Communications Security Establishment - Main Issues
Cyber Security
- A safe and secure cyber space is critical for the security, stability and prosperity of Canada.
- That is why, in June 2018, we released an updated National Cyber Security Strategy which sets out Canada's vision for the digital age.
- A key pillar of this Strategy was the creation of the Canadian Centre for Cyber Security as part of the Communications Security Establishment (CSE).
- As a unified source of expert advice and guidance, the Cyber Centre leads the Government's response to cyber incidents.
- The Cyber Centre also collaborates with the rest of government, the private sector and academia to strengthen Canada's cyber resilience.
- Investments in these Supplementary Estimates (A) will ensure that the Cyber Centre has the resources it needs to implement important initiatives under our comprehensive Cyber Strategy.
Key Facts
- In these Estimates, CSE is requesting a reprofile of $11.0M in funding for the fit-up of the new facility for the Canadian Centre for Cyber Security building in Ottawa.
- CSE is also requesting $9.4M in funding to implement three CSE initiatives in the National Cyber Security Strategy.
- Since January 2018, CSE has released over 500 alerts and advisories on potential, imminent or actual cyber threats.
Budget 2018
"With this budget, the Government of Canada is implementing a plan for security and prosperity in the digital age to protect against cyberattacks. The Government proposes significant investments of $507.7 million over five years, and $108.8 million per year thereafter, to fund a new National Cyber Security Strategy."
Details – National Cyber Security Strategy
- In June 2018, the Government of Canada released an updated National Cyber Security Strategy which sets out Canada's vision for security and prosperity in the digital age. Informed by over 2,000 submissions gathered through public consultations, the Strategy aims to bolster Canada's cyber security posture by focusing on three key themes: security and resilience, cyber innovation and leadership and collaboration.
- The Strategy's core goals are reflected in Budget 2018's substantial investments in cyber security and built on in Budget 2019. Among the new measures introduced as part of Budget 2018 and a key component of the Strategy is the creation of the Canadian Centre of Cyber Security (the Cyber Centre), housed at CSE.
Canadian Centre for Cyber Security
- Stood up on 1 October 2018, the Cyber Centre consolidates the key cyber security operational units of the Government of Canada under a single roof. The Cyber Centre is a unified source of expert advice, guidance, services, and support on cyber security operational matters, providing Canadian citizens and businesses with a clear and trusted place to turn for cyber security advice.
- In its defence of the Government of Canada, the Cyber Centre works to detect and defend against thousands of attempts to access and infiltrate Government networks.
- The Cyber Centre also works with critical infrastructure owners and operators to protect their networks. For example, in November 2019, CSE hosted GeekWeek, an annual workshop organized by the Cyber Centre to foster collaboration between the Government of Canada, critical infrastructure, and academia to address vital problems facing the cyber security industry.
- Finally, the Cyber Centre also works to raise awareness overall in Canada about cyber security issues. For example, the Cyber Centre has published several reports on the cyber threat environment in Canada, including on election security.
- April 2019: Publication of the 2019 Update on Cyber Threats to Canada's Democratic Process
- December 2018: Publication of the National Cyber Threat Assessment
- December 2018: Publication of an Introduction to the Cyber Threat Environment Report
Version 1; 2019-12-05
Source: QP Note on CSE 2019-12-03; National Cyber Security Strategy
Cyber Threats to Canada's Democratic Process
- Earlier this year we announced our plan to defend Canadian democracy and strengthen our electoral systems against cyberenabled and other threats.
- As part of this comprehensive plan to safeguard Canada's recent federal election, we created the Security and Intelligence Threats to election Task Force to assess and respond to foreign threats.
- No activity was observed that met the threshold for a public announcement or affected Canada's ability to have a free and fair election.
- Task Force Partners will continue to work to detect and counter possible foreign threats to Canada and its democratic institutions.
Key Facts
- On January 30, 2019, the Government announced Canada's plan to safeguard the 2019 federal election.
- The plan had four areas of action: (1) combatting foreign interference; (2) strengthening organizational readiness; (3) encouraging social media platforms to act; and (4) enhancing citizen preparedness.
Budget 2019
"To further strengthen and safeguard Canada's democratic institutions, Budget 2019 proposes to invest $30.2 million over five years to implement a number of new measures."
Details Cyber Threats to Canada's Democratic Process
- In 2019, the Government of Canada announced a plan to safeguard the 2019 federal election.
- As part of its plan, the Government of Canada established the Critical Election Incident Public Protocol (the Protocol Panel) to ensure coherence and consistency in Canada's approach to publicly informing Canadians during the writ period about incidents that threaten Canada's ability to have a free and fair election.
- The Protocol, and its administration, was overseen by a panel of five senior civil servants who were responsible for determining whether the threshold for informing Canadians had been met, either through a single incident or through an accumulation of separate incidents.
- In addition, the Security and Intelligence Threats to Election (SITE) Task Force, comprised of officials from the Communications Security Establishment, the Canadian Security and Intelligence Service, the Royal Canadian Mounted Police, and Global Affairs Canada, was established as a fully integrated team to help the Government assess and respond to foreign threats.
- Before and throughout the election, the SITE Task Force also provided security briefings to Elections Canada and Canadian political parties, to promote situational awareness and help them strengthen their security practices.
- The Protocol Panel did not observe any activities that met the threshold for a public announcement or affected Canada's ability to have a free and fair election.
- Now that the election has concluded, SITE Task Force partners will continue to work within their respective mandates to detect and counter possible foreign threats to Canada and its democratic institutions.
Version 1; 2019-12-05
Source: QP Note on CSE, 2019-12-03
Accountability and Oversight of Communications Security Establishment (CSE)
- Accountability and transparency for Canada's national security and intelligence agencies is critical.
- The recent overhaul of Canada's national security framework enhanced the review and oversight of the Communications Security Establishment (CSE), as well as the broader security and intelligence community.
- The National Security and Intelligence Review Agency (NSIRA) reviews all national security activities across the Government of Canada.
- In addition, the Intelligence Commissioner provides oversight by approving authorizations for certain CSE activities.
- And finally, the National Security and Intelligence Committee of Parliamentarians (NSICOP) also reviews CSE's activities.
- Canadians can have confidence in the work of CSE and Canada's security and intelligence agencies.
Keys Facts
- On 21 June 2019, Bill C-59 (National Security Act 2017) received Royal Assent.
- The Bill overhauled the review and accountability framework for CSE and the entire security and intelligence community.
Details Transparency and Accountability of CSE
- With the coming into force of Bill C-59, CSE's review and accountability framework has evolved to enhance the way in which CSE – and the entire security and intelligence community – is reviewed.
- Prior to the passage of Bill C-59, the Office of the CSE Commissioner (OCSEC) provided independent and expert review of the activities of CSE.
- Now, CSE is subject to oversight by the newly created Intelligence Commissioner (IC). The IC has a mandate the approve foreign intelligence and cyber security authorizations issued by the Minister of National Defence. The approval of the IC is required before CSE can undertake any activities pursuant to these Ministerial Authorizations.
- In addition, CSE is subject to review by the National Security and Intelligence Review Agency (NSIRA). NSIRA has assumed responsibility for reviewing all national security activities across the Government of Canada, including all of CSE's activities. NSIRA reviews CSE's activities for lawfulness and to ensure that the activities are reasonable, necessary, and compliant with ministerial direction. NSIRA also serves as the body for any complaints against CSE.
- Finally, CSE is subject to review by the National Security and Intelligence Committee of Parliamentarians (NSICOP). The NSICOP has a broad, government-wide mandate to scrutinize the full range of national security and intelligence activities of the Government of Canada, including CSE. All members of the Committee have unprecedented access to classified information, subject to specific exemptions defined in law.
Version 1; 2019-12-05
Source: QP Note on CSE, 2019-12-03
The Communications Security Establishment Act
- The Communications Security Establishment Act gave CSE new authorities which are needed to keep up with rapidly evolving technology.
- These new authorities enable CSE to work more effectively and proactively to protect Canada and Canadians.
- CSE is now able, upon request, to deploy its cyber defence services to protect critical infrastructure and other important systems.
- CSE is also now authorized undertake active and defensive cyber operations to defend Canada's cyber security and in support of broader government priorities.
- At the same time, CSE is subject to a strengthened oversight and accountability regime to ensure the protection of the privacy of Canadians.
Key Facts
- The Communications Security Establishment Act came into force on 1 August 2019.
Details The Communications Security Establishment Act
- The Communications Security Establishment Act, which came into force on 1 August 2019, introduced important new authorities which allow CSE to conduct a broader range of activities while at the same time protecting Canadians' rights, freedoms, and privacy.
- The new legislation sets out five aspects to CSE's mandate:
- Foreign intelligence: CSE provides foreign intelligence in support of Government of Canada intelligence priorities.
- Cyber security and information assurance: CSE provides advice, guidance, and services to help protect systems of importance to the Government of Canada.
- Defensive cyber operations: CSE may carry out activities on or through the global information infrastructure to help protect systems of importance to the Government of Canada
- Active cyber operations: CSE may carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions, or activities of a foreign individual, state, organization, or terrorist group as they relate to international affairs, defence, or security.
- Technical and operational assurance: CSE provides technical and operational assistance to federal law enforcement and security agencies, the Canadian Armed Forces and the Department of National Defence.
- CSE is prohibited by law from directing its foreign signals intelligence, cyber security, and cyber operations activities at persons in Canada or Canadians anywhere, and is required by law to protect the privacy of Canadians.
Version 1; 2019-12-05
Source: QP Note on CSE, 2019-12-03
Page details
- Date modified: