Evidence of meeting #138 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was elections.
A video is available from Parliament.
5:25 p.m.
Voices
Oh, oh!
5:25 p.m.
Deputy Chief, SIGINT, Communications Security Establishment
It is an excellent point, because it is challenging to find the best and the brightest to come and work on our team. It is something we take pride in doing. We make extensive use of student and other outreach programs across the country to reach into universities and bring in what we would consider truly exceptional people to work on these problems.
5:25 p.m.
Conservative
5:25 p.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
I have one question, then I'll pass it to Anita.
When a number of us were in Washington, we were speaking to members of Congress on this issue. One of the members indicated that in their world, they take a red team-blue team approach where their accounts are hacked, whether by their political staffers or by Congress people themselves. There are attempted hacks and then they are told how they were hacked and how to prevent them in future.
Are there any plans to hack us for the betterment of our democracy?
5:25 p.m.
Voices
Oh, oh!
5:25 p.m.
Assistant Deputy Minister, Operations, Canadian Centre for Cyber Security, Communications Security Establishment
I welcome the invitation.
No. We do provide advice to political parties. As you may have heard, one of the measures we use with campaign managers and others is a simulation. Phishing emails are a good example. To this day, phishing emails remain the most prevalent threat coming to each and every one of our inboxes. A campaign to give people an awareness of what that looks like and how to react, and then the post—
5:25 p.m.
Liberal
Nathaniel Erskine-Smith Liberal Beaches—East York, ON
I say it less seriously, but I would encourage you to communicate with your American counterparts. I think it would be a worthwhile exercise here in Canada to implement a simulation like that on a regular basis.
Anita.
5:25 p.m.
Liberal
Anita Vandenbeld Liberal Ottawa West—Nepean, ON
Thank you.
I want to go back to the critical election incident public protocol. Without that, what is the default? What is it right now? My understanding is that there would be absolutely no informing of political parties. Any one of the members of that panel could go to the press on their own, without that process. Worse yet, there could be an incident and none of them make the public or the political parties aware.
Can you tell me, without this, what exists right now? What would be the default right now if we didn't have this in place?
5:25 p.m.
Assistant Secretary to Cabinet, Machinery of Government and Democratic Institutions, Privy Council Office
That's a very interesting question. Thankfully, it's hypothetical.
In the absence of a protocol during the writ period, I think government officials, indeed, ministers and the Prime Minister would be put in an untenable position: They would have to weigh in and decide whether something had passed the threshold. Obviously, you would be stuck in a partisan dilemma there.
5:25 p.m.
Conservative
The Chair Conservative Bob Zimmer
Thank you, all.
I just have one question. It refers to the trip some of us made to Washington about a year and a half ago, to talk about Equifax. It was still alarming to me to find out that we're not regulating our credit bureaus in our country. That said, the reason the Equifax breach was even discovered was that there was an overarching group called Homeland Security that actually warned Equifax of a potential breach. They warned them several times, but they did not respond and did not fix it. That's what caused the breach of 150 million Americans and about 19,000 Canadians, give or take, I guess.
Do we have a similar system in Canada? I would rather you not answer if we don't. You can tell me later. Do you have a similar process?
What concerns me about this is a statement that Mr. Rogers made. We have a mandate to investigate if they occur. My concern is whether the fire has to be lit for you to extinguish it, or whether you actually take steps to prevent the fire from occurring in the first place.
5:25 p.m.
Deputy Chief, SIGINT, Communications Security Establishment
Let me just correct one thing before I hand it on to André for a great answer. We investigate foreign actors and their intentions to discover them, not simply if they are brought to our attention. I apologize if I misspoke there.
I'll hand it over to André. One of the benefits of our system is that the intelligence capacity we bring to bear on the foreign signals intelligence side can find the activities of cyber-actors. These can be passed on to the cyber centre so that it can provide that sort of insight and detection early on.
5:25 p.m.
Assistant Deputy Minister, Operations, Canadian Centre for Cyber Security, Communications Security Establishment
That's a good warning, if you know me and the microphone.
The really good news that Mr. Rogers just talked about—the fact that we have one joint team—is a strength in Canada, an absolute strength.
The equivalent of the Homeland Security, or DHS, in the U.S. definitely exists in Canada. In fact, the cyber centre is what you will find is the equivalent at DHS: CISA. They have a cyber-equivalent cyber centre. Our practice is very similar to that.
Hypothetically, Mr. Rogers and his team detect something from foreign space happening to one of our constituents and inform my centre. We would actually go out, reach over to them, and of course, for reputation and other reasons, we'd start with a very discreet, “We think you have this and you should do something about it”. However, if need be and we need to escalate, we would take more public measures.
5:30 p.m.
Conservative
The Chair Conservative Bob Zimmer
I'll finish with a last plug for what our committee is going to be doing on May 28 here in this very room—the international grand committee, meeting number two.
We met with eight other countries, plus Canada, in London to talk about these very issues, about foreign threats to our democracy, etc. We're going to be meeting in Canada this time for the second meeting. There will be a similar invitation list, inviting the platforms to appear.
Any advice that you have for the committee, witnesses to pursue, etc., would be appreciated.
Thank you for coming today to committee.
Have a good afternoon, everybody. The meeting is adjourned.