House Standing Committee on National Defence (NDDN) Main Estimates 2023-24

Table of contents

• Appearance details
• Key Highlights and Prep Material
  • Introduction
  • CSE Main Estimates Overview
  • Copy of Page Proofs
  • Key Topics
  • Potential Questions and Answers
  • Media Lines
• Issue notes
  • Threats to Critical Infrastructure
  • Foreign Interference and the Democratic Process
  • Top Cybersecurity Points
  • Cyber Security and Recent Cyber Incidents
  • Russian Invasion of Ukraine and Russian Cyber Threats to Canada
  • Arctic defence and sovereignty
  • Accountability, Review And Oversight Of CSE
  • CSE Recruitment and Retention
  • CSE Contracting Activities Overview
  • CAF Operations in the Indo-Pacific
• Commitee Information
  • Committee profiles
  • Committee backgrounder

Appearance details

Date: Tuesday May 2, 2023
Location: 035-B, West Block
Time: 3:30 – 5:30pm

Appearing:

• The Honourable Anita Anand
  Minister of National Defence


• Caroline Xavier
  Chief, Communications Security Establishment


• Bill Matthews
  Deputy Minister of National Defence


• Commodore Ruth Dagenais
  A/Chief Financial Officer, Department of National Defence


• Troy Crosby
  Assistant Deputy Minister (Materiel) Department of National Defence and the Canadian Armed Forces


• DND Senior Official - TBD


• Details: The Minister of National Defence will appear alongside senior officials to speak on the Main Estimates, 2023-2024.

Page proofs

Alternate format: Page proofs - (PDF, 388 KB)

Raison d’être

The Communications Security Establishment (CSE) is Canadaʼs national authority for foreign intelligence (Signals Intelligence) and the national technical authority for cyber security and information assurance.

CSE provides critical foreign intelligence to help inform the Government of Canadaʼs decision making on a wide range of issues, including national security.

CSEʼs sophisticated cyber and technical expertise helps identify, prepare for, and defend against threats to Canadaʼs most important systems and networks. CSE may also proactively stop or impede foreign cyber threats before they can damage Canadian systems, and conduct online operations to advance national objectives.

In addition, CSE provides technical and operational assistance to federal law enforcement, security partners, the Department of National Defence, and the Canadian Armed Forces.

The Minister of National Defence is responsible for CSE.

Organizational estimates

	2021–22 Expenditures	2022–23 Main Estimates	2022–23 Estimates To Date	2023–24 Main Estimates
Budgetary
Voted
1 Program expenditures	747,691,004	745,978,292	856,737,786	906,759,081
Total Voted	747,691,004	745,978,292	856,737,786	906,759,081
Total Statutory	53,299,702	52,528,180	56,684,568	59,150,278
Total Budgetary	800,990,706	798,506,472	913,422,354	965,909,359

2022–23 Main estimates by purpose

Budgetary	Operating	Capital	Transfer payments	Revenues and other reductions	Total
Defend and advance Canada’s interests and values in and through cyberspace, and through foreign intelligence	982,049,055	-	-	(16,139,696)	965,909,359
Total	982,049,055	-	-	(16,139,696)	965,909,359

Listing of statutory authorities

	2021-22 Expenditures	2022-23 Estimates to date	2023-24 Main estimates
Budgetary
Contributions to employee benefit plans	53,292,334	56,684,568	59,150,278

• The Communications Security Establishment's (CSE) 2023-24 Main Estimates are $965.9M, a net increase of $167.4M from the 2022-23 Main Estimates of $798.5M
• The increase in CSE’s Main Estimates can be attributed to:
• New funding of $151.3M associated with Budget 2022 and subsequent off-cycle funding decisions;
  • CSE received $147.1M through Budget 2022 for:
    • $21.2M for significantly expanding our foreign cyber operations program to prevent and defend against cyber attacks.
    • $5.3M for expanding cyber security protection to smaller Canadian government departments, agencies, and crown corporations.
    • $101.9M for enhancing CSE’s ability to prevent and respond to cyber attacks on critical infrastructure and making Canadian critical infrastructure more resilient. As well as to support the Government of Canada’s efforts to protect its Secret Infrastructure from cyber incidents by strengthening the robustness of its classified networks and its capacity to respond to unanticipated system failures.
    • $1.3M to establish a unique research chair program to fund academics to conduct research on cutting-edge technologies.
    • $17.4M for CSE’s continued support of Operation UNIFIER and measures to support enhanced intelligence cooperation and cyber security.
  • CSE received $4.2M in additional funding through subsequent off-cycle funding decisions for Protecting Democracy and to contribute to Canada’s Middle East Strategy.
  • Protecting Democracy: $1.3M
    • CSE continues to offer cyber security support to Canada’s Democratic Institutions as part of the Cyber Centre’s core mandate to protect Canada’s digital infrastructure from malicious cyber activity and defend Canada’s national security from threats such as foreign espionage.
  • Middle East Strategy: $2.9M
    • CSE will also use this funding to contribute to Canada’s Middle East Strategy which supports security and stabilization efforts, development assistance and diplomatic engagement for Iraq, Syria, Lebanon and Jordan. CSE provides foreign intelligence support to the CAF mission.
• Reprofiled funding of $10.1M associated with CSE’s Long Term Accommodation Project;
  • CSE is housed at the Edward Drake Building (EDB) in a public-private partnership (P3) building. CSE has a thirty-year contract with Plenary for the operations and maintenance of the facility.
• Funding transfer of $6.6M from Shared Services Canada in support of the Security Information and Event Management Project;
  • The Security Information and Event Management (SIEM) provides a single view of IT security incidents across Government of Canada systems. This project will renew the existing SIEM infrastructure and expand and customize the processing of security logs from the Enterprise Data Centres (EDCs). Once implemented, the improved functionalities will enable the Government of Canada to predict, detect and respond to cyber threats and risks to IT systems and infrastructure
• A net decrease of $1.5M associated with interdepartmental transfers to Global Affairs Canada ($0.4M) for support to CSE employees stationed abroad and to the Royal Canadian Mounted Police ($1.1M) to conduct security clearance activity for CSE employees
• A further net increase of $0.9M associated with changes in other programs supporting CSE’s mandate and in statutory authorities.

Key Topics

• As Canada’s national cyber security and foreign signals intelligence agency, CSE has unique technical and operational capabilities.
• The Communications Security Establishment Act (the CSE Act) sets out five aspects of our mandate: cyber security and information assurance; foreign intelligence; defensive cyber operations; active cyber operations; and technical and operation assistance. We use our technical expertise in all five aspects of our mandate. We do so to keep Canadians safe and secure.
• CSE’s foreign signals intelligence program provides Canada’s senior decision-makers with insights into the activities, motivations, capabilities, and intentions of foreign adversaries, and the international readiness and foreign reactions to a variety of diverse global events.
• CSE’s intelligence reporting also identifies hostile state activities, and the CSE Act authorizes us to assist the Department of National Defence and the Canadian Armed Forces.
• We support Canadian military operations and protect forces deployed abroad through advanced cyber techniques. For example, CSE could protect Canadian forces by disrupting an adversary’s ability to communicate or providing intelligence regarding an imminent threat.
• The CSE Act gives CSE the legal authority to conduct cyber operations to disrupt foreign-based threats to Canada. This includes active cyber operations to degrade, disrupt, respond to, or interfere with the capabilities, intentions or activities of foreign individuals, states, and organizations.
• If there are reasonable grounds to believe that a foreign state or actor constitutes a threat to the security of Canada and/or Canadian military forces, we are prepared to take appropriate action to address the threat.
• We continue to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.
• CSE is responsible for handling sensitive and highly classified information. We take this responsibility very seriously to ensure our standards are upheld and our intelligence is well protected. Due to the nature of our work, we can’t discuss highly sensitive operational matters or intelligence in public, but rest assured we are defending Canadians and the Government of Canada every day.

Foreign interference

• Canadians should be aware about covert and deceptive activities conducted by foreign states, including the People’s Republic of China and its ruling Chinese Communist Party, with the intent to influence the results of democratic elections at all levels of government in Canada. Although Canada’s electoral system is strong, foreign interference can erode trust and threaten the integrity of our democratic institutions, political system, fundamental rights and freedoms, and ultimately, our sovereignty.
• Although CSE was the Chair of the SITE Task Force for the 2019 and 2021 federal elections, CSE, CSIS, the RCMP, and Global Affairs Canada are individually responsible to investigate and respond to any instances of foreign interference activity that fall under their specific departmental mandates. SITE Task Force partners advised and contextualized information that was presented to the Panel; however, it is their decision in terms of whether the information meets the threshold make a public statement.
• CSE cannot speak to what types of classified information (or the details) that was shared with the political parties, the Privy Council Office, or the Panel for security reasons.This same restriction applies to those members of the political parties cleared to receive information/briefings from SITE.

Arctic

• CSE works to make sure the Government of Canada has the necessary intelligence to safeguard Canada’s Arctic sovereignty. [Redacted]

High-Altitude Surveillance Balloon

• Through CSE’s foreign intelligence mandate, and as outlined in the Communications Security Establishment Act, CSE provides the Government of Canada with intelligence on foreign threats, including the activities of state and non-state actors. While CSE works extensively to report on foreign threats to Canada, it is prohibited by law from directing its activities at Canadians or any person in Canada. In the course of CSE’s foreign intelligence collection, it is strictly against the law for CSE to direct activities at Canadians anywhere, or anyone in Canada.
• As the Minister recently stated, the bi-national North American Aerospace Defense Command (NORAD) has been tracking and analyzing the trajectory and actions of a high-altitude surveillance balloon operated by the People’s Republic of China. Canada’s intelligence agencies, including CSE, are in constant contact with American partners, working to safeguard both nations from foreign threats, secure shared borders, and protect collective interests. Continued cooperation between Canada and the United States, including through NORAD, ensures the security and defence of Canada and North America, and NORAD modernization is a pressing mutual priority.
• CSE’s foreign intelligence capabilities, techniques, and procedures are classified. While CSE understands the interest in this sensitive issue, CSE is unable to comment any further on operational activities. CSE continues to monitor for foreign threats and is working in close coordination with Canada’s national security, defence, and intelligence partners to ensure Canada and Canadians remain safe.

Sudan

• The Prime Minister recently announced there is a Canadian effort underway to help evacuate Canadians out of Sudan, and the federal government is coordinating with its allies.
• Operational security considerations prevent CSE from commenting in a way that would expose activities or capabilities.
• However, we can confirm that CSE’s foreign intelligence plays a vital role in supporting Canadian military operations and protecting our forces abroad.

Distributed Denial of Service (DDoS)

• CSE is aware of public reports that some Government of Canada websites were offline in mid-April (2023). CSE and its Canadian Centre for Cyber Security have observed that it’s not uncommon to see distributed denial-of-service (DDoS) attacks against countries hosting visits from Ukrainian government officials. While these incidents draw attention, they have very little impact on the systems affected.
• CSE and its Canadian Centre for Cyber Security continue to work closely with our cyber defence colleagues at the Treasury Board Secretariat – Office of the Chief Information Officer, and Shared Services Canada and other Government of Canada departments and agencies to ensure there are systems and tools in place to monitor, detect, and investigate potential threats, and to neutralize threats when they occur.
• The Government of Canada, like every other government and private sector organization in the world, is subject to ongoing and persistent cyberthreats.

Cyber threats to critical infrastructure

• CSE and its Canadian Centre for Cyber Security (Cyber Centre) continue to monitor for any developing cyber threats and share threat-information with our partners and stakeholders to help prevent incidents.
• As noted in the 2023-24 National Cyber Threat Assessment, we are concerned about the opportunities for critical infrastructure disruption, particularly about Internet-connected Operational Technology (OT) that underpins industrial processes. Internet-connected OT increases the threat surface of the organizations that employ it and increases the opportunity for cyber threat activity to have effects in the physical world.
• CSE, through the Cyber Centre, have been in contact with critical infrastructure operators to ensure they are aware of cyber threats related to geopolitical tensions. CSE continues to monitor Russia-backed cyber actors and share threat-related information with Canadians and Canadian organizations in a timely basis.
• Recently, the Cyber Centre issued a Cyber Flash to partners. It noted that we had a confirmed report where a cyber threat actor had the potential to cause physical damage to Canadian critical infrastructure. As the prime minister said, we can report there was no physical damage to any Canadian energy infrastructure. But make no mistake: the threat is real.
• We remain deeply concerned about the threat to critical infrastructure and urge critical infrastructure owners and operators to get in touch with us to work together to protect their systems.

Cyber security and recent cyber incidents

• Recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. CSE works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Ransomware poses a threat to Canada’s national security and economic prosperity. Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key. Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
• The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
• Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, small-and-medium enterprises as well as critical infrastructure owners and operators to raise Canada’s cyber security bar.

Recruitment and retention

• The Communications Security Establishment (CSE) is an employer of choice – we are fortunate that many talented people choose to work with us. Each year CSE receives on average, 10,000 to 15,000 applications from applicants with diverse skill sets and cultural backgrounds.
• Over the past several years, CSE has experienced continued and sustained growth. Since 2019, our workforce has grown from approximately 2600 employees to 3,232 full-time employees as of March 31, 2023. We believe that this growth, combined with our comparatively low attrition rate reflects the positive work environment, employee development and support programs we have in place.
• CSE has also been recognized as a Top Employer in 2020, 2021, 2022, and 2023, as well as one of Canada’s Top Employer for Youth for the past 7 years in a row.

Bill C-26

• The Government of Canada is taking action to protect vital services and systems that Canadians rely on every day, such as telecommunications services and financial, energy and transportation systems. To do this, the proposed legislation addresses the protection of Canada’s critical cyber systems that underpin those services and systems and expands upon the existing cyber security efforts of critical cyber systems operators, while enhancing collaboration between the federal government and private sector entities.
• In line with the National Cyber Security Strategy, the role of CSE and its Canadian Centre for Cyber Security (Cyber Centre) would be to provide technical cyber security expertise. Importantly, CSE would not receive any new authorities as part of Bill C-26.
• In support of Part 2 of Bill C-26, the Critical Cyber Systems Protection Act (CCSPA), CSE would leverage its existing mandate under the Communications Security Establishment Act (CSE Act) for cyber security and information assurance to provide technical advice and guidance to:
  • Operators designated under the CCSPA,
  • Regulators named in the CCSPA in support of their duties and functions,
  • Lead departments and their ministers, and
  • To the Minister of Public Safety in the exercise of his or her powers and functions under the CCSPA.
  • CSE would also receive reports of cyber security incidents and would provide these reports (or a subset thereof) to regulators, upon request.
• CSE is prohibited by law from targeting the private information of Canadians or any person in Canada – this is spelled out in the CSE Act. We take our responsibility to protect Canadian privacy very seriously.
• CSE operates under a robust system of independent oversight including the Intelligence Commissioner, NSIRA, and NSICOP.

CSE – Other facts

• CSE’s 2023-2024 Main Estimates are $965.9M, a net increase of $167.4M from the 2022-23 Main Estimates of $798.5M.
• CSE’s 2022-2023 budget is $948 million, total authorities.
• Since 2014, CSE and the Government of Canada have officially attributed 12 cyber incidents to nation-state and state-affiliated actors.
• CSE’s automated defences protect the Government of Canada from over 6 billion malicious actions a day.

Potential questions and answers

Q and A Theme summary

• Main Estimates
• Authorities
• Resources
• Recruitment and Retention
• Russian Invasion of Ukraine and Cyber Attacks
• Indo-Pacific Strategy
• Cyber Security
• Foreign Interference

Main Estimates 2023-24

1. What funding is CSE receiving in these Estimates?

• CSE is receiving $965.9M in these estimates.

2. What kind of increase is this for CSE?

• CSE’s Main Estimates 2023-24 are a net increase of $167.4M from the 2022-23 Main Estimates of $798.5M, this represents a 21% increase.

3. How will these funds continue to help ensure Canada’s cyber security?

• CSE will use these funds to continue operationalizing its mandate and authorities under the Communications Security Establishment Act.
• These funds will support CSE’s contributions to various programs and initiatives to protect Canada’s security. Including:
  • New funding of $151.3M associated with Budget 2022 and subsequent off-cycle funding decisions mostly to enhance CSE’s capabilities.
  • Reprofiled funding of $10.1M associated with CSE’s Long Term Accommodation Project.
  • Funding transfer of $6.6M from Shared Services Canada in support of the Security Information and Event Management Project.

4. CSE received new funding of $151.3M associated with Budget 2022 and subsequent off-cycle funding decisions. Can you explain how this funding will be utilized?

CSE will use this funding for/to:

• Significantly expanding our foreign cyber operations program to prevent and defend against cyber attacks.
• Expanding cyber security protection to smaller Canadian government departments, agencies, and crown corporations.
• Enhancing CSE’s ability to prevent and respond to cyber attacks on critical infrastructure and making Canadian critical infrastructure more resilient. As well as to support the Government of Canada’s efforts to protect its Secret Infrastructure from cyber incidents by strengthening the robustness of its classified networks and its capacity to respond to unanticipated system failures.
• Establish a unique research chair program to fund academics to conduct research on cutting-edge technologies.
• CSE’s continued support of Operation UNIFIER and measures to support enhanced intelligence cooperation and cyber security.
• CSE received $4.2M in additional funding through subsequent off-cycle funding decisions for Protecting Democracy and to contribute to Canada’s Middle East Strategy.

5. CSE received funding in Budget 2022 for the Middle East Strategy- how are you utilizing this funding?

CSE will also use this funding to contribute to Canada’s Middle East Strategy which supports security and stabilization efforts, development assistance and diplomatic engagement for Iraq, Syria, Lebanon and Jordan. CSE provides foreign intelligence support to the CAF mission

6. CSE received funding in Budget 2022 for Protecting Democracy - how are you utilizing this funding?

• CSE will use this funding to provide cyber security advice and guidance to democratic institutions, enhancing Canada’s capacity to identify foreign interference threats.

7. How does the Government evaluate how much we are spending on cyber security and whether it is enough funding? How do we know it is enough?

• Like all Government of Canada departments and agencies, CSE has performance measurement indicators to evaluate the effectiveness of its programs.
• Performance measurement is a very important tool in the operations of the Cyber Centre and as we look to fully integrate the cyber security functions of other government departments, including Shared Services Canada, Treasury Board Secretariat, and Public Safety.
• CSE received historic investments through Budget 2022, which highlighted the importance of investing in cyber security but as the global cyber threat landscape continues to evolve, Canada needs to ensure it has the resources needed to protect Canadians.

Authorities

8. Does CSE have the authorities it needs?

• The Communications Security Establishment Act (the CSE Act) came into force in August 2019 following the Royal Asset of Bill C-59: An Act respecting national security matters.
• The CSE Act enables CSE to work more effectively and proactively to protect Canada and Canadians. The Act provided CSE with new and expanded authorities to collect foreign signals intelligence, provide cyber security services to critical non-federal entities, conduct active and defensive cyber operations, and provide assistance to federal partners.
• Bill C-59 and the CSE Act also strengthened transparency and accountability for CSE, including through the creation of two new oversight and review bodies: the Intelligence Commissioner and the National Security and Intelligence Review Agency.
• CSE is satisfied with its current legislation.

9. What review/oversight measures exist to ensure CSE is protecting Canadian’s privacy?

• CSE values independent, external review and oversight of our activities, and remains committed to a positive and ongoing dialogue with these important institutions.
• Bill C-59 enhanced the review and oversight of the Communications Security Establishment (CSE), as well as the broader security and intelligence community.
• CSE is subject to retrospective review by two independent external review bodies with a national security and intelligence mandate:
  • the National Security and Intelligence Review Agency (NSIRA)
  • the National Security and Intelligence Committee of Parliamentarians (NSICOP)
• NSIRA is responsible for reviewing all Government of Canada national security and intelligence activities to ensure they are lawful, reasonable, and necessary. While NSICOP consists of members of Parliament with a mandate to review Canada’s national security and intelligence organizations.
• To support their reviews, CSE provides both NSICOP and NSIRA with extensive access to information, documents, records, and subject matter experts.
• The Intelligence Commissioner (IC) provides oversight by approving authorizations for certain CSE activities prior to their execution.
• CSE has also been participating fully in the reviews on foreign interference currently being conducted by The National Security and Intelligence Review Agency (NSIRA), National Security and Intelligence Committee of Parliamentarians (NSICOP) and the special rapporteur.

10. How will Bill C-26 strengthen CSE’s capabilities?

• The Government of Canada is taking action to protect vital services and systems that Canadians rely on every day, such as telecommunications services and financial, energy and transportation systems. To do this, the proposed legislation addresses the protection of Canada’s critical cyber systems that underpin those services and systems and expands upon the existing cyber security efforts of critical cyber systems operators, while enhancing collaboration between the federal government and private sector entities.
• In line with the National Cyber Security Strategy, the role of CSE and its Canadian Centre for Cyber Security (Cyber Centre) would be to provide technical cyber security expertise.
• In support of Part 2 of Bill C-26, the Critical Cyber Systems Protection Act (CCSPA), CSE would leverage its existing mandate under the Communications Security Establishment Act (CSE Act) for cyber security and information assurance to provide technical advice and guidance to:
  • Operators designated under the CCSPA,
  • Regulators named in the CCSPA in support of their duties and functions,
  • Lead departments and their ministers, and
  • To the Minister of Public Safety in the exercise of his or her powers and functions under the CCSPA.
• CSE would also receive reports of cyber security incidents and would provide these reports (or a subset thereof) to regulators, upon request.
• Importantly, CSE would not receive any new authorities as part of Bill C-26.

Resources

11. Do we need more resources?

• We know that the global cyber security threat landscape is rapidly evolving. Cyber incidents, including significant critical infrastructure incidents, are increasing in number and sophistication.
• With adequate resources, CSE and its security and intelligence partners can help reduce the threat, strengthen our cyber defences by raising the collective bar, and responding to and recovering from (fewer) incidents.
• In spring 2022, the government announced $852.9M over 5 years, and $218.3M ongoing starting in 2027-28, in its federal budget for CSE. These were substantial investments in CSE.
• As the threats we face continue to evolve it is critical that we have the resources needed to protect Canadians.

Recruitment and retention

12. Is recruitment and retention still considered a challenge for CSE?

• Over the past several years, CSE has experienced continued and sustained growth.
• Since 2019, our workforce has grown from approximately 2600 employees to 3,232 full-time employees as of March 31, 2023.
• We believe that this growth, combined with our comparatively low attrition rate reflects the positive work environment, employee development and support programs we have in place.
• Retention is vital and we work hard to create an environment where people feel valued and supported.
• We also continue to modernize our multi-disciplinary recruitment program to focus our efforts on attracting Canada’s top talent against the backdrop of this highly competitive technological environment.

13. How many current openings does CSE need to fill?

• The number of jobs for cyber security professionals in Canada continues to grow year after year. This trend is not unique to Canada, there are millions of vacant cyber security positions available around the world.
• Unfortunately, I can’t tell you exactly how many positions within CSE and the Canadian Centre for Cyber Security remain unfilled as these numbers are fluid based on new positions being continuously created and staffed.
• However, I can share that we are actively recruiting for cyber security practitioners, software developers, systems and desktop administrators, as well as telecommunications and network operators and architects. We’re also looking for business analysts, for those who may not have a technical background but are interested in working in the field of security and intelligence.

14. Does CSE have enough highly-skilled employees to thwart attacks on Canadian critical infrastructure and government servers?

• We are always in search of highly skilled and motivated Canadians to join our mission.
• We also work hand in hand with our Five Eyes partners to protect our shared national interests. As a member of the Five Eyes network, Canada has a robust intelligence-sharing program with the United States, Australia, New Zealand and the United Kingdom.
• The Five Eyes countries share a broad range of intelligence with one another through one of the world's most unified multilateral arrangements, which helps to keep Canadians safe and protect our common security.
• We also utilize Artificial Intelligence (AI) and machine learning techniques to defend against malicious cyber threat activity, protecting Canadians' data and information stored on government information technology networks and servers

Russian Invasion Of Ukraine And Cyber Threats

15. To your knowledge, where do most of the cyber attacks or attempted attacks against Canada, originate from?

• Cyber attacks can originate from anywhere in the world and wherever they’re originated from doesn’t necessarily represent where they are coming from.
• In our National Cyber Threat Assessment we identified that the State-sponsored programs of China, Russia, North Korea and Iran pose a strategic threat to Canada.

16. Has CSE seen an increase in cyber threats to Canada’s democratic institutions or processes since the Russian invasion of Ukraine?

• There have been high volumes of cyber activity in the lead up to and during the Russian war in Ukraine.
• Cyber threats are constant and ever-present in Canada.
• Canada is one of the most targeted countries in the world and Canadian organizations remain attractive targets for cybercriminals and state-sponsored cyber threat actors.
• Our security and intelligence agencies coordinated integrated government efforts by raising awareness, monitoring, and reporting on threats, and providing advice to protect our democracy.
• While Canada’s democratic institutions and processes are strong and resilient, CSE will continue to actively work to ensure their continued protection. 

17. Do we have our own offensive capabilities we can use against Russia as retaliation if they try attacking our critical infrastructure?

• From a CSE perspective, we have active and defensive cyber operations that we have both legislation and capability to perform.

18. How ready is the Canadian Armed Forces, DND, and the Canadian government to deal threats from Russia?

• The Government of Canada’s cyber defence team, including CSE, is constantly reviewing measures to ensure our systems and information networks remain secure. We have tools in place to monitor, detect, and investigate potential threats, and to take active measures to address them.
• We are well-positioned to anticipate emerging cyber threats and challenges to Canada and Canadian interests. DND and the Canadian Armed Forces are part of the cyber defence team and can speak to their military and operational readiness to counter any threats in the cyber domain.

19. Can CSE’s cyber operations disrupt Russian military activities in the Ukraine?

• While we can’t speak about specific operations, we can confirm that CSE has been tracking cyber threat activity associated with the current crisis.
• The CSE Act includes authorities that allow us to provide technical and operational assistance to the Department of National Defence and the Canadian Armed Forces (CAF).
• CSE is authorized to assist the CAF in support of government-authorized military missions, such as Operation UNIFIER. This support includes intelligence sharing and cyber security.
• CSE has been sharing valuable cyber threat intelligence with key partners in Ukraine. We also continue to work with the Canadian Armed Forces (CAF) in support of Ukraine, including intelligence sharing and cyber security.

20. The invasion of Ukraine by Russia and the destabilizing Russian presence in cyberspace have highlighted the need to reinforce our cyber defence. Could you tell us a bit more about the work that the Communications Security Establishment has undertaken to protect Canada’s democratic institutions and processes?

• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference, regardless of the source.
• In the lead up to and during the 2021 Federal Election, the Communications Security Establishment (CSE), the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the Royal Canadian Mounted Police (RCMP) worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
• CSE’s Cyber Centre also worked with Elections Canada to help secure election systems and infrastructure.
• Our security and intelligence agencies coordinated integrated government efforts by raising awareness, monitoring, and reporting on threats, and providing advice to protect our democracy.
• SITE Task Force partners will continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
• While Canada’s democratic institutions and processes are strong and resilient, CSE will continue to actively work to ensure their continued protection. 

Indo-Pacific Strategy

21. How is CSE utilizing funding from the Indo-Pacific Strategy?

• The Communications Security Establishment (CSE) has been provided with new resources to help increase Canada’s ties with the Indo-Pacific region. [Redacted]
• These resources will also help expand the Canadian Centre for Cyber Security’s delivery of cyber security advice and guidance to partners and stakeholders in the region.

Cyber Security

22. To your knowledge, where do most of the cyber attacks or attempted attacks against Canada, originate from?

• Cyber attacks can originate from anywhere in the world and wherever they’re originated from doesn’t necessarily represent where they are coming from.
• In our National Cyber Threat Assessment we identified that the state-sponsored programs of China, Russia, North Korea and Iran pose the greatest strategic threats to Canada.

23. What support has CSE provided in response to cyber threats to Canada’s elections or democratic institutions?

• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference, regardless of the source.
• In the lead up to and during the 2021 Federal Election, the Communications Security Establishment, the Canadian Security Intelligence Service, Global Affairs Canada, and the Royal Canadian Mounted Police worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
• In advance of the 2019 General Election, CSE and the Cyber Centre made the decision to offer cabinet ministers a 24/7 cyber hotline service, providing centralized support in the event they suspected their ministerial, parliamentary, or personal communications, e-mail or social media accounts were compromised.
• The hotline provided a 24/7 priority service in the case of a cyber incident and is still operational today.
• In addition to this service, CSE and its Cyber Centre provided a point of contact to all 16 federal registered political parties for further engagement on the cyber security challenges related to Canada’s democratic process.
• If any political parties and/or candidates encountered any suspicious cyber activity, we had also designated a quick response point of contact for them, which was coordinated through each political party’s headquarters.
• SITE Task Force partners continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
• While Canada’s democratic institutions and processes are strong and resilient, CSE will continue to actively work to ensure their continued protection.

24. What lessons have been learned about state-sponsored cyber threat actors' cyber tactics, such as election interference, and how to counter them?

• State-sponsored threats actors, such as Russia, have sophisticated cyber capabilities and has demonstrated a willingness to use them.
• Some trends noted in CSE’s most recent Cyber Threats to Canada’s Democratic Process Report, include:
  • The vast majority of cyber threat activity affecting democratic processes can be attributed to state-sponsored cyber threat actors, namely Russia, China, and Iran;
  • Cyber threat actors most often target some combination of voters, political parties, and election infrastructure;
  • This kind of activity included online foreign influence activity as well as more traditional cyber threat activities, like information theft or denying access to important websites; and
  • The world response to COVID-19, such as incorporating new technology into the voting process, almost certainly increased the cyber threat surface of democratic processes.
• In the lead up to and during the 2021 Federal Election, the Communications Security Establishment, the Canadian Security Intelligence Service, Global Affairs Canada, and the Royal Canadian Mounted Police worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference, regardless of the source.

25. Does CSE have any concerns about the spread of misinformation or disinformation by threat actors on social media apps, specifically with an aim to interfere in Canada’s election process?

• It is important to note how pervasive falsehoods on social media and in the domestic information ecosystem create opportunities that foreign cyber threat actors can exploit to covertly disseminate information.
• Some governments and political parties employ disinformation or manipulate the online information ecosystem to influence voters.
• Threat actors can also spread disinformation after an election to undermine trust in the results or attempt to stop the elected government from taking office.
• In 2022, CSE shared information on social media as part of the Government of Canada’s efforts to counter misinformation/disinformation and help inform Canadians on how to help stop the spread and protect themselves from disinformation.
• CSE continues to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.
• It is important for Canadians to adopt good cyber security practices – which CSE shares on the www.cyber.gc.ca website.

Foreign Interference

26. Can you confirm there was foreign interference in the 2019 or 2021 election?

• We are aware of the persistent threat of foreign interference.
• Throughout the federal election, the Security and Intelligence Threats to Elections (SITE) Task Force actively monitored the situation for signs of foreign interference.
• A Panel of non-partisan senior civil servants administered the Critical Election Incident Public Protocol, which includes a mandate during the caretaker period to inform the public if an incident or series of events occurred that threatened Canada’s ability to hold a free and fair election
• The Government of Canada did not detect foreign interference that threatened Canada’s ability to have a free and fair election, and that warranted public communication, as determined by the Panel under the Critical Election Incident Public Protocol.

27. Who were the eleven candidates identified that received funding from China?

• I can't speak to what classified information was shared with our colleagues at PCO and the Panel for security reasons, nor am I in a position to comment in an informed manner on news reporting related to possible CSIS briefings and memos. They would be better placed to speak to their reporting on possible foreign influence occurring within Canada.
• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference and disinformation, regardless of the source.
• CSE’s Cyber Centre works with the House of Commons (HoC) to protect HoC devices, systems and information, including those of MPs.
• In advance of the 2019 General Election, CSE and the Cyber Centre made the decision to offer cabinet ministers a 24/7 cyber hotline service, providing centralized support in the event they suspected their ministerial, parliamentary, or personal communications, e-mail or social media accounts were compromised.
• The hotline provided a 24/7 priority service in the case of a cyber incident and is still operational today.
• The Cyber Centre reached out to all registered federal political parties to determine their top-of-mind cyber security concerns. Based on that feedback, we offered guidance and threat briefings to meet those priorities.
• CSE will continue to actively work to ensure the protection of all Canadians, including MP’s.

28. Why were Canadians not informed of this Chinese foreign interference? Did it not meet the threshold?

• We had advised the critical election incident protocol panel of the information, and it is their decision in terms of whether or not information meets the threshold make a public statement.
• CSE’s officials who were part of SITE presented the information to the panel.
• CSE has also been participating fully in the reviews on foreign interference currently being conducted by The National Security and Intelligence Review Agency (NSIRA), National Security and Intelligence Committee of Parliamentarians (NSICOP) and the special rapporteur.

29. Did CSE brief the Prime Minister or any Parliamentarians on Chinese foreign interference in the 2019 election?

• CSE, alongside the other SITE members, had advised the critical election incident protocol panel (composed of senior public servants) of the information, and the panel is responsible for informing the necessary elected officials.

30. What threats are there to our elections from a foreign interference lens? What has CSE done to guard against this?

• CSE has published unclassified assessments of cyber threats to Canada’s democratic process in 2017, 2019, and 2021. Within each assessment, foreign interference is included as a key threat to Canada’s elections.
• In the lead up to and during the 2021 Federal Election, CSE worked with partners at the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the RCMP as the Security and Intelligence Threats to Elections Task Force (SITE).
• CSE’s role in SITE was to monitor for foreign threats and interference with electoral processes in Canada.
• If CSE were to become aware of a cyber threat, including those directed at a provincial or municipal electoral process, we would take appropriate action to address the threat.

31. The Globe and Mail reported that researchers say a disinformation campaign against former MP Kenny Chiu is a disturbing precedent. How can MPs protect themselves/what is CSE doing to protect MPs?

• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference and disinformation, regardless of the source.
• CSE’s Cyber Centre works with the House of Commons (HoC) to protect HoC devices, systems and information, including those of MPs.
• In the lead up to and during the 2021 Federal Election, the Communications Security Establishment, the Canadian Security Intelligence Service, Global Affairs Canada, and the Royal Canadian Mounted Police worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
• In advance of the 2019 General Election, CSE and the Cyber Centre made the decision to offer cabinet ministers a 24/7 cyber hotline service, providing centralized support in the event they suspected their ministerial, parliamentary, or personal communications, e-mail or social media accounts were compromised.
• The hotline provided a 24/7 priority service in the case of a cyber incident and is still operational today.
• The Cyber Centre reached out to all registered federal political parties to determine their top-of-mind cyber security concerns. Based on that feedback, we offered guidance and threat briefings to meet those priorities.
• CSE will continue to actively work to ensure the protection of all Canadians, including MP’s.

32. What can Canadians do to protect themselves online from threat of foreign interference?

There are a few things Canadians can do to help protect themselves online:

• Always practice good cyber hygiene.
• Use unique passphrases or complex passwords and two-factor authentication, wherever possible.
• Be suspicious of unsolicited or unusual emails, and do not click on any links that may be contained in them.
• Use as many security options (settings) as you can for each social media platform.
• Remove unused or outdated apps, and update those you do use regularly to ensure the latest security measures are in place.
• Visit www.cyber.gc.ca for more information about best cyber security practices.
• If you think you are witnessing questionable activity online, you can report any suspected violations to the social media platform’s security centre.

33. Are you aware of foreign cyber threat activities targeting Canadian democratic institutions or processes?

• In CSE’s most recent report on Cyber Threats to Canada’s Democratic Process, we have assessed that state-sponsored actors with ties to Russia, China, and Iran are responsible for the majority of cyber threat activity against democratic processes worldwide.
• For example, state-sponsored actors have promoted content and messaging related to QAnon for the purpose of reaching voters in the US.
• These reports are intended to raise awareness and draw further attention to known state-sponsored cyber threat activity, including the tactics, techniques and procedures used to target Canada’s democratic processes.

34. What measures are in place to ensure Canada’s classified information is protected?

• At CSE, all employees are provided with frequent training and guidance on how to properly handle protected and classified information.
• Due to the sensitive nature of our work, we take the protection of classified information very seriously.
• CSE requires almost all employees to have Enhanced Top Secret clearance, including those who work at our Edward Drake Building (CSE Headquarters). This is required for all employees who have access to information repositories that are tightly controlled with strict security parameters, who have access to CSE tools and sensitive systems, and/or are involved with operations.
• Employees only have access to information that is strictly necessary for their work, and as a result, access to information is limited as required.

35. Are Chinese or Russian state-sponsored actors attempting to disrupt Canadian democratic institutions or processes?

• CSE has assessed that both China and Russia, along with Iran, are responsible for the majority of cyber threat activity against democratic processes worldwide.
• Since 2015, over 90 percent of the cyber threat activity against democratic processes we observed by Russia, China and Iran targeted states and regions of strategic significance to them.
• State-sponsored actors such as these, have taken advantage of domestic groups and movements in other countries and used the messages and reach of these domestic groups to better influence voters.
• Adopting cybersecurity best practices goes a long way to offsetting risks of exploitation by any cyber threat actor.

Media lines

CSE key messages

• As Canada’s national cyber security and foreign signals intelligence agency, CSE has unique technical and operational capabilities.
• The Communications Security Establishment Act (the CSE Act) sets out five aspects of our mandate: cyber security and information assurance; foreign intelligence; defensive cyber operations; active cyber operations; and technical and operation assistance. We use our technical expertise in all five aspects of our mandate. We do so to keep Canadians safe and secure.
• CSE’s foreign signals intelligence program provides Canada’s senior decision-makers with insights into the activities, motivations, capabilities, and intentions of foreign adversaries, and the international readiness and foreign reactions to a variety of diverse global events.
• CSE’s intelligence reporting also identifies hostile state activities, and the CSE Act authorizes us to assist the Department of National Defence and the Canadian Armed Forces.
• We support Canadian military operations and protect forces deployed abroad through advanced cyber techniques. For example, CSE could protect Canadian forces by disrupting an adversary’s ability to communicate or providing intelligence regarding an imminent threat.
• The CSE Act gives CSE the legal authority to conduct cyber operations to disrupt foreign-based threats to Canada. This includes active cyber operations to degrade, disrupt, respond to, or interfere with the capabilities, intentions or activities of foreign individuals, states, and organizations.
• If there are reasonable grounds to believe that a foreign state or actor constitutes a threat to the security of Canada and/or Canadian military forces, we are prepared to take appropriate action to address the threat.
• We continue to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.
• CSE and its Canadian Centre for Cyber Security (Cyber Centre) continue to monitor for any developing cyber threats and share threat-information with our partners and stakeholders to help prevent incidents.
• CSE works every day to defend government systems from threats. CSE’s automated defences protect the Government of Canada from over 6 billion malicious actions a day. These defensive actions are a result of CSE’s existing dynamic cyber defence capabilities which remain ready to defend Government of Canada systems and help protect against future attacks.

Foreign Interference

• Throughout the 2019 and 2021 federal elections, the Security and Intelligence Threats to Elections (SITE) Task Force actively monitored the electoral situation for signs of foreign interference. A Panel of non-partisan senior civil servants administered the Critical Election Incident Public Protocol (CEIPP), which includes a mandate during the caretaker period to inform the public if an incident or series of events occurred that threatened Canada’s ability to hold a free and fair election.
• During the 2019 and 2021 federal elections, the Government of Canada did not detect foreign interference that threatened Canada’s ability to have a free and fair election, and that warranted public communication, as determined by the Panel under the CEIPP.
• As part of SITE’s operational mandate, the Task Force did regularly meet with secret-cleared representatives from political parties, to build awareness of foreign threats to Canada’s electoral process and exchange any relevant foreign-interference information.
• CSE cannot speak to what types of classified information (or the details) that was shared with the political parties, the Privy Council Office, or the Panel for security reasons. This same restriction applies to those members of the political parties cleared to receive information/briefings from SITE.
• Canadians should be aware about covert and deceptive activities conducted by foreign states, including the People’s Republic of China and its ruling Chinese Communist Party, with the intent to influence the results of democratic elections at all levels of government in Canada. Although Canada’s electoral system is strong, foreign interference can erode trust and threaten the integrity of our democratic institutions, political system, fundamental rights and freedoms, and ultimately, our sovereignty.
• To raise awareness amongst Canadians about this serious threat to the security of our country, CSE published its Cyber Threats to Canada’s Democratic Process July 2021 update, which assessed that although Canada’s democratic process remains a lower-priority target for state-sponsored cyber actors, they judged it very likely that Canadian voters would encounter some form of foreign cyber interference in the 2021 federal election. CSIS also published reports such as Foreign Interference Threats to Canada’s Democratic Process and Foreign Interference and You. We invite all Canadians to consult these publications to learn more about this serious threat to our country’s national security.
• Finally, we encourage anyone with relevant information to report it to CSIS by contacting them. In addition to their local police, any individual in Canada who is concerned that they are being targeted by state or non-state actors for the purposes of foreign interference should contact the RCMP’s National Security Information Network.
• From a CSE perspective, in coordination with the Canadian Centre for Cyber Security (Cyber Centre), we have offered to provide cyber security advice and guidance to all major political parties, in part through a brochure on Cyber Security for Campaign Teams.
• In addition, throughout the General Election period CSE and the Cyber Centre provided points of contact to all 16 federal registered political parties for further discussion on the cyber security challenges related to Canada’s democratic process. If any political parties and/or candidates encountered any suspicious cyber activity, we had also designated a quick response point of contact for them, which was coordinated through each political party’s headquarters.

CSE’s support to the Canadian Armed Forces and Operation UNIFIER

• As Canada’s national cyber security and foreign intelligence agency, CSE has unique technical and operational capabilities. The CSE Act includes authorities that allow us to provide technical and operational assistance to the Department of National Defence and the Canadian Armed Forces (CAF).
• CSE is authorized to assist the CAF in support of government-authorized military missions, such as Operation UNIFIER. This support includes intelligence sharing and cyber security.
• While we can’t speak about specific operations, CSE can be counted to deliver on its mission working with Canada’s military presence in support of Ukraine.
• This increased support will help Ukraine strengthen its security and ability to defend itself against a range of threats.
• We continue to stand united with the people of Ukraine during this unlawful invasion by Russia.
• The Communications Security Establishment (CSE), the Department of National Defence (DND), and Shared Services Canada (SSC), worked together with Telesat, a Canadian satellite communications company, to come to an agreement on providing satellite services to key Ukrainian government and non-government partners, including critical infrastructure.
• [Redacted]

CSE’s messaging on cyber security in response to Ukraine and geopolitical events

• The Government of Canada’s cyber defence team, including CSE, is constantly reviewing measures to ensure our systems and information networks remain secure. We have tools in place to monitor, detect, and investigate potential threats, and to take active measures to address them.
• We can confirm that CSE has been tracking cyber threat activity associated with the current crisis. CSE has been sharing valuable cyber threat intelligence with key partners in Ukraine and continues to work with the Canadian Armed Forces (CAF) in support of Ukraine.
• As the situation has deteriorated, CSE’s Cyber Centre continues to monitor the cyber threat environment in Canada and globally, including cyber threat activity directed at critical infrastructure networks, operational and information technology (OT/IT). We recently issued reminder to the Canadian cyber security community to adopt a heightened state of vigilance and bolster awareness and protection against malicious cyber threats.
• CSE is aware of an increase in Russian state-aligned hacktivist groups seeking to Ukraine and its allies.
• We remind Canadian critical infrastructure operators and defenders to be aware of the risks and take mitigations against known Russian-backed cyber threat activity. Now is the time to take defensive action and be proactive in network monitoring and applying appropriate mitigations.
• In addition to public advisories, the Cyber Centre continues to share valuable cyber threat information with Canadian critical infrastructure partners via protected channels. This information includes indicators of compromise, threat mitigation advice, and confidential alerts regarding new forms of malware, and other tactics, techniques, and procedures being used to target victims.
• We are aware of reports that some Government of Canada websites have been offline. CSE and its Canadian Centre for Cyber Security have observed that it’s not uncommon to see distributed denial-of-service (DDoS) attacks against countries hosting visits from Ukrainian government officials. While these incidents draw attention, they have very little impact on the systems affected.

Foreign Based Social Media Applications:

• We are aware of the cyber security and privacy considerations with many social media platforms and apps, which is why we’ve presented general advice and guidance to Canadians. It is important for Canadians to take the time to assess the risks associated with using social media platforms and apps, especially foreign based ones.
• We strongly recommend Canadians think about the information they share on-line, how it is likely to be protected, managed and used/shared by others, which nation’s laws will apply to their information and activity on a specific platform.
• There is a substantial amount of open source information available to Canadians on various social media applications and platforms, detailing the benefits and the risks. Canadians should proceed cautiously regarding their online presence and conduct their own research before joining new social media platforms.
• However, CSE’s Cyber Centre is not a regulatory agency and as such, we do not endorse or ban social media applications.

Cyber Threats to Canadian Critical Infrastructure

• CSE and its Cyber Centre released an updated National Cyber Threat Assessment 2023-24 (NCTA 23-24) which outlines the new and evolving cyber threats faced by Canadian individuals, organizations, and critical infrastructure providers.
• In the NCTA 23-24 we highlight the growing threat of ransomware to critical infrastructure, state sponsored cyber threat activity impacting Canadians and disruptive technology that is bring new threats.
• CSE and the Cyber Centre are continuously monitoring the threats from state sponsored threat actors, especially China, Russia, North Korea and Iran. It is likely that over the next two years, these states will continue to target sectors of importance for their own domestic economic development.
• The Government of Canada, through CSE’s Canadian Centre for Cyber Security (Cyber Centre), has been in contact with critical infrastructure operators to ensure they are aware of cyber threats related to geopolitical tensions. CSE continues to monitor Russia-backed cyber actors and share threat-related information with Canadians and Canadian organizations in a timely basis.
• Cyber threat actors are aware of the impact targeting critical infrastructure can have, exploiting their sensitivity to service interruptions to extort them for ransom. Financially motivated cyber threat actors, predominantly cybercriminals, exploit critical infrastructure because downtime can be harmful to their industrial processes and the customers they serve.
• CSE and the Cyber Centre are dedicated to advancing cyber security and increasing the confidence of Canadians in the systems they rely on by offering support to critical infrastructure networks.
• As outlined in the NCTA 23-24 report, the three technological trends that we foresee disrupting their respective fields: digital assets and decentralized finance, machine learning and quantum computing.
• As noted in the July 2022 cyber threat bulletin, our intelligence indicates that Russian cyber threat actors are exploring options for potential cyber operations against Ukraine’s supporters, including Canada. This would include activities like cyberespionage, pre-positioning and potentially disruptive cyber operations against critical infrastructure targets.
• Recently, we issued a Cyber Flash to partners. A flash is communication reserved for registered partners so that we can share more detailed, sensitive information than we could in the public sphere. It is unclassified but still confidential information. In this recent confidential flash, we noted that we had a confirmed report where a cyber threat actor had the potential to cause physical damage to Canadian critical infrastructure.
• As the prime minister said, I can report there was no physical damage to any Canadian energy infrastructure. But make no mistake: the threat is real.
• Notwithstanding current geopolitical events, the Cyber Centre shares valuable cyber threat information with Canada’s critical infrastructure partners via protected channels on a regular basis.
• This information includes indicators of compromise, threat mitigation advice, and confidential alerts regarding new forms of malware, and other tactics, techniques, and procedures being used to target victims.
• Canada has a strong and valuable relationship with its Five Eyes alliance partners, including our intelligence, cyber defence, and law enforcement counterparts in the United States. We regularly share information with our partners that has a significant impact on protecting our respective countries’ safety and security. While we can’t confirm or deny, or offer specific details on the intelligence shared, threat information to help defend against critical infrastructure threats is regularly shared and acted upon as appropriate.

Issue notes

Threats to Critical Infrastructure

• Generally, we do not comment on specific cyber security incidents, nor do we confirm businesses or critical infrastructure partners that we work with, however we continue to provide advice and guidance to Canadians and Canadian organizations, if and when requested.
• CSE and its Canadian Centre for Cyber Security (Cyber Centre) continue to monitor for any developing cyber threats and share threat-information with our partners and stakeholders to help prevent incidents.
• As we noted in the 2023-24 National Cyber Threat Assessment, we are concerned about the opportunities for critical infrastructure disruption, particularly with regard to Internet-connected Operational Technology (OT) that underpins industrial processes. Internet-connected OT increases the threat surface of the organizations that employ it, and increases the opportunity for cyber threat activity to have effects in the physical world.
• CSE, through the Cyber Centre, have been in contact with critical infrastructure operators to ensure they are aware of cyber threats related to geopolitical tensions. CSE continues to monitor Russia-backed cyber actors and share threat-related information with Canadians and Canadian organizations in a timely basis.
• Recently, we issued a Cyber Flash to partners. We noted that we had a confirmed report where a cyber threat actor had the potential to cause physical damage to Canadian critical infrastructure. As the prime minister said, I can report there was no physical damage to any Canadian energy infrastructure. But make no mistake: the threat is real.
• We remain deeply concerned about the threat to critical infrastructure and urge critical infrastructure owners and operators to get in touch with us to work together to protect their systems.
• We encourage Canadians to consult www.cyber.gc.ca for up-to-date advice and guidance related to cyber threats or wish to receive more tailored cyber threat information. We also encourage victims to report a cyber incident to the Cyber Centre, so that we can help share threat-related information with our partners to help keep Canada and Canadians safe online.

Foreign Interference and the Democratic Process

• The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference, regardless of the source.
• In the lead up to and during the 2021 Federal Election, the Communications Security Establishment (CSE), the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the Royal Canadian Mounted Police (RCMP) worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
• CSE’s Cyber Centre also works closely with Elections Canada to protect its infrastructure.
• Our security and intelligence agencies coordinated integrated government efforts by raising awareness, monitoring, and reporting on threats, and providing advice to protect our democracy.
• CSE recently published the renewed NCTA which highlights how online foreign influence activities have become a new normal with adversaries seeking to influence elections and impact international discourse related to current events.
• The recent media attention on the topic of foreign interference has resulted in CSE appearing before the Standing Committee on Procedure and House Affairs (PROC) five times to provide an update. CSE also submitted several documents in response to the order for the Production of Papers issued by PROC.
• SITE Task Force partners will continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
• While Canada’s democratic institutions and processes are strong and resilient, CSE continues to actively work to ensure their continued protection. 

Top Cybersecurity Points

• Cyber security is a foundation for Canada’s future, for our digital economic, our personal safety, and national prosperity and competitiveness.
• Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
• Recent geopolitical events have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment.
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, small-and-medium sized organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
• If Canadian companies have been impacted by cyber threats, they are urged to contact www.cyber.gc.ca.

Cyber Security and Recent Cyber Incidents

• Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
• Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber capabilities and technical expertise to help monitor, detect and investigate threats against threats to Canada’s information systems and networks and to take active measures to address them.
• Recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. CSE works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Ransomware poses a threat to Canada’s national security and economic prosperity. Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key.
• Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
• The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
• Cyber security is a whole-of-society concern and the federal government works together with other jurisdictions, small-and-medium enterprises as well as critical infrastructure owners and operators to raise Canada’s cyber security bar.

Russian Invasion of Ukraine and Russian Cyber Threats to Canada

• Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
• Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber capabilities and technical expertise to help monitor, detect and investigate threats against threats to Canada’s information systems and networks and to take active measures to address them.
• Recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. CSE works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Ransomware poses a threat to Canada’s national security and economic prosperity. Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key.
• Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
• The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
• Cyber security is a whole-of-society concern and the federal government works together with other jurisdictions, small-and-medium enterprises as well as critical infrastructure owners and operators to raise Canada’s cyber security bar.
• In light of Russia’s ongoing, unjustified military actions in Ukraine, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (the Cyber Centre) strongly encourage all Canadian organizations to take immediate action and bolster their online cyber defences.
• While I can’t speak to CSE’s specific operations, I can confirm that it has been tracking cyber threat activity and has been working with Ukraine to monitor, detect, and investigate potential threats and to take active measures to address them.
• CSE’s Cyber Centre continues to engage directly with Canada’s critical infrastructure operators to ensure they are aware of any evolving threats, such as Telesat.
• CSE, the Department of National Defence, and Shared Services Canada worked together with Telesat, a Canadian satellite communications company, to provide secure satellite service to Ukraine. [Redacted]
  • An unfortunate outcome of the war has been the destruction, or degradation of key elements of the Ukrainian telecommunications infrastructure.
  • As a result, key government and private-sector organizations lack the necessary telecommunications services that are essential for conducting business with both European and North American government and non-government partners.
• CSE’s valuable cyber threat intelligence has been shared with key partners in Ukraine. CSE also continues to work with Canadian Armed Forces (CAF) in support of Operation UNIFIER.

Operation UNIFIER

• On January 26th, 2022, the Government of Canada announced $340 million for immediate support to Ukraine and for the extension and expansion of Operation UNIFIER, Canada’s military training and capacity-building mission in Ukraine.
• As part of this commitment, DND and CAF will work with CSE on measures to support enhanced intelligence cooperation and cyber security.
  • This increased support will help Ukraine strengthen its security and ability to defend itself against a range of threats.

Disinformation Campaigns

• Based on its intelligence reporting, CSE has observed numerous Russian-backed disinformation campaigns online designed to support their actions.
• CSE observed coordinated efforts by Russia to create and spread disinformation. For example, controlled media outlets were directed to include doctored images of Canadian Forces Members on the front line and false claims about Canadian forces committing war crimes.
• CSE shared this information on social media as part of the Government of Canada’s efforts to help inform Canadians on how to help stop the spread and protect themselves from disinformation.
• CSE continues to provide the Government of Canada with the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.

Arctic Defence and Sovereignty

• The Arctic is one of Canada’s foremost security priorities, including as it relates to cyber.
• In response, the Government of Canada has announced major investments in Continental Defence, modernizing NORAD, as well as enhancing the Communications Security Establishment’s (CSE) abilities to prevent and defend against cyber attacks.
• The recent funding in this space signals that CSE is taking the global shift to cyber seriously, including cyber security in the Arctic.
• Enhancing situational awareness and operational effectiveness in cyber space is a critical component to safeguarding and advancing our national and collective interests in the North.
• CSE continues to provide the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.

Accountability, Review and Oversight of CSE

• Bill C-59 enhanced the review and oversight of the Communications Security Establishment (CSE), as well as the broader security and intelligence community.
• CSE is subject to retrospective review by two independent external review bodies with a national security and intelligence mandate:
  • the National Security and Intelligence Review Agency (NSIRA)
  • the National Security and Intelligence Committee of Parliamentarians (NSICOP)
• NSIRA is responsible for reviewing all Government of Canada national security and intelligence activities to ensure they are lawful, reasonable, and necessary. While NSICOP consists of members of Parliament with a mandate to review Canada’s national security and intelligence organizations.
• To support their reviews, CSE provides both NSICOP and NSIRA with extensive access to information, documents, records, and subject matter experts.
• The Intelligence Commissioner (IC) provides oversight by approving authorizations for certain CSE activities prior to their execution.
• CSE values independent, external review and oversight of our activities, and remains committed to a positive and ongoing dialogue with these important institutions.

CSE Recruitment and Retention

• Over the years, CSE is experiencing a continued and sustained growth.
• There is a 2% retirement and 2% resignation rate for a total of 4% attrition per year. CSE’s low attrition rate reflects its investment in creating a healthy work environment, encouraging employee professional development, embracing diversity and inclusion as mission imperatives, and having excellent counselling and employee support programs in place.
• Recruitment for high tech technologies remains challenging and highly competitive. At CSE, the same is true due to the specific technical competencies required for many positions within CSE.
• CSE and the Canadian Centre for Cyber Security are hiring for a variety of positions including foreign language intelligence analysts, engineers, mathematicians, computer science specialists and cyber security professionals.
• CSE also received significant recognition through Budget 2022 in which proposed $875.2 million over five years for CSE, beginning in 2022-23, for additional measures to address the rapidly evolving cyber threat landscape.

CSE Overview Stats

• Since 2019, our workforce has grown from approximately 2600 employees to 3,232 full-time employees as of March 31, 2023. This does not include part-time employees, contractors, or students.
• Each year CSE receives on average, 10,000 to 15,000 applications from applicants with diverse skill sets and cultural backgrounds.
• CSE has also been recognized as a Top Employer in 2020, 2021, 2022 and 2023, as well as one of Canada’s Top Employer for Youth for the past 7 years in a row.
• In December 2022, a new campaign was launched, highlighting the importance of our work, despite our relatively low profile amongst Canadians. The campaign video highlighted various types of jobs available at CSE and showcasing the elements of our culture that make us who we are. The video was created entirely in-house and was accompanied by new branding and a new slogan: “CSE – The most important organization you’ve never heard of”.

Budget 2022 Funding for CSE

• Budget 2022 announced $875.2 million over five years for the Communications Security Establishment (CSE), beginning in 2022-23, for additional measures to address the rapidly evolving cyber threat landscape.
• These investments will allow CSE to further support and assist its partners and defend Canadian networks and systems.
• Budget 2022 announced significant new funding for CSE for the following initiatives:
  • Significantly expanding our foreign cyber operations program to prevent and defend against cyber attacks.
  • Expanding cyber security protection to smaller Canadian government departments, agencies and crown corporations.
  • Enhancing CSE’s ability to prevent and respond to cyber attacks on critical infrastructure and making Canadian critical infrastructure more resilient.
  • Support the Government of Canada’s efforts to protect its Secret Infrastructure from cyber incidents by strengthening the robustness of its classified networks and its capacity to respond to unanticipated system failures.
  • Establish a unique research chair program to fund academics to conduct research on cutting-edge technologies.
  • Supporting the implementation of the Government of Canada National Security Guidelines for Research Partnerships in collaboration with other government departments. With the proposed investments, CSE will participate in the new national security review process for federal granting programs by providing assessment and advice on grant applications of potential high risk.
• An additional $56.7M for 3 years was also announced for Operation UNIFIER; a key part of Canada’s effort to help Ukraine deter Russian aggression, and bolster its sovereignty, security, and stability. As well as to support the Government of Canada’s efforts to protect democratic institutions by addressing cyber threats, incident prevention and response, and intelligence gathering to increase the awareness of Canadians about disinformation and threats to democratic processes.
• To absorb this level of growth, CSE has established and started implementing a growth strategy, which includes things like a new governance structure, a revised security clearance model and a remote work strategy.
• Budget 2022 was a first step in securing new resources for CSE. As we look to the future, we’re hoping to see further investments in our organization.

CSE Contracting Activities Overview

• For reasons of national security and to protect operational integrity, CSE does not typically disclose specific information related to its vendors.
• CSE protects information concerning CSE's vendors on the grounds that disclosing such information could be injurious to national security and defence.
• However, CSE can confirm it has never had a contract with McKinsey & Company.

CAF Operations in the Indo-Pacific

• Canada is committed to a meaningful and persistent military presence in the Indo-Pacific Region to promote peace and security.
• That is why Canada’s Indo-Pacific Strategy is making several investments in defence over the next five years.
• This includes $369.4 million to maintain and increase our naval presence in the region, building on our commitments through Operations NEON and PROJECTION.
• We are also investing $48.7 million to increase Canadian Armed Forces participation in joint exercises with regional partners and allies.
• Specifically, we are looking to expand beyond our current naval focus to include more opportunities for the Army, Air Force, Special Forces, and other Canadian Armed Forces elements to participate in regional exercises.
• Additionally, we are investing $68.2 million to launch a new Canadian-led military capacity building program, through which the Canadian Armed Forces will offer mentorship and expertise to partners in the Indo-Pacific Region.
• We are also launching new initiatives to support regional and military partners seeking to bolster their cyber security and cyber capabilities.
• The Communications Security Establishment (CSE) has been provided new resources to help increase Canada’s ties with the Indo-Pacific region [Redacted].
• Canada will continue working with its allies and partners to help ensure regional stability and support the rules-based international order.

If pressed on deploying an additional frigate:

• Canada will continue to meet its obligations and commitments to NATO.
• National Defence’s plan to increase and enhance Canada’s defence presence in the Indo-Pacific was developed with our other key regional priorities in mind, as well as reconstitution.
• The Canadian Armed Forces will bolster its maritime presence in the Indo-Pacific by sending a third frigate to the Indo-Pacific each year.
• In fact, in March 2023, HMCS Montreal and MV Asterix departed Halifax under Operation PROJECTION to conduct forward naval presence operations in the region, as well as conduct cooperative deployments and participate in international naval exercises with partner nations.

• As with any operation, the deployment of assets is taken with resource considerations in mind, along with the need to meet operational objectives.

If pressed on joining other security partnerships (AUKUS):

• As a Pacific nation, Canada will continue to play an active role in the region, and maintains a persistent presence to support peace, security, and Canadian interests in the region.
• Canada maintains strong military relations and intelligence sharing agreements with the Five Eyes, which includes AUKUS partners.

If pressed on PLAAF buzzing RCAF aircraft:

• The safety of Canadian Armed Forces members is of the highest priority in all operations.
• Canada has been clear in its expectation that all intercepts should be conducted in a safe and professional manner and refrain from impeding lawful operations in international airspace.

Canada’s Indo-Pacific Strategy

CAF Operations in the Indo-Pacific

• Global Affairs Canada is the lead on Canada’s Indo-Pacific Strategy, which was released on November 27, 2022. The Strategy will address five interconnected priorities for Canada:
  • Promote peace, resilience and security – National Defence focus;
  • Expand trade, investment and supply chain resilience;
  • Invest in and connect people;
  • Build a sustainable and green future; and
  • Ensure Canada is an active and engaged partner to the Indo-Pacific.
• HMCS Montreal and MV Asterixdeparted Halifax on March 26 under Operation PROJECTION to conduct forward naval presence operations in the region as well as conduct cooperative deployments and participate in international naval exercises with partner nations.
  • HMCS Montreal will also participate in Op NEON during this deployment.
• HMCS Winnipeg and Vancouver deployed to the Indo-Pacific region on Operation PROJECTION from August 4 to December 5, 2022.
  • While on Op PROJECTION, HMCS Vancouver also contributed to Operation NEON.
  • March 2023: The Government of Canada decided to renew Operation NEON, Canada’s contribution to the multinational surveillance initiative to monitor North Korea’s maritime sanctions evasion, until April 30, 2026.

Details

Indo-Pacific Strategy

• Global Affairs Canada is the lead on the Indo-Pacific Strategy, which was announced on November 27, 2022.
• Through the Indo-Pacific Strategy, National Defence is investing in the following initiatives to support the defence and security in the region over the next five years, including:
  • $369.4 million dollars to enhance our naval presence in the region and increase the number of frigates deployed annually, from two to three;
  • $48.7 million dollars to increase the CAF’s participation in bilateral and multilateral exercises with regional allies and partners;
  • $68.2 million to launch a new Canadian-led military capacity-building program, offering mentorship and expertise to our partners by delivering training directly to partner forces in the region; and
  • $6.5M to establish four new full-time civilian positions across the region to support discussions with allies and partners.
• Defence will also play a key role in a whole-of-government cyber initiative (of $2.6M) by providing military-to-military advice and lessons learned to countries that are developing and refining their cyber security strategies.

Operation PROJECTION

• Strong, Secure, Engaged commits Canada to be a reliable player in the Indo-Pacific region through consistent engagement and strong partnerships.
• Since 2017, the Royal Canadian Navy has achieved consistent presence in the Indo-Pacific under Op PROJECTION.
• Canadian warships regularly deploy to work with our allies and like-minded partners, including by conducting joint transits and exercises under Op PROJECTION, as well as contributing to the multinational effort of monitoring UN Security Council sanctions against North Korea under Op NEON.

RIMPAC

• From June 29 to August 4, 2022, HMCS Winnipeg and HMCS Vancouver, (each with embarked CH-148 Cyclone maritime helicopters), and two CP-140 Aurora long range patrol aircraft, participated in RIMPAC, the world’s largest naval exercise.

Operation NEON

• Launched in 2019, Op NEON is Canada’s contribution to a multinational effort to monitor UN Security Council sanctions imposed against North Korea. These sanctions, imposed between 2006 and 2017, aim to pressure North Korea to abandon its weapons of mass destruction programs and respond to North Korean nuclear weapon tests and ballistic missile launches.
• Under Op NEON, the CAF deploys warships, aircraft, and shore-based staff to conduct surveillance operations to identify suspected maritime sanctions evasion activities, in particular the ship-to-ship transfers of fuel and other commodities banned by the UNSC Resolutions. This contribution bolsters the integrity of the global sanctions regime against North Korea, enhances regional peace and stability, and supports the rules-based international order.
• Authorities for Op NEON were set to expire at the end of April 2023. In March 2023, the Government of Canada announced the renewal of Op NEON until April 30, 2026, under the same authorities previously granted to the mission.

Interactions with the People’s Liberation Army Air Force Aircraft

• On several occasions, interactions have occurred between a CP-140 Aurora long-range patrol aircraft and aircraft of the People’s Liberation Army Air Force.
• These interactions occurred in international airspace during UN-sanctioned missions.

Recent Indo-Pacific Operational Highlights

• HMCS Vancouver transited the Taiwan Strait northbound with the US Destroyer, USS Higgins, on September 20, 2022.
• From August 4 to December 5, 2022, HMCS Winnipeg and HMCS Vancouver operated extensively throughout the Western pacific, including the South China Sea.

Committee information

Committee profiles

• Chair– Hon. John Mckay (LPC)– Scarborough-Guildwood, ON
• Vice-chair– Hon. James Bezan (CPC)– Selkirk-Interlake-Eastman, MB
• Vice-chair– Hon. Christine Normandin (BQ)– Saint-Jean, QC
• Darren Fisher (LPC)– Dartmouth-Cole Harbour, NS
• Cheryl Gallant (CPC)– Renfrew-Nipissing-Pembroke, ON
• Pat Kelly (CPC)– Calgary Rocky Ridge, AB
• Shelby Kramp-Neuman (CPC)– Hastings-Lennox and Addington, ON
• Emmanuella Lambropoulos (LPC)– Saint-Laurent, QC
• Lindsay Mathyssen (NDP)– London-Fanshawe, ON
• Bryan May (LPC)– Cambridge, ON
• Jennifer O’Connell (LPC)– Pickering-Uxbridge, ON
• Charles Sousa(LPC) – Mississauga—Lakeshore

Chair– Hon. John Mckay (LPC)– Scarborough-Guildwood, ON

CSE-related interests

• Former Parliamentary Secretary to the Minister of National Defence.
• Demonstrated concern of Russia’s actions in Ukraine and multiple cyber-attacks on Canada (January 2022) and an interest to discuss Arctic security (November 2022).
• One of the few Government-side MPs who voted in favour of the CPC’s Opposition Motion in November 2020, which called on the Government to make a decision on the Huawei Ban.
• During SECU’s study of Bill C-59 asked what contributions the Bill would make to address cyber threats to private infrastructure (2018).
• McKay expressed concern surrounding the lack of clarity for reporting cyber incidents for Canadians during the Public Safety Committee (December 2020).

Vice-chair– Hon. James Bezan (CPC)– Selkirk-Interlake-Eastman, MB

CSE-related interests

• Interest in China, Russia, and defending the Arctic territory (2022)
• Concerned with Canadian data and information and protecting citizen’s Charter rights, particularly from Pegasus software system during discussions of Bill C-27 (November 2022): “There are times we have to use it in the collection of data. […] We know that to use that type of technology, to protect the rights of Canadians, there should be a warrant issued to ensure there is judicial oversight, even if it is being used by the Department of National Defence and CSE, we have to make sure it is not being used against Canadians and only deals with those national threats they refer to as threats that are foreign entities. That is something that Bill C-27 fails to recognize.”

Vice-chair – Hon. Christine Normandin (BQ) – Saint-Jean, QC

CSE-related interests

• Canada-China Relations Committee (May 2021): Concerned over Canada’s “laxed” stance on Huawei in comparison to the other Five Eyes partners.
• Business of Supply- Government Orders (February 2021): Concern of China’s mass surveillance regime and the surveillance capacities of Huawei.
• NDDN (March 2022): Questioned if CSE’s and CSIS’ work happens in isolation and to promote communication between the two organizations, if they should “co‑operate more closely with FINTRAC to follow the money when it comes to the use of cryptocurrency by terrorist groups?”.
• Questioned if CSE explored working with private sector to “fill gaps in internal capacity and thus meet operational requirements” and develop cyber capacity (March 2022).

Members

Darren Fisher (LPC)– Dartmouth-Cole Harbour, NS

CSE-related interests

• Concerned with Russia, China and Arctic Security (November 2022): “Given the evolving relationship between Russia and China right now, how do you think they would co-operate or conflict on matters relating to the Arctic?”
• NDDN Committee, Briefing by the Commissioner of CSE (March 2017): Concern over other Five Eyes partners not keeping their promise to protect Canadian data and spy on each other’s citizens.
• Interested in national defence and Canada’s Involvement in NATO (January 2018): Concern over if Canadian and NATO infrastructure is safe from data breaches and if there is a quick response to new cyber threats.

Cheryl Gallant (CPC)– Renfrew-Nipissing-Pembroke, ON

CSE-related interests

• “E-security” is a popular topic for Gallant (March 2022): “CSE judges that cyber-threat actors will very unlikely seek to intentionally seek to disrupt Canadian critical infrastructure and cause major damage or loss of life. That being said, how vulnerable are we with the Internet of things, given that something as simple as your refrigerator is sending off pings? There seem to be so many vulnerabilities and it is the least protected throughway that is going to be attacked, so how can they be so confident, do you think, that it will be unlikely to be disrupted?”
• Issues of greatest interest in this area include: Cybersecurity of the electricity grid; NATO and NORAD and cybersecurity, including IoT and AI; recruiting cybersecurity experts into the military; the Telecommunications Act, how CSE works with the private sector; information sharing in the Five Eyes; Russian cyberattacks against Georgia; and Op IMPACT.
• Questioned if Canada was sharing intelligence directly with Ukraine from CSE in March 2022.

Pat Kelly (CPC)– Calgary Rocky Ridge, AB

CSE-related interests

• Interested in national defence and security, with many questions related to Arctic security, protecting Arctic waters and China's capability to threaten Canadian Arctic sovereignty in November 2022.
• Questioned Jody Thomas during her appearance in December 2022 regarding foreign interference in Canadian elections.
• Has had no questions directed at CSE and mention of the organization.

Shelby Kramp-Neuman (CPC)– Hastings-Lennox and Addington, ON

CSE-related interests

• Interested in Canada’s role in NATO, Arctic security, national defence, Canada’s military and its capacity to respond to threats: “Can you speak to the impact on our ability to protect and strengthen our north and give it the attention it needs as a region of growing competition between Canada, Russia and China?” (November 2022).
• Has had no questions directed at CSE and mention of the organization.

Emmanuella Lambropoulos (LPC)– Saint-Laurent, QC

CSE-related interests

• Interested in Russia and China’s foreign interference, the rise of cyber-threats and Arctic security.
• Questioned Canada’s position in defending itself and the Arctic in NDDN (December 2022): “[…] What are some of the ways that our adversaries' [Russia and China] cyber-abilities influence the way we prepare ourselves? In what ways have we made investments in technologies that would counter these kinds of cyber-abilities?”.
• Questioned Chief Shelly Bruce about cyber-threats during her appearance in February 2022: “I know that Minister Anand has in her mandate letter several references to cybersecurity. We heard from CSE and CSIS at our last meeting that these threats have been increasing steadily for the last while, mainly by China and Russia, along with others. What kind of plans do you have going forward in order to make sure we accomplish this part of the mandate?” and “In your opinion, what would CSE need in order to help it fulfill its mandate?”

Lindsay Mathyssen (NDP)– London-Fanshawe, ON

CSE-related interests

• Interested in assessing the capacity to tackle cyber-threats and issue of unfilled cyber-related positions in NDDN (March 2022).
• Questioned the reality of Russia and China posing as “potential threat” for Canada and Artic Soil during Jody Thomas’ appearance (December 2022).

Bryan May (LPC)– Cambridge, ON

CSE-related interests

• May is the Parliamentary Secretary to the Minister of National Defence and has asked many questions related to the Telecommunications Act, PROC and Bill C-26 in PROC, NDDN and other committees.
• He continues to speak about the role of CSE and the cyber center’s “cyber and technical expertise to help monitor, detect and investigate threats against Canada’s information systems and networks, and take active measures to address them.” (December 2022).
• Questioned an expert speaker about the biggest threats coming with regard to cyber and “[Do you] see progress with CSE at this point?” (February 2022).
• Asked Sami Khoury to “comment and elaborate on the Canadian Centre for Cyber Security's work with various industry sectors?” during an appearance (March 2022).
• Discussed Russia, China and the Arctic (November 2022): “In light of the growing tensions between NATO and Russia, is Canada doing enough in terms of allied military exercises in the Canadian Arctic? What would be the pros and cons of potentially expanding those allied exercises in the Arctic?”

Jennifer O’Connell (LPC)– Pickering-Uxbridge, ON

CSE-related interests

• Interested in protecting national security, democratic institutions, and elections from foreign interference (December 2022) especially through her previous membership on NSICOP. Has questioned the CPC’s inaction towards foreign interference including misinformation, disinformation and attempts on elections, despite multiple briefings and reports.
• Mention of CSE in the context of Russia, China, and the use of local media to spread disinformation or misinformation by foreign state actors in PROC (November 2022): “For CSIS, or CSE or any Canadian agency, for example, if a so-called media group like Canada Proud or Rebel News started using Chinese or Russian types of disinformation in their local disinformation or misinformation campaigns, what mechanisms would you have to then tell Canadians that this local source of information is being used by foreign state actors like China or Russia?”.
• Questioned the Middle East strategy, supplementary estimates and CSE’s contribution in NDDN (March 2022): “I'm wondering if you can elaborate on what this specific investment in the supplementary estimates looks like. It's an additional $4 million, but what is that additional $4 million for?”.
• In relation to the two Chinese scientists fired at the Microbiology Laboratory, O’Connell gave assurance that Canada takes threats to research security and intellectual property very seriously (May 2021).
• Showed concern of Huawei telecommunications in Canada and how it will affect Canada’s relationship with the Five Eyes allies, and over Canada’s autonomy and the Chinese government having access to our intelligence through Huawei networks (October 2020).

Charles Sousa(LPC) – Mississauga—Lakeshore

CSE-related interests

• N/A– Charles Sousa was recently elected in by-election (December, 2022) as MP for Mississauga-Lakeshore
• He is the former Minister of Finance for Ontario
• He served as Member of Provincial Parliament (MPP) for the riding of Mississauga-South
• Charles Sousa was also, Minister of Labour, Minister of Citizenship and Immigration, Minister Responsible for the Pan and Parapan American Games, and President of Treasury Board

Committee backgrounder

44th Parliament, 1st Session

Under its mandate, the Committee:

• studies the legislation, activities and expenditures of the Department of National Defence (DND) and the Canadian Armed Forces (CAF);
• examines the domestic, continental and international security environment; and
• monitors the performance and policies of other federal entities that operate within the National Defence portfolio such as The Communications Security Establishment (CSE).

Recent appearances

• February 2023: Briefing on the Surveillance Balloon from the People's Republic of China
• February 2023: Cybersecurity and Cyberwarfare
• February 9, 2022: CSE appeared alongside the Minister of National Defence and other senior officials to discuss the Minister’s mandate letter and priorities.
• February 7, 2022: CSE appeared alongside the Minister of National Defence, and the Director of CSIS, as well as other senior officials to brief NDDN members’ situational awareness of the threats they themselves face from foreign interference, as well as a discussion of the threats Canada faces from foreign interference.

Key studies

• Notable activities/meetings:
  • December 2022: Briefing on the 6th Report of the Auditor General, Arctic Water Surveillance
  • February 2022: Briefing by CSIS and the CSE
  • March 2017: Briefing by the Commissioner of the Communications Security Establishment
  • May 2016: Briefing on the Ongoing Activities of the Communications Security Establishment

• Studies in recent years:
  • December 2018: Russian Aggression Against Ukraine, Moldova and Georgia in the Black Sea Region
  • Threat Analysis Affecting Canada and the Canadian Armed Forces’ Operational Readiness to Meet Those Threats
  • Addressing Sexual Misconduct in the Canadian Armed Forces
  • Impacts of the COVID-19 Pandemic on Canadian Armed Forces Operations
  • June 2019: Improving Diversity and Inclusion in the Canadian Armed Forces
  • May 2019: Canada’s Contributions to International Peacekeeping

• Upcoming studies:
  • February 2023: NDDN is expected to begin a study on Cybersecurity and Cyberwarfare, such as the evolving sophistication of threats associated with cybersecurity and foreign actors’ defensive capabilities. NDDN intends to invite representatives from CAF, DND and CSE at its first meeting.

Previous meetings (current session)

Wednesday, December 15, 2021: Election of Chair

The Hon. John McKay (LPC) was elected Chair. Kerry-Lynne D. Findlay (CPC) was elected first vice-chair; Christine Normandin (BQ) was elected second vice-chair.

Monday, January 31, 2022: Committee Business

Wednesday, February 2, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, February 7, 2022: Briefing by CSIS and CSE

Witnesses Included:

• Charlie Henderson, Assistant Director, Canadian Security Intelligence Service
• David Vigneault, Director, Canadian Security Intelligence Service
• Daniel Rogers, Associate Chief, Communications Security Establishment
• Rajiv Gupta, Associate Head, Canadian Centre for Cyber Security, Communications Security Establishment

Wednesday, February 9, 2022: Briefing by the Minister of National Defence on her Mandate Letter

Witnesses Included:

• Hon. Anita Anand, Minister of National Defence
• Bill Matthews, Deputy Minister of National Defence
• Robin Holman, Acting Judge Advocate General, Office of the Judge Advocate General, Department of National Defence
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• Shelly Bruce, Chief, Communications Security Establishment

Monday, February 14, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness (Meeting 2)

Wednesday, February 16, 2022: Threat Analysis Affecting Canada and the CAF Operational Readiness (Meeting 3)

Monday, February 28, 2022: Briefing on Canada, NATO and the Current Situation in Ukraine, and Threat Analysis Affecting Canada and the CAF Operational Readiness

Witnesses Included:

• MGen Paul Prévost, Director of Staff, Strategic Joint Staff, Department of National Defence

Wednesday, March 2 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Wednesday, March 9 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, March 21 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Wednesday, March 23 (2022): Subject Matter of Supplementary Estimates (C) 2021-22

Witnesses Included:

• Hon. Anita Anand, Minister of National Defence
• Bill Matthews, Deputy Minister of National Defence
• Cheri Crosby, Assistant Deputy Minister, Finance, and Chief Financial Officer, Department of National Defence
• LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• Shoba Ranganathan, Acting Executive Director, Sexual Misconduct Response Centre, Department of National Defence
• Troy Crosby, Assistant Deputy Minister, Materiel Group, Department of National Defence
• Shelly Bruce, Chief, Communications Security Establishment

Monday, March 28 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Wednesday, March 30 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, April 4 (2022): Recruitment and Retention in the CAF

Wednesday, April 6 (2022): Recruitment and Retention in the CAF

Monday, April 25 (2022): Recruitment and Retention in the CAF

Wednesday, April 27 (2022): Committee Business and Recruitment and Retention in the CAF

Monday, May 2 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Wednesday, May 4 (2022): Committee Business

Monday, May 9 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Wednesday, May 11 (2022): Committee Business

Wednesday, May 18 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Wednesday, June 1 (2022): Committee Business and Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, June 6 (2022): Subject Matter of Main Estimates 2022-23

Witnesses Included:

• Hon. Anita Anand, Minister of National Defence
• Bill Matthews, Deputy Minister of National Defence
• Cheri Crosby, Assistant Deputy Minister, Finance, and Chief Financial Officer, Department of National Defence
• LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• Troy Crosby, Assistant Deputy Minister, Materiel Group, Department of National Defence
• Shelly Bruce, Chief, Communications Security Establishment

Wednesday, June 8 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Monday, June 13 (2022): Recruitment and Retention in the CAF

Monday, June 20 (2022): Recruitment and Retention in the CAF

Tuesday, September 20 (2022): Threat Analysis Affecting Canada and the CAF Operational Readiness

Thursday, September 22 (2022): Committee Business and Threat Analysis Affecting Canada and the CAF Operational Readiness

Tuesday, September 27 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Tuesday, October 4 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Thursday, October 6 (2022): Rising Domestic Operational Deployments and Challenges for the CAF

Thursday, October 18 (2022): Arctic Security

Tuesday, October 25 (2022): Arctic Security and Committee Business

Thursday, October 27 (2022): Arctic Security

Tuesday, November 1 (2022): Arctic Security

Thursday, November 3 (2022): Arctic Security and Reports that Former Royal Canadian Air Force Pilots Have Undertaken Employment to Train Members of the People’s Liberation Army Air Force

Witnesses Included:

• BGen Denis Boucher, Director General Defence Security, Department of National Defence

Tuesday, November 15 (2022): Arctic Security

Tuesday, November 22 (2022): Arctic Security

Thursday, November 24 (2022): Arctic Security

Tuesday, November 29 (2022): Arctic Security

Thursday, December 1 (2022): Committee Business

Thursday, December 8 (2022): Arctic Security and Briefing on the 6th Report of the Auditor General, Arctic Water Surveillance

Witnesses Included:

• Chantal Thibaudeau, Director, Office of the Auditor General
• Karen Hogan, Auditor General, Office of the Auditor General
• Nicholas Swales, Principal, Office of the Auditor General

Tuesday, December 13 (2022): Independent External Review of the Department of National Defence and the Canadian Armed Forces

Witnesses Included:

• Hon. Anita Anand, Minister of National Defence
• Louise Arbour, Lawyer
• Bill Matthews, Deputy Minister, Department of National Defence
• LGen Frances J. Allen, Vice Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• LGen Jennie Carignan, Chief, Professional Conduct and Culture, Canadian Armed Forces. Department of National Defence
• Linda Rizzo-Michelin, Chief Operating Officer, Sexual Misconduct Response Centre, Department of National Defence
• Col Robin Holman, Acting Judge Advocate General, Canadian Armed Forces, Department of National Defence
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence

Tuesday, January 31, 2023: Threat Analysis Affecting Canada and the Canadian Armed Forces’ Operational Readiness to Meet Those Threats and Committee Business

Witnesses Included:

• Kati Csaba, Executive Director, Ukraine Strategic Action Team, Department of Foreign Affairs, Trade and Development
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• MGen Michael Wright, Commander, Canadian Forces Intelligence Command and Chief of Defence Intelligence, Department of National Defence

Friday, February 3, 2023: Threat Analysis Affecting Canada and the Canadian Armed Forces’ Operational Readiness to Meet Those Threats

Witnesses Included:

• Peter Lundy, Director General, Indo-Pacific Secretariat, Department of Foreign Affairs, Trade and Development
• MGen Greg Smith, Director General, International Security Policy, Department of National Defence

Tuesday, February 7, 2023: Cybersecurity and Cyberwarfare

Witnesses Included:

• Sami Khoury, Head, Canadian Centre for Cyber Security, Communications Security Establishment
• Alia Tayyeb, Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment
• Aaron Shull, Managing Director and General Counsel, Centre for International Governance Innovation
• Wesley Wark, Senior Fellow, Centre for International Governance Innovation

Friday, February 10, 2023: Cybersecurity and Cyberwarfare
Witnesses Included:

• Thomas Keenan, Professor, University of Calgary (by videoconference)Amended
• Alexander Rudolph, PhD Candidate, Carleton University
• Kristen Csenkey, PhD Candidate, Balsillie School of International Affairs, Wilfrid Laurier University
• Alexis Rapin, Research fellow, Raoul-Dandurand Chair of Strategic and Diplomatic Studies, Université du Québec à Montréal

Tuesday, February 14, 2023: Cybersecurity and Cyberwarfare
Witnesses Included:

• RAdm Lou Carosielli, Cyber Force Commander, Canadian Armed Forces, Department of National Defence
• Jonathan Quinn, Director General, Continental Defence Policy, Department of National Defence
• Marcus Kolga, Senior Fellow, Macdonald-Laurier Institute

Friday, February 17, 2023: Briefing on the Surveillance Balloon from the People's Republic of China
Witnesses Included:

• LGen Alain Pelletier, Deputy Commander, North American Aerospace Defense Command, Department of National Defence
• MGen Paul Prévost, Director of Staff, Strategic Joint Staff, Department of National Defence

Tuesday, March 7, 2023: Briefing on the Surveillance Balloon from the People's Republic of China

Witnesses Included:

• Hon. Anita Anand, P.C., M.P., Minister of National Defence
• Bill Matthews, Deputy Minister, Department of National Defence
• Gen Wayne D. Eyre, Chief of the Defence Staff, Canadian Armed Forces, Department of National Defence
• Jonathan Quinn, Director General, Continental Defence Policy, Department of National Defence
• MGen Darcy Molstad, Deputy Commander, Canadian Joint Operations Command, Canadian Armed Forces, Department of National Defence

Friday, March 10, 2023: Cybersecurity and Cyberwarfare and Committee Business

Witnesses Included:

• Christyn Cianfarani, President and Chief Executive Officer,Canadian Association of Defence and Security Industries
• Tim Callan, Chief Experience Officer, Sectigo
• Christian Leuprecht, Professor, Royal Military College of Canada

Tuesday, March 21, 2023: Arctic Security

• Consideration of Draft Report

Friday, March 31, 2023: Cybersecurity and Cyberwarfare and Meeting with a Delegation from Lithuania
Witnesses Included:

• Tadej Nared, Chairman of the Board, Slovenian Certified Ethical Hackers Foundation
• John de Boer, Senior Director, Government Affairs and Public Policy, Canada, BlackBerry
• Tim McSorley, National Coordinator, International Civil Liberties Monitoring Group