You mentioned that the CSE act gives you the authority to do that, but the CSE act also allows the CSE to covertly undertake active cybersecurity operations intended to influence public perception, for example, of the Chinese government. You could do it by hacking into the country's information structure and distributing sensitive and embarrassing documents about activities; these are called “hack and dumps” or “hack and leaks”.
Now, if Canada is authorized to do that, you can be sure that China and other countries are also authorized to do that. Is the CSE the organization that's responsible for defending against that kind of attack from other countries like, for example, China? Are there examples of attacks that have been detected or deflected as a result of the CSE's activity?