Intelligence in a Digital Era
CSIS's Role in Cyber
In 2021, CSIS continued to collect and analyse cyber intelligence further to its mandate to advise the Government of Canada on espionage, sabotage and foreign influenced activities but with a lens towards digital networks. In particular, CSIS investigates cyber activity which may pose a threat to Canada’s national interests, cyber espionage, cyber sabotage, and cyber foreign influenced activity.
To investigate these threats, CSIS utilizes its powers outlined in the CSIS Act, such as warrants and threat reduction measures, in addition to liaising closely with foreign intelligence partners as well as with public and private sector entities. CSIS also works closely with its trusted Government of Canada partners who each have distinct and separate cyber mandates, though share a common goal of keeping Canada, Canadians, and Canadian interests safe and secure online. These partners include the Communication Security Establishment (CSE) – responsible for foreign signals intelligence, the Canadian Centre for Cyber Security (Cyber Centre) – responsible for safeguarding government systems and mitigation and technical guidance for cyber attacks against critical infrastructure and other levels of government, and the Royal Canadian Mounted Police (RCMP) – responsible for the prosecution of cyber criminals.
With all of this information, CSIS helps to identify malicious cyber actors, learn their methods and techniques, find their targets of interest, and define their motivations and goals; it then advises the Government of Canada accordingly.
As more Canadians utilize a growing number of internet-connected devices, such as smart home security systems and medical devices, new vectors of attack are available to state and non-state actors to conduct, as well as disguise, their hostile cyber operations. Future smart city platforms will almost certainly expand the cyber attack surface, and may introduce new vulnerabilities in sectors across the board, including those providing vital services.
In addition, emerging technologies such as artificial intelligence, quantum computing, and big data are radically transforming science and the future of how we will live and function. These technologies offer revolutionary advancements that will have a transformative impact on society. However, they can also have disruptive impacts on Canada’s national interests if weaponized or used to facilitate intelligence collection by Canada’s adversaries.
CSIS is constantly adapting to investigate new threat actors and activities that emanate from the rapid change in technology.
CSIS has always had to adapt its operations to respond to new technologies, emerging threats, and geo-political developments. Enacted in 1984, the CSIS Act was a modern, flexible, and forward-looking statute that enabled CSIS for many years, to adapt to the threats facing Canada and Canadians. But the world is not as it was in 1984; technology is now ubiquitous, and has changed the threats facing Canada, the privacy and legal landscape, and how CSIS conducts its national security investigations. In 2021, the CSIS Act is showing its age, and requires modernization to equip CSIS to adapt to future threats and capabilities.
The CSIS Act has never been comprehensively reviewed, and has not adequately evolved to meet the challenges of today’s complex global threat environment. Even with the significant amendments of the National Security Act, 2017, technological evolution, the relevance of bulk data, growing diversity and sophistication of threat activities, and additional legal decisions have further exposed the limitations of the CSIS Act in 2021.
Technological advances have radically changed individual Canadians’ expectations of privacy, which require appropriate protection. While judicial authorization is one way to mitigate the privacy impact of certain activities, CSIS has a one-size-fits-all warrant authority. Originally designed to intercept phone calls on a landline, this authority does not have the flexibility necessary to meet CSIS’s needs in an evolving privacy landscape. A growing range of less-intrusive techniques may require additional privacy protections but not those of traditional warrant powers. For example, information that used to be easily collected from public sources, such as phone books, today presents a privacy intrusion because of the ways our cellphone or online identifying information can reveal insights about our lifestyles and habits. Yet this basic investigative building block requires CSIS to exhaust other means of collecting the information first before applying for the same warrant as the most intrusive investigative techniques.
Much has changed in the nearly 40 years since 1984, but what has remained the same is the need to balance the protection of national security with the protection of individual rights. CSIS has always had robust mechanisms to ensure the privacy of Canadians’ is protected as it does its vital work, including with judicial oversight. New legislation in 2017 enhanced review of CSIS by both the National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians. But in a democratic society, protecting individuals’ privacy and national security cannot be a zero sum.
Canadians rightly expect that CSIS has the necessary authorities to protect Canada against today’s threats, and is equipped to face the threats of tomorrow. The reality is, however, that CSIS faces significant challenges, operating in a data-driven modern world. In order to enable CSIS to continue operating as it always has, its authorities must be suited for current realities and future needs.
As Canada prioritizes rebuilding from the pandemic, there is an opportunity to engage Canadians in a national security dialogue. There is a need for greater awareness of how the threat landscape is evolving, and how modernizing Canada’s national security legislative framework will help protect Canadians, innovation and economic investment, democratic values, and indeed, Canada’s future.
Report a problem or mistake on this page
- Date modified: