Threat Overview

The Canadian Security Intelligence Service’s (CSIS) mandate is to investigate activities suspected of constituting threats to the security of Canada, advise the Government of Canada (GC) on these threats, and take measures to reduce them. While techniques differ with every investigation, CSIS relies on a mixture of human, communications, signals, and financial intelligence, as well as open source information and physical surveillance, to advance its investigations. Where necessary, CSIS can seek a warrant from the Federal Court to collect information and intelligence using more intrusive tools. CSIS’ activities also involve extensive collaboration with domestic partners, including the Royal Canadian Mounted Police and the Canadian Border Services Agency, as well as foreign partners.

All CSIS activities demand strict adherence to the CSIS Act, other Canadian laws, including the Charter of Right and Freedoms and the Privacy Act, Federal Court decisions, Ministerial Directions, and internal policies and procedures. The National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians have a mandate to review any CSIS activities to ensure ongoing compliance with these laws and policies.

Today’s threat environment is complex, diverse and global. Threats against Canada’s security are driven by the malicious use of new technologies, geopolitical events, and the means and motivations of threat actors. The constant evolution in the threat environment requires CSIS to adapt its operational posture and realign resources to address shifting priorities.

CSIS’ ability to adapt to the increasingly complex threat and technological environment, however, is restrained by its authorities, which have only seen targeted amendments since their enactment in 1984. The CSIS Act enabled CSIS for many years, to adapt to the threats facing Canada and Canadians, but with the rate and speed of technological change and how it impacts the threat landscape, CSIS’ authorities have not kept pace. CSIS Act amendments in key areas are necessary to equip CSIS with data-driven authorities suitable for a modern intelligence agency. 

Violent Extremism

CSIS investigates individuals who advocate for serious violence in support or furtherance of ideological, political, or religious objectives with the intent of affecting societal change.

Ideologically Motivated Violent Extremism (IMVE): The IMVE threat landscape includes a range of threat actors, including movements, cells, networks, groups, and individuals. Currently, the predominant violent extremist threat to Canada is assessed to be domestic IMVE lone actors inspired or incited to violence by extremist ideologies promoted online.

Religiously Motivated Violent Extremism (RMVE): Individuals or groups who are inspired by RMVE groups, such as Daesh or Al Qaida, remain a persistent threat to Canada and Canadian interests, and thus, remain a high priority for the Service. Similar to IMVE actors, there is an increasingly robust online RMVE presence able to inspire attacks – which can be planned and executed with little warning.

Politically Motivated Violent Extremism (PMVE):  Politically motivated violent extremists use or actively support violence to establish new political systems, or new structures and norms within existing systems. In Canada, this largely manifests in the in the form of Canadian Based Khalistani Extremists (CBKE), who seek to use violence to support and advocate for the creation of an independent Sikh nation (Khalistan) in the Indian state of Punjab.

The National Terrorism Threat Level, developed by the Integrated Terrorism Assessment Centre and set by the Director of CSIS, places the current threat of a potential violent extremist attack at medium. This means extremist groups and

individuals in Canada and abroad have both the intent and the capability to carry out an act of violent extremism in Canada. In responding to this threat, CSIS’ goal is to identify and investigate recruitment, radicalization, facilitation, and planning by violent extremists.

CSIS may also engage its threat reduction mandate, which could include [REDACTED].

Espionage and Foreign Interference

The greatest threats to Canada’s prosperity and national interest are foreign interference and espionage. Canada’s abundance of natural resources, advanced technology, and expertise as well as our close relationship with powerful allies make us an attractive target for certain foreign states. China, in particular, poses the most significant and sophisticated strategic threat to Canada.

CSIS dedicates a significant portion of its resources to investigating these threats and engaging those affected. The Service also responds to the threat through outreach and engagement with targeted communities, industries and sectors to grow their awareness and support their efforts to mitigate the threat by enhancing their own security postures.

For example, through CSIS’ Academic Outreach and Stakeholder Engagement program, CSIS has provided general threat briefings to those in academia on research security threats. However, the CSIS Act restricts the Service’s ability to disclose sensitive information, limiting its authority to inform those outside the federal government of threats, and inhibiting the mitigation and resilience efforts these key partners could take.

Election Interference

CSIS continues to work with GC partners to combat and advise the GC on foreign interference targeting Canada’s democratic institutions as well as elections.     


Cyber threat actors pose a significant risk to Canada’s national security, critical infrastructure, and core institutions.

CSIS investigates cyber threats directed against Canada and Canadian interests [REDACTED].


For ransomware, CSIS works with its partners to advise on the national security implications of ransomware and the repercussions of making ransom payments. The Service also works closely to support GAC in publicly attributing cyber attacks to state actors.

To further mitigate cyber threats, CSIS conducts outreach and engagement to raise awareness in sectors targeted by cyber threat actors. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government, limiting the ability of key sectors to build resilience or fully appreciate the threat.


Several foreign states continue to clandestinely procure a range of sensitive, restricted, or dual-use technologies and goods in Canada.

To respond to proliferation-related threats, CSIS collects intelligence, works closely with allies, maps networks in Canada, and investigates and engages its threat reduction mandate to detect, deter, and disrupt transactions involving illicit goods that could constitute threats to Canada. The Service is currently seeking closer collaboration and information sharing with key government partners to address the proliferation threat and gaps in Canada’s export control and sanctions regime.

For example, [REDACTED].


Page details

Date modified: