Evidence of meeting #13 for National Defence in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was threat.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Cherie Henderson  Assistant Director, Requirements, Canadian Security Intelligence Service
Sami Khoury  Head, Canadian Centre for Cyber Security, Communications Security Establishment
Benoît Dupont  Professor and Canada Research Chair in Cybersecurity, Université de Montréal, As an Individual
John Hewie  National Security Officer, Microsoft Canada Inc.

3:55 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

My understanding is that it's a group from the armed forces working within CSE. Is that right?

3:55 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Sami Khoury

I would prefer to get back to you in writing, if I may.

3:55 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

Thank you.

My next question is for both of the witnesses.

I want to know whether Canada was forced in any way to contract out services to the private sector to meet its requirements, say because of a lack of skills, personnel or equipment. Has Canada ever had to do that?

3:55 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Sami Khoury

The Canadian Centre for Cyber Security plays an important role in the integrity of our supply chains. If we had to examine the privatization of a service—within the federal government, I mean—we would have a hand in evaluating the program.

If you're talking about a domestic threat, I would refer you to Ms. Henderson, who can provide more clarity on that.

3:55 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

Actually, my question was more about whether CSE or CSIS had ever turned to the private sector to fill gaps in internal capacity and thus meet operational requirements.

3:55 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Sami Khoury

Of course, we work with private sector stakeholders on a number of issues. In some cases, they provide us with details related to cyber threats. I would say the relationship is more complementary, but when it comes to cyber incidents, there are things that CSE does not do.

For example, the private sector is responsible for helping a victim get back on track.

3:55 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

Very good. Thank you.

I have a follow‑up question for Ms. Henderson, but Mr. Khoury, you may wish to answer as well.

For a few years now, the possibility of setting up a foreign intelligence service has been talked about. CSIS focuses a lot more on domestic assessments. In terms of human resources, CSIS doesn't have personnel on foreign soil.

In light of the war in Ukraine and new threats facing Canada, is that an idea Canada should entertain? I'm referring to a model along the lines of the CIA.

4 p.m.

Assistant Director, Requirements, Canadian Security Intelligence Service

Cherie Henderson

Thank you for your question. I'm going to switch languages to answer.

This is another very interesting question. What I would say is that, under section 12 of the CSIS Act, we can do an investigation overseas if it is determined that there is a threat to our national security. What we cannot do overseas is any activity under section 16 of the CSIS Act, which is allowing us to collect political information or economic information in the support of national defence or foreign affairs.

Under section 12—threats to the security of Canada—it's not an issue. It's under section 16 that we must remain within Canada to collect any intelligence.

4 p.m.

Bloc

Christine Normandin Bloc Saint-Jean, QC

Thank you.

I'll have follow‑up questions the next time around, Mr. Chair.

4 p.m.

Liberal

The Chair Liberal John McKay

Thank you. We're going to have to leave it there.

Madam Mathyssen, you have six minutes. Go ahead, please.

4 p.m.

NDP

Lindsay Mathyssen NDP London—Fanshawe, ON

Thank you so much to both witnesses.

Thank you, Mr. Chair.

We've, of course, seen the weaponizing of social media. Here in Canada online troll farms have been set up. There's been such a sowing of distrust and hate and online conspiracy theories. We've seen them potentially interfere in our elections, and certainly within general society.

The NDP have called on the government to convene a national working group to counter online hate and protect public safety. In what ways can we make social media platforms legally responsible for furthering that mistrust and that interference in elections and those online conspiracies, and for removing that extremism before it can cause real harm?

4 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Sami Khoury

In the “National Cyber Threat Assessment 2020”, we mentioned that the Internet was at a crossroads and that we are seeing more and more misinformation and disinformation that's not limited to political campaigns or election periods. We're seeing much broader use of misinformation and disinformation. We're definitely seeing it in the context of the Russia-Ukraine conflict.

From a cyber centre perspective, we are calling out those activities. We're not a regulatory agency, so we're not here to offer a comment on the social media platforms themselves. Rather, it's about how we can work with Canadians, at large, on identifying misinformation and disinformation, on being informed readers, on making sure that they get the news from reputable sources—in terms of both a news perspective and an IT perspective—and making sure that the domain that's hosting the information is reputable too.

We put out a bulletin very recently, two or three weeks ago, specifically on disinformation and misinformation and malinformation. We hope people will read it and draw from it some nuggets of information that will help them in their information gathering or in their social media presence.

4 p.m.

NDP

Lindsay Mathyssen NDP London—Fanshawe, ON

So you're putting the onus upon individuals themselves. You don't see any role, per se, in terms of what role social media companies need to play in this. Is that what you're saying?

4 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Sami Khoury

From the cyber-centre perspective, our role is to defend the country from cybersecurity incidents and give Canadians and Canadian businesses the necessary tools to raise the cybersecurity bar.

We are not an agency or a centre that is here to regulate social media. I will defer to other government agencies to maybe answer that element of the question.

4 p.m.

NDP

Lindsay Mathyssen NDP London—Fanshawe, ON

Okay.

Ms. Henderson, do you say the same as Mr. Khoury, or something slightly different?

4 p.m.

Assistant Director, Requirements, Canadian Security Intelligence Service

Cherie Henderson

I believe that Mr. Khoury has answered the question. Neither of our two agencies is here to regulate social media platforms. That is the responsibility of other departments and perhaps society as a whole, as to how we want to manage that situation.

4:05 p.m.

NDP

Lindsay Mathyssen NDP London—Fanshawe, ON

Okay. Changing topics a little bit, in terms of recruitment and retention, we have certainly heard a great deal about the challenges that the Canadian Armed Forces has in that regard.

Can you comment on whether or not CSIS has faced similar challenges in terms of recruiting and ensuring that we have the necessary talent within the ranks to tackle those cyber-threats that we're discussing today.

4:05 p.m.

Assistant Director, Requirements, Canadian Security Intelligence Service

Cherie Henderson

CSIS has a very active recruitment program to look for the right talent, and we are always exploring new ways to find the right talent and bring them into the service.

There are many Canadians out there who are extremely interested in working in national security in our department, and we are finding ways to encourage them to join and encourage them to stay. You mentioned retention. With the changing work environment, that sometimes gets a little challenging in a national security world, but we are looking at all avenues to recruit and retain our staff.

4:05 p.m.

NDP

Lindsay Mathyssen NDP London—Fanshawe, ON

Earlier at our committee, several weeks ago now, we had an expert come before us, Christian Leuprecht, from RMC. He told the committee that there simply aren't enough resources to attract talent into the Canadian Armed Forces. He said that the CAF, for example and specifically, is competing against about 200,000 unfilled cyber-positions in North America.

Again, that challenge is getting the right people through the door and interested in the idea of national security. Does CSIS find the same problems and issues in terms of that huge competitive nature of the industry?

4:05 p.m.

Assistant Director, Requirements, Canadian Security Intelligence Service

Cherie Henderson

CAF is a much larger organization than we are, so they would have much different types of recruitment challenges than we do. We certainly have witnessed a huge interest in working for this service just from the volume of applications that come to us on a regular basis.

4:05 p.m.

Liberal

The Chair Liberal John McKay

Thank you, Ms. Mathyssen. That completes the first round.

The second round starts with Mr. Doherty.

I see that we have 25 minutes' worth of questions and 20 minutes. I'm going to let it go at five minutes a pop and we will just start late.

Mr. Doherty, you have five minutes.

March 28th, 2022 / 4:05 p.m.

Conservative

Todd Doherty Conservative Cariboo—Prince George, BC

Thank you, Mr. Chair, and thank you to our guests for being here.

I will pose this question to both Mr. Khoury and Ms. Henderson. It's very straightforward.

Does Huawei pose a threat to Canadian safety and security?

4:05 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Sami Khoury

From a cyber-perspective, the security of the telecom infrastructure is something we take very seriously. The government is conducting an examination of these emerging technologies and notes that a decision will be announced in due time.

In the meantime, we are working with partners and other agencies to mitigate the risks stemming from the use of these designated technologies, including the Huawei entity.

4:05 p.m.

Conservative

Todd Doherty Conservative Cariboo—Prince George, BC

Ms. Henderson.

4:05 p.m.

Assistant Director, Requirements, Canadian Security Intelligence Service

Cherie Henderson

I'm not going to speak specifically to Huawei, but I would note, further to a response to a question I answered earlier, that the Chinese national security law compels any of these companies to engage in activities in support of the government's requirements.