The Relevance of our Work

Core Mandate

Investigate activities suspected of constituting threats to the security of Canada
Advise the Government of these threats
Take measures to reduce threats to the security of Canada

Partnerships

Nearly 80 arrangements with domestic partners over 300 arrangements with foreign partners in some 150 countries

Robust information sharing framework ensures conformity to Ministerial Direction

Threats to the Security of Canada

Terrorism
Espionage and sabotage
Foreign influenced activities detrimental to the interests of Canada
Subversion of government through violence

Accountability

Canadian public
Minister of Public Safety
Federal Court
Security Intelligence Review Committee
National Security and Intelligence Committee of Parliamentarians

Duties And Functions: The CSIS Act

Section 12

Investigate activities suspected of constituting threats to the security of Canada and to report on these to the Government of Canada
May take measures to reduce threats, if reasonable grounds to believe the activity constitutes a threat to the security of Canada

Section 13

Provide security assessments on individuals who require access to classified information or sensitive sites within the Government of Canada.

Government Security Screening

76,550 Site Access
63,900 Government
220 Provinces
530 Foreign

Statistics as of end of fiscal year 2017-18.

Section 14

Provide security advice relevant to the exercise of the Citizenship Act or the Immigration and Refugee Protection Act

Immigration Screening

166,500 Citizenship
43,400 Perm Resident
58,400 Temp Resident
37,700 Refugees

Section 16

Conduct foreign intelligence collection within Canada at the request of the Ministers of Foreign Affairs and Defence
- Can only be carried out within Canada
- Must not target a Canadian citizen, permanent resident or corporation

Departmental Results Framework/Financials

Long description of infographic : Actual expenditures

The Intelligence Cycle

In order to fulfill its mandate, CSIS gathers intelligence information and disseminates it to appropriate government clients using a five-phase process, known as the “intelligence cycle”.

Requirements and Direction
Planning
Collection
Analysis
Dissemination

Long description of infographic: Intelligence cycle

Requirements and Direction

The CSIS Act gives CSIS the mandate to investigate activities suspected of constituting threats to the security of Canada, including espionage, sabotage, terrorism, foreign influenced activities detrimental to the interests of Canada and subversion of government through violence.

In keeping with this mandate, CSIS receives direction from the Government of Canada on the intelligence requirements of most importance, through multiple sources:

Government Intelligence Priorities as established by Cabinet through discussion and consultation with the relevant Ministers and the Security and Intelligence community.
Minister’s Direction on Intelligence Priorities, which translates the Government Intelligence Priorities into specific collection direction for CSIS
Regular meetings with domestic partners, such as Communications Security Establishment and the Royal Canadian Mounted Police, as well as with clients within the Government of Canada who are intelligence consumers.

Planning

The Government and Ministerial Direction on Intelligence Priorities, the CSIS Act and the needs of domestic partners and clients are all taken into consideration when developing the annual collection strategy.

Responding to this direction, CSIS establishes internal direction and annual collection plans to meet the intelligence needs of Canadian government departments and agencies.

Collection

CSIS uses a variety of methods to collect information on individuals and groups whose activities are suspected of constituting a threat to national security.

The information necessary to conduct an investigation is collected from various sources, including:

Open sources such as newspapers, periodicals, academic journals, foreign and domestic broadcasts, official documents, and other published material; and
Members of the public, human sources, foreign governments, Canadian partners, as well as through technical interception of communications and inquiry. Any intrusive measure, or those affecting the privacy of Canadians, requires obtaining a warrant, approved by the Minister, and authorized by the Federal Court.

Analysis

CSIS analysts use their knowledge of regional, national and global trends to assess the quality of all types of information gathered, analyze it and produce useful intelligence for clients and consumers.

CSIS analysts examine the information provided by other Canadian government departments and agencies, foreign intelligence agencies, intelligence collected through investigations, as well as open sources. The analysis process results in intelligence reports and threat assessments.

Dissemination and Feedback

CSIS disseminates intelligence products and assessments primarily to the Government of Canada and supporting law enforcement authorities. CSIS also disseminates intelligence to Five Eyes partners – a global intelligence alliance comprised of Canada, USA, UK, Australia and New Zealand – as well as other foreign allied partners. An integral part of the intelligence cycle is collecting feedback on intelligence products from our partners. CSIS gathers product specific feedback from all partners, and routinely gathers requirements from the Government of Canada partners to help shape and drive collection and production efforts.

Threats to Canada’s National Security

Terrorism in Canada: Inspired Violence

The terrorism threat landscape in Canada continues to evolve and is directly impacted by both domestic and international trends and events. There remains a persistent intent demonstrated by domestic actors to carry out a violent act of terrorism. Terrorism perpetrated by extremists who are inspired by terrorist groups such as Daesh and Al Qaeda, including those who seek to travel to join terrorist groups abroad, or those who radicalize, is the number one national security threat to public safety in this country. Investigating these threats remains a top priority for CSIS.

CSIS also remains concerned about the threat posed by those who harbor and support other forms of extremism. The globalization of terrorism, fueled by elaborate online propaganda by extremist groups, has expanded the breadth of radicalization and mobilization to violence. In some instances, individuals influenced by extremist ideology have travelled (or attempted to travel) abroad to participate in terrorist activity. Others have supported their extremist ideology through training, fundraising, recruitment and attack planning within Canada.

Recent terrorism activities in the West have been typically characterized by low-resource, high-impact acts, and usually inspired by terrorist groups such as Al Qaeda or extremists responding to Daesh’s call for a ‘virtual caliphate’. The increased use of low-sophistication and low-resource means is evident in the repeated use of vehicles and knives in attacks in Europe and North America. Despite the decrease in sophistication, the impact and lethality remains high as the perpetrators often strike soft targets. Daesh and AQ propaganda has provided guidance to their supporters on the use of small arms, vehicles and bladed weapons, offering suggestions on how to inflict the most harm. Encouragement to use simple weapons can empower those who would otherwise be incapable of conducting a more complex terrorist attack.

An important part of terrorist messaging and recruitment is the use of media and social media. There has been a surge in Daesh media production as the group continues to spread its message by disseminating material by new means and alternative platforms (e.g. using platforms that do not require identification, reverting to the use of forums or using Darknet libraries to share links). The use of cyberspace by terrorist entities to enhance the security of their activities will remain a challenge for the security and intelligence community. Most notably, the increasing prevalence of encryption technologies allows terrorists to conceal the content of their communications and operate with anonymity while online. This allows them to evade detection by police and intelligence officials, presenting a significant challenge to governments’ ability to investigate and prosecute threat actors.

Daesh has lost significant amounts of physical territory due to the military actions of an international coalition which includes Canada. It has now shifted away from a focus on statehood to increased calls for retaliation, and CSIS assesses that Daesh will continue its efforts to inspire and/or encourage operations abroad. Attacks undertaken by individuals whose radicalization is facilitated by learned tactics and online and emerging technologies are the direct result of aggressive terrorist media campaigns which intend to inspire more violence. The phenomenon of radicalization, both offline and online, remains a significant concern to Canada and its allies.

Today’s threat environment is global. We have an obligation to fully investigate threat activities in Canada directed outside our borders. Within Canada, threat-related activities primarily targeting India and committed by a small number of Canada-based extremists who support violent means to establish an independent state within India have continued, mostly at a low level, since their peak in the mid-1980s. Recently, however, there has been an increase in observed threat activity, wherein Canada is being used as a base to support this view as well as attacks targeting India. These activities constitute a threat to the security of Canada. Canada must contribute to the international community’s efforts to prevent violent attacks from happening in any country.

Canadian Extremist Travellers

The Government of Canada has continued to monitor and respond to the threat of extremist travelers. These are individuals who have a nexus to Canada — meaning they hold citizenship, permanent residency or a valid visa — and who are suspected of having travelled abroad to engage in terrorism-related activity. The phenomenon of extremist travellers — including those abroad, those who return, and those who are prevented from travelling — poses a range of security concerns for Canada. While Canada’s share of this problem is small, we are not immune.

Approximately 250 of these extremist travellers with a connection to Canada have journeyed overseas, about half into Syria, Iraq, and Turkey, and the rest into Afghanistan, Pakistan, and parts of north and east Africa, with approximately 190 still abroad. These individuals have travelled in order to support and facilitate extremist activities, and, in some cases, to directly participate in violence. Approximately 60 individuals with a nexus to Canada who were engaged in extremist activities abroad have returned to Canada. Of these 60, only a relatively small number of them returned from Turkey, Iraq or Syria.

The conflict in Syria and Iraq has been unprecedented in drawing extremists to fight overseas since it began in 2011, with departures reaching a peak in 2014. CSIS is aware of approximately 100 (out of the 190) individuals with a nexus to Canada who are suspected of engaging in terrorism–related activity within this region. Several factors, including foreign authorities preventing entry at their borders, enhanced legislation in Canada deterring individuals from leaving, as well as Daesh’s loss of vast swaths of territory, have all contributed to the decline in the number of individuals travelling to join extremist groups in Syria and Iraq.

Canada has not experienced high numbers of returning extremist travellers from the Syria–Iraq conflict zone. Return to Canada from this region has proven difficult, given the risk of death or capture by myriad extremist and other armed groups and possible lack of valid travel documents and funds with which to travel. Finally, given their ideological commitment to their cause, many Canadian extremists are likely to remain in the conflict theatre in the short to medium term.

CSIS takes the threat posed by returning fighters very seriously. These people have not only shown the resolve to travel and join a terrorist group, they have often received training or gained operational experience while abroad.

CSIS and other Government of Canada departments and agencies are well organized as a community to manage the threat posed by returning fighters.

Indicators of Mobilization to Violence (IMV) a Canadian Government Approach

Extremist radicalization and mobilization to engage in terrorist activities are complex processes. CSIS has long understood that all who radicalize do not engage in violent activity. Some do not have the opportunity, means or commitment to put their ideas into action. In light of the terrorist attacks in Ottawa and Saint-Jean-sur-Richelieu in 2014 - followed by the surge in extremist travellers who left Canada for Syria and Iraq - CSIS updated and enhanced its use of structured analytics to better detail the patterns and evolution of threat activities observed amongst Al Qaeda/Daesh-inspired violence. This research provides an enhanced perspective on concrete activities which signal intent, capability and planning and preparation of individuals mobilizing to terrorism. In cooperation with the RCMP, perspectives and best practices resulting from this research were shared with frontline law enforcement and national security practitioners to aid in assessing whether an individual is radicalized and/or mobilizing to terrorism.
These findings were published by CSIS in the report Mobilization to Violence (IMV)/ Terrorism Research: Key Findings.

Right-Wing Extremism

Extremism can stem from a complex range of ideologies. CSIS works closely on the threat of violent right-wing extremism with domestic and international partners, including the law enforcement community.

Right-wing extremism is driven by hatred and fear and comprises a complex range of individuals, subcultures and online communities. These individuals and groups cultivate grievances on issues as varied as gender, race, religion, sexual orientation and immigration. Rather than openly promoting outright violence, some of those holding extreme right-wing views often attempt to create a culture of fear, hatred and mistrust by exploiting real or imagined concerns when addressing an online audience. In doing so, they attempt to legitimise their beliefs and move from the fringes of society to the mainstream.

Social media is transnational by nature and allows not only individuals from within the milieu to share their extreme right-wing views but also their modus operandi and details of attacks thus inspiring others to conduct their own. They may find inspiration from international terrorist attacks and adopt similar low-sophistication tactics (vehicle ramming, firearms, etc.).

Canada has experienced several violent attacks since 2014, perpetrated by individuals influenced in whole or in part by right-wing extremism. Examples include the shooting of three RCMP officers in Moncton in 2014, the shooting at the Islamic Cultural Centre of Quebec City in January 2017 and the April 2018 van attack in Toronto. The recent attacks in New Zealand highlight that our partners are also facing similar, growing threats. Since 2014, all Five Eye partners have experienced violent attacks or plots perpetrated by individuals influenced, in whole or in part, by their extreme right-wing views.

CSIS continues to engage government and law enforcement partners on the right-wing extremism landscape and emerging threats and continues to provide extensive analytical advice. CSIS has increased its posture to gain a better understanding of the landscape in Canada, gain insight into the key players and assess the nature of the current threat environment.

The International Terrorism Landscape and Implications for Canada

Despite the collapse of Daesh in Iraq and Syria, they continue to dominate the landscape in the Middle East, where Al Qaeda or Al Qaeda-aligned-groups and Hizballah also operate, and in Asia and Africa. In Yemen, both Al Qaeda in the Arabian Peninsula (AQAP) and Daesh have continued to take advantage of the civil conflict there, making effective use of vast lawless areas to expand their ranks and enhance their capabilities. In West Africa, Northern Mali remains the epicenter of terrorist activities, where violent extremist organizations aligned with Daesh and Al Qaeda have increased the frequency and the complexity of their attacks throughout the Sahel. For example Al Qaeda in the Islamic Maghreb (AQIM) and affiliated groups have aggressively targeted Western interests in a series of attacks against hotels and restaurants popular with Westerners in Mali, Burkina Faso, and Côte d’Ivoire, killing over 60 people, including at least eight Canadians in two attacks. Canadians in this region continue to face a high likelihood of being kidnapped or targeted in terrorist attacks. For example, a Canadian worker died in an attempted kidnapping at a mining site in Burkina Faso, which was later claimed by Daesh.

AQ’s Malian affiliate, Jamaat Nusrat Al Islam Wal Muslimin (JNIM), perpetrated complex, coordinated attacks against the French embassy and the Chief of Defence Staff Headquarters in Ouagadougou. In East Africa, AQ-aligned Al Shabaab remains the dominant terrorist group in the horn of Africa and continues to pose a major threat to regional stability, conducting a terror attack in Mogadishu that killed over 500 people. However, Daesh-Core’s global reach makes Daesh-Somali supporters a growing threat to Canada’s national security, particularly as some Al Shabaab supporters and sympathizers shift their allegiance to Daesh.

Daesh has also established and strengthened links with regional groups in Southeast Asia. Through online activity, Daesh radicalized and inspired supporters across Asia to conduct attacks in Bangladesh, Indonesia and the Philippines. In the Philippines, Daesh conducted a siege of Marawi City which lasted six months. The cohesion and cooperation of Daesh militants in the Philippines was largely unanticipated. A Canadian extremist perpetrated a Daesh-style, directed terrorist attack at a bakery in Dhaka, Bangladesh.

Espionage and Foreign Influenced Activities

As part of its mandate, CSIS investigates and advises the Government of Canada on threats posed by espionage and foreign influenced activities. These threats continue unabated and, in some areas, are increasing. Canada’s advanced and competitive economy as well as its close economic and strategic partnership with the United States makes it an ongoing target of hostile foreign state activities. Furthermore, Canada’s status as a founding member of the North Atlantic Treaty Organization (NATO), as well as participation in a number of other multilateral and bilateral defence agreements, makes it an attractive espionage target.

Canadian interests can be damaged by espionage activities through the loss of sensitive and/or proprietary information or leading-edge technologies, and through the unauthorized disclosure of classified government information. A number of foreign states continue to covertly gather political, economic and military information in Canada.

Taking advantage of the increasingly interconnected nature of today’s digital world, foreign state actors have capitalized on computer network exploitation, using cyber tools to compromise computer networks and steal sensitive information on an unimaginable scale. These cyber intrusions can result in the theft of a significant amount of sensitive information to the serious detriment of Canada’s economic and strategic interests. They can also lead to the loss of the personal data of Canadians. Beyond the world of cyber-espionage, computer network exploitation has also become an important tool supporting interference activities.

Foreign governments also continue to use their state resources and their relationships with private entities in order to conduct foreign-interference activities in Canada. These activities are carried out in a clandestine or deceptive manner or involve a threat, and target communities or democratic processes in this country. Foreign powers have covertly monitored and intimidated diaspora groups in order to fulfil their strategic and economic objectives. In many cases, influence operations are meant to support foreign political agendas, a cause linked to a conflict abroad, or to deceptively influence Government of Canada policies, officials, or democratic processes. These activities continue to constitute a significant threat to Canada’s national security and strategic interests.

Protecting our Democratic Institutions

Democratic institutions and processes, including elections, of nations worldwide are vulnerable and have become targets for international actors. Foreign threat actors, most notably hostile states and state-sponsored actors, are targeting Canada’s democratic institutions and processes. While Canada’s electoral system is strong, threat actors have sought to target its politicians, political parties, elections, and its media outlets in order to manipulate the Canadian public and interfere with Canada’s democracy. Certain states can seek to manipulate and misuse Canada’s electoral system to further their own national interests, while others may seek to discredit key facets of Canada’s democratic institutions to reduce public confidence in the democratic system.

The Government of Canada recently announced its plan to safeguard Canada’s upcoming 2019 election. In order to determine the nature of these threats, CSIS conducts investigations against specific threat actors who are believed to be targeting Canada through clandestine or deceptive means, or via the involvement of a threat to a person. As part of its mandate, CSIS is responsible for advising the Government of Canada on threat related activities. As a member of the Security and Intelligence Threats to Election (SITE) Task Force, CSIS works closely with Canadian partners, including the Communications Security Establishment, Royal Canadian Mounted Police, and Global Affairs Canada, and our international allies and partners, to share information on election security.

Economic Security

There has been a noticeable increase in economic espionage in Canada. Hostile foreign intelligence services or people who are working with tacit or explicit support of foreign states gather political, economic, commercial, or military information through clandestine means here in Canada.

Foreign states have engaged in espionage activities targeting Canada in order to fulfil their economic and security development priorities. This type of espionage has had ramifications for Canada, including lost jobs, corporate and tax revenues, and a diminished competitive advantage. Canadian commercial interests abroad are also targets of espionage activities, and Canadian entities in some foreign jurisdictions are beholden to intrusive and extensive security requirements.

With its economic wealth, open business environment and advanced infrastructure, Canada offers attractive prospects to foreign investors. While much of the foreign investment in Canada is carried out in an open and transparent manner, a number of state-owned enterprises (SOEs) and private firms with close ties to their government and/or intelligence services have pursued corporate acquisition bids in Canada, raising national security concerns. Corporate acquisitions by these entities pose potential risks related to vulnerability of critical infrastructure, control over strategic sectors, espionage and foreign influence activities, and illegal transfer of technology and/or expertise. CSIS expects that national security concerns related to foreign investments in Canada will continue, owing to the increasingly prominent role of SOEs and state-linked private entities in the economic strategies of some foreign governments.

As difficult as it is to measure, this damage to our collective prosperity is very real and is the reason more and more governments are beginning to openly discuss the changing security landscape with their businesses, their universities, and the general public. The national security community and the business community have a shared interest in raising public awareness of the scope and nature of state-sponsored espionage against Canada, and of its potential effect on our economic growth and ability to innovate.

CSIS continues to investigate and identify the threats that espionage and foreign influenced activities pose to Canada’s national interests, and works closely with domestic and international partners in order to address these threats.

Cyber Threats to National Security

Cyber-espionage, cyber-foreign-influenced activities, and cyber-terrorism pose significant threats to Canada’s national security, its interests, as well as its economic stability.

Cyber threat actors conduct malicious activities in order to advance their political, ideological and economic interests. They seek to compromise both government and private sector computer systems by utilizing new forms of technology, taking advantage of existing security gaps, and a general lack of cyber security awareness on the part of users. Such activities are collectively referred to as “Computer Network Operations”, or CNOs. State-sponsored entities and terrorists alike are using CNOs directed against Canadian interests, both domestically and abroad. Canada remains both a target for malicious cyber activities, and a platform from which hostile actors conduct CNOs against entities in other countries.

Computer Network Operations

CNOs can be classified as either espionage-related, when their aim is to covertly acquire information without their victim’s knowledge, or as true “cyber-attacks”, when they are intended to cause disruption of services and/or damage to property and their victim is aware of their effects, though not necessarily the identity of the perpetrator.

State-sponsored cyber threat-actors use CNOs for a wide variety of purposes with the main goal of breaching the confidentiality of information, impacting the integrity of data or information databases or impacting the availability of information. These could include: disrupting critical infrastructure and services; interfering in elections; and, conducting disinformation campaigns, as well as stealing intellectual property and trade secrets. In addition, non-state actors such as terrorist groups also conduct CNOs in order to further their ideological objectives. Examples of such activity include website defacement and the release of personal identity information.

Canada’s National Cyber Security Strategy views cyber security as an essential element of Canadian innovation and prosperity. CSIS, along with partners, particularly the Communications Security Establishment (CSE), plays an active role in shaping and sustaining our nation’s cyber resilience through collaborative action in responding to evolving threats of malicious cyber activity. While CSE and CSIS have distinct and separate mandates, the two agencies share a common goal of keeping Canada, Canadians and Canadian interests safe and secure. In today’s global threat environment, national security must be a collaborative effort. As part of their mandate, CSE’s role is to protect computer networks and electronic information of greatest importance to Canada, helping to thwart state-sponsored or criminal cyber threat activity on our systems. In responding to cyber threats, CSIS carries out investigations into cyber threats to national security as outlined in the CSIS Act. By investigating malicious CNOs, CSIS can uncover clues that help profile cyber threat actors, understand their methods and techniques, identify their targets of interest, and advise the Government of Canada accordingly.

Security Screening

Through its Government Security Screening and Immigration and Citizenship Screening programs, CSIS serves as the first line of defence against terrorism, extremism, espionage and the proliferation of weapons of mass destruction.

The Government Security Screening (GSS) program conducts investigations and provides security assessments to address threats to national security. The assessments are a part of an overall assessment and assist Government departments and agencies when deciding to grant, deny or revoke security clearances. Decisions related to the granting, denying or revoking of a security clearance lies with the department or agency, not with CSIS.

GSS also conducts screening to protect sensitive sites from national security threats, including airports, marine and nuclear facilities. It assists the RCMP by vetting Canadians and foreign nationals who seek to participate in major events in Canada, such as G7 meetings and royal visits. It provides security assessments to provincial, foreign governments and international organizations when Canadians seek employment requiring access to sensitive information or sites in another country. All individuals subject to government security screening must provide consent prior to being screened.

The Immigration and Citizenship Screening (ICS) program conducts investigations and provides security advice to the Canada Border Services Agency (CBSA) and Immigration, Refugees, and Citizenship Canada (IRCC) regarding persons who might represent a threat to national security. Through this program, CSIS provides security advice on permanent residence and citizenship applicants; persons applying for temporary resident visas; and persons applying for refugee status in Canada. Decisions related to admissibility into Canada, the granting of visas or the acceptance of applications for refugee status, permanent residence and citizenship rest with IRCC.

Statistics

Immigration and Citizenship Screening Programs
Requests received*	2016-2017	2017-2018
Permanent resident applications	58,500	43,400
Refugees (front-end screening)**	20,100	37,700
Citizenship applications	93,000	166,500
Temporary resident applications	52,000	58,400
Total	222,600	306,000

*Note: Figures have been rounded
** Individuals claiming refugee status in Canada or at ports of entry

Government Screening Programs
Requests received*	2016-2017	2017-2018
Federal government departments	58,400	63,900
Site access
Free and Secure Trade (FAST)	13,900	8,600
Transport Canada (Marine and Airport)	47,200	47,900
Parliamentary precinct	1,900	2,600
Nuclear facilities	14,500	10,300
Provinces	210	220
Others	4,200	3,800
Foreign screening	520	530
Special events accreditation	3,300	2,600
Total	144,130	140,450

* Figures have been rounded

Page details

Date modified:: 2019-06-21

Language selection

Search