Threat Overview

The Canadian Security Intelligence Service’s (CSIS) mandate is to investigate activities suspected of constituting threats to the security of Canada, advise the Government of Canada on these threats, and take measures to reduce them. While techniques differ with every investigation, CSIS relies on a mixture of human, communications, signals, and financial intelligence, as well as open source information and physical surveillance, to advance its objectives. Where necessary, CSIS can seek a warrant from the Federal Court to conduct more intrusive collection. CSIS’ activities also involve extensive collaboration with domestic and foreign partners.

All CSIS activities demand strict adherence to the CSIS Act, other Canadian laws, including the Charter of Right and Freedoms and the Privacy Act, Federal Court decisions, Ministerial Directions, and internal policies and procedures. The National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians have a mandate to review any CSIS activities to ensure ongoing compliance with these laws and policies.

Today’s threat environment is complex, diverse and global. Threats against Canada’s security are driven by the malicious use of new technologies, geopolitical events, and the means and motivations of threat actors. The constant evolution in the threat environment requires CSIS to adapt its operational posture and realign resources to address shifting priorities.

Violent Extremism

CSIS investigates individuals who advocate for serious violence in support or furtherance of ideological, political, or religious objectives with the intent of affecting societal change.

Ideologically Motivated Violent Extremism (IMVE): The IMVE threat landscape includes a range of threat actors, including movements, cells, networks, groups, and individuals. Currently, the predominant violent extremist threat to Canada is assessed to be domestic IMVE lone actors inspired or incited to violence by extremist ideologies promoted online.

• Traditional groups with more structured leadership and defined objectives have been largely supplanted by loosely networked movements with amorphous goals that coexist across the IMVE milieu.
• As such, IMVE actors radicalized to violence often act without a clear affiliation to specific organized groups, as shown in the June 2021 attack in London, Ontario or the 2020 knife attack in Toronto.
• [REDACTED] that IMVE narratives continue to evolve with unprecedented variety and fluidity, exacerbated by major events such as the COVID-19 pandemic and federal elections.

Religiously Motivated Violent Extremism (RMVE): Individuals or groups who are inspired by RMVE groups, such as Daesh or Al Qaida, remain a persistent threat to Canada and Canadian interests, and thus, remain a high priority for the Service. Similar to IMVE actors, there is an increasingly robust online RMVE presence able to inspire attacks – which can be planned and executed with little warning.

• The global reach of al-Qaida and Daesh and their ability to inspire attacks without explicit central coordination ensures that both groups pose a continuing threat to Canada and to Canadian interests abroad.
• The evolving situation in Afghanistan and take-over by the Taliban, a listed terrorist entity, has potentially created a safe haven and base for other extremist organizations, as well a destination for Canadian Extremist Travellers (CETs). These events will destabilize security in the region [REDACTED] and likely attract other insurgent groups.
• While the threat of CETs is not exclusive to the RMVE milieu, there are Canadians with a range of training and experience acquired while abroad that make them an especially dangerous threat to national security, particularly if they return to Canada.

The National Terrorism Threat Level, developed by the Integrated Terrorism Assessment Centre and set by the Director of CSIS, places the current threat of a potential violent extremist attack at medium. This means extremist groups and individuals in Canada and abroad have both the intent and the capability to carry out an act of violent extremism in Canada.

In responding to this threat, CSIS’ goal is to identify and investigate recruitment, radicalization, facilitation, and planning by violent extremists. CSIS may also engage its threat reduction mandate, [REDACTED] hinders investigations of online extremism.

Espionage and Foreign Interference

The greatest threat to Canada’s prosperity and national interest is foreign interference and espionage. Canada’s abundance of natural resources, advanced technology, and expertise as well as our close relationship with powerful allies make us an attractive target for certain foreign states. China, in particular, poses the most significant and sophisticated strategic threat to Canada.

• Hostile state actors seek covert access to Canada’s sensitive proprietary information and cutting-edge research in an array of advanced scientific fields and across public sector, private sector, and academic institutions, with the goal of acquiring economic, commercial, scientific, military, or security advantages. For example, China is increasingly using non-traditional collectors, such as those in academic and research settings, to acquire sensitive, protected, or proprietary technologies that can be militarized or are dual use.
• Canadians are also the targets of espionage outside Canada’s borders. Canadian officials living and working abroad can be the targets of hostile state actors and their intelligence collection apparatus. Those working in countries with sophisticated surveillance and intelligence collection regimes are at a much higher risk of being targeted and monitored.
• During the pandemic, CSIS has observed greater emphasis on the biopharmaceutical and life sciences sectors as threat actors target Canada’s vaccine research and other medical progress. For example, in a 2020 attack publicly attributed to Russia, cyber actors targeted the Canadian biopharmaceutical sector and vaccine research entities in an attempt to steal information and intellectual property.
• That said, Canada remains an attractive target for those wishing to access a wide range of privileged know-how. Canadian entities that have close research partnerships with the US and other advanced economies may be of particular interest.

[REDACTED]. The Service also responds to the threat through outreach and engagement with targeted industries and sectors to grow their awareness and support their efforts to mitigate the threat by enhancing their own security postures. During the pandemic, CSIS regularly advised the government’s vaccine task force on threats to the vaccine supply chain. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government, limiting mitigation and resilience in key sectors.

• Using covert and overt methods, China and other states like Russia, [REDACTED], target multiple levels of government and non-governmental entities, including civil society, seeking to influence and disrupt Canada’s social fabric, usually to advance geopolitical objectives and undermine democratic values.
• Canada’s fundamental institutions, including its democratic, media, religious institutions, and community associations are primary interference targets.
• CSIS has also observed foreign monitoring and intimidation of Canadian communities, subjecting many vulnerable Canadians to harassment, coercion, and manipulation.
• Foreign threat actors are using political and financial levers to gain access to or control over sensitive critical infrastructure assets in Canada, using methods like direct investment and the supply of products and services. The results of such efforts can range from diminished public trust in infrastructure to economic harm and even loss-of life scenarios.
• China, for instance, deceptively uses its influence and control over globalized supply chains to harm Canada and its interests in response to diplomatic disagreements. The impacts of such actions, which in turn create the diplomatic pressure on Canada, can range from economic harm to the denial of goods vital to the safety of Canadians.

CSIS takes the harassment and intimidation of Canadian communities very seriously and continues to encourage reporting of such activity to the Service and/or law enforcement. With respect to elections interference, CSIS participates in the Security and Intelligence Threats to Elections (SITE) Task Force, established to protect federal elections by bringing together the security and intelligence community, which meet regularly, reports on the threat landscape, and engages with domestic stakeholders and allies. CSIS also mitigates this threat in part through outreach. [REDACTED]. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government, limiting mitigation and resilience in key sectors.

The threats posed by foreign interference and espionage to our democratic institutions, communities, critical infrastructure, economy, and research and innovation affect a wide range of stakeholders. As a result, CSIS must be in a position to provide timely and relevant information to affected stakeholders in order for them to build resilience against those threats.

Cyber

Cyber threat actors pose a significant risk to Canada’s national security, critical infrastructure, and core institutions.

• Hostile states continue to use cyber capabilities to conduct espionage and foreign interference against Canada and Canadian entities to advance their political, economic, military, security, and ideological interests.
• Cyber threat actors are also targeting sensitive Canadian data such as personal health and financial information. This data becomes more strategically and economically valuable to adversaries as individuals’ digital footprints grow and it can be weaponized against Canadians and Canadian interests in many ways, including through amplified espionage and influence operations.
• Non-state cyber actors also pose a growing threat, as their activities increasingly inflict significant societal disruptions that, in some cases, have national security impacts.
• The ability and willingness of hostile states to leverage non-state actors while maintaining plausible deniability remains a growing concern.
• Increasing interconnectedness is creating greater opportunities for cyber attacks and exposure for targets, compounded by the pandemic and the related rise in less secure work environments. For example, in 2020, Russian cyber actors conducted attacks against US technology company SolarWinds to gain access to the information of clients worldwide.
• New and emerging technologies offer cyber threat actors potentially new ways to compromise computers and networks.

CSIS investigates cyber threats directed against Canada and Canadian interests by leveraging its unique human source and technical capabilities in order to collect cyber threat intelligence and advise the Government of Canada accordingly. CSIS works closely with CSE and the Canadian Centre for Cyber Security in support of the latter’s incident response mandate to mitigate cyber attacks against critical systems in Canada. For ransomware, CSIS works with its partners to advise on the national security implications of ransomware and the repercussions of making ransom payments. The Service also works closely to support GAC in publicly attributing cyber attacks to state actors. To further mitigate cyber threats, CSIS conducts outreach and engagement to raise awareness in sectors targeted by cyber threat actors. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government, limiting the ability of key sectors to build resilience or fully appreciate the threat.

Proliferation

Several foreign states continue to clandestinely procure a range of sensitive, restricted, or dual-use technologies and goods in Canada.

• These products may be used to develop or support weapons of mass destruction programs and associated delivery vehicles.
• They may also support the application of emerging technologies to advance military, security and intelligence, or surveillance ambitions.
• Certain state actors use money-laundering techniques to evade sanctions.

To respond to proliferation-related threats, CSIS collects intelligence, works closely with allies, maps networks in Canada, and investigates and engages its threat reduction mandate to detect, deter, and disrupt transactions involving illicit goods that could constitute threats to Canada. The Service is currently seeking closer collaboration and information sharing with key government partners to address the proliferation threat and gaps in Canada’s export control and sanctions regime.