Communications Security Establishment releases 2023 update on cyber threats to Canada’s democratic process
Ottawa, Ontario – December 6, 2023
The Canadian Centre for Cyber Security, part of the Communications Security Establishment, has released its Cyber Threats to Canada’s Democratic Process: 2023 Update. This assessment addresses global cyber threat activity targeting elections and the implications for Canada’s democratic process and identifies four global trends:
- Cyber threat activity targeting elections is on the rise worldwide, with over a quarter of national elections affected in 2022. Based on this trend, CSE assesses that cyber threat activity is more likely to happen in Canada’s next federal election than in the past.
- Russia and China continue to conduct most of the attributed cyber threat activity targeting foreign elections.
- Cyber threat actors are getting better at covering their tracks, and most cyber threat activity targeting elections remains unattributed.
- Cyber threat actors are increasingly using generative artificial intelligence (AI) to enhance online disinformation. It’s very likely that foreign adversaries or hacktivists will use generative AI to influence voters ahead of Canada’s next federal election.
CSE is committed to protecting Canadians against any cyber interference in Canada's democratic process. As a member of the Security and Intelligence Threats to Elections (SITE) Task Force, CSE helps monitor and address threats to elections. CSE’s Canadian Centre for Cyber Security (Cyber Centre) works closely with Elections Canada to protect its infrastructure, as well as with major political parties to increase their cyber security awareness. This includes offering briefings, training resources, consultations and tailored advice and cyber security services.
The Cyber Centre’s ongoing relationship with Elections Canada includes monitoring services to detect cyber threats, working with them to secure their computer networks, and incident response assistance, if necessary. CSE assesses that it is unlikely that sensitive information held by Elections Canada will be compromised by cyber threat actors and unlikely that cyber activity will disrupt voting infrastructure in a national election.
When a federal election is called, the Cyber Centre is ready to stand up a dedicated hotline for federal political parties offering 24/7 cyber security support. In addition, outside of election periods, the Cyber Centre has a dedicated point of contact political parties can reach out to on cyber security matters.
CSE’s Cyber Centre and Get Cyber Safe campaign continue to provide advice and guidance to all Canadians to help them stay safe online, including information on how to identity misinformation, disinformation, and malinformation and a fact sheet for voters on online influence activities.
“As this report shows, adversaries are seeking to manipulate our democratic process, but that doesn’t mean we’re powerless to stop them. Our democracy is as strong as we make it. From policy makers and elections authorities to political parties and voters, we all have a role to play in defending Canada from threats to our democratic process.”
- Caroline Xavier, Chief, Communications Security Establishment
“This latest assessment shows the growing impact of emerging technologies, like generative AI, as foreign adversaries look for new ways to target elections and influence voters. While CSE and its Cyber Centre play a critical role in protecting Canada and safeguarding our democracy, it’s not a task we can do alone. We will continue to work with our partners to identify and mitigate these threats and ensure the integrity of our elections.”
- Sami Khoury, Head, Canadian Centre for Cyber Security
This is the fourth public report by CSE on cyber threats to Canada’s democratic process.
This assessment considers cyber threat activity and cyber-enabled influence campaigns, which use hacking and/or generative AI to influence opinions and behaviours.
The worldwide proportion of elections targeted by cyber threat activity increased from 23% in 2021 to 26% in 2022.
In 2022, 85% of cyber threat activity targeting elections was unattributed, meaning it could not be credited to a particular state sponsored actor.
In 2022, cyber threat activity aimed at influencing voters was 7 times more common than activity targeting election infrastructure.
CSE helps to protect Canada’s democratic process by:
- providing foreign signals intelligence to Government of Canada decision makers about the intentions, capabilities and activities of foreign-based threat actors
- defending Canada’s federal elections infrastructure from malicious cyber activity
- proactively helping democratic institutions improve their cyber security
- sharing unclassified threat assessments with the public
- sharing information to help Canadians identify disinformation.
CSE is a member of the Security and Intelligence Threats to Elections task force (along with CSIS, Global Affairs Canada, and the RCMP) which monitors and addresses threats to the democratic process.
In the event that CSE became aware of a cyber incident affecting a federal election, CSE would alert the affected entity, the other SITE task force members and the Critical Election Incident Public Protocol (CEIPP) panel. If the Panel determined that the incident threatened Canada’s ability to have a free and fair election, they would inform the public.
In the run-up to both the 2019 and 2021 federal elections, the Minister of National Defence authorized CSE to conduct defensive cyber operations (DCO) to protect Canada’s election infrastructure from malicious cyber activity if needed. In the event, no activities took place that would have required a DCO response.
Provincial and territorial elections authorities can take advantage of services the Cyber Centre provides to critical infrastructure partners, such as:
- cyber alerts (including mitigation steps)
- malware analysis
- cyber incident advice and support
We encourage Canadians to consult the Cyber Centre’s online guide for voters for cyber security advice and guidance and social media tips. CSE’s Get Cyber Safe campaign will continues to publish relevant advice and guidance.
For more information, please contact (media only):
Communications Security Establishment
- Date modified: