Evidence of meeting #22 for Canada-China Relations in the 43rd Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was chair.
A video is available from Parliament.
Assistant Deputy Minister, International Security, Department of Foreign Affairs, Trade and Development
My understanding, though, is that this was a standing offer process that was awarded by Public Services and Procurement Canada that was never used by Global Affairs Canada.
NDP
Jack Harris NDP St. John's East, NL
I understand. I'm interested in the procedures and whether you followed that advice, whether you used CSE or not, or whether you just ignored these suggestions by Deloitte, which was asked to investigate it.
Assistant Deputy Minister, International Security, Department of Foreign Affairs, Trade and Development
I can assure you we don't ignore it.
If you want to hear from my colleague at CSE, I cede the floor.
NDP
Chief, Communications Security Establishment
Mr. Chair, shall I answer the question?
NDP
Jack Harris NDP St. John's East, NL
Yes, please. Give us a yes or no. If you don't know, tell us you don't know.
Chief, Communications Security Establishment
Well, I think that from a CSE perspective, we provide advice and guidance on a wide range of issues.
NDP
Chief, Communications Security Establishment
I will refer to my colleague, Scott Jones, who is head of the cyber centre responsible for supply chain assessments.
Scott Jones Head, Canadian Centre for Cyber Security, Communications Security Establishment
Thank you, Mr. Chair.
When this issue came to light, we worked with Global Affairs. However, in this case I'm going to have to get back to you to confirm exactly when that happened, because I think you're asking about a specific time. I just want to make sure I give you an accurate answer.
NDP
Jack Harris NDP St. John's East, NL
That would be great. I'd rather you do that than take up the time saying nothing. Thank you very much.
This may involve you, Mr. Jones.
Microsoft, in March of this year, announced that there were multiple malicious actors compromising their Exchange email service. They blamed it on a group they called Hafnium, which they said was associated with China and [Technical difficulty—Editor].
Your organization issued a report on March 6, the next day, warning Canadians—or giving an alert—to apply their patches and look for signs of compromise.
Was CSE and your centre independently aware of that attack, and what kind of response would Canadians be able to expect regarding this kind of attack?
Head, Canadian Centre for Cyber Security, Communications Security Establishment
There are a few aspects to that. That specific incident was something we call an out-of-band patch alert. Microsoft was issuing something outside of the normal process. Normally, that's called Patch Tuesday, and so that immediately draws attention. From a cybersecurity agency perspective, our goal is to make sure Canadians are aware and responding quickly, because that is something that is usually quite urgent.
The second aspect of that is in terms of previous knowledge. These companies have advanced notification programs, but in this case the scope [Technical difficulty—Editor] done quickly and released by Microsoft to respond to a very urgent threat that was faced.
Our goal here is to always get alerts out as quickly as possible so people can take action. Unfortunately, in these scenarios, the best response is to patch as quickly as possible to prevent any further exploitation.
NDP
Jack Harris NDP St. John's East, NL
Thanks very much.
The departmental plans for DND state that “CSE and DND/CAF are working together to assume a more assertive posture in the cyber domain by conducting and supporting joint cyber-operations against adversaries who wish to threaten Canada's international affairs, defence or security”.
The question I have is on whether Parliament is made aware of all authorized military operations that entail active cyber-operations, as it is with other operations.
Deputy Minister, Department of National Defence
When an active cyber-operation has occurred, and that's not happened very frequently, there's not a notification of Parliament. However, in a memorandum to cabinet authorizing an operation, if cyber-effects would be used, that authorization is sought in the MC.
NDP
Jack Harris NDP St. John's East, NL
Has the Canadian Armed Forces undertaken active cyber-operations using the authorities it has been given?
Deputy Minister, Department of National Defence
Shelly may wish to answer that question.
I think that's something we should take on notice.
Chief, Communications Security Establishment
I can say that under the CSE act, we now have the authority to assist the Canadian—
NDP
Jack Harris NDP St. John's East, NL
We've been told that. Have you ever used that authority, and have you notified Parliament of it?
Chief, Communications Security Establishment
As you can appreciate, I can't go into details on any of the specific or sensitive classified operations that we undertake.
NDP
Liberal
The Chair Liberal Geoff Regan
That concludes your time, Mr. Harris. Thank you very much.
We'll now begin the second round.
Mr. Paul-Hus, you have five minutes.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
Thank you, Mr. Chair.
My first question is for RAdm Bishop.
In terms of the threat assessment, can you confirm that the threat assessment has increased over the last five years and tell us to what extent?
Rear-Admiral Scott Bishop Commander of the Canadian Forces Intelligence Command and Chief of Defence Intelligence, Department of National Defence
Thank you, Mr. Chairman.
Obviously, we're very interested in the development of China's military capabilities. It's something we watch quite closely, and we've been watching it for quite some time. I would not characterize that we're specifically concerned over the last five years, but looking at the broader trends of how China has evolved over the last couple of decades, it causes us some concern when we look at the trajectory it has been on.
If you look at China in the 1980s, there was a large, conscript military not really capable of doing much, primarily focused on coastal defence. That's a very different military from the one we see today. China has made significant efforts to modernize its military force, introduce modern, new capabilities and transform the way it commands and controls those capabilities to be a far more effective fighting force.
We also see that China has expanded into new domains that we're quite interested in, including the space domain, with a significant increase in their operations in space. If you take a look at the 1980s, China didn't operate satellites. Today they've launched over 540 satellites in space, so we're watching that very closely.
Overall, it's a trend over the last 20 or 30 years that has caused us a lot of concern. As China has built up its military capability, we're also very interested in how it is using it, because—
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
Thank you, sir. I have to continue.
Now, MGen Cadieu, given what RAdm Bishop just mentioned, does Canada have sufficient resources to deal with these threats, which have really changed over the years?
MGen Trevor Cadieu
The Canadian Armed Forces in recent years has also sought to advance our capabilities across all domains, including some of the emerging domains that were just mentioned by Admiral Bishop, such as cyberspace and the information domain.
Clearly, what we've seen from state actors is a concerted effort to advance their capabilities across all those domains. We've seen a more expeditionary posture as well. Moving forward, in order to maintain our ability to detect, defer and, if required, defend against those threats, we're going to have to continue to develop and enhance our capabilities as well.