National Defence Committee Appearance

Standing Committee on National Defence
March 28, 2022
3:30 p.m. to 4:30 p.m.

Appearance before the House of Commons’
Standing Committee on National Defence

Briefing on Cyber Security

CSIS Opening Remarks

INTRODUCTION

Mister Chair, Members of the Committee, good afternoon. I am Cherie Henderson and I am the Assistant Director, Requirements, at the Canadian Security Intelligence Service.

Thank you for the invitation to appear once again before you this year, this time to discuss cyber security. I am grateful for this opportunity to discuss this very important subject with you.

CSIS ROLE PROTECTING CYBER SECURITY AND CRITICAL INFRASTRUCTURE

As Canada’s principal government agency responsible for investigating threats to the security of Canada, CSIS also investigates cyber threats. As such, we employ our investigative tools, including warrants, to collect intelligence on cyber threat actors’ exploitation of cyberspace to conduct espionage, sabotage, and foreign influenced activities against Canada and Canadians.

CSIS also cooperates with a wide range of domestic and international partners. Our unique value lies in our ability to collect intelligence on the nature and scope of hostile cyber activities and the intentions of the actors behind them.

This intelligence supports the mandates of our Government of Canada partners, enabling them to better formulate foreign and domestic policies, protect critical Canadian entities, and strengthen our nation’s overall cybersecurity posture.

Under the CSIS Act, the Service also has the legal authority to use threat reduction measures in order to reduce cyber threats to Canada.

One of the most important challenges to address in protecting our critical infrastructure is the sharing of timely and actionable intelligence. CSIS is addressing this particular challenge in a number of ways – including through regular outreach and partner engagement.

We have delivered briefings to partners on the espionage and foreign influence threats posed by state cyber actors, as well as the potential national security impacts of ransomware attacks carried out by cybercriminal groups.

EMERGING TECHNOLOGY AND EVOLVING CYBER THREATS

With todays rapidly evolving technology we are witnessing an unprecedented level of change in the threat environment. It has become more complex, increasingly fluid, less predictable and, consequently, more challenging.

Threat actors are conducting activities in the online space, simultaneously taking advantage of technology that enables them to disguise their activities, and their identities. Moreover, cyber actors have more opportunities than ever to conduct malicious activity as our world becomes increasingly interconnected.

In addition to the criminal elements, we also face hostile state cyber actors who conduct malicious activities to advance their countries interests, whether they be political, economic, military, security or ideological.

Hostile state cyber actors seek to compromise computer systems by manipulating their users or exploiting security vulnerabilities to gain access to trade secrets, or to achieve various objectives through the disruption of critical infrastructure and vital services. These types of attacks are not going away, and in fact, are currently on an upward trajectory. CSIS has observed persistent and sophisticated state-sponsored threat activity for many years and we continue to see a rise in the frequency and levels of sophistication of this threat activity. Canadian companies, in almost all sectors of our economy, have been targeted and compromised.

Unauthorized, malicious access to Canada’s critical infrastructure can have drastic consequences for the safety and security of Canadians. If you think about all the systems we rely upon in our lives, including systems that support our telecommunications, energy, transportation, supply chain, health and financial activities, any interference with these systems can have unforeseen impacts on our personal safety, our well-being and our national security.

COVID-19

The pandemic has given rise to an unprecedented number of individuals working from home office environments that are less secure. This new standard of work increases the risk of exposure to malicious cyber activities of networks and sensitive information.

We have all heard accounts of cyber criminals conducting ransomware attacks on companies and public institutions, including hospitals at the height of the pandemic.

Way Forward

The increasingly interconnected and global nature of security threats means that CSIS cannot fulfill its mandate in isolation. There is tremendous cooperation and ongoing work within the security and intelligence community, to provide the Government of Canada with the best intelligence and advice possible concerning cyber threat activity.

Today’s global threat environment requires that each partner use their unique mandate and legal authorities to protect Canada and Canadians. And that is exactly what CSIS has been doing and will continue to do.

Key Messages

Threat Landscape

• With todays rapidly evolving technology we are witnessing an unprecedented level of change in the threat environment.
• While national security has evolved on many fronts over the past decades, our increasingly interconnected world offers cyber threat actors more opportunities than ever to conduct malicious activity.
• CSIS has observed a significant increase in the number of sophisticated cyber threat actors seeking to take advantage of the increasing interconnections of the world.
• Threat actors are conducting activities in the online space, exploiting the technology that enables them to disguise their activities and their identities.
• The proliferation of sophisticated cyber tools, previously only accessible to states, has also led to new threat actors flooding this space.
• This crowding of threat actors and increase in capabilities is a significant driver of change in the threat landscape.
• Indeed, emerging cyber threats now encompass traditional national security threats, such as espionage, theft of intellectual property, and threats to critical infrastructure.

CSIS’ role in cyber security

• I can assure you that CSIS actively investigates threats to the security of Canada, including the use of cyber vectors.
• CSIS is mandated to investigate threats to the security of Canada, advise the Government of Canada on them, and to take measures to reduce the threat. As such, CSIS closely monitors the evolving threat posed by state-sponsored and non-state cyber threat actors and can employ a variety of national security tools currently at its disposal where appropriate.
• CSIS’ dedicated Cyber Operations Division investigates cyber-enabled threats to Canada’s national security posed by both state and non-state actors, including cyber espionage, theft of intellectual property, foreign influence and sabotage.
• This intelligence allows the Government of Canada to develop a truly global understanding of threat actors, and in turn, enables policy officials and action-takers to tailor their efforts to the true scope of the threat being faced by Canada.
• One of the most important challenges to address in protecting our critical infrastructure and cyber security is the sharing of timely and actionable intelligence. CSIS is addressing this challenge in a number of ways – including through regular outreach and partner engagement.
• Our robust Academic Outreach and Stakeholder Engagement programme provides key information on threats to the security of Canada to our partners with the objective to advise them on the cyber threat landscape, of specific sectors targeted, and of sectors’ potential vulnerabilities to exploitation.
• For example, we have delivered briefings to partners on the espionage and foreign influence threats posed by state cyber actors, as well as the potential national security impacts of ransomware attacks carried out by cybercriminal groups.
• The relationships that CSIS builds with these businesses have the potential to encourage them to report cyber incidents, should they become victimized.

Russian invasion of Ukraine

• CSIS remains vigilant against the potential threat of Russian foreign interference against Canadians and Canadian interests in retaliation for Canada’s support for Ukraine.
• CSIS will continue to support an integrated government response by monitoring and reporting on threats, and by working closely with partners both domestically and abroad.
• Russia is a capable threat actor. We know, for example, that Russian Intelligence Services have previously engaged in disinformation campaigns to discredit and create divisions in the West, promote Russia’s influence abroad, and push for an end to Western sanctions.
• We also know that Russia covertly gather political, economic, and military information in Canada through targeted threat activities in support of their own interests.
• While I cannot go in into detail on specific measures, Canadians can rest assured that CSIS uses the full suite of tools at its disposal to counter foreign interference.

Cyber Security and Critical Infrastructure

Issue: What is CSIS’ role in cyber security and the protection of critical infrastructure? How has the threat landscape evolved and are the emerging cyber threats?

Key Messages

• Cyber actors, both criminal and state, can direct their attention specifically to critical infrastructure and the risks posed by threat actors on Canadian critical infrastructure continues to evolve.
• As the principal government agency responsible for investigating threats to the security of Canada, CSIS is committed to using the full range of its legal authorities and investigative tools to collect intelligence on cyber attacks, and the people behind them, that pose a threat to the security of Canada.
• CSIS cyber intelligence provides the Government of Canada and allied partners with improved overall situational awareness of the cyber threat environment and allows them top better identify cyber vulnerabilities and take steps to strengthen our collective cyber security.
• If there are reasonable grounds to believe that a hostile activity, such as malicious cyber activity, constitutes a threat to the security of Canada, CSIS has the legal authority to take steps to reduce that threat.

Threats to Cyber Security and Critical Infrastructure

• Malicious cyber actors are seeking to steal sensitive and proprietary information have targeted Canadian companies, in almost all sectors of our economy.
• These actors may exploit cyber tools and attempt to disrupt critical infrastructure and vital services, conduct ransomware attacks, interfere in elections, and spread disinformation.
• CSIS has observed persistent and sophisticated state-sponsored cyber threat activity for many years and we continue to see a rise in the frequency and sophistication of this threat activity.
• When our most innovative technology and know-how is lost, it is our country’s future that is being stolen.

Cyber Threats and Incident Response

• While I cannot comment on our operations, I can say that CSIS carries out investigations into cyber attacks that pose a threat to national security.
• As such, CSIS is committed to using the full scope of its mandate to collect information on the nature and intent of these threats, to advise the Government, and when appropriate, take the steps necessary to reduce such threats.
• CSIS is ready and well-positioned to cooperate with various stakeholders should a cyber incident escalate to the level of national security threat.
• While working in cooperation with relevant Government departments, such as the Canadian Centre for Cyber Security and the RCMP, CSIS may engage in incident response in order to further national security investigations.

CSIS’ role in the Government review of 5G and Allied approaches

• The Government of Canada is engaged in an ongoing review, led by Public Safety, to determine the Canadian approach for the implementation of 5G technologies in telecommunications networks.
• The Service is, along with its other government partners, supporting this review. Specifically, CSIS is providing advice regarding national security threats.
• At this time, I cannot speak to any specifics regarding the review or CSIS’ advice.
• It is important to note that 5G technologies have the potential to revolutionize the telecommunications sector and have a transformational impact on the lives of Canadians and the Canadian economy.
• However, these emerging technologies also have the potential to introduce new risks to the safety of Canadians and to Canada’s national security.
• We continue to work closely with Public Safety, CSE and other government partners to support Canadian efforts to protect Canada’s critical infrastructure from security threats.
• Canada’s allies have taken different approaches to 5G implementation, adopting various mitigation measures to protect their national security in response to the needs of their unique environments.
• CSIS, and its government partners, are engaged in ongoing discussions with our allies on these issues.

Foreign Interference in Canada - General

Issue: What is CSIS’ understanding of this threat?

Key Messages

• Foreign Interference is one of the greatest strategic threats to Canada’s national security because it undermines Canadian sovereignty, national interests and values.
• Foreign interference is a complex modern threat. States employ foreign interference activities against a range of Canadian interests, including the integrity of our political system and democratic institutions, economy and long-term prosperity, foreign policy and military, social harmony, and fundamental rights and freedoms.
• It is also a national threat. It targets all levels of government as well as communities across Canada.
• Foreign interference activities encompass a range of techniques, including human intelligence operations, the use of state-sponsored or foreign-influenced media, and sophisticated cyber tools.
• This threat activity has long been present in Canada, but its scale, speed, range, and impact have grown as a result of globalization and technology.

Foreign Interference Manifestations

Democratic institutions

• Democratic institutions and processes, including elections, are vulnerable and valuable targets for hostile activities by state actors. Canada is not immune to these threat activities. This is not new.
• Hostile activities by certain state actors, such as the People’s Republic of China, seek to manipulate and abuse Canada’s democratic system to further their own national interests, or to discredit Canada’s democratic institutions and erode public confidence.
• Threat actors have sought to clandestinely target politicians, political parties, electoral nomination processes, and media outlets in order to influence the Canadian public and democratic processes.
• For instance, state-sponsored cyber threat actors use computer network operations to interfere with elections.

Communities

• Foreign states or their proxies have also threatened and intimidated persons in Canada, including members of Canadian communities, to attempt to influence their opinions and behaviours.

Media

• Both traditional media outlets, such as publications, radio and television programs, and non-traditional media, such as online sources and social media, can be targeted to advance a foreign state’s intent.
• Mainstream news outlets, as well as community sources, may also be targeted by foreign states who attempt to shape public opinion, debate, and covertly influence participation in the democratic process.

Targeting of Canadian Communities

• Foreign states or their proxies have threatened and intimidated persons in Canada, including members of Canadian communities, to attempt to influence their opinions and behaviours.
• State-sponsored cyber threat actors have used computer network operations against Canadians and Canada’s interests, including through disinformation campaigns, in order to achieve their geopolitical objectives.
• When foreign states manipulate or intimidate Canadian community groups in order to influence their opinions or behaviours, these activities constitute a threat to Canada’s sovereignty and to the safety of Canadians.
• CSIS has and continues to invest significant effort into building relationships with individuals, communities and community leaders to establish and sustain trust. In times of crisis, we offer our support and our commitment to work in partnership to help protect and safeguard individuals in communities across Canada.
• While CSIS’s work is often undertaken outside of the public eye, we are steadfast in our commitment to work in partnership with communities and individuals, alongside law enforcement, to keep them safe from harm and intimidation.
• CSIS uses the authorities under CSIS Act to investigate allegations of interference by foreign states that would undermine Canada’s democratic institutions, threaten the privacy of Canadians, or intimidate Canadian communities.
• Canadians can be assured that CSIS is following threat-related activity closely, advising the Government of Canada, and will not hesitate to use our full mandate in order to reduce threats to national security if necessary.

Harassment on university campuses

• Canada’s academic institutions are centres of excellence that rely on open, creative, and collaborative environments to innovate and develop understanding of critical global issues.
• Some foreign intelligence services and government officials, including of China, exploit this culture of openness to monitor and coerce students, faculty, and other university officials.
• In some instances, students are pressured to participate in activities, such as demonstrations and reporting on other students, which are covertly organized by a foreign power. Universities can also be used as venues for “talent-spotting” and intelligence collection, in specific circumstances.
• When foreign states manipulate or intimidate Canadian community groups or students studying in Canada, these activities constitute a threat to Canada’s sovereignty and to our collective security.
• I can assure Canadians that CSIS is working diligently to protect Canadian communities as well as research and academic institutions – particularly by ensuring they understand the threat and that those at risk have the necessary tools to protect themselves.

Hotlines

• As is common in large, multicultural countries, Canadian communities are subject to clandestine and deceptive manipulation by foreign states. This is foreign interference. CSIS and the RCMP actively investigate this threat to our national security.
• Both the RCMP and CSIS have phone numbers and online reporting mechanisms that are monitored 24/7 for anyone who would like to report a threat to national security, including foreign interference.
• Should individuals ever be concerned for their personal safety and security, it is essential that they contact their local police for immediate action.
• CSIS’ tip line is 613-993-9620, toll-free at 1-800-267-7685. The TTY/TDD number is 613-991-9228. The online reporting mechanism is on CSIS’ web page under “Reporting National Security Information.”

FI in Canada – Democratic Institutions

Issue: What is CSIS’ role in protecting Canada’s democracy?

On CSIS’ role in protecting Canada’s democratic institutions

• CSIS is responsible for investigating foreign interference threats to national security and advising the Government of Canada on those.
• CSIS distinguishes between overt – and sometimes aggressive – lobbying and clandestine or deceptive interference activities. Clandestine foreign interference activities can pose significant harm to our democratic institutions and processes.
• CSIS has longstanding investigations into specific threat actors who are believed to be targeting Canada and Canadians through clandestine, deceptive or threatening means.
• CSIS also routinely engages with a variety of stakeholders including government and public officials, the private sector and other organizations to discuss potential threats to the security and interests of Canada and to provide briefings regarding specific threats. This can include elected officials.
• CSIS delivers these briefings in order to promote awareness of foreign interference and the actions of other hostile actors and to strengthen individual security practices and protect Canadians and their interests.
• As a member of the SITE Task Force, CSIS worked closely with partners in efforts to raise awareness and assess foreign interference threats against the 2019 and 2021 Federal Elections.
• CSIS actively investigated a number of threats across Canada in relation to the election, and provided classified briefings on these threats to the Critical Election Incident Public Protocol Panel.
• While I cannot provide more detail on specific cases, CSIS takes all allegations of interference in Canada’s democratic institutions or processes by a foreign state very seriously.

General Election 44

• As we did in 2019, in 2021 CSIS continued to work with its partners to advise the Government of Canada on foreign interference threats to our democratic institutions, including through the Security and Intelligence Threats to Elections (SITE) Task Force.
• The Critical Election Incident Public Protocol lays out a simple, clear and impartial process by which Canadians would be notified of a threat to the integrity of a federal election. Under the Protocol, a public announcement would only occur if the Panel determined that an incident or an accumulation of incidents has occurred that threatens Canada’s ability to have a free and fair election.
• As was the case in 2019 and 2021, no public announcement was made.
• CSIS continues to prioritize outreach and engagement to raise awareness of the foreign interference threat across key sectors and civil society.
• That is why, ahead of the most recent federal election, we released a public report on Foreign Interference Threats to Canada’s Democratic Process.

Threat reduction measures

• The Canadian Security Intelligence Service’s threat reduction mandate provides an important tool for the Government of Canada to respond to threats.
• While I can’t get into specifics, CSIS may take threat reduction measures when there are reasonable grounds to believe that a particular activity constitutes a threat to the security of Canada or Canadians.
• As previously indicated, CSIS monitors threat-related activity closely, advises the Government on these threats, and uses its full mandate in order to reduce threats to national security if necessary.
• As has been publicly reported, the National Security and Intelligence Review Agency (NSIRA) did not find that CSIS violated the Charter in its conduct of threat reduction measures.
• I welcome increased discussion on national security issues, which includes the important work of NSIRA and will carefully consider its recommendations.
• I am committed to ensuring CSIS can act effectively protect national security while meeting its legal obligations and respecting Canadians’ rights.

Foreign Agents Registry

• Foreign states use a range of methods to influence policy-making in Canada and promote their national interests.
• CSIS participates in discussions within the security and intelligence community as to what tools are needed to protect Canada’s national security and sovereignty.
• We also engage with our close partners to discuss their experiences in dealing with similar issues of foreign interference and espionage.

Russian Federation and foreign interference

Key Messages

• We know that Russia and other foreign states covertly gather political, economic, and military information in Canada through targeted threat activities in support of their own interests.
• While I cannot go in into detail on specific measures, Canadians can rest assured that the CSIS uses the full suite of tools at its disposal to investigate and counter foreign interference.
• Our work ensures the Government of Canada receives intelligence on this critical issues, and that actions to reduce the threat are taken as appropriate.
• Considering the current situation in in Ukraine, CSIS remains vigilant to any threat activities against Canada and Canadian interests.

Disinformation

• State-sponsored disinformation campaigns are an example of foreign interference.
• COVID-19 has had a profound impact on our country and the world. This uncertain environment is ripe for exploitation by threat actors seeking to advance their own interests.
• State-sponsored information manipulation utilized by certain states, including Russia, to undermine the rules-based-international order is of particular concern. These states are manipulating information to sow doubt about the origins of the virus and the means required to counter it; to discredit democratic responses to COVID-19 while casting their own as superior; and to erode confidence in democratic values and human rights.
• This includes leveraging ideologically-motivated fringe narratives and conspiracies to polarize societies and undermine trust in democratically elected governments.
• Disinformation, originating from anywhere in the world, can have serious consequences including threats to the safety and security of Canadians, erosion of trust in our democratic institutions, and confusion about government policies and notices, including information on the COVID-19 pandemic.
• While Canadian security agencies and law enforcement cannot discuss specific investigations, we can say that the Government of Canada coordinates with hundreds of domestic and foreign partners on threats to national security, and actively investigates all threats of foreign interference to support a whole of Government collective effort to respond.
• As CSIS noted in its 2020 Public Report, recent state-sponsored manipulations – such as disinformation – have sought to reshape or undermine certain narratives about the origins of COVID-19 and the how to counter it.
• Such attempts to sow doubt and discredit democratic responses to COVID-19 seek to erode confidence in Canada’s values of democracy and human rights.
• Russia and Russian Intelligence Services have, for example, been actively engaged in disinformation campaigns since March 2020 in an effort to blame the West for the COVID-19 pandemic.
• This is part of a broader campaign to discredit and create divisions in the West, promote Russia’s influence abroad

Cyber

• Cyber actors conduct malicious activities to advance their political, economic, military, security, and ideological interests. They seek to compromise both government and private sector computer systems by manipulating their users or exploiting security vulnerabilities.
• In 2020, a cyber espionage group linked to Russian intelligence services conducted Computer Network Operations (CNOs) directed towards Canadian, British, and American-based organizations that were involved in COVID-19 response and recovery efforts.
• These malicious cyber activities were believed to be an attempt to steal information and intellectual property related to the development and testing of COVID-19 vaccines.
• Of similar concern, non-state actors, including terrorist groups, have also attempted to conduct CNOs to further their ideological objectives, such as recruiting supporters, spreading propaganda, or encouraging violence against specific individuals or groups.
• In 2021, Canada joined the United States and international partners in voicing concerns related to a Russian cyber-espionage campaign that exploited the SolarWinds Orion platform.
• You will understand that I cannot discuss specifics about the Solar Winds compromise, but I would say CSIS is seeing an increase in the exploitation of cyber tools to steal sensitive information, conduct ransomware attacks, and cause disruption.
• CSIS is also observing an increasing level of sophistication by malicious cyber actors.
• Let me use the opportunity to remind Canadians, individuals and companies, of the importance of adopting best practices recommended by industry as well as the Canadian Centre for Cyber Security.

Use of chemical weapons

• As CSIS also noted in its 2020 Public Report, in August 2020, evidence indicates that Russian state threat actors used a nerve agent of the Novichok group to poison leading Russian opposition figure, Alexei Navalny.
• This attack contravened international norms prohibiting the use of chemical weapons and was strongly condemned by the Government of Canada.
• The event is also particularly troubling as it represents another instance of Russian state actors using chemical weapons to stifle dissent.

Economic Security

Issue: What is CSIS’ assessment of the threat posed by state-owned enterprises and their investment in Canada?

Key messages

• As an advanced economy and an open and free democracy, Canada is a target for state actors seeking to gain information, intelligence, and influence to advance their own national interests through hostile means.
• Canada’s abundance of natural resources, advanced technology, human talent, and expertise makes us a world leader in many sectors. We have powerful allies with whom we enjoy close economic, security, and defence relationships.
• The increasing interconnectedness of the world presents cyber actors with more opportunities than ever to conduct malicious activity.
• Cyber-espionage, cyber-sabotage, and cyber-foreign pose significant threats to Canada’s national security, its interests and its economic stability.
• The dramatic rise of individuals working from less secure home office environments due to the pandemic significantly increases the risk of sensitive information and networks being exposed to malicious cyber activity.
• Canada remains a target for malicious cyber activities and a platform from which hostile actors attempt computer network operations (CNOs) against entities in other countries.
• All these factors make Canada, Canadians, and Canadian companies a target. CSIS assesses that a number of state actors seek to conduct espionage and interfere in our economy and critical sectors in particular.

Research Security

Issue: What is CSIS’ assessment of the threat posed to Canada’s research and intellectual property?

Key Messages

• As an advanced economy and an open and free democracy, Canada is a target for persistent and sophisticated threat activity by state actors.
• Foreign states target Canadian businesses as well as academic and research institutions to advance their interests to the detriment of Canada’s technological progress and future prosperity.
• Foreign states seek to acquire Canadian technology and expertise by using a range of traditional and non-traditional collection tradecraft, including by targeting academic research and conducting computer network operations against entities to gain access to proprietary information.
• Certain sectors, including biopharma, health, artificial intelligence, quantum computing, ocean technology, and aerospace, face particularly heightened threat activity.
• Emerging technology in these sectors is vulnerable to espionage by state actors. Academia and small start-ups are attractive targets because they may have a less-developed security awareness culture and fewer protections in place.
• We are especially concerned about threat activities in this realm conducted by China, and to a lesser degree Russia and other states.
• CSIS is working closely with partners to ensure that Canadian entities are aware of the threat environment and have the information they need to make informed decisions and implement pre-emptive security measures.
• For example, CSIS participates on the Government of Canada-Universities Working Group, led by Innovation, Science, and Economic Development Canada, with other government partners and Canadian universities and research institutions.
• Key results of this work can be found on the Government of Canada’s Safeguarding your Research portal, which includes threat briefings, checklists for stakeholders, national security guidelines for federally funded research partnerships, and other resources.
• Our recent outreach to post-secondary institutions and affiliated associations is an example of how CSIS is connecting with stakeholders to ensure Canadian interests are protected. CSIS has leveraged its expertise and footprint in every region of the country to launch a nationwide outreach initiative to raise awareness of the risks of economic espionage.
• The objective is to build resilience in key sectors, including biopharmaceutical and healthcare industries and businesses – and by extension protect the interests of all Canadians.
• This initiative has already had an important impact. We have briefed more than 200 organizations and 1,000 individuals who are now well-informed about the possible threats and have the tools to protect themselves, their research, and their employees.

Outreach and Stakeholder Engagement

Issue: How is CSIS engaging with external stakeholders, including on cyber threats?

Key Messages

• CSIS employees continue to engage with those in industry, academia, civil society, and other levels of government.
• These efforts are building bridges between CSIS and Canadians and supporting common understanding of the national security threats we face.
• In order to better understand and combat the complex and evolving security threats we face today, in ways that maintain the trust and confidence of Canadians, we must engage directly with those whose interests it serves.
• CSIS has developed a robust Outreach Program which provides key information on threats to the security of Canada to external partners, including on cyber threats.
• This outreach helps businesses be promptly be made aware of national security cyber threats, of specific sectors targeted, and of their potential vulnerabilities to exploitation.
• The relationships that CSIS builds with them have the potential to encourage them to report cyber incidents, should they become victimized.
• This engagement leverages decades of ongoing work at CSIS to engage with academic stakeholders in an effort to inform operations, support research, and facilitate discourse on national security issues.
• CSIS continues to broaden its scope of engagement and deepen partnerships with stakeholders across Canada on issues such as the national security considerations of emerging technology, protecting Canada’s innovation ecosystem, foreign investment, research security, and protecting communities against the threats of foreign interference and violent extremism.

Modernizing CSIS Authorities

Issue: What changes are necessary to CSIS’ authorities, and why?

Key Messages

• As you may know, the CSIS Act benefited from some much needed updating through the passage of the National Security Act, 2017 (Bill C-59). I thank Parliament for its support in achieving this much needed revision to our legislation.
• CSIS’ authorities need to continue to remain current so that we are able to address the challenges of the significantly more complex legal, operational and technological environment in which we operate.
• For example, our Act sets technological limitations on intelligence collection that were not foreseen by the drafters of the legislation in 1984 and limit our investigations in a modern era.
• We need laws that enable data-driven investigations, carefully constructed to reflect the values we share in our democracy, including robust privacy protections.
• At the same time, what the COVID-19 pandemic has shown us is that threat actors will continue to exploit vulnerabilities – whether it’s stealing life-saving Canadian research or indoctrinating Canadians into conspiracy theories about the virus, public health measures and the vaccine.
• CSIS’ work throughout the COVID-19 pandemic has made it even clearer that the private sector's partnership in safeguarding national security is more important than ever.
• However, section 19 of the CSIS Act only allows us to provide unclassified threat overviews to external stakeholders.
• This is another example of the way in which the CSIS Act has not kept pace with the threats of today or our operational reality.
• Keeping pace on an ongoing basis with changes in the threat, technological and legal environment will ensure that we can continue to fulfill our mandate of keeping Canada and Canadians safe – and do so in a way that is consistent with Canada’s values and the trust that Canadians place in us.

On specific amendments

• These decisions are made at the political level and with support from our other Government of Canada partners both within the Public Safety Portfolio and with the Department of Justice.
• To be clear, the purpose of amending the Act would not be to lower safeguards, but rather to ensure CSIS has the authorities to provide timely, relevant advice in line with Government and Canadians’ expectations of their intelligence service.

Ideologically Motivated Violent Extremism (IMVE)

What is ideologically motivated violent extremism? What is CSIS’ role and assessment of this threat?

Key Messages

• CSIS takes the long standing threats of religiously, politically and ideologically motivated violent extremism very seriously.
• The uncertain environment caused by the global COVID-19 pandemic is ripe for exploitation by violent extremists.
• It is important to understand that extremism can stem from a range of motivations and personal grievances and is driven by hatred and fear and includes a complex range of threat actors.
• IMVE can stem from a range of ideologies and is driven by hatred and fear. These ideologies can be:
  • xenophobic and linked to white supremacy or neo-Nazism, and ethno-nationalism;
  • anti-authority and targeted at governments and law enforcement;
  • gender-driven, which can lead to violent misogyny; and
  • based on other grievances without clear affiliation to an organized group or external guidance.
• Extremists draw inspiration from a variety of sources including, books music, and of course, online discussions, videos and propaganda. Those holding extremist views often attempt to create a culture of fear, hatred and mistrust by leveraging an online audience in an attempt to legitimize their beliefs and move from the fringes of society to the mainstream.
• As freedom of speech is constitutionally protected, CSIS can only investigate threat actors who meet its investigative threshold – those who are mobilizing to violence or are providing support to an act of violence, as defined in the CSIS Act.
• As such, CSIS does not investigate lawful advocacy, protest or dissent. While the internet is filled with racist, bigoted and misogynistic language and narratives, much of it falls under the category of ‘awful but lawful’.

Anti-authority movements and conspiracy theories

• The COVID-19 pandemic has exacerbated xenophobic and anti-authority narratives, many of which may directly or indirectly impact national security considerations. Violent extremists continue to exploit the pandemic by amplifying false information about government measures and the virus itself on the internet.
• Some violent extremists view COVID-19 as a real but welcome crisis that could hasten the collapse of Western society. Other violent extremist entities have adopted conspiracy theories about the pandemic in an attempt to rationalize and justify violence.
• These narratives have contributed to efforts to undermine trust in the integrity of government and confidence in scientific expertise.
• While aspects of conspiracy theory rhetoric are a legitimate exercise in free expression, online rhetoric that is increasingly violent and calls for the arrest and execution of specific individuals is of concern.
• IMVE conspiracy theories are often influenced by decentralized online trends and communities of extremist influencers who interpret local, national and international events through a radical lens.
• These broader narratives are often individualized by extremists and are impacted by perceived concerns regarding economic well-being, safety and security, the COVID-19 pandemic or other special events.

Gender-Driven IMVE

• Incel (involuntary celibate) ideology bears many of the hallmarks of more traditionally recognized ideologies, and from the Canadian perspective, conforms to our definition of terrorism and is considered within the general terrorism offence framework.
• Incels belong to a misogynistic community of males, who associate primarily through online platforms. Though they use a unified terminology, they are not an organized group and have no centralized structure or planning.
• Incels believe their genetics determine the quality of their life and relationships, meaning they blame their unattractive physical features for their inability to attract women. They attribute their perceived failings in life to women and society in general.
• The ideology/beliefs within the “Manosphere” (a network of online misogynistic and male supremacy communities) stretch from lawful discussion of men’s rights issues to glorification of violence and violent misogyny. Forums also fluidly combine their resentment of women with racist narratives involving immigrants and people of colour.
• Since 2014, individuals motivated, fully or in part, by Incel ideology have, through numerous attacks, killed and wounded more than 110 individuals in Canada and the United States.
• In Canada, Alek Minassian’s perception and beliefs were motivated in whole or in part by Incel ideology when he deliberately ran down pedestrians with his van, killing 11 and injuring 15. In May 2020, Toronto Police arrested a 17 year male and charged him with terrorist activity after he stabbed a woman to death and injured 2 more at a massage parlor, stating evidence showed the attack was inspired by Incel ideology.

Rise of IMVE threat in Canada

• As reported by the Security Intelligence Review Committee (SIRC) in January 2016, CSIS concluded that the extent and nature of the Right Wing Extremist (RWE) threat no longer met the CSIS threshold for investigation. As such, CSIS ended its investigation into RWE in March 2016.
• In January 2017, following the attack at the Grande Mosquée in Québec City, CSIS reopened its investigation into RWE.
• At that time, CSIS observed that the motivations behind this type of violent extremism had become more complex. Individuals were no longer influenced by a singular and definable belief system, but a range of very personal and diverse grievances.
• For that reason, CSIS took a leading role in developing an understanding and terminology that more accurately depicts the broad range of motivations behind this particular extremist threat facing Canada.
• Based on its findings, CSIS decided to stop using the terms “right-wing” and “left-wing” to define the threat. Instead, it uses ideologically motivated violent extremism – which has now been adopted by both Australia and New-Zealand.
• It is clear from the 2017 Mosque attack, the 2018 van attack, the2020 spa attack in Toronto, and the 2021 van attack in London, that Canada is not immune to acts committed in whole or in part by IMVE.

Online threat environment

• Violent extremism online continues to represent a deeply concerning threat to public safety and a significant area of focus for CSIS, as it evolves in complexity.
• Online threats represent a modern challenge and demonstrate the clear need for CSIS to be equipped with the tools and authorities it requires in order to protect Canada and Canadians in the digital age.
• As technology and applications proliferate, extremist online collectives can replicate disinformation and interference campaigns that were once the reserve of state actors or large non-state organizations.
• Threat actors have access to a wealth of information online and CSIS has seen a surge in violent extremist content proliferating in that environment. Propaganda is easily disseminated using both mainstream and alternative media and social media platforms.
• We have seen a combination of misinformation and disinformation pollute the global information environment. This manipulation and propagation of information can erode confidence in our democratic values, institutions, and polarize societies while undermining trust in our democratically elected governments.
• Many of these platforms can be used anonymously or leverage encryption technologies to enable threat actors to conceal their identity and evade detection by law enforcement and security agencies, while spreading their message, inciting violence and recruiting link-minded individuals.
• If violent extremists are spreading propaganda online to recruit and fundraise for their cause, inspiring acts of violence or conducting a live terrorist act for an online audience, CSIS and law enforcement need to be informed of the threat and equipped to investigate and prevent further threat activity.

Protests and funding

• During the protests in Ottawa and across Canada earlier this year, CSIS remained committed to continue assessing threats to Canada's national security during the important operational activities underway by law enforcement partners.
• While the right to freedom of expression and peaceful assembly is an important part of our democracy, individuals are not justified in breaking the law or engaging in violence. CSIS supported the City of Ottawa and the enforcement actions being taken by the Ottawa Police Service, and their law enforcement partners.
• With respect to foreign sources of funding, CSIS’ mandate is engaged when funds are provided at the direction of or with the support of a foreign state or when those donating the money are doing so to support an act of serious violence or terrorism.

Terrorist listings

• Listings are an important tool for the Government of Canada and send a signal that extremist activities are not tolerated in Canada.
• CSIS is a partner in the Public Safety-led terrorist listings regime. The Service is one of several departments and agencies charged with informing the Minister of Public Safety as to the threat that violent extremist entities may pose to Canada, from a national security perspective.
• Intelligence and evidence guide the terrorist listing process and are primary determinants for which entities are considered for listing under the Criminal Code.
• CSIS also works closely with its international partners on understanding the evolution of the global extremist landscape and emerging threat environment so that it is positioned to provide assessments and advice to support actions, including by law enforcement as appropriate.

On specific groups being investigated

• CSIS does not investigate Canadians participating in lawful demonstrations or protests in Canada or elsewhere, absent other indications of threat-related activity.
• As freedom of speech is constitutionally protected, CSIS can only investigate threat actors who meet its investigative threshold – those who are mobilizing to violence or are providing support to an act of violence, as defined in section 2(c) of the CSIS Act.
• As you know, the Service is limited in what it can say in an unclassified setting, and we cannot publicly comment further on operational matters and requirements.

Afghanistan

What is CSIS’ role in supporting the humanitarian effort with regards to Afghanistan?

Key Messages

• CSIS does not investigate Canadians participating in lawful demonstrations or protests in Canada or elsewhere, absent other indications of threat-related activity.
• CSIS remains a key partner to Immigration, Refugees and Citizenship Canada in its efforts to evacuate vulnerable Afghans in support of this humanitarian imperative. The Service plays an important role in ensuring that threat actors cannot leverage immigration pathways to Canada.
• In light of the evolving situation in Afghanistan, and the potential new security risks that it creates, CSIS has prioritized its collection and assessment efforts, specifically as they relate to supporting the security screening process.
• As the security situation in Afghanistan is fluid and evolving, CSIS is continuing to engage domestic and international partners to assess what best practices can be applied to ensure the most robust process.

CSIS Screening

What is CSIS’ security screening mandate? What are the different screening authorities under the CSIS Act? What is CSIS’ role in advising Government on security assessments?

Key Messages

• CSIS’ security screening program is Canada’s first line of defence against terrorism, extremism, espionage, and proliferation.
• Upon request from other departments, CSIS’ security screening mandate supports government clearance processes and immigration-related security screening.
• High standards are applied across the board to support the integrity of these processes and to prevent national security threats from materializing.
• Though it supports an important element of the decision-making process, I must emphasize that CSIS provides advice to requesting departments; it does not make the decision on whether to grant, deny or revoke a security clearance, nor does it determine an individual’s eligibility or admissibility to Canada.

On Government security screening

• Under its mandate for Government Security Screening, CSIS provides security assessments on individuals who seek employment with the Government of Canada. This advice may also be provided to some provincial governments and other organizations, when employment requires individuals to have access to classified information or sensitive sites.
• Under reciprocal screening agreements, CSIS also provides security assessments to foreign governments, agencies and international organizations on Canadians seeking to reside and work in another country.
• On request, CSIS, in conjunction with other federal partners, conducts security checks of elected officials who are being considered for appointment as ministers, parliamentary secretaries and all Order in Council appointments.

On recourse when a clearance is denied or revoked

• Individuals who have been denied a clearance or have had their clearance revoked can make a complaint to the National Security and Intelligence Review Agency.
• CSIS fully participates in the complaints process.

If pressed on specific complaints:

• I cannot comment on specific complaints, due to privacy concerns and to the nature of the proceedings.

Workplace Culture and Diversity & Inclusion

Is CSIS willing to recognize there is systemic racism in our society?

Key Messages

• I cannot comment on the class action currently before the Federal Court.
• But I can say that CSIS acknowledges that there are social and administrative structures and systems in place in our organization that result in – or fail to prevent – disadvantaging certain people or groups. This is systemic racism.
• As I have said numerous times, CSIS takes any allegation of inappropriate behaviour, including harassment and discrimination, very seriously. Over the past few years, in response to some serious allegations, we have been taking steps to ensure CSIS is a healthy and respectful work environment.
• CSIS is working hard to integrate strategies and approaches that help to reverse systemic barriers and broaden the organization’s understanding, appreciation, and valuing of diversity of all types. We are looking at our people, our systems and our culture to effect this change.
• For example, CSIS published its Code of Conduct on its public website for the first time. This is an important step in our commitment towards a healthy and respectful workplace, and signals our values to the public. It clearly articulates what is expected of employees and it has been built into the performance evaluations of every employee at all levels to ensure that the responsibility of creating a respectful workplace is shared.
• Each and every CSIS employee is responsible for ensuring that their actions, behaviours and decisions are inclusive and respectful and that any instances of exclusion, bias, or disrespect – systemic or otherwise – are addressed.
• Operationally, CSIS does not employ racial profiling. CSIS targets threats, not groups. Profiling is not only unethical but it also does nothing to further our mission and national security investigations.
• Simply put, systemic racism exists in Canada. It is something that cannot be tolerated within any part of Canada’s national institutions, including ours.

Workplace Climate

• Just like the people of Canada, we are a diverse and inclusive workforce. Our diversity allows us to better understand the demographics of the Canadian communities we protect and gives us better tools to collect relevant and accurate intelligence.
• The Director of CSIS is personally committed to working to ensure that CSIS is a workplace free from discrimination, bias, harassment, or bullying so that all employees come to work every day in a safe, healthy and respectful environment.
• Given the complexity of the current threat environment, I need to make sure all of my employees are at their best. And certainly in these challenging times, this is a growing organizational priority.
• I have made it clear that senior management will continue to be accountable in demonstrating leadership and commitment to building and sustaining a healthy workplace; the safety and security of our operations depend on this.
• A safe and healthy workplace is a successful workplace and contributes to national security. We take the greatest pride in the exceptional quality of our workforce. Our people are CSIS’ most valuable resource.

Promotion of diversity and inclusivity

• CSIS is taking deliberate steps to increase diversity and inclusion across the Service. That is why in 2019 CSIS established its Gender Based Analysis+ Unit (GBA+) to further ensure its policies and operations are bias-free and evidence-based.
• Other steps include numerous targeted initiatives intended to increase overall representation of diverse groups in the Service, address gaps in specific occupational categories, and establish and entrench expectations for a bias-free, respectful organization.
• CSIS also works proactively with employment equity groups, fosters mentorship programs internally to support diverse employees in preparing for competitions, and has a diverse Talent Acquisition and Student Hiring team, with resources dedicated to ensuring diversity. We are in the midst of building a new, comprehensive and multi-year Diversity and Inclusion Strategy as well as an Accessibility Strategy that are both built on research and consultations with employees.
• Furthermore, CSIS Executives have met multiple times with the Association of Black Law Enforcers (A.B.L.E.), for thoughtful discussions on a range of issues related to diversity and inclusion, and are committed to listening and learning through employee experiences.
• As an agency, we are committed to working to ensure that CSIS’ workplace is free from discrimination, bias, harassment, or bullying so that all employees come to work every day in a safe, healthy and respectful environment.
• To this end, the task of creating a respectful workplace has been built into the performance evaluations of each and every employee and CSIS has revised its Code of Conduct to clearly outline expectations. Comprehensive training equips employees to meet these requirements.

Actions taken

• As a result of the 2017 Toronto Region Workplace Climate Assessment, I can say emphatically that we have made improvements to our internal processes, so that all our employees come to work every day in a safe, healthy and respectful environment.
• That is why I have taken concrete steps to strengthen the cultural values of our workplace, this includes:
  • Adding enhanced mandatory training for supervisors and a common performance objective for all CSIS employees and executives on promoting a healthy workplace,
  • Launching The Respect Campaign to re-enforce the importance of respect in our working relationships,
  • Renewing our Code of Conduct and making it a condition of employment, and
  • Holding numerous informal meetings and town halls at our offices across the country to discuss any concerns employees may have about their workplace climate.
• Our employees are always encouraged to report incidents of harassment, discrimination, or bullying without fear of reprisal and all of our managers are required to act promptly on any issues brought to their attention, and if necessary, request a formal investigation.
• Our renewed leadership training for managers is focused on fostering the right competencies to ensure strong supervisory and people management skills at all levels, and to ensure managers exhibit the Service’s values and ethics through all of their actions and behaviour.
• CSIS will continue to ensure that the behaviour of all employees reflects our Code of Conduct which includes respect for people, democracy, integrity, stewardship and professional excellence.
• As the trust of Canadians is essential in order for CSIS to fulfill its mandate, I am committed to keeping Canadians informed on our progress to address these issues.

Canadian Space Agency case

Can CSIS comment on the arrest of Mr. Wanping Zheng?

Key Messages

• As you can expect, we do not publicly comment, or confirm or deny the specifics of our investigations, operational interests, methodologies or activities.
• CSIS routinely engages with a variety of stakeholders, including in the private sector, government partners and universities. Through these briefings, CSIS advises of potential threats to the security and interests of Canada, and provides unclassified briefings regarding the nature of specific threats.
• For questions specifically related to the arrest of Mr. Wanping Zheng, we would refer you to the RCMP.

R. v. Huang: Stay of Prosecution

Can CSIS comment on the stay of prosecution of Qing Quentin Huang?

Key Messages

• While I cannot comment on the specifics of this case, I can say that CSIS works with the RCMP to address national security threats.
• In this case, CSIS disclosed to the RCMP information that we had collected through our intelligence investigation.
• Using intelligence as evidence in criminal prosecution continues to present significant challenges, particularly as CSIS must ensure the protection of sensitive information and methods of collection.
• Addressing intelligence and evidence issues requires concerted efforts among a range of federal government departments including CSIS, the RCMP, Public Safety, the Department of Justice and the Public Prosecution Service of Canada.
• CSIS’ authorities also need to continue to remain current so that we are able to address the challenges of the significantly more complex legal, operational and technological environment in which we operate.

CSIS Federal Court Decision (En Banc)

The Federal Court released its third ruling on the Canadian Security Intelligence Service’s (CSIS) duty of candour obligation on February 4, 2022.

Key Messages

• This is the ruling on the third and final warrant application that formed part of the En Banc matter. The Court determined that the warrant at issue could have been issued even if the information derived from potentially illegal activities was excluded.
• A s I have stated since the first decision became public, protecting Canadians in a manner that is compliant with the law is something that CSIS is determined to uphold.
• Importantly, the issue raised by the En Banc decision s has now been addressed with the passage of the National Security Act 2017 , which provides CSIS with a limited justification framework to conduct activities that would otherwise constitute offences.
• The potentially illegal activities involved in this cas e are, in fact, routine intelligence collection activities, used around the world by national security and law enforcement agencies to investigate terrorism and keep people safe, such as: paying a source for information, or providing a cell phone to a source to assist them in undertaking their work.
• CSIS has taken concrete steps to address the Court’s concerns, which include proactively commissioning reviews conducted by external partners to ensure that CSIS duties are conducted in accordance with the law.
• The Service has also taken concrete steps to improve organizational awareness. Additional training is being provided to employees to enhance internal understanding of CSIS’ role and its obligations to the Federal Court, the Government of Canada and Canadians.
• CSIS has also cooperated fully with the National Security and Intelligence Review Agency’s review requested by the Ministers of Public Safety and Justice.
• In addition to these measures, I would like to reiterate that CSIS works hard to protect our country and Canadians from a wide range of national security threats. The Court has  acknowledged this and recognized that the consequences of failure are significant. At no time was the safety of Canadians at risk, nor were our rights and freed oms threatened.

CSIS’ Posture During the Pandemic

What is CSIS doing to address the COVID-19 pandemic?

Key Messages

• Throughout the pandemic, CSIS has been guided by two principles: the protection of its employees, and ensuring that it could continue to deliver on its critical mandate for Canadians.
• For two years now, CSIS maintained its vital role in producing intelligence to support the Government’s response to this global pandemic.
• Additionally, recognizing the stress caused by the pandemic, CSIS has prioritized the mental health of its employees by providing support programs and flexibilities in determining work arrangements.
• CSIS has continuously updated its health and safety measures to reflect the most recent guidance from public health officials and CSIS’ in-house medical professionals.
• CSIS takes this guidance from health professionals very seriously. Based on this advice, CSIS has instituted robust measures throughout the pandemic, including: frequent sanitization of work areas, physically-distanced workstations, modified work schedules and other measures to enable physical distancing.
• These measures, among many others, have been in place in all CSIS offices since the very first days of the pandemic and have been consistently reinforced with regular communication to all employees.
• Throughout the pandemic, CSIS has continuously assessed all aspects of its operational stance to ensure it continues to meet or exceed workplace safety standards set by PHAC and the Treasury Board Secretariat.
• As public health advice started to encourage the use of masks, CSIS tailored this advice to its own unique context. Accordingly, at various points since March 2020, masks were less common, then were later strongly encouraged, moving to being required when physical distancing was not possible, and finally made mandatory in nearly all instances. The stance on masks was based at all times on advice by public health professionals.
• Recognizing the enormous strains of the pandemic, CSIS took every measure at its disposal to address the unique circumstances of its employees, including enabling work from home where possible given the sensitive nature of its mission.
• CSIS' mission remains essential, particularly during a global pandemic, where foreign interference and ideologically-motivated discourse and violence has increased.
• Canadians should and can expect CSIS to continue delivering on its crucial mandate. I and all Canadians should take great pride in the dedication of the CSIS employees to protect Canada’s national security.