Evidence of meeting #122 for Procedure and House Affairs in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was colleagues.
A video is available from Parliament.
Conservative
Conservative
Garnett Genuis Conservative Sherwood Park—Fort Saskatchewan, AB
You had this information because the FBI gave it to you, and you didn't pass it along.
Liberal
The Chair Liberal Ben Carr
Colleagues, I would very much appreciate it if the chair's role in facilitating a meeting was respected. I have done my best throughout the course of the last hour and the beginning of this hour to be very generous in affording members the opportunity to ask questions and witnesses the opportunity to respond to those question.
I'm going to be less generous if I feel as though that's being taken advantage of. I appreciate your co-operation in that matter.
I'm going to turn the floor over now to Mrs. Romanado for six minutes.
Liberal
Sherry Romanado Liberal Longueuil—Charles-LeMoyne, QC
Thank you very much, Mr. Chair. Through you, I'd like to thank the witnesses for being with us.
My first question is for Madame Drouin.
First of all, welcome to the role of NSIA. I don't think you've been to PROC since you started in this role.
Can you confirm something for us? In your role as the national security and intelligence adviser, do you have a mandate that would include informing members of Parliament or parliamentarians of an active threat?
Deputy Clerk of the Privy Council and National Security and Intelligence Advisor to the Prime Minister, Privy Council Office
One thing that we all kind of looked at is how the ways in which we are dealing with threats in 2024 are quite different from the ways in which we were dealing with that in the past, and that is good. It is good that we continue to evolve and enhance our processes, and we need to continue to do that.
With the new directive that was adopted last year in terms of sharing with parliamentarians the threats we are facing, it is much clearer now that handling a situation like the one we are talking about will trigger a conversation with implicated MPs.
I'm not an expert when it comes to CSE's work, but one thing I would like to say is that when they see a cyber-threat, the first thing they need to do is to stop the bleeding. That's the first thing. We want to make sure that the actor doesn't have access to data, and that if information has been infiltrated, we can recoup that information.
The first focus, then, is really to stop the threat. After that—
Liberal
Sherry Romanado Liberal Longueuil—Charles-LeMoyne, QC
Madame Drouin, I don't want to cut you off. It's just that I do have quite a few questions.
I understand that when there is an immediate threat vis-à-vis our systems, the goal is to stop the bleeding, as you said.
However, in the case that we're studying right now with respect to parliamentarians who were targeted, I understand that this was in 2021. You were not in the role at that time. However, you mentioned that once the bleeding has been stopped, there is a new ministerial directive to CSIS to advise members of Parliament. You also mentioned in your opening statement that on June 3, Global Affairs, National Defence and Public Safety issued a cyber-threat bulletin warning Canadians. Is that correct?
Deputy Clerk of the Privy Council and National Security and Intelligence Advisor to the Prime Minister, Privy Council Office
Yes.
Liberal
Sherry Romanado Liberal Longueuil—Charles-LeMoyne, QC
I'm just going to ask you this: Were parliamentarians provided that cyber-threat bulletin?
Deputy Clerk of the Privy Council and National Security and Intelligence Advisor to the Prime Minister, Privy Council Office
I will turn to my colleague for that.
Chief, Communications Security Establishment
All bulletins that are issued are issued in a public manner, and they're put on websites. We amplify any publication with other means: through social media, circulating it to service providers and various ways. The publication itself wasn't directed only at a certain number of people. On the contrary: We want to make sure that these bulletins are as public as possible so that they can be useful to whoever can find them useful.
Liberal
Sherry Romanado Liberal Longueuil—Charles-LeMoyne, QC
On that, Madame Xavier, I never received it.
I understand that you're saying you put it out on social media and on the website, but you understand that we ourselves have said to you and to various people that we are targets. You've mentioned that we are targets, given the work that we do. However, parliamentarians did not receive that cyber-threat bulletin. The threat may or may not have had us as a specific target, but we were not made aware of it either.
What I'm trying to get to is that we are trying to improve the communications to parliamentarians whenever there is an active threat, whether it be directly to them or whether they should be on the lookout. It seems to be that there's still a gap. I still don't.... It's not clear to me who is responsible for letting members of Parliament and senators know about a cyber-threat. When CSIS were here, they said it wasn't them. When IT were here, they said it wasn't them. When you were here last, it wasn't you. Whose job is it to notify members of Parliament?
Deputy Clerk of the Privy Council and National Security and Intelligence Advisor to the Prime Minister, Privy Council Office
Let me say one thing. Not all cyber-attacks are personal attacks on MPs. We should not come to a conclusion that all cyber-attacks mean that a specific MP was targeted. Sometimes it's completely random, and then it is more for the administrator of the system and the network to make sure they have the appropriate mechanisms to stop the threat.
When it comes to threats against specific MPs, as I said, the directive that was adopted last year will come into play and will trigger specific briefings to MPs. We also coordinate with the House and the Senate when it comes to briefings to parliamentarians. You may be aware that such briefings in terms of the threats that MPs may face have begun, and some of them happened last week.
Maybe my colleague Caroline can talk about the several briefings that she has given over the past years to parliamentarians.
Liberal
Sherry Romanado Liberal Longueuil—Charles-LeMoyne, QC
Actually, I have only five seconds. I'm very well aware of the report that was tabled in the House on the number of parliamentarians who have been briefed, but thank you.
Liberal
The Chair Liberal Ben Carr
Thank you very much, Ms. Romanado.
Ms. Gaudreau, you have the floor for six minutes.
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
Thank you, Mr. Chair.
Good afternoon, Ms. Xavier and Ms. Drouin. Ms. Xavier, we're seeing you here again after two weeks. Ms. Drouin, this is your first time appearing before our committee.
I didn't see the difference between what happened in public and what happened in camera. We asked specific questions, and I personally expected specific answers. If necessary, this committee could have become an investigative committee.
You must have seen the testimony of our parliamentary colleagues who came here. When they thanked the FBI because, without the organization's help, they wouldn't have been informed of the situation, I couldn't believe it. How do you determine that? I don't know. I'm a bit speechless.
I came across a document released on December 15 by the French cybersecurity agency. I shared it with all my colleagues. The document talks publicly about the APT31 group. What's that? It talks about the chain of infection, intrusion vectors and techniques and tactics.
Speaking of tactics, I was expecting to feel reassured that the situation would be resolved and that we would receive information and guidance. However, when I came across this, I wondered whether there was a willingness to withhold information, or whether some type of protocol tells us to wait until the situation gets even worse. I want to understand. This worries me.
Chief, Communications Security Establishment
Thank you for your question and comments.
You're referring to a document that we distributed more broadly, in keeping with our role as a partner of this organization. We recognize that the APT31 group can be quite a persistent actor, and that Canada isn't immune to these types of threats. That's also why we released a document—
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
I want to make it clear that this document comes from France. It doesn't come from the CSE. Is that right?
Chief, Communications Security Establishment
That's right. It doesn't come from us. You're absolutely right.
That said, we work closely with our partners to keep up to date on other documents released, to ensure a broader distribution. We work closely with a number of partners. We all recognize that it isn't enough to do things on our own. When a document of this nature is released, we want to ensure a broader distribution.
I want to assure you that we take this committee's comments and study extremely seriously. We'll be looking closely at the recommendations for improvement. In addition, since our conversations at my last appearance, we've had a number of meetings with people from the House of Commons. We want to keep improving our collaborative efforts, especially with a view to serving you better.
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
First, we could do the opposite. We could also tell you about things that we as members of Parliament experience on a daily basis. Sometimes, we may be told that, in a certain case, it comes from a private email address. However, we no longer have a private life. People who implement strategies should perhaps listen to what we have to say, just as when I raise my hand because I want to be your customer. Otherwise, I feel left out in the cold. Everyone says that it isn't them, so ultimately it isn't anyone's fault.
I can see that a protocol will be implemented. However, I would like to hear your thoughts as well. CSIS said that there would be a multipartisan committee involving every agency concerned—including CSE and CSIS—to provide oversight, similar to the process in Australia, I believe.
I would like to hear your opinion. Things are moving too fast, and we aren't moving fast enough to deal with everything.
Chief, Communications Security Establishment
Sorry. I'm not sure that I understood the question.
You said—
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
I'll repeat my question. I'll keep it short, but I hope that the timer will be adjusted accordingly.
What do you think about setting up a committee similar to the one established by the Australian government to ensure constant monitoring with collaborative partners, including parliamentarians and representatives of the Five Eyes member countries? Right now, we don't have this type of committee. Do you support this?
Chief, Communications Security Establishment
I strongly support any useful measure that helps strengthen our cyber‑resilience, including an oversight committee such as the one brought up by the member. The Parliament of Australia has also been affected by this actor and has learned from the experience. Depending on the recommendations from our Australian colleagues and our subsequent follow‑up, we can certainly consider implementing these types of measures.
Bloc
Marie-Hélène Gaudreau Bloc Laurentides—Labelle, QC
Good.
Another thing that really surprised me was that—