National Defence Committee on March 28th, 2022

Mr. Chair, members of the committee, good afternoon.

I'm Cherie Henderson, the assistant director of requirements at the Canadian Security Intelligence Service. Thank you for the opportunity to appear before you once again this year, this time to discuss cybersecurity, which of course is a very important topic.

As Canada's principal government agency responsible for investigating threats to the security of Canada, CSIS also investigates cyber-threats. As such, we employ all our investigative tools to collect intelligence on cyber-threat actors' exploitation of cyberspace to conduct espionage, sabotage and foreign-influenced activities against Canada and Canadians. CSIS also co-operates with a wide range of domestic and international partners.

Our unique value lies in our ability to collect intelligence on the nature and scope of hostile cyber-activities and the intentions of the actors behind them. This intelligence supports the mandates of our Government of Canada partners, enabling them to better formulate foreign and domestic policies, protect critical Canadian entities and strengthen our nation's overall cybersecurity posture.

Under the CSIS Act, the service also has the legal authority to use threat reduction measures in order to reduce cyber-threats to Canada. One of the most important challenges to address in protecting our national security is the sharing of timely and actionable intelligence. CSIS is addressing this particular challenge in a number of ways, including through regular outreach and partner engagement. We have delivered briefings to partners on the espionage and foreign influence threats posed by state cyber-actors, as well as the potential national security impacts of ransomware attacks carried out by criminal groups.

With today's rapidly evolving technology, we are witnessing an unprecedented level of change in the threat environment. It has become more complex, increasingly fluid, less predictable and consequently more challenging. Threat actors are conducting activities in the online space, simultaneously taking advantage of the technology that enables them to disguise their activities and their identities. Moreover, cyber actors have more opportunities than ever to conduct malicious activity as our world becomes increasingly interconnected.

We investigate the criminal elements as well as the hostile state cyber actors who conduct malicious activities to advance their countries' interests, whether they be political, economic, military, security or ideological. Hostile state actors seek to compromise computer systems by manipulating their users or exploiting security vulnerabilities to gain access to trade secrets or to achieve various objectives through the disruption of critical infrastructure and vital services. These types of activities are not going away, and in fact are currently on an upward trajectory.

CSIS has observed persistent and sophisticated state-sponsored threat activity for many years. We continue to see a rise in the frequency and levels of sophistication of this threat activity. Canadian companies in almost all sectors of our economy have been targeted and compromised.

Unauthorized, malicious access to Canada's critical infrastructure can have drastic consequences for the safety and security of Canadians. If you think about all the systems we rely on in our lives, including systems that support our telecommunications, energy, transportation, supply chain, health and financial activities, any interference with these systems can have unforeseen impacts on our personal safety, our well-being and our national security.

For example, the COVID-19 pandemic has given rise to an unprecedented number of individuals working from home offices, which are much less secure environments. This new standard of work increases the risk of exposure to malicious cyber-activities on networks and sensitive information. We have all heard accounts of cybercriminals conducting ransomware acts on companies and public institutions, including hospitals at the height of the pandemic.

The increasingly interconnected and global nature of security threats means that CSIS cannot fulfill its mandate in isolation. There is tremendous co-operation and ongoing work within the security and intelligence community to provide the Government of Canada with the best intelligence and advice possible concerning cyber-threat activity.

Today's global threat environment requires that each partner use their unique mandate and legal authorities to protect Canada and Canadians. That is exactly what CSIS has been doing and will continue to do.

Again, thank you for the opportunity to discuss this issue with you today. I am pleased to answer any questions.

My understanding right now is that Canada regularly suffers thousands of cyber-threat attacks on a daily basis all across the country, and numerous organizations are under that attack. I wouldn't have for you actual stats on which particular countries those are coming from. I would leave that to my colleague Sami, but what I can say.... Or the quantity...let me correct that: I wouldn't know the quantity from each particular country. Sami may have better stats on that.

What I can say is that we certainly use all of the tools that we have in our tool box to investigate any of those threats—

Yes, I would. It is an ever-increasing issue, and it's something that we all need to be alive to.

As we have moved forward in technology advancement, there has been much more cyber-activity in that area and many more cyber-actors. Historically, we focused on state-sponsored attacks, but with the proliferation of tools, many more actors have entered the arena.

I can start with that one.

This is one of the things I worry very much about. The service investigates and tries to do a lot of outreach to inform our research industries and our companies that are involved in research and development. As you know, Canada is a top leader in research and development and has a lot of very valuable intellectual property.

There are numerous countries out there that would like to get their hands on that research without having to put the money and investment into it. For all those industries, we really work on outreach to try to increase that awareness so they can protect themselves.

We are also very focused on our critical infrastructure. Critical infrastructure is necessary to maintain our day-to-day lives, and that is another area that is very vulnerable and would need to ensure a very high level of protection and awareness.

Perhaps I can pass this to Mr. Khoury for some further comments.

Thank you for the question.

From the cyber centre perspective, our priority is to defend Canada against all sorts of cyber incidents, regardless of the sector, but we are paying particular attention to the critical infrastructure sectors to make sure they have the necessary tools to protect themselves.

In our national cyber-threat assessment of 2020, we called out the capabilities of the four of them—Russia, China, North Korea and Iran—as being state-sponsored programs of the greatest strategic threat to Canada. It's difficult to compare one against the other, but I would suggest that in the current context we have to be mindful of the geopolitical tensions and the Russian cyber-threats.

Anonymous, like many other organizations, brings a certain level of threat to the cybersecurity of a country. We've seen some of them align with Russia and some of them align with the Ukrainian cause in the context of the current geopolitical tension.

Again, we learn as much as possible from all of the incidents, and that's why we encourage all victims to report to us so that we can learn and promote new cybersecurity practices. We take all of that information, digest it and put out new advice and guidance.

I will defer to Australia to comment about the nature of the incident that—

We track the activities of Huawei and other telecom operators around the world, and that helps inform the security of the Canadian telecom infrastructure.

Again, we track all of these reportings. They help formulate the position of the cyber centre on how to protect the Canadian telecommunication infrastructure.