Chief, CSE Appearance before the Senate Standing Committee on National Security and Defence, March 21, 2016
Good afternoon Honourable Senators.
Thank you for the invitation to appear before you today to talk about the work of the Communications Security Establishment and the priorities we are tackling.
Since I was appointed Chief of CSE last year, I’ve had the opportunity to see first-hand the challenging and valuable work undertaken by our organization. I have the privilege of witnessing -- on a daily basis -- the professionalism, skill and determination of the women and men of CSE to help protect Canada, its people and its information. I am very proud of the hard work that they do and it has indeed been a privilege to lead this organization over the past year.
By way of background, I would like to begin with what CSE does and why we do it. As you know, we have a three part mandate under the National Defence Act.
First, CSE is Canada’s national signals intelligence agency, and is authorized to acquire and use information from the global information infrastructure to provide foreign intelligence, in accordance with intelligence priorities that the Government has identified. It’s important to emphasize that CSE only targets foreign entities and communications, and in fact is prohibited by law from targeting Canadians or anyone in Canada.
In terms of results, our intelligence has played a vital role in supporting Canada’s military operations, including the current effort in Iraq. It has helped uncover foreign-based extremist’s efforts to attract, radicalize, and train individuals to carry out attacks in Canada and around the world. It has provided early warning to thwart foreign cyber threats to the Government of Canada and critical infrastructure and networks. It has identified and helped defend the country against the actions of hostile foreign intelligence agencies. It has contributed to the integrity of Canada’s borders and infrastructure. And it has furthered Canada’s national interests in the world by providing context about global events and crises and informing Canada’s government decision-making in the fields of national security, defence and international affairs.
The second part of our mandate is cyber defence and protection. CSE provides advice, guidance and services to help ensure the protection of electronic information and information infrastructures of importance to the Government of Canada. Our sophisticated cyber and technical expertise helps identify, prepare for, and respond to the most severe cyber threats and attacks against computer networks and systems, and the important information they contain. We help to protect Government of Canada systems from foreign states, hackers, terrorists and criminals. We track threats from around the world, and we work with government departments to defend and strengthen systems that have been compromised. And we help protect information of value to the government, including personal information, from theft.
The third part of CSE’s mandate is to provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties. As Canada’s national cryptologic agency, CSE possesses unique capabilities and expertise. Under the assistance mandate, those capabilities may be used to assist a Canadian law enforcement or security agency to perform tasks in accordance with their legislated mandates.
The principles of lawfulness and privacy are critical to the work of CSE. Protecting Canadian privacy is not an afterthought. It is a fundamental part of our organizational culture and is embedded within our operational structures, policies and processes. CSE has a strong privacy framework – detailed policies and procedures, as well as internal review and independent external review, in particular the CSE Commissioner. These measures contribute to ensuring that CSE’s activities are conducted in a way that protects Canadian privacy interests.
This year marks CSE’s 70th anniversary. Throughout the past 70 years, CSE has helped to protect Canada and Canadians, while adapting to enormous changes in the international security environment and in the rapidly evolving nature of communications technology. From the Cold War to ISIS; from telegraph and radios to the global Internet, the current threats to Canada and its allies – and the very nature of our work are increasingly more complex and more diverse than ever.
This dynamic environment is the underlying theme of three of CSE’s top priorities.
The first of those priorities is to ensure that we continue to provide timely and valuable foreign intelligence to meet the intelligence priorities of the Government of Canada. In this increasingly complex international environment, the need for foreign intelligence is as critical as ever. I will note the example I mentioned earlier – CSE’s support to the Government’s mission in Iraq. Just as we did in Afghanistan, CSE provides vital intelligence to this mission and we help protect Canadian troops from threats on the ground. Intelligence has been identified as an important aspect of this mission, and I’m proud that CSE will continue this contribution as Canada’s mission evolves.
Nevertheless, there are challenges that CSE must confront to remain successful. Our foreign intelligence plays an important role in countering terrorist threats to Canada. However, CSE and our allies are dealing with significant changes in recent years – not only in the operations of terrorists, but also their adoption and use of new and sophisticated communications technologies. For example, ISIS has demonstrated an unprecedented ability to take advantage of modern technology. In a very short time, they have leveraged the Internet to spread propaganda and to inspire and plan attacks. This has underlined our need to adapt our capabilities to the rapid changes in technology and our adversaries’ use of them.
The next key priority for CSE that I would like to address is an increased emphasis on cyber security -- protecting, defending and educating to deter cyber threats. Protecting Canada’s most sensitive communications and information has been part of CSE’s business throughout our 70 year history. While this has always been core to CSE’s mandate, the fact that more and more of the world’s – and Canada’s – government operations, business, military systems and citizen’s lives are conducted on-line has necessitated a heightened focus on cyber security.
The growing reliance on digital information and electronic systems by Government, private industry and citizens has introduced new risks, new threats, and new threat actors, challenging the very digital infrastructure on which Canadians rely.
The number of nation-states and non-state actors that possess the capability to conduct persistent, malicious cyber operations is growing, and Canada is an attractive target. CSE, working alongside our government partners, is at the front lines in safeguarding information. CSE’s sophisticated cyber defence mechanisms block over 100 million malicious cyber actions against the Government of Canada every day, thus playing a critical role in safeguarding Canada’s national security and government operations. Through CSE’s educational initiatives such as our Top Ten IT Security Actions to protect Government of Canada networks and information, we help ensure that government IT professionals are informed about the latest threats and mitigation measures.
The government has also recognizes that Canada’s private sector and critical infrastructure, in particular those sectors at the leading edge of innovation, are also at risk of malicious cyber attacks. For this reason, CSE and its federal partners are increasingly providing cyber defence support beyond Government networks, including cyber threat information and mitigation advice.
The third priority for CSE is to ensure that we have the organizational capacity – both today and in the future – to meet the Government of Canada’s requirements for world-class cyber excellence across our three-part mandate, while always upholding the highest standards of lawfulness and privacy protection. And doing all of this in an increasingly challenging and demanding environment.
This requires CSE and its people to be agile, innovative, determined and principled. This is something that we’ve been doing successfully for 70 years, and we will continue to do so.
I will conclude my opening remarks by saying that I am confident in our ability to meet these challenges: to remain resilient in the midst of significant change, to address the growing demands posed by cyber threats, to provide timely and vital foreign intelligence to the Government of Canada, and to continue to safeguard the privacy of Canadians.
My confidence stems from the professionalism and commitment of CSE’s highly skilled workforce. CSE’s employees play a fundamental role in shaping our organization and our capabilities, and in delivering on our objectives. They are our most important asset.
Their strong teamwork, their integrity, and their focus on excellence are also a reflection of their commitment to public service. They are Canadians who are committed to doing their best for their country. Their dedication and skills will be instrumental to CSE’s success in helping to protect Canada’s national interests and security as we look forward to our next 70 years.
Again, I thank the committee for your invitation and welcome any questions you might have.