Threat Overview

The Canadian Security Intelligence Service’s (CSIS) mandate is to investigate activities suspected of constituting threats to the security of Canada, advise the Government of Canada (GC) on these threats, and take measures to reduce them. While techniques differ with every investigation, CSIS relies on a mixture of human, communications, signals, and financial intelligence, as well as open source information and physical surveillance, to advance its investigations. Where necessary, CSIS can seek a warrant from the Federal Court to collect information and intelligence using more intrusive tools. CSIS’ activities also involve extensive collaboration with domestic partners, including the Royal Canadian Mounted Police and the Canadian Border Services Agency, as well as foreign partners.

All CSIS activities demand strict adherence to the CSIS Act, other Canadian laws, including the Charter of Right and Freedoms and the Privacy Act, Federal Court decisions, Ministerial Directions, and internal policies and procedures. The National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians have a mandate to review any CSIS activities to ensure ongoing compliance with these laws and policies.

Today’s threat environment is complex, diverse and global. Threats against Canada’s security are driven by the malicious use of new technologies, geopolitical events, and the means and motivations of threat actors. The constant evolution in the threat environment requires CSIS to adapt its operational posture and realign resources to address shifting priorities.

CSIS’ ability to adapt to the increasingly complex threat and technological environment, however, is restrained by its authorities, which have only seen targeted amendments since their enactment in 1984. The CSIS Act enabled CSIS for many years, to adapt to the threats facing Canada and Canadians, but with the rate and speed of technological change and how it impacts the threat landscape, CSIS’ authorities have not kept pace. CSIS Act amendments in key areas are necessary to equip CSIS with data-driven authorities suitable for a modern intelligence agency.

Violent Extremism

CSIS investigates individuals who advocate for serious violence in support or furtherance of ideological, political, or religious objectives with the intent of affecting societal change.

Ideologically Motivated Violent Extremism (IMVE): The IMVE threat landscape includes a range of threat actors, including movements, cells, networks, groups, and individuals. Currently, the predominant violent extremist threat to Canada is assessed to be domestic IMVE lone actors inspired or incited to violence by extremist ideologies promoted online.

Traditional groups with more structured leadership and defined objectives have been largely supplanted by loosely networked movements with amorphous goals that coexist across the IMVE milieu.
As such, IMVE actors radicalized to violence often act without a clear affiliation to specific organized groups or ideology, and change ideology to find what works for them, [REDACTED], the June 2021 attack in London, Ontario or the 2020 knife attack in Toronto.
CSIS assesses that IMVE narratives continue to evolve with unprecedented variety and fluidity, exacerbated by major events such as the COVID-19 pandemic and federal elections, as well as the increasing influence and reach of social media.
Approximately 50% of CSIS’ counterterrorism resources are now dedicated to investigating IMVE actors, influencers, and promoters.

Religiously Motivated Violent Extremism (RMVE): Individuals or groups who are inspired by RMVE groups, such as Daesh or Al Qaida, remain a persistent threat to Canada and Canadian interests, and thus, remain a high priority for the Service. Similar to IMVE actors, there is an increasingly robust online RMVE presence able to inspire attacks – which can be planned and executed with little warning.

The global reach of al-Qaida and Daesh and their ability to inspire attacks without explicit central coordination ensures that both groups pose a continuing threat to Canada and to Canadian interests abroad.
In Afghanistan, the Taliban continue to provide a safe haven and base for other extremist organizations, such as al-Qaeda as well as a potential destination for Canadian Extremist Travellers (CETs). This continues to contribute to insecurity in the region [REDACTED], and will likely attract other insurgent groups.
While the threat of CETs is not exclusive to the RMVE milieu, there are Canadians with a range of training and experience acquired while abroad that make them a threat to national security, particularly if they return to Canada.
Given the recent return of several CETs to Canada, the collection and monitoring of CET threat related activities continues to be a priority for the Service.

Politically Motivated Violent Extremism (PMVE): Politically motivated violent extremists use or actively support violence to establish new political systems, or new structures and norms within existing systems. In Canada, this largely manifests in the in the form of Canadian Based Khalistani Extremists (CBKE), who seek to use violence to support and advocate for the creation of an independent Sikh nation (Khalistan) in the Indian state of Punjab.

[REDACTED].
[REDACTED].

The National Terrorism Threat Level, developed by the Integrated Terrorism Assessment Centre and set by the Director of CSIS, places the current threat of a potential violent extremist attack at medium. This means extremist groups and

individuals in Canada and abroad have both the intent and the capability to carry out an act of violent extremism in Canada. In responding to this threat, CSIS’ goal is to identify and investigate recruitment, radicalization, facilitation, and planning by violent extremists.

CSIS may also engage its threat reduction mandate, which could include [REDACTED].

Espionage and Foreign Interference

The greatest threats to Canada’s prosperity and national interest are foreign interference and espionage. Canada’s abundance of natural resources, advanced technology, and expertise as well as our close relationship with powerful allies make us an attractive target for certain foreign states. China, in particular, poses the most significant and sophisticated strategic threat to Canada.

Hostile state actors seek covert access to Canada’s sensitive proprietary information and cutting-edge research in an array of advanced scientific fields and across public sector, private sector, and academic institutions, with the goal of acquiring economic, commercial, scientific, military, or security advantages. For example, China is increasingly using non-traditional collectors, such as those in academic and research settings, to acquire sensitive, protected, or proprietary technologies that can be militarized or are dual use.
[REDACTED].
During the pandemic, CSIS observed greater emphasis on the biopharmaceutical and life sciences sectors as threat actors targeted Canada’s vaccine research and other medical progress. For example, in a 2020 attack publicly attributed to Russia, cyber actors targeted the Canadian biopharmaceutical sector and vaccine research entities in an attempt to steal information and intellectual property.

CSIS dedicates a significant portion of its resources to investigating these threats and engaging those affected. The Service also responds to the threat through outreach and engagement with targeted communities, industries and sectors to grow their awareness and support their efforts to mitigate the threat by enhancing their own security postures.

For example, through CSIS’ Academic Outreach and Stakeholder Engagement program, CSIS has provided general threat briefings to those in academia on research security threats. However, the CSIS Act restricts the Service’s ability to disclose sensitive information, limiting its authority to inform those outside the federal government of threats, and inhibiting the mitigation and resilience efforts these key partners could take.

Using covert and overt methods, [REDACTED], target multiple levels of government and non-governmental entities, including civil society, seeking to influence and disrupt Canada’s social fabric, usually to advance geopolitical objectives and undermine democratic values.
Canada’s fundamental institutions, including its democratic, media, religious institutions, and community associations are also primary interference targets.
CSIS continues to observe foreign monitoring and intimidation of Canadian communities, subjecting many vulnerable Canadians to harassment, coercion, and manipulation. CSIS takes the harassment and intimidation of Canadian communities very seriously and continues to encourage reporting of such activity to the Service and/or law enforcement.
Foreign threat actors are using political and financial levers to gain access to or control over sensitive critical infrastructure assets in Canada, using methods like direct investment and the supply of products and services. The results of such efforts can range from diminished public trust in infrastructure to economic harm and even loss-of life scenarios.
[REDACTED].

Election Interference

CSIS continues to work with GC partners to combat and advise the GC on foreign interference targeting Canada’s democratic institutions as well as elections.

CSIS is currently the chair of the Security and Intelligence Threats to Elections (SITE) Task Force, established to protect federal elections by bringing together the security and intelligence community, which meet regularly, reports on the threat landscape, and engages with domestic partners and allies. In the recently held by-elections, SITE provided enhanced monitoring, and produced classified and unclassified reports detailing its assessment of foreign interference threats during the by-elections.
CSIS also mitigates the threat of foreign interference in part through outreach. For example, ahead of the 2021 federal elections, CSIS held defensive briefings with Members of Parliament most vulnerable to targeting by foreign actors. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government of such threats, limiting mitigation and resilience in key sectors. Following the appointment of the Independent Special Rapporteur (ISR), CSIS met with the ISR and his staff on several occasions to provide extensive briefings on the foreign interference threat. CSIS will continue to cooperate with whatever future mechanism Parliament and Cabinet goes forth with in its review of foreign interference.
In May 2023, the Minister of Public Safety issued a Ministerial Direction to CSIS, instructing that threats to the security of Canada directed at Parliament and Parliamentarians continue to receive the highest level of attention from CSIS, in collaboration with the national security and intelligence community.

Cyber

Cyber threat actors pose a significant risk to Canada’s national security, critical infrastructure, and core institutions.

Hostile states continue to use cyber capabilities to steal state intellectual property, conduct espionage and foreign interference against Canada and Canadian entities to advance their political, economic, military, security, and ideological interests.
Cyber threat actors target sensitive Canadian data such as personal health and financial information, which can be weaponized against Canadians and Canadian interests in many ways, including through amplified espionage and influence operations.
Non-state cyber actors also pose a growing threat, as their activities increasingly inflict significant societal disruptions that, in some cases, have national security impacts.
[REDACTED].
Increasing interconnectedness, which has been compounded by the pandemic, and the related rise in less secure work environments, is creating greater exposure and opportunities for cyber attacks. Cyber-enabled foreign interference and espionage are heightened by new and emerging technologies that offer cyber threat actors new ways to compromise computers and networks.

CSIS investigates cyber threats directed against Canada and Canadian interests [REDACTED].

[REDACTED].

For ransomware, CSIS works with its partners to advise on the national security implications of ransomware and the repercussions of making ransom payments. The Service also works closely to support GAC in publicly attributing cyber attacks to state actors.

To further mitigate cyber threats, CSIS conducts outreach and engagement to raise awareness in sectors targeted by cyber threat actors. However, the CSIS Act restricts the Service’s ability to fully inform those outside the federal government, limiting the ability of key sectors to build resilience or fully appreciate the threat.

Proliferation

Several foreign states continue to clandestinely procure a range of sensitive, restricted, or dual-use technologies and goods in Canada.

These products may be used to develop or support weapons of mass destruction programs and associated delivery vehicles.
They may also support the application of emerging technologies to advance military, security and intelligence, or surveillance ambitions.
Certain state actors use money-laundering techniques to evade sanctions.

To respond to proliferation-related threats, CSIS collects intelligence, works closely with allies, maps networks in Canada, and investigates and engages its threat reduction mandate to detect, deter, and disrupt transactions involving illicit goods that could constitute threats to Canada. The Service is currently seeking closer collaboration and information sharing with key government partners to address the proliferation threat and gaps in Canada’s export control and sanctions regime.

For example, [REDACTED].