Threat Overview

The Canadian Security Intelligence Service’s (CSIS) mandate is to investigate activities suspected of constituting threats to the security of Canada, advise the Government of Canada on these threats, and take measures to reduce them. While techniques differ with every investigation, CSIS relies on a mixture of human, communications, signals, and financial intelligence, as well as open source information and physical surveillance, to advance its objectives. Where necessary, CSIS can seek a warrant from the Federal Court to conduct more intrusive collection. CSIS’ activities also involve extensive collaboration with domestic and foreign partners.

All CSIS activities demand strict adherence to the CSIS Act, other Canadian laws, including the Charter of Right and Freedoms and the Privacy Act, Federal Court decisions, Ministerial Directions, and internal policies and procedures. The National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians have a mandate to review any CSIS activities to ensure ongoing compliance with these laws and policies.

Today’s threat environment is complex, diverse and global. Threats against Canada’s security are driven by the malicious use of new technologies, geopolitical events, and the means and motivations of threat actors. The constant evolution in the threat environment requires CSIS to adapt its operational posture and realign resources to address shifting priorities.

Violent Extremism

CSIS investigates individuals who advocate for serious violence in support or furtherance of ideological, political, or religious objectives with the intent of affecting societal change.

Ideologically Motivated Violent Extremism (IMVE): The IMVE threat landscape includes a range of threat actors, including movements, cells, networks, groups, and individuals. Currently, the predominant violent extremist threat to Canada is assessed to be domestic IMVE lone actors inspired or incited to violence by extremist ideologies promoted online.

Religiously Motivated Violent Extremism (RMVE): Individuals or groups who are inspired by RMVE groups, such as Daesh or Al Qaida, remain a persistent threat to Canada and Canadian interests, and thus, remain a high priority for the Service. Similar to IMVE actors, there is an increasingly robust online RMVE presence able to inspire attacks – which can be planned and executed with little warning.

The National Terrorism Threat Level, developed by the Integrated Terrorism Assessment Centre and set by the Director of CSIS, places the current threat of a potential violent extremist attack at medium. This means extremist groups and individuals in Canada and abroad have both the intent and the capability to carry out an act of violent extremism in Canada.

In responding to this threat, CSIS’ goal is to identify and investigate recruitment, radicalization, facilitation, and planning by violent extremists. CSIS may also engage its threat reduction mandate, [REDACTED] hinders investigations of online extremism.

Espionage and Foreign Interference

The greatest threat to Canada’s prosperity and national interest is foreign interference and espionage. Canada’s abundance of natural resources, advanced technology, and expertise as well as our close relationship with powerful allies make us an attractive target for certain foreign states. China, in particular, poses the most significant and sophisticated strategic threat to Canada.

[REDACTED]. The Service also responds to the threat through outreach and engagement with targeted industries and sectors to grow their awareness and support their efforts to mitigate the threat by enhancing their own security postures. During the pandemic, CSIS regularly advised the government’s vaccine task force on threats to the vaccine supply chain. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government, limiting mitigation and resilience in key sectors.

CSIS takes the harassment and intimidation of Canadian communities very seriously and continues to encourage reporting of such activity to the Service and/or law enforcement. With respect to elections interference, CSIS participates in the Security and Intelligence Threats to Elections (SITE) Task Force, established to protect federal elections by bringing together the security and intelligence community, which meet regularly, reports on the threat landscape, and engages with domestic stakeholders and allies. CSIS also mitigates this threat in part through outreach. [REDACTED]. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government, limiting mitigation and resilience in key sectors.

The threats posed by foreign interference and espionage to our democratic institutions, communities, critical infrastructure, economy, and research and innovation affect a wide range of stakeholders. As a result, CSIS must be in a position to provide timely and relevant information to affected stakeholders in order for them to build resilience against those threats.


Cyber threat actors pose a significant risk to Canada’s national security, critical infrastructure, and core institutions.

CSIS investigates cyber threats directed against Canada and Canadian interests by leveraging its unique human source and technical capabilities in order to collect cyber threat intelligence and advise the Government of Canada accordingly. CSIS works closely with CSE and the Canadian Centre for Cyber Security in support of the latter’s incident response mandate to mitigate cyber attacks against critical systems in Canada. For ransomware, CSIS works with its partners to advise on the national security implications of ransomware and the repercussions of making ransom payments. The Service also works closely to support GAC in publicly attributing cyber attacks to state actors. To further mitigate cyber threats, CSIS conducts outreach and engagement to raise awareness in sectors targeted by cyber threat actors. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government, limiting the ability of key sectors to build resilience or fully appreciate the threat.


Several foreign states continue to clandestinely procure a range of sensitive, restricted, or dual-use technologies and goods in Canada.

To respond to proliferation-related threats, CSIS collects intelligence, works closely with allies, maps networks in Canada, and investigates and engages its threat reduction mandate to detect, deter, and disrupt transactions involving illicit goods that could constitute threats to Canada. The Service is currently seeking closer collaboration and information sharing with key government partners to address the proliferation threat and gaps in Canada’s export control and sanctions regime.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: