Communications Security Establishment

CSE Overview Note - Supplementary Estimates (B) 24-25

Details

• The increase in CSE's Main Estimates can be attributed to:
  • Treasury Board Submission funding of $49.1M (including $0.6M for EBP) to 'Invest in Canada as an Effective Cyber Power'.
• A net funding increase of $9.9M resulting from five interdepartmental transfers:
  • Transfer of $9.9M from Department of National Defence for information management and information technology support services.
  • Transfer of $3.1M from Shared Services Canada for the operation of the Secure Communications for National Leadership Program (SCNL).
  • Transfer of $2.2M to GAC in support of cyber security services for Ukraine.
  • Transfer of $738K to Global Affairs Canada (GAC) to support CSE staff located at liaison offices abroad; and
  • Transfer of $150K to Employment and Social Development to support Policy Horizons Canada.

Background

Treasury Board Submission funding of $49.1M (including $0.6M for EBP) to 'Invest in Canada as an Effective Cyber Power'.

• This investment will enhance CSE's ability to protect Canada's economic security, defend democratic processes, and advance Canada's international affairs, defence, and security interests.

A net funding increase of $9.9M resulting from five interdepartmental transfers.

• Transfer of $9.9M from Department of National Defence for information management and information technology support services.
• Transfer of $3.1M from Shared Services Canada for the operation of the Secure Communications for National Leadership Program (SCNL).
  • This program will help to provide secure mobile phone capabilities for Ministers and senior officials. The SCNL is a joint PCO, CSE and SSC initiative that enables a modern, mobile and secure means of communications for Ministers and senior officials classified up to SECRET.
• Transfer of $2.2M to GAC in support of cyber security services for Ukraine.
• Transfer of $738K to Global Affairs Canada (GAC) to support CSE staff located at liaison offices abroad.
  • GAC is a common service provider for Government of Canada operations abroad and receives compensation for the increased cost of operations resulting from staff being posted at Canadian missions and liaison offices by other government departments.
• Transfer of $150K to Employment and Social Development to support Policy Horizons Canada.
  • Policy Horizons Canada is the Government of Canada's centre of excellence in foresight. Policy Horizon Canada's goal is to empower the Government of Canada with a future-oriented mindset and outlook to strengthen decision making.

Cyber Capabilities Within DND/CAF and CSE

Quick Facts

The CSE Act sets out five aspects of CSE's mandate, which contributes to the lines of operations above. This includes:

• Cybersecurity and information assurance
• Foreign intelligence
• Defensive cyber operations
• Active cyber operations; and
• Technical and operational assistance

CSE may use defensive cyber operations to defend Canada against foreign cyber threats by taking online action. For example, CSE could prevent cyber criminals from stealing information from a Government of Canada network by disabling their foreign server. This authority can also be used to defend systems designated by the Minister of National Defence as being of importance to the Government of Canada, such as energy grids, telecommunications networks, healthcare databases, banking systems, and elections infrastructure.

Active cyber operations allow CSE to take online action to disrupt the capabilities of foreign threats to Canada, such as: foreign terrorist groups, foreign cyber criminals, hostile intelligence agencies, and state-sponsored hackers. Threats that CSE disrupts must relate to international affairs, defence or security.

CSE, supported by Global Affairs Canada and the CAF, has a proven track record that respects and reinforces Canada's statement on international law and cyber norms.

CSE's Canadian Centre for Cyber Security (the Cyber Centre) reminds the Canadian cybersecurity community, especially infrastructure network defenders, to be vigilant against sophisticated cyber threats.

Canadian Armed Forces cyber capabilities:

• Defensive cyber operations are employed to respond and/or counter a threat by an adversary in cyberspace, whereas offensive cyber operations are conducted to project power in, or through, cyberspace to achieve effects in support of military objectives.
• CSE and the CAF continue to develop and scale offensive and defensive cyber operations capabilities. This partnership enables Cyber operations and provides the Government of Canada flexibility in achieving strategic objectives.
• The Canadian Armed Forces holds the responsibility of safeguarding its military networks on a continuous basis, and actively cooperates with CSE and international partners to help protect joint critical networks among Allies and within NATO.

Background

CSE and its Canadian Centre for Cyber Security

• Cyber security is a foundation for Canada's future, for our digital economy, our personal safety, and national prosperity and competitiveness.
• Every day, the Communications Security Establishment (CSE) uses its sophisticated cyber and technical expertise to help monitor, detect, and investigate threats against Canada's information systems and networks, and to take active measures to address them.
• Recent geopolitical events have elevated the potential risk of cyber threats, as outlined in the 2025-2026 National Cyber Threat Assessment.
• CSE continues to publish advice and guidance to help organizations be less vulnerable and more secure. It works with industry partners, including government and non-government partners, to share threat information and cyber security best practices.
• Cyber security is a whole-of-society concern, and the federal government works together with other jurisdictions, organizations, as well as critical infrastructure network defenders to raise Canada's cyber security bar.
• If Canadian companies have been impacted by cyber threats, they are urged to contact the Cyber Centre toll free at 1-833-CYBER-88, by email contact@cyber.gc.ca or visit the Report a cyber incident webpage.

Canadian Armed Forces and the Communications Security Establishment Cooperation

• The Canadian Armed Forces and CSE have a long history of partnership in the development of highly technical and specialized capabilities that support Canadian Armed Forces operations.
• These activities are subject to CSE's rigorous system of internal policies and procedures as well as independent oversight and review.
• Cooperation between the Canadian Armed Forces and CSE ensures the best use of tools and capabilities, reduces unnecessary duplication of efforts, leverages each other's authorities, and improves the chances of meeting mission objectives.

Authorizations and safeguards

• Cyber operations undertaken in support of government objectives will be pursuant to the CSE Act, and the Crown Prerogative and the National Defence Act, and will be consistent with Canada's international legal obligations.
• CSE is prohibited by law from targeting the private information of Canadians or any person in Canada and must not infringe the Canadian Charter of Rights and Freedoms.
• Cyber operations conducted under CSE authorities require the Minister of National Defence to issue a Ministerial Authorization, which requires either consultation with the Minister of Foreign Affairs (for defensive cyber operations) or at the request of or with the consent of the Minister of Foreign Affairs (for active cyber operations).
• In conducting cyber operations, Canada recognizes the importance of adhering to international law and agreed norms of responsible state behaviour in cyberspace. Canada's authorities and governance framework to conduct cyber operations is supported by a strong independent review process, as well as internal oversight for operational compliance.
• Foreign cyber operations are further subject to proven checks and balances such as rules of engagement, targeting and collateral damage assessments.

Cyber operations

• Strong, Secure, Engaged (SSE) committed the Canadian Armed Forces to assuming a more assertive posture in the cyber domain by hardening its defences, and by conducting offensive cyber operations against potential adversaries as part of government-authorized military missions.
• The CSE Act authorizes CSE to carry out 2 different types of foreign cyber operations: active and defensive. Both types of operations involve taking action in cyberspace to disrupt foreign-based threats to Canada.
• Defensive cyber operations (DCO) can be used to help protect systems of importance and federal institutions during major cyber incidents when cyber security measures alone are not enough.
• Active cyber operations (ACO) can be used proactively to disrupt foreign-based threats to Canada's international affairs, defence or security interests.

Canadian Armed Forces cyber operator

• SSE directed the creation of the Canadian Armed Forces Cyber Operator occupation. This trade includes both Reserve and Regular Force members who conduct both defensive and offensive cyber operations with the goal of supporting operational objectives and delivering tactical effects.

Cyber mission assurance program

• Strong, Secure, Engaged (SSE) directed the creation of the Cyber Mission Assurance Program. It is part of the cyber capability to protect critical military networks and equipment from cyber threats. Platforms like aircraft, ships, and vehicles are becoming increasingly dependent on cyberspace. The Cyber Mission Assurance Program ensures that cyber resilience is a primary consideration when new equipment is procured.
• Cyber threats pose unique challenges in projecting and sustaining military power. The changing global environment and the increasing dependence on cyberspace technologies demands a significant change in our culture. The introduction of cyber-resiliency mindset in all our activities is required for the CAF to maintain its competitive advantage. The Cyber Mission Assurance Program focuses on managing the risks associated with cyber threats, to improve resilience, and increase the probability of mission success.

Foreign Interference and the Democratic Process

Background

Communications Security Establishment Canada:

• The Communications Security Establishment Canada (CSE) is Canada's centre of excellence for cyber operations. As one of Canada's key security and intelligence organizations, CSE protects the computer networks and information of greatest importance to Canada and collects foreign signals intelligence.
• CSE also provides assistance to federal law enforcement and security organizations in their legally authorized activities, when they may need CSE's unique technical capabilities.

State-sponsored Actors Targeting Parliamentarians (APT31):

• 18 Canadian members of the Inter-Parliamentary Alliance on China (IPAC) were notified by the Executive Director in April 2024 they were targeted by a Chinese state-sponsored cyber actor. This was information was based on a FBI report that assessed IPAC members were targeted by Advanced Persistent Threat actor (APT) 31.
• The FBI report was received by Canada's security agencies, and the information that included the names of the targeted parliamentarians was shared in 2022.
• CSE shared specific, actionable technical information on this threat with House of Commons (HoC) officials, as would be our normal process with other Government of Canada partners when threats are detected.
• This engagement with the HoC started well before receiving the FBI report in question, as we had been tracking and helping them to take quick and appropriate measures within their systems to protect their network and users against this, and other threats. Questions related to how MPs are engaged on situations like this would be best addressed by HoC officials.
• The House of Commons and Senate are independent, and its officials are responsible for determining when and how to directly engage with MPs and Senators.

National Cyber Threat Assessment 2025-2026

• On October 30, 2024, the Canadian Centre for Cyber Security (Cyber Centre) has released its National Cyber Threat Assessment 2025-2026 (NCTA 2025-2026). As with previous assessments, it provides a snapshot of cyber threats affecting Canada and Canadians and forecasts how they may evolve in the coming years. The Cyber Center's flagship report helps build Canada's resilience to cyber threats.

Key Findings:

• Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors. Canada's state adversaries are using cyber operations to disrupt computer networks and conduct online information campaigns to divide our society.
• The NCTA 2025-2026 shows that cybercrime remains a persistent, widespread and disruptive threat to individuals, organizations and all levels of government across Canada, and that ransomware is the top cybercrime threat facing Canada's critical infrastructure.
• The Cybercrime-as-a-Service (CaaS) business model is almost certainly contributing to the continued resilience of cybercrime in Canada and around the world.
• Well-known state adversaries continue to use sophisticated, active programs against Canada and our allies to serve their own political, economic, or military objectives.
• The cyber programs of the People's Republic of China's (PRC), Russia, and Iran remain the greatest strategic cyber threats to Canada. Cybercriminals driven by profit are increasingly benefiting from new illicit business models to access malicious tools and are using artificial intelligence to enhance their capabilities.
• The People's Republic of China's (PRC) expansive and aggressive cyber program presents the most sophisticated and active state cyber threat to Canada today. The PRC cyber program's scale, tradecraft, and ambitions in cyberspace are second to none.
• Countries that aspire to become new centres of power within the global system, such as India, are building cyber programs that present varying levels of threat to Canada.
• India very likely uses its cyber program to advance its national security imperatives, including espionage, counterterrorism, and the country's efforts to promote its global status and counter narratives against India and the Indian government.
• While the assessments describe trends that should concern anyone who reads about them, CSE and the Cyber Centre remain focused on tackling these threats.

The Canadian Centre for Cyber Security:

• As part of the Communications Security Establishment Canada (CSE), the Canadian Centre for Cyber Security (Cyber Centre) brings over 70 years of experience protecting Canada's most sensitive information and networks. Bringing together operational security experts from across the Government of Canada, the Cyber Centre is the Government of Canada's authority on cyber security.
• Defending the Government of Canada's information systems provides the Cyber Centre with a unique perspective to observe and analyze trends in the cyber threat environment.
• The Cyber Centre works closely with other government agencies, industry partners, and with the public to share knowledge and experience to improve cyber security for Canadians and to make Canada more resilient against cyber threats.

Top Cybersecurity Points

Background

• CSE utilizes its mandate to reduce the impact of cybercrime on Canadian businesses, organizations, and individuals.
• Ongoing efforts include:
  • collecting intelligence on cybercrime groups
  • enhancing cyber defences to protect critical systems against cybercrime threats
  • advising Canadian critical infrastructure providers on how to protect themselves against cybercrime; and
  • using active cyber operations capabilities (ACO) to disrupt the activities of cybercrime groups.
• In addition, working with Canadian and allied partners, CSE has conducted ACO to reduce the ability of cybercrime groups to:
  • target Canadians, Canadian businesses and institutions
  • launch ransomware attacks
  • solicit, buy and sell cybercrime goods and services
• These operations-imposed costs on cybercrime groups by making their activities more difficult and less profitable. The aim is to deter future cybercrime attempts on Canadian targets.

Motion of Privilege: Cyber Attack against MPs

Background

How CSE protects the democratic process:

• CSE helps to protect Canada's democratic process by:
  • providing foreign signals intelligence to Government of Canada decision makers about the intentions, capabilities, and activities of foreign-based threat actors
  • defending Canada's federal elections infrastructure from malicious cyber activity
  • proactively helping democratic institutions improve their cyber security
  • sharing unclassified threat assessments with the public
  • sharing information to help Canadians identify disinformation
• To support Parliamentarians, the Cyber Centre, part of CSE provides a 24/7 hotline service offering direct support in the event of a cyber incident. The Cyber Centre has provided cyber threat briefings to political parties as well as a dedicated point of contact at the Cyber Centre for assistance with cyber security matters.
• In the run-up to both the 2019 and 2021 federal elections, the Minister of National Defence authorized CSE to conduct defensive cyber operations (DCO) to protect Canada's election infrastructure from malicious cyber activity if needed. In the event, no activities took place that would have required a DCO response.
• CSE's Canadian Centre for Cyber Security works closely with Elections Canada, elections authorities and political parties on cyber security preparedness. This includes offering briefings, training resources, consultations, tailored advice and cyber security services.
• The Cyber Centre has an ongoing relationship with Elections Canada, which includes:
  • monitoring services to detect cyber threats
  • working with them to secure their computer networks
  • incident response assistance, if necessary
• Provincial and territorial elections authorities can take advantage of services the Cyber Centre provides to critical infrastructure partners, such as:
  • cyber alerts (including mitigation steps)
  • malware analysis
  • cyber incident advice and support
• In the event a federal election is called, the Cyber Centre is ready to stand up a dedicated hotline for federal political parties offering 24/7 cyber security technical support. (Outside of election periods, the Cyber Centre has a dedicated point of contact political parties can reach out to on cyber security matters.) Elections Canada will be able to rely on existing channels of communication with the Cyber Centre's democratic institutions team.

State-sponsored Actors Targeting Parliamentarians (APT31)

• 19 Canadian members of the Inter-Parliamentary Alliance on China (IPAC) were notified by the Executive Director in April 2024 they were targeted by a Chinese state-sponsored cyber actor. This was information was based on an FBI report that assessed IPAC members were targeted by Advanced Persistent Threat actor (APT) 31.
• The FBI report was received by Canada's security agencies, and the information that included the names of the targeted parliamentarians was shared in 2022.
• CSE shared specific, actionable technical information on this threat with House of Commons (HoC) officials, as would be our normal process with other Government of Canada partners when threats are detected.
• This engagement with the HoC started well before receiving the FBI report in question, as we had been tracking and helping them to take quick and appropriate measures within their systems to protect their network and users against this, and other threats. Questions related to how MPs are engaged on situations like this would be best addressed by HoC officials.

Growth, Recruitment, and Retention

Quick Facts

Background

Equity, Diversity and Inclusion

• As a security and intelligence organization, promoting diversity at CSE allows the workplace to integrate broad perspectives, experiences, and worldviews into its operations. As a result, individuals can pursue CSE's mission in a nurturing and welcoming environment.
• Working with equity-deserving groups both inside and outside of CSE on the promotion of equity, diversity and inclusion will enable CSE to evolve its processes, operations and policies in a manner that serves all Canadians effectively.
• In effort of working towards reconciliation, CSE continues to participate in the Government of Canada's IT Apprenticeship Program for Indigenous Peoples, a program that matches First Nations, Inuit and Métis candidates to help them build the skills they need for an IT career in the federal public service.