The Threat Environment

Espionage and Foreign Interference

As a core part of its mandate, CSIS investigates and advises the Government of Canada on threats posed by espionage and foreign influence activities. The CSIS Act defines foreign influence activities that are “detrimental to the interests of Canada and are clandestine or deceptive, or involve a threat to any person.” These activities are also commonly referred to as foreign interference, and are almost always conducted to further the interests of a foreign country using both state and non-state entities, including state proxies and co-optees. These activities are directed at Canadian entities both inside and outside of Canada, and directly threaten national security.

In the midst of the COVID-19 pandemic, espionage and foreign interference threats continue to persist and, in some areas, are increasing. Canada’s advanced and competitive economy, and its close economic and strategic partnership with the United States, makes it an ongoing target of hostile foreign state activities. Similarly, Canada’s efforts to protect and enhance the international rules-based system and to work with key partners on significant foreign policy issues of concern as well as its status as a founding member of the North Atlantic Treaty Organization (NATO) and its participation in a number of bilateral and multilateral defence and trade agreements, makes it an attractive target for espionage and foreign interference.

Canadian interests can be damaged by espionage activities through the loss of sensitive and proprietary information or leading-edge technologies, and through the unauthorized disclosure of classified and sensitive government information. While federal, provincial, and municipal levels of Canadian government are of interest, foreign states such as the People’s Republic of China and Russia also target non-governmental organizations in Canada — including academic institutions, the private sector, and civil society. In 2020, the People’s Republic of China, Russia, and other foreign states continued to covertly gather political, economic, and military information in Canada through targeted threat activities in support of their own state development goals. To accomplish this, these states take advantage of the collaborative, transparent, and open nature of Canada’s government, economy and society, often using “non-traditional collectors” including those with little to no formal intelligence training – such as researchers, private entities, and other third parties – to collect information and expertise of value on behalf of the state.

Foreign governments also continue to use their state resources and their relationships with private entities to conduct clandestine, deceptive, or threatening foreign interference activities in Canada. In many cases, these clandestine influence operations are meant to support foreign political agendas or to deceptively influence Government of Canada policies, officials, or democratic processes. An example of significant concern are activities by threat actors affiliated with the People’s Republic of China that seek to leverage and exploit critical freedoms that are otherwise protected by Canadian society and the Government in order to further the political interests of the Communist Party of China.

Foreign powers have attempted to covertly monitor and intimidate various Canadian communities in order to fulfil their strategic and economic objectives. When engaging in such activities, foreign states target members of vulnerable communities and groups who often lack the means to protect themselves. These communities often fear state-backed or state-linked retribution targeting both themselves and possibly their loved ones in Canada and abroad. When community groups in Canada are subjected to such harassment, manipulation, or intimidation by foreign states that are either seeking to gather support or mute criticism of their policies, these activities constitute a threat to Canada’s sovereignty and to the safety of Canadians. Furthermore, by aggressively conducting such activities, foreign actors have shown disregard for Canadian government institutions and their mandates to keep Canada and Canadians safe.

On 8 January, 2020, the Ukraine International Airlines Flight PS752 was shot down near Tehran, killing all 176 passengers and crew onboard, including 55 Canadian citizens and 30 Canadian permanent residents. Since then, CSIS has supported Government of Canada initiatives on this priority file. There are credible reports of several Canada-based relatives of Flight PS752 victims having experienced harassment and intimidation from threat actors linked to proxies of the Islamic Republic of Iran. This activity may constitute foreign interference.

While foreign interference conducted by hostile state actors and their proxies most often occurs in the form of human interaction, the manipulative activities of foreign entities on a range of online social media platforms are increasingly of concern. Most recently, such state-sponsored manipulation, including through disinformation, has sought to reshape or undermine certain narratives to sow doubt about the origins of the coronavirus and pandemic as well as the means required to counter it; discredit democratic responses to COVID-19 while casting their own responses as superior; and erode confidence in Canada’s values of democracy and human rights. Russia and Russian Intelligence Services have, for example, been actively engaged in disinformation campaigns since March 2020 in an effort to blame the West for the COVID-19 pandemic. This is part of a broader campaign to discredit and create divisions in the West, promote Russia’s influence abroad, and push for an end to Western sanctions.

CSIS will continue to investigate and identify the threats that espionage and foreign interference pose to Canada’s national interests, and will work closely with domestic and international partners to address them.

Protecting Democratic Institutions

Democratic institutions and processes around the world, including elections, have increasingly become the targets of foreign threat actors. Canada’s role as a middle power with the ability to influence like-minded allies and liberal multilateral institutions makes its democratic institutions and processes an especially attractive target. Although Canada’s electoral system is strong, threat actors have sought to target its politicians, political parties, elections, and media outlets in order to manipulate the Canadian public and interfere with Canada’s democracy. Certain states may seek to manipulate and misuse Canada’s electoral system to further their own national interests; others may seek to discredit key facets of Canada’s democratic institutions to reduce public confidence in the democratic system.

Among the safeguards put in place to protect Canada’s democracy and elections was the creation of the Security and Intelligence Threats to Election (SITE) Task Force. As an active partner in SITE, CSIS works closely with the Communications Security Establishment (CSE), the Royal Canadian Mounted Police (RCMP), Global Affairs Canada (GAC), and the Privy Council Office (PCO) to share information on election security.

Economic Security

Prior to 2020, the use of economic activities by hostile state actors to harm Canada’s national security interests was already a priority for CSIS. The COVID-19 pandemic has accelerated these efforts. Throughout 2020, and especially since March, foreign threat actors – including hostile intelligence services and those working on their behalf – have sought to exploit the social and economic conditions created by the pandemic to gather valuable political, economic, commercial, academic, scientific, and military information. Moreover, these threat actors engaged in covert, deceptive foreign interference activities to advance their own pre-pandemic strategic interests. These threats often involve traditional and non-traditional methods of intelligence collection, including human or cyber-espionage, foreign investment, manipulation of imports and exports, exploitation of licences and rights, and attacks on knowledge such as academic espionage.

CSIS continues to collect intelligence and advise government partners on threats to Canada’s national security and prosperity interests. For example, in April 2020 the Government of Canada issued its Policy Statement on Foreign Investment Review and COVID-19, which committed to ensuring that inbound investment during the pandemic would not introduce new risks to Canada’s economy, national security, or the health and safety of Canadians. CSIS played a key role in providing additional national security scrutiny to investments related to public health or the supply of critical goods and services, as well as enhanced scrutiny of any investments by, or under the influence of, foreign governments. These enhanced efforts are expected to continue until the economy recovers from the effects of the COVID-19 pandemic.

Cyber threats

Cyber-espionage, cyber-sabotage, cyber-foreign influence and cyber-terrorism pose significant threats to Canada’s national security, its interests and its economic stability. Canada remains a target for malicious cyber activities and a platform from which hostile actors attempt computer network operations (CNOs) against entities in other countries. The increasing interconnectedness of the world presents cyber actors with more opportunities than ever to conduct malicious activity. The dramatic rise of individuals working from less secure home office environments due to the pandemic significantly increases the risk of sensitive information and networks being exposed to malicious cyber activity.

Cyber actors conduct malicious activities to advance their political, economic, military, security, and ideological interests. They seek to compromise both government and private sector computer systems by manipulating their users or exploiting security vulnerabilities. New and emerging technologies such as artificial intelligence offer threat actors potential new ways to compromise computer systems. State-sponsored cyber threat actors use CNOs to steal intellectual property or trade secrets, or to achieve geopolitical objectives through the disruption of critical infrastructure and vital services, interference with elections, or to conduct disinformation campaigns. In 2020, a cyber espionage group linked to Russian intelligence services conducted CNOs directed towards Canadian, British, and American-based organizations that were involved in COVID-19 response and recovery efforts. These malicious cyber activities were believed to be an attempt to steal information and intellectual property related to the development and testing of COVID-19 vaccines. Of similar concern, non-state actors, including terrorist groups, have also attempted to conduct CNOs to further their ideological objectives, such as recruiting supporters, spreading propaganda, or encouraging violence against specific individuals or groups.

Threat actors have also compromised third-party vendor software or equipment in order to conduct cyber-operations against that vendor’s clients. In 2020, a state-sponsored cyber threat actor modified an update mechanism for a popular brand of network management software which allowed the actor to gain covert access to thousands of government and private sector networks around the world. The effect of this kind of attack is profound.

Canada’s National Cyber Security Strategy views cyber security as an essential element of Canadian innovation and prosperity. CSIS plays an active role in shaping and sustaining our nation’s cyber resilience through collaborative action with partners to respond to evolving threats of malicious cyber activity. While CSIS, the Communications Security Establishment (CSE), the Royal Canadian Mounted Police (RCMP), and other key government partners have distinct and separate mandates, they share a common goal of keeping Canada, Canadians, and Canadian interests safe and secure online. In today’s global threat environment, national security – including cyber security – must be a collaborative effort. In responding to cyber threats, CSIS carries out investigations into cyber attacks to national security as outlined in the CSIS Act. By investigating malicious CNOs, CSIS can uncover clues that help profile cyber threat actors, understand their methods and techniques, identify their targets of interest, and advise the Government of Canada accordingly.

Counter Proliferation

Several foreign states continue their clandestine efforts to procure a range of sensitive, restricted, and dual-use technologies and goods in Canada. These technologies and goods can be used to develop weapons of mass destruction (WMD) programs and associated delivery vehicles. 

In August 2020, evidence indicates that Russian state threat actors used a nerve agent of the Novichok group to poison leading Russian opposition figure, Alexei Navalny. This attack contravened international norms prohibiting the use of chemical weapons and was strongly condemned by the Government of Canada. The event is also particularly troubling as it represents another instance of Russian state actors using chemical weapons to stifle dissent.

Ideologically Motivated Violent Extremism

Since 2014, Canadians motivated in whole or in part by their extremist ideological views have killed 21 people and wounded 40 others on Canadian soil – more than religiously motivated violent extremism (RMVE) or politically motivated violent extremism (PMVE). In early 2020, for example, a Canadian minor motivated by the involuntary celibate (Incel) ideology was charged under the terrorism provisions of the Criminal Code.

Proponents of ideologically motivated violent extremism (IMVE) are driven by a range of influences rather than a singular belief system. IMVE radicalization is more often caused by a combination of ideas and grievances resulting in a personalized worldview that is inspired by a variety of sources including books, videos, online discussions, and conversations. The resulting worldview often centres on the willingness to incite, enable or mobilize to violence. These individuals and cells often act without a clear affiliation to a specific organized group or external guidance, but are nevertheless shaped by hateful voices and messages online that normalize and advocate violence.

The COVID-19 pandemic has exacerbated xenophobic and anti-authority narratives, many of which may directly or indirectly impact national security considerations. Violent extremists continue to exploit the pandemic by amplifying false information about government measures and the virus itself on the internet. Some violent extremists view COVID-19 as a real but welcome crisis that could hasten the collapse of Western society. Other violent extremist entities have adopted conspiracy theories about the pandemic in an attempt to rationalize and justify violence. These narratives have contributed to efforts to undermine trust in the integrity of government and confidence in scientific expertise. While aspects of conspiracy theory rhetoric are a legitimate exercise in free expression, online rhetoric that is increasingly violent and calls for the arrest and execution of specific individuals is of increasing concern.

In 2020, CSIS has assessed that threat narratives within the IMVE space have evolved with unprecedented multiplicity and fluidity. Broadly speaking, IMVE conspiracy theories are often influenced by decentralized online trends and communities of extremist influencers who interpret local, national and international events through a radical lens. These broader narratives are often individualized by extremists and are impacted by perceived concerns regarding economic well-being, safety and security, the COVID-19 pandemic or other special events.

Violent Extremism
Long description of infographic : Violent Extremism
  1. Religiously Motivated Violent Extremism (RMVE)
  2. Politically Motivated Violent Extremism (PMVE)
  3. Ideologically Motivated Violent Extremism (IMVE)
    Categories of IMVE:
    1. Xenophobic violence; racially-motivated violence, ethno-nationalist violence.
    2. Anti-authority violence; anti-government /law enforcement violence, anarchist violence.
    3. Gender-driven violence; violent misogyny (including Incel), anti-LGBTQ violence.
    4. Other grievance-driven and ideologically motivated violence

Politically Motivated Violent Extremism

Politically motivated violent extremism (PMVE) encourages the use of violence to establish new political systems, or new structures and norms within existing systems.

Religiously Motivated Violent Extremism

Religiously motivated violent extremism (RMVE) encourages the use of violence as part of a spiritual struggle against a perceived immoral system. Followers believe that salvation can only be achieved through violence. 

While there were no RMVE inspired attacks that occurred in Canada during 2020, the threat remains as these attacks can be planned and executed swiftly with little warning. RMVE-inspired attacks tend to be low in sophistication, and can involve firearms or another device, weapon, or tool that can cause maximum damage in a crowded public venue. CSIS assesses that the COVID-19 pandemic has not disrupted online RMVE narratives. In fact, as a result of individuals spending more time online and therefore potentially becoming more exposed to online messaging, CSIS assesses that COVID-19 has potentially increased the threat of RMVE radicalization among certain threat actors.

Canadian Extremist Travellers

The Government of Canada continues to monitor and respond to the threat of Canadian extremist travellers (CETs). CETs are individuals who have a nexus to Canada through citizenship, permanent residency, or valid visa and are suspected of having travelled abroad to engage in terrorism-related activities. CETs, including those abroad and those who return, pose a wide range of security concerns for Canada.

Due to the effects of the COVID-19 pandemic, the number of CETs has remained relatively stable over 2020. CSIS is aware of CETs who have travelled to Turkey, Syria, and Iraq, as well as Afghanistan, Pakistan, and parts of North and East Africa. These individuals have left Canada to support and facilitate extremist activities and, in some cases, directly participate in violence. Similarly, the number of individuals with a nexus to Canada who engaged in extremist activities abroad and have returned to Canada has also remained stable.

Since 2011, the conflict in Syria and Iraq has attracted unprecedented numbers of extremists to fight overseas. However, since the decline of the so-called Caliphate in 2017, many of these individuals have been killed or are currently being detained in internally displaced persons (IDP) camps or prisons. Roughly half of the detainees are women with children. Since the onset of the global COVID-19 pandemic, the movement of CETs in Turkey, Syria, and Iraq has been curtailed due to enhanced border and travel restrictions.

Five Eyes partners, including the Australian Security Intelligence Organisation, have recently noted that, for the first time, an Ideologically Motivated Violent Extremist was prevented from travelling offshore to fight on a foreign battlefield due to passport cancellation based on an adverse security assessment. This example further demonstrates the complexity of extremist travellers as these threat actors can transcend multiple violent extremist groups and movements.

CSIS is aware of the serious threat posed by CETs who return from conflict zones. The range of training and operational experience they acquire while abroad and the unique environment to which they have been exposed make CETs an especially dangerous threat to the security of Canada. While the pandemic degraded the possibility of CETs returning to Canada, CSIS and other Government of Canada departments and agencies remain engaged as a community to collectively manage the possible threat posed by returning Canadian extremists.

International Terrorism

The al-Qaida network suffered significant leadership losses in 2020 with the assassination of its deputy leader and the elimination of other regional leaders in the Arabian Peninsula (AQAP), Islamic Maghreb (AQIM), and Hurras ad-Din (HAD). The conditions of the February 2020 agreement between the United States and the Taliban also place restrictions on al-Qaida activity in Afghanistan. Despite the death of the AQIM emir in June 2020, al-Qaida remains resilient in West Africa where affiliates maintain influence in central and northern areas of Mali. Frequent international military operations targeting al-Qaida affiliate, Al Shabaab, have not prevented the group from expanding its geographic area of control in Somalia nor limited its capabilities to carry out attacks against both soft and hard targets. While al-Qaida-affiliated and aligned groups in Africa as well as the Middle East have generally had a local or regional focus, RMVE inspired attacks continue to pose a threat to Canada.

Following the loss of its physical territory in 2019, Daesh prioritized its rural-based insurgencies in Syria and Iraq with the intent of expanding into urban centres. This is a conditions-based rather than time-based objective that may be connected to future withdrawals of US-led coalition forces. Daesh has successfully exploited the pandemic to surge attacks regionally and internationally with successive attack campaign messaging.

The online threat environment became increasingly decentralized and fragmented since Daesh’s loss of physical territory in 2019 and remained so in 2020. Certain social media platforms remained popular for propaganda dissemination however, other niche platforms have since emerged where CSIS has observed activity driven by the creativity and persistence of Daesh supporters rather than by Daesh media officials. There is an apparent increase in propaganda that has been developed by media personnel with no formal affiliation to Daesh. This propaganda ranges from calls for attacks against domestic targets to videos celebrating and promoting Daesh, and serves to fill gaps left by a decrease in official Daesh media, thereby augmenting and amplifying official Daesh messaging as part of a robust online RMVE narrative.

CSIS assesses that the primary threat posed by Daesh to Western countries, including Canada, continues to be violent extremist attacks, inspired by online propaganda in parallel to Daesh’s insurgencies.


Both al-Qaida and Daesh affiliates continued to conduct attacks on Western interests throughout West and East Africa. The loss of physical territory in Iraq and Syria has not impacted the spread of Daesh affiliates in Africa. The porous nature of African borders, coupled with the ineffectiveness of many regional counterterrorism (CT) forces, allows affiliates to establish bases of operations in ungoverned spaces outside capital cities. There remains a significant threat to Canadians who work or travel in these regions as they may fall victim to an attack or an opportunistic kidnap for ransom operation. Al-Qaida affiliate Jamaat Nusrat al-Islam Wal Muslimin (JNIM) continues to destabilize Mali, Niger and Burkina Faso with frequent and complex attacks. Al-Qaida-aligned al-Shabaab remains the dominant terrorist group in the Horn of Africa and has not been hampered by military activities by the United States and other foreign partners. Daesh affiliates in the Greater Sahara, West, Central, and East Africa have conducted successful attacks against regional CT forces. Daesh is focused on expanding and aligning with jihadist groups across East Africa, most notably in Somalia, the Democratic Republic of the Congo, and Mozambique. Due to the global reach of al-Qaida and Daesh, both groups continue to pose an ongoing threat to Canada’s national security.

Afghanistan and Pakistan

In late February 2020, the United States and the Taliban signed an agreement that laid out the conditions for a full withdrawal of Coalition forces from Afghanistan by May 2021. This withdrawal is conditional on the Taliban’s participation in the Afghan Peace Negotiations, an end to Taliban attacks on foreign forces, and the Taliban’s commitment not to cooperate with al-Qaida and other non-Afghan militant groups – or permit the use of Afghan territory to attack the United States or its allies. The Coalition intervention in Afghanistan that followed the September 11, 2001, terrorist attacks – and involved a Canadian military force from 2002 to 2014 that peaked at over 2,000 personnel – is drawing to a close.

As of late 2020, the Taliban controlled or dominated large parts of Afghanistan and maintained a presence in Pakistan. Since the Afghan government is determined not to become a theocracy or abandon the economic, political, and social progress made since 2002, the conflict will likely continue in 2021, intensifying the situation for the people of Afghanistan, its regional security, and Canadian interests in the region.

Many non-Afghans, including al-Qaida- and Daesh-aligned foreign fighters, remain active in the region. The Islamic State of Khorasan Province (ISKP) has become the most active Daesh affiliate outside of Syria and Iraq. ISKP has successfully launched high-profile lethal attacks in Afghanistan, including against a prison on August 2-3, 2020, to release hundreds of its imprisoned members. COVID-19, the Taliban, and Coalition Forces have thus far been unsuccessful in disrupting ISKP.

Security Screening

Through its Government Security Screening and Immigration and Citizenship Screening programs, CSIS serves as the first line of defence against violent extremism, espionage, and other threats to national security.

The CSIS Government Security Screening (GSS) program conducts investigations and provides security assessments or advice on a wide range of threats to national security. The security assessments are one part of an overall evaluation and assist government departments and agencies when deciding to grant, deny, or revoke security clearances. Decisions related to the granting, denying, or revoking of a security clearance lies with the department or agency and not with CSIS.

The GSS also conducts screening to protect sensitive sites from national security threats, including but not limited to airports, marine, and nuclear facilities. It assists the RCMP by vetting Canadians and foreign nationals who seek to participate in major events in Canada. Finally, it provides security assessments to provincial and foreign governments, in addition to international organizations, when Canadians seek employment requiring access to sensitive information or sites in another country. All individuals subject to government security screening do so voluntarily.

The CSIS Immigration and Citizenship Screening (ICS) program conducts investigations and provides security advice to the Canada Border Services Agency (CBSA) and Immigration, Refugees, and Citizenship Canada (IRCC) regarding persons who might represent a threat to national security. Through this program, CSIS provides security advice on permanent residence and citizenship applicants; persons applying for temporary resident visas; and persons applying for refugee status in Canada. Decisions related to admissibility into Canada, the granting of visas, or the acceptance of applications for refugee status, permanent residence, and citizenship rest with IRCC.

Immigration and Citizenship Screening Programs
Requests received* 2019-2020
Permanent Resident Inside and Outside Canada 18,900
Refugees (Front-End Screening**) 46,400
Citizenship 216,800
Temporary resident 43,300
Total 324,500
Government Screening Programs
Requests received* 2019-2020
Federal government departments 75,500
Free and Secure Trade (FAST) 18,100
Transport Canada (Marine and Airport) 52,100
Parliamentary precinct 2,400
Nuclear facilities 10,600
Provinces 240
Others 2,700
Foreign screening 570
Special events accreditation 5,000
Total 167,210

*Note: Figures have been rounded
** Individuals claiming refugee status in Canada or at ports of entry

Page details

Date modified: