Communications Security Establishment
On this page
- Cybersecurity and Cyber Capabilities
- Top Cybersecurity Points
- Protecting Canada’s Democratic Process
- Ransomware
Cyber Capabilities
- Potential adversaries are using and developing cyber capabilities in order to exploit vulnerabilities in our cyber systems.
- The Communications Security Establishment Canada (CSE) employs sophisticated cyber tools and technical expertise to help identify, prepare for, and defend against cyber threats, as well as to impose costs on malign actors that seek to harm Canada's information systems, networks, businesses, and institutions.
- CSE's Canadian Centre for Cyber Security (the Cyber Centre) is a unified source of expert advice and guidance and leads the Government's operational response to cyber incidents. The Cyber Centre also collaborates with the rest of government, the private sector, and academia to strengthen Canada's cyber resilience.
- CSE and the Canadian Armed Forces (CAF) continue to work with domestic and international partners to support and build a stable cyberspace built on the respect for international law and the norms of responsible state behaviour in cyberspace.
- Accordingly, CSE conducts joint cyber operations with the CAF to support mission objectives. Cyber operations capabilities are a key element of military and state power, needed to deter and defeat foreign-based threats to Canada in times of peace and conflict.
- The CAF contributes to international peace and security through cyber threat intelligence sharing with Allies and partners, and through the conduct of full spectrum cyber operations as authorized by the Government of Canada.
- Specifically, the CAF relies on the force multiplier effects of technology enabled communications, intelligence, and weapon systems, all of which must be secured and defended from cyber threats.
- Canada's updated Defence Policy: Our North, Strong and Free, announced commitments to improve the Canadian Armed Forces' ability to conduct cyber operations.
- This includes establishing a Canadian Armed Forces Cyber Command, and a joint Canadian operations capability between CSE and the CAF.
- Strengthening the Canadian Armed Forces' cyber resilience through the Cyber Mission Assurance Program, in partnership with CSE, the CAF will also establish a cyber security certification to protect defence supply chains from cyber threats.
Key Facts
The CSE Act sets out four aspects of CSE's mandate, which contributes to the lines of operations above. This includes:
- Cybersecurity and information assurance
- Foreign intelligence
- Defensive and active cyber operations; and
- Assistance to federal partners
CSE may use defensive cyber operations to defend Canada against foreign cyber threats by taking online action. For example, CSE could prevent cyber criminals from stealing information from a Government of Canada network by disabling their foreign server. This authority can also be used to defend systems designated by the Minister of National Defence as being of importance to the Government of Canada, such as energy grids, telecommunications networks, healthcare databases, banking systems, and elections infrastructure.
Active cyber operations allow CSE to take online action to disrupt the capabilities of foreign threats to Canada, such as: foreign terrorist groups, foreign cyber criminals, hostile intelligence agencies, and state-sponsored hackers. Threats that CSE disrupts must relate to international affairs, defence or security.
CSE, supported by Global Affairs Canada and the CAF, has a proven track record of cyber operations that respects and reinforces Canada's statement on international law and cyber norms.
CSE's Canadian Centre for Cyber Security (the Cyber Centre) reminds all Canadians, especially infrastructure network defenders, to be vigilant against sophisticated cyber threats.
Canadian Armed Forces Cyber Capabilities:
- Defensive cyber operations are employed to respond and/or counter a threat by an adversary in cyberspace, whereas offensive cyber operations are conducted to project power in, or through, cyberspace to achieve effects in support of military objectives.
- CSE and the CAF continue to develop and scale offensive and defensive cyber operations capabilities. This partnership enables Cyber operations and provides the Government of Canada flexibility in achieving strategic objectives.
- The Canadian Armed Forces holds the responsibility of safeguarding its military networks on a continuous basis, and actively cooperates with CSE and international partners to help protect joint critical networks among Allies and within NATO.
Details
- CSE and its Canadian Centre for Cyber Security
- Cyber security is a foundation for Canada's future, for our digital economy, our personal safety, and national prosperity and competitiveness.
- Every day, the Communications Security Establishment Canada (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada's information systems and networks, and to take active measures to address them.
- Recent geopolitical events have elevated the potential risk of cyber threats, as outlined in the 2023-2024 National Cyber Threat Assessment.
- CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
- Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada's cyber security bar.
- If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email contact@cyber.gc.ca or report an incident through the Cyber website.
- Canadian Armed Forces and the Communications Security Establishment Canada Cooperation:
- The Canadian Armed Forces and CSE have a long history of partnership in the development of highly technical and specialized capabilities that support Canadian Armed Forces operations.
- These activities are subject to CSE's rigorous system of internal policies and procedures as well as independent oversight and review.
- Cooperation between the Canadian Armed Forces and CSE ensures the best use of tools and capabilities, reduces unnecessary duplication of efforts, leverages each other's authorities, and improves the chances of meeting mission objectives.
- Authorizations and Safeguards:
- Cyber operations undertaken in support of government objectives will be pursuant to the CSE Act, and the Crown Prerogative and the National Defence Act, and will be consistent with Canada's international legal obligations.
- The CSE Act requires that CSE's activities do not target Canadians anywhere in the world, or any person in Canada. Cyber operations conducted under CSE authorities require the Minister of National Defence to issue a Ministerial Authorization, which requires either consultation with the Minister of Foreign Affairs (for defensive cyber operations) or at the request of or with the consent of the Minister of Foreign Affairs (for active cyber operations).
- In conducting cyber operations, Canada recognizes the importance of adhering to international law and agreed norms of responsible state behaviour in cyberspace. Canada's authorities and governance framework to conduct cyber operations is supported by a strong independent review process, as well as internal oversight for operational compliance.
- Foreign cyber operations are further subject to proven checks and balances such as rules of engagement, targeting and collateral damage assessments.
- Cyber Operations:
- Strong, Secure, Engaged (SSE) committed the Canadian Armed Forces to assuming a more assertive posture in the cyber domain by hardening its defences, and by conducting offensive cyber operations against potential adversaries as part of government-authorized military missions.
- The CSE Act authorizes CSE to carry out 2 different types of foreign cyber operations: active and defensive. Both types of operations involve taking action in cyberspace to disrupt foreign-based threats to Canada.
- Defensive cyber operations (DCO) can be used to help protect systems of importance and federal institutions during major cyber incidents when cyber security measures alone are not enough.
- Active cyber operations (ACO) can be used proactively to disrupt foreign-based threats to Canada's international affairs, defence or security interests.
- Canadian Armed Forces Cyber Operator:
- SSE directed the creation of the Canadian Armed Forces Cyber Operator occupation. This trade includes both Reserve and Regular Force members who conduct both defensive and offensive cyber operations with the goal of supporting operational objectives and delivering tactical effects.
- Cyber Mission Assurance Program:
- SSE directed the creation of the Cyber Mission Assurance Program. It is part of the cyber capability to protect critical military networks and equipment from cyber threats. Platforms like aircraft, ships, and vehicles are becoming increasingly dependent on cyberspace. The Cyber Mission Assurance Program ensures that cyber resilience is a primary consideration when new equipment is procured.
- Cyber threats pose unique challenges in projecting and sustaining military power. The changing global environment and the increasing dependence on cyberspace technologies demands a significant change in our culture. The introduction of cyber-resiliency mindset in all our activities is required for the CAF to maintain its competitive advantage. The Cyber Mission Assurance Program focuses on managing the risks associated with cyber threats, to improve resilience, and increase the probability of mission success.
Top Cybersecurity Points
- Cyber security is a foundation for Canada's future, for our digital economy, our personal safety, and our national prosperity and competitiveness.
- Every day, the Communications Security Establishment Canada (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada's information systems and networks, and to take active measures to address them.
- CSE's Canadian Centre for Cyber Security (Cyber Centre) is Canada's technical and operational authority on cyber security. As part of CSE, it provides leading-edge advice and services to help prevent cyber incidents and keep critical services up and running, including by using sensors to detect malicious cyber activity at the host, cloud, and network levels.
- The Cyber Centre's mandate covers federal institutions and systems of importance, which include critical infrastructure. Under the CSE Act, the Cyber Centre can also assist any other entity designated by the Minister of National Defence as being of importance to the Government of Canada. Examples last year include providing cyber defence services to the territories and cyber security assistance to Ukraine and Latvia
- Recent and ongoing geopolitical events and incidents of cybercrime have elevated the potential risk of cyber threats. CSE continues to publish advice and guidance to help all sectors protect themselves from cyber threats. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
- Bill C-26 (An Act Respecting Cyber Security), currently before the Senate, is a critical next step that provides the government with new tools and authorities to better bolster defences, improve security across critical federally regulated industry sectors, and protect Canadians and Canada's critical infrastructure from cyber threats.
- Cyber security matters to all of us, and the federal government works together with other jurisdictions, organizations, and critical infrastructure network defenders to raise Canada's cyber security bar.
- If Canadian companies have been impacted by cyber threats, I urge them to contact the Cyber Centre toll free at 1-833-CYBER-88, by email at contact@cyber.gc.ca or report an incident through the Cyber website.
Key Facts
- CSE utilizes its mandate to reduce the impact of cybercrime on Canadian businesses, organizations, and individuals.
- Ongoing efforts include:
- collecting intelligence on cybercrime groups
- enhancing cyber defences to protect critical systems against cybercrime threats
- advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
- using active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups.
- In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
- target Canadians, Canadian businesses and institutions
- launch ransomware attacks
- solicit, buy and sell cybercrime goods and services
- These operations impose costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.
Protecting Canada'S Democratic Process
- The Government of Canada takes seriously its responsibility to safeguard Canada's democratic institutions.
- Pursuant to the CSE Act, the Communications Security Establishment Canada (CSE) and its Canadian Centre for Cyber Security (Cyber Centre) share intelligence and information with government clients, including appropriate authorities in Parliament.
- The House of Commons and Senate are independent, and its officials are responsible for determining when and how to directly engage with MPs and Senators.
- CSE continues to monitor GC networks and systems of importance for cyber threats. They are working in close coordination with government partners, including relevant security agencies.
- CSE helps to protect Canada's democratic process by:
- providing foreign signals intelligence to Government of Canada decision makers about the intentions, capabilities, and activities of foreign-based threat actors;
- defending Canada's federal elections infrastructure from malicious cyber activity;
- proactively helping democratic institutions improve their cyber security;
- sharing unclassified threat assessments with the public; and,
- sharing information to help Canadians identify disinformation.
- To support Parliamentarians, the Cyber Centre, part of CSE, provides a 24/7 hotline service offering direct support in the event of a cyber incident. The Cyber Centre has provided cyber threat briefings to political parties as well as a dedicated point of contact at the Cyber Centre for assistance with cyber security matters.
- In the run-up to both the 2019 and 2021 federal elections, the Minister of National Defence authorized CSE to conduct defensive cyber operations (DCO) to protect Canada's election infrastructure from malicious cyber activity if needed. In the event, no activities took place that would have required a DCO response.
- CSE's Canadian Centre for Cyber Security works closely with Elections Canada, elections authorities and political parties on cyber security preparedness. This includes offering briefings, training resources, consultations, tailored advice and cyber security services.
- The Cyber Centre has an ongoing relationship with Elections Canada, which includes:
- monitoring services to detect cyber threats;
- working with them to secure their computer networks; and,
- incident response assistance, if necessary.
- Provincial and territorial elections authorities can take advantage of services the Cyber Centre provides to critical infrastructure partners, such as:
- cyber alerts (including mitigation steps);
- malware analysis; and,
- cyber incident advice and support.
Key Facts
- Communications Security Establishment Canada (CSE)
- The CSE is Canada's centre of excellence for cyber operations. As one of Canada's key security and intelligence organizations, CSE protects the computer networks and information of greatest importance to Canada and collects foreign signals intelligence.
- CSE also provides assistance to federal law enforcement and security organizations in their legally authorized activities, when they may need CSE's unique technical capabilities.
- State-sponsored Actors Targeting Parliamentarians (APT31)
- 18 Canadian members of the Inter-Parliamentary Alliance on China (IPAC) were notified by the Executive Director in April 2024 they were targeted by a Chinese state-sponsored cyber actor. This was information was based on an FBI report that assessed IPAC members were targeted by Advanced Persistent Threat actor (APT) 31.
- The FBI report was received by Canada's security agencies, and the information that included the names of the targeted parliamentarians was shared in 2022.
- CSE shared specific, actionable technical information on this threat with House of Commons (HoC) officials, as would be our normal process with other Government of Canada partners when threats are detected.
- This engagement with the HoC started well before receiving the FBI report in question, as we had been tracking and helping them to take quick and appropriate measures within their systems to protect their network and users against this, and other threats. Questions related to how MPs are engaged on situations like this would be best addressed by HoC officials.
- Threats to Democratic Process Report (TDP 4)
- On December 6, 2023, CSE published the fourth iteration of Cyber Threats to Canada's Democratic Process (TDP4) and provides an update to the 2017, 2019 and 2021 reports released by CSE. Its purpose is to inform Canadians about the cyber threats to our democratic process in 2023.
- Key Findings:
- This assessment considers cyber threat activity and cyber-enabled influence campaigns, which use hacking and/or generative AI to influence opinions and behaviours.
- The worldwide proportion of elections targeted by cyber threat activity increased from 23% in 2021 to 26% in 2022.
- In 2022, 85% of cyber threat activity targeting elections was unattributed, meaning it could not be credited to a particular state sponsored actor.
- In 2022, cyber threat activity aimed at influencing voters was 7 times more common than activity targeting election infrastructure.
The Canadian Centre for Cyber Security:
- As part of the Communications Security Establishment Canada (CSE), the Canadian Centre for Cyber Security (Cyber Centre) brings over 70 years of experience protecting Canada's most sensitive information and networks. Bringing together operational security experts from across the Government of Canada, the Cyber Centre is the Government of Canada's authority on cyber security.
- Defending the Government of Canada's information systems provides the Cyber Centre with a unique perspective to observe and analyze trends in the cyber threat environment.
- The Cyber Centre works closely with other government agencies, industry partners, and with the public to share knowledge and experience to improve cyber security for Canadians and to make Canada more resilient against cyber threats.
Ransomware
- Ransomware continues to pose a threat to Canada's national security and economic prosperity and is one of the most impactful cyber threats in Canada, benefiting significantly from the specialized cybercrime economy and the growing availability of stolen information.
- Due to its impact on an organization's ability to function, ransomware is almost certainly the most disruptive form of cybercrime facing Canadians.
- Cybercriminals deploying ransomware have evolved in a growing and sophisticated cybercrime ecosystem and will continue to adapt to maximize profits.
- Threat actors will typically compromise a victim, encrypt their data, and demand ransom to provide a decryption key. They may also threaten to sell the stolen information on the dark web and demand further payment to prevent that posting.
- Data stolen during a ransomware attack almost certainly enables further cyber threat activity from a range of actors. Threat actors can also leverage sensitive business information to support commercial espionage.
- Ransomware can incur significant costs, disrupt the operation of important systems, damage or destroy an organization's data, and reveal sensitive information.
- A ransomware attack can prevent access to essential services and in some cases, threaten Canadians' physical safety and wellbeing.
- The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and issuing advice, guidance, and services for those affected by ransomware.
- In 2021, CSE shared a ransomware playbook for incident prevention and recovery, and an updated cyber threat bulletin.
- CSE also published the 2023-2024 National Cyber Threat Assessment (NCTA) which highlights the cyber threats faced by individuals and organizations in Canada, including ransomware.
- In May 2023, the Cyber Centre launched a new pilot pre-ransomware notification initiative in the fight against ransomware.
- Since the pilot launch, the Cyber Centre has issued pre-ransomware notifications to over 250 Canadian organizations in a variety of sectors including healthcare, energy, finance, manufacturing, and education.
- Although it remains a business decision, organizations should be aware that paying a ransom funds criminal enterprise. It also enables further malicious cyber activity and ultimately there is no guarantee that cybercriminals will return stolen information.
If pressed on any specific ransomware group and/or activities:
- CSE does not comment on specific cyber security incidents; however, it continues to provide advice and guidance to Canadians and Canadian organizations, if and when requested.
- CSE's Canadian Centre for Cyber Security continues to monitor new forms of ransomware and vulnerabilities, and shares tips and threat information with partners across Canada to help mitigate risks.
- I encourage all victims to report cybercrime activities to local law enforcement and the RCMP. I also encourage victims to report a cyber incident to CSE's Canadian Centre for Cyber Security (Cyber Centre) toll free at 1-833-CYBER-88, by email at contact@cyber.gc.ca or report an incident through the Cyber website.
Key Facts
- Malicious cyber activity poses an ongoing threat to Canada's federal institutions and critical infrastructure. This includes criminal activity such as ransomware attacks, and state-sponsored activity for strategic gain. The Cyber Centre's automated defences protect the Government of Canada from over 6 billion malicious actions a day. These include attempts to map systems and networks, to extract information or to deploy malware.
- As outlined in the 2023-24 NCTA, Cybercrime is the cyber threat Canadians are most likely to face.
Details
- Cybercrime is big business for cybercriminal organizations and has major impacts on Canada's economic security.
- In the Cyber Centre's National Cyber Threat Assessment (NCTA) 2023-24 unclassified threat report, they outlined how cybercrime continues to be cyber threat activity most likely to affect Canadians and Canadian organizations.
- CSE and the Cyber Centre uses the breadth of its mandate to reduce the impact of cybercrime on Canadian businesses, organizations and individuals. Ongoing efforts include:
- collecting intelligence on cybercrime groups
- enhancing cyber defences to protect critical systems against cybercrime threats
- advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
- using our active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups
- For example, under these authorities, CSE has launched an enduring campaign to disrupt foreign cybercriminals who threaten Canadian and allied systems with ransomware attacks. These systems include health care providers and other critical infrastructure owners.
- Under this campaign, CSE has executed dozens of operations that have disrupted the foreign infrastructure used by these groups. These operations have allowed the Cyber Centre and other cyber defenders to work with these system owners to prevent them from becoming victims of ransomware attacks.
- In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
- target Canadians, Canadian businesses and institutions
- launch ransomware attacks; and
- solicit, buy and sell cybercrime goods and services including:
- Canadian personal information
- Canadian proprietary information
- malware
- These operations impose costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.
Page details
- Date modified: