Threats to Canada's National Security
The COVID-19 Pandemic
The pandemic reinforced the importance of ‘whole of government’ responses during periods of emergency. Experts from Canada’s security and intelligence community worked closely with the Public Health Agency of Canada (PHAC), Health Canada, Public Services and Procurement Canada (PSPC), the Treasury Board Secretariat (TBS), the Canadian Armed Forces and others to support Government of Canada efforts to respond to the pandemic.
Throughout the pandemic CSIS observed persistent and sophisticated state-sponsored threat activity, including harm to individual Canadian companies, as well as the mounting toll on Canada’s vital assets and knowledge-based economy.
As a result, CSIS is working closely with government partners to ensure that as many Canadian businesses and different levels of government as possible are aware of the threat environment and that they have the information they need to implement pre-emptive security measures. CSIS’s outreach to organisations including supply chain associations and other related industry groups on the risks associated with logistics supply networks is a good example of how CSIS is reaching out to non-traditional stakeholders to ensure Canadians remain safe and Canadian interests are protected from threats.
CSIS will continue to work closely with other members of Canada’s security and intelligence community, as well as allied partners to help protect Canada’s pandemic response and targeted sectors from potential national security threats.
Foreign Interference and Espionage
As a core part of its mandate, CSIS investigates and advises the Government of Canada on threats posed by espionage and foreign influenced activities. The CSIS Act defines foreign influenced activities as activities that are “detrimental to the interests of Canada and are clandestine or deceptive, or involve a threat to any person.” These activities are also commonly referred to as foreign interference, and are almost always conducted to further the interests of a foreign state, to Canada’s detriment. Foreign interference is directed at Canadians, both inside and outside Canada and may be undertaken with the use of state or non-state entities, and can include the use of proxies and co-optees.
Foreign interference activities in Canada continue to be sophisticated, persistent, and pervasive. Active targets of these activities include institutions at all levels of government as well as private sector organizations, civil society groups, and Canadian communities. Foreign interference undermines Canada’s democratic institutions and the intimidation or coercion of communities in Canada by hostile state actors constitutes a threat to Canada’s social cohesion, sovereignty, and national security. In July 2021, CSIS issued a public report entitled “Foreign Interference: Threats to Canada’s Democratic Process” as part of ongoing efforts to protect democratic institutions and processes and to increase awareness among Canadians on this important threat. Foreign interference directed at Canada’s democratic institutions and processes, at all levels of government, can be an effective way for a foreign state to achieve its immediate, medium, and long term strategic objectives. As the world has become smaller and more competitive, foreign states seek to leverage all elements of state power to advance their own national interests and position themselves in a rapidly evolving geopolitical environment.
Foreign Interference Techniques used by Foreign State Actors
Foreign Interference Techniques used by Foreign State Actors
- Elicitation
- manipulating someone into sharing valuable and sensitive information through conversation
- Cultivation
- building a strong friendship or relationship with someone to manipulate them into providing favours and valuable information
- Coercion
- blackmailing or threatening someone to provide valuable and sensitive information or access
- Illicit and Corrupt Financing
- using someone as a proxy to conduct illicit or corrupt financing on their behalf
- Cyber Attacks
- compromising electronic devices through various means including socially-engineered emails like spear-phishing, ransomware, and malware
- Disinformation
- spreading false information on social media to amplify a particular message or provoke users to serve their own interests
During 2021, hostile activities by state actors in Canada continued to be affected by the COVID-19 pandemic. With public health restrictions in place, state actors in Canada were forced to curtail some activities, however, many adapted their techniques and methods to fit the new normal. Since March 2020, CSIS has observed increased disinformation and influence activities via social media and online platforms, with exploitation of the COVID-19 pandemic forming part of disinformation campaigns supported by hostile state actors.
Hostile intelligence services continue to target Canadians for intelligence collection and asset recruitment. As an example, in addition to traditional espionage operations, the People's Republic of China (PRC) relies on non-traditional collectors- individuals without formal intelligence training who have relevant subject matter expertise (i.e. scientists, business people), including those who are recruited via talent programs (i.e. scholarships, sponsored trips, visiting professorships, etc.) and other non-transparent means in Canada. While the PRC’s Thousand Talents Plan (TTP) is one example, academic talent plans are used by multiple states. These state-sponsored technological transfer activities exploit the collaborative, transparent, and open nature of Canada’s government, private sector and society. Other foreign interference activities include cultivating and coopting influential people to sway decision-making and control narratives on issues of interest to certain states.
State-sponsored disinformation campaigns represent one of many examples of foreign interference and hostile states have been actively spreading disinformation in an effort to discredit our government institutions, negatively impact social cohesion and gain influence for their own strategic objectives.
CSIS has also been aware of several Russian military and intelligence entities that are engaged in information confrontations targeting Ukraine. These activities include the spread of disinformation and propaganda attempting to paint Ukraine and NATO as aggressors in the current conflict. Such measures are intended to influence Western countries into believing Ukraine has provoked a global conflict.
In addition, hostile states actors also continue to monitor and intimidate Canadian communities. The tactics and tools used for such purposes include cyber espionage via social media platforms and threats designed to silence those who speak out publicly against them.
On January 8, 2020, Iran’s Islamic Revolutionary Guard Corps (IRGC) shot down Ukraine International Airlines Flight PS752 near Tehran, killing all 176 passengers and crew onboard, including 55 Canadian citizens and 30 Canadian permanent residents. Since then, CSIS has supported Government of Canada initiatives on this priority file, including the Canadian forensic team final report issued on June 24, 2021. CSIS continues to investigate credible reports of several Canada-based relatives of Flight PS752 victims having experienced harassment and intimidation from threat actors linked to proxies of the Islamic Republic of Iran. This activity may constitute foreign interference.
Report Foreign Interference
- 1-800-267-7685
- Canada.ca/CSIS
To report immediate threats, call your local police.
CSIS will continue to investigate and identify the threats that espionage and foreign interference pose to Canada’s national interests, and will work closely with domestic and international partners to address them. To report espionage and foreign interference, CSIS encourages individuals to call +1-800-267-7685 or visit Canada.ca/CSIS and click on the “Reporting National Security Information” section. If the person is in immediate danger, they should phone their local police of jurisdiction.
Election Security
The Security Intelligence Threats to Elections Task Force (SITE TF) is a whole-of-government working group that coordinates Government of Canada collection and analysis efforts concerning threats to Canada’s federal election processes. It consists of experts from CSIS, the Royal Canadian Mounted Police (RCMP), Global Affairs Canada, and the Communications Security Establishment (CSE).
Formed in 2019 in response to greater awareness of the threat of foreign interference by hostile state actors during democratic processes, the SITE TF is Canada’s principal mechanism to monitor the threat from hostile state interference during elections. It also sets conditions for the Government of Canada to inform the public of the threat or mitigate the threat as appropriate.
In 2021, the SITE TF hosted its first ever whole-of-government conference on electoral security at CSIS National Headquarters. This conference served to inform officials engaged in delivering a free and fair election to Canadians on the threats associated with foreign interference, as well as from IMVE actors who viewed the election as an opportunity to discourage Canadians from democratic participation or to plan acts of violence. This conference set the stage for further work among agencies, which included:
- Regular security intelligence briefings to key senior government decision makers and political party representatives;
- Reviewing and conducting appropriate measures to reduce the threat from specific hostile state proxies or agents;
- Increased reporting and transparency on electoral security matters through interagency personnel exchanges; and
- Assessing sources of disinformation (defined as entities that wittingly publish false information to deliberately mislead Canadians).
Economic Security
In a world marked by geostrategic economic competition and confrontation, state-sponsored threat actors seek to advance their strategic political, economic and military objectives by exploiting investment and trade with Canada. Foreign states seek to acquire access or control over sensitive technologies, data, and critical infrastructure to advance their own military and intelligence capabilities, deprive Canada of access to economic gains, employ economic coercion against Canada, and support other intelligence operations against Canadians and Canadian interests. Such activities pose a threat to Canada’s national security and long-term economic prosperity.
Investigating and assessing the use of economic activities by hostile state actors is a priority for CSIS. Throughout the COVID-19 pandemic, foreign threat actors continued to exploit the prevailing social and economic conditions to advance their interests. Threat actors continue to attempt to access valuable Canadian information through the Four Gates of Economic Security. Specific threat activities include human and cyber espionage; malign foreign investment; manipulation of imports and exports; exploitation of licenses and rights; and espionage against public academic institutions and private research and development.
In 2021, CSIS supported the Government of Canada’s implementation of Canada’s research security enterprise. This effort seeks to ensure Canadian resources designated for academic research are properly used to advance Canada’s scientific leadership and economic prosperity and are not co-opted by foreign states to obtain military, intelligence, and economic benefits at the expense of Canadian interests and values.
In the context of COVID-19, CSIS has also provided additional national security scrutiny to investments related to public health and threats to the supply of critical goods and services.
Cyber Threats
Canada remains a target for malicious cyber-enabled espionage, sabotage, foreign influence, and terrorism related activities, which pose significant threats to Canada’s national security, its interests and its economic stability. Cyber actors conduct malicious activities to advance their political, economic, military, security, and ideological interests. They seek to compromise government and private sector computer systems by manipulating their users or exploiting security vulnerabilities.
Advanced cyber tools developed and sold by commercial firms are giving new collection capabilities to countries and foreign state actors that historically have not posed a significant threat in the cyber domain. The services offered by these companies can have both defensive and offensive applications. These tools enable a growing list of actors to conduct espionage, sabotage, endanger civilians, undermine democratic values and exert foreign influence. Open-source reporting suggests that multiple authoritarian regimes have used such tools to target lawyers, journalists, politicians, and human rights defenders.
The COVID-19 pandemic has accelerated the digitization of society. This has increased both avenues for cyber espionage and risks from disruption. Work from home arrangements in the private and public sectors have dramatically increased – and so has the amount of sensitive information available for targeting and collection by hostile state actors. Malicious cyber actors can leverage compromised private devices and networks, which often lack advanced cybersecurity protections.
Cyber actors linked to the People’s Republic of China (PRC) continue to target multiple critical sectors within Canada. In 2021, PRC state-sponsored actors engaged in the unprecedented and indiscriminate exploitation of Microsoft Exchange servers, putting several thousand Canadian entities at risk. Victims included governments, policy think tanks, academic institutions, infectious disease researchers, law firms, defense contractors, and retailers.
Russian cyber actors also remain a threat to Canada. In April 2021, Canada and its allies publicly attributed a cyber espionage campaign to the Russian Foreign Intelligence Service (SVR). This campaign involved inserting malware into a software update mechanism for a network management tool published by US technology firm SolarWinds. This allowed the cyber actor to install backdoors into the networks of thousands of government and private sector clients. Hundreds of Canadian entities downloaded an infected version of the software, putting personal data and intellectual property at risk.
Ransomware attacks represent yet another national security threat in the cyber domain. These attacks involve a type of malware that threatens to publish the victim’s data or block access to it unless a ransom is paid. State actors increasingly use these cybercriminal tactics, often through proxies, to advance their objectives and evade attribution. By harvesting large quantities of victim data, ransomware attacks can further benefit foreign state actors keen on amassing data to enhance their intelligence collection efforts. When ransomware attacks cause severe disruption, foreign state actors can also benefit from the resulting chaos as it may bolster their ideological narratives.
Counter Proliferation
The proliferation of chemical, biological, radiological and nuclear (CBRN) weapons, commonly referred to as weapons of mass destruction (WMD), and their associated delivery vehicles constitutes a global challenge and a significant threat to the security of Canada and its allies. The proliferation of CBRN weapons systems undermines the rules-based international order, contributes to increased international tensions and may even precipitate armed conflicts in some parts of the world.
Several foreign states continue clandestine efforts to procure a range of sensitive, restricted, and dual-use goods and technologies in Canada, as well as expertise they may use to further their own WMD programs and delivery vehicles. CSIS continues to work closely with domestic and foreign partners to uphold the Government of Canada’s commitment to counter-proliferation. This entails efforts to detect, investigate, prevent, and disrupt activities in or through Canada involving the illicit acquisition, export, or diversion of goods that may enable WMD programs. These efforts also extend to intangible technology transfers.
Ideologically Motivated Violent Extremism
Ideologically motivated violent extremism (IMVE) represents a societal issue requiring a whole-of-government approach. The IMVE threat is complex and constantly evolving and is fuelled by proponents that are driven by a range of influences rather than a singular belief system. Extreme racist, misogynistic and anti-authority views combined with personal grievances can result in an individual’s willingness to incite, enable or mobilize to violence. CSIS plays a key role, alongside other intelligence and law enforcement partners, in a broader government response to this threat.
In 2021, CSIS led a government-wide project to improve understanding of the complex and evolving IMVE threat landscape in Canada. This project, which followed work CSIS previously conducted on violent extremism terminology, aimed to develop cross-government understanding of the analytical process used by CSIS in identifying, assessing, and where appropriate, acting on IMVE threat activity.
There have been seven attacks and three disrupted plots in the Canadian IMVE space since 2014. These attacks have killed 26 people and wounded 40 others on Canadian soil —more than any other form of violent extremism. Most recently, in June 2021, an attack in London, Ontario killed four individuals and injured one. In October 2021, a former Canadian Armed Forces reservist was sentenced to nine years in a US prison for plotting serious violence with members of The Base, a neo-Nazi group that is a listed terrorist entity in Canada.
A range of grievances motivates IMVE actors’ willingness to incite, enable, and/or mobilize to violence. Not all of these instances meet a national security threshold, but CSIS has observed a marked increase in violent threats to elected officials and government representatives during the past two years.
Since the beginning of the COVID-19 pandemic, IMVE activity has been fueled by an increase in extreme anti-authority and anti-government rhetoric often rooted in the weaponization of conspiracy theories. A number of Canadian influencers and proselytizers have emerged within IMVE movements. These IMVE influencers promote misinformation and action, including violence.
Politically Motivated Violent Extremism
Politically motivated violent extremism (PMVE) encourages the use of violence to establish new political systems, or new structures and norms within existing systems. There were no PMVE-related attacks in Canada in 2021.
Religiously Motivated Violent Extremism
Religiously motivated violent extremism (RMVE) encourages violence as part of a spiritual struggle against perceived immorality. Adherents believe that salvation can only be achieved through violence. RMVE violence attempts to intimidate or compel a desired action, or to restrain a government from taking an action. RMVE actors can target both the public and the government, domestically and abroad. RMVE actors will also target infrastructure as a way of achieving their goals, such as attacking power plants, hospitals, communication networks and electrical grids.
In 2021, two key events occurred in the global RMVE space. The first was the 20th anniversary of the terror attacks of September 11, 2001. The second was the Taliban takeover of Afghanistan in August 2021. The anniversary of 9/11 is a strangely unifying event for RMVE actors. Daesh supporters, who are often anti-Al Qaeda in their rhetoric, viewed the anniversary of 9/11 as a moment to celebrate., Conversely, the fall of Afghanistan was a divisive occasion, with Daesh leaders and supporters regularly encouraging and promoting attacks against the Taliban.
No RMVE inspired attacks occurred in Canada during 2021. Nonetheless, RMVE propaganda and certain threat-related activities continued. The ongoing threat of RMVE in Canada comes primarily from Daesh-inspired lone actors, who have the potential to mobilize to violence quickly, using low-tech means to take action against soft targets. For these lone actors, there is no known or identifiable form of direction or logistical support from Daesh. The Daesh supporters therefore rely predominantly on personal savings in their threat-related activities and their financial contributions to Daesh-affiliated individuals abroad are personal and small. These contributions are often one of the first triggers of an investigation.
Canadian Extremist Travellers
The Government of Canada has continued to monitor and respond to the threat of Canadian extremist travellers (CETs). CETs are individuals with a nexus to Canada through citizenship, permanent residency, or a valid visa, who are suspected of having travelled abroad to engage in terrorism-related activities. These individuals may leave Canada to support, facilitate, or participate in violent extremist activities. CETs pose a wide range of security concerns, both while abroad and if they return to Canada. Broadly speaking, CETs have affiliations with multiple violent extremist groups and movements, and may represent IMVE, politically motivated violent extremism (PMVE), and/or RMVE perspectives.
Since 2011, conflict in Syria and Iraq has attracted unprecedented numbers of extremists to fight overseas. However, since the collapse of Daesh’s territorial Caliphate in Iraq/Syria in 2016-2017, many of these individuals have been killed or are detained in internally displaced persons (IDP) camps or prisons in Syria. The global return of foreign terrorist fighters to countries where they may face varying degrees of justice represents a challenge to counterterrorism efforts.
International Terrorism
On August 15th, 2021, the Taliban captured Afghanistan’s capital of Kabul and thus became the de facto governing body of the country. The takeover was swift and chaotic, leaving the international community limited time to evacuate personnel. The Taliban face significant challenges governing Afghanistan, including an economic and humanitarian crisis that will likely continue throughout 2022.
The Taliban have continued to allow transnational terrorist groups, such as Al Qaeda and Al Qaeda in the Indian Subcontinent (AQIS), to remain in country. While their current activities are limited, there is a possibility that Al Qaeda will once again view Afghanistan as a safe training ground. Meanwhile, the Daesh-affiliated Islamic State Khorasan Province (ISKP) has sought to delegitimize the Taliban’s governance by conducting attacks targeting urban areas. CSIS assesses that ISKP will have the capacity to conduct external attacks within the near future and are highly motivated to do so.
In 2021, Daesh remained focused on insurgency in Iraq and Syria. Daesh insurgencies tend to target local security forces and local leaders able to counter its influence. In Iraq, Daesh has also begun to attack economic targets such as electrical infrastructure to undermine public confidence in the government. Daesh shows no indications of being in a position to capture and hold the territory it lost in 2019. However, it retains this aim as a long-term goal, raising the possibility of a future reincorporation of foreign extremists including CETs. Daesh also aims to assault prisons and incite prison riots in Iraq and Syria as part of its jihadi operational strategy based on force regeneration, freeing high-value individuals, and propaganda. CSIS assesses that Daesh will continue to attempt to inspire and enable attacks in Western countries while it gradually rebuilds its direct attack capabilities.
RMVE continues to threaten Canadians and Canadian interests in Africa. Canadians who work or travel near regions where terrorist groups operate continue to face significant threat from both attacks and opportunistic kidnap-for-ransom operations. Al Qaeda-aligned Al-Shabaab and Jamaat Nusrat al-Islam Wal Muslimin (JNIM) are the main terrorist groups in the Horn of Africa and West Africa, respectively. These Al Qaeda affiliates will likely seek to use the Taliban’s victory in Afghanistan to motivate current fighters and drive recruitment; however, neither Al-Shabaab nor JNIM has the intent to replace African state governments. Daesh affiliates have also demonstrated increased activities and operational reach, particularly in Sub-Saharan Africa.
Security Screening
Through its Government Security Screening (GSS), and Immigration and Citizenship Screening (ICS) programs, CSIS serves as the first line of defence against violent extremism, espionage, and other threats to national security.
The CSIS GSS program conducts investigations and provides security assessments and advice on a wide range of threats to national security in the context of security clearances. Security assessments are part of an overall evaluation to assist federal government departments and agencies deciding to grant, deny, or revoke security clearances. These decisions lie with each department or agency, and not with CSIS.
The GSS also conducts screening to protect sensitive sites – including airports, marine, and nuclear facilities – from national security threats. Furthermore, it assists the RCMP in vetting Canadians and foreign nationals who seek to participate in major events in Canada. Finally, the GSS provides security assessments to provincial and foreign governments, and international organizations, when Canadians seek employment requiring access to sensitive information or sites in another country. All individuals subject to government security screening do so voluntarily.
The CSIS ICS program conducts investigations and provides security advice to the Canada Border Services Agency (CBSA) and Immigration, Refugees, and Citizenship Canada (IRCC) regarding persons who might represent a threat to national security who are seeking entry to or status in Canada. Through this program, CSIS provides security advice on permanent resident and citizenship applicants; persons applying for temporary resident visas; and persons applying for refugee status in Canada. Decisions related to admissibility to Canada, the granting of visas, or the acceptance of applications for refugee status, permanent residence, and citizenship rest with IRCC.
In response to the withdrawal of allied military personnel from Afghanistan, and the Taliban takeover of Afghanistan in the summer of 2021, CSIS supported Government of Canada efforts to urgently evacuate and resettle at-risk and vulnerable Afghans with links to Canada. With the Government of Canada’s decision to resettle 40,000 Afghans to Canada, CSIS’s security screening and security advice will remain critical.
IMMIGRATIONS AND CITIZENSHIP SCREENING PROGRAMS
Permanent Resident Inside and Outside Canada | 14,800 |
Refugee (Front-End Screening**) | 21,200 |
Citizenship | 248,700 |
Temporary Resident | 9,000 |
TOTAL: | 293,700 |
GOVERNMENT SCREENING PROGRAMS
Federal Government Departments | 64,600 |
Free and Secure Trade (FAST) | 14,000 |
Transport Canada (Marine and Airport) | 31,000 |
Parliamentary Precinct | 2,100 |
Nuclear Facilities | 12,200 |
Provinces | 140 |
Others | 2,100 |
Foreign Screening | 500 |
Special Events Accreditation | 0 |
TOTAL: | 126,640 |
Figures have been rounded
* The pandemic has caused a reduction of cases received in 2021.
** Individuals claiming refugee status in Canada or at ports of entry
Page details
- Date modified: