“Intervene” was probably a bit of a loose term. What we do depends upon what the organization is comfortable with and the type of cyber-incident. If it's traditional ransomware, we'll provide advice and guidance. We'll try to help them recover, best practices, etc. If it's a more advanced actor who is clearly hurting them, we might provide more tailored assistance, if it's a system of importance, for example. We'd certainly try to work with a commercial provider or a commercial partner who would be helping them rebuild their defences.
Then, finally, if it were something that required the intervention of the state, we would look to leverage some of the new authorities that were granted to CSE in terms of it going out and actually defending the organization, but that is something that we really do reserve for when it's unreasonable to expect the commercial sector to defend. In reality, what we really want is a vibrant commercial sector that is able to work and defend Canadian industry, so we really emphasize partnerships and the ability to work together.