Protecting Canada’s electronic information and computer networks

On August 1, 2019 the Communications Security Establishment Act (CSE Act) came into force. The CSE web site is being updated to reflect the changes in CSE’s authorities and the accompanying accountability and transparency measures.

Protecting Canada’s electronic information and computer networks

In addition to our foreign signals intelligence mandate (Part A) and our assistance mandate (Part C), CSE also provides advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada. This is Part B of our mandate under the National Defence Act.

What does that mean?

CSE has internationally recognized cyber and technical expertise which enables us to respond to threats and attacks against government computer networks and systems, and the important information they contain.

We help protect our systems from foreign states, hackers, and criminals. We track threats from around the world, we monitor government networks to detect cyber threats, and we work with government departments to defend and strengthen systems that have been compromised. We help protect information of value to the government, including personal information, from theft.

With this important mandate, CSE also plays a critical role in the implementation of Canada’s Cyber Security Strategy, which has three objectives:

  1. Securing government systems;
  2. Working with the private sector and governments to protect critical infrastructure; and
  3. Helping Canadians to be secure online.

How are Canadian networks at risk?

Cyber threats — including foreign states, hacktivists, criminals, and terrorists — continually probe government systems, looking for vulnerabilities in order to gain access to a computer. Once they have access, threat actors can steal or distort the information stored on it, corrupt its operations or program it to exploit other computers and the systems to which it is connected.

Government networks are an attractive target for adversaries for many reasons:

  • They house information about the ways in which our government operates.
  • They hold trade secrets, intellectual property and valuable data related to our economy.
  • They are crucial in protecting the lives of our foreign service, military and law enforcement personnel.
  • They contain the personal information of Canadians who rely on these networks for access to government services such as tax returns, employment insurance and passports—information that needs and deserves to be protected.

Cyber-incidents against Government of Canada systems have happened before. In 2011, the systems of Finance Canada and the Treasury Board Secretariat experienced unauthorized cyber intrusions. CSE worked with both departments to limit the damage, and address the vulnerabilities in their systems. The result: more robust, secure systems, and better protected information.

Government of Canada networks by the numbers:

  • More than 57,000 servers
  • 9,000 internet connections

Canadian networks need to be secured from adversaries and the Government of Canada must protect personal information. Securing these systems is not simply a matter of operational efficiency; it is a matter of national security, sovereignty and privacy protection.

How does CSE defend Canadian networks?

CSE’s role in ensuring cyber security includes the following:

  • Securing government networks. Every day, thousands of attempts are made to access and infiltrate government networks. CSE works with departments like Shared Services Canada (SSC) —a government department that provides computer network services and support to other Government of Canada departments—to detect those attempts, block them and repair any damage. We make sure the government’s networks are among the most secure in the world.
  • Defending against cyber threats with advanced knowledge. CSE uses our foreign signals intelligence capabilities and information from our allies to better understand the people and organizations who are trying to exploit our systems and the techniques they try to use. We also learn as much as we can about evolving cyber threats, and the best ways to detect and prevent them. With this knowledge, CSE is better positioned to stop nefarious cyber activities and intrusions before they reach our networks, and your information.
  • Protecting our most sensitive and classified information through encryption. CSE is the lead agency on cryptography (or code-making and code-breaking). We provide the equipment, knowledge and support to ensure the Government's classified communications are protected.
  • Defining Information Technology Security standards for the Government of Canada. CSE is the lead technical agency in the federal government for IT security. Working with the Treasury Board Secretariat – Chief Information Officer Branch, CSE defines IT security standards, practices and technical guidance that should be used by IT security practitioners across the federal government.
  • Commercial Technology Evaluations. To meet the IT security needs of federal government departments, CSE tests and evaluates security products and systems to identify risks and vulnerabilities and work with vendors to improve security in products being considered for government use. We also conduct related technical research and development so that we can stay ahead of the curve, and we post advice on our website for other IT experts and practitioners.
  • Training the Government’s IT security professionals. CSE provides IT security training and awareness programs to all Government of Canada IT security professionals and other employees, through CSE’s IT Security Learning Centre.
  • Helping protect critical systems of other levels of government and the private sector. With our in-depth expertise and knowledge, we work with Public Safety Canada and computer networks and systems operated by other levels of government and the private sector to protect vital computer networks that Canadians rely on.