Communications Security Establishment
CSE Highlights of Minister of National Defence’s Mandate Letter
- The defence of Canada takes place at home, abroad, and increasingly, in cyberspace.
- Against a backdrop of rapid technological change, supply chain disruption and vastly increased adoption of and reliance on digital technology in Canada, the government’s cyber security expertise is essential.
- The Communications Security Establishment has the mandate to help prevent cyber threats from materializing in Canada, to help raise the cybersecurity bar and make Canada a harder target, and to help improve readiness to respond and recover from incidents particularly in critical infrastructure sectors.
- The mandate letter requirement is to “ensure that [CSE is] in a position to lead Canada’s response to rapidly evolving cyber risks and threats, including through adequate resources and close cooperation with our allies”.
- I am working with my Cabinet colleagues to prioritise investments that will fulfil this requirement and better equip CSE to improve Canada’s cyber resilience. Any investments we make as a government should put in place a secure digital backbone upon which Canada's economy can grow.
- While the Government has a key leadership role, it is important to remember that cybersecurity is a whole-of-society issue in which everyone has a role to play, from early childhood educators to retired persons, from small businesses to major utilities, from coast to coast to coast.
- State actors represent our most strategic threat and are actively probing for opportunities to conduct espionage and acquire data and take advantage of inadequate security practices in many sectors of the economy to gain unfair competitive advantage. Cybercriminals—by far the most pervasive threat today—are preying on Canadians and Canadian businesses for financial gain.
- CSE together with its partners have a proven track record of identifying state and criminal cyber threat actors, issuing cyber threat assessments and advisories, and managing the fallout of their activities in Canada for over two decades.
- For example, where ransomware is concerned, an ounce of prevention is worth a pound of cure. The global average total cost of recovery from a ransomware attack has doubled in a year, increasing from $970,722 CAD to $2.3M CAD in 2021. The average ransomware payment in 2020 was $312,493, up 171% from $115,123 in 2019.
- Establishing a secure digital Canada is an investment in infrastructure, much as Canada built the railroad which accelerated economic development, regional integration and transformed our nation.
- We have an opportunity to create a secure digital Canada and position every Canadian to reap the dividends of productivity, security and prosperity. The alternative will be more costly in the long run.
- This is not a new challenge. My team and I have been working with colleagues from Public Safety; Emergency Preparedness; Innovation, Science and Industry; and Global Affairs on these issues for many years and we have an agenda of legislative, policy and program work to be brought forward in the months ahead.
- With adequate resources, CSE can help further reduce the threat, strengthen our cyber defences by raising the bar, and more efficiently respond to and recover from (fewer) incidents.
- I was also tasked in the mandate letter with working with my colleagues, the Minister of Public Safety, the Minister of Foreign Affairs, and the Minister of Innovation, Science and Industry, and other implicated ministers on the renewal of the National Cyber Security Strategy.
- The renewed strategy will outline Canada's long-term plan to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.
- As outlined in my mandate letter I will also work to continue to advance the National Cyber Security Action Plan.
- Combined, these commitments will help ensure that Canada is well positioned to address urgent and pressing cyber risks, and to ensure the security and integrity of Canada’s critical systems.
- For over 75 years, the CSE has been Canada’s national signals intelligence agency for foreign intelligence and the technical authority for cyber security and information assurance.
- CSE’s foreign signals intelligence program provides Canada’s senior decision-makers with insights into the activities, motivations, capabilities, and intentions of foreign adversaries, and the international readiness and foreign reactions to a variety of diverse global events.
- CSE’s sophisticated cyber and technical expertise helps identify, prepare for, and defend against the most severe and persistent cyber threats against Canada’s computer networks and systems.
- The Communications Security Establishment Act (the CSE Act) sets out five aspects of CSE’s mandate: cyber security and information assurance; foreign intelligence; defensive cyber operations; active cyber operations; and technical and operation assistance. We use our technical expertise in all five aspects of our mandate. We do so to keep Canadians safe and secure.
Cyber Threat Environment
- As outlined in the National Cyber Threat Assessment report (NCTA 2020), over the last two years the number of cyber threat actors is rising, and they are becoming more sophisticated.
- Cybercrime continues to be the cyber threat that is most likely to affect Canadians and Canadian organizations, and CSE’s Cyber Centre judges that ransomware directed against Canada will almost certainly continue to target large enterprises and critical infrastructure providers.
- Ransomware is the most common cyber threat Canadian’s face, and it is on the rise.
- The Government of Canada is working to reduce the threat of ransomware by targeting and disrupting cybercriminals, coordinating strategies with international allies and by issuing advice, guidance, and services for those affected by ransomware.
Specific Cyber Mentions in MND’s Mandate Letter
- Oversee the Communications Security Establishment to ensure that they are in a position to lead Canada’s response to rapidly evolving cyber risks and threats, including through adequate resources and close cooperation with our allies.
- Work with the Minister of Public Safety, the Minister of Foreign Affairs, and the Minister of Innovation, Science and Industry, and in collaboration with implicated ministers, to develop and implement a renewed National Cyber Security Strategy, which will articulate Canada's long-term strategy to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.
- Working with the Minister of Public Safety, Minister of Justice and Attorney General of Canada and Minister of Innovation, Science and Industry, and with the support of the Minister of Foreign Affairs, continue to advance the National Cyber Security Action Plan, ensuring Canada is well positioned to adapt to and combat cyber risks, and ensure the security and integrity of Canada’s critical systems.
Foreign Interference and the Democratic Process
- The Communications Security Establishment (CSE) is Canada’s national lead for foreign signals intelligence and cyber operations, and the technical authority for cyber security. The Canadian Centre for Cyber Security (Cyber Centre) operates within CSE and helps protect the systems and information that Canadians rely on every day.
- CSE continues to monitor for cyber threats through its foreign intelligence mission. They also work with partners to improve Canada’s cyber security and resilience.
- In the lead up to and during the 2021 Federal Election, CSE worked closely with partners at the Canadian Security Intelligence Service (CSIS), Global Affairs Canada (GAC), and the Royal Canadian Mounted Police (RCMP) as part of the Security and Intelligence Threats to Elections Task Force (SITE).
- CSE’s role in SITE was to monitor for foreign threats and interference with electoral processes in Canada.
- Along with other security and intelligence agencies, CSE coordinated integrated government efforts by raising awareness, monitoring, reporting on threats, and help protect Canada’s most important systems.
- Now that the election has concluded, CSE and other SITE Task Force partners will continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
- CSE and its Cyber Centre will continue to help ensure Canada’s democratic institutions and processes are protected.
- Democratic institutions and processes around the world, including elections, are valuable targets for foreign interference. Canada is not immune to these threat activities. This is not new. As part of its plan to safeguard the 2019 federal election, the Government of Canada established the Critical Election Incident Public Protocol (the Protocol Panel) to ensure coherence and consistency in Canada’s approach to publicly informing Canadians during the writ period about incidents that threaten Canada’s ability to have a free and fair election. The Protocol, and its administration, was overseen by a panel of five senior civil servants who were responsible for determining whether the threshold for informing Canadians had been met, either through a single incident or through an accumulation of separate incidents.
- In addition, the SITE Task Force, comprised of officials from the CSE, CSIS, the RCMP, and Global Affairs Canada, was established as a fully integrated team to help the Government assess and respond to foreign threats. Before and throughout the election, the SITE Task Force also provided security briefings to Elections Canada and Canadian political parties, to promote situational awareness and help them strengthen their security posture.
Cyber Threats to Canada’s Democratic process Report 2021 Update
- As outlined in CSE’s Cyber Threats to Canada’s Democratic Process (published July 2021), changes made around the world in response to the COVID-19 pandemic, such as moving parts of the democratic process online or incorporating new technology into the voting process, almost certainly increased the cyber threat surface of democratic processes. Most significantly, threat actors can harness and amplify false narratives related to the COVID-19 pandemic to decrease confidence in elections.
- The Government of Canada, including CSE and its Canadian Centre for Cyber Security, remains vigilant in monitoring for any developing foreign threats, including those that may look to cause disruption with electoral processes in Canada.
- We take the security of our country’s critical infrastructure very seriously. While we cannot comment on specific companies, the Government has been conducting an examination of emerging 5G technology and the associated security and economic considerations.
- As the Prime Minister noted, there will be a decision made on the 5G security review in the near future.
- We continue to work with partners and other agencies to mitigate risks stemming from designated equipment and services, including Huawei, being used in Canadian 3G, 4G, and LTE telecommunications networks.
- As part of its cyber security mandate, CSE works with telecommunications service providers representing over 99% of Canadian subscribers. In this role, CSE provides advice and guidance to mitigate supply chain risks in telecommunications infrastructures upon which Canadians rely, including, since 2013, a program that has been in place to test and evaluate designated equipment and services considered for use on Canadian 3G and 4G/LTE networks, including Huawei.
- Third party labs accredited by CSE perform this testing. CSE’s role includes accrediting the third-party labs that perform this assurance testing and defining the testing requirements. CSE reviews the testing results and provides tailored advice and guidance to Canada’s telecommunications sector.
- While non-disclosure and commercial confidence agreements limit the degree to which CSE can comment on specific details, Canadians can be assured that the Government of Canada is working to make sure that robust protections are in place to safeguard the communications systems that Canadian rely on.
- The Minister of Public Safety’s Mandate letter states that legislation will be introduced to safeguard Canada’s critical infrastructure, including Canada’s 5G networks to preserve the integrity and security of our telecommunications systems.
- On September 28, Prime Minister Trudeau stated that he hopes to share a decision on whether to ban Huawei technologies from Canada’s 5G wireless network rollout “in the coming weeks”.
- A CPC opposition motion was placed on the order paper about 5G (full text of motion below) December 6, 2021 — Ms. Dancho (Kildonan—St. Paul) — That, in the opinion of the House, the government should:
- follow the advice of allied nations and immediately ban Huawei from Canada's future 5G network;
- reassure the United States that Canada is dedicated to an integrated North American intelligence and defence network;
- do everything in its power to counter espionage, enhance critical infrastructure protection, adapt to the modem cyber environment, and ensure that Canada's security network is infallible from both foreign and domestic threats; and commit to not paying compensation to telecommunications companies for the removal of Huawei's equipment from Canada's communication networks.
Report a problem or mistake on this page
- Date modified: