations imposed costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.
• Potential adversaries are leveraging and developing cyber capabilities in order to exploit vulnerabilities in our cyber systems.
• The CSE Act allows the Communications Security Establishment (CSE) to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.
• CSE employs sophisticated cyber tools and technical expertise to help identify, prepare for, and defend against cyber threats, as well as to impose costs on malign actors that seek to harm Canada’s information systems, networks, businesses, and institutions.
• CSE’s Canadian Centre for Cyber Security (the Cyber Centre) is Canada’s authority on cyber security. As a unified source of expert advice and guidance, CSE’s Cyber Centre leads the Government’s operational response to cyber incidents. The Cyber Centre also collaborates with the rest of government, the private sector and academia to strengthen Canada’s cyber resilience.
• Cyber operations capabilities are also a key element of military and state power, needed to deter and defeat external threats to Canada in times of peace and conflict.
• CSE and the Canadian Armed Forces (CAF) continue to work with domestic and international partners to support and build a stable cyberspace built on the respect for international law and the norms of responsible state behaviour in cyberspace.

Cyber Capabilities

• The CAF contributes to international peace and security through cyber threat intelligence sharing with Allies and partners, and through the conduct of full spectrum cyber operations as authorized by the Government of Canada.
• Specifically, the CAF relies on the force multiplier effects of technology enabled communications, intelligence, and weapon systems, all of which must be secured and defended from cyber threats.

Quick Facts

The CSE Act sets out five aspects of CSE’s mandate, which contributes to the lines of operations above. This includes:

• Cybersecurity and information assurance
• Foreign intelligence
• Defensive cyber operations
• Active cyber operations; and
• Technical and operational assistance

CSE may use defensive cyber operations to defend Canada against foreign cyber threats by taking online action. For example, CSE could prevent cyber criminals from stealing information from a Government of Canada network by disabling their foreign server. This authority can also be used to defend systems designated by the Minister of National Defence as being of importance to the Government of Canada, such as energy grids, telecommunications networks, healthcare databases, banking systems, and elections infrastructure.

Active cyber operations allow CSE to take online action to disrupt the capabilities of foreign threats to Canada, such as: foreign terrorist groups, foreign cyber criminals, hostile intelligence agencies, and state-sponsored hackers. Threats that CSE disrupts must relate to international affairs, defence or security.

CSE, supported by Global Affairs Canada and the CAF, has a proven track record that respects and reinforces Canada’s statement on international law and cyber norms.

CSE’s Canadian Centre for Cyber Security (the Cyber Centre) reminds the Canadian cybersecurity community, especially infrastructure network defenders, to be vigilant against sophisticated cyber threats.

Canadian Armed Forces Cyber Capabilities:

• Defensive cyber operations are employed to respond and/or counter a threat by an adversary in cyberspace, whereas offensive cyber operations are conducted to project power in, or through, cyberspace to achieve effects in support of military objectives.
• CSE and the CAF continue to develop and scale offensive and defensive cyber operations capabilities. This partnership enables Cyber operations and provides the Government of Canada flexibility in achieving strategic objectives.
• The Canadian Armed Forces holds the responsibility of safeguarding its military networks on a continuous basis, and actively cooperates with CSE and international partners to help protect joint critical networks among Allies and within NATO.

Background

CSE and its Canadian Centre for Cyber Security

• Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
• Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
• Recent geopolitical events have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment.
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
• If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email cyberincident@cyber.gc.ca or visit Incident Management.

Canadian Armed Forces and the Communications Security Establishment Cooperation:

• The Canadian Armed Forces and CSE have a long history of partnership in the development of highly technical and specialized capabilities that support Canadian Armed Forces operations.
• These activities are subject to CSE’s rigorous system of internal policies and procedures as well as independent oversight and review.
• Cooperation between the Canadian Armed Forces and CSE ensures the best use of tools and capabilities, reduces unnecessary duplication of efforts, leverages each other’s authorities, and improves the chances of meeting mission objectives.

Authorizations and Safeguards:

• Cyber operations undertaken in support of government objectives will be pursuant to the CSE Act, and the Crown Prerogative and the National Defence Act, and will be consistent with Canada’s international legal obligations. 
• CSE is prohibited by law from targeting the private information of Canadians or any person in Canada and must not infringe the Canadian Charter of Rights and Freedoms.
• Cyber operations conducted under CSE authorities require the Minister of National Defence to issue a Ministerial Authorization, which requires either consultation with the Minister of Foreign Affairs (for defensive cyber operations) or at the request of or with the consent of the Minister of Foreign Affairs (for active cyber operations).
• In conducting cyber operations, Canada recognizes the importance of adhering to international law and agreed norms of responsible state behaviour in cyberspace. Canada’s authorities and governance framework to conduct cyber operations is supported by a strong independent review process, as well as internal oversight for operational compliance.
• Foreign cyber operations are further subject to proven checks and balances such as rules of engagement, targeting and collateral damage assessments.

Offensive Cyber Operations:

• SSE committed the Canadian Armed Forces to assuming a more assertive posture in the cyber domain by hardening its defences, and by conducting offensive cyber operations against potential adversaries as part of government-authorized military missions.
• The CSE Act allows CSE to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.

Canadian Armed Forces Cyber Operator:

• SSE directed the creation of the Canadian Armed Forces Cyber Operator occupation. This trade includes both Reserve and Regular Force members who conduct both defensive and offensive cyber operations with the goal of supporting operational objectives and delivering tactical effects.

Cyber Mission Assurance Program:

• Strong, Secure, Engaged (SSE) directed the creation of the Cyber Mission Assurance Program. It is part of the cyber capability to protect critical military networks and equipment from cyber threats. Platforms like aircraft, ships, and vehicles are becoming increasingly dependent on cyberspace. The Cyber Mission Assurance Program ensures that cyber resilience is a primary consideration when new equipment is procured.
• Cyber threats pose unique challenges in projecting and sustaining military power. The changing global environment and the increasing dependence on cyberspace technologies demands a significant change in our culture. The introduction of cyber-resiliency mindset in all our activities is required for the CAF to maintain its competitive advantage. The Cyber Mission Assurance Program focuses on managing the risks associated with cyber threats, to improve resilience, and increase the probability of mission success.

Russian Invasion of Ukraine And Russian Cyber

• In light of Russia’s ongoing, unjustified military actions in Ukraine, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (the Cyber Centre) strongly encourage all Canadian organizations to take immediate action and bolster their online cyber defences.
• While I can’t speak to CSE’s specific operations, I can confirm that it has been tracking cyber threat activity and has been working with Ukraine to monitor, detect, and investigate potential threats and to take active measures to address them.
• CSE’s Cyber Centre continues to engage directly with Canada’s critical infrastructure operators to ensure they are aware of any evolving threats, such as Telesat.
• CSE, the Department of National Defence, and Shared Services Canada worked together with Telesat, a Canadian satellite communications company, to provide secure satellite service to Ukraine. The secure satellite system is able to facilitate telecommunications connectivity to Europe, Africa, the Americas, and the Atlantic Ocean region.
• An unfortunate outcome of the war has been the destruction, or degradation of key elements of the Ukrainian telecommunications infrastructure.
• As a result, key government and private-sector organizations lack the necessary telecommunications services that are essential for conducting business with both European and North American government and non-government partners.
• CSE’s valuable cyber threat intelligence has been shared with key partners in Ukraine. CSE also continues to work with Canadian Armed Forces (CAF) in support of Operation UNIFIER.

Threats to Canada

Operation UNIFIER

• On January 26th, 2022, the Government of Canada announced $340 million for immediate support to Ukraine and for the extension and expansion of Operation UNIFIER, Canada’s military training and capacity-building mission in Ukraine.
• As part of this commitment, DND and CAF will work with CSE on measures to support enhanced intelligence cooperation and cyber security.
• This increased support will help Ukraine strengthen its security and ability to defend itself against a range of threats.

Disinformation Campaigns

• Based on its intelligence reporting, CSE has observed numerous Russian-backed disinformation campaigns online designed to support their actions.
• CSE observed coordinated efforts by Russia to create and spread disinformation. For example, controlled media outlets were directed to include doctored images of Canadian Forces Members on the front line and false claims about Canadian forces committing war crimes.
• CSE shared this information on social media as part of the Government of Canada’s efforts to help inform Canadians on how to help stop the spread and protect themselves from disinformation.

CSE continues to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.

Ransomware

• Ransomware poses a threat to Canada’s national security and economic prosperity.
• Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key.
• Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
• Ransomware can incur significant costs, disrupt the operation of important systems, damage or destroy an organization’s data, and reveal sensitive information.
• A ransomware attack can prevent access to essential services and in some cases, threaten Canadians’ physical safety and wellbeing.
• The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
• In 2021, CSE shared a ransomware playbook for incident prevention and recovery, and an updated cyber threat bulletin. CSE also published, the 2023-2024 National Cyber Threat Assessment (NCTA) which highlights the cyber threats faced by individuals and organizations in Canada, including ransomware. 
• Although it remains a business decision, organizations should be aware that paying a ransom funds criminal enterprises. It also enables further malicious cyber activity and ultimately there is no guarantee that cybercriminals will return stolen information.

If pressed on any specific ransomware group and/or activities:

• CSE does not comment on specific cyber security incidents; however, they continue to provide advice and guidance to Canadians and Canadian organizations, if and when requested.
• CSE’s Canadian Centre for Cyber Security continues to monitor new forms of ransomware and vulnerabilities, and shares tips and threat information with partners across Canada to help mitigate risks.
• I encourage all victims to report cybercrime activities to local law enforcement and the RCMP. I would also encourage victims to report a cyber incident to CSE’s Canadian Centre for Cyber Security (Cyber Centre) so that they can help share threat-related information with partners to help keep Canada and Canadians safe online.

Quick Facts

• Malicious cyber activity poses an ongoing threat to Canada’s federal institutions and critical infrastructure. This includes criminal activity such as ransomware attacks, and state-sponsored activity for strategic gain. The Cyber Centre’s automated defences protect the Government of Canada from over 6 billion malicious actions a day. These include attempts to map systems and networks, to extract information or to deploy malware.
• As outlined in the 2023-24 NCTA, Cybercrime is the cyber threat Canadians are most likely to face.

Background

• Cybercrime is big business for cybercriminal organizations and has major impacts on Canada’s economic security.
• In the Cyber Centre’s National Cyber Threat Assessment (NCTA) 2023-24 unclassified threat report, they outlined how cybercrime continues to be cyber threat activity most likely to affect Canadians and Canadian organizations.
• CSE and the Cyber Centre uses the breadth of its mandate to reduce the impact of cybercrime on Canadian businesses, organizations and individuals. Ongoing efforts include:
  • collecting intelligence on cybercrime groups
  • enhancing cyber defences to protect critical systems against cybercrime threats
  • advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
  • using our active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups
• For example, under these authorities, CSE has launched an enduring campaign to disrupt foreign cybercriminals who threaten Canadian and allied systems with ransomware attacks. These systems include health care providers and other critical infrastructure owners.
• Under this campaign, CSE has executed dozens of operations that have disrupted the foreign infrastructure used by these groups. These operations have allowed the Cyber Centre and other cyber defenders to work with these system owners to prevent them from becoming victims of ransomware attacks.
• In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
  • target Canadians, Canadian businesses and institutions
  • launch ransomware attacks; and
  • solicit, buy and sell cybercrime goods and services including:
    • Canadian personal information
    • Canadian proprietary information
    • malware
• These operations imposed costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.

Protecting Canada’s Telecommunications Systems

• The Government of Canada conducted an extensive examination of 5G wireless technology and the various technical, economic, and national security aspects of 5G implementation.
• As a result of this examination, Bill C-26, An Act Respecting Cyber Security (ARCS) was introduced in June 2022 to further strengthen our telecommunications system and protect our national security.
• This legislation will amend the Telecommunications Act to allow the Government to take action to prohibit the use of equipment or services from low confidence suppliers.
• In addition, the Communications Security Establishment’s (CSE) Security Review Program (SRP), which has a proven track-record of protecting Canada’s 3G/4G/LTE networks, will evolve to consider the security of Canada’s telecommunications system more broadly.
• Under the new Telecoms Cyber Resilience Program, CSE continues to work with Canadian telecommunications service providers (TSPs) to help them mitigate cyber security and supply chain risks.
• Together, these efforts are part of a robust strategy to defend the critical digital infrastructure upon which Canadians rely.

Growth, Recruitment, and retention at CSE

• Over the years, CSE has experienced continued and sustained growth that has enabled the agency to adapt and address the growing cybersecurity landscape.
• No other governmental agency within Canada is undertaking the crucial cyber security work done at CSE. In fact, only a few other jurisdictions around the world have similar operations thereby positioning Canada’s cryptological agency at the forefront of cyber operations and defence.
• Recruiting skilled employees in the high-tech field remains challenging and highly competitive. At CSE, the same is true due to the specific technical competencies required for many positions within the organization.
• Despite the highly competitive nature of recruitment, CSE has been recognized as a Top Employer in 2020, 2021, and 2022, as well as one of Canada’s Top Employers for Youth for the past six years in a row.
• CSE and the Canadian Centre for Cyber Security are hiring for a variety of positions including foreign language intelligence analysts, engineers, mathematicians, computer science specialists and cyber security professionals.
• CSE also received significant recognition through Budget 2022 in which proposed $875.2 million over five years for CSE, beginning in 2022-23, for additional measures to address the rapidly evolving cyber threat landscape.

Background

Quick Facts

• At CSE there is a 2% retirement and 2% resignation rate for a total of 4% attrition per year.
• CSE has a relatively low attrition rate which reflects its investment in creating a healthy work environment, encouraging employee professional development, embracing diversity and inclusion as mission imperatives, and having excellent counselling and employee support programs in place.

Equity, Diversity and Inclusion

• As a security and intelligence organization, promoting diversity at CSE allows the workplace to integrate broad perspectives, experiences, and worldviews into its operations. As a result, individuals can pursue CSE’s mission in a nurturing and welcoming environment.
• Working with equity-deserving groups both inside and outside of CSE on the promotion of equity, diversity and inclusion will enable CSE to evolve its processes, operations and policies in a manner that serves all Canadians effectively.
• In effort of working towards reconciliation, CSE continues to participate in the Government of Canada’s IT Apprenticeship Program for Indigenous Peoples, a program that matches First Nations, Inuit and Métis candidates to help them build the skills they need for an IT career in the federal public service.

Committee Membership and Profiles

• Chair– Hon. John Mckay (LPC)– Scarborough-Guildwood, ON
• Vice-chair– Hon. James Bezan (CPC)– Selkirk-Interlake-Eastman, MB
• Vice-chair– Hon. Christine Normandin (BQ)– Saint-Jean, QC
• Darren Fisher (LPC)– Dartmouth-Cole Harbour, NS
• Cheryl Gallant (CPC)– Renfrew-Nipissing-Pembroke, ON
• Pat Kelly (CPC)– Calgary Rocky Ridge, AB
• Shelby Kramp-Neuman (CPC)– Hastings-Lennox and Addington, ON
• Emmanuella Lambropoulos (LPC)– Saint-Laurent, QC
• Lindsay Mathyssen (NDP)– London-Fanshawe, ON
• Andy Fillmore (LPC)– Halifax, NS
• Marie-France Lalonde (LPC)– Orléans, ON
• Chad Collins(LPC) – Hamilton East—Stoney Creek, ON

Chair– Hon. John Mckay (LPC)– Scarborough-Guildwood, ON

CSE-related interests

• Former Parliamentary Secretary to the Minister of National Defence
• Has demonstrated an interest in cyber and cognitive warfare in relations to the Indo-Pacific Strategy (September 2023)
• Demonstrated concern of Russia’s actions in Ukraine and multiple cyber-attacks on Canada (January 2022) and an interest to discuss Arctic security (November 2022).
• One of the few Government-side MPs who voted in favour of the CPC’s Opposition Motion in November 2020, which called on the Government to make a decision on the Huawei Ban.
• During SECU’s study of Bill C-59 asked what contributions the Bill would make to address cyber threats to private infrastructure (2018).
• McKay expressed concern surrounding the lack of clarity for reporting cyber incidents for Canadians during the Public Safety Committee (December 2020).

Vice-chair– Hon. James Bezan (CPC)– Selkirk-Interlake-Eastman, MB

CSE-related interests

• Interest in China, Russia, and defending the Arctic territory (2022)
• Concerned with Canadian data and information and protecting citizen’s Charter rights, particularly from Pegasus software system during discussions of Bill C-27 (November 2022): “There are times we have to use it in the collection of data. […] We know that to use that type of technology, to protect the rights of Canadians, there should be a warrant issued to ensure there is judicial oversight, even if it is being used by the Department of National Defence and CSE, we have to make sure it is not being used against Canadians and only deals with those national threats they refer to as threats that are foreign entities. That is something that Bill C-27 fails to recognize.”

 

Vice-chair – Hon. Christine Normandin (BQ) – Saint-Jean, QC

CSE-related interests

• Canada-China Relations Committee (May 2021): Concerned over Canada’s “laxed” stance on Huawei in comparison to the other Five Eyes partners.
• Business of Supply- Government Orders (February 2021): Concern of China’s mass surveillance regime and the surveillance capacities of Huawei.
• NDDN (March 2022): Questioned if CSE’s and CSIS’ work happens in isolation and to promote communication between the two organizations, if they should “co‑operate more closely with FINTRAC to follow the money when it comes to the use of cryptocurrency by terrorist groups?”.
• Questioned if CSE explored working with private sector to “fill gaps in internal capacity and thus meet operational requirements” and develop cyber capacity (March 2022).

 

Members

Darren Fisher (LPC)– Dartmouth-Cole Harbour, NS

CSE-related interests

• Canada-China Relations Committee (May 2021): Concerned over Canada’s “laxed” stance on Huawei in comparison to the other Five Eyes partners.
• Business of Supply- Government Orders (February 2021): Concern of China’s mass surveillance regime and the surveillance capacities of Huawei.
• NDDN (March 2022): Questioned if CSE’s and CSIS’ work happens in isolation and to promote communication between the two organizations, if they should “co‑operate more closely with FINTRAC to follow the money when it comes to the use of cryptocurrency by terrorist groups?”.
• Questioned if CSE explored working with private sector to “fill gaps in internal capacity and thus meet operational requirements” and develop cyber capacity (March 2022).

Cheryl Gallant (CPC)– Renfrew-Nipissing-Pembroke, ON

CSE-related interests

• “E-security” is a popular topic for Gallant (March 2022): “CSE judges that cyber-threat actors will very unlikely seek to intentionally seek to disrupt Canadian critical infrastructure and cause major damage or loss of life. That being said, how vulnerable are we with the Internet of things, given that something as simple as your refrigerator is sending off pings? There seem to be so many vulnerabilities and it is the least protected throughway that is going to be attacked, so how can they be so confident, do you think, that it will be unlikely to be disrupted?”
•  Issues of greatest interest in this area include: Cybersecurity of the electricity grid; NATO and NORAD and cybersecurity, including IoT and AI; recruiting cybersecurity experts into the military; the Telecommunications Act, how CSE works with the private sector; information sharing in the Five Eyes; Russian cyberattacks against Georgia; and Op IMPACT.
• Questioned if Canada was sharing intelligence directly with Ukraine from CSE in March 2022.

Pat Kelly (CPC)– Calgary Rocky Ridge, AB

CSE-related interests

• Interested in national defence and security, with many questions related to Arctic security, protecting Arctic waters and China's capability to threaten Canadian Arctic sovereignty in November 2022.
• Questioned Jody Thomas during her appearance in December 2022 regarding foreign interference in Canadian elections.
• Has had no questions directed at CSE and mention of the organization.

Shelby Kramp-Neuman (CPC)– Hastings-Lennox and Addington, ON

CSE-related interests

• Interested in Canada’s role in NATO, Arctic security, national defence, Canada’s military and its capacity to respond to threats: “Can you speak to the impact on our ability to protect and strengthen our north and give it the attention it needs as a region of growing competition between Canada, Russia and China?” (November 2022).
• Has had no questions directed at CSE and mention of the organization.

Emmanuella Lambropoulos (LPC)– Saint-Laurent, QC

CSE-related interests

• Interested in Russia and China’s foreign interference, the rise of cyber-threats and Arctic security.
• Questioned Canada’s position in defending itself and the Arctic in NDDN (December 2022): “[…] What are some of the ways that our adversaries' [Russia and China] cyber-abilities influence the way we prepare ourselves? In what ways have we made investments in technologies that would counter these kinds of cyber-abilities?”.
• Questioned Chief Shelly Bruce about cyber-threats during her appearance in February 2022: “I know that Minister Anand has in her mandate letter several references to cybersecurity. We heard from CSE and CSIS at our last meeting that these threats have been increasing steadily for the last while, mainly by China and Russia, along with others. What kind of plans do you have going forward in order to make sure we accomplish this part of the mandate?” and “In your opinion, what would CSE need in order to help it fulfill its mandate?”

 

Lindsay Mathyssen (NDP)– London-Fanshawe, ON

CSE-related interests

• Interested in assessing the capacity to tackle cyber-threats and issue of unfilled cyber-related positions in NDDN (March 2022).
• Questioned the reality of Russia and China posing as “potential threat” for Canada and Artic Soil during Jody Thomas’ appearance (December 2022).

Andy Fillmore (LPC) – Halifax, NS

CSE-related interests

• On a number of occasions in Parliament, Fillmore has mentioned CSE’s role in securing Canadian elections: “…which is why we engaged the Communications Security Establishment to conduct the first-ever threat assessment of Canadian democratic processes…” (March 2018) “the minister has asked the Communications Security Establishment to analyze proactively the risks to our electoral system and to release a public report. Further, we will ask the CSE officer for advice for political parties on cybersecurity best practices.” (March 2017)
• Fillmore was also the member to table the first Cyber Threats To Canada's Democratic Process report in 2017
• Discussed Russia/Ukraine war and implications for oil and gas prices in the House: “what is unfolding a world away with Russia's brutal, illegal, unprovoked and unjustified war with Ukraine … is being funded by the very resource that we are discussing today” (May 2022)
• Discussed economic security in the context of PRC foreign influence at Industry Committee

Marie-France Lalonde (LPC) – Orléans, ON

Parliamentary Secretary to the Minister of National Defence, Member of CACN

CSE-related interests

• Has spoken about PRC intimidation activities in Canada, noting that “We recognize that individuals in Canada subjected to intimidation, harassment or manipulation by foreign states or their proxies suffer the effect of foreign interference directly. These activities are a threat to Canada's sovereignty and to the safety of our communities and individuals in Canada.” (June 2023)
• She discussed foreign interference in the House: “We are very committed to combatting foreign interference by protecting the Canadians and communities targeted by foreign state actors, safeguarding our democratic institutions and promoting economic security.” (June 2023)
• She also has mentioned Afghanistan and expressed her support for Afghan refugees, noting at CIMM that her riding has strong historical ties to the country (March 2023)

Chad Collins (LPC) – Hamilton East—Stoney Creek, ON

CSE-related interests

• Discussed LPC’s support for Ukrainian refugees in the House (March 2023)
•  Expressed disdain for foreign interference as a political theme, referring to it as a “one-trick pony political debate” in June 2023 at SRSR.
•  Also at SRSR, Collins noted that he would prefer a broad study in relation to research security, as opposed to limiting the scope of a study to specific companies (in this particular situation, Huawei): “I would say that we can expand that language if you have other suggestions to provide that build upon that theme of foreign interference, or whatever you want to call it. I think we need to be a little bit more inclusive rather than exclusive. (June 2023)

Committee backgrounder

44th Parliament, 1st Session

Under its mandate, the Committee:

• studies the legislation, activities and expenditures of the Department of National Defence (DND) and the Canadian Armed Forces (CAF).
• examines the domestic, continental and international security environment; and
• Monitors the performance and policies of other federal entities that operate within the National Defence portfolio such as The Communications Security Establishment (CSE).

Recent appearances

• May 2, 2023: CSE appeared alongside the Minister of National Defence and other senior officials to discuss Main Estimates 2023-2024.
• February 7, 2023: CSE appeared to discuss Cybersecurity and Cyberwarfare.
• February 9, 2022: CSE appeared alongside the Minister of National Defence and other senior officials to discuss the Minister’s mandate letter and priorities.
• February 7, 2022: CSE appeared alongside the Minister of National Defence, and the Director of CSIS, as well as other senior officials to brief NDDN members’ situational awareness of the threats they themselves face from foreign interference, as well as a discussion of the threats Canada faces from foreign interference.

Key studies

• Notable activities/meetings:
  • September 2023: Briefing on the Indo-Pacific Region
  • September 2023: Briefing on the War in Ukraine
  • February and March 2023: Briefing on the Surveillance Balloon from the People's Republic of China
  • December 2022: Briefing on the 6th Report of the Auditor General, Arctic Water Surveillance
  • February 2022: Briefing on Canada, NATO and the Current Situation in Ukraine
  • February 2022: Briefing by CSIS and the CSE
• Studies in recent years:
• December 2018: Russian Aggression Against Ukraine, Moldova and Georgia in the Black Sea Region; Threat Analysis Affecting Canada and the Canadian Armed Forces’ Operational Readiness to Meet Those Threats; Addressing Sexual Misconduct in the Canadian Armed Forces; Impacts of the COVID-19 Pandemic on Canadian Armed Forces Operations
• June 2019: Improving Diversity and Inclusion in the Canadian Armed Forces
• May 2019: Canada’s Contributions to International Peacekeeping
• October 2022: Arctic Security
• November 2022: Reports that Former Royal Canadian Air Force Pilots have Undertaken Employment to Train Members of the People's Liberation Army Air Force
• February 2023: Cybersecurity and Cyberwarfare

Key Reports and Relevant Recommendations

• In June 2023, NDDN tabled a report titled The Cyber Defence of Canada based on its study of Cybersecurity and Cyberwarfare. The vast majority of the report’s recommendations are relevant to CSE, and five mention CSE directly:
  • Recommendation 19: That the Government of Canada mandate all federal government departments and request provincial, territorial, municipal, and Indigenous governments to provide a detailed list of critical infrastructure to Treasury Board and the Communications Security Establishment and update it annually.
  • Recommendation 20: That the Government of Canada increase funding to the Canadian Centre for Cyber Security to improve coordination between federal and provincial cybersecurity systems to better address incidents.
  • Recommendation 23: That the Government of Canada adapt and develop a comprehensive plan for the recruitment and retention of cyber operators which is competitive with the private sector to ensure positions are filled and the cyber skills gap is closed in the Canadian Armed Forces and the Communications Security Establishment.
  • Recommendation 26: That the Government of Canada take steps to clearly define the duties and responsibilities of the Canadian Armed Forces and the Communications Security Establishment as they relate to cyber security in Canada and abroad.
  • Recommendation 36: That the Government of Canada establish clear boundaries in the operations of the Communications Security Establishment between their signals intelligence and cybersecurity mandates, including ministerial authorization processes and reporting mechanisms
• In June 2022, NDDN tabled a report titled Report 1 - An Interim Report on the Defence of Canada in a Rapidly Changing Threat Environment based on its study, Threat Analysis Affecting Canada and the Canadian Armed Forces’ Operational Readiness to Meet Those Threats. One of the recommendations mentions CSE directly:
  • Recommendation 10: That the Government of Canada invest in defensive and active cyber operations capabilities. As well, the Government should increase its recruitment and training of cyber specialists in the Canadian Armed Forces and the Communications Security Establishment, and ensure that all federal systems are adequately protected against cyber   threats.
    • The government, in its response to the report, agreed with this recommendation.

Previous Meetings (2022-23 Session)

September 2022 – June 2023
Wednesday, December 15, 2021: Election of Chair
The Hon. John McKay (LPC) was elected Chair. Kerry-Lynne D. Findlay (CPC) was elected first vice-chair; Christine Normandin (BQ) was elected second vice-chair.
Monday, January 31, 2022: Committee Business
Wednesday, February 2, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness
Monday, February 7, 2022: Briefing by CSIS and CSE

Witnesses Included:

• Charlie Henderson, Assistant Director, Canadian Security Intelligence Service
• David Vigneault, Director, Canadian Security Intelligence Service
• Daniel Rogers, Associate Chief, Communications Security Establishment
• Rajiv Gupta, Associate Head, Canadian Centre for Cyber Security, Communications Security Establishment

Wednesday, February 9, 2022: Briefing by the Minister of National Defence on her Mandate Letter

Witnesses Included:

• Hon. Anita Anand, Minister of National Defence
• Bill Matthews, Deputy Minister of National Defence
• Robin Holman, Acting Judge Advocate General, Office of the Judge Advocate General, Department of National Defence
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• Shelly Bruce, Chief, Communications Security Establishment

Monday, February 14 , 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness (Meeting 2)
Wednesday, February 16 , 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness (Meeting 3)
Monday, February 28 , 2022: Briefing on Canada, NATO and the Current Situation in Ukraine, and Threat Analysis Affecting Canada and the CAF Operational Readiness

Witness Included:

• MGen Paul Prévost, Director of Staff, Strategic Joint Staff, Department of National Defence

Wednesday, March 2 , 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness
Wednesday, March 9 , 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness
Monday, March 21 , 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness
Wednesday, March 23 , 2022: Subject Matter of Supplementary Estimates (C) 2021-22

Witnesses Included:

• Hon. Anita Anand, Minister of National Defence
• Bill Matthews, Deputy Minister of National Defence
• Cheri Crosby, Assistant Deputy Minister, Finance, and Chief Financial Officer, Department of National Defence
• LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• Shoba Ranganathan, Acting Executive Director, Sexual Misconduct Response Centre, Department of National Defence
• Troy Crosby, Assistant Deputy Minister, Materiel Group, Department of National Defence
• Shelly Bruce, Chief, Communications Security Establishment

Monday, March 28, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness
Wednesday, March 30, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness
Monday, April 4 ,2022: Recruitment and Retention in the CAF
Wednesday, April 6, 2022: Recruitment and Retention in the CAF
Monday, April 25, 2022: Recruitment and Retention in the CAF
Wednesday, April 27, 2022: Committee Business and Recruitment and Retention in the CAF
Monday, May 2, 2022: Rising Domestic Operational Deployments and Challenges for the CAF
Wednesday, May 4, 2022: Committee Business
Monday, May 9, 2022: Rising Domestic Operational Deployments and Challenges for the CAF
Wednesday, May 11, 2022: Committee Business
Wednesday, May 18, 2022: Rising Domestic Operational Deployments and Challenges for the CAF
Wednesday, June 1, 2022: Committee Business and Threat Analysis Affecting Canada and the CAF Operational Readiness
Monday, June 6, 2022: Subject Matter of Main Estimates 2022-23

Witnesses Included:

• Hon. Anita Anand, Minister of National Defence
• Bill Matthews, Deputy Minister of National Defence
• Cheri Crosby, Assistant Deputy Minister, Finance, and Chief Financial Officer, Department of National Defence
• LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• Troy Crosby, Assistant Deputy Minister, Materiel Group, Department of National Defence
• Shelly Bruce, Chief, Communications Security Establishment

Wednesday, June 8, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness
Monday, June 13, 2022: Recruitment and Retention in the CAF
Monday, June 20, 2022: Recruitment and Retention in the CAF
Tuesday, September 20, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness
Thursday, September 22, 2022: Committee Business and Threat Analysis Affecting Canada and the CAF Operational Readiness
Tuesday, September 27, 2022: Rising Domestic Operational Deployments and Challenges for the CAF
Tuesday, October 4, 2022: Rising Domestic Operational Deployments and Challenges for the CAF
Thursday, October 6, 2022: Rising Domestic Operational Deployments and Challenges for the CAF
Thursday, October 18, 2022: Arctic Security
Tuesday, October 25, 2022: Arctic Security and Committee Business
Thursday, October 27, 2022: Arctic Security
Tuesday, November 1, 2022: Arctic Security
Thursday, November 3, 2022: Arctic Security and Reports that Former Royal Canadian Air Force Pilots Have Undertaken Employment to Train Members of the People’s Liberation Army Air Force

Witness Included:

• BGen Denis Boucher, Director General Defence Security, Department of National Defence

Tuesday, November 15 , 2022: Arctic Security
Tuesday, November 22 , 2022: Arctic Security
Thursday, November 24 , 2022: Arctic Security
Tuesday, November 29 , 2022: Arctic Security
Thursday, December 1 , 2022: Committee Business
Thursday, December 8 , 2022: Arctic Security and Briefing on the 6th Report of the Auditor General, Arctic Water Surveillance 

Witnesses Included:

• Chantal Thibaudeau, Director, Office of the Auditor General
• Karen Hogan, Auditor General, Office of the Auditor General
• Nicholas Swales, Principal, Office of the Auditor General

Tuesday, December 13 , 2022: Independent External Review of the Department of National Defence and the Canadian Armed Forces
Witnesses Included:

• Hon. Anita Anand, Minister of National Defence
• Louise Arbour, Lawyer
• Bill Matthews, Deputy Minister, Department of National Defence
• LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• LGen Jennie Carignan, Chief, Professional Conduct and Culture, Canadian Armed Forces. Department of National Defence
• Linda Rizzo-Michelin, Chief Operating Officer, Sexual Misconduct Response Centre, Department of National Defence
• Col Robin Holman, Acting Judge Advocate General, Canadian Armed Forces, Department of National Defence
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence

Tuesday, January 31 , 2022: Threat Analysis Affecting Canada and the Canadian Armed Forces’ Operational Readiness to Meet Those Threats

Witnesses Included:

• Kati Csaba, Executive Director, Ukraine Strategic Action Team, Department of Foreign Affairs, Trade and Development
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• MGen Michael Wright, Commander, Canadian Forces Intelligence Command and Chief of Defence Intelligence, Department of National Defence

Friday, February 3, 2023: Threat Analysis Affecting Canada and the Canadian Armed Forces’ Operational Readiness to Meet Those Threats

Witnesses Included:

• Peter Lundy, Director General, Indo-Pacific Secretariat, Department of Foreign Affairs, Trade and Development
• MGen Greg Smith, Director General, International Security Policy, Department of National Defence

Tuesday, February 7, 2023: Cybersecurity and Cyberwarfare

Witnesses Included:

• Sami Khoury, Head, Canadian Centre for Cyber Security, Communications Security Establishment
• Alia Tayyeb, Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Friday, February 10, 2023: Cybersecurity and Cyberwarfare

Witnesses Included:

• Thomas Keenan, Professor, University of Calgary (by videoconference)Amended
• Alexander Rudolph, PhD Candidate, Carleton University
• Kristen Csenkey, PhD Candidate, Balsillie School of International Affairs, Wilfrid Laurier University
• Alexis Rapin, Research fellow, Raoul-Dandurand Chair of Strategic and Diplomatic Studies, Université du Québec à Montréal

Tuesday, February 14, 2023: Cybersecurity and Cyberwarfare

Witnesses Included:

• RAdm Lou Carosielli, Cyber Force Commander, Canadian Armed Forces, Department of National Defence
• Jonathan Quinn, Director General, Continental Defence Policy, Department of National Defence
• Marcus Kolga, Senior Fellow, Macdonald-Laurier Institute

Friday, February 17, 2023: Briefing on the Surveillance Balloon from the People's Republic of China

Witnesses Included:

• LGen Alain Pelletier, Deputy Commander, North American Aerospace Defense Command, Department of National Defence
• MGen Paul Prévost, Director of Staff, Strategic Joint Staff, Department of National Defence

Tuesday, March 7, 2023: Briefing on the Surveillance Balloon from the People's Republic of China

Witnesses Included:

• Hon. Anita Anand, P.C., M.P., Minister of National Defence
• Bill Matthews, Deputy Minister, Department of National Defence
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces
• Jonathan Quinn, Director General, Continental Defence Policy, Department of National Defence
• MGen Darcy Molstad, Deputy Commander, Canadian Joint Operations Command, Canadian Armed Forces, Department of National Defence

Friday, March 10, 2023: Cybersecurity and Cyberwarfare

Witnesses Included:

• Christyn Cianfarani, President and Chief Executive Officer, Canadian Association of Defence and Security Industries
• Tim Callan, Chief Experience Officer, Sectigo
• Christian Leuprecht, Professor, Royal Military College of Canada

Tuesday, March 21, 2023: Arctic Security (consideration of draft report)

Friday, March 31, 2023: Cybersecurity and Cyberwarfare and Meeting with a Delegation from Lithuania

Witnesses Included:

• Tadej Nared, Chairman of the Board, Slovenian Certified Ethical Hackers Foundation
• John de Boer, Senior Director, Government Affairs and Public Policy, Canada, BlackBerry
• Tim McSorley, National Coordinator, International Civil Liberties Monitoring Group
• Žilvinas Tomkus, Vice-Minister of National Defence, Ministry of National Defence of the Republic of Lithuania

Friday, April 21, 2023: Briefing on the War in Ukraine

Witnesses Included:

• Kerry Buck
• Ihor Michalchyshyn, Executive Director and Chief Executive Officer, Ukrainian Canadian Congress
• Orest Zakydalsky, Senior Policy Advisor, Ukrainian Canadian Congress
• Dr. Jack Watling, Senior Research Fellow for Land Warfare

Tuesday, April 25, 2023: Briefing on the War in Ukraine

Witnesses Included:

• Brian Jenkins, Senior Adviser to the President, RAND Corporation
• Andrew Rasiulis, Fellow, Canadian Global Affairs Institute

Friday, April 28, 2023: Military Health System and Provision of Health and Transition Services under the Canadian Forces Health Services Group

Witnesses Included:

• LGen Lise Bourgon, Acting Chief of Military Personnel and Acting Commander Military Personnel Command, Canadian Armed Forces, Department of National Defence
• MGen Marc Bilodeau, Surgeon General, Canadian Armed Forces, Department of National Defence
• Cmdre Daniel Bouchard, Commander, Canadian Armed Forces Transition Group, Canadian Armed Forces, Department of National Defence
• BGen Scott Malcolm, Commander, Canadian Forces Health Services Group, Canadian Armed Forces, Department of National Defence

Tuesday, May 2, 2023: Main Estimates 2023-2024

Witnesses Included:

• Hon. Anita Anand, P.C., M.P., Minister of National Defence
• Caroline Xavier, Chief, Communications Security Establishment
• Bill Matthews, Deputy Minister, Department of National Defence
• Troy Crosby, Assistant Deputy Minister, Materiel Group, Department of National Defence
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• Cmdre Ruth Dagenais, Deputy Chief Financial Officer, Canadian Armed Forces, Department of National Defence

Tuesday, May 9, 2023: Military Health System and Provision of Health and Transition Services under the Canadian Forces Health Services Group

Witnesses Included:

• Myriam Lafond, Managing Director, Crisis Center and Suicide Prevention of Haut-Richelieu-Rouville
• Linna Tam-Seto, Assistant Professor, McMaster University, Canadian Institute for Military and Veteran Health Research
• Col (Ret'd) Richard Pucci, Senior Health Care Executive
• Maj (Ret'd) Dr. Karen Breeck
• RAdm (Ret'd) Hon. Rebecca Patterson, Senator

Friday, May 12, 2023: Military Health System and Provision of Health and Transition Services under the Canadian Forces Health Services Group

Witnesses Included:

• Gregory Lick, Ombudsman, National Defence and Canadian Armed Forces Ombudsman
• Robyn Hynes, Director General of Operations, National Defence and Canadian Armed Forces Ombudsman
• Col (Ret'd) Nishika Jardine, Veterans Ombud, Office of the Veterans Ombudsman
• Duane Schippers, Deputy Veterans Ombud, Office of the Veterans Ombudsman
• RAdm (Ret’d) Hon. Rebecca Patterson, Senator
• Maj (Ret’d) Dr. Karen Breeck
• Nick Booth, Chief Executive Officer, True Patriot Love Foundation

Friday, June 2, 2023: Military Health System and Provision of Health and Transition Services under the Canadian Forces Health Services Group

Witnesses Included:

• Laurie Ogilvie, Senior Vice President, Military Family Services, Canadian Forces Morale and Welfare Services
• Steven Harris, Assistant Deputy Minister, Service Delivery Branch, Department of Veterans Affairs
• Jane Hicks, Acting Director General, Service Delivery and Program Management, Department of Veterans Affairs
• Mark Roy, Area Director Central Ontario.
• Dr. Ayla Azad, Chief Executive Officer, Canadian Chiropractic Association
• Andrew P.W. Bennett, Director, Cardus
• Matthew McDaniel, National Clinical Director, Veterans Transition Network

Tuesday, June 6, 2023: Cybersecurity and Cyberwarfare (consideration of a draft report)

Friday, June 9, 2023: Review of the Impact of Canada’s Procurement Process on the Canadian Armed Forces and Cybersecurity and Cyberwarfare (consideration of a draft report)

Witnesses Included:

• Yves Giroux, Parliamentary Budget Officer, Office of the Parliamentary Budget Officer
• Christopher Penney, Advisor-Analyst, Office of the Parliamentary Budget Officer

Tuesday, June 13, 2023: Review of the Impact of Canada’s Procurement Process on the Canadian Armed Forces

Witnesses Included:

• Karen Hogan, Auditor General, Office of the Auditor General
• Andrew Hayes, Deputy Auditor General, Office of the Auditor General
• Nicholas Swales, Principal, Office of the Auditor General
• Anessa Kimball, Full Professor, Université Laval (by videoconference)
• Philippe Lagassé, Associate Professor, Carleton University

Friday, June 16, 2023: Review of the Impact of Canada’s Procurement Process on the Canadian Armed Forces

Witnesses Included:

• David Perry, President, Canadian Global Affairs Institute
• Alan Williams, President, Williams Group
• Hon. LGen Andrew Leslie
• BGen (Ret'd) Gaston Côté (by videoconference)
• LGen (Ret'd) Guy Thibault, Former Vice Chief of the Defence Staff, Conference of Defence Associations

Tuesday, June 20, 2023: External Monitor Report - First Status Report

Witnesses Included:

• Jocelyne Therrien, External Monitor

September 2023 – June 2024

Tuesday, September 19, 2023: Briefing on the War in Ukraine

Witnesses Included:

• Kati Csaba, Executive Director, Ukraine Bureau, Department of Foreign Affairs, Trade and Development
• Alison Grant, Director General, International Security Policy Bureau, Department of Foreign Affairs, Trade and Development
• MGen Paul Prévost, Director of Staff, Strategic Joint Staff, Department of National Defence
• Ty Curran, Deputy Director General International Security, Department of National Defence

Thursday, September 21, 2023: Briefing on the War in Ukraine

Witnesses Included:

• Peter Lundy, Director General, Indo-Pacific Strategy Secretariat, Department of Foreign Affairs, Trade and Development
• MGen Paul Prévost, Director of Staff, Strategic Joint Staff, Department of National Defence
• MGen Greg Smith, Director General, International Security Policy, Department of National Defence
• Dr. Harry Ho-Jen Tseng, Representative, Taipei Economic and Cultural Office in Canada
• Bryan Chiao-Lu Ping, Executive Director, Taipei Economic and Cultural Office in Canada
• Ethan Han-Ming Chen, Executive Assistant Director, Taipei Economic and Cultural Office in Canada

Tuesday, September 26, 2023: Review of the Impact of Canada’s Procurement Process on the Canadian Armed Forces

Witnesses Included:

• Richard B. Fadden
• Richard Foster, Vice President, L3Harris Technologies Canada
• Richard Shimooka, Senior Fellow, Macdonald-Laurier Institute
• Project Ploughshares
• Cesar Jaramillo, Executive Director

Additional Media Lines

India

• CSE leverages all aspects of its mandate to counter hostile state activity. We work closely with federal partners and international allies to defend Canada’s interests, in accordance with our mandate and authorities.
• CSE can neither confirm nor deny any specific operations, capabilities or targets for operational security reasons. However, Canadians can be assured that CSE’s foreign signals intelligence provides Canada’s decision-makers with actionable insights on a range of foreign-based threats, including the activities of hostile states, cybercriminals and violent extremists.

Distributed Denial of Service (DDoS)

• The Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) have received reports of several distributed denial of service campaigns, also known as DDoS attacks, targeting the Government, provinces and territories, as well as the financial and transportation sectors.
• On Friday, September 22, 2023, CSE issued a warning urging the Canadian cyber security community especially the operators of government and critical infrastructure web sites to adopt a heightened state of vigilance, and to bolster their awareness of and protection against malicious cyber threats.
• CSE observed that it’s not uncommon to see increased distributed denial of service (DDoS) campaigns against NATO countries that support Ukraine, or host visits from Ukrainian government officials.
• On Friday, September 15, 2023, the Canadian Centre for Cyber Security (Cyber Centre) published a statement and a cyber alert on Cyber.gc.ca warning Canadians of several distributed denial of service (DDoS) campaigns targeting the Government of Canada, provinces and territories, as well as the financial and transportation sectors.
• CSE and the Cyber Centre are continuously monitoring the threats from state sponsored threat actors, especially China, Russia, North Korea and Iran.
• CSE continues to monitor Russia-backed cyber actors and share threat-related information with Canadians and Canadian organizations in a timely basis.
• The Government of Canada has systems and tools in place to monitor, detect and investigate potential threats, and takes active measures as required. CSE continues to work with its cyber security partners to ensure the Government’s networks and infrastructure are well defended against cyber threats.

House of Commons - DDoS

• We are aware that the House of Commons site experienced an outage today. However, CSE and its Canadian Centre for Cyber Security (Cyber Centre) generally do not comment on specific cyber security incidents, other than to confirm we are in touch and have offered assistance.
• The Cyber Centre works closely with Canadian government partners and critical infrastructure providers to help them protect their networks and systems from cyber threats. For example, we share:
  • advice and guidance about cyber security best practices
  • threat bulletins that help providers assess the cyber risks
  • indicators of compromise – signs that a bad actor has gotten into a system, which providers can look for
  • various types of notifications, including: advisories (routine), alerts (urgent), cyber flashes (urgent and sensitive)
• As outlined in the National Cyber Threat Assessment 2023-24 report, cyber threats remain a persistent threat to Canadian organizations, as well as critical infrastructure owners and operators. CSE and the Cyber Centre continue to monitor for any developing cyber threats and share threat information with our partners and stakeholders.
• CSE works every day to defend government systems from threats. On any given day, CSE’s defensive systems can block upwards of 6 billion events targeting Government of Canada (GC) networks. These defensive actions are a result of CSE’s existing dynamic cyber defence capabilities which remain ready to defend GC systems and help protect against future attacks.

Ukraine/Geopolitical Events

• The Government of Canada’s cyber defence team, including CSE, is constantly reviewing measures to ensure our systems and information networks remain secure. We have tools in place to monitor, detect, and investigate potential threats, and to take active measures to address them.
• We can confirm that CSE has been tracking cyber threat activity associated with the current crisis. CSE has been sharing valuable cyber threat intelligence with key partners in Ukraine and continues to work with the Canadian Armed Forces (CAF) in support of Ukraine.
• As the situation has deteriorated, CSE’s Cyber Centre continues to monitor the cyber threat environment in Canada and globally, including cyber threat activity directed at critical infrastructure networks, operational and information technology (OT/IT). We recently issued reminder to the Canadian cyber security community to adopt a heightened state of vigilance and bolster awareness and protection against malicious cyber threats.
• CSE is aware of an increase in Russian state-aligned hacktivist groups seeking to Ukraine and its allies. 
• We remind Canadian critical infrastructure operators and defenders to be aware of the risks and take mitigations against known Russian-backed cyber threat activity. Now is the time to take defensive action and be proactive in network monitoring and applying appropriate mitigations.
• In addition to public advisories, the Cyber Centre continues to share valuable cyber threat information with Canadian critical infrastructure partners via protected channels. This information includes indicators of compromise, threat mitigation advice, and confidential alerts regarding new forms of malware, and other tactics, techniques, and procedures being used to target victims.

Indo-Pacific Strategy

• Budget 2023 announced $29.7M over five years for The Communications Security Establishment (CSE) to increase Canada’s foreign intelligence support to government partners in defence and security in the Indo-Pacific.
• In addition, CSE’s Canadian Centre for Cyber Security (Cyber Centre) will expand its delivery of cyber security advice and guidance to partners and stakeholders in the region.

Equity Diversion and Inclusion (EDI)

• The Communications Security Establishment (CSE) is committed to pursuing the objectives of equity and inclusion. Building an equitable, diverse, and inclusive environment at CSE is essential and is part of its obligation to Canadians.
• As a security and intelligence organization, promoting diversity at CSE allows the workplace to integrate broad perspectives, experiences, and worldviews into its operations. As a result, individuals can pursue CSE’s mission in a nurturing and welcoming environment.
• Working with equity-deserving groups both inside and outside of CSE on the promotion of equity, diversity and inclusion will enable CSE to evolve its processes, operations and policies in a manner that serves all Canadians effectively.
• In effort of working towards reconciliation, CSE continues to participate in the Government of Canada’s IT Apprenticeship Program for Indigenous Peoples, a program that matches First Nations, Inuit and Métis candidates to help them build the skills they need for an IT career in the federal public service.

Additional Q and A's

Resource/Funding

36. Will the TBS-directed cuts will have any impact on CSE's operations?

• There are no cuts to CSE's 2023-2024 operating budget; however, we are currently examining the years ahead to meet the spending reductions outlined by TBS, which will include the reduction totals of $20M by 2026-2027 and will become permanent.
• CSE is well funded as a result of funding from Budget 2022 and we continue to maximize our resources and funds to meet our operational requirements and defend the Government of Canada.

Baseline Cyber Threat Assessment on Cybercrime

37. What is the Baseline Cyber Threat Assessment on Cybercrime?

• This Baseline Cyber Threat Assessment report on Cybercrime builds on the assessments the Cyber Centre shared in the National Cyber Threat Assessment (NCTA) and is intended to inform cybersecurity professionals and the public about the threat to Canada and Canadians posed by global cybercrime.
• The assessment covers cybercrime’s early history, the development of the most significant cybercrime TTPs, and the current nature of the global cybercrime threat and its implications for Canada.
• The judgements in this assessment are based on the Canadian Centre for Cyber Security’s (Cyber Centre) knowledge and expertise in cyber security and further supported by input from the Royal Canadian Mounted Police (RCMP).

38. What were the key judgements from the assessment?

• The assessment looks at the strategic threat to Canada posed by the global cybercrime market.
• The key judgements of the assessment are:
  • Ransomware is almost certainly the most disruptive form of cybercrime facing Canada because it is pervasive and can have a serious impact on an organization’s ability to function.
  • CSE assess that organized cybercrime will very likely pose a threat to Canada’s national security and economic prosperity over the next two years.
  • Over the next two years, financially motivated cybercriminals will almost certainly continue to target high-value organizations in critical infrastructure sectors in Canada and around the world.
  • Russia and, to a lesser extent, Iran very likely act as cybercrime safe havens from which cybercriminals based within their borders can operate against Western targets.
  • We assess that Russian intelligence services and law enforcement almost certainly maintain relationships with cybercriminals and allow them to operate with near impunity.

39. How is CSE responding the threats outlined in the assessment?

• This Baseline assessment is meant to give Canadians an accurate picture of the current threat of cybercrime in Canada. We all benefit greatly from living in one of the most Internet-connected nations in the world, and the risks identified in this report can be mitigated.
• The Cyber Centre takes the threat of cybercrime to Canadians and Canadian organizations very seriously. We continue to publish alerts to warn about active campaigns, as well as reports and guidance to raise awareness.
  • In July 2023, the Cyber Centre published an alert about ALPHV/BlackCat ransomware targeting Canadian industries. The Cyber Centre has also published joint cyber security advisories warning Canadians about Truebot malware and LockBit ransomware.
• The Cyber Centre also provides tailored advice and guidance products available on their website. If an organization believes they have been a victim of cybercrime or if they wish to receive additional supports to mitigate potential threats, they are invited to reach out to the Cyber Centre at any time – collaboration is key as we work to minimize the impacts of cybercrime in Canada.

Critical Infrastructure

40. How is CSE protecting our critical Infrastructure?

• CSE continues to monitor the cyber threat environment, including cyber threat activity directed at critical infrastructure networks.
• CSE’s Cyber Centre has, and continues to share, cyber threat information with Canadian critical infrastructure operators so they are aware of the risks and threats. This information includes providing them with expert advice to mitigate against known Russian-backed cyber threat activity, in addition to other state and non-state cyber threats.
• The Cyber Centre has issued unclassified cyber security threat bulletins, such as a Reminder to Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity. We have also published helping advice and guidance documents such as the recent Top 10 IT security action bulletin or the Foundational cyber security actions for small organizations, reminding Canadian critical infrastructure operators and defenders to be aware of the risks and take necessary mitigations.
• Publishing cyber threat assessments, such as the cyber threat to Canada’s oil and gas sector report and offering tailored briefings to industry leaders and IT professionals.

Disinformation

41. What has CSE done in relation to Russian disinformation campaigns?

• Based on its intelligence reporting, CSE has observed numerous Russian-backed disinformation campaigns online designed to support their actions.
• CSE observed coordinated efforts by Russia to create and spread disinformation. For example, controlled media outlets were directed to include doctored images of Canadian Forces Members on the front line and false claims about Canadian forces committing war crimes.
• CSE shared this information on social media as part of the Government of Canada’s efforts to help inform Canadians on how to help stop the spread and protect themselves from disinformation.
• CSE continues to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.

CSE Annual Report

42. What are the key takeaways from CSE’s annual report?

• From 2022 to 2023, CSE produced over 3,000 foreign intelligence reports to alert and inform the Government of Canada about foreign-based threats and global events affecting Canada.
• From 2022 to 2023, CSE’s Cyber Centre responded to 2,089 cyber security incidents affecting federal institutions (957) and critical infrastructure partners (1,132).
• In 2022, CSE received 4 Ministerial Authorizations to carry out foreign cyber operations.
• In 2022, CSE’s Cyber Centre published a new National Cyber Threat Assessment which identifies key trends in the cyber threat landscape.
• CSE’s automated defences protected the Government of Canada from 2.3 trillion malicious actions, an average of 6.3 billion a day.
• CSE’s 2022 to 2023 total budget was $948 million and consists of 3,232 full-time, permanent employees.