Appearance by the Minister of National Defence and Senior Officials, before: House standing committee on National Defence (NDDN)

Main Estimates (2020-2021)

Appearance details

Date: Monday November 2, 2020 (TBC)

Location: Meeting to be held virtually

Time: TBD

Appearing:

  • Honourable Harjit S. Sajjan, Minister of National Defence
  • Jody Thomas Deputy Minister, National Defence
  • LGen Michael Rouleau Vice Chief of the Defence Staff, National Defence
  • Cheri Crosby Chief Financial Officer, National Defence
  • Troy CrosbyAssistant Deputy Minister (Materiel), National Defence
  • RAdm Genevieve Bernatchez Judge Advocate General, National Defence
  • Shelly Bruce Chief, Communications Security Estalishment

Details: The Minister of National Defence will appear alongside senior officials to speak on the Main Estimates, 2020-2021.

On September 30th, the President of the Treasury Board re-tabled the Main Estimates (2020-21) in the House for the new Parliamentary session. These Estimates were previously tabled in February 2020, but had not been approved or studied by committees due to COVID-19.

Issue notes

CSE general overview note

Communications Security Estalishment – Main Estimates, 2020-2021

  • The Communications Security Establishment plays a critical role in protecting Canada’s security, while safeguarding Canadians’ rights.
  • The Communications Security Establishment provides valuable foreign intelligence to inform the Government of Canada’s decision making and protect national security.
  • Its sophisticated cyber and technical expertise also helps identify, prepare for, and defend against threats to Canada and its cyber systems and networks.

Key facts

  • The Communications Security Establishment’s (CSE) Main Estimates are $711.8M, a net decrease of $21.2M from the 2019-20 Main Estimates.
  • The decrease in CSE’s Main Estimates can be attributed to:
    • A decrease in planned funding because of the winding down of the construction and fit-up of the new facility for the Canadian Centre for Cyber Security ($7.8M),
    • Decreased funding for two Cyber Centre projects ($10.3M),
    • Decreased funding associated with changes in programs supporting CSE’s mandate ($3.5M); and
    • Decreased funding for the Critical Cyber Systems initiative ($9.1M).
  • This decrease is partially offset by an increase in funding for three initiatives under the National Cyber Security Strategy ($9.5M).

Details

  • CSE’s 2020-21 Main Estimates are $711.8M, which includes $16.1M for revenues and $45.5M for statutory items.
  • This is a net decrease of $21.2M from the previous year’s Main Estimates of $733.0M, attributable to:
    • A reduction of $7.8M in the planned funding profile for the Canadian Centre for Cyber Security as the construction and fit-up of the new Cyber Centre facility winds down.
    • A decrease in funding of $10.3M for two Cyber Centre projects:
      • Sunset of $2.3M in funding for the Secure Communications for National Leadership (SCNL) project and
      • A decrease of $8.0M in the Phase Two funding for the Canadian Cryptographic Modernization Program (CCMP) as the project ramps down.
  • A net decrease of $3.5M associated with changes in other programs supporting CSE’s mandate, including:
    • A planned reduction for internal services support for Maintaining the Government of Canada’s Information Technology Security Posture Initiative (Critical Erosion), which sought program integrity funding for the Information Technology Security Program (now part of the Cyber Centre); and
    • A decrease in CSE’s costs associated with its staff located at liaison offices abroad because of a transition to Global Affairs Canada’s (GAC) service model.
  • Finally, a decrease of $9.1M for the Critical Cyber Systems initiative – included in CSE’s 2019-20 Main Estimates through a Budget Implementation Vote – because the funding was not accessed due to a delay in the tabling of the necessary enabling legislation.
  • This decrease is partially offset by an increase of $9.5M for three initiatives under the National Cyber Security Strategy, provided to CSE in 2019-20 through a Budget Implementation Vote:
    • Improved Integrated Threat Assessments ($3.6M)
    • Expanding Advice and Guidance to the Finance and Energy Sector ($2.3M); and
    • Interim Quantum Safe Capability ($3.6M).

5G/Telecommunications security

  • As part of its cyber security mandate, CSE works with telecommunications service providers representing over 99% of Canadian subscribers.
  • In this role, CSE provides advice and guidance to mitigate supply chain risks in telecommunications infrastructures upon which Canadians rely. This includes a program in place since 2013 to restrict the deployment of designated equipment from sensitive areas of the network and to test and evaluate designated equipment and services, including Huawei, considered for use in less sensitive areas of Canadian 3G and 4G/LTE networks.
  • The Government of Canada is currently reviewing its security approach to emerging 5G technology.

COVID-19

  • Cyber threat actors are attempting to take advantage of Canadians’ heightened levels of anxiety around COVID-19.
  • That is why CSE and its Canadian Centre for Cyber Security are working in coordination with industry partners to take action against malicious cyber actors and fraudulent sites before they can take advantage of Canadians. This work is resulting in the removal of a number of malicious sites, including over 3,500 sites and email addresses that have spoofed the Government of Canada (as of mid-October 2020).
  • Canadians need to be able to trust official Government of Canada sources during this challenging time for our country and CSE is taking action to ensure they can.

COVID-19 and the cyber security environment

COVID-19, cyber security and the cyber threat environment

  • The Communications Security Establishment (CSE) has seen an increase in reports of malicious actors using COVID-19 in phishing campaigns and malware scams.
  • In response, CSE continues to leverage all aspects of its mandate to help ensure that Canada is protected against cyber threats.
  • For example, in coordination with industry partners, CSE has contributed to the removal of thousands of fraudulent sites or email addresses designed for malicious cyber activity, including those impersonating the Government of Canada.
  • The Cyber Centre has also been working to protect the Government of Canada through a number of measures including continued monitoring of important Government of Canada programs such as the Canada Emergency Response Benefit (CERB) against cyber threats.
  • CSE has also partnered with the Canadian Internet Registration Authority (CIRA) to launch the CIRA Canadian Shield - a free DNS firewall service that will provide online privacy and security to Canadians.

Details

  • COVID-19 has presented cybercriminals and fraudsters with an effective lure to encourage victims to visit fake web sites, open e-mail attachments, and click on text message links. These e-mails typically impersonate health organizations, and can pretend to be from the Government of Canada.
  • CSE's Canadian Centre for Cyber Security, in coordination with industry partners, is taking action that is contributing to the removal of a number of fraudulent sites that have spoofed the Public Health Agency of Canada, Canada Revenue Agency, and the Canada Border Services Agency.
  • The Cyber Centre has also been working to protect the Government of Canada through continued monitoring of important GC programs against cyber threats (including CERB), enabling cyber security monitoring/defence for cloud usage across the GC and evaluating cloud applications, including for the Public Health Agency of Canada.
  • The Canadian Centre for Cyber Security has also shared advice and guidance to help clients make informed decisions when selecting, installing and using video-teleconferencing tools.
  • Cyber security tips for remote work were also issued to help inform and educate Canadians about how to stay safe online, particularly while many Canadians are working from home.

The Canadian Internet Registration Authority (CIRA) Canadian Shield

  • On 23 April 2020, the Canadian Internet Registration Authority (CIRA) announced the official launch of the CIRA Canadian Shield.
  • The CIRA Canadian Shield is a free DNS firewall service that provides online privacy and security to individuals and families across Canada, based on defensive measures that have already been in place to protect the Government's own systems.
  • CIRA partnered with the Canadian Centre for Cyber Security (Cyber Centre) to integrate its Canadian threat feed into Canadian Shield. No personally identifiable information (PII) of any kind is transmitted to the Cyber Centre as part of this process.

Cyber Centre Support to Government of Canada

  • CSE, including the Canadian Centre for Cyber Security, is always monitoring for cyber threats that may be directed against Canada and Canadians.
  • CSE has contributed to the removal of thousands of fraudulent sites or email addresses designed for malicious cyber activity, including those impersonating the Government of Canada.
  • The Cyber Centre has been working to protect the Government of Canada through a number of different measures, including the continued monitoring of important Government of Canada programs such as the Canada Emergency Response Benefit (CERB) against cyber threats.
  • This critical work has also included an evaluation of cloud applications for organizations such as the Public Health Agency of Canada and enabling cyber security monitoring and defence for cloud usage across the Government of Canada.
  • To help clients and Canadians make informed cyber-safe decisions, the Cyber Centre shared cyber security tips on video-teleconferencing tools and telework.
  • CSE has also partnered with the Canadian Internet Registration Authority (CIRA) to launch the CIRA Canadian Shield - a free DNS firewall service that will provide online privacy and security to Canadians.

Details

  • Cyber threat actors are attempting to take advantage of Canadians’ heightened levels of concern and fears around COVID-19. Cyber attackers are also looking to exploit teleworking connections, because so many people are now working outside their organizations’ IT security perimeters.
  • The Canadian Centre for Cyber Security has also shared advice and guidance to help clients make informed decisions when selecting, installing and using video-teleconferencing tools.
  • Cyber security tips for remote work were also issued by the Cyber Centre to help inform and educate Canadians about how to stay safe online, particularly while many Canadians are working from home.
  • The Canadian Centre for Cyber Security has also shared advice and guidance to help inform and educate Canadians about how to stay safe online. Visit: https://cyber.gc.ca/ for more information.

5G (Huawei)

  • The Government of Canada takes the security of our country’s critical infrastructure very seriously.
  • 5G networks will be a key driver of innovation and enable new technologies such as cleaner energy, smart cities, and autonomous vehicles.
  • While we cannot comment on specific companies, an examination of emerging 5G technology and the associated security and economic considerations is underway.
  • Canada’s review will consider technical and security factors, and include advice from our security agencies, and consider decisions from our Allies and partners.
  • We are committed to the security of Canadian networks and the Government of Canada will take the appropriate decision in due course.

Details

  • As part of its cyber security mandate, CSE works with telecommunications service providers representing over 99% of Canadian subscribers. In this role, CSE provides advice and guidance to mitigate supply chain risks in telecommunications infrastructures upon which Canadians rely, including, since 2013, a program that has been in place to test and evaluate designated equipment considered for use in Canadian 3G and 4G/LTE networks, including Huawei.
  • CSE’s role includes accrediting the third party labs that perform this assurance testing, and defining the testing requirements. CSE reviews the testing results and provides tailored advice and guidance to Canada’s telecommunications sector.
  • While non-disclosure agreements limit the degree to which CSE can comment on specific details, Canadians can be assured that the Government of Canada is working to make sure that robust protections are in place to safeguard the communications systems that Canadian rely on.

DND issue notes

5G Networks

  • 5G networks will be a key driver of innovation and enable new technologies, such as cleaner energy, smart cities, and faster, more reliable communications technologies.
  • For National Defence, 5G technology will assist in providing increased connectivity between our digital platforms, members of the Canadian Armed Forces and civilian personnel.
  • While I cannot comment on specific companies, the Government of Canada is currently reviewing its approach to emerging 5G technology.
  • Since December 2018, Public Safety has been leading this important review, in collaboration with its partners, including the Communications Security Establishment and National Defence.
  • The Government of Canada remains committed to the security of Canadian networks and will take the appropriate decision in due course.

Key facts

  • There are several 5G test beds within Canada, including ENCQOR 5G which is a Canada-Quebec-Ontario partnership focused on research and innovation in the field of 5G.

Details

Review of 5G technology
  • In December 2018, Public Safety Canada initiated a security examination to assess the risks associated with the shift to fifth generation telecommunications (5G), and to identify potential mitigation measures.
  • The examination is primarily focused on the technical and national security considerations of 5G, including the extent to which 5G would further enable hostile activity by both state and non-state actors.

Huawei

  • As part of its cyber security mandate, the Communications Security Establishment (CSE) works with telecommunications service providers representing over 99% of Canadian mobile subscribers. CSE provides advice and guidance to mitigate supply chain risks in telecommunications infrastructures upon which Canadians rely, including a program that has been in place since 2013 to test and evaluate designated equipment and services considered for use on Canadian 3G and 4G/LTE networks, including Huawei.
  • On March 12, 2020, the Canadian Press published an article with excerpts of an interview with the Chief of the Defence Staff where he expressed concern about anything that could give China access to Canada’s military networks. He expressed confidence, however, in the Government’s ability to mitigate the threats associated with Huawei.
  • On July 14, 2020, the United Kingdom (UK) announced that it was banning the purchase of new Huawei 5G equipment after December 31, and requiring the removal of all Huawei 5G equipment in the UK’s networks by 2027.
  • The UK’s decision has left Canada as the only FVEYs partner without a ban of some level on Huawei equipment being used for its 5G network.

Recent parliamentary interest

  • On May 25, 2020, Mr. Scott Jones, Head of the Canadian Centre for Cyber Security at CSE, appeared alongside Joyce Murray, Minister for Digital Government, before the House Standing Committee on Government Operations and Estimates (OGGO) to discuss cybersecurity in the context of the Government’s response to COVID-19. Conservative Members of Parliament Kelly Block and Kelly McCauley questioned Mr. Jones on the threat and risks of Huawei in Canada’s 5G network. Mr. Jones assured the Committee that CSE is leveraging its full mandate to promote public awareness to thwart external cyber threats and protect Canadians.
  • Huawei, 5G and Canada’s relationship with China has been a topic of interest to newly elected CPC leader, Erin O’Toole and newly appointed Foreign Affairs critic Michael Chong. CPC members frequently pose questions on Huawei and 5G during Question Period and have put forward motions to study Canada’s critical infrastructure, and 5G networks during committees.

National security and intelligence committee of parliamentarians (NSICOP) Special Report

National security and intelligence committee of parliamentarians’ 2019 special report (CANCIT)

  • National Defence and the Communications Security Establishment support the important work of the National Security and Intelligence Committee of Parliamentarians.
  • We continue to carefully consider the Committee’s special report
  • As part of our ongoing efforts to keep Canada and Canadians safe, National Defence has enhanced its robust oversight framework for defence intelligence activities.
  • For example, in March 2020, National Defence issued an updated Functional Directive on the protection and handling of Canadian citizens’ information.
  • We will review this directive annually to ensure that it remains effective.
  • We recognize the importance of external review in maintaining the trust of Canadians and look forward to continued collaboration with the Committee.

If pressed on the report’s findings:

  • All defence intelligence activities are authorized by Canadian law and subject to applicable Canadian and international law.
  • Further, all defence intelligence activities are governed by an extensive body of directives, orders, and policies, and are subject to a robust oversight framework.
  • National Defence regularly reviews and updates its policies and practices to ensure alignment with the law, with government policy, and with the demands of changing security environment.

Key facts

  • During the review, National Defence provided over 950 pages of documentation, including responses to follow-up questions.
  • National Defence provided one Committee briefing, and held seven meetings with the Committee’s Secretariat.
  • COVID-19: Due to the altered Parliamentary sitting schedule and prorogation, no Committee has yet studied the report.

Details

  • On March 12, 2020, NSICOP tabled redacted versions of its 2019 Special Reports in Parliament.
  • The Canadian Citizen Information (CANCIT) report examines the collection, use, retention and dissemination of Canadian citizens’ information in the context of defence intelligence activities.
  • The report now stands referred to the Senate Standing Committee on National Security and Defence and the House Standing Committee on Public Safety and National Security. Neither Committee has studied the report.
  • NSICOP is currently conducting a review of the Government of Canada’s cyber defence activities and on Global Affairs Canada’s national security and intelligence activities. Both studies implicate National Defence.

CANCIT special report: key findings and recommendations

  • Finding: the policy framework that the Department of National Defence and the Canadian Armed Forces (DND/CAF) follow for the collection, use, retention and dissemination of information on Canadians needs clarification.
    • Recommendation: DND/CAF rescind the Functional Directive on the Collection of Canadian Citizen Information, and review all of its related functional directives and other policy instruments in consultation with the Privacy Commissioner.
  • Finding: DND/CAF is not fully compliant with the Privacy Act in relation to intelligence activities taking place outside Canada, activities to which the Committee believes the Privacy Act applies.
    • Recommendation: The Minister of National Defence should ensure DND/CAF complies with the letter and spirit of the Privacy Act in all of its defence intelligence activities, whether in Canada or abroad.
  • Finding: The Crown prerogative may not prove to be an adequate source of authority for DND/CAF to conduct its defence intelligence activities, particularly where they involve information about Canadians.
    • Recommendation: MND introduce legislation governing defence intelligence activities, including the extent to which DND/CAF should be authorized to collect, use, retain and disseminate information about Canadians in the execution of authorized missions.

Defence intelligence and Canadian citizen information

  • National Defence does not direct its defence intelligence activities at Canadian citizens, except when authorized as part of a mandated defence activity or in support of another government agency.
    • In the event that Canadian citizens’ information is incidentally collected, it is deleted from National Defence databases once it is confirmed that the information cannot be held for defence intelligence purposes to support authorized defence operations and activities or lawfully passed to another Canadian department or agency.
    • When supporting another Canadian department or agency, the activities occur under the mandate and authorities of the supported department or agency.
  • At this time, counter-intelligence is the only defence activity where the CAF is authorized to direct its activities at Canadians other than activities done in support of other departments.
    • As part of its mandate to identify, investigate, and counter threats (espionage, sabotage, subversion, terrorist activities and other criminal activity) to the security of National Defence, the Canadian Forces National Counter Intelligence Unit may, where a national defence nexus exists, investigate Canadian citizens and collect or receive information to provide threat assessments and inform decision-making.
  • To address the Committee’s recommendation, in March 2020, National Defence issued a new Chief of Defence Intelligence Functional Directive: Guidance on the Protection and Handling of Canadian Citizen Information. It will be reviewed every year.
  • All National Defence activities are authorized by Canadian law. The Committee has not identified any specific instance where a defence intelligence activity did not comply with the law.
  • As the Committee found, National Defence applies the Privacy Act to all defence intelligence activities that take place in Canada. Whether the Privacy Act applies to defence intelligence activities outside of Canada is unsettled by law.
    • As the Committee recognizes, there is no jurisprudence on this question. However, DND/CAF has consistently applied the principles of the Privacy Act to its defence intelligence activities outside of Canada.
  • National Defence relies upon the Crown prerogative as an important source of legal authority for its operations and activities. The defence prerogative has been recognized by Canadian courts as a valid source of executive power for the conduct of DND/CAF operations and activities.

Cyber security

  • Cyber capabilities and expertise are critical to defending Canada against 21st century threats.
  • The Canadian Armed Forces is continually working to strengthen mission-critical systems, integrate cyber activities into broader military operations, and develop new capabilities.
  • For example, we are investing $400 million into initiatives to enhance cyber threat identification, response capabilities, and the protection of National Defence’s operational networks.
  • At the national level, the Canadian Centre for Cyber Security serves as a unified source of expert advice and guidance.
  • The Cyber Centre works closely with government, the private sector, and academia to strengthen Canada’s cyber resilience.
  • National Defence also works closely with other departments, Allied militaries, and our industry partners to identify evolving threats, increase interoperability, and share best practices.
  • Together, these efforts will ensure that Canada is able to confront any new cyber threat, including from malicious actors trying to exploit the current COVID-19 pandemic to advance their interests.

Key facts

  • As committed in Strong, Secure, Engaged, the Canadian Armed Forces have created new cyber roles to attract talent and improve expertise.
    • Canadian Armed Forces members in cyber trades: 85
    • New cyber trade positions to be filled: 14
  • The Communications Security Establishment (CSE) has a mandate to conduct cyber operations and to assist the Canadian Armed Forces by providing technical and operational assistance.
  • Created in 2018 as part of CSE, the Canadian Centre for Cyber Security unites existing operational cyber security expertise from Public Safety Canada, Shared Services Canada, and CSE.

Details

Canadian Armed Forces Cyber Capital Program
  • Cyber activities are conducted through the Canadian Armed Forces (CAF) Cyber Capital Program. Two key projects fall under this program:
    • Cyber Defence – Decision Analysis and Response Project: This project will improve cyber threat identification and incident response capabilities. It will also allow for the detection and characterization of suspicious activity, and provide the ability to contain and eradicate threats from DND/CAF networks.
    • Network Command and Control Integrated Situational Awareness Capability Project: This project will improve the monitoring of information technology (IT) services and provide enhanced information critical for decision making regarding IT infrastructure.
The Canadian Armed Forces cyber operator
  • The new cyber operator occupation includes both Reserve and Regular Force members who conduct defensive cyber operations. The Cyber Reserve Force provides full-time capability through part-time service by assigning Primary Reserve units and formations new roles, with the goal of enabling strategic decision-making, supporting operational objectives, and delivering tactical effects.
Active cyber operations
  • Strong, Secure, Engaged committed the CAF to assuming a more assertive posture in the cyber domain by hardening our defences and by conducting active cyber operations against potential adversaries as part of government-authorized missions.
  • The Communications Security Establishment Act allows CSE to carry out foreign cyber operations to help protect federal (and designated) information and infrastructure, or to degrade, disrupt, influence, respond to, or interfere with, foreign entities in accordance with Canada’s international affairs, defence, or security objectives.
    • CSE has always acted within its lawful authorities to help protect our forces wherever they are deployed, and under the 2019 CSE Act, can provide operational and technical assistance to DND/CAF, including in the conduct of active cyber operations.
The Canadian Centre for Cyber Security
  • In Junet 2018, the Government of Canada released an updated National Cyber Security Strategy which sets out Canada’s vision for security and prosperity in the digital age. The Strategy aims to bolster Canada’s cyber security posture by focusing on three key themes: security and resilience, cyber innovation and leadership and collaboration.
  • The Strategy’s core goals are reflected in Budget 2018’s substantial investments in cyber security and built upon in Budgett 2019. Among the new measures introduced as part of Budget 2018 and a key component of the Strategy is the creation of the Canadian Centre of Cyber Security (the Cyber Centre), housed at CSE.
  • The Cyber Centre consolidates the key cyber security operational units of the Government of Canada under a single roof. The Cyber Centre is a unified source of expert advice, guidance, services and support on cyber security operational matters, providing Canadian citizens and businesses with a clear and trusted place to turn for cyber security advice.

Committee information and potential questions

CFO deck (Supplementary Estimates B)

2020 Parliamentary Reporting and Supply Cycle

Authorities to Date with Supplementary Estimates (B) Total: $25,044,880,284.

Long description follow
Long description - Graphic 1

Image of supply period cycles with each cycle given a different date. (1) April 1; (2) June 23; (3) December 10; (4) March 26. This information within this image is shown below.

April 1, 2020:

  • New Fiscal Year and Spending Cycle

April – June 23:

  • Approval of Main Estimates
  • Appropriation bill
  • Tabling of SEA
  • Approval of SEA Appropriation bill

September – December 10: We are here

  • Tabling of Public Accounts
  • Tabling of SEB
  • Departmental Results Reports
  • Annual Finance Committee Report
  • Fall Economic Statement
  • Approval of SEB Appropriation bill

January- March 26:

  • Tabling of SEC
  • Budget presentation
  • Tabling of Main Estimates
  • Departmental Plans
  • Approval of Interim Supply and SEC Appropriation bill
 
Main
Estimates
In Year
Adjustments
Supplementary
Estimates (A)
Supplementary
Estimates (B)
Authorities to
Date
$23,317,935,718 $523,772,819 $757,559,488 $445,612,259 $25,044,880,284

Minister of National Defence Portfolio

 
Organization $ dollars
Main
Estimates
2020-21
Allotment
AdjustmentsFootnote 1
Supplementary
Estimates (A)
2020-21
Supplementary
Estimates (B)
2020-21
Proposed
Authorities to
Date
2020-21
as at Supplementary
Estimates (B)
National
Defence
23,317,935,718 523,772,819 757,559,488 445,612,259 25,044,880,284
Communications
Security
Establishment
Canada
711,781,372 24,216,575 - 5,610,492 741,608,439
Military
Grievances
External Review
Committee
6,883,603 298,943 - - 7,182,546
Military Police
Complaints
Commission of
Canada
4,802,446 216,003 - - 5,018,449
Total 24,041,403,139 548,504,340 757,559,488 451,222,751 25,798,689,718

Supplementary Estimates (B) 2020-21 by Vote

 
Vote $ dollars
New
Authorities
Transfers Net Increase
to Authorities
1 – Operating
Day-to-day operating costs, such as salaries, utilities, and maintenance
263,242,826 (42,915,398) 220,327,428
5 – Capital
Assets that meet the criteria for a tangible capital asset; there is a useful life greater than one year and an acquisition cost of at least $30 thousand
108,503,474 9,975,050 118,478,524
10 – Grants and Contributions
Voted transfer payments that typically include monetary payments to third parties
30,000,000 40,018,834 70,018,834
Total – Voted 401,746,300 7,078,486 408,824,786
Statutory
Authorities provided through legislation other than appropriation acts, such as contributions to employee benefit plans
36,787,473 - 36,787,473
Total – Voted and Statutory 438,533,773 7,078,486 445,612,259

Authorities to date: $25,044.9M

Long description follow
Authorities to Date: $25,044.9M - Long description graphics

Both these graphs show the amount of money allocated to the authorities to date. The authorities to date are further broken down into two graphs described below. In the first graph, Main Estimates are allocated $23,317.9 million, Allotment Adjustments is allocated $523.8 million, SEA is allocated $757.6 million, and finally SEB is allocated $445.6 million. In the second graph, Vote 1 (Operating) is allocated $220.3 million, Vote 5 (Capital) is allocated $118.5 million, Vote 10 (Grants and Contributions) is allocated $70 million, and finally Statutory is allocated $36.8 million.

Supplementary Estimates (B) 2020-21 Voted Appropriations

 
Item $ millions
Vote
1
Vote
5
Vote
10
Statutory TotalFootnote 2
Funding to support the Canadian Armed Forces’ response to COVID-19 (Including Operation LASER)
Funding related to National Defence’s response to COVID-19.
234.7 21.3 - 36.4 292.4
Funding for a number of capital investments previously approved and funded through the capital investment fund
Funding to support various SSE investments.
- 86.7 - - 86.7
Funding for the Inuvik Runway Extension Project
Contribution funding to the Government of Northwest Territories to extend the existing runway at the Forward Operating Location Inuvik co-located on the Inuvik NT Airport.
- - 30.0 - 30.0
Funding for the Hornet Extension Project
To maintain operational parity & support the transition of the Future Fighter Capability Project.
16.2 - - - 16.2
Funding for the Canadian Special Operations Regiment - Infrastructure
To construct permanent infrastructure for the Canadian Special Operations Regiment at Garrison Petawawa.
6.5 0.5 - 0.02 7.1
Funding for the Cyber Defence – Decision Analysis and Response Project
To initiate work associated with the acquisition of an integrated defensive cyber capability.
5.8 - - 0.4 6.2
Total Approved ItemsFootnote 3 263.2 108.5 30.0 36.8 438.5

Supplementary Estimates (B) 2020-21 Transfer Details

 
Transfers from other organizations - $15.1 million $ millions
Vote
1
Vote
5
Vote
10
TotalFootnote 4
From Shared Services Canada for the return of the final surplus for Phases 2 and 3 of the Carling Campus Project in Ottawa, Ontario
Return of remaining surplus at the end of Phases 2 and 3 of the Carling Campus Project.
- 13.1 - 13.1
From the Social Sciences and Humanities Research Council to support the costs associated with managing their research enterprise at the Royal Military College of Canada
Funding for the Research Support Fund (RSF) to ease the administrative burden caused by managing the Research Enterprise at RMC.
0.8 - - 0.8
From the Department of Foreign Affairs, Trade and Development to adjust funding previously provided for departmental staff located at missions abroad
Refund for the common services provided to support departmental staff located at missions abroad under VCDS Directorate of Foreign Liaison and VCDS OUTCAN Coordination.
0.7 - - 0.7
From the Natural Sciences and Engineering Research Council and the Social Sciences and Humanities Research Council to Support the Canada Research Chairs at the Royal Military College of Canada
Funding to hire replacement professors while the Canada Research Chairs Program (CRCP) chairs conduct their approved research projects.
0.3 - - 0.3
From the Treasury Board Secretariat for innovative approaches to reduce greenhouse gas emissions in government operations
Funding to support the exploration and sharing of innovating approaches to reducing greenhouse gas emissions in government operations – AMAZE project and Kingston Greenhouse gas reduction project.
0.2 - - 0.2
Subtotal transfers from other organizationsFootnote 5 2.0 13.1 - 15.1

Supplementary Estimates (B) 2020-21 Transfer Details Continued

 
Transfers to other organizations - ($8.0) million $ millions
Vote
1
Vote
5
Vote
10
TotalFootnote 6
To the Department of Crown-Indigenous Relations and Northern Affairs for the Kettle and Stony Point First Nation
Funding to cover expenses in relation to the property maintenance of Camp Ipperwash.
(0.2) - - (0.2)
To the Department of Industry to maintain the Shirleys Bay Campus, in the National Capital Region
Funding to support DND’s portion of the Shirley’s Bay Campus Capital Investment Plan (CIP).
- (0.4) - (0.4)
To the Department of Indigenous Services to provide support funding to the Chippewas of Kettle and Stony Point (CKSPFN) for the development of twenty housing Chippewas units and related infrastructure at Former Camp Ipperwash
Funding to provide the CKSPFN support to undertake the planning and design of twenty interim housing units and related infrastructure at Former Camp Ipperwash.
(0.4) - - (0.4)
To the Natural Sciences and Engineering Research Council for Research Partnership Grants
Funding to cover DND’s share of the jointly funded DND/NSERC Research Partnership Grants.
(0.6) - - (0.6)
To the Natural Sciences and Engineering Research Council and the Social Sciences and Humanities Research Council to support joint research grant projects
Funding for a joint initiative agreement to support social sciences & humanities and natural sciences & engineering research and related activities.
(1.3) - - (1.3)
To the Department of Natural Resources for the Polar Continental Shelf Program in Resolute, Nunavut
Funding is in support of the sustainment of the Canadian Armed Forces Arctic Training Centre (CAFATC) for the 2020-21 fiscal year.
(2.4) - - (2.4)

Supplementary Estimates (B) 2020-21 Transfer Details Continued

 
Transfers to other organizations, cont’d - ($8.0) million $ millions
Vote
1
Vote
5
Vote
10
TotalFootnote 7
From the Department of National Defence to various organizations to support the Canadian Safety and Security Program
Funding is to support the Canadian Safety and Security Program (CSSP), which provides strategic technology acquisitions that enhance federal science and technology capabilities for public safety and security.
- (2.7) - (2.7)
Subtotal transfers to other organizationsFootnote 8 (4.9) (3.1) - (8.0)
 
Internal Reallocations ($0 Net Impact) $ millions
Vote
1
Vote
5
Vote
10
TotalFootnote 9
Internal reallocation of resources for the North Atlantic Treaty Organization
From Vote 1 to Vote 10 for the North Atlantic Treaty Organisation ($18.3 million for NATO Military Budget and $21.7 million for NATO Security Investment Program).
(40.0) - 40.0 -
Subtotal internal reallocationsFootnote 10 (40.0) - 40.0 -
Total Net TransfersFootnote 11 (42.9) 10.0 40.0 7.1

Next Steps

 
Key Event Timeline Notes
Tabling 22 October President of the Treasury Board tables the Supplementary Estimates (B) 2020-21 in the House of Commons.
Committee
Discussion
TBD November
/ December
Committees approve, reduce, or “negative” (not approve) a vote but may not increase the amount of a vote or transfer between votes.
Royal Assent TBD After House of Commons and Senate approval, the appropriation act for Supplementary Estimates (B) 2020-21 becomes law and receives Royal Assent.

Committee membership and profiles

Committee Backgrounder

Backgrounder on the Standing Committee on National Defence (NDDN)

43rd Parliament, 2nd Session

Mandate

NDDN studies the legislation, activities and expenditures of the Department of National Defence, the Canadian Armed forces. It also examines issues of domestic and international security.

Appearances
  • March 11, 2020: CSE appeared alongside the Minister of Defence and other senior officials to speak on Supplementary Estimates B, 2019-2020
  • February 28, 2020: CSE appeared alongside the Minister of Defence and other senior officials to speak on Supplementary Estimates and the 2019-2020 interim estimates for DND and CSE
  • November 8, 2018: CSE appeared alongside the Minister of Defence and other senior officials to speak on Supplementary Estimates A
  • May 23, 2018: appeared alongside the Minister of Defence and other senior officials to speak on Main Estimates, 2018-2019
Key Studies
  • Notable activities/meetings:
    • Briefing by the Commissioner of the Communications Security Establishment (March 2017)
    • Briefing on the Ongoing Activities of the Communications Security Establishment (May 2016)
  • Studies in recent years:
    • Diversity within the Canadian Armed Forces
    • Canada’s Contributions to International Peacekeeping
    • The Ukraine Crisis
    • Canada’s involvement in NATO and Canada-US relations
Previous Meetings (current session)

Wednesday October 14, 2020: Election of Chair

Karen McCrimmon (LPC) was elected Chair. James Bezan (CPC) was elected first vice-chair; Alexis Brunelle-Duceppe (BQ) was elected second vice-chair.

Potential questions

Potential question summary

Estimates questions
  1. What funding is CSE requesting in these Estimates?
  2. What can the decrease in CSE’s Main Estimates be attributed to?
  3. How is this decrease offset?
  4. How will these funds continue to help ensure Canada’s cyber security?
  5. How does the Government evaluate how much we are spending on cyber security and whether it is enough funding? How do we know it is enough?
CSE activities and COVID-19
  1. What is CSE doing to support GC departments and agencies during this time?
  2. How have cyber criminals taken advantage of the COVID-19 pandemic?
  3. What is the Government doing to counter misinformation about COVID-19?
  4. There are reports that Canadians have lost more than $1.2 million to COVID-19 scams. What is CSE doing to protect Canadians?
  5. Has the government directed CSE to assist the U.S. investigation into COVID-19’s origins and early steps taken by Beijing?
  6. Has there been any observable change of cyber intrusions or attempts of intrusions due to the COVID-19 pandemic from foreign state-sponsored actors?
  7. Has CSE dealt with any compromises of our own research organizations?
  8. What support did CSE provide to developing a Virtual Parliament?
  9. What is the Canadian Internet Registration Authority (CIRA) Canadian Shield?  What are the privacy implications of the Canadian Shield?
  10. On the development of tracking applications during the COVID-19 pandemic: how will the Federal Government of Canada ensure the rights and privacy of Canadians?
Huawei and 5G
  1. Our Five Eyes partners have made decisions on Huawei and their 5G networks, with the UK recently banning them. Has Canada made a decision on Huawei?
CSE: General questions
  1. How did the Communications Security Establishment Act change CSE’s authorities?
  2.  What are the Cyber Centre’s responsibilities?

Potential questions and answers

Estimates questions
  1. What funding is CSE requesting in these Estimates?
    • CSE’s Main Estimates are $711.8M, a net decrease of $21.2M from the 2019-2020.
      • These estimates include $16.1M for revenues and $45.5 for statutory items
    • The 2020-2021 Main Estimates will provide the necessary funding to enable CSE to:
      • Operationalize authorities in the Communications Security Establishment Act.
      • Fund research that keeps CSE up to date with advancements in technology; and
      • Secure cloud services used by the Government of Canada
  2. What can the decrease in CSE’s Main Estimates be attributed to?
    • A net decrease of $21.2M from the 2019-2020 Main Estimates are attributable to:
      • A reduction of $7.8M in the planned funding profile for the Canadian Centre for Cyber Security as the construction and fit-up of the new facility winds down
      • A decrease in funding of $10.3M for two Cyber Centre Projects: The Secure Communications for National Leadership (SCNL) project and the Phase Two funding for the Canadian Cryptographic Modernization Program (CCMP) as the project ramps down.
      • A net decrease of $3.5M associated with changes in other programs supporting CSE’s mandate; and
      • A decrease of $9.1M for the Critical Cyber Systems Initiative
  3. How is this decrease offset?
    • This decrease is partially offset by an increase in funding of $9.5M for three initiatives under the National Cyber Security Strategy.
    • These include the Improved Integrated Threat Assessments ($3.6M), Expanding Advice and Guidance to the Finance and Energy Sectors ($2.3M), and Interim Quantum Safety Capability ($3.6M)
  4. How will these funds continue to ensure Canada’s cyber security?
    • CSE will use these funds to continue operationalizing its mandate and authorities under the Communications Security Establishment Act despite a net decrease.
    • The funds will continue to enable CSE to fulfill its cyber security mandate, in which CSE provides advice to mitigate supply chain risks in telecommunications infrastructure.
      • This includes a program in place to restrict the deployment of designated equipment from sensitive areas of the network and to test the designated equipment as well as a current review in the approach to emerging 5G technology.
    • These funds will also ensure CSE and the Cyber Centre are best positioned to act against malicious cyber actors and fraudulent sites working to take advantage of Canadians during the COVID-19 pandemic.
  5. How does the Government evaluate how much we are spending on cyber security and whether it is enough funding? How do we know it is enough?
    • Like all Government of Canada departments and agencies, CSE has performance measurement indicators to evaluate the effectiveness of its programs.
    • Performance measurement is very important in the stand up the new Cyber Centre and as we look to fully integrate the functions of other government departments, including Shared Services Canada and Public Safety.
    • More broadly, the Government of Canada’s National Cyber Security Action Plan for 2019-2024 provides a whole of government roadmap for how to implement the three major goals identified in the 2018 National Cyber Strategy.
      For CSE, the Action Plan includes several CSE-led initiatives.
CSE activities and COVID-19
  1. What is CSE doing to support GC departments and agencies during this time?
    • CSE has been working to protect the Government of Canada through a number of different measures during the COVID-19 pandemic.
    • This work included monitoring of important Government of Canada programs such as the Canada Emergency Response Benefit (CERB) and evaluating cloud applications for organizations like the Public Health Agency of Canada. CSE has worked to enable cyber security monitoring and defence for cloud usage across the Government of Canada.
    • To help clients and Canadians make informed cyber-safe decisions, CSE’s Cyber Centre shared cyber security tips on video-teleconferencing and telework tools and published a non-product specific advice document to help clients make informed decisions.
  2. How have cyber criminals taken advantage of the COVID-19 pandemic?
    • Cybercriminals have been using COVID-19 to exploit the fears and anxieties of Canadians. With these feelings heightened, citizens can be less attentive to cyber risks and cybercriminals are aware of this.
    • Cybercriminals have shaped traditional methods of attacks, such as phishing and cyber attacks, to fit the coronavirus theme. Individuals may be more inclined to click on a link in an email promising free personal protective equipment or warning of virus exposure than they would be for a more familiar fishing theme.
    • Threat actors are also taking advantage of the pandemic environment to conduct attacks against vulnerable sectors. As one of 10 critical infrastructure sectors in Canada, the health sector is involved in activities critical to the health and life of many Canadians, especially during the pandemic. Because the healthcare sector is under extreme pressure to respond to COVID-19, it is a high value target and a target of cyber-attacks.
  3. What is the Government doing to counter misinformation about COVID-19?
    • CSE and its Cyber Centre are working in coordination with industry partners, including commercial and international Cyber Incident Response Teams.
    • This work is resulting in the removal of a number of malicious sites, including fake sites that have spoofed the Public Health Agency of Canada, Canada Revenue Agency, and Canada Border Services Agency, which have been related to cyber-crime and fraud.
  4. There are reports that Canadians have lost more than $1.2 million to COVID-19 scams. What is CSE doing to protect Canadians?
    • CSE and the Cyber Centre has been actively sharing examples of these fraudulent messages with Canadians via our public twitter account. We have worked closely with industry and commercial partners to facilitate the removal of malicious websites, including those that have spoofed Canadian Government departments and agencies.
    • These efforts have resulted in the removal of a significant number of Canadian themed fraudulent sites that were designed specifically for malicious cyber activity, such as phishing and malware delivery.
  5. Has the government directed CSE to assist the U.S. investigation into COVID-19’s origins and early steps taken by Beijing?
    • CSE has a strong and valuable relationship with its Five Eyes alliance partners. We regularly share information with our partners, including the U.S., which has a significant impact on protecting our respective countries’ safety and security.
    • Although we do not comment on our foreign intelligence operations, we can tell you that CSE continues to exercise our authorities to help ensure that Canada is protected against threats, and that the Government of Canada has foreign intelligence and cyber security insights to help inform decisions on national priorities, including COVID-19.
    • In both our national lead roles, we apply our expertise, and we engage with both our domestic and international security and intelligence partners, and other Government of Canada departments.
  6. Has there been any observable change of cyber intrusions or attempts of intrusions due to the COVID-19 pandemic from foreign state-sponsored actors?
    • CSE continues to advise the government on foreign related attacks before and during the COVID-19 Pandemic.
    • The bulk of malicious threat activity we have observed during the COVID-19 pandemic continues to be criminal in nature, and we are working with the appropriate partners to address such activity. For example, CSE has issued alerts and cyber security advice about COVID-related phishing campaigns.
    • We assess that foreign intelligence agencies will almost certainly continue to use their cyber capabilities to pursue intelligence related to COVID-19 medical research and intellectual property. Intellectual property, especially related to vaccine development, treatments, COVID-19 testing, and medical devices such as ventilators or personal protective equipment (PPE), would offer public health, economic, and national security benefits.
  7. Has CSE dealt with any compromises of our own research organizations?
    • CSE is aware of incidents of malicious threat activities directed at Canadian health research organizations and continues to offer support and cyber security mitigations services to limit any potential impacts to targeted organizations.
    • CSE recommends that all Canadian health and research organizations remain vigilant and apply best practices in cyber security. Such practices include monitoring network logs, remaining alert to suspicious emails and calls, and keeping servers and critical systems patched for all known security vulnerabilities.
    • While we cannot speak on any specific incidents, know that we are working with Canadian health care and research sectors, and other partners and industries, as appropriate.
  8. What support did CSE provide to the development of a Virtual Parliament?
    • CSE and the Cyber Centre’s partnership with the House of Commons is extremely important and includes supporting virtual sittings and committee meetings.
    • CSE and the Cyber Centre, working together with House of Commons teams, are comfortable that the platform currently in use aligns with security recommendations. Additional security measures may be waiting rooms or passwords to protect unintended interruptions.
    • CSE, including the Cyber Centre, is always monitoring for cyber threats that may be directed against Canada and Canadians, and regularly sharing threat information with our Government of Canada partners.
  9. What is the Canadian Internet Registration Authority (CIRA) Canadian Shield? Are there any privacy implications?
    • Launched on April 23, 2020, the CIRA Canadian Shield is a free DNS firewall service that will provide online privacy and security to Canadians.
    • The Canadian Shield provides enterprise-grade privacy and cyber security protection to Canadians by leveraging CIRA’s national DNS infrastructure and a global partnership with Akamai Technologies.
    • CIRA has also partnered with the Cyber Centre to integrate its Canadian threat feed into Canadian Shield. This partnership provides Canadian Shield users with enhanced protections through Cyber Centre derived threat intelligence.
    • In terms of privacy, no personally identifiable information (PII) of any kind is transmitted to the Canadian Centre for Cyber Security. CIRA has committed to a full annual privacy audit, conducted by a third-party auditor, to ensure the highest standards of data privacy.
  10. On the development of tracking applications during the COVID-19 pandemic: how will the Federal Government of Canada ensure the rights and privacy of Canadians?
    • The security and intelligence community will continue to play a crucial role by providing timely and relevant information in support of our Government’s extraordinary efforts to manage this current crisis.
    • Regarding the official Government of Canada COVID-19 Exposure Notification application, CSE’s Cyber Centre has been asked to provide cyber security advice and guidance, and we have agreed to provide the support that we can, within our mandate.
    • We are engaged with our federal government partners, including Health Canada, Treasury Board Secretariat (TBS) and Canadian Digital Services (CDS) and will be sharing our cyber expertise to ensure that the official application has been designed and built securely. It is important to note, however, that CSE and the Cyber Centre have no mandate to collect or analyze data in connection with the Government’s COVID-19 exposure notification initiative
Huawei and 5G
  1. Our Five Eyes partners have made decisions on Huawei and their 5G networks, with the UK recently banning them. Has/Will Canada make a decision on Huawei?
    • On July 14, 2020, the United Kingdom announced that it was banning the purchase of new Huawei 5G equipment after December 31 and requiring the removal of all Huawei 5G equipment in the UK’s networks by 2027.
    • While we cannot comment on specific companies, an examination of emerging 5G technology and the associated security and economic considerations is underway. CSE continues to collaborate with National Defence, Public Safety, CSIS, Global Affairs and other partners on reviewing the approach to emerging 5G technology.
    • Canada’s review will consider technical and security factors, and include advice from our security agencies, and decisions from our Allies. Canadians can be assured that the Government is working to make sure that robust protections are in place to safeguard the communications systems that Canadians rely on.
CSE general questions
  1. How did the Communications Security Establishment Act change CSE’s authorities?
    • The Communications Security Establishment Act gave CSE new authorities which are needed to keep up with rapid advancements in technology. These new authorities enable CSE to work more effectively and proactively to protect Canada and Canadians.
    • CSE is now able, upon request, to deploy its cyber defence services to protect Canada’s critical infrastructure and other important systems designated by the Minister of National Defence as being of importance to the Government of Canada.
    • CSE is now authorized to undertake both defensive and active foreign cyber operations to help protect Canadians and Canada’s interests. At the same time, CSE is also now subject to a new oversight and accountability regime to ensure the privacy of Canadians.
  2. What are the Cyber Centre’s responsibilities?
    • Created in 2018 as part of CSE, the Canadian Centre for Cyber Security consolidates the key cyber security operational units of the Government of Canada under a single roof. As a unified source of expert advice and guidance, the Cyber Centre leads the Government’s response to cyber incidents.
    • The Cyber Centre also collaborates with the rest of government, the private sector and academia to strengthen Canada’s cyber resilience.
    • With the Cyber Centre, Canadians have a clear and trusted place to turn for cyber security.

Recent appearances summary

The COVID-19 pandemic has required government departments, Parliament and industry to make quick and innovative changes to the way they communicate and work. To commentate on some of the work that the Communications Security Establishment and the Canadian Centre for Cyber Security (CCCS) has done to aid both government and industry partners, Scott Jones, Head of the CCCS, has made several appearances in front of House Standing Committees over the past few months. This document provides a brief summary of some of the key topics and questions that have been directed at Scott in rounds of questions or discussions, most notably at INDU, OGGO and HESA appearances.

Cyber Threats

The COVID-19 pandemic has added a new layer of risk and concern regarding our communication networks. Malicious actors continue to take advantage of this heightened level of fear and confusion. Members are keenly interested in how CSE/CCCS have worked to protect not just Government networks, but the networks of the health care sector and Canadians.

Notable questions:

  • Has there been any observable decline/increase of cyber intrusions due to the lockdown from certain countries? If so, from what countries?
  • Have any of your public or private sector partners come to you asking for your help with a COVID-related incident? If so, is there any determination of the sources?
  • How is cybersecurity addressed in the Government of Canada, including cyber threats that may pose a risk to government infrastructure?

Support to Health Sector

Members have often oriented their questions in regard to the cybersecurity of the health sector and Canadian health institutions due to the COVID-19 pandemic. Most questions directed at CSE focus on cyberattacks on health workers and health organizations, although it’s worth noting that members also have a strong interest in the safety of health data.

Notable questions:

  • Has CSE been called into deal with intrusions against frontline health workers?
  • We know cyber-attacks on health and research organizations can come from many sources around the globe, what plan is in place at Public Safety Canada or the RCMP or both to put an end to an attack, to find the guilty party and then prevent future attacks?
  • Can you confirm if there have been any successful breaches on Canadian health research organizations working on COVID-19?

Teleworking, Virtual Parliament & Sensitive Information

COVID-19 has led to MPs, staff, the public service and many other Canadians to working from home, or teleworking. Teleworking adds another challenge and level of risk in cyber-security. Members asked several questions regarding the transferring and handling of sensitive information, as well as ways the CCCS/CSE are safeguarding Parliamentary activities over teleconference.

Notable questions:

  • Are there any public servants working from home that have been targets of cyberattacks?
  • Has any cyber security assessment been done before using Zoom? Since when do you think any Zoom application has been used by the government in any capacity?
  • I wanted to follow up on security measures at high level. What are some of the factors and principles that are important when it comes to remote or virtual voting?
  • Industry and gov’t went home to work and adopted things like Zoom overnight. There is much talk about government employees working from home in the future too. Many have access to state secrets, military info and personal information; how do we balance the risks of personal safety and security, and national safety and security?

Huawei & 5G

Top of mind for many Members is the continued assessment of the risks that Huawei could pose to 5G networks in Canada. Huawei is a topic that arises in most discussions, as our Five Eyes partners have banned Huawei from their networks. Scott Jones has emphasized the importance of the ongoing security assessment being led by the Minister of Public Safety, but also the importance of assessing all companies and technologies with the same rigour and thoroughness. Members expressed deep concern about intelligence sharing amongst the Five Eyes partnership until Canada reaches a decision.

Notable questions:

  • If Huawei is a part of Canada's 5G network, will it pose a security risk to Canadians?
  • Other Five Eyes partners have already made a decision on Huawei and 5G networks. Is there something different about Canada that dictates why we have not made a decision?
  • Is Huawei considered a higher risk vendor when it comes to a 5G network?
  • Do we risk being excluded from sharing of vital information if we move ahead with something like Huawei?
  • Do you have any concerns about Huawei technology in home internet networks?

Fraud & Scams

Fraud has been an important topic before and during the COVID-19 pandemic. Members continue to question what is being done to protect Canadians and businesses from cyber-related fraud and fraud calls, but particularly when COVID-19 is the lure.

Notable questions:

  • In your speech, you spoke about fraudulent websites that were copying the Government of Canada website? How many were detected? Were they all eliminated?
  • We’re hearing a lot about phishing scams, such as a senior getting calls about the ‘top up’ on covid assistance and asking for information to access bank accounts to deposit money; how does your organization work with the RCMP and local police forces to investigate something like this? How do you work to ensure the public is aware of these scams?
  • During this pandemic, have we invoked our proactive measures to stop or mitigate cyber fraud?

Collaboration & Intelligence Sharing

Members have shown interest in how the CCCS works with partners such as the RCMP, the Canadian Anti-Fraud Centre (CAFC), and the Five Eyes. While these questions surface outside of a COVID-19 setting, Members continue to ask about whether the rise in COVID-related fraud and cyber-attacks on the health care and research sector has changed these relationships.

Notable questions:

  • Was there any exchange of intelligence with other partners such as the Five Eyes, for example, on incidents happening to us and happening elsewhere within our allies?
  • According to a media report, the CSE is working in coordination with its partners to ensure COVID-19-related phishing sites mimicking the Government of Canada are removed. Who are those partners?

Research & Development

Many questions about academic institutions, R&D organizations and COVID-19-related research have emerged in Committee appearances. There is special concern of foreign actors attempting to attack government efforts to develop a vaccine, and research institutions assisting in that.

Notable questions:

  • Has CSE been brought in to deal with any attacks against our own government in the efforts to develop a vaccine?
  • What is the intent of attacks against R&D institutions and academia, do you think?
  • The health sector has been highlighted here; however, a month ago, the authorities in the US and UK warned that universities are incredibly vulnerable. Have you seen an uptake in cyberattacks on universities? Do you agree with their assessment?

Page proofs

For reference: Supplementary Estimates B Memo

Summary

  • The Communications Security Establishment (CSE) has funding included in Supplementary Estimates B (SEB), planned for tabling in Parliament in October 2020.
  • CSE’s 2020-21 SEB includes two Treasury Board submissions and three inter-departmental transfers, for a net funding increase of $5.6M, as well as authority to cost recover for the provision of internal support services.

Treasury Board submissions included in CSE’s 2020-21 SEB

  • Funding for Information technology services, infrastructure, and cyber security (COVID-19): Total funding of $5.9M in FY2020-21, comprised of:
    • $5.5M for Personnel ($1.5M) and Operating ($4.0M); and
    • $0.4M for Statutory Employee Benefit Plan (EBP)

This investment ensures CSE's cyber security protections are built into Shared Services Canada's (SSC) IT enhancements to support remote work, thus enabling public servants to continue supporting the Government's emergency response measures to the COVID-19 pandemic. The MND endorsed this TB submission on 23 September, and TB approved it on 1 October.

  • Funding to expand secure communications for senior leadership: Total funding of $0.9M in FY2020-21, comprised of:
    • $0.8M for Personnel ($0.3M) and Operating ($0.5M); and
    • $0.1M for Statutory EBP

The investment will allow for improved cyber security protections and interoperability within the SECRET video conferencing and document presentation platform for Ministers and senior officials. The MND endorsed this TB submission on 1 September, and TB approved it on 24 September.

Transfers included in CSE’s 2020-21 SEB

  • From the National Security and Intelligence Review Agency (NSIRA): A transfer of $0.5M in Operating funds for the fit-up and maintenance of office space within CSE’s Edward Drake Building for NSIRA staff to conduct review and complaints work, pursuant to NSIRA’s legislated authorities.
  • From Canadian Security Intelligence Service (CSIS): A transfer of $0.1M (Personnel $0.08M, Operating $0.02M, and no EBP funding) to return funds for media monitoring products, which CSIS is no longer carrying out.
  • To Global Affairs Canada (GAC): A transfer of $1.8M (Personnel $0.6M, Operating $1.2M, and no EBP funding) associated with various CSE liaison office positions in other countries, in support of Foreign Service Directives, administered by GAC.

Authorities included in CSE’s 2020-21 SEB

  • Authority under Section 29.2 of the Financial Administration Act for CSE to expend revenues collected (i.e. cost recovered) for the provision of internal support services, such as security screening services for Department of National Defence personnel and classified multi-media destruction.
Date modified: