Thank you, Mr. Chair, and members of the committee, for the invitation to appear today.
My name is Sami Khoury. I'm the head of the Canadian Centre for Cyber Security, often referred to as the Communications Security Establishment's cyber centre.
CSE, reporting to the Minister of National Defence, is one of Canada's key security and intelligence agencies, with the five-part cyber-centric mandate derived from the CSE Act introduced in 2019. We use our technical expertise across all five aspects of our mandate, and we do so to keep Canadians safe and secure.
I'd like to give you an overview of the current cyber threat landscape.
Clearly, the cyber threat environment is rapidly evolving. Cyber incidents, including those involving critical infrastructure, are increasingly numerous and sophisticated.
People rely on the Internet for a growing number of important daily activities, from banking, government services and health care to business and education, which puts them at risk. We saw that during the pandemic, when people had to become more reliant on digital infrastructure. Threat actors took advantage of the pandemic and stepped up efforts to exploit human and technological vulnerabilities.
In addition to this increase in cyber incidents, I'd like to highlight some of the specific trends we've observed.
We assessed that cybercrime remains the most likely threat to impact Canadians. Now and in the years ahead, Canadian individuals and organizations will continue to face online fraud and attempts to steal personal, financial and corporate information. We also assessed that ransomware directed against Canada will continue to target large enterprises and critical infrastructure providers. The protection of these organizations and networks is crucial to the productivity and competitiveness of Canadian companies and vital to Canada's national defence. While cybercrime is the most likely threat to impact Canadians and Canadian businesses, the state-sponsored cyber programs of China, Russia, North Korea and Iran pose the greatest strategic threat to Canada.
If you'd like to learn more about the cyber threats facing Canada, I encourage you to read CSE's “National Cyber Threat Assessment 2020”.
I am aware that Russia's invasion of Ukraine is a current cause of concern for the committee. I can't comment on our specific operations today, but I can confirm that we are keeping a close eye on cyber threat activity associated with those military manoeuvres.
Today, we're not aware of any specific threats to Canadian organizations in relation to events in and around Ukraine. But as the situation evolves, I can assure you we continue to monitor the cyber-threat environment in Canada and globally, including cyber-threat activity directed at critical infrastructure networks.
Although the trends I have outlined today seem quite worrisome, the cyber centre is working tirelessly with stakeholders and building strong partnerships across Canada to develop a shared awareness of the threat landscape and promote the necessary measures to protect and defend against them.
We continue to provide advice and guidance—largely informed by Russian cyber threats—to help Canadians and Canadian businesses become more cyber safe.
CSE is also sharing important cyber threat intelligence with Ukraine so that it can better defend its networks.
We are working with the Department of National Defence and the Canadian Armed Forces to support intelligence co‑operation and cybersecurity.
As Canada's cyber-threat environment rapidly evolves, we must all play our position. Cybersecurity is a “whole of society” concern. It will take all of our expertise and collaboration to protect Canada and Canadians.
Thank you again for the opportunity to appear before you today. I'm pleased to answer any questions you may have.