Procedure and House Affairs Committee on June 11th, 2024

Thank you very much, Mr. Chair.

Good morning, members of the committee.

Thank you for the opportunity to be here today

Thank you, Mr. Chair.

The issues of cybersecurity, their nexus to national security, and attempts by adversaries to interfere in Canada, are becoming ever more complex. These issues require the full attention of the Government of Canada and all Canadians.

Increasingly, threats to the security of Canada take the form of cyber-threats. Malicious cyber-activity targeting Canada is growing in scale, complexity and sophistication, with cyber-threat actors seeking to advance their economic, political, security and ideological interests to the detriment of Canada and its allies. In short, the digital ecosystem has transformed the nature and conduct of warfare, espionage, diplomacy and trade.

Cyber-threat actors include those affiliated with foreign states, including military and intelligence services, as well as non-state actors.

CSIS actively investigates a variety of cyber-actors, including those from or associated with China, Russia, Iran and India. Regardless of who is directing their activities, cyber-threat actors employ a range of technologies and techniques to exploit weaknesses in information systems, target individuals to gain unauthorized access to systems and networks, or leverage infrastructure in Canada to achieve their broader strategic and geopolitical goals to the detriment of Canada.

CSIS is mandated to collect intelligence on threats to the security of Canada, to advise the government on those threats and, when appropriate, take measures to reduce them. This includes threats that emanate from the cyber-domain.

More specifically, when CSIS identifies national cybersecurity threats, it uses a variety of investigative techniques, including human sources, warranted collection and other methods to determine the scope, motivation, target and source of the threat.

The Canadian Security Intelligence Service, CSIS, engages broadly with industry, academia, governments, and indigenous groups to help strengthen Canadians' alertness and resilience to a growing cyber-threat environment. For example, since 2021 alone, over 70 briefings have been provided to parliamentarians on foreign interference and espionage, in which security awareness, including cyber-hygiene, was a key discussion point.

Additionally, CSIS routinely provides intelligence assessments to our government partners, allowing them to make informed policy and operational decisions. CSIS also shares these assessments and investigative leads with our trusted foreign partners in order to assist them in ensuring the integrity of the global information infrastructure upon which Canadian security relies.

However, I would like you to know that CSIS is part of a community of agencies and departments seeking to protect Canada from cyber-threats. While CSIS plays a vital role in the team, it works closely with other key players such as the cybersecurity experts at the Communications Security Establishment, the cyber centre, Public Safety Canada and the RCMP, just to name a few. Together we work to safeguard Canada and its assets, information and national security from an array of cyber-threats.

Regarding the committee's specific study, our colleagues and cybersecurity experts at the CSE and CCCS, with CSIS, produced a chronology of events detailing the interactions between our organizations and the House of Commons.

I will note that CSIS learned of any issues with the House of Commons IT system from CSE in January 2021. Following this, our agency directly briefed the House of Commons IT staff with CSE. From there, we worked with CSE and the House of Commons from January through April 2021 to investigate this activity.

This work outlined that IPAC members were targeted, but importantly, it found no instance of compromise on the system, nor any follow-on activity.

CSIS broadly disseminated intelligence products to clients across the Government of Canada detailing APT31's email tracking attempts on IPAC members in Canada. CSIS's work with the House of Commons predates the FBI reporting that was shared with both CSIS and CSE on any information that was released to the public by the U.S. in 2024.

When this incident was uncovered in early 2021, CSIS followed the protocols that were in place at the time. CSIS worked directly with CSE and the House of Commons to better understand the incident and its impact. Our investigation, alongside CSE's work, helped to inform the House of Commons on the specific technical measures that could be taken to mitigate the incident.

In 2023, the Prime Minister issued a ministerial directive to CSIS, which outlined and clarified CSIS’s role and responsibilities in relation to the investigation, notification and reduction of threats to parliamentarians. The directive outlines that, wherever possible within the law, CSIS must ensure that parliamentarians are informed of threats to the security of Canada directed at them.

This is uncharted territory for CSIS, and is providing an opportunity for reflection, learning and improvement. What is different today under this directive is that it compels us to have the conversation with our partners on how best to ensure that parliamentarians are informed on the potential threats they face. It may not be CSIS, for example, when we are not the lead department responsible for the issue at hand, but because the ministerial directive was issued to CSIS, we will lead the discussion on the process.

Mr. Chair, I think I will skip the recap of the chronology because of time. I will speak quickly to some legislative authorities.

Members of the committee, I think you all understand that the CSIS mandate is guided by legislation that is nearly 40 years old. In the face of rapid technological change and an increasingly complex cyber-ecosystem, gaps in CSIS authorities that limit its ability to detect, investigate and respond to foreign interference, including by sharing information, have become more pronounced.

Bill C-70, which currently sits before the House, proposes a set of focused amendments that will improve CSIS's operational response to foreign interference.

Among these amendments is a proposal to enable information sharing outside the federal government to build resiliency to national security threats, including foreign interference. This will help to build resilience before the threats materialize and will directly enable parliamentarians to make decisions that are more informed.

More broadly, Bill C-70 will ensure CSIS investigations are nimble and responsive, resulting in better collection of intelligence and advice, including for parliamentarians.

The last thing I would say, Mr. Chair, is that in reflecting on this situation in preparation for this appearance, I think my analysis with my colleagues is that everybody did the work they were supposed to do. However, the outcome for parliamentarians is not, I think everybody will agree now, in hindsight, what was desired.

I welcome the work of this committee. I welcome the work that CSIS can do to make sure that in the future we learn from this, and that the outcome for parliamentarians and for Canadians is a different one.

Thank you.

Mr. Chair, I do not have the specific distribution list. I can say that, generally speaking, such a product would indeed be distributed to the Privy Council Office, and that would include the national security and intelligence adviser. That's the general practice, but I will have to double-check on this specific item.

Mr. Chair, the way that the distribution of intelligence works is that the departments are responsible to the intelligence unit within departments to make this information available to their ministers. It would be hard for me to know.

I will do that, Mr. Chair.

Mr. Chair, I do not have specifics of that briefing. What I can say is that, as an intelligence service working with our partners in Canada, as I mentioned in my remarks, but also working with our international partners, we have seen an increase in the sophistication and the aggressive nature of cyber-targeting by China, including by APT31.

Mr. Chair, my answer to this question will be the same as my initial one. I can look into the specific distribution. My assumption is that it would be, but I will confirm with the committee.

Mr. Chair, I think this goes to the core of the issue.

As I mentioned, in the cyber-ecosystem, you have different actors with different responsibilities and mandates. We each did our work in collaboration but also, to a certain extent, in parallel.

The initial information did not emanate from CSIS. It emanated from our colleagues at CSE. We work with them to work with the House of Commons.

On the question that the member is asking, if and when the ministerial directive would apply to CSIS is an interesting one. We are learning how, and we are adapting this ministerial directive.

Mr. Chair, if I could just finish this, I would say that the key point here is that the assessment at the time was that the information had been shared with the House of Commons in order to mitigate that threat.

Mr. Chair, I'm not sure I would say that I would see that the role of CSIS would have been to organize such a briefing, but I think what is clear in hindsight is that the outcome for parliamentarians is not what anyone wanted, so my commitment to this committee is to learn from this, work with the committee and learn from the results of your work.

With our partners—I can tell you that I was talking to my partners at CSE—we all have the same objective, which is to make sure that in the future we're going to achieve a different outcome for parliamentarians.

I think this is one of the roles.... I would say, being very candid with you, that working with parliamentarians through the House of Commons is something we all need to get better at. We normally go through the House of Commons. I don't want members to think that this is a cop-out by saying that we shared the information with the House of Commons and we washed our hands. That was not at all the intent and the approach.

However, clearly, for people who were targeted by APT31, the outcome was not the one that people would have expected. My undertaking to this committee is that, with my colleagues, we will learn from this and make sure with our partners that we are achieving different outcomes in the future.

Mr. Chair, I don't have a precise answer about the intermediary role, except for the fact that each organization maintains relations with the House of Commons.

Both headquarters and the regions work closely with the House. I'm assuming there was some kind of connection. I'll ask Mr. Madou to answer that.

Yes, it's no doubt owing to the fact that for quite a few years, we've had a lot of dealings with the House of Commons. It was no doubt a more straightforward way of proceeding. When a more strategic analysis of a problem is needed, it's usually CSIS that does it. Our colleagues at the CSE work more on the technical analysis side.

CSIS, in partnership with its colleagues, assumed that as soon as work began with the House of Commons, the House authorities would inform the MPs. This didn't happen for various reasons.

I know that the conditions under which it happened were complex; it was during the COVID-19 pandemic. There were all kinds of restrictions on who would be present at the office, which complicated meetings. It was before the vaccine was available. Canadian Security Intelligence Service employees were in the office throughout the pandemic, which contributed to some of the confusion in the allocation of tasks.

Having said that, I believe we should all just ask ourselves how we could handle things better in the future.

Mr. Chair, that is indeed true.

When there are national security issues, CSIS usually takes the lead. In the case we are talking about, the national security threat was detected by our partners at the Canadian Centre for Cyber Security. So at the outset, the analysis was more technical.

Once again, we assumed that when the House of Commons authorities were informed, they would be the ones to pass the information on to the parliamentarians. That didn't happen.

We'll rely on the outcome of the committee's work, and take steps as an agency to arrange for the various spheres of activity to work together and analyze how to work closely with our partners to achieve good results, regardless of who does the actual work.

Mr. Chair, from 2021 to 2024, the discussion surrounding national security and foreign interference changed dramatically in Canada.

I shouldn't speculate here, but in future there could well be an entity responsible for communicating information of this kind to parliamentarians. It could be the House of Commons, given its special relationship with parliamentarians, working together with CSIS and the CSE, both of which could also be involved. This would ensure that the best possible information is communicated to parliamentarians as quickly as possible to enable them not only to protect themselves, but also make the right decisions.

As I mentioned, in the case under discussion, when parliamentarians have been targeted by an APT31 cyber-attack, it wasn't done that way. As I mentioned in my opening address, we are accordingly going to work with our partners to ensure that we have all learned from this situation.

Yes.

Mr. Chair, I can assure the member that CSIS is working in partnership with Public Safety Canada to make sure that won't happen. The minister was very clear about that.

Mr. Chair, as I mentioned in my opening remarks, the House is indeed currently studying a bill to modernize certain aspects of the Canadian Security Intelligence Service Act, Bill C‑70.

It's interesting to look at things with a bit of hindsight. The act came into force in 1984, in the middle of the Cold War, following a commission of inquiry whose role was to review certain activities of the organization that had been responsible for national security at the time. To me, it looked like a rather defensive bill. Its purpose was to prevent certain lapses from recurring.

In my humble opinion, the circumstances that existed in 1984 no longer apply in 2024. The world has changed. Canada's image has changed and the threats we are facing have changed, not only in terms of complexity and the number of stakeholders responsible, but also the impact they have on the everyday lives of Canadians and Quebeckers.

The sharing of information amendments proposed in Bill C‑70, which is currently being studied by Parliament, are absolutely essential. Their purpose is to simplify part of our data system, and the way we obtain orders from the Federal Court, while maintaining judicial authorizations. I'm sure that these changes will have a very direct impact on Canadians.

As Minister LeBlanc said, it was a first step, and other efforts would be required in future to modernize the Canadian Security Intelligence Service Act. Once again, when the time comes to protect Canadians against threats, it's important to know that the methods used by those who contrive them can change very quickly. We therefore have to make sure that we're not lagging behind these changes.

I think Ms. Gaudreau has put her finger on something rather important.

As a public servant, I'll allow myself to make the following comment.

When discussing matters of national security, it's important, to the greatest extent possible, not to politicize them. We need to be flexible in order to find a way to modernize the various statutes as soon as possible.

Technological changes are accelerating and we depend to an enormous extent on communication systems. Some companies have been changing their procedures and methods. A lot of work is also being done on access to telecommunications data.

What I'd like to see is a parliamentary committee which, instead of studying complex omnibus bills, regularly invites witnesses to appear and asks them about databases, progress in combatting threats, and how to address needs as quickly as possible. That's my message to the committee.

Mr. Chair, with all due respect to the member's question, I will not be able to comment on leaked information to the media. That said, I can assure the member that we have shared and testified to all of the information that was relevant to the committee's review.

I will ask Mr. Basler, who is our counter-foreign interference coordinator, to speak about the volume and depth of our information sharing.

Thank you, Director.

Yes, NSICOP certainly had access to any and all service information outside of some that was redacted for cabinet confidences, but any of our classified intelligence was made available to the committee. As well, a number of officials appeared before the committee to be interviewed and answer direct questions throughout their review. They also had all the information that was given to the independent special rapporteur when he was doing his review. The same information has gone to the National Security and Intelligence Review Agency as well as the public inquiry.

There are four separate reviews that have had access to, I think, at last count, at least from the service, over 8,000 documents that have been shared with the review committees.

Mr. Chair, I would say that in this case our assessment was that it was investigative journalism as opposed to a leak in this specific story.

I will obviously not be speaking to the specifics of our investigative techniques or investigative interests, but I think what is very clear is that we have said publicly in our annual reports, in speeches, in appearances in front of this committee and other committees of the House and the Senate that CSIS has been concerned with foreign interference for very many years. It's part of our act. We have been investigating this, but what we have seen over the last number of years is an increased aggressiveness by a number of countries.

The speed and complexity at which the threat of foreign interference is coming at Canadians, yes, at the democratic processes, elections, but also at Canadians from different diaspora groups who are being interfered with in their democratic rights by foreign nations, this is something that is of grave concern to CSIS. This is why we have been speaking about this both publicly and privately to government. I think Canadians, through the work of this committee and other committees and the NSICOP and NSIRA and the commission of inquiry, are now getting a better sense of what is required.

Maybe the last thing I would say is that one of the best tools to address foreign interference is what we're doing right now. We're talking about it in public. Of course, I will not be able to share classified information, but by having more public discussion about these issues in different places with different people, we will increase resilience against these actors. It's not going to be CSIS or the RCMP or someone else catching people doing it all the time. We hope that we're good at what we do, but it's going to be Canadians in their day-to-day activities who will raise the flag and say, “There's something happening here. Maybe I should be talking about it.”

Mr. Chair, I do not have the report in front of me, but I will take the member's word that it's indeed accurate, the reference.

I do not remember that specific briefing. I will have to double-check if it was myself, someone from my staff or somebody else who briefed the Prime Minister.

Mr. Chair, we'll take that under advisement. We'll try to see what we can do. In different committees—

—we have provided a number different chronologies. We'll try to see what we can do.

Mr. Chair, I'm looking to my colleague here on whether he wants to opine on this.

I would have to defer the question to my colleagues at Public Safety Canada, who are devising the current regime. I would not have a definitive answer to provide to this committee.

Mr. Chair, it appears to be the case, but again, I would not want to speculate. I'm not the expert on the foreign registry. Our colleagues at Public Safety are.

I don't think we could expand further on the nature and scope of when a partnership agreement would come into force under the current proposed legislation right now. I think it would be a stretch for me to go that far.

Mr. Chair, through the commission of inquiry presided over by Justice Hogue, CSIS, in partnership with colleagues, has made public some summaries of information, including specifically on this information. I think to be as precise as I can with respect to the member's question, I would refer the committee to that summary, which uses all of the classified information and the open information in coming up with the best possible story.

I think that would be the definitive story on this matter, Mr. Chair.

Mr. Chair, that's a very interesting question. We've been reflecting on this issue.

In my view, I think we, CSIS and partners, are putting more resources and emphasis on this, because we have seen the threat increasing in the last number of years. We have seen a number of actors coming at it much more aggressively and doing things we had not seen before.

Indeed it's the case. That's why, while respecting, in our case, the law of the Security of Information Act, and the partnership agreements with our partners to protect information, we have for a number of years now been talking publicly about foreign interference. That's why I do believe that a more organized discussion about these issues is what will make Canadians resilient.

Mr. Chair, I testified to this issue a few days ago in front of another committee, and I'll say a couple of things in reaction to this.

First, this is uncharted territory. We have never done it before, so we're all learning together.

Second, I think that people with the right security clearance, with the need to know, are indeed able to get briefings on these matters.

Third, I think that while respecting the law, there are opportunities and abilities for people to make some decisions based on that information without having to reveal it publicly.

Mr. Chair, that is my understanding.

I have a lot of respect for Mr. Chong and his remarks. I would welcome a discussion with him to maybe have a chance to better understand his point of view.

Mr. Chair, I would take the words of the MP, but for a period of time for sure.

Mr. Chair, very quickly, I would not comment specifically on the interactions of CSIS with partners, but I can reassure the member that there have been indeed a number of partners in government who have engaged specifically on these issues with partners in Taiwan.

Mr. Chair, by and large, that's exactly what I wanted to say.

Allow me to reiterate that my current position involves a duty of confidentiality. Nonetheless, when partisan interests are taken into consideration, which is normal in a democracy—and we're lucky enough to live in a democracy—the fundamental questions can be somewhat blurred. From my standpoint, things do indeed become more complicated when they are politicized.

Mr. Chair, I don't think anyone will be surprised to hear that I won't be commenting on what the member said.

On the other hand, I can say that the discussion being held right now and the work being done by this committee are essential if Canadians are to be better protected against foreign interference and numerous other threats.

Mr. Chair, I'm going to exercise my duty of confidentiality with respect to these comments, but I appreciate the member's question.

That's a very good question, Mr. Chair, but it's one to which there is unfortunately not a very good answer, insofar as there is no policy on declassification.

Let's take the Canadian Security Intelligence Service as an example. Information from the Canadian Security Intelligence Service is subject not only to the Canadian Security Intelligence Service Act and the Security of Information Act, but also to our practices and commitments. So the government does not have a policy on this, and there is no authority that can order a declassification.

Generally speaking, in my experience, the disclosure of information is done in collaboration with the agencies.

I'll give you a very concrete example. The first time we named some of the countries involved in this incident, it was classified information. We did the work required to allow us to say that now, based on publicly available information and its impact on our operations, we can begin to say more about it.

It was therefore an iterative process, but it was not based on a government policy.

Mr. Chair, to be more specific, we used section 12.1 of the Canadian Security Intelligence Service Act, which is about reducing threats. That is the process, which is based on the CSIS Act, that enabled me to have the initial discussion with Mr. Chong.

Yes, Mr. Chair, it is correct, 70 parliamentarians, and I think that, for Canadians, we're talking about more than 1,000 people we engaged with.

Mr. Chair, I will have to go back to review that information specifically to confirm.

Mr. Chair, I will undertake to confirm whether the MPs were met. However, I think it's very clear as well, in my testimony and from what was presented to this committee, that there was, as I said, the expectation when we were sharing the information that the specific information would be shared by the House of Commons. Also, the ministerial directive issued to CSIS came about two years later than...the incident, so I think it's important to keep these two points in mind in reflecting about what was done here.

Mr. Chair, in my remarks and my previous comments, I think I've been clear that the outcome that we have seen here is not the one that members of Parliament or senators in the IPAC would have wanted. It's definitely not the outcome we would have wanted, because our work on national security is to make sure that we are enabling people to defend themselves and to do our work.

Therefore, the undertaking I've given this committee is that I, with my partners at CSIS, with CSE, and with the House of Commons and the Senate, will learn from this and look at how we are aligning the different authorities, because we also have to respect the mandates and laws that govern our actions. How do we combine these to make sure that the outcome is different in the future?

I was very sincere, Mr. Chair, when I made that offer before. That's probably the best answer I can provide to the member.