Thank you, and good morning, Mr. Chair and members of the committee.
My name is Dan Rogers, and I'm the deputy chief of foreign signals intelligence at the Communications Security Establishment. I am responsible for CSE's foreign signals intelligence program. I'm joined today by my colleague André Boucher, the assistant deputy minister of operations at the Canadian Centre for Cybersecurity.
The Canadian Centre for Cybersecurity, which is a part of CSE, is Canada's national authority on cybersecurity and cyber-threat response. It's a pleasure to appear before you as you continue your study.
With regard to the incident involving Cambridge Analytica and Facebook, CSE does not have a mandate to regulate social media, nor is it a law enforcement agency. We have no oversight role with respect to these companies. We do, however, have a role in identifying and helping protect against cyber-threats to Canada's democratic process. Therefore, I would like to focus my remarks on these threats and how they can be mitigated through good cyber and physical security.
I also hope to leave you with a better sense of what CSE does and how we have changed as an organization since CSE officials last appeared before this committee in 2017.
CSE is Canada's national signals intelligence agency for foreign intelligence and the technical authority for cybersecurity and information assurance. I would like to emphasize that CSE only directs its signals intelligence activities at foreign communications. CSE is prohibited by law from directing its activities at Canadians anywhere or at anyone in Canada.
CSE operates at the cutting edge of today's threat environment. Whether providing intelligence on foreign-based terrorism or threats to Canadians abroad, or defending against cyber-attacks, CSE helps to ensure Canada's prosperity, security and stability.
More recently, CSE was asked to assist the Minister of Democratic Institutions with her mandate to lead the Government of Canada's efforts to defend the Canadian electoral process. Specifically, the mandate letter for the Minister of Democratic Institutions directed that she ask CSE to analyze risks to Canada's political and electoral activities from hackers and release this assessment publicly, and to offer advice to Canada's political parties and Elections Canada on best practices when it comes to cybersecurity.
In response, we released a report on cyber-threats to Canada's democratic process in June 2017. While the report is unclassified, key judgments in the assessment rely on multiple sources including classified information from CSE's unique cybersecurity and foreign intelligence expertise. CSE examined cyber-threat activity against democratic processes across Canada at the federal, provincial and territorial, and municipal levels and around the world. The report examined the types of threat actors involved, the targets they are likely to select and the methods they may use to target their victims.
CSE assessed that in the 2015 Canadian federal election, Canada's democratic process was targeted by low-sophistication cyber-threats likely perpetrated by hacktivists and cyber criminals. These activities had no effect on the results of the election and no impact on the privacy of Canadians. CSE has assessed that, at the federal level, political parties and politicians and traditional and social media are more vulnerable to cyber-threats than election activities themselves.
Consistent with the increasing cyber-threat activity against democratic processes worldwide, we expect to see multiple hacktivist groups deploying cyber capabilities in an attempt to influence the democratic process during the 2019 federal election. These will likely be low-sophistication activities, but will be well planned and will target more than one aspect of the democratic process.
CSE has been asked to continue this analysis and expects to release an update to the 2017 report.
While offering mitigation advice was outside the scope of the threat report, to respond to Minister Gould's second request of CSE, we have held briefings with political parties, provincial and territorial clerks, and Elections Canada to offer best practices when it comes to cybersecurity.
Our key message in all of these briefings is that, while system safeguards are expected to curtail most suspected malicious activity, we cannot rely solely on technical safeguards. Users must also be diligent and have good cybersecurity habits in order to stop the threats of today and to stay ahead of the threats of tomorrow.
CSE has made available on its website several documents, the "Top 10 IT Security Actions", "Cyber Hygiene", "Mobile Security" for IT enterprise, and other resources with user best practices. We'd be happy to speak to any of these in greater detail during the questions and answers.
Cybersecurity is a team sport. We'll continue to work with Elections Canada to ensure that the electoral process is secure and remains a trusted aspect of our democratic process.
CSE will work with Minister Gould and other stakeholders, if requested, to advance the goal of protecting Canada's democratic institutions and electoral processes from cyber-threats.
On October 1, the Minister of National Defence announced the launch of the cyber centre, Canada's national authority on cybersecurity and on cyber-threat response. The cyber centre, housed at CSE, brings together cyber expertise from Public Safety Canada, Shared Services Canada and CSE all under one roof. A unified government source of expert advice and guidance for the private sector, critical infrastructure owners and operators and all Canadians, the cyber centre will help ensure a safe and secure cyberspace.
This newly established centre will also enable better coordination of efforts in the protection of Canada's democratic institutions from cyber-threats. This includes the period preceding the 2019 federal election.
Again, thank you for inviting us here today. We look forward to answering your questions.