National Security and Intelligence
National Security and Intelligence Committee of Parliamentarians’ 2019 Special Report
- National Defence and the Communications Security Establishment support the important work of the National Security and Intelligence Committee of Parliamentarians.
- We are carefully considering the Canadian citizen information report’s findings and recommendations as we continue to improve how we keep Canada and Canadians safe.
- National Defence has put in place a robust oversight framework for defence intelligence activities.
- For example, in March 2020, National Defence issued an updated Functional Directive on the protection and handling of Canadian citizens’ information, which will be reviewed annually.
- We recognize the importance of external review in maintaining the trust of Canadians.
- To this end, we look forward to our continued collaboration with the Committee and with the new National Security and Intelligence Review Agency.
If pressed on the report’s findings:
- All defence intelligence activities are authorized by Canadian law and subject to applicable Canadian and international law.
- Further, all defence intelligence activities are governed by an extensive body of directives, orders, and policies, and are subject to a robust oversight framework.
- National Defence regularly reviews and updates its policies and practices to ensure alignment with the law, with government policy, and with the demands of changing security environment.
Key Facts
- During the review, National Defence provided over 950 pages of documentation, including responses to follow-up questions.
- National Defence provided one Committee briefing, and held seven meetings with the Committee’s Secretariat.
- COVID-19: Due to the pandemic and the current adjournment of Parliament, no Committee has yet studied these reports.
Details
- On March 12, 2020, NSICOP tabled redacted versions of its 2019 Special Reports in Parliament.
- The Canadian Citizen Information (CANCIT) report examines the collection, use, retention and dissemination of Canadian citizens’ information in the context of defence intelligence activities.
- The report now stands referred to the Senate Standing Committee on National Security and Defence and the House Standing Committee on Public Safety and National Security.
- Neither Committee is mandated to meet prior to Parliament resuming in September 2020.
- NSICOP is holding conversations on plans for future reviews. Any review involving National Defence is not yet known.
- National Defence remains in regular contact with the Committee’s Secretariat.
CANCIT special report: key findings and recommendations
- Finding: the policy framework that the Department of National Defence and the Canadian Armed Forces (DND/CAF) follow for the collection, use, retention and dissemination of information on Canadians needs clarification.
- Recommendation: DND/CAF rescind the Functional Directive on the Collection of Canadian Citizen Information, and review all of its related functional directives and other policy instruments in consultation with the Privacy Commissioner.
- Finding: DND/CAF is not fully compliant with the Privacy Act in relation to intelligence activities taking place outside Canada, activities to which the Committee believes the Privacy Act applies.
- Recommendation: The Minister of National Defence should ensure DND/CAF complies with the letter and spirit of the Privacy Act in all of its defence intelligence activities, whether in Canada or abroad.
- Finding: The Crown prerogative may not prove to be an adequate source of authority for DND/CAF to conduct its defence intelligence activities, particularly where they involve information about Canadians.
- Recommendation: MND introduce legislation governing defence intelligence activities, including the extent to which DND/CAF should be authorized to collect, use, retain and disseminate information about Canadians in the execution of authorized missions.
Defence intelligence and canadian citizen information
- National Defence does not direct its defence intelligence activities at Canadian citizens, except when authorized as part of a mandated defence activity or in support of another government agency.
- In the event that Canadian citizens’ information is incidentally collected, it is deleted from National Defence databases once it is confirmed that the information cannot be held for defence intelligence purposes to support authorized defence operations and activities or lawfully passed to another Canadian department or agency.
- When supporting another Canadian department or agency, the activities occur under the mandate and authorities of the supported department or agency.
- At this time, counter-intelligence is the only defence activity where the CAF is authorized to direct its activities at Canadians other than activities done in support of other departments.
- As part of its mandate to identify, investigate, and counter threats (espionage, sabotage, subversion, terrorist activities and other criminal activity) to the security of National Defence, the Canadian Forces National Counter Intelligence Unit may, where a national defence nexus exists, investigate Canadian citizens and collect or receive information to provide threat assessments and inform decision-making.
- To address the Committee’s recommendation, in March 2020, National Defence issued a new Chief of Defence Intelligence Functional Directive: Guidance on the Protection and Handling of Canadian Citizen Information. It will be reviewed every year.
- All National Defence activities are authorized by Canadian law. The Committee has not identified any specific instance where a defence intelligence activity did not comply with the law.
- As the Committee found, National Defence applies the Privacy Act to all defence intelligence activities that take place in Canada. Whether the Privacy Act applies to defence intelligence activities outside of Canada is unsettled at law.
- As the Committee recognizes, there is no jurisprudence on this question. However, National Defence has consistently applied the principles of the Privacy Act to its defence intelligence activities outside of Canada.
- National Defence relies upon the Crown prerogative as an important source of legal authority for its operations and activities. The defence prerogative has been recognized by Canadian courts as a valid source of executive power for the conduct of DND/CAF operations and activities.
Version 1 – 2020-06-10 – Source: Supps(B) 2020-2021 note: “NSICOP Annual and Special Reports”
National Defence and 5G
- The Government of Canada takes the security of our country’s critical infrastructure very seriously.
- 5G networks will be a key driver of innovation and enable new technologies, such as cleaner energy and smart cities.
- For National Defence, 5G technology will assist in providing increased connectivity between our digital platforms, members of the Canadian Armed Forces and civilian personnel.
- While I cannot comment on specific companies, the Government of Canada is currently reviewing its approach to emerging 5G technology.
- Since December 2018, Public Safety has been leading this important review, in collaboration with its partners, including the Communications Security Establishment and National Defence.
- The Government of Canada remains committed to the security of Canadian networks and will take the appropriate decision in due course.
Key Facts
- COVID-19: The Government of Canada’s review of 5G technology remains underway; we continue updating our analysis, based on the most recent information. We are also exchanging information related to threats and technology with our partners and allies.
- There are several 5G test beds within Canada, including ENCQOR 5G which is a Canada-Quebec-Ontario partnership focused on research and innovation in the field of 5G.
Details
Recent parliamentary interest
- On May 25, 2020, Mr. Scott Jones, Head of the Canadian Centre for Cyber Security at CSE, appeared alongside Joyce Murray, Minister for Digital Government, before the House Standing Committee on Government Operations and Estimates (OGGO) to discuss cybersecurity in the context of the Government’s response to COVID-19. Conservative Members of Parliament Kelly Block and Kelly McCauley questioned Mr. Jones on the threat and risks of Huawei in Canada’s 5G network. Mr. Jones assured the Committee that CSE is leveraging its full mandate to promote public awareness to thwart external cyber threats and protect Canadians.
Review of 5G technology
- In December 2018, Public Safety Canada initiated a security examination to assess the risks associated with the shift to fifth generation telecommunications (5G), and to identify potential mitigation measures. The examination is primarily focused on the technical and national security considerations of 5G, including the extent to which 5G would further enable hostile activity by both state and non-state actors.
Huawei
- As part of its cyber security mandate, the Communications Security Establishment (CSE) works with telecommunications service providers representing over 99% of Canadian mobile subscribers. In this role, CSE provides advice and guidance to mitigate supply chain risks in telecommunications infrastructures upon which Canadians rely, including a program that has been in place since 2013 to test and evaluate designated equipment and services considered for use on Canadian 3G and 4G/LTE networks, including Huawei.
- On March 12, 2020, the Canadian Press published an article with excerpts of an interview with the Chief of the Defence Staff where he expressed concern about anything that could give China access to Canada’s military networks. He expressed confidence, however, in the Government’s ability to mitigate the threats associated with Huawei.
- On May 24, 2020, the United Kingdom (UK) announced that it is examining the additional risks from Huawei products following the latest U.S. export restrictions on the company. The UK had previously announced a policy to limit Huawei to 35% of its 5G radio access network. The UK review is not complete.
Version 1 – 2020-06-15 – Source: QP Note, 2020-01-30
Cyber security
- Cyber capabilities and expertise are critical to defending Canada against 21st century threats.
- The Canadian Armed Forces is continually working to strengthen mission-critical systems, integrate cyber activities into broader military operations, and develop new capabilities.
- For example, we are investing $400 million into initiatives to enhance cyber threat identification, response capabilities, and the protection of National Defence’s critical infrastructure.
- National Defence is also working closely with other departments, allied militaries, and our industry partners to identify evolving threats, increase interoperability, and share best practices.
- At the national level, the Canadian Centre for Cyber Security is providing expert advice, services and support on cyber security for the Government, the private sector, and the Canadian public.
- Together, these efforts will ensure that Canada is able to confront any new cyber threat, including from malicious actors trying to exploit the current COVID-19 pandemic to advance their interests.
- It will also ensure that Canada’s military remains at the cutting edge of the ever-evolving cyber domain.
If pressed on cyber vulnerabilities of military equipment:
- National Defence is incorporating cyber assessments as an integral part of new procurement projects to identify and defend against any potential cyber vulnerabilities.
- We also conduct risk assessments on existing equipment to protect against new threats as they arise.
Key Facts
- As committed in Strong, Secure, Engaged, the Canadian Armed Forces have created new cyber roles to attract talent and improve expertise.
- Canadian Armed Forces members in cyber trades: 76
- New cyber trade positions to be filled: 23
- The Communications Security Establishment has a mandate to conduct cyber operations and to assist the Canadian Armed Forces in conducting operations.
Details
Canadian Armed Forces Cyber Capital Program
- Cyber activities are conducted through the Canadian Armed Forces (CAF) Cyber Capital Program. Two key projects fall under this program:
- Cyber Defence – Decision Analysis and Response Project: This project will improve cyber threat identification and incident response capabilities. It will also allow for the detection and characterization of suspicious activity, and provide the ability to contain and eradicate threats.
- Network Command and Control Integrated Situational Awareness Capability Project: This project will improve the monitoring of the informational technology (IT) services and provide enhanced information critical for decision making regarding IT infrastructure.
The Canadian Armed Forces Cyber Operator
- The new cyber operator occupation includes both Reserve and Regular Force members who conduct defensive cyber operations. The Cyber Reserve Force provides full-time capability through part-time service by assigning Primary Reserve units and formations new roles, with the goal of enabling strategic decision-making, supporting operational objectives, and delivering tactical effects.
Active cyber operations
- Strong, Secure, Engaged committed the CAF to assuming a more assertive posture in the cyber domain by hardening our defences and by conducting active cyber operations against potential adversaries as part of government-authorized missions.
- The Communications Security Establishment Act allows CSE to carry out foreign cyber operations to help protect federal (and designated) information and infrastructure, or to degrade, disrupt, influence, respond to, or interfere with, foreign entities in accordance with Canada’s international affairs, defence, or security objectives. CSE has always acted with its lawful authorities to help protect our forces wherever they are deployed, and under the 2019 CSE Act, can now provide operational and technical assistance to DND/CAF, including active cyber operations.
Recent parliamentary interest
- On May 20, 2020, Mr. Scott Jones, Head of the Canadian Centre for Cyber Security at CSE, testified at the House Standing Committee on Industry, Science and Technology (INDU) and spoke on cyber threats and cyber-related during COVID-19. Questions focused on foreign cyber-threats on the health care sector, frontline workers and academic/research organizations.
- On May 25, 2020, Mr. Scott Jones, Head of the Canadian Centre for Cyber Security at CSE, testified at the House Standing Committee on Government Operations and Estimates (OGGO). Conservative Members of Parliament questioned Mr. Jones on the new threat associated with the COVID-19 pandemic. Mr. Jones stated that CSE is operationalizing its full mandate through issuing public awareness alerts and leveraging industry partnerships to combat cyber-attacks on Canadians, including with the House of Commons in assisting with the protection of virtual sittings.
Version 1 – 2020-06-09 – Source: Supps(B) 2020-2021 note: “CAF Cyber Activities”
Page details
- Date modified: