House Standing Committee on National Defence (NDDN) Appearance, Head, Canadian Centre for Cyber Security and Deputy Chief, CSE – February 7, 2023

Table of contents

Appearance details

Date: Tuesday, February 7, 2023

Location: Virtual

Time: 3:30 – 4:30 pm

Appearing:

  • Alia Tayyeb; Deputy Chief, Signals Intelligence
  • Sami Khoury; Head, Canadian Centre for Cyber Security
  • Communications Security Establishment

Details: Study on Cybersecurity and Cyberwarfare that includes, but is not limited to: The evolving sophistication of threats associated with cybersecurity and foreign actors’ capabilities to hack, disrupt, and dismantle means of communication, power grids, databases, and other critical infrastructure, that should include: The full capabilities of advanced countries to conduct cyberwarfare and what that might look like during conventional, unconventional and hybrid warfare; what Canada and its allies are doing to attract and retain talent in state cybersecurity to defend Canada against foreign cyber-threats; the threat of non-state actors to our cybersecurity; and the role of individuals and the private sector in cybersecurity.

 

Sami Khoury

Introduction
  • Hello/Bonjour. Thank you, Mr. Chair, and members of the Committee, for the invitation to appear today.
  • My name is Sami Khoury, my pronouns are he and him, and I am the Head of the Communications Security Establishment’s Canadian Centre for Cyber Security, known as the Cyber Centre.
  • I am joined today by my colleague Alia Tayyeb. She is the Deputy Chief of CSE’s Signals Intelligence branch.
  • Je suis heureux de me présenter devant le comité pour discuter de cybersécurité et de cyberopérations.
  • As this is the first meeting of your study, I’d like to begin by providing an update on the current cyber threat landscape and what CSE is doing to protect Canadians.
  • I will largely focus on the cyber security aspect of our mandate, whereas my colleague Ms. Tayyeb will focus on the foreign intelligence piece of CSE’s mandate, our support to partners, and our active and defensive cyber operation capabilities.
Cybersecurity
  • Now more than ever we understand that cyber security is the foundation of Canada’s future – for our digital economy, our personal safety and privacy, and our national prosperity and competitiveness.
  • In October, the Cyber Centre released its third National Cyber Threat Assessment. This report outlines the current cyber threat environment.
  • Un des principaux points soulevés par l’Évaluation des cybermenaces nationales est que la cybercriminalité demeure la plus grande activité de cybermenace visant la population canadienne, et que les infrastructures essentielles sont la principale cible des cybercriminels et des auteurs de menace parrainés par des États.
  • Ransomware specifically was prominent in the past two years, and it remains a persistent threat to Canadian organizations.
  • The state-sponsored cyber programs of China, Russia, Iran, and North Korea continue to pose the greatest strategic cyber threat to Canada.
  • In the face of these threats, and as Canada’s technical and operational authority on cyber security, CSE defends Government of Canada networks, and the Cyber Centre leads the Government’s response to cyber incidents.
  • However, cyber security is not solely a federal government responsibility or concern, as cyber threats continue to target and impact Canadian individuals, organizations, and businesses.
  • Le CST travaille avec des partenaires de l’industrie, dont des partenaires non gouvernementaux, pour échanger de l’information sur la menace et des pratiques exemplaires en matière de cybersécurité. Le Centre pour la cybersécurité, quant à lui, publie constamment des avis et conseils d’experts à l’intention des Canadiennes et des Canadiens.
  • Moving forward, to continue to adapt to the evolving threat environment, bolster defences, and help better protect Canada and Canadians, we’re hopeful to see the continued progress of Bill C-26 An Act respecting cyber security in Parliament.
  • This legislation would establish a regulatory framework to strengthen cyber security for services and systems that are vital to national security and public safety and give the Government a new tool to respond to emerging cyber threats.
  • We also look forward to continued work to support Public Safety in the renewal of Canada’s National Cyber Security Strategy (the Strategy).
  • The renewed Strategy will articulate Canada’s long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based behaviour in cyber space.
  • Pour le CST, le renouvellement de la Stratégie est l’occasion de faire le point et de poursuivre sur la lancée des réalisations du Centre pour la cybersécurité au cours des cinq dernières années, car la création du Centre était l’une des principales initiatives de la Stratégie de 2018.
  • Finally, as we work to build relationships with Canadian industry and other levels of government, we are also focused on collaboration with our international partners, in the Five Eyes and beyond.
  • I will now hand it over to my colleague Ms. Tayyeb to speak to her area of responsibility.

Alia Tayyeb

Cyber operations
  • Thank you, Sami. As my colleague mentioned, I am the Deputy Chief of CSE’s Signals Intelligence branch, and am also responsible for the foreign cyber operations aspect of the CSE mandate. My pronouns are she, her.
  • As mentioned, the severity of cybercrime and cyber incidents targeting Canadians and Canadian critical infrastructure – both public and private – is growing exponentially. Beyond cybercriminals, however, state and state-sponsored cyber actors also pose a continuing strategic threat to Canada.
  • Through CSE’s foreign intelligence mandate, we continue to provide intelligence on foreign cyber threats, including the activities and intentions of state and non-state actors which is used by government clients, including the Cyber Centre, to defend Canada.
  • Recognizing the evolving threat landscape, the CSE Act came into force in August 2019, which allowed CSE to expand its tool suite to conduct active and defensive cyber operations, together referred to as foreign cyber operations.
  • Depuis qu’on lui a accordé ces nouveaux pouvoirs, le CST a tiré parti de ses capacités liées aux cyberopérations pour nuire aux efforts d’extrémistes basés à l’étranger visant recruter des Canadiens, à mener des opérations en ligne et diffuser du contenu violent et extrémiste. We have also used these authorities to disrupt the activities of cybercriminals planning ransomware attacks.
  • Recognizing the importance of investing in cyber resilience and bolstering Canada’s capability, Budget 2022 provided Canada’s first standalone investment in its cyber operations capability, earmarking $273.7 million over five years and $96.5M ongoing annually for CSE to build its foreign cyber operations capabilities and conduct a specific range of cyber operations focusing on countering cybercriminals and protecting Canadian critical infrastructure from cyber attacks.
  • En vertu de son mandat d’assistance, le CST a utilisé ces capacités pour appuyer la mission des Forces armées canadiennes.
  • Nos alliés, nos partenaires internationaux et nos adversaires investissent tous massivement dans ces capacités et développent leurs capacités de cyberopérations à grande échelle. Il va sans dire que le CST surveille attentivement le cyberespace et adapte régulièrement ses efforts pour protéger le Canada et défendre ses intérêts.
Closing
  • As the cyber threat landscape in Canada continues to evolve, CSE is dedicated to advancing cyber security and increasing the confidence of Canadians in the systems they rely on daily.
  • With that, I thank you for the opportunity to appear before you today and I look forward to answering any questions you may have.
 

Committee information and potential questions

Committee profiles

 
Portrait - John Mckay
CSE-related interests
  • Former Parliamentary Secretary to the Minister of National Defence.
  • Demonstrated concern of Russia’s actions in Ukraine and multiple cyber-attacks on Canada (January 2022) and an interest to discuss Arctic security (November 2022).
  • One of the few Government-side MPs who voted in favour of the CPC’s Opposition Motion in November 2020, which called on the Government to make a decision on the Huawei Ban.
  • During SECU’s study of Bill C-59 asked what contributions the Bill would make to address cyber threats to private infrastructure (2018).
  • McKay expressed concern surrounding the lack of clarity for reporting cyber incidents for Canadians during the Public Safety Committee (December 2020).
 
 
Portrait - James Bezan
CSE-related interests
  • Interest in China, Russia, and defending the Arctic territory (2022)
  • Concerned with Canadian data and information and protecting citizen’s Charter rights, particularly from Pegasus software system during discussions of Bill C-27 (November 2022): “There are times we have to use it in the collection of data. […] We know that to use that type of technology, to protect the rights of Canadians, there should be a warrant issued to ensure there is judicial oversight, even if it is being used by the Department of National Defence and CSE, we have to make sure it is not being used against Canadians and only deals with those national threats they refer to as threats that are foreign entities. That is something that Bill C-27 fails to recognize.”
 
 
Portrait - Christine Normandin
CSE-related interests
  • Canada-China Relations Committee (May 2021): Concerned over Canada’s “laxed” stance on Huawei in comparison to the other Five Eyes partners.
  • Business of Supply- Government Orders (February 2021): Concern of China’s mass surveillance regime and the surveillance capacities of Huawei.
  • NDDN (March 2022): Questioned if CSE’s and CSIS’ work happens in isolation and to promote communication between the two organizations, if they should “co‑operate more closely with FINTRAC to follow the money when it comes to the use of cryptocurrency by terrorist groups?”.
  • Questioned if CSE explored working with private sector to “fill gaps in internal capacity and thus meet operational requirements” and develop cyber capacity (March 2022).
 
 

Members

Portrait - Darren Fisher
CSE-related interests
  • Concerned with Russia, China and Arctic Security (November 2022): “Given the evolving relationship between Russia and China right now, how do you think they would co-operate or conflict on matters relating to the Arctic?”
  • NDDN Committee, Briefing by the Commissioner of CSE (March 2017): Concern over other Five Eyes partners not keeping their promise to protect Canadian data and spy on each other’s citizens.
  • Interested in national defence and Canada’s Involvement in NATO (January 2018): Concern over if Canadian and NATO infrastructure is safe from data breaches and if there is a quick response to new cyber threats.
 
 
Portrait - Cheryl Gallant
CSE-related interests
  • “E-security” is a popular topic for Gallant (March 2022): “CSE judges that cyber-threat actors will very unlikely seek to intentionally seek to disrupt Canadian critical infrastructure and cause major damage or loss of life. That being said, how vulnerable are we with the Internet of things, given that something as simple as your refrigerator is sending off pings? There seem to be so many vulnerabilities and it is the least protected throughway that is going to be attacked, so how can they be so confident, do you think, that it will be unlikely to be disrupted?”
  • Issues of greatest interest in this area include: Cybersecurity of the electricity grid; NATO and NORAD and cybersecurity, including IoT and AI; recruiting cybersecurity experts into the military; the Telecommunications Act, how CSE works with the private sector; information sharing in the Five Eyes; Russian cyberattacks against Georgia; and Op IMPACT.
  • Questioned if Canada was sharing intelligence directly with Ukraine from CSE in March 2022.
 
 
Portrait - Pat Kelly
CSE-related interests
  • Interested in national defence and security, with many questions related to Arctic security, protecting Arctic waters and China's capability to threaten Canadian Arctic sovereignty in November 2022.
  • Questioned Jody Thomas during her appearance in December 2022 regarding foreign interference in Canadian elections.
  • Has had no questions directed at CSE and mention of the organization.
 
 
Portrait - Shelby Kramp-Neuman
CSE-related interests
  • Interested in Canada’s role in NATO, Arctic security, national defence, Canada’s military and its capacity to respond to threats: “Can you speak to the impact on our ability to protect and strengthen our north and give it the attention it needs as a region of growing competition between Canada, Russia and China?” (November 2022).
  • Has had no questions directed at CSE and mention of the organization.
 
Portrait - Emmanuella Lambropoulos
CSE-related interests
  • Interested in Russia and China’s foreign interference, the rise of cyber-threats and Arctic security.
  • Questioned Canada’s position in defending itself and the Arctic in NDDN (December 2022): “[…] What are some of the ways that our adversaries' [Russia and China] cyber-abilities influence the way we prepare ourselves? In what ways have we made investments in technologies that would counter these kinds of cyber-abilities?”.
  • Questioned Chief Shelly Bruce about cyber-threats during her appearance in February 2022: “I know that Minister Anand has in her mandate letter several references to cybersecurity. We heard from CSE and CSIS at our last meeting that these threats have been increasing steadily for the last while, mainly by China and Russia, along with others. What kind of plans do you have going forward in order to make sure we accomplish this part of the mandate?” and “In your opinion, what would CSE need in order to help it fulfill its mandate?”
 
Portrait - Lindsay Mathyssen
CSE-related interests
  • Interested in assessing the capacity to tackle cyber-threats and issue of unfilled cyber-related positions in NDDN (March 2022).
  • Questioned the reality of Russia and China posing as “potential threat” for Canada and Artic Soil during Jody Thomas’ appearance (December 2022).
 
Portrait - Bryan May
CSE-related interests
  • May is the Parliamentary Secretary to the Minister of National Defence and has asked many questions related to the Telecommunications Act, PROC and Bill C-26 in PROC, NDDN and other committees.
  • He continues to speak about the role of CSE and the cyber center’s “cyber and technical expertise to help monitor, detect and investigate threats against Canada’s information systems and networks, and take active measures to address them.” (December 2022).
  • Questioned an expert speaker about the biggest threats coming with regard to cyber and “[Do you] see progress with CSE at this point?” (February 2022).
  • Asked Sami Khoury to “comment and elaborate on the Canadian Centre for Cyber Security's work with various industry sectors?” during an appearance (March 2022).
  • Discussed Russia, China and the Arctic (November 2022): “In light of the growing tensions between NATO and Russia, is Canada doing enough in terms of allied military exercises in the Canadian Arctic? What would be the pros and cons of potentially expanding those allied exercises in the Arctic?”
 
 
Portrait - Jennifer O’Connell
CSE-related interests
  • Interested in protecting national security, democratic institutions, and elections from foreign interference (December 2022) especially through her previous membership on NSICOP. Has questioned the CPC’s inaction towards foreign interference including misinformation, disinformation and attempts on elections, despite multiple briefings and reports.
  • Mention of CSE in the context of Russia, China, and the use of local media to spread disinformation or misinformation by foreign state actors in PROC (November 2022): “For CSIS, or CSE or any Canadian agency, for example, if a so-called media group like Canada Proud or Rebel News started using Chinese or Russian types of disinformation in their local disinformation or misinformation campaigns, what mechanisms would you have to then tell Canadians that this local source of information is being used by foreign state actors like China or Russia?”.
  • Questioned the Middle East strategy, supplementary estimates and CSE’s contribution in NDDN (March 2022): “I'm wondering if you can elaborate on what this specific investment in the supplementary estimates looks like. It's an additional $4 million, but what is that additional $4 million for?”.
  • In relation to the two Chinese scientists fired at the Microbiology Laboratory, O’Connell gave assurance that Canada takes threats to research security and intellectual property very seriously (May 2021).
  • Showed concern of Huawei telecommunications in Canada and how it will affect Canada’s relationship with the Five Eyes allies, and over Canada’s autonomy and the Chinese government having access to our intelligence through Huawei networks (October 2020).
 
 
Portrait - Charles Sousa
CSE-related interests
  • N/A – Charles Sousa was recently elected in by-election (December, 2022) as MP for Mississauga-Lakeshore
  • He is the former Minister of Finance for Ontario
  • He served as Member of Provincial Parliament (MPP) for the riding of Mississauga-South
  • Charles Sousa was also, Minister of Labour, Minister of Citizenship and Immigration, Minister Responsible for the Pan and Parapan American Games, and President of Treasury Board
 

44th Parliament, 1st Session

Under its mandate, the Committee:

  • studies the legislation, activities and expenditures of the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
  • examines the domestic, continental and international security environment; and
  • monitors the performance and policies of other federal entities that operate within the National Defence portfolio such as The Communications Security Establishment (CSE).

Recent appearances

  • February 9, 2022: CSE appeared alongside the Minister of National Defence and other senior officials to discuss the Minister’s mandate letter and priorities.
  • February 7, 2022: CSE appeared alongside the Minister of National Defence, and the Director of CSIS, as well as other senior officials to brief NDDN members’ situational awareness of the threats they themselves face from foreign interference, as well as a discussion of the threats Canada faces from foreign interference.

Key studies

  • Notable activities/meetings:
    • December 2022: Briefing on the 6th Report of the Auditor General, Arctic Water Surveillance
    • February 2022: Briefing by CSIS and the CSE
    • March 2017: Briefing by the Commissioner of the Communications Security Establishment
    • May 2016: Briefing on the Ongoing Activities of the Communications Security Establishment
  • Studies in recent years:
    • December 2018: Russian Aggression Against Ukraine, Moldova and Georgia in the Black Sea Region
    • Threat Analysis Affecting Canada and the Canadian Armed Forces’ Operational Readiness to Meet Those Threats
    • Addressing Sexual Misconduct in the Canadian Armed Forces
    • Impacts of the COVID-19 Pandemic on Canadian Armed Forces Operations
    • June 2019: Improving Diversity and Inclusion in the Canadian Armed Forces
    • May 2019: Canada’s Contributions to International Peacekeeping
  • Upcoming studies:
    • February 2023: NDDN is expected to begin a study on Cybersecurity and Cyberwarfare, such as the evolving sophistication of threats associated with cybersecurity and foreign actors’ defensive capabilities. NDDN intends to invite representatives from CAF, DND and CSE at its first meeting.

Previous meetings (current session)

Wednesday, December 15, 2021: Election of Chair

The Hon. John McKay (LPC) was elected Chair. Kerry-Lynne D. Findlay (CPC) was elected first vice-chair; Christine Normandin (BQ) was elected second vice-chair.

Monday, January 31, 2022: Committee Business

Wednesday, February 2, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, February 7, 2022: Briefing by CSIS and CSE

Witnesses Included:

  • Charlie Henderson, Assistant Director, Canadian Security Intelligence Service
  • David Vigneault, Director, Canadian Security Intelligence Service
  • Daniel Rogers, Associate Chief, Communications Security Establishment
  • Rajiv Gupta, Associate Head, Canadian Centre for Cyber Security, Communications Security Establishment

Wednesday, February 9, 2022: Briefing by the Minister of National Defence on her Mandate Letter

Witnesses Included:

  • Hon. Anita Anand, Minister of National Defence
  • Bill Matthews, Deputy Minister of National Defence
  • Robin Holman, Acting Judge Advocate General, Office of the Judge Advocate General, Department of National Defence
  • Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
  • Shelly Bruce, Chief, Communications Security Establishment

Monday, February 14, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness (Meeting 2)

Wednesday, February 16, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness (Meeting 3)

Monday, February 28, 2022: Briefing on Canada, NATO and the Current Situation in Ukraine, and Threat Analysis Affecting Canada and the CAF Operational Readiness

Witnesses Included:

  • MGen Paul Prévost, Director of Staff, Strategic Joint Staff, Department of National Defence

Wednesday, March 2 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Wednesday, March 9 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, March 21 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Wednesday, March 23 (2022): Subject Matter of Supplementary Estimates (C) 2021-22

Witnesses Included:

  • Hon. Anita Anand, Minister of National Defence
  • Bill Matthews, Deputy Minister of National Defence
  • Cheri Crosby, Assistant Deputy Minister, Finance, and Chief Financial Officer, Department of National Defence
  • LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
  • Shoba Ranganathan, Acting Executive Director, Sexual Misconduct Response Centre, Department of National Defence
  • Troy Crosby, Assistant Deputy Minister, Materiel Group, Department of National Defence
  • Shelly Bruce, Chief, Communications Security Establishment

Monday, March 28 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Wednesday, March 30 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, April 4 (2022): Recruitment and Retention in the CAF

Wednesday, April 6 (2022): Recruitment and Retention in the CAF

Monday, April 25 (2022): Recruitment and Retention in the CAF

Wednesday, April 27 (2022): Committee Business and Recruitment and Retention in the CAF

Monday, May 2 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Wednesday, May 4 (2022): Committee Business

Monday, May 9 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Wednesday, May 11 (2022): Committee Business

Wednesday, May 18 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Wednesday, June 1 (2022): Committee Business and Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, June 6 (2022): Subject Matter of Main Estimates 2022-23

Witnesses Included:

  • Hon. Anita Anand, Minister of National Defence
  • Bill Matthews, Deputy Minister of National Defence
  • Cheri Crosby, Assistant Deputy Minister, Finance, and Chief Financial Officer, Department of National Defence
  • LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
  • Troy Crosby, Assistant Deputy Minister, Materiel Group, Department of National Defence
  • Shelly Bruce, Chief, Communications Security Establishment

Wednesday, June 8 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, June 13 (2022): Recruitment and Retention in the CAF

Monday, June 20 (2022): Recruitment and Retention in the CAF

Tuesday, September 20 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Thursday, September 22 (2022): Committee Business and Threat Analysis Affecting Canada and the CAF Operational Readiness

Tuesday, September 27 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Tuesday, October 4 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Thursday, October 6 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Thursday, October 18 (2022): Arctic Security

Tuesday, October 25 (2022): Arctic Security and Committee Business

Thursday, October 27 (2022): Arctic Security

Tuesday, November 1 (2022): Arctic Security

Thursday, November 3 (2022): Arctic Security and Reports that Former Royal Canadian Air Force Pilots Have Undertaken Employment to Train Members of the People’s Liberation Army Air Force

Witnesses Included:

  • BGen Denis Boucher, Director General Defence Security, Department of National Defence

Tuesday, November 15 (2022): Arctic Security

Tuesday, November 22 (2022): Arctic Security

Thursday, November 24 (2022): Arctic Security

Tuesday, November 29 (2022): Arctic Security

Thursday, December 1 (2022): Committee Business

Thursday, December 8 (2022): Arctic Security and Briefing on the 6th Report of the Auditor General, Arctic Water Surveillance

Witnesses Included:

  • Chantal Thibaudeau, Director, Office of the Auditor General
  • Karen Hogan, Auditor General, Office of the Auditor General
  • Nicholas Swales, Principal, Office of the Auditor General

Tuesday, December 13 (2022): Independent External Review of the Department of National Defence and the Canadian Armed Forces

Witnesses Included:

  • Hon. Anita Anand, Minister of National Defence
  • Louise Arbour, Lawyer
  • Bill Matthews, Deputy Minister, Department of National Defence
  • LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
  • LGen Jennie Carignan, Chief, Professional Conduct and Culture, Canadian Armed Forces. Department of National Defence
  • Linda Rizzo-Michelin, Chief Operating Officer, Sexual Misconduct Response Centre, Department of National Defence
  • Col Robin Holman, Acting Judge Advocate General, Canadian Armed Forces, Department of National Defence
  • Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
 

Cyber security

What support has CSE provided in response to recent cyberattacks?
  • The Communications Security Establishment (CSE) continues to monitor the cyber threat environment, including cyber threat activity directed at critical infrastructure networks.
  • CSE’s Cyber Centre has alerted Canadian critical infrastructure operators to be aware of the risks and has provided them with expert advice to mitigate against cyber threat activity.
  • There are systems and tools in place to monitor, detect, and investigate potential threats, and to take active measures to address and neutralize them when they occur.
  • If Canadian companies have been impacted by cyber threats, they are urged to contact CSE’s Cyber Centre.
Does CSE need more resources?
  • We know that the global cyber security threat landscape is rapidly evolving. Cyber incidents, including significant critical infrastructure incidents, are increasing in number and sophistication.
  • With adequate resources, CSE and its security and intelligence partners can help reduce the threat, strengthen our cyber defences by raising the bar, and responding to and recovering from (fewer) incidents.
  • In spring 2022, the government announced $852.7M over 5 years, and $218.3M ongoing starting in 2027-28, in its federal budget for CSE.
  • As the threats we face continue to evolve it is critical that we have the resources needed to protect Canadians.

Cyber operations

How many foreign cyber operations has CSE conducted against any foreign-state actors?
  • Foreign cyber operations give Canada the authority to take action in the cyberspace against foreign adversaries in matters relating to Canada’s international affairs, defence or security.
  • As mentioned in CSE’s Annual Report, in 2021, the MND issued 3 Authorizations for foreign cyber operations – two Active Cyber Operations (ACOs) and one Defensive Cyber Operations.
  • CSE has used its active cyber operation capabilities to disrupt the efforts of foreign-based extremists to recruit Canadian nationals, operate online, and disseminate violent extremist material. CSE has also used these capabilities to assist the Canadian Armed Forces in support of their mission.
  • CSE has used its defensive cyber operations capabilities in the lead up to Canada’s 2021 federal election, during which CSE had defensive cyber operations authorities in place to protect the electronic infrastructure used by Elections Canada. Had there been malicious cyber activity targeting the election process, CSE would have been ready to act on it right away.
Has CSE conducted any cyber operations against Canadians or persons in Canada?
  • CSE is prohibited by law from directing its cyber or intelligence activities at Canadians or any person in Canada. The CSE Act requires that CSE’s activities include measures to protect the privacy of Canadians.
  • Privacy safeguards flow, in part, from the Privacy Act, which the Department of National Defence and the Canadian Armed Forces follow along with other applicable laws.
How prepared is CSE to conduct cyber operations against foreign actors?
  • When it comes to conducting cyber operations, CSE has the tools and the authorities to counter hostile state-sponsored activities, such as cyberespionage.
  • Following the investments announced in Budget 2022, in which $875 million dollars over five years will be funded, this will help bolster CSE’s capabilities, both for cyber security and active cyber operations.

Foreign interference

Can you confirm there was foreign interference in the 2019 election?
  • We are aware of the persistent threat of foreign interference.
  • Throughout the federal election, the Security and Intelligence Threats to Elections (SITE) Task Force actively monitored the situation for signs of foreign interference.
  • A Panel of non-partisan senior civil servants administered the Critical Election Incident Public Protocol, which includes a mandate during the caretaker period to inform the public if an incident or series of events occurred that threatened Canada’s ability to hold a free and fair election
  • The Government of Canada did not detect foreign interference that threatened Canada’s ability to have a free and fair election, and that warranted public communication, as determined by the Panel under the Critical Election Incident Public Protocol.
  • In the lead up to Canada’s 2021 federal election, CSE had defensive cyber operations authorities in place to protect the electronic infrastructure used by Elections Canada.
  • Had there been malicious cyber activity targeting the election process, CSE would have been ready to act on it right away.
Are you aware of foreign cyber threat activities targeting Canadian democratic institutions or processes?
  • In CSE’s most recent report on Cyber Threats to Canada’s Democratic Process, we have assessed that state-sponsored actors with ties to Russia, China, and Iran are responsible for the majority of cyber threat activity against democratic processes worldwide.
  • For example, state-sponsored actors have promoted content and messaging related to QAnon for the purpose of reaching voters in the US.
  • These reports are intended to raise awareness and draw further attention to known state-sponsored cyber threat activity, including the tactics, techniques and procedures used to target Canada’s democratic processes.
Are Chinese or Russian state-sponsored actors attempting to disrupt Canadian democratic institutions or processes?
  • CSE has assessed that both China and Russia, along with Iran, are responsible for the majority of cyber threat activity against democratic processes worldwide.
  • Since 2015, over 90 percent of the cyber threat activity against democratic processes we observed by Russia, China and Iran targeted states and regions of strategic significance to them.
  • State-sponsored actors such as these, have taken advantage of domestic groups and movements in other countries and used the messages and reach of these domestic groups to better influence voters.
  • Adopting cybersecurity best practices goes a long way to offsetting risks of exploitation by any cyber threat actor.
The National Cyber Threat Assessment points to state-sponsored activities of China and Russia, as well as a few other countries, specifically. What is CSE doing to protect Government of Canada networks from these threats?
  • CSE is the primary centralized voice and resource for senior leadership in Government on cyber security operational matters, including incident management, situational awareness, and technical advice and guidance.
  • CSE defends Government of Canada cyber systems, and respond to significant cyber security threats and incidents to reduce and mitigate harm to the Federal Government.
  • CSE is a central resource for Government of Canada departments in support of their roles within their sectors.

Social media

Does CSE have any concerns about the spread of misinformation or disinformation by threat actors on social media apps?
  • It is important to note how pervasive falsehoods on social media and in the domestic information ecosystem create opportunities that foreign cyber threat actors can exploit to covertly disseminate information
  • Some governments and political parties employ disinformation or manipulate the online information ecosystem to influence voters.
  • Threat actors can also spread disinformation after an election to undermine trust in the results or attempt to stop the elected government from taking office.
  • More recently, CSE shared information on social media as part of the Government of Canada’s efforts to help inform Canadians on how to help stop the spread and protect themselves from disinformation.
  • CSE continues to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.
  • It is important for Canadians to adopt good cyber security practices – which CSE shares on the cyber.gc.ca website.

Russian invasion of Ukraine and cyber threats

Has CSE seen an increase in cyber threats to Canada since the Russian invasion of Ukraine?
  • There have been high volumes of cyber activity in the lead up to and during the Russian war.
  • Cyber threats are constant and ever-present in Canada.
  • Canada is one of the most targeted countries in the world and Canadian organizations remain attractive targets for cybercriminals and state-sponsored cyber threat actors.
  • Our security and intelligence agencies coordinated integrated government efforts by raising awareness, monitoring, and reporting on threats, and providing advice to protect our democracy.

The National Cyber Threat Assessment report

What is the National Cyber Threat Assessment report? What information does it include?
  • The Cyber Centre produces a report every two years outlining the greatest threats Canada faces.
  • The key judgements in this report are based on reporting from multiple sources, including classified and unclassified information. The judgements are based on the Cyber Centre’s knowledge and expertise in cyber security and informed by CSE’s foreign intelligence mandate, which provides us with valuable insights on cyber threat activity around the world.
What are the primary concerns and observations made in the report?
  • In the Fall, Friday, October 28, CSE released its National Cyber Threat Assessment 2023-2024, which provides an overview of five key cyber threat trends that are the most dynamic and impactful and that will continue to drive cyber threat activity to 2024:
    • First, ransomware is a persistent threat to Canadian organizations;
    • Second, critical infrastructure is increasingly at risk from cyber threat activity;
    • Third, State-sponsored cyber threat activity is impacting Canadians;
    • Fourth, cyber threat actors are attempting to influence Canadians and degrade trust in online spaces; and
    • Finally, disruptive technologies bring new opportunities and new threats.
 

Recent questions asked at committee

Foreign interference (Elections)

  1. How much influence do foreign actors have in an election is it a few votes or a few seats?
  2. What limitations are there on disclosing information with voters?
  3. Are voters informed/aware of the issues related to foreign interference?
  4. What threats do you see in terms of the IT infrastructure for Elections Canada?
  5. One glaring example of foreign interference, was in the case of Kenny Chiu, was he informed of foreign interference risks? And pursuant to the protocol, if a certain threshold is met, the public is to be informed but the public wasn’t informed. Why not?
  6. What would you classify as a political party (in relation to classified briefings given to political parties)/ would volunteers on campaigns be included in these briefings?
  7. Do foreign state actors, which pose a different threat than third party funding coming from other countries, can foreign actors move the needle, 20,000-30,000 votes during an election campaign?

Foreign interference (General)

  1. What are the differences between Russia and China in relation to foreign interference?

Social media

  1. What is SITE’s relationship with social media platforms?
  2. What role do social media companies have in being responsible actors during and leading up to elections?

Mis/Dis/Mal information

  1. Many social companies have signed what is called a declaration on electoral integrity, which commits among other things, for them to address MDM and we know that algorithmic transparency is an issue. It’s been talked about quite often and the algorithms that they use predominantly originate from the US. What impacts do you think this has in terms of foreign influence on an election?
  2. Would you say that the majority of MDM out there is propagated through social media?

China/Russia

  1. The Communist Party of China passed the national intelligence law in 2017 which requires organizations and citizens anywhere in the world to assist with communist party’s state intelligence work. Would you agree with that?
  2. Could you briefly describe what the other countries are doing? Is it similar to what China is doing, is it different, is there any nuance between the activities of these four countries?
  3. How many reports of cyber incidents has your agency received since Russia invaded Ukraine?
    • Of these, what industries are you most commonly receiving these reports from?
    • What types of places are reporting these? Can you give me examples?
    • Is this higher than in the last 3 years? Or is this consistent with what you’ve seen?
  4. In terms of cyber threat, how would you rate these State actors in their attack capabilities? China, Russia, North Korea, and Iran?
  5. We know that a lot of the cyber threats we have coming are from Russia, and I wanted to know how they are able to deny that they are committing such acts. Who do they use in order to get to Canadians and influence Canadians to think a certain way?

Cyber attacks

  1. To your knowledge, where do most of the cyber attacks or attempted attacks against Canada, originate from?
  2. What are the most challenging state actors to Canadian national security on the cyber front?
  3. What sectors of Canada’s economy are most vulnerable to cyber attacks?

Resource/capabilities

  1. Are we equipped to deal with cyber-attacks? Are we missing the boat when it comes to these interference groups? How do we compare with other countries and what do they do?
  2. In regard to the increase level of foreign state interference, and you talked about the tools that you have available to you, are there any new tools or any other authorities that either of you think you would need in order to continue to protect Canada’s democratic institutions?
  3. What are the legislative policy and funding gaps that parliamentarians should pay particular attention to, to enable your collection of agencies to be able to meet this ever-changing threat environment? What should parliamentarians, maybe those on the Public Safety Committee and maybe this committee, be paying attention to so that you have the tools required to do your job and protect our democratic system?
  4. What would CSE need to help it fulfill its mandate?
  5. Given the increase in serious cyber threats and certainly in the context of the overall deficiencies and defence spending by this government, would you say that there is a shortfall in what we should be spending on cyber security, particularly given the context of what’s going on in the world right now?

Collaboration

  1. Is there enough collaboration between CSE, CSIS, the CAF and other government departments?
  2. As part of the Canadian Armed Forces Operation UNIFIER, CSE is sharing threat intelligence with Ukraine and helping Ukraine defend itself against cyber attacks. Are CSE and/or the CAF engaging in act of cyber operations as part of Operation UNIFIER?
 

Media lines

  • As Canada’s national cyber security and foreign signals intelligence agency, CSE has unique technical and operational capabilities.
  • The Communications Security Establishment Act (the CSE Act) sets out five aspects of our mandate: cyber security and information assurance; foreign intelligence; defensive cyber operations; active cyber operations; and technical and operation assistance. We use our technical expertise in all five aspects of our mandate. We do so to keep Canadians safe and secure.
  • CSE’s foreign signals intelligence program provides Canada’s senior decision-makers with insights into the activities, motivations, capabilities, and intentions of foreign adversaries, and the international readiness and foreign reactions to a variety of diverse global events.
  • CSE’s intelligence reporting also identifies hostile state activities, and the CSE Act authorizes us to assist the Department of National Defence and the Canadian Armed Forces.
  • We support Canadian military operations and protect forces deployed abroad through advanced cyber techniques. For example, CSE could protect Canadian forces by disrupting an adversary’s ability to communicate or providing intelligence regarding an imminent threat.
  • The CSE Act gives CSE the legal authority to conduct cyber operations to disrupt foreign-based threats to Canada. This includes active cyber operations to degrade, disrupt, respond to, or interfere with the capabilities, intentions or activities of foreign individuals, states, and organizations.
  • If there are reasonable grounds to believe that a foreign state or actor constitutes a threat to the security of Canada and/or Canadian military forces, we are prepared to take appropriate action to address the threat.
  • We continue to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.
 
  • As Canada’s national cyber security and foreign intelligence agency, CSE has unique technical and operational capabilities. The CSE Act includes authorities that allow us to provide technical and operational assistance to the Department of National Defence and the Canadian Armed Forces (CAF).
  • CSE is authorized to assist the CAF in support of government-authorized military missions, such as Operation UNIFIER. This support includes intelligence sharing and cyber security.
  • While we can’t speak about specific operations, CSE can be counted to deliver on its mission working with Canada’s military presence in support of Ukraine.
  • This increased support will help Ukraine strengthen its security and ability to defend itself against a range of threats.
  • We continue to stand united with the people of Ukraine during this unlawful invasion by Russia.
  • The Communications Security Establishment (CSE), the Department of National Defence (DND), and Shared Services Canada (SSC), worked together with Telesat, a Canadian satellite communications company, to come to an agreement on providing satellite services to key Ukrainian government and non-government partners, including critical infrastructure.
  • Telesat is providing secure satellite service to Ukraine for conducting business with both European and North American government and non-government partners. The secure satellite system is able to facilitate telecommunications connectivity to Europe, Africa, the Americas, and the Atlantic Ocean region.
 
  • The Communications Security Establishment (CSE) is contributing to two initiatives under the Indo-Pacific Strategy (IPS): The Augmented Intelligence Capacity Initiative ($22.5M over five years with $6.4M ongoing), and the Cyber and Diplomacy Initiative ($7.2M over five years with $1.9M ongoing).
  • These new resources will help increase CSE’s foreign intelligence support to government decision-making and policy-making in defence, security and international affairs as part of IPS. They will also help to expand the Canadian Centre for Cyber Security’s (Cyber Centre) delivery of cyber security advice and guidance to Government of Canada partners and stakeholders in the region.
  • Canada’s Indo-Pacific Strategy is rooted in a commitment to strengthening and diversifying our regional partnerships, where we benefit from decades of trust and engagement in development, security, and trade partnerships, as well as shared histories and cultures.
  • It is the world’s fastest growing region and its importance to Canadian trade, investment and economic security will only continue to expand over time. The Indo-Pacific Strategy will support good jobs in Canada and ensure we are meeting the needs of countries in the Indo-Pacific.
  • Through sustained investment and engagement at the highest levels, Canada is increasing and deepening its political, economic, and security partnerships, as well as sustainable development assistance and cultural footprint throughout the Indo-Pacific.
  • To demonstrate Canada’s commitment to NATO Allies, and in response to a request for support, the Canadian Armed Forces (CAF) and CSE deployed a team to conduct a joint cyber threat hunt Operation to assist Latvia in better defending itself from cyber threats.
  • Canada highly values its strong partnership with Latvia and we are glad to help enhance Latvia’s cyber defensive capability. This close cooperation between our two nations has been ongoing since 2018.
  • We are currently conducting successful operations in the offensive cyber operations space to impose cost against threat actors targeting Western nations and NATO Allies.
  • Providing cyber threat support to a NATO ally is an example of excellent cooperation between CAF and CSE that continues today.
  • Canada, in conjunction with our Allies and partners, will continue to advance a stable cyberspace built on the applicability of and respect for international law and the norms of responsible state behavior in cyberspace.
  • CSE and it’s Cyber Centre noticed an increase in cyber threats during the COVID-19 pandemic, including the threat of ransomware attacks on the country’s front-line healthcare and medical research facilities.
  • CSE and its Cyber Centre continue to publish advice and guidance to help organizations improve their cyber security and work with industry partners to share threat information and cyber security best practices.
  • The Cyber Centre has sign up over 100 new health organizations in 2020 to 2021 to receive cyber security services. Engagement remained strong within 2021-2022 with roughly 140 organizations regularly attending virtual briefings for the health community. As part of these services we share tailored cyber threat-related information, including cyber threat bulletins, alerts and advisories, indicators of compromise (IoCs), advice and guidance.
  • We are continuing to work with the health sector and other critical infrastructure sectors. We regularly share threat information and cyber alerts.
  • The National Cyber Threat Assessment 2023-2024 report (NCTA) was published in October 2022 and it includes our latest forecasting on cybercrime and ransomware, which remains a persistent threat to Canadian organizations.
  • Since cybercriminals take advantage of technical and human vulnerabilities, the best way to safeguard against cybercrime, such as ransomware, is to apply cyber security best practices. While it may not be possible to eliminate cyber threats entirely, businesses and organizations can significantly reduce their risk and be better prepared by taking a few important actions, starting with:
    • Patch and accept updates to your software and electronic devices.
    • Practice good password etiquette. Use strong and unique passphrases or passwords.
    • Use multi-factor authentication, whenever this option is available.
    • Be on guard for phishing (and spear-phishing) messages; and
    • Store your data securely and know your back-up procedures.
  • Various cyber attacks should be included in your business continuity planning (BCP) so that the level of impact and how quickly you need to get your devices back up and running is understood.
  • We are aware of the cyber security and privacy considerations with many social media platforms and apps, which is why we’ve presented general advice and guidance to Canadians. It is important for Canadians to take the time to assess the risks associated with using social media platforms and apps, especially foreign based ones.
  • We strongly recommend Canadians think about the information they share on-line, how it is likely to be protected, managed and used/shared by others, which nation’s laws will apply to their information and activity on a specific platform.
  • There is a substantial amount of open source information available to Canadians on various social media applications and platforms, detailing the benefits and the risks. Canadians should proceed cautiously regarding their online presence and conduct their own research before joining new social media platforms.
  • However, CSE’s Cyber Centre is not a regulatory agency and as such, we do not endorse or ban social media applications.
  • The Government of Canada’s cyber defence team, including CSE, is constantly reviewing measures to ensure our systems and information networks remain secure. We have tools in place to monitor, detect, and investigate potential threats, and to take active measures to address them.
  • We can confirm that CSE has been tracking cyber threat activity associated with the current crisis. CSE has been sharing valuable cyber threat intelligence with key partners in Ukraine and continues to work with the Canadian Armed Forces (CAF) in support of Ukraine.
  • As the situation has deteriorated, CSE’s Cyber Centre continues to monitor the cyber threat environment in Canada and globally, including cyber threat activity directed at critical infrastructure networks, operational and information technology (OT/IT). We recently issued reminder to the Canadian cyber security community to adopt a heightened state of vigilance and bolster awareness and protection against malicious cyber threats.
  • CSE is aware of an increase in Russian state-aligned hacktivist groups seeking to Ukraine and it’s allies.
  • We remind Canadian critical infrastructure operators and defenders to be aware of the risks and take mitigations against known Russian-backed cyber threat activity. Now is the time to take defensive action and be proactive in network monitoring and applying appropriate mitigations.
  • In addition to public advisories, the Cyber Centre continues to share valuable cyber threat information with Canadian critical infrastructure partners via protected channels. This information includes indicators of compromise, threat mitigation advice, and confidential alerts regarding new forms of malware, and other tactics, techniques, and procedures being used to target victims.
  • CSE and its Cyber Centre released an updated National Cyber Threat Assessment 2023-24 (NCTA 23-24) which outlines the new and evolving cyber threats faced by Canadian individuals, organizations, and critical infrastructure providers.
  • In the NCTA 23-24 we highlight the growing threat of ransomware to critical infrastructure, state sponsored cyber threat activity impacting Canadians and disruptive technology that is bring new threats.
  • CSE and the Cyber Centre are continuously monitoring the threats from state sponsored threat actors, especially China, Russia, North Korea and Iran. It is likely that over the next two years, these states will continue to target sectors of importance for their own domestic economic development.
  • The Government of Canada, through CSE’s Canadian Centre for Cyber Security (Cyber Centre), has been in contact with critical infrastructure operators to ensure they are aware of cyber threats related to geopolitical tensions. CSE continues to monitor Russia-backed cyber actors and share threat-related information with Canadians and Canadian organizations in a timely basis.
  • Cyber threat actors are aware of the impact targeting critical infrastructure can have, exploiting their sensitivity to service interruptions to extort them for ransom. Financially motivated cyber threat actors, predominantly cybercriminals, exploit critical infrastructure because downtime can be harmful to their industrial processes and the customers they serve.
  • CSE and the Cyber Centre are dedicated to advancing cyber security and increasing the confidence of Canadians in the systems they rely on by offering support to critical infrastructure networks.
  • As outlined in the NCTA 23-24 report, the three technological trends that we foresee disrupting their respective fields: digital assets and decentralized finance, machine learning and quantum computing.
  • As noted in the July 2022 cyber threat bulletin, our intelligence indicates that Russian cyber threat actors are exploring options for potential cyber operations against Ukraine’s supporters, including Canada. This would include activities like cyberespionage, pre-positioning and potentially disruptive cyber operations against critical infrastructure targets. However, a Russian cyber “attack” against Canada, meaning a destructive cyber operation, still remains very unlikely.
  • Notwithstanding current geopolitical events, the Cyber Centre shares valuable cyber threat information with Canada’s critical infrastructure partners via protected channels on a regular basis.
  • This information includes indicators of compromise, threat mitigation advice, and confidential alerts regarding new forms of malware, and other tactics, techniques, and procedures being used to target victims.
  • Canada has a strong and valuable relationship with its Five Eyes alliance partners, including our intelligence, cyber defence, and law enforcement counterparts in the United States. We regularly share information with our partners that has a significant impact on protecting our respective countries’ safety and security. While we can’t confirm or deny, or offer specific details on the intelligence shared, threat information to help defend against critical infrastructure threats is regularly shared and acted upon as appropriate.
  • The Government of Canada (GC) faces a variety of sophisticated and unsophisticated cyber threats on a daily basis. Cyber threat actors probe government systems and networks millions of times daily, looking for vulnerabilities, and these activities are becoming more frequent and more sophisticated. CSE works every day to defend government systems from these attempts. The hundreds of millions of malicious activities include, for example, reconnaissance scans, direct attempts to install malicious software on government networks, and attempts to access GC databases.
  • On any given day, CSE’s defensive systems can block anywhere from 3 to 5 billion events targeting GC networks (up to 7 billion on a busy day). These defensive actions are a result of CSE’s existing dynamic cyber defence capabilities which remain ready to defend Government of Canada systems and help protect against future attacks.
  • CSE and its Canadian Centre for Cyber Security (Cyber Centre) work diligently with Shared Services Canada and our other partners to ensure Government of Canada networks and infrastructure are well defended against cyber threats.
  • The Cyber Centre offers a variety of cyber defence services to government clients. These services can also include a suite of advanced dynamic defence capabilities, such as host-based sensors (HBS), network-based sensors, and cloud-based sensors.
  • HBS is a unique and innovative Canadian technology that is part of a layered approach to defending Canadian federal government systems.
  • HBS places sensors on Government of Canada computers that can automatically detect and stop unusual activity, such as malware attempting to install. HBS also gathers data about malicious activity that helps us protect against future attacks. This is our own in-house technology, and it is a 100 per cent Canadian cyber security innovation.
 

CSE issue notes

Top cybersecurity points

  • Cyber security is a foundation for Canada’s future, for our digital economic, our personal safety, and national prosperity and competitiveness.
  • Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
  • Recent geopolitical events have elevated the potential risk of cyber threats, and so, CSE’s Canadian Centre for Cyber Security (the Cyber Centre) has been urging Canadians and Canadian organizations to increase cyber security measures.
  • CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
  • Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, small-and-medium sized organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
  • If Canadian companies have been impacted by cyber threats, they are urged to contact cyber.gc.ca.

Cyber Warfare/Cyber Operations

  • As Canada’s foreign signals intelligence agency, CSE intercepts and analyzes electronic communications and other foreign signals to inform the Government of Canada about the activities of foreign entities that seek to undermine Canada’s national security and prosperity.
  • CSE’s mandate is detailed in the CSE Act and has 5 parts: foreign signals intelligence, cyber security, active cyber operations, defensive cyber operations, technical and operational assistance to federal partners.
  • Foreign cyber operations (FCO) are the newest part of CSE’s mandate.
  • These authorities enable Canada to take action in cyberspace against foreign adversaries in matters relating to Canada’s international affairs, defence or security.
    • These operations can be more specifically referred to as defensive cyber operations (DCO) and active cyber operations (ACO).
  • These authorities give Canada the option of acting on what CSE learns through our SIGINT and cyber security missions.
  • While we can only share limited information about our foreign cyber operations in an unclassified setting, I can explain some examples of foreign cyber operations CSE has conducted or been authorized to conduct in the past.
  • CSE has used its active cyber operations capabilities to disrupt the efforts of foreign-based extremists to: recruit Canadian nationals, operate online and disseminate violent extremist materials.
  • CSE has also used its active cyber operations capabilities to assist the Canadian Armed Forces in support of their mission.

Cyber capabilities

  • Potential adversaries are leveraging and developing cyber capabilities in effort to exploit vulnerabilities in our cyber systems.
  • The Communications Security Establishment (CSE) employs sophisticated cyber tools and technical expertise to help identify, prepare for, and defend against cyber threats, as well as to impose costs on malign actors that seek to harm Canada’s information systems, networks, businesses and institutions.
  • The CSE Act allows CSE to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.
  • CSE’s Canadian Centre for Cyber Security (the Cyber Centre) is Canada’s authority on cyber security. As a unified source of expert advice and guidance, CSE’s Cyber Centre leads the Government’s operational response to cyber incidents. The Cyber Centre also collaborates with the rest of government, the private sector and academia to strengthen Canada’s cyber resilience.
  • CSE, along with its partners, will continue to support and build a stable cyberspace built on the respect for international law and the norms of responsible state behaviour in cyberspace.

Russian invasion of Ukraine and Russian cyber threats to Canada

  • In light of Russia’s ongoing, unjustified military actions in Ukraine, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (the Cyber Centre) strongly encourage all Canadian organizations to take immediate action and bolster their online cyber defences.
  • While I can’t speak to CSE’s specific operations, I can confirm that it has been tracking cyber threat activity and has the tools in place to monitor, detect, and investigate potential threats, and to take active measures to address them.
  • CSE’s Cyber Centre continues to engage directly with Canada’s critical infrastructure operators to ensure they are aware of any evolving threats, such as Telesat.
  • CSE, the Department of National Defence, and Shared Services Canada worked together with Telesat, a Canadian satellite communications company, to provide secure satellite service to Ukraine. The secure satellite system is able to facilitate telecommunications connectivity to Europe, Africa, the Americas, and the Atlantic Ocean region.
    • An unfortunate outcome of the war has been the destruction, or degradation of key elements of the Ukrainian telecommunications infrastructure.
    • As a result, key government and private-sector organizations lack the necessary telecommunications services that are essential for conducting business with both European and North American government and non-government partners.
  • CSE’s valuable cyber threat intelligence has been shared with key partners in Ukraine. CSE also continues to work with Canadian Armed Forces (CAF) in support of Operation UNIFIER.

Operation UNIFIER

  • On January 26th, 2022, the Government of Canada announced $340 million for immediate support to Ukraine and for the extension and expansion of Operation UNIFIER, Canada’s military training and capacity-building mission in Ukraine.
  • As part of this commitment, DND and CAF will work with CSE on measures to support enhanced intelligence cooperation and cyber security.
    • This increased support will help Ukraine strengthen its security and ability to defend itself against a range of threats.

Disinformation campaigns

  • Based on its intelligence reporting, CSE has observed numerous Russian-backed disinformation campaigns online designed to support their actions.
  • CSE observed coordinated efforts by Russia to create and spread disinformation. For example, controlled media outlets were directed to include doctored images of Canadian Forces Members on the front line and false claims about Canadian forces committing war crimes.
  • CSE shared this information on social media as part of the Government of Canada’s efforts to help inform Canadians on how to help stop the spread and protect themselves from disinformation.
  • CSE continues to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.

Cyber security and cyber incidents

  • Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
  • Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber capabilities and technical expertise to help monitor, detect and investigate threats against threats to Canada’s information systems and networks and to take active measures to address them.
  • Recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
  • CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. CSE works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
  • Ransomware poses a threat to Canada’s national security and economic prosperity. Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key.
  • Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
  • The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
  • Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, small-and-medium organizations as well as critical infrastructure network defenders and operators to raise Canada’s cyber security bar.

Arctic defence and sovereignty

  • The Arctic is one of Canada’s foremost security priorities, including as it relates to cyber.
  • In response, the Government of Canada has announced major investments in Continental Defence, modernizing NORAD, as well as enhancing the Communications Security Establishment’s (CSE) abilities to prevent and defend against cyber attacks.
  • The recent funding in this space signals that CSE is taking the global shift to cyber seriously, including cyber security in the Arctic.
  • Enhancing situational awareness and operational effectiveness in cyber space is a critical component to safeguarding and advancing our national and collective interests in the North.
  • CSE continues to provide the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.

Foreign interference and cyber threats to democratic process

  • The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference, regardless of the source.
  • In the lead up to and during the 2021 Federal Election, the Communications Security Establishment (CSE), the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the Royal Canadian Mounted Police (RCMP) worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
  • CSE’s Cyber Centre also worked with Elections Canada to help secure election systems and infrastructure.
  • Our security and intelligence agencies coordinated integrated government efforts by raising awareness, monitoring, and reporting on threats, and providing advice to protect our democracy.
  • CSE recently published the renewed NCTA which highlights how online foreign influence activities have become a new normal with adversaries seeking to influence elections and impact international discourse related to current events.
  • The recent media attention on the topic of foreign interference has resulted in CSE appearing before the Standing Committee on Procedure and House Affairs (PROC) twice to provide an update. CSE also submitted several documents in response to the order for the Production of Papers issued by PROC.
  • SITE Task Force partners will continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
  • While Canada’s democratic institutions and processes are strong and resilient, CSE continues to actively work to ensure their continued protection.

Protecting Canada’s telecommunications systems

  • The Government of Canada conducted an extensive examination of 5G wireless technology and the various technical, economic, and national security aspects of 5G implementation.
  • As a result of this examination, Bill C-26, An Act Respecting Cyber Security (ARCS) was introduced in June to further strengthen our telecommunications system and protect our national security.
  • This legislation will amend the Telecommunications Act to allow the Government to take action to prohibit the use of equipment or services from low confidence suppliers.
  • In addition, the Communications Security Establishment’s (CSE) Security Review Program (SRP), which has a proven track-record of protecting Canada’s 3G/4G/LTE networks, will evolve to consider the security of Canada’s telecommunications system more broadly.
  • Together, these efforts are part of a robust strategy to defend the critical digital infrastructure upon which Canadians rely.

Ransomware

  • Ransomware poses a threat to Canada’s national security and economic prosperity. Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key.
  • Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
  • The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
  • In 2021, CSE shared publicly a ransomware playbook for incident prevention and recovery, and an updated cyber threat bulletin. Also, in the Fall, the 2023-2024 National Cyber Threat Assessment (NCTA) was published. It highlights the cyber threats faced by individuals and organizations in Canada, including ransomware.
  • Although it remains a business decision, organizations should be aware that paying a ransom funds criminal enterprises, it also enables further malicious cyber activity and ultimately there is no guarantee that cybercriminals will return stolen information.

CSE’s growth

  • Over the years, CSE is experiencing a continued and sustained growth, bringing us to an organization of approximately 3200 people that will continue to grow over the coming years.
  • With that expected growth, we continue to modernize our multi-disciplinary recruitment program to focus our efforts on attracting Canada’s top talent.
  • We know that retention is vital and so we work hard to create an environment where people feel valued and supported. There is a 2% retirement and 2% resignation rate for a total of 4% attrition per year. CSE’s low attrition rate reflects its investment in creating a healthy work environment, encouraging employee professional development, embracing diversity and inclusion as mission imperatives, and having excellent counselling and employee support programs in place.
  • Recruitment for high tech technologies remains challenging and highly competitive. At CSE, the same is true due to the specific technical competencies required for many positions within CSE.
  • CSE and the Canadian Centre for Cyber Security are hiring for a variety of positions including foreign language intelligence analysts, engineers, mathematicians, computer science specialists and cyber security professionals.
  • CSE continues to work to ensure we hire Canadians who represent the rich and diverse mosaic of Canada’s population, and that our employees are valued and have what they need to succeed in delivering our important mission for Canada and Canadians.

Review and oversight of CSE’s activities

  • Bill C-59 enhanced the review and oversight of the Communications Security Establishment (CSE), as well as the broader security and intelligence community.
  • CSE is subject to retrospective review by two independent external review bodies with a national security and intelligence mandate:
    • the National Security and Intelligence Review Agency (NSIRA)
    • the National Security and Intelligence Committee of Parliamentarians (NSICOP)
  • NSIRA is responsible for reviewing all Government of Canada national security and intelligence activities to ensure they are lawful, reasonable, and necessary. While NSICOP consists of members of Parliament with a mandate to review Canada’s national security and intelligence organizations.
  • To support their reviews, CSE provides both NSICOP and NSIRA with extensive access to information, documents, records, and subject matter experts.
  • The Intelligence Commissioner (IC) provides oversight by approving authorizations for certain CSE activities prior to their execution.
  • CSE values independent, external review of our activities, and remains committed to a positive and ongoing dialogue with NSIRA and other review bodies.
  • CPC and NDP raised concerns over a lack of transparency and accountability, as the Prime Minister was briefed on the issue in January but has failed to comment or take public action.
  • LPC pointed out the national security concerns of releasing information related to this issue, as the sensitive nature of the matter demands a certain degree of discretion to prevent foreign actors from becoming aware of the extent of the Canadian government’s knowledge, a sentiment the NDP agrees with.
 
Date modified: