Evidence of meeting #13 for National Defence in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was threat.
A recording is available from Parliament.
4:15 p.m.
Liberal
Darren Fisher Liberal Dartmouth—Cole Harbour, NS
That's really helpful. Thank you.
I think I know the answer to this, but where do most cyber-attacks or attempted cyber-attacks come from? More importantly, how do we defend against them as a country?
4:15 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
Cyber-attacks, from the perspective of the cyber centre, come from pretty much everywhere. We defend the government against cyber-attacks that come from everywhere, and also for different intents, be they state sponsored or criminal. To defend is to raise the bar and to put out, as much as possible, timely information. The measure of success here would be how quickly we detect it, how quickly we mitigate the incident and how quickly we turn it into a lesson learned so that we can help protect Canadians.
4:15 p.m.
Liberal
The Chair Liberal John McKay
Thank you, Mr. Khoury and Mr. Fisher.
Madame Normandin, you have two and half minutes to continue this shocking outbreak of collegiality.
4:15 p.m.
Bloc
Christine Normandin Bloc Saint-Jean, QC
Thank you, Mr. Chair.
I'm going to follow up on two of my earlier questions. The first relates to FINTRAC.
Should CSE and CSIS co‑operate more closely with FINTRAC to follow the money when it comes to the use of cryptocurrency by terrorist groups?
4:15 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
Thank you for your question.
We work closely with our FINTRAC colleagues, but we don't have a mandate to investigate. Oftentimes, cyber currency is used in cases involving ransom or other criminal activity, so I would refer you to the RCMP. This is more their responsibility.
4:15 p.m.
Bloc
Christine Normandin Bloc Saint-Jean, QC
Very good. Thank you.
Ms. Henderson, you brought up section 12 of the CSIS Act, which provides for overseas activity. I realize that the act provides for the possibility, but what I want to know is whether it would be a good idea to establish a service on a permanent basis. In other words, should a permanent foreign intelligence service be created to give CSIS a broader reach internationally?
4:20 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
CSIS is a domestic intelligence agency. As I said, we have the ability and the authority to investigate any threats overseas that are a threat against our national security. We do have representation overseas, as is publicly acknowledged—we have an officer in Paris, London and Washington—that supports any of the working relationships with our partners overseas.
We do have the ability to investigate to protect our national security.
4:20 p.m.
Bloc
Christine Normandin Bloc Saint-Jean, QC
My last question is for the both of you. It's a quick one.
As you know, some cyber-attacks are meant to extract payment of a ransom, and others are designed to destabilize a country.
How would you break down the cyber-attacks against Canada?
4:20 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
It's hard to put a figure on the number of incidents because they are under-reported. Not all cyber-attack victims report the incidents to us. I can talk about attacks against the government or its attack surface, but it's hard to draw a comparison with ransom-based attacks.
That said, the government is certainly an attractive target.
4:20 p.m.
NDP
Lindsay Mathyssen NDP London—Fanshawe, ON
Thank you.
Media reports have cited unnamed U.S. officials as saying that China has signalled a willingness to provide economic and military supports, potentially, to Russia's attack in Ukraine. What is the likelihood, in your estimation, that China would extend that support, perhaps or potentially in the form of co-operation on cyber-operations when it's targeting western nations—Ukraine and western allies?
That would be for both of you, I would say.
4:20 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
We know from, again, the cyber-threat assessments that China has a state-sponsored cyber program in the same way as Russia. We have to defend the government, and more broadly Canadian society, against both threats, be it a strategic threat against the government or international property theft or things like that.
On the nature of the relationship between Russia and China, I would defer to our intelligence colleague, who might be in a better position to speak about it.
4:20 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
I wouldn't want to speak particularly about the relationship between China and Russia, but I would say that both of them are extremely capable threat actors who will operate in their interests and what works best for their requirements.
4:20 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Thank you, Chair.
Thank you to the witnesses for being here.
It's nice seeing you again, Ms. Henderson. Hopefully, my question doesn't put you on the spot.
First, I will deal with a question from NSICOP, the National Security and Intelligence Committee of Parliamentarians. In their report, which I won't get into, because it's a long one, they cited and described the 2017 cyber breach of the Department of National Defence network that resulted in a theft by a state actor of significant amounts of information. The network in question was not part of the Shared Services Canada enterprise internet service, and therefore lacked protection by CSE's network sensors.
I'll ask you first, but I'm sure Mr. Khoury will weigh in as well. Importantly, the compromised network contained legacy technology that could not be patched and was therefore vulnerable to cyber-threats. Are DND and the Canadian Armed Forces now using up-to-date and fully patched technologies in all of their systems and networks?
4:20 p.m.
Assistant Director, Requirements, Canadian Security Intelligence Service
I wouldn't be able to answer that question. I don't know if Mr. Khoury would have a response for you on that front.
4:20 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
I would defer to DND to answer that question on the specific state of their IT.
4:20 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
I appreciate that from both of you. I know you have to be careful, but I mean, it was your organization that identified the problem. Are you still as alarmed that the problem exists that they still have some security vulnerabilities with unpatched technology?
4:20 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
We have worked tirelessly with DND but also with the rest of government to increase the coverage of the sensors that the cyber centre has made available to the government for defence. Definitely we are in a much better space today than we were in 2017.
As far as technology and legacy systems are concerned, I will defer to DND. They know their environment best to say whether or not certain technologies have been updated.
4:25 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Fair enough.
You mentioned just a second ago, Mr. Khoury, when I asked you how prevalent the issue is of unpatched legacy software in the federal systems and networks more generally, you said that you're getting better. Do we still have some vulnerabilities? I do not want you to identify them, but how are we doing as compared with even two or three years ago?
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
I would say we're much, much better, but patching a system is not without risk. Every department, including Shared Services and others, has to weigh in the impact of patching a system. Sometimes it breaks technology, or it breaks systems currently in use. I will defer to them to assess it.
We have put together quite a slew of security capabilities to protect the federal government that we're very proud of, at this point.
4:25 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Great.
As part of Canadian Armed Forces Operation Unifier, CSE is sharing threat intelligence with Ukraine and helping Ukraine defend itself against cyber-attacks. Are CSE and/or the Canadian Armed Forces engaging in active cyber operations as part of Operation Unifier?
4:25 p.m.
Head, Canadian Centre for Cyber Security, Communications Security Establishment
When we have seen cyber-activities directed against Ukraine, we have shared those cyber indicators with Ukrainian officials so that they can better defend their networks. Beyond that, on the question of cyber operations, I am unfortunately unable to answer that.
4:25 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
Okay. Fair enough.
On February 25 of this year, a day after Russia invaded Ukraine, Conti Group, a Russian-affiliated organized crime organization that specializes in ransomware attacks, pledged its support for the invasion, and threatened retaliation for any war activities directed at Russia. Other ransomware groups joined Conti Group in its pledge of support.
How have the threats of retaliation from Conti Group and other ransomware groups affected Canada's cyber-defence planning?
That question is for both of you.