Canadian Centre for Cyber Security releases National Cyber Threat Assessment 2023-2024

Ottawa, Ontario - October 28, 2022
The Canadian Centre for Cyber Security (Cyber Centre) has released its National Cyber Threat Assessment 2023-2024, alerting that state sponsored and financially motivated cyber threats are increasingly likely to affect Canadians, and that foreign threat actors are attempting to influence Canadians through use of misinformation, disinformation and malinformation in online spaces.

This report outlines the most common cyber threats to Canadians and Canadian organizations, the likelihood that these cyber threats will occur and how they will evolve in the coming years.

This unclassified assessment found that ransomware is almost certainly the most disruptive form of cybercrime facing Canadians and that it remains a persistent threat to Canadian organizations. It also says critical infrastructure is increasingly at risk from cyber threat activity but, in the absence of direct international hostilities involving Canada, it is unlikely that state-sponsored actors would intentionally disrupt Canadian critical infrastructure.

The Cyber Centre has assessed that state-sponsored cyber threat activity is impacting Canadians, with state actors targeting diaspora populations and activists in Canada, Canadian organizations and their intellectual property for espionage and individuals for financial gain. We have also observed cyber threat actors’ attempts to influence Canadians using misinformation, disinformation and malinformation (MDM), and we assess that Canadians’ exposure to MDM will almost certainly increase over the next two years.

In addition, the assessment details that disruptive technologies, such as cryptocurrencies, machine learning and quantum computing, are bringing new opportunities for cyber threat actors and, thus, new threats to Canadians.

While threats continue to evolve, the Government of Canada has made cyber security a priority. Investments include the passage of the CSE Act, which gave the Communications Security Establishment the ability to better intercept and disrupt foreign threats. Budget 2022 has allowed $875.2 million to bolster CSE’s ability to deter, defend, and prevent cyber-attacks. These investments will protect Canada, our critical infrastructure, our government systems, and our national security. New this year, the Cyber Centre has also compiled its best advice and guidance for Canadians, Canadian organizations and critical infrastructure to address the cyber security threats outlined in the assessment.

Background

This is the Cyber Centre’s third National Cyber Threat Assessment. The first was published in December 2018.

In addition to publishing the National Cyber Security Assessment 2023-2024 today, the Cyber Centre has also published an updated edition of its Introduction to the Cyber Threat Environment. This introductory reference document provides baseline information about the cyber threat environment, including information about cyber threat actors and their motivations, their techniques and tools in a Canadian context.

About the Cyber Centre

Part of the Communications Security Establishment (CSE), the Cyber Centre is the Government of Canada’s technical authority on cyber security and the single, unified source of expert advice, guidance, services and support on cyber security operational matters.

The Cyber Centre works with businesses and organizations that have been victim to a cyber incident in order to mitigate the impact of cyber security incidents.