House Standing Committee on National Defence (NDDN) Main Estimates 2024-25 - May 27, 2024

From: Communications Security Establishment Canada

Table of contents

 

Appearance details

Date: May 27, 2024
Location: Room 410 Wellington Building
Time: 11:00 am to 1:00 pm

Appearing:

  • The Honourable Bill Blair
    Minister of National Defence
  • Caroline Xavier
    Chief, Communications Security Establishment
  • Hughes St-Pierre
    Assistant Deputy Minister, Corporate Services and Chief Financial Officer, Communications Security Establishment
  • Bill Matthews
    Deputy Minister, Department of National Defence
  • Cheri Crosby
    Chief Financial Officer, Department of National Defence
  • Troy Crosby
    Assistant Deputy Minister (Materiel) Department of National Defence
  • Lieutenant-General Frances Allen
    Vice Chief of the Defence Staff
  • Lieutenant-General Lise Bourgon
    Chief of Military Personnel

Details:
The Minister of National Defence will appear alongside senior departmental officials to speak on the Main Estimates 2024-25.

 
Top of page

Key highlights and prep material

Page proofs

Raison d'être

The Communications Security Establishment (CSE) is Canadaʼs national authority for foreign intelligence (Signals Intelligence) and the national technical authority for cyber security and information assurance.

CSE provides critical foreign intelligence to help inform the Government of Canadaʼs decision making on a wide range of issues, including national security.

CSEʼs sophisticated cyber and technical expertise helps identify, prepare for, and defend against threats to Canadaʼs most important systems and networks. CSE may also proactively stop or impede foreign cyber threats before they can damage Canadian systems, and conduct online operations to advance national objectives.

In addition, CSE provides technical and operational assistance to federal law enforcement, security partners, the Department of National Defence, and the Canadian Armed Forces.

The Minister of National Defence is responsible for CSE.

Organization estimates
Data 2022-2023 expenditures 2023-2024 2024-2025 main estimates
Main estimates (dollars) Estimates to date (dollars)
Budgetary
Voted
1   Program expenditures 879,587,488 906,759,081 930,175,678 977,621,520
Total voted 879,587,488 906,759,081 930,175,678 977,621,520
Total statutory 51,660,406 59,150,278 61,522,809 64,061,482
Total budgetary expenditures 931,247,894 965,909,359 991,698,487 1,041,683,002
 
2024-25 Main estimates by purpose
Budgetary Operating
(dollars)		 Capital
(dollars)		 Transfer payments
(dollars)		 Revenues and other reductions
(dollars)		 Total
(dollars)
Defend and advance Canada’s interests and values in and through cyberspace, and through foreign intelligence 1,061,532,258 nil nil (19,849,256) 1,041,683,002
Total 1,061,532,258 nil nil (19,849,256) 1,041,683,002
 
Listing of statutory authorities
Data 2022-23
expenditures (dollars)		 2023-24
estimates to date (dollars)		 2024-25
main estimates (dollars)
Budgetary
Contributions to employee benefit plans 51,657,305 61,522,809 64,061,482
 

2024-25 Estimates Annex

Items for inclusion in the Proposed Schedules to the Appropriation Bill

Items for inclusion in the Proposed Schedule 1 to the Appropriation Bill
(for the financial year ending March 31, 2024)
Unless specifically identified under the Changes in 2024–25 Main Estimates section, all vote wordings have been provided in earlier appropriation acts.
Vote number Items Amount ($) Total ($)
1 Communications Security Establishment
  • Program expenditures
  • Authority, as referred to in paragraph 29.1(2)(a) of the Financial Administration Act, to expend in the fiscal year — in order to offset expenditures that it incurs in that fiscal year — revenues that it receives in that fiscal year from its operations, including the provision of internal support services under section 29.2 of that Act
 nil 977,621,520
 

2024-25 Estimates
Budgetary expenditures by standard object

This table shows the forecast of total expenditures by Standard Object, which includes the types of goods or services to be acquired, or the transfer payments to be made and the revenues to be credited to the vote.

Definitions of standard objects available at: http://www.tpsgc-pwgsc.gc.ca/recgen/pceaf-gwcoa/2425/7-eng.html.

Interest payments relating to capital leases are included under "Public debt charges". These payments are voted expenditures and are not included under the "Public Debt" heading on the Composition of Estimates and Expenditures table.

Budgetary expenditures by standard object
Data Personnel Transportation and communications Information Professional and special services Rentals Purchased repair and maintenance Utilities, materials and supplies Acquisition of land, buildings and works Acquisition of machinery and equipment Transfer payments Public debt charges Other subsidies and payments Less: Revenues and other reductions Total
1 2 3 4 5 6 7 8 9 10 11 12
Communications Security Establishment 528,275,122 nil nil nil nil nil nil nil nil nil nil 533,257,136 19,849,256 1,041,683,002
Total 528,275,122 nil nil nil nil nil nil nil nil nil nil 533,257,136 19,849,256 1,041,683,002
 
2024-25 Estimates
Statutory forecasts
Data 2022-23 expenditures
(dollars)		 2023-24 estimates to date
(dollars)		 2024-25 main estimates
(dollars)
Budgetary
Communications Security Establishment
Contributions to employee benefit plans 51,657,305 61,522,809 64,061,482
Other Statutory items listed in the Public Accounts of Canada 3,101 nil nil
Total budgetary 51,660,406 61,522,809 64,061,482
 
2024-25 Estimates
Expenditures by purpose
Budgetary 2022-23 expenditures 2023-24 main estimates 2024-25 main estimates (dollars)
Operating Capital Transfer payments Revenues and other reductions Total
Communications Security Establishment
Defend and advance Canada’s interests and values in and through cyberspace, and through foreign intelligence 931,247,894 965,909,359 1,061,532,258 nil nil (19,849,256) 1,041,683,002
Total 931,247,894 965,909,359 1,061,532,258 nil nil (19,849,256) 1,041,683,002
 
Interim supply requirements
Communications Security Establishment
Approved and Pending Items (dollars) (triage items included)
Vote number Vote wording and explanation(s) of Additional Twelfths Total main estimates Amount granted
1
  • Program expenditures
  • Authority, as referred to in paragraph 29.1(2)(a) of the Financial Administration Act, to expend in the fiscal year — in order to offset expenditures that it incurs in that fiscal year — revenues that it receives in that fiscal year from its operations, including the provision of internal support services under section 29.2 of that Act

No additional twelfths beyond the normal three-twelfths		 977,621,520 244,405,380
 
Top of page

Key topics and media lines

Key topics - high-level

  • CSE’s 2024-25 Main Estimates are $1,041.7M, a net funding increase of $75.8M from the 2023-24 Main Estimates of $965.9M.

Recruitment and retention

  • The Communications Security Establishment (CSE) is an employer of choice – we are fortunate that many talented people choose to work with us. Each year CSE receives on average, 10,000 to 15,000 applications from applicants with diverse skill sets and cultural backgrounds.
  • Over the past several years, CSE has experienced continued and sustained growth. We believe that this growth, combined with our comparatively low attrition rate reflects the positive work environment, employee development and support programs we have in place.
  • CSE has also been recognized as a Top Employer in 2020, 2021, 2022, and 2023, as well as one of Canada’s Top Employer for Youth for the past 7 years in a row.
  • CSE has a very low attrition rate, but we do have employees who choose to pursue opportunities outside the CSE. No organization has a zero percent attrition rate, nor would they want it. We value the contribution of all employees; no matter how long they stay with us.
  • CSE employees are amongst the smartest and most talented people in their fields. Their unique skillsets are in high demand and there are opportunities for them outside of CSE.
  • There was a slight rise in the number of employees leaving during and post-pandemic, but our overall numbers are still very low.

Facts

  • Since 2014, CSE and the Government of Canada have officially attributed 13 cyber incidents to nation-state and state-affiliated actors.
  • CSE’s workforce is 3,232 full-time, permanent employees [CSE annual report 2022-2023].

Budget reductions

  • CSE will contribute $20.0M ongoing by FY2026-27 to TBS ’ budget reduction effort.
  • Reductions will be achieved through efficiencies in operating and salary expenditures without affecting operational priorities.
  • CSE has examined the years ahead and has developed a strategy to meet the spending reductions outlined by TBS .
  • CSE is committed to meeting spending reductions while still delivering its mission. CSE is carefully analyzing the areas that could be reduced with the least operational impact.

Contracting

  • CSE does not publicly disclose information pertaining to contracts with vendors for National Security reasons. Furthermore, we do not disclose detailed information about our workforce.
  • The information would provide hostile actors insights that could be used to compromise CSE operations and defences.
  • That said:
    • CSE is an organization largely made up of IT experts which reduces our need for contracted resources.
    • CSE employees have an obligation under the Ethics Charter to declare any conflicts of interest.
    • We have a robust internal regime for the disclosure, prevention and management of any situation that would give rise to concerns related to conflicts of interest.
    • CSE has a Contract Review Committee and constantly reinforces its contracting processes based on guidance provided by PSPC , the OAG and Central Agencies.

Cyber defence

  • The Government of Canada deals with ongoing and persistent cyber risks and threats every day. These threats are real, they are sophisticated, and they continue to evolve.
  • CSE is always monitoring for cyber threats and as the threat landscape changes and will continue to assess its requirements.
  • Although CSE generally does not comment on cyber incidents, I can assure the committee members that we are working with our federal partners, including smaller departments and agencies, to make them aware of the threats and remind them of cyber security best practices.
  • The government has systems and tools in place to monitor threats, and CSE continues to use all the resources at its disposal to protect the GC from these evolving threats.
  • For example, CSE’s Cyber Centre uses sensors, which are software tools installed in partner IT systems, to detect malicious cyber activity on government networks, systems, and cloud infrastructure.
    • Last year, our automated defences protected the Government of Canada from 2.3 trillion malicious actions, an average of 6 billion a day.
  • CSE works with departments including SSC , TBS , Public Safety, the RCMP , CSIS ), and the Department of National Defence (DND) on a number of cyber security issues.
  • Cyber defence is the responsibility of all GC departments and agencies. We continue to work together to ensure we can detect and investigate potential threats, and take active measures as required.
 
Top of page

Potential questions and answers

1. What funding is CSE receiving in the 2024-25 Main estimates?
  • CSE’s 2024-25 Main Estimates are $1,041.7M a net increase of $75.8M from the 2023-24 Main Estimates of $965.9M.
2. What interdepartmental transfers are included in CSE’s 2024-25 Main estimates?
  • Net decrease of $9.5M associated with inter-departmental transfers, but it is important to note that it is a net decrease relative to the prior year main estimates.
    • A transfer from Department of Finance associated with Retail Payments Oversight Framework (RPOF) ($0.170M);
    • A transfer to GAC associated with Foreign Service Directives ($1.923M);
    • A transfer to NSERC associated with Grants and Contributions ($0.700M);
    • A transfer to CSIS associated with Integrated Terrorism Assessment Centre (ITAC) ($0.426M);
    • A transfer to ISED for the Black Executives Network (BEN) ($0.050M); and
    • A transfer to TBS associated with Finance Community Developmental Programs and Initiatives ($0.037M).
    • The remaining net decrease of $6.5M is primarily driven by a change in Security Information and Event Management (SIEM) funding between the 2023-24 and 2024-25 Main Estimates, as the transfer from SSC for SIEM is not included in the 2024-25 Main Estimates.
3. How does the Government evaluate how much we are spending on cyber security and whether it is enough funding? How do we know it is enough?
  • Like all Government of Canada departments and agencies, CSE has performance measurement indicators to evaluate the effectiveness of its programs.
  • Performance measurement is very important in the stand up the new Cyber Centre and as we look to fully integrate the functions of other government departments, including Shared Services Canada and Public Safety.
  • More broadly, the Government of Canada’s National Cyber Security Action Plan for 2019-2024 provides a whole of government roadmap for how to implement the three major goals identified in the 2018 National Cyber Strategy. For CSE, the Action Plan includes several CSE-led initiatives.
4. Does CSE need more resources?
  • CSE continues to use all the resources at its disposal to protect Canadians as the threats Canada faces continue to evolve. As the situation evolves, CSE will continue to assess its operational requirements.
5. Will the TBS -directed cuts will have any impact on CSE's operations?
  • CSE will contribute $20.0M ongoing by FY2026-27 to TBS ’ budget reduction effort.
  • Reductions will be achieved through efficiencies in operating and salary expenditures without affecting operational priorities.
  • CSE has examined the years ahead and has developed a strategy to meet the spending reductions outlined by TBS .
  • CSE is committed to meeting spending reductions while still delivering its mission. CSE is carefully analyzing the areas that could be reduced with the least operational impact.
6. Are we sufficiently funded for every cyber attack in Canada?
  • The Communications Security Establishment (CSE) is always monitoring for cyber threats that may be directed against Canada and Canadians.
  • CSE continues to use all the resources at its disposal to protect Canadians as the threats Canada faces continue to evolve.
  • As the threat landscape changes, CSE will continue to assess its requirements.
  • It is important to note that many organizations across the Government have a role to play with respect to cyber security in Canada.
  • CSE works with departments including Public Safety, The Royal Canadian Mounted Police (RCMP), Canadian Security Intelligence Service (CSIS), Department of National Defence (DND), Department of Industry (ISED) on a number of cyber security issues.
 
Top of page

Issue notes

Main estimates 2024-25 overview

Speaking notes

  • The Communications Security Establishment (CSE) is one of Canada’s key security and intelligence agencies and the lead federal technical authority for cyber security.
  • CSE provides valuable foreign intelligence to inform the Government of Canada’s decision making and protect national security.
  • Its sophisticated cyber and technical expertise also helps identify, prepare for, and defend against threats to Canada and its cyber systems and networks.
  • While conducting these activities, CSE respects the highest standards of lawfulness, ethics, values, and the protection of the privacy of Canadians.
  • CSE’s 2024-25 Main Estimates are $1,041.7M a net increase of $75.8M from the 2023-24 Main Estimates of $965.9M.

Details

  • The increase in CSE’s Main Estimates can be attributed to:
  • New funding of $20.1 million associated with:
    • launching Canada's Indo-Pacific Strategy;
    • enhancing national security through a classified and unclassified research initiative; and
    • funding for the ongoing operations of the Canadian Centre for Cyber Security.
  • A net increase of $42.9 million resulting from:
    • funding profile changes related to previously approved initiatives in support of CSE's mandate.
  • Additional funding of $38.7 million for:
    • economic increases resulting from the concluded collective agreements.
  • A decrease in funding of $5.6 million as part of the Government of Canada's efforts towards Refocusing Government Spending.
  • A net reduction of $10.8 million associated with statutory funding adjustments.
  • A net decrease of $9.5 million associated with inter-departmental transfers.

Details

New funding of $20.1 million associated with:

  • launching Canada's Indo-Pacific Strategy
    • Budget 2023 announced $29.7M over five years for The Communications Security Establishment (CSE) to increase Canada’s foreign intelligence support to government partners in defence and security in the Indo-Pacific. In addition, CSE’s Canadian Centre for Cyber Security (Cyber Centre) will expand its delivery of cyber security advice and guidance to partners and stakeholders in the region.
  • enhancing national security through a classified and unclassified research initiative
    • Budget 2022 identified funding to enhance national security through a classified and unclassified research initiative.
  • funding for the ongoing operations of the Canadian Centre for Cyber Security.

A net increase of $42.9 million resulting from:

  • funding profile changes related to previously approved initiatives in support of CSE's mandate (could include: Treasury Board submission funding, transfers, and a multitude of other non-statutory and statutory items).

A net decrease of $9.5M associated with inter-departmental transfers, but it is important to note that it is a net decrease relative to the prior year main estimates.

  • A transfer from Department of Finance associated with Retail Payments Oversight Framework (RPOF) ($0.170M);
  • A transfer to GAC associated with Foreign Service Directives ($1.923M);
  • A transfer to NSERC associated with Grants and Contributions ($0.700M);
  • A transfer to CSIS associated with Integrated Terrorism Assessment Centre (ITAC) ($0.426M);
  • A transfer to ISED for the Black Executives Network (BEN) ($0.050M); and
  • A transfer to TBS associated with Finance Community Developmental Programs and Initiatives ($0.037M).
  • The remaining net decrease of $6.5M is primarily driven by a change in Security Information and Event Management (SIEM) funding between the 2023-24 and 2024-25 Main Estimates, as the transfer from SSC for SIEM is not included in the 2024-25 Main Estimates.
 
Top of page

Defence policy update (DPU)

  • The Government announced its Defence Policy Update (DPU), titled: "Our North Strong and Free: A Renewed Vision for Canada’s Defence" on April 8, 2024.
  • The DPU proposes significant new investments in the Communications Security Establishment (CSE), through Budget 2024, to support foreign cyber operations and enhanced foreign intelligence capabilities.
  • The DPU includes a commitment of $917 million over five years to support Canada’s Foreign Cyber Operations Program and increase foreign intelligence collection capabilities and a total commitment of $2.83 billion over 20 years.
  • These investments will enable Canada to take actions through cyberspace to counter threats, advance foreign policy interests, and support military operations.
  • With this investment, CSE will be able to:
    • Protect Canada’s sovereignty, including our Arctic and northern regions.
    • Further help protect Canadians from cyber threats, international extremism, and hostile state activity such as espionage, foreign interference, and disinformation.
    • Keep pace with technological change and maintain our skills advantage in cyberspace and ensure interoperability with our allies.
    • Protect critical infrastructure including the communications and information systems that we rely on; and
    • Contribute operational expertise to military operations and key alliances such as NATO .
  • This additional investment reflects the confidence the government has in CSE because of our track record of delivering results.

Additional details:

Foreign cyber operations (FCO)

FCO is an umbrella term for activities conducted under the CSE’s active cyber operations (ACO) mandate and defensive cyber operations (DCO) mandate – to protect the Government of Canada or systems of importance from malicious activity.

In short: we take action online to counter foreign-based threats and advance Canada’s international affairs, defence, or security interests. These are informed by both our foreign intelligence mandate and our cyber defence capabilities.

CSE has a proven track record that respects and reinforces Canada’s statement on international law and cyber norms outlined by the Minister of Foreign Affairs.

Since the CSE Act came into effect in 2019, CSE has conducted active cyber operations to:

  • counter hostile state activity
  • counter cybercrime
  • disrupt foreign extremists
  • and assist the Canadian Armed Forces

Internationally, the US, UK, and Australia have all made multi-billion-dollar investments in cyber operations. This is now an important aspect of the Five Eyes alliance and we see cyber becoming increasingly relevant to other international partnerships, many of which have domestic impacts, such as the International Counter Ransomware Initiative.

Collaboration with the Canadian Armed Forces

CSE works in close collaboration with the Canadian Armed Forces (CAF) on signals intelligence operations in support of defence intelligence requirements. CSE also provides important technical expertise to the CAF in relation to signals collection and analysis.

This partnership ensures that the CAF has improved domain awareness and force protection as it conducts its operations globally.

Increasingly cyber is becoming a key domain of conflict. This was demonstrated clearly by Russian cyber-attacks on Ukrainian military and infrastructure in the lead-up to and following Russia’s full-scale invasion of Ukraine.

As was announced on April 8, 2024, to improve the Canadian Armed Forces’ ability to conduct cyber operations, CSE will work with the CAF to stand up a joint Canadian cyber capability, as part of the CAF ’s broader efforts to establish a Canadian Armed Forces Cyber Command.

Working together in this way, we will be able to integrate the unique strengths of both organizations into a unified team that will conduct active cyber operations in support of Canadian interests.

Motion of Privilege: Cyber attack against MPs

  • The Government of Canada takes its responsibility very seriously to safeguard Canada’s democratic institutions.
  • Pursuant to the CSE Act, the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) share intelligence and information with government clients, including appropriate authorities in Parliament.
  • The House of Commons and Senate are independent, and its officials are responsible for determining when and how to directly engage with MPs and Senators in situations like this.
  • CSE continues to monitor GC networks and systems of importance for cyber threats. They are working in close coordination with government partners, including relevant security agencies.
  • CSE is prepared to be fully transparent on this matter and adhere to the motion passed at the Committee on Procedure and House Affairs (PROC) which will include appearances and the production of papers. CSE understands the importance of this motion and will work diligently to comply with the committee.

Cyber security incident timeline:

  • In this specific case, CSE and other security agencies received the report from the FBI in June 2022.
  • CSE immediately shared the information, including the names of the targeted parliamentarians, with the House of Commons.
  • This was specific, actionable technical information on this threat, shared with House of Commons IT officials.
  • This is the normal process with other Government of Canada partners when threats are detected.
  • CSE’s engagement with the House of Commons started well before receiving the FBI report in question, as they had been tracking and helping them to take quick and appropriate measures within their systems to protect their network and users against this, and other threats.
  • It’s important to add that, though it may not always be public, CSE has and will continue to take a range of measures to protect MPs and Senators, including remaining in regular contact with the House of Commons officials.

Background

How CSE protects the democratic process
  • CSE helps to protect Canada’s democratic process by:
    • providing foreign signals intelligence to Government of Canada decision makers about the intentions, capabilities, and activities of foreign-based threat actors
    • defending Canada’s federal elections infrastructure from malicious cyber activity
    • proactively helping democratic institutions improve their cyber security
    • sharing unclassified threat assessments with the public
    • sharing information to help Canadians identify disinformation
  • To support Parliamentarians, the Cyber Centre, part of CSE provides a 24/7 hotline service offering direct support in the event of a cyber incident. The Cyber Centre has provided cyber threat briefings to political parties as well as a dedicated point of contact at the Cyber Centre for assistance with cyber security matters.
  • In the run-up to both the 2019 and 2021 federal elections, the Minister of National Defence authorized CSE to conduct defensive cyber operations (DCO) to protect Canada’s election infrastructure from malicious cyber activity if needed. In the event, no activities took place that would have required a DCO response.
  • CSE’s Canadian Centre for Cyber Security works closely with Elections Canada, elections authorities and political parties on cyber security preparedness. This includes offering briefings, training resources, consultations, tailored advice and cyber security services.
  • The Cyber Centre has an ongoing relationship with Elections Canada, which includes:
    • monitoring services to detect cyber threats
    • working with them to secure their computer networks
    • incident response assistance, if necessary
  • Provincial and territorial elections authorities can take advantage of services the Cyber Centre provides to critical infrastructure partners, such as:
    • cyber alerts (including mitigation steps)
    • malware analysis
    • cyber incident advice and support
  • In the event a federal election is called, the Cyber Centre is ready to stand up a dedicated hotline for federal political parties offering 24/7 cyber security technical support. (Outside of election periods, the Cyber Centre has a dedicated point of contact political parties can reach out to on cyber security matters.) Elections Canada will be able to rely on existing channels of communication with the Cyber Centre’s democratic institutions team.
State-sponsored Actors Targeting Parliamentarians (APT31)
  • 18 Canadian members of the Inter-Parliamentary Alliance on China (IPAC) were notified by the Executive Director in April 2024 they were targeted by a Chinese state-sponsored cyber actor. This was information was based on a FBI report that assessed IPAC members were targeted by Advanced Persistent Threat actor (APT) 31.
  • The FBI report was received by Canada’s security agencies, and the information that included the names of the targeted parliamentarians was shared in 2022.
  • CSE shared specific, actionable technical information on this threat with House of Commons (HoC) officials, as would be our normal process with other Government of Canada partners when threats are detected.
  • This engagement with the HoC started well before receiving the FBI report in question, as we had been tracking and helping them to take quick and appropriate measures within their systems to protect their network and users against this, and other threats. Questions related to how MPs are engaged on situations like this would be best addressed by HoC officials.

Top cybersecurity points

  • Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
  • Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
  • CSE’s Canadian Centre for Cyber Security (Cyber Centre) uses sensors to detect malicious cyber activity on government networks, systems and cloud infrastructure; and networks, systems and electronic infrastructures of importance to the Government of Canada.
  • This year, CSE’s automated defences protected the Government of Canada from 2.3 trillion malicious actions, an average of 6.3 billion a day.
  • It is critical that Canada has strong cyber defence capabilities as recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, this was outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
  • CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
  • Cyber security matters to all of us, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
  • If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email cyberincident@cyber.gc.ca or visit https://www.cyber.gc.ca/en/incident-management.

Background

  • CSE utilizes its mandate to reduce the impact of cybercrime on Canadian businesses, organizations, and individuals.
  • Ongoing efforts include:
    • collecting intelligence on cybercrime groups
    • enhancing cyber defences to protect critical systems against cybercrime threats
    • advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
    • using active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups.
  • In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
    • target Canadians, Canadian businesses and institutions
    • launch ransomware attacks
    • solicit, buy and sell cybercrime goods and services
  • These operations imposed costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.

Cyber capabilities within DND / CAF and CSE

  • Potential adversaries are leveraging and developing cyber capabilities in order to exploit vulnerabilities in our cyber systems.
  • The CSE Act allows the Communications Security Establishment (CSE) to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.
  • CSE employs sophisticated cyber tools and technical expertise to help identify, prepare for, and defend against cyber threats, as well as to impose costs on malign actors that seek to harm Canada’s information systems, networks, businesses, and institutions.
  • CSE’s Canadian Centre for Cyber Security (the Cyber Centre) is Canada’s authority on cyber security. As a unified source of expert advice and guidance, CSE’s Cyber Centre leads the Government’s operational response to cyber incidents. The Cyber Centre also collaborates with the rest of government, the private sector and academia to strengthen Canada’s cyber resilience.
  • Cyber operations capabilities are also a key element of military and state power, needed to deter and defeat external threats to Canada in times of peace and conflict.
  • CSE and the Canadian Armed Forces (CAF) continue to work with domestic and international partners to support and build a stable cyberspace built on the respect for international law and the norms of responsible state behaviour in cyberspace.
  • The CAF contributes to international peace and security through cyber threat intelligence sharing with Allies and partners, and through the conduct of full spectrum cyber operations as authorized by the Government of Canada.
  • Specifically, the CAF relies on the force multiplier effects of technology enabled communications, intelligence, and weapon systems, all of which must be secured and defended from cyber threats.

Quick facts

The CSE Act sets out five aspects of CSE’s mandate, which contributes to the lines of operations above. This includes:

  • Cybersecurity and information assurance
  • Foreign intelligence
  • Defensive cyber operations
  • Active cyber operations; and
  • Technical and operational assistance

CSE may use defensive cyber operations to defend Canada against foreign cyber threats by taking online action. For example, CSE could prevent cyber criminals from stealing information from a Government of Canada network by disabling their foreign server. This authority can also be used to defend systems designated by the Minister of National Defence as being of importance to the Government of Canada, such as energy grids, telecommunications networks, healthcare databases, banking systems, and elections infrastructure.

Active cyber operations allow CSE to take online action to disrupt the capabilities of foreign threats to Canada, such as: foreign terrorist groups, foreign cyber criminals, hostile intelligence agencies, and state-sponsored hackers. Threats that CSE disrupts must relate to international affairs, defence or security.

CSE, supported by Global Affairs Canada and the CAF , has a proven track record that respects and reinforces Canada’s statement on international law and cyber norms.

CSE’s Canadian Centre for Cyber Security (the Cyber Centre) reminds the Canadian cybersecurity community, especially infrastructure network defenders, to be vigilant against sophisticated cyber threats.

Canadian Armed Forces cyber capabilities:
  • Defensive cyber operations are employed to respond and/or counter a threat by an adversary in cyberspace, whereas offensive cyber operations are conducted to project power in, or through, cyberspace to achieve effects in support of military objectives.
  • CSE and the CAF continue to develop and scale offensive and defensive cyber operations capabilities. This partnership enables Cyber operations and provides the Government of Canada flexibility in achieving strategic objectives.
  • The Canadian Armed Forces holds the responsibility of safeguarding its military networks on a continuous basis, and actively cooperates with CSE and international partners to help protect joint critical networks among Allies and within NATO .

Background

CSE and its Canadian Centre for Cyber Security
  • Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
  • Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
  • Recent geopolitical events have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment.
  • CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
  • Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
  • If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email cyberincident@cyber.gc.ca or visit https://www.cyber.gc.ca/en/incident-management
Canadian Armed Forces and the Communications Security Establishment Cooperation
  • The Canadian Armed Forces and CSE have a long history of partnership in the development of highly technical and specialized capabilities that support Canadian Armed Forces operations.
  • These activities are subject to CSE’s rigorous system of internal policies and procedures as well as independent oversight and review.
  • Cooperation between the Canadian Armed Forces and CSE ensures the best use of tools and capabilities, reduces unnecessary duplication of efforts, leverages each other’s authorities, and improves the chances of meeting mission objectives.
Authorizations and safeguards
  • Cyber operations undertaken in support of government objectives will be pursuant to the CSE Act, and the Crown Prerogative and the National Defence Act, and will be consistent with Canada’s international legal obligations.
  • CSE is prohibited by law from targeting the private information of Canadians or any person in Canada and must not infringe the Canadian Charter of Rights and Freedoms.
  • Cyber operations conducted under CSE authorities require the Minister of National Defence to issue a Ministerial Authorization, which requires either consultation with the Minister of Foreign Affairs (for defensive cyber operations) or at the request of or with the consent of the Minister of Foreign Affairs (for active cyber operations).
  • In conducting cyber operations, Canada recognizes the importance of adhering to international law and agreed norms of responsible state behaviour in cyberspace. Canada’s authorities and governance framework to conduct cyber operations is supported by a strong independent review process, as well as internal oversight for operational compliance.
  • Foreign cyber operations are further subject to proven checks and balances such as rules of engagement, targeting and collateral damage assessments.
Offensive cyber operations
  • SSE committed the Canadian Armed Forces to assuming a more assertive posture in the cyber domain by hardening its defences, and by conducting offensive cyber operations against potential adversaries as part of government-authorized military missions.
  • The CSE Act allows CSE to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.
Canadian Armed Forces cyber operator
  • SSE directed the creation of the Canadian Armed Forces Cyber Operator occupation. This trade includes both Reserve and Regular Force members who conduct both defensive and offensive cyber operations with the goal of supporting operational objectives and delivering tactical effects.
Cyber mission assurance program
  • Strong, Secure, Engaged (SSE) directed the creation of the Cyber Mission Assurance Program. It is part of the cyber capability to protect critical military networks and equipment from cyber threats. Platforms like aircraft, ships, and vehicles are becoming increasingly dependent on cyberspace. The Cyber Mission Assurance Program ensures that cyber resilience is a primary consideration when new equipment is procured.
  • Cyber threats pose unique challenges in projecting and sustaining military power. The changing global environment and the increasing dependence on cyberspace technologies demands a significant change in our culture. The introduction of cyber-resiliency mindset in all our activities is required for the CAF to maintain its competitive advantage. The Cyber Mission Assurance Program focuses on managing the risks associated with cyber threats, to improve resilience, and increase the probability of mission success.

Ransomware

  • Ransomware poses a threat to Canada’s national security and economic prosperity.
  • Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key.
  • Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
  • Ransomware attacks can result in a victim incurring significant costs, disrupt the operation of important systems, damage or destroy an organization’s data, and reveal sensitive information.
  • A ransomware attack can prevent access to essential services and in some cases, threaten Canadians’ physical safety and wellbeing.
  • The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies, and by issuing advice, guidance, and services for those affected by ransomware.
  • Since May 2023, 250 entities across key sectors including healthcare, energy, manufacturing, finance, government, and education have received timely from CSE’S Canadian Centre for Cyber Security (Cyber Centre) about potential intrusions leading to ransomware, which has saved potential victims from an average ransomware payment of $250,000 per incident.
    • The pre-ransomware notification program has also alerts 10 international partners, including the U.S.
  • The 2023-2024 National Cyber Threat Assessment (NCTA), published by CSE, highlights the cyber threats faced by individuals and organizations in Canada, including ransomware.
  • In 2021, CSE also shared a ransomware playbook for incident prevention and recovery, and an updated cyber threat bulletin.
  • Although it remains a business decision, organizations should be aware that paying a ransom funds criminal enterprises. It also enables further malicious cyber activity and there is no guarantee that cybercriminals will return stolen information.

If pressed on any specific ransomware group and/or activities:

  • CSE does not comment on specific cyber security incidents; however, they continue to provide advice and guidance to Canadians and Canadian organizations, if and when requested.
  • CSE’s Canadian Centre for Cyber Security (Cyber Centre) continues to monitor new forms of ransomware and vulnerabilities, and shares tips and threat information with partners across Canada to help mitigate risks.
  • I encourage all victims to report cybercrime activities to local law enforcement and the RCMP . I would also encourage victims to report a cyber incident to CSE’s Cyber Centre so that they can help share threat-related information with partners to help keep Canada and Canadians safe online.

Quick facts

  • Malicious cyber activity poses an ongoing threat to Canada’s federal institutions and critical infrastructure. This includes criminal activity such as ransomware attacks, and state-sponsored activity for strategic gain. The Cyber Centre’s automated defences protect the Government of Canada from over 6 billion malicious actions a day. These include attempts to map systems and networks, to extract information or to deploy malware.
  • As outlined in the 2023-24 NCTA , Cybercrime is the cyber threat Canadians are most likely to face.

Background

  • Cybercrime is big business for cybercriminal organizations and has major impacts on Canada’s economic security.
  • In the Cyber Centre’s National Cyber Threat Assessment (NCTA) 2023-24 unclassified threat report, they outlined how cybercrime continues to be cyber threat activity most likely to affect Canadians and Canadian organizations.
  • CSE and the Cyber Centre uses the breadth of its mandate to reduce the impact of cybercrime on Canadian businesses, organizations and individuals. Ongoing efforts include:
    • collecting intelligence on cybercrime groups
    • enhancing cyber defences to protect critical systems against cybercrime threats
    • advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
    • using our active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups
  • For example, under these authorities, CSE has launched an enduring campaign to disrupt foreign cybercriminals who threaten Canadian and allied systems with ransomware attacks. These systems include health care providers and other critical infrastructure owners.
  • Under this campaign, CSE has executed dozens of operations that have disrupted the foreign infrastructure used by these groups. These operations have allowed the Cyber Centre and other cyber defenders to work with these system owners to prevent them from becoming victims of ransomware attacks.
  • In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
    • target Canadians, Canadian businesses and institutions
    • launch ransomware attacks; and
    • solicit, buy and sell cybercrime goods and services including:
      • Canadian personal information
      • Canadian proprietary information
      • malware
  • These operations imposed costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.

Accountability, review and oversight of CSE activities

  • The Communications Security Establishment (CSE) operates within strict internal and external mechanisms to ensure its activities comply with the law and protect the privacy of Canadians and people in Canada.
  • CSE is committed to being as open and transparent as possible, while still protecting classified matters of national security.
  • CSE and its Canadian Centre for Cyber Security (Cyber Centre) publish numerous publications on their websites to enhance transparency and share information with Canadians.
  • Some of those key publications include CSE's Annual Report, the National Cyber Threat Assessment (NCTA), Threats to Democratic Institutions Report (TDP), as well as various cyber threat alerts.
  • In addition, in 2019, the government enhanced the review and oversight of CSE, as well as the broader security and intelligence community, following the Royal Assent of Bill C-59, An Act Respecting National Security Matters.
  • CSE is subject to ongoing review by two independent external review bodies:
    • the National Security and Intelligence Review Agency (NSIRA); and
    • the National Security and Intelligence Committee of Parliamentarians (NSICOP).
  • Based on their distinct mandates, both NSIRA and NSICOP are responsible for reviewing Government of Canada national security and intelligence activities. Whereas NSIRA consists of Governor-in-Council appointees, NSICOP consists of members of Parliament and Senate.
  • Together the two organizations help ensure CSE and other members of the security and intelligence community are held accountable for their national security and intelligence activities.
  • Through the publication of reports, NSIRA and NSICOP also increase transparency for Canadians on the activities of the security and intelligence community.
  • To support their reviews, CSE provides both NSICOP and NSIRA with extensive access to information, documents, records, and subject matter experts.
  • In addition to NSIRA and NSICOP , the Intelligence Commissioner provides oversight by approving authorizations for certain CSE and CSIS activities prior to their execution.
  • Similar to review bodies, the Intelligence Commissioner prepares annual public reports that allows Canadians to have a better understanding of the activities CSE and CSIS undertake.
  • CSE values independent, external review and oversight of their activities, and remains committed to a positive and ongoing dialogue with these important institutions.

Background

Quick facts
  • This year, CSE’s internal compliance team conducted:
    • annual compliance knowledge accreditation
    • compliance incident handling
    • compliance monitoring
    • compliance outreach and education
    • annual compliance training
  • CSE submitted a total of 6 Ministerial Authorizations to the IC in FY 2022-23:
    • 3 Foreign Intelligence Authorizations
    • 3 Cybersecurity Authorizations
  • The IC fully approved 4 of the 5 Authorizations. The IC partially approved 1 Cybersecurity Authorization. In this case, the Intelligence Commissioner approved the authorization with the exception of one activity, concluding that there was not enough information to establish whether the activity was covered by the CSE Act.
  • CSE External Review bodies statistics in FY 2022-23:
    • CSE contributed to 22 external reviews:
    • 17 by NSIRA
    • 4 by NSICOP
    • 1 by the Independent Special Rapporteur
    • CSE held 52 briefings, meetings or interviews with review staff
    • CSE responded to 503 questions from our review bodies
  • CSE answered 89% of questions submitted by NSICOP and NSIRA by the requested due date.
  • This year, CSE’s transparency activities included:

Emerging technology

  • CSE is a thought leader and pathfinder in emerging digital and cyber technologies and our expertise is leveraged to inform Government policies on emerging technologies.
  • CSE’s Research Directorate includes teams of researchers in the fields of cryptography, cyber security, vulnerability research, high-performance computing, data science and artificial intelligence.
  • Some examples of emerging technologies include:
  • AI which is used today to perform specific tasks, such as to use facial recognition to access your mobile device or ask your smart speaker for the weather forecast.
    • Quantum computing which is intended to overcome the physical limitations of conventional computing through the application of quantum physics. Quantum computers powerful enough to threaten the security of modern cryptographic methods could be available as early as the 2030s.
  • These technologies are in varying states of development and realization, they all have implications for Canada’s economic prosperity, national security, and the individual safety and privacy of Canadians.
  • While the capabilities of emerging technologies present great opportunities, they can also be maliciously deployed by sophisticated threat actors.

Quick facts

  • The Canadian Centre for Cyber Security (Cyber Centre) has collaborated with international partners on publishing AI guidance. This guidance has included:
    • Engaging with Artificial Intelligence (Australian Signals Directorate)
    • Guidelines for secure AI system development (UK National Cyber Security Centre)

Growth, recruitment, and retention at CSE

  • Over the years, CSE has experienced continued and sustained growth that has enabled the agency to adapt and address the growing cybersecurity landscape.
  • No other governmental agency within Canada is undertaking the crucial cyber security work done at CSE. In fact, only a few other jurisdictions around the world have similar operations thereby positioning Canada’s cryptological agency at the forefront of cyber operations and defence.
  • Recruiting skilled employees in the high-tech field remains challenging and highly competitive. At CSE, the same is true due to the specific technical competencies required for many positions within the organization.
  • Despite the highly competitive nature of recruitment, CSE has been recognized as a Top Employer in 2020, 2021, 2022 and 2023 as well as one of Canada’s Top Employers for Youth for the past seven years in a row.
  • CSE and the Canadian Centre for Cyber Security are hiring for a variety of positions including foreign language intelligence analysts, engineers, mathematicians, computer science specialists and cyber security professionals.
  • CSE also received significant recognition through Budget 2022 in which proposed $875.2 million over five years for CSE, beginning in 2022-23, for additional measures to address the rapidly evolving cyber threat landscape.

Background

Quick facts
  • At CSE there is a 2% retirement and 2% resignation rate for a total of 4% attrition per year.
  • CSE has a relatively low attrition rate which reflects its investment in creating a healthy work environment, encouraging employee professional development, embracing diversity and inclusion as mission imperatives, and having excellent counselling and employee support programs in place.
Equity, Diversity and Inclusion
  • As a security and intelligence organization, promoting diversity at CSE allows the workplace to integrate broad perspectives, experiences, and worldviews into its operations. As a result, individuals can pursue CSE’s mission in a nurturing and welcoming environment.
  • Working with equity-deserving groups both inside and outside of CSE on the promotion of equity, diversity and inclusion will enable CSE to evolve its processes, operations and policies in a manner that serves all Canadians effectively.
  • In effort of working towards reconciliation, CSE continues to participate in the Government of Canada’s IT Apprenticeship Program for Indigenous Peoples, a program that matches First Nations, Inuit and Métis candidates to help them build the skills they need for an IT career in the federal public service.

Bill C-26

  • Bill C-26 (An Act Respecting Cyber Security) is a critical next step that provides the government with new tools and authorities to better bolster defences, improve security across critical federally regulated industry sectors, and protect Canadians and Canada’s critical infrastructure from cyber threats.
  • Bill C-26 contains two parts:
    • Part 1 amends the Telecommunications Act.
    • Part 2 enacts the Critical Cyber Systems Protection Act (CCSPA)
  • The role of the Communications Security Establishment (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) under the CCSPA would be to receive mandatory incident reports from designated operators, and to also provide technical advice, guidance, and services to operators, regulators, the Minister of Public Safety, and other federal departments and agencies with mandates covering these key sectors.
  • To do so, CSE would leverage its existing mandate under the Communications Security Establishment Act (CSE Act) for cyber security and information assurance.
  • The Cyber Centre already has an established working relationship with industry and critical infrastructure operators, who voluntarily report cyber incidents. The CCSPA would allow the Cyber Centre to build on these relationships in a collaborative and more engaged way.
  • Bill C-26 is an important step in this process of strengthening Canada’s cyber security.

Background

  • The Standing Committee on Public Safety (SECU) completed clause-by-clause review of Bill C-26 on April 8, 2024.
  • Next steps are as follows:
    • Following consideration in committee, there is an opportunity for further study of the bill in the House during report stage. Members may, at this stage, propose motions to amend the text of the bill as it was reported by the committee. The debate focuses on the amendments and not on the bill as a whole.
    • When they have voted on the amendments, the bill is finalized, and it is ready for third reading. Third reading is the final stage a bill passes in the House of Commons. It is at this point that members must decide whether the bill should be adopted.
    • Once the motion for third reading has been adopted, the Clerk of the House certifies that the bill has passed and the bill is then sent to the Senate with a message requesting that it consider the bill.
 
Top of page
Last Modified
Update last modified date?
Off
Date modified: