Senate Standing Committee for National Security, Defence and Veterans Affairs (SECD): April 8, 2024

Table of contents

Appearance details

Date: April 8, 2024
Location: Room C-128, Senate of Canada
Time: 4:00 pm – 6:00 pm

Appearing:

  • The Honourable Bill Blair,
    Minister of National Defence
  • Caroline Xavier,
    Chief, Communications Security Establishment (CSE)
  • Bill Matthews (TBC)
    Associate Head, Canadian Centre for Cyber Security (CCCS)
  • Bill Matthews (TBC)
    Deputy Minister, Department of National Defence
  • Troy Crosby (TBC)
    Assistant Deputy Minister (Materiel) Department of National Defence
  • Lieutenant-General Frances Allen (TBC)
    Vice Chief of the Defence Staff
  • Lieutenant-General Lise Bourgon (TBC)
    Chief of Military Personnel

Details: Invited to discuss the Minister of National Defence’s Mandate and Priorities.  

 

Key highlights and prep material

Key topics – high-level

  • The Communications Security Establishment has the mandate to help prevent cyber threats from materializing in Canada, to help raise the cybersecurity bar and make Canada a harder target, and to help improve readiness to respond and recover from incidents particularly in critical infrastructure sectors.
  • The mandate letter requirement is to “ensure that [CSE is] in a position to lead Canada’s response to rapidly evolving cyber risks and threats, including through adequate resources and close cooperation with our allies”.
  • With adequate resources, CSE can reduce the threat, strengthen our cyber defences by raising the bar, and responding to and recovering from (fewer) incidents.

Recruitment and retention

  • The Communications Security Establishment (CSE) is an employer of choice – we are fortunate that many talented people choose to work with us. Each year CSE receives on average, 10,000 to 15,000 applications from applicants with diverse skill sets and cultural backgrounds.
  • Over the past several years, CSE has experienced continued and sustained growth. We believe that this growth, combined with our comparatively low attrition rate reflects the positive work environment, employee development and support programs we have in place.
  • CSE has also been recognized as a Top Employer in 2020, 2021, 2022, and 2023, as well as one of Canada’s Top Employer for Youth for the past 7 years in a row.
  • CSE has a very low attrition rate, but we do have employees who choose to pursue opportunities outside the CSE. No organization has a zero percent attrition rate, nor would they want it. We value the contribution of all employees; no matter how long they stay with us.
  • CSE employees are amongst the smartest and most talented people in their fields. Their unique skillsets are in high demand and there are opportunities for them outside of CSE. 
  • There was a slight rise in the number of employees leaving during and post-pandemic, but our overall numbers are still very low.

Facts

  • Since 2014, CSE and the Government of Canada have officially attributed 13 cyber incidents to nation-state and state-affiliated actors.
  • CSE’s workforce is 3,232 full-time, permanent employees [CSE annual report 2022-2023].

Budget reductions

  • There are no cuts to CSE's 2023-2024 operating budget. The reductions begin in 2024-2025 and ramp up to a permanent reduction of $20M by 2026-27.
  • CSE is currently examining the years ahead and is developing a strategy to meet the spending reductions outlined by TBS.
  • CSE is committed to meeting spending reductions while still delivering its mission. CSE is carefully analyzing the areas that could be reduced with the least operational impact.

Contracting

  • CSE does not publicly disclose information pertaining to contracts with vendors for National Security reasons. We also do not disclose detailed information about our workforce.
  • The information would provide hostile actors insights that could be used to compromise CSE operations and defences. 
  • That said:
    • CSE is an organization largely made up of IT experts which reduces our need for contracted resources.
    • CSE employees have an obligation under the Ethics Charter to declare any conflicts of interest.
    • We have a robust internal regime for the disclosure, prevention and management of any situation that would give rise to concerns related to conflicts of interest.
    • CSE has a Contract Review Committee and constantly reinforces its contracting processes based on guidance provided by PSPC, the OAG and Central Agencies.

Cyber defence

  • The Government of Canada deals with ongoing and persistent cyber risks and threats every day. These threats are real, they are sophisticated, and they continue to evolve.
  • CSE is always monitoring for cyber threats and as the threat landscape changes, and will continue to assess its requirements.
  • Although CSE generally does not comment on cyber incidents, I can assure the committee members that we are working with our federal partners, including smaller departments and agencies, to make them aware of the threats and remind them of cyber security best practices.
  • The government has systems and tools in place to monitor threats, and CSE continues to use all the resources at its disposal to protect the GC from these evolving threats.
  • For example, CSE’s Cyber Centre uses sensors, which are software tools installed in partner IT systems, to detect malicious cyber activity on government networks, systems, and cloud infrastructure.
    • Last year, our automated defences protected the Government of Canada from 2.3 trillion malicious actions, an average of 6 billion a day.
  • CSE works with departments including SSC, TBS, Public Safety, the RCMP, CSIS, and the Department of National Defence (DND) on a number of cyber security issues.
  • Cyber defence is the responsibility of all GC departments and agencies. We continue to work together to ensure we can detect and investigate potential threats, and take active measures as required.

Arctic

  • As climate change rapidly evolves and causes Arctic ice to melt, it will result in emerging geopolitical, economic, and security uncertainties in Canada’s Arctic.
    • Driven by climate change, Arctic sea-routes are becoming increasingly accessible to commercial and military vessels, and major sea-routes such as the Northern Sea Route, the Northwest Passage, and the Northeast Passage are increasing in geo-political importance.
    • Geo-political competition among global powers is increasing pressure on Canada to continuously assert Canadian and Indigenous Arctic sovereignty.
  • Recognizing threats in the region, and as highlighted in the mandate letters issued to both the Minister of Foreign Affairs and the Minister of National Defence, the Arctic is one of Canada’s foremost security priorities, including as it relates to cyber.
    • In response, the Government of Canada has announced major investments in and Continental Defence and modernizing NORAD. 
  • Greater situational awareness and operational effectiveness in cyber space is a critical component to safeguarding and advancing our national and collective interests in the Arctic.
  • At present, Canada’s intelligence community, including the Communications Security Establishment (CSE), assists the Government of Canada in managing the increasingly complex Arctic and Northern policy environment by supporting the implementation of Canada’s Arctic and Northern Policy Framework (ANPF).
    • The ANFP sets out a common long-term vision to 2030 for the Canadian and circumpolar Arctic, with goals related to health, security, prosperity, resilience, infrastructure, science, the environment, the rules-based international order, and reconciliation between Indigenous and non-Indigenous peoples.
  • CSE continues to provide the most comprehensive information available related to Canada’s intelligence priorities, directly furthering Canadian safety, security, and prosperity.

Attribution process

  • Government attribution of a cyberattack, or a foreign interference campaign, is extremely difficult. There are many considerations involved in the process to attribute malicious cyber activity to specific threat actors, and/or nation-states.
  • This process includes a whole-of-government approach and spans several departmental mandates, including CSE, CSIS, RCMP, and Global Affairs Canada.
  • The methods and tradecraft involved with detection, assessment, and attribution are complex and time consuming, and levels of certainty vary to a wide degree, while attribution may give an adversary insight into our cyber defence capabilities.
  • By naming and shaming the perpetrators behind these malicious cyber activities, Canada and its allies present a united front to define and deter unacceptable behaviour in cyber space.
 

Potential questions and answers

1. How does the Government evaluate how much we are spending on cyber security and whether it is enough funding? How do we know it is enough?

  • Like all Government of Canada departments and agencies, CSE has performance measurement indicators to evaluate the effectiveness of its programs.
  • Performance measurement is very important in the stand up the new Cyber Centre and as we look to fully integrate the functions of other government departments, including Shared Services Canada and Public Safety.
  • More broadly, the Government of Canada’s National Cyber Security Action Plan for 2019-2024 provides a whole of government roadmap for how to implement the three major goals identified in the 2018 National Cyber Strategy. For CSE, the Action Plan includes several CSE-led initiatives.

2. Does CSE need more resources?

  • CSE continues to use all the resources at its disposal to protect Canadians as the threats Canada faces continue to evolve. As the situation evolves, CSE will continue to assess its requirements.

3. Will the TBS-directed cuts will have any impact on CSE's operations?

  • There are no cuts to CSE's 2023-2024 operating budget. The reductions begin in 2024-2025 and ramp up to a permanent reduction of $20M by 2026-27.
  • CSE has examined the years ahead and has developed a strategy to meet the spending reductions outlined by TBS.
  • CSE is committed to meeting spending reductions while still delivering its mission. CSE is carefully analyzing the areas that could be reduced with the least operational impact.

4. Are we sufficiently funded for every cyber attack in Canada?

  • The Communications Security Establishment (CSE) is always monitoring for cyber threats that may be directed against Canada and Canadians.
  • CSE continues to use all the resources at its disposal to protect Canadians as the threats Canada faces continue to evolve.
  • As the threat landscape changes, CSE will continue to assess its requirements.
  • It is important to note that many organizations across the Government have a role to play with respect to cyber security in Canada.
  • CSE works with departments including Public Safety, The Royal Canadian Mounted Police (RCMP), Canadian Security Intelligence Service (CSIS), Department of National Defence (DND), Department of Industry (ISED) on a number of cyber security issues.

Issue Notes

Top Cybersecurity Points

  • Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
  • Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
  • CSE’s Canadian Centre for Cyber Security (Cyber Centre) uses sensors to detect malicious cyber activity on government networks, systems and cloud infrastructure; and networks, systems and electronic infrastructures of importance to the Government of Canada.
  • This year, CSE’s automated defences protected the Government of Canada from 2.3 trillion malicious actions, an average of 6.3 billion a day.
  • It is critical that Canada has strong cyber defence capabilities as recent geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats, this was outlined in the 2023-2024 National Cyber Threat Assessment (NCTA).
  • CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
  • Cyber security matters to all of us, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
  • If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email contact@cyber.gc.ca or visit https://www.cyber.gc.ca/en/incident-management.

Background

  • CSE utilizes its mandate to reduce the impact of cybercrime on Canadian businesses, organizations, and individuals.
  • Ongoing efforts include:
    • collecting intelligence on cybercrime groups
    • enhancing cyber defences to protect critical systems against cybercrime threats
    • advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
    • using active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups.
  • In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
    • target Canadians, Canadian businesses and institutions
    • launch ransomware attacks
    • solicit, buy and sell cybercrime goods and services
  • These operations imposed costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.

Cyber capabilities within DND/CAF and CSE

  • Potential adversaries are leveraging and developing cyber capabilities in order to exploit vulnerabilities in our cyber systems.
  • The CSE Act allows the Communications Security Establishment (CSE) to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.
  • CSE employs sophisticated cyber tools and technical expertise to help identify, prepare for, and defend against cyber threats, as well as to impose costs on malign actors that seek to harm Canada’s information systems, networks, businesses, and institutions.
  • CSE’s Canadian Centre for Cyber Security (the Cyber Centre) is Canada’s authority on cyber security. As a unified source of expert advice and guidance, CSE’s Cyber Centre leads the Government’s operational response to cyber incidents. The Cyber Centre also collaborates with the rest of government, the private sector and academia to strengthen Canada’s cyber resilience.
  • Cyber operations capabilities are also a key element of military and state power, needed to deter and defeat external threats to Canada in times of peace and conflict.
  • CSE and the Canadian Armed Forces (CAF) continue to work with domestic and international partners to support and build a stable cyberspace built on the respect for international law and the norms of responsible state behaviour in cyberspace.
  • The CAF contributes to international peace and security through cyber threat intelligence sharing with Allies and partners, and through the conduct of full spectrum cyber operations as authorized by the Government of Canada.
  • Specifically, the CAF relies on the force multiplier effects of technology enabled communications, intelligence, and weapon systems, all of which must be secured and defended from cyber threats.

Quick facts

The CSE Act sets out five aspects of CSE’s mandate, which contributes to the lines of operations above. This includes:

  • Cybersecurity and information assurance
  • Foreign intelligence
  • Defensive cyber operations
  • Active cyber operations; and
  • Technical and operational assistance

CSE may use defensive cyber operations to defend Canada against foreign cyber threats by taking online action. For example, CSE could prevent cyber criminals from stealing information from a Government of Canada network by disabling their foreign server. This authority can also be used to defend systems designated by the Minister of National Defence as being of importance to the Government of Canada, such as energy grids, telecommunications networks, healthcare databases, banking systems, and elections infrastructure.

Active cyber operations allow CSE to take online action to disrupt the capabilities of foreign threats to Canada, such as: foreign terrorist groups, foreign cyber criminals, hostile intelligence agencies, and state-sponsored hackers. Threats that CSE disrupts must relate to international affairs, defence or security.

CSE, supported by Global Affairs Canada and the CAF, has a proven track record that respects and reinforces Canada’s statement on international law and cyber norms.

CSE’s Canadian Centre for Cyber Security (the Cyber Centre) reminds the Canadian cybersecurity community, especially infrastructure network defenders, to be vigilant against sophisticated cyber threats.

 

Canadian Armed Forces cyber capabilities:

  • Defensive cyber operations are employed to respond and/or counter a threat by an adversary in cyberspace, whereas offensive cyber operations are conducted to project power in, or through, cyberspace to achieve effects in support of military objectives.
  • CSE and the CAF continue to develop and scale offensive and defensive cyber operations capabilities. This partnership enables Cyber operations and provides the Government of Canada flexibility in achieving strategic objectives.
  • The Canadian Armed Forces holds the responsibility of safeguarding its military networks on a continuous basis, and actively cooperates with CSE and international partners to help protect joint critical networks among Allies and within NATO.

Background

CSE and its Canadian Centre for Cyber Security

  • Cyber security is a foundation for Canada’s future, for our digital economy, our personal safety, and national prosperity and competitiveness.
  • Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada’s information systems and networks, and to take active measures to address them.
  • Recent geopolitical events have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment.
  • CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
  • Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada’s cyber security bar.
  • If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email contact@cyber.gc.ca or visit https://www.cyber.gc.ca/en/incident-management
 

Canadian Armed Forces and the Communications Security Establishment Cooperation

  • The Canadian Armed Forces and CSE have a long history of partnership in the development of highly technical and specialized capabilities that support Canadian Armed Forces operations.
  • These activities are subject to CSE’s rigorous system of internal policies and procedures as well as independent oversight and review.
  • Cooperation between the Canadian Armed Forces and CSE ensures the best use of tools and capabilities, reduces unnecessary duplication of efforts, leverages each other’s authorities, and improves the chances of meeting mission objectives.

Authorizations and safeguards

  • Cyber operations undertaken in support of government objectives will be pursuant to the CSE Act, and the Crown Prerogative and the National Defence Act, and will be consistent with Canada’s international legal obligations. 
  • CSE is prohibited by law from targeting the private information of Canadians or any person in Canada and must not infringe the Canadian Charter of Rights and Freedoms.
  • Cyber operations conducted under CSE authorities require the Minister of National Defence to issue a Ministerial Authorization, which requires either consultation with the Minister of Foreign Affairs (for defensive cyber operations) or at the request of or with the consent of the Minister of Foreign Affairs (for active cyber operations).
  • In conducting cyber operations, Canada recognizes the importance of adhering to international law and agreed norms of responsible state behaviour in cyberspace. Canada’s authorities and governance framework to conduct cyber operations is supported by a strong independent review process, as well as internal oversight for operational compliance.
  • Foreign cyber operations are further subject to proven checks and balances such as rules of engagement, targeting and collateral damage assessments.

Offensive cyber operations

  • SSE committed the Canadian Armed Forces to assuming a more assertive posture in the cyber domain by hardening its defences, and by conducting offensive cyber operations against potential adversaries as part of government-authorized military missions.
  • The CSE Act allows CSE to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to, or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.

Canadian Armed Forces cyber operator

  • SSE directed the creation of the Canadian Armed Forces Cyber Operator occupation. This trade includes both Reserve and Regular Force members who conduct both defensive and offensive cyber operations with the goal of supporting operational objectives and delivering tactical effects.

Cyber mission assurance program

  • Strong, Secure, Engaged (SSE) directed the creation of the Cyber Mission Assurance Program. It is part of the cyber capability to protect critical military networks and equipment from cyber threats. Platforms like aircraft, ships, and vehicles are becoming increasingly dependent on cyberspace. The Cyber Mission Assurance Program ensures that cyber resilience is a primary consideration when new equipment is procured.
  • Cyber threats pose unique challenges in projecting and sustaining military power. The changing global environment and the increasing dependence on cyberspace technologies demands a significant change in our culture. The introduction of cyber-resiliency mindset in all our activities is required for the CAF to maintain its competitive advantage. The Cyber Mission Assurance Program focuses on managing the risks associated with cyber threats, to improve resilience, and increase the probability of mission success.

Ransomware

  • Ransomware poses a threat to Canada’s national security and economic prosperity.
  • Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key.
  • Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
  • Ransomware attacks can result in a victim incurring significant costs, disrupt the operation of important systems, damage or destroy an organization’s data, and reveal sensitive information.
  • A ransomware attack can prevent access to essential services and in some cases, threaten Canadians’ physical safety and wellbeing.
  • The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies, and by issuing advice, guidance, and services for those affected by ransomware.
  • Since May 2023, 250 entities across key sectors including healthcare, energy, manufacturing, finance, government, and education have received timely notifications from CSE’S Canadian Centre for Cyber Security (Cyber Centre) about potential intrusions leading to ransomware, which has saved potential victims from an average ransomware payment of $250,000 per incident.
  • The 2023-2024 National Cyber Threat Assessment (NCTA), published by CSE, highlights the cyber threats faced by individuals and organizations in Canada, including ransomware. 
  • In 2021, CSE also shared a ransomware playbook for incident prevention and recovery, and an updated cyber threat bulletin.
  • Although it remains a business decision, organizations should be aware that paying a ransom funds criminal enterprises. It also enables further malicious cyber activity and there is no guarantee that cybercriminals will return stolen information.

If pressed on any specific ransomware group and/or activities:

  • CSE does not comment on specific cyber security incidents; however, they continue to provide advice and guidance to Canadians and Canadian organizations, if and when requested.
  • CSE’s Canadian Centre for Cyber Security (Cyber Centre) continues to monitor new forms of ransomware and vulnerabilities, and shares tips and threat information with partners across Canada to help mitigate risks.
  • I encourage all victims to report cybercrime activities to local law enforcement and the RCMP. I would also encourage victims to report a cyber incident to CSE’s Cyber Centre so that they can help share threat-related information with partners to help keep Canada and Canadians safe online.

Quick facts

  • Malicious cyber activity poses an ongoing threat to Canada’s federal institutions and critical infrastructure. This includes criminal activity such as ransomware attacks, and state-sponsored activity for strategic gain. The Cyber Centre’s automated defences protect the Government of Canada from over 6 billion malicious actions a day. These include attempts to map systems and networks, to extract information or to deploy malware.
  • As outlined in the 2023-24 NCTA, Cybercrime is the cyber threat Canadians are most likely to face.

Background

  • Cybercrime is big business for cybercriminal organizations and has major impacts on Canada’s economic security.
  • In the Cyber Centre’s National Cyber Threat Assessment (NCTA) 2023-24 unclassified threat report, they outlined how cybercrime continues to be cyber threat activity most likely to affect Canadians and Canadian organizations.
  • CSE and the Cyber Centre uses the breadth of its mandate to reduce the impact of cybercrime on Canadian businesses, organizations and individuals. Ongoing efforts include:
    • collecting intelligence on cybercrime groups
    • enhancing cyber defences to protect critical systems against cybercrime threats
    • advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
    • using our active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups
  • For example, under these authorities, CSE has launched an enduring campaign to disrupt foreign cybercriminals who threaten Canadian and allied systems with ransomware attacks. These systems include health care providers and other critical infrastructure owners.
  • Under this campaign, CSE has executed dozens of operations that have disrupted the foreign infrastructure used by these groups. These operations have allowed the Cyber Centre and other cyber defenders to work with these system owners to prevent them from becoming victims of ransomware attacks.
  • In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
    • target Canadians, Canadian businesses and institutions
    • launch ransomware attacks; and
    • solicit, buy and sell cybercrime goods and services including:
      • Canadian personal information
      • Canadian proprietary information
      • malware
  • These operations imposed costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.
 

Brookfield Global Relocation Services (BGRS)

  • The Government of Canada became aware of an incident affecting Brookfield Global Relocation Services (BGRS) systems on September 29, 2023.
  • Although the Canadian Centre for Cyber Security generally does not comment on cyber incidents, we can confirm that we have been in touch with BGRS and have offered support.
  • Since the incident, the Government of Canada has continued to be in regular contact with BGRS to better understand the nature of the incident, and the departments and number of government employees who have been impacted.

Additional details: TBS remains the lead on the coordination of the recovery event and the material privacy breach.

Foreign interference and the democratic process

  • The Government of Canada takes seriously its responsibility to protect Canadians from foreign interference, regardless of the source.
  • CSE’s 2023-24 National Cyber Threat Assessment (NCTA) highlights how online foreign influence activities have become a new normal, with adversaries seeking to influence elections and impact international discourse related to current events.
  • In the lead up to and during the 2021 Federal Election, the Communications Security Establishment (CSE), the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the Royal Canadian Mounted Police (RCMP) worked together closely as part of the Security and Intelligence Threats to Elections Task Force (SITE).
  • Our security and intelligence agencies coordinated integrated government efforts by raising awareness, monitoring, and reporting on threats, and providing advice to protect our democracy.
  • CSE’s Canadian Center for Cyber Security (Cyber Centre) also worked with Elections Canada to help secure election systems and infrastructure.
  • SITE Task Force partners continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
  • Canada’s democratic institutions and processes are strong and resilient and CSE continues to support their continued protection.

Background

Reviews of foreign interference

  • In March 2023, the Prime Minister announced measures to strengthen trust in Canada’s democracy.
  • This included requesting NSICOP and NSIRA to review the impact of foreign interference in the 2019 and 2021 federal elections, and how Canada’s national security agencies handled the threat. NSIRA and NSICOP launched their reviews in March, with CSE receiving the first requests for information in April.
  • The Prime Minister appointed an Independent Special Rapporteur (ISR) on Foreign Interference who published the first report and interim recommendations on May 23, 2023.
  • The report:
    • Reaffirmed that the 2019 and 2021 federal elections were free and fair.
    • Acknowledges that foreign interference is a serious threat and makes recommendations to detect, deter, and counter it.
    • Found that there are shortcomings in the way intelligence is communicated and processed from security agencies through to government.
    • Concluded that a further public process is required to address issues relating to foreign interference, but there should not and need not be a separate Public Inquiry.
  • In September 2023, the Government of Canada launched a Public Inquiry into Foreign Interference in Federal Electoral Processes and Democratic Institutions. The Public Inquiry began its public hearings in January 2024.
    • On February 1, 2024, Alia Tayyeb, Deputy Chief of Signals Intelligence, CSE appeared alongside David Vigneault, Director, CSIS; and, Dan Rogers, Deputy National Security and Intelligence Advisor, PCO.
    • CSE has an excellent record with regard to respecting its mandate, securing information, and engaging positively with review bodies.  CSE’s support to the inquiry is paramount in ensuring accountability, instilling confidence and trust by the public, and maintaining the resiliency of Canada’s democracy.
  • CSE welcomes these external reviews into foreign interference in Canada’s elections and will continue to support them and Parliament moving forward.
 

Accountability, review and oversight

  • The Communications Security Establishment (CSE) operates within strict internal and external mechanisms to ensure its activities comply with the law and protect the privacy of Canadians and people in Canada.
  • CSE is committed to being as open and transparent as possible, while still protecting classified matters of national security.
  • CSE and its Canadian Centre for Cyber Security (Cyber Centre) publish numerous publications on their websites to enhance transparency and share information with Canadians.
  • Some of those key publications include CSE's Annual Report, the National Cyber Threat Assessment (NCTA), Threats to Democratic Institutions Report (TDP), as well as various cyber threat alerts.
  • In addition, in 2019, the government enhanced the review and oversight of CSE, as well as the broader security and intelligence community, following the Royal Assent of Bill C-59, An Act Respecting National Security Matters.
  • CSE is subject to ongoing review by two independent external review bodies:
    • the National Security and Intelligence Review Agency (NSIRA); and
    • the National Security and Intelligence Committee of Parliamentarians (NSICOP).
  • Based on their distinct mandates, both NSIRA and NSICOP are responsible for reviewing Government of Canada national security and intelligence activities. Whereas NSIRA consists of Governor-in-Council appointees, NSICOP consists of members of Parliament and Senate.
  • Together the two organizations help ensure CSE and other members of the security and intelligence community are held accountable for their national security and intelligence activities.
  • Through the publication of reports, NSIRA and NSICOP also increase transparency for Canadians on the activities of the security and intelligence community.
  • To support their reviews, CSE provides both NSICOP and NSIRA with extensive access to information, documents, records, and subject matter experts.
  • In addition to NSIRA and NSICOP, the Intelligence Commissioner provides oversight by approving authorizations for certain CSE and CSIS activities prior to their execution.
  • Similar to review bodies, the Intelligence Commissioner prepares annual public reports that allows Canadians to have a better understanding of the activities CSE and CSIS undertake.
  • CSE values independent, external review and oversight of their activities, and remains committed to a positive and ongoing dialogue with these important institutions.   

Background

Quick facts

  • This year, CSE’s internal compliance team conducted:
  • annual compliance knowledge accreditation
  • compliance incident handling
  • compliance monitoring
  • compliance outreach and education
  • annual compliance training
  • CSE submitted a total of 6 Ministerial Authorizations to the IC in FY 2022-23:
    • 3 Foreign Intelligence Authorizations
    • 3 Cybersecurity Authorizations
  • The IC fully approved 4 of the 5 Authorizations. The IC partially approved 1 Cybersecurity Authorization. In this case, the Intelligence Commissioner approved the authorization with the exception of one activity, concluding that there was not enough information to establish whether the activity was covered by the CSE Act.
  • CSE External Review bodies statistics in FY 2022-23:
    • CSE contributed to 22 external reviews:
    • 17 by NSIRA
    • 4 by NSICOP
    • 1 by the Independent Special Rapporteur
    • CSE held 52 briefings, meetings or interviews with review staff
    • CSE responded to 503 questions from our review bodies
  • CSE answered 89% of questions submitted by NSICOP and NSIRA by the requested due date.

Growth, recruitment, and retention

  • Over the years, CSE has experienced continued and sustained growth that has enabled the agency to adapt and address the growing cybersecurity landscape.
  • No other governmental agency within Canada is undertaking the crucial cyber security work done at CSE. In fact, only a few other jurisdictions around the world have similar operations thereby positioning Canada’s cryptological agency at the forefront of cyber operations and defence.
  • Recruiting skilled employees in the high-tech field remains challenging and highly competitive. At CSE, the same is true due to the specific technical competencies required for many positions within the organization.
  • Despite the highly competitive nature of recruitment, CSE has been recognized as a Top Employer in 2020, 2021, 2022 and 2023 as well as one of Canada’s Top Employers for Youth for the past seven years in a row.
  • CSE and the Canadian Centre for Cyber Security are hiring for a variety of positions including foreign language intelligence analysts, engineers, mathematicians, computer science specialists and cyber security professionals.
  • CSE also received significant recognition through Budget 2022 in which proposed $875.2 million over five years for CSE, beginning in 2022-23, for additional measures to address the rapidly evolving cyber threat landscape.

Background

Quick Facts

  • At CSE there is a 2% retirement and 2% resignation rate for a total of 4% attrition per year.
  • CSE has a relatively low attrition rate which reflects its investment in creating a healthy work environment, encouraging employee professional development, embracing diversity and inclusion as mission imperatives, and having excellent counselling and employee support programs in place.
 

Equity, Diversity and Inclusion

  • As a security and intelligence organization, promoting diversity at CSE allows the workplace to integrate broad perspectives, experiences, and worldviews into its operations. As a result, individuals can pursue CSE’s mission in a nurturing and welcoming environment.
  • Working with equity-deserving groups both inside and outside of CSE on the promotion of equity, diversity and inclusion will enable CSE to evolve its processes, operations and policies in a manner that serves all Canadians effectively.
  • In effort of working towards reconciliation, CSE continues to participate in the Government of Canada’s IT Apprenticeship Program for Indigenous Peoples, a program that matches First Nations, Inuit and Métis candidates to help them build the skills they need for an IT career in the federal public service.

Background

CSE highlights of Minister of National Defence’s mandate letter

  • A safe and secure cyber space is critical for the security, stability and prosperity of Canada.
  • We know that the global cyber security threat landscape is rapidly evolving. Cyber incidents, including significant critical infrastructure incidents, are increasing in number and sophistication.
  • The Government of Canada is equipped with the appropriate tools to respond to the challenge. There is a clear gap, particularly when it comes to this demand versus the resources we have available to respond to these challenges.
  • That is why in my mandate letter the Prime Minister specifically included three cyber related priorities to respond to the evolving threat environment. One of these priorities was ensuring that the Communications Security Establishment (CSE) is in a position to lead the national response to rapidly evolving cyber risks and threats, including through adequate resources.
    • Every day, CSE uses its sophisticated cyber capabilities to identify and defend against threats to Canada’s information systems and networks.
    • However, the number of incidents CSE is being called on to support and help recover from is increasing in frequency, severity and sophistication.
    • To help address this growing challenge, CSE is working with Public Safety as well as other departments on a series of immediate policy and legislative initiatives to prevent cyberattacks, raise the bar for resilience, and manage current incidents.
    • This work will also be done in close cooperation with our international allies.
  • With adequate resources, CSE can reduce the threat, strengthen our cyber defences by raising the bar, and responding to and recovering from (fewer) incidents.
  • I was also tasked with working with my colleagues, the Minister of Public Safety, the Minister of Foreign Affairs, and the Minister of Innovation, Science and Industry, and other implicated ministers on the renewal of the National Cyber Security Strategy.
    • The renewed strategy will outline Canada's long-term plan to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.
  • As outlined in my mandate letter I will also work to continue to advance the National Cyber Security Action Plan.
    • This will help ensure that Canada is well positioned to address urgent and pressing cyber risks, and to ensure the security and integrity of Canada’s critical systems.

Details

Background

  • For over 75 years, the CSE has been Canada’s national signals intelligence agency for foreign intelligence and the technical authority for cyber security and information assurance.
  • CSE’s foreign signals intelligence program provides Canada’s senior decision-makers with insights into the activities, motivations, capabilities, and intentions of foreign adversaries, and the international readiness and foreign reactions to a variety of diverse global events.
  • CSE’s sophisticated cyber and technical expertise helps identify, prepare for, and defend against the most severe and persistent cyber threats against Canada’s computer networks and systems.

CSE’s mandate

  • The Communications Security Establishment Act (the CSE Act) sets out five aspects CSE’s mandate: cyber security and information assurance; foreign intelligence; defensive cyber operations; active cyber operations; and technical and operation assistance. We use our technical expertise in all five aspects of our mandate. We do so to keep Canadians safe and secure.

Cyber threat environment

  • As outlined in the National Cyber Threat Assessment report (NCTA 2023-24), the number of cyber threat actors is rising, and they are becoming more sophisticated.
  • Cybercrime continues to be the cyber threat that is most likely to affect Canadians and Canadian organizations, and CSE’s Cyber Centre judges that ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers.
  • Ransomware is the most common cyber threat Canadian’s face, and it is on the rise.
  • The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.

Specific cyber mentions in MND’s mandate letter

  • Oversee the Communications Security Establishment to ensure that they are in a position to lead Canada’s response to rapidly evolving cyber risks and threats, including through adequate resources and close cooperation with our allies.
  • Work with the Minister of Public Safety, the Minister of Foreign Affairs, and the Minister of Innovation, Science and Industry, and in collaboration with implicated ministers, to develop and implement a renewed National Cyber Security Strategy, which will articulate Canada's long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.
  • Working with the Minister of Public Safety, Minister of Justice and Attorney General of Canada and Minister of Innovation, Science and Industry, and with the support of the Minister of Foreign Affairs, continue to advance the National Cyber Security Action Plan, ensuring Canada is well positioned to adapt to and combat cyber risks, and ensure the security and integrity of Canada’s critical systems.
Date modified: