National Defence Committee on March 28th, 2022

Mr. Chair, members of the committee, good afternoon.

I'm Cherie Henderson, the assistant director of requirements at the Canadian Security Intelligence Service. Thank you for the opportunity to appear before you once again this year, this time to discuss cybersecurity, which of course is a very important topic.

As Canada's principal government agency responsible for investigating threats to the security of Canada, CSIS also investigates cyber-threats. As such, we employ all our investigative tools to collect intelligence on cyber-threat actors' exploitation of cyberspace to conduct espionage, sabotage and foreign-influenced activities against Canada and Canadians. CSIS also co-operates with a wide range of domestic and international partners.

Our unique value lies in our ability to collect intelligence on the nature and scope of hostile cyber-activities and the intentions of the actors behind them. This intelligence supports the mandates of our Government of Canada partners, enabling them to better formulate foreign and domestic policies, protect critical Canadian entities and strengthen our nation's overall cybersecurity posture.

Under the CSIS Act, the service also has the legal authority to use threat reduction measures in order to reduce cyber-threats to Canada. One of the most important challenges to address in protecting our national security is the sharing of timely and actionable intelligence. CSIS is addressing this particular challenge in a number of ways, including through regular outreach and partner engagement. We have delivered briefings to partners on the espionage and foreign influence threats posed by state cyber-actors, as well as the potential national security impacts of ransomware attacks carried out by criminal groups.

With today's rapidly evolving technology, we are witnessing an unprecedented level of change in the threat environment. It has become more complex, increasingly fluid, less predictable and consequently more challenging. Threat actors are conducting activities in the online space, simultaneously taking advantage of the technology that enables them to disguise their activities and their identities. Moreover, cyber actors have more opportunities than ever to conduct malicious activity as our world becomes increasingly interconnected.

We investigate the criminal elements as well as the hostile state cyber actors who conduct malicious activities to advance their countries' interests, whether they be political, economic, military, security or ideological. Hostile state actors seek to compromise computer systems by manipulating their users or exploiting security vulnerabilities to gain access to trade secrets or to achieve various objectives through the disruption of critical infrastructure and vital services. These types of activities are not going away, and in fact are currently on an upward trajectory.

CSIS has observed persistent and sophisticated state-sponsored threat activity for many years. We continue to see a rise in the frequency and levels of sophistication of this threat activity. Canadian companies in almost all sectors of our economy have been targeted and compromised.

Unauthorized, malicious access to Canada's critical infrastructure can have drastic consequences for the safety and security of Canadians. If you think about all the systems we rely on in our lives, including systems that support our telecommunications, energy, transportation, supply chain, health and financial activities, any interference with these systems can have unforeseen impacts on our personal safety, our well-being and our national security.

For example, the COVID-19 pandemic has given rise to an unprecedented number of individuals working from home offices, which are much less secure environments. This new standard of work increases the risk of exposure to malicious cyber-activities on networks and sensitive information. We have all heard accounts of cybercriminals conducting ransomware acts on companies and public institutions, including hospitals at the height of the pandemic.

The increasingly interconnected and global nature of security threats means that CSIS cannot fulfill its mandate in isolation. There is tremendous co-operation and ongoing work within the security and intelligence community to provide the Government of Canada with the best intelligence and advice possible concerning cyber-threat activity.

Today's global threat environment requires that each partner use their unique mandate and legal authorities to protect Canada and Canadians. That is exactly what CSIS has been doing and will continue to do.

Again, thank you for the opportunity to discuss this issue with you today. I am pleased to answer any questions.

Thank you, Mr. Chair, and members of the committee, for the invitation to appear today.

My name is Sami Khoury. I'm the head of the Canadian Centre for Cyber Security, often referred to as the Communications Security Establishment's cyber centre.

CSE, reporting to the Minister of National Defence, is one of Canada's key security and intelligence agencies, with the five-part cyber-centric mandate derived from the CSE Act introduced in 2019. We use our technical expertise across all five aspects of our mandate, and we do so to keep Canadians safe and secure.

I'd like to give you an overview of the current cyber threat landscape.

Clearly, the cyber threat environment is rapidly evolving. Cyber incidents, including those involving critical infrastructure, are increasingly numerous and sophisticated.

People rely on the Internet for a growing number of important daily activities, from banking, government services and health care to business and education, which puts them at risk. We saw that during the pandemic, when people had to become more reliant on digital infrastructure. Threat actors took advantage of the pandemic and stepped up efforts to exploit human and technological vulnerabilities.

In addition to this increase in cyber incidents, I'd like to highlight some of the specific trends we've observed.

We assessed that cybercrime remains the most likely threat to impact Canadians. Now and in the years ahead, Canadian individuals and organizations will continue to face online fraud and attempts to steal personal, financial and corporate information. We also assessed that ransomware directed against Canada will continue to target large enterprises and critical infrastructure providers. The protection of these organizations and networks is crucial to the productivity and competitiveness of Canadian companies and vital to Canada's national defence. While cybercrime is the most likely threat to impact Canadians and Canadian businesses, the state-sponsored cyber programs of China, Russia, North Korea and Iran pose the greatest strategic threat to Canada.

If you'd like to learn more about the cyber threats facing Canada, I encourage you to read CSE's “National Cyber Threat Assessment 2020”.

I am aware that Russia's invasion of Ukraine is a current cause of concern for the committee. I can't comment on our specific operations today, but I can confirm that we are keeping a close eye on cyber threat activity associated with those military manoeuvres.

Today, we're not aware of any specific threats to Canadian organizations in relation to events in and around Ukraine. But as the situation evolves, I can assure you we continue to monitor the cyber-threat environment in Canada and globally, including cyber-threat activity directed at critical infrastructure networks.

Although the trends I have outlined today seem quite worrisome, the cyber centre is working tirelessly with stakeholders and building strong partnerships across Canada to develop a shared awareness of the threat landscape and promote the necessary measures to protect and defend against them.

We continue to provide advice and guidance—largely informed by Russian cyber threats—to help Canadians and Canadian businesses become more cyber safe.

CSE is also sharing important cyber threat intelligence with Ukraine so that it can better defend its networks.

We are working with the Department of National Defence and the Canadian Armed Forces to support intelligence co‑operation and cybersecurity.

As Canada's cyber-threat environment rapidly evolves, we must all play our position. Cybersecurity is a “whole of society” concern. It will take all of our expertise and collaboration to protect Canada and Canadians.

Thank you again for the opportunity to appear before you today. I'm pleased to answer any questions you may have.

My understanding right now is that Canada regularly suffers thousands of cyber-threat attacks on a daily basis all across the country, and numerous organizations are under that attack. I wouldn't have for you actual stats on which particular countries those are coming from. I would leave that to my colleague Sami, but what I can say.... Or the quantity...let me correct that: I wouldn't know the quantity from each particular country. Sami may have better stats on that.

What I can say is that we certainly use all of the tools that we have in our tool box to investigate any of those threats—

Yes, I would. It is an ever-increasing issue, and it's something that we all need to be alive to.

As we have moved forward in technology advancement, there has been much more cyber-activity in that area and many more cyber-actors. Historically, we focused on state-sponsored attacks, but with the proliferation of tools, many more actors have entered the arena.

I can start with that one.

This is one of the things I worry very much about. The service investigates and tries to do a lot of outreach to inform our research industries and our companies that are involved in research and development. As you know, Canada is a top leader in research and development and has a lot of very valuable intellectual property.

There are numerous countries out there that would like to get their hands on that research without having to put the money and investment into it. For all those industries, we really work on outreach to try to increase that awareness so they can protect themselves.

We are also very focused on our critical infrastructure. Critical infrastructure is necessary to maintain our day-to-day lives, and that is another area that is very vulnerable and would need to ensure a very high level of protection and awareness.

Perhaps I can pass this to Mr. Khoury for some further comments.

Thank you for the question.

From the cyber centre perspective, our priority is to defend Canada against all sorts of cyber incidents, regardless of the sector, but we are paying particular attention to the critical infrastructure sectors to make sure they have the necessary tools to protect themselves.

In our national cyber-threat assessment of 2020, we called out the capabilities of the four of them—Russia, China, North Korea and Iran—as being state-sponsored programs of the greatest strategic threat to Canada. It's difficult to compare one against the other, but I would suggest that in the current context we have to be mindful of the geopolitical tensions and the Russian cyber-threats.

Anonymous, like many other organizations, brings a certain level of threat to the cybersecurity of a country. We've seen some of them align with Russia and some of them align with the Ukrainian cause in the context of the current geopolitical tension.

Again, we learn as much as possible from all of the incidents, and that's why we encourage all victims to report to us so that we can learn and promote new cybersecurity practices. We take all of that information, digest it and put out new advice and guidance.

I will defer to Australia to comment about the nature of the incident that—

We track the activities of Huawei and other telecom operators around the world, and that helps inform the security of the Canadian telecom infrastructure.

Again, we track all of these reportings. They help formulate the position of the cyber centre on how to protect the Canadian telecommunication infrastructure.