National Defence Committee on Feb. 7th, 2023

Sure.

Thanks very much. That's a fantastic question.

We've found an excellent partner in the Canadian Armed Forces in terms of what we call “force generation”: developing a new workforce to be interested in the cyber domain.

CSE also works very closely with U.S. Cyber Command in this field. We do talk about workforce strategies in terms of building the expertise we need in order to have successful tools to meet the challenges of the future.

Thanks for that question.

Indeed, we definitely do not work independently. We work very closely with the Canadian Armed Forces and the Department of Foreign Affairs.

The Department of Foreign Affairs, in fact, is required for active cyber-operations. The Minister of Foreign Affairs is required to provide her consent for those operations. We work very closely in the planning and development of those operations and assessing the risks.

On the CAF, we essentially have a combined workforce, where we have embedded officers in both areas so that we continue to work effectively on this aspect of our mandate.

Thank you.

No, actually, I meant that we are investing in retention and making sure that we continue to be an employer of choice: to provide our staff with an environment where they can thrive, with the training opportunities they need. We are also, on retention—

Thank you again.

We're constantly hiring. The demand on our services is growing. We are busy hiring as much as we can.

Thanks for the question. I'll take a first stab at it and maybe turn to my colleague Alia for a follow-up.

Before the invasion of Ukraine started, we had been communicating to our partners the threat of Russian cyber-activities. Russia is a formidable cyber-actor, and we have been communicating as much as possible for people to take the threat seriously.

From a Ukrainian perspective, they've been the victim of Russian cyber-aggression since 2015 and 2016, when it affected the power grid. Over the years, Ukraine has been building resilience. With the help of the west tipping them off, they have fended off a number of cyber-attacks that Russia unleashed on Ukraine in the early days of the war.

We have learned a lot from these cyber-attacks that Russia has unleashed on Ukraine. We have quickly turned around and published or issued cyber-flashes, so that, in case there is any spillover effect in North America, or at least in Canada, we are prepared to share as much as possible with critical infrastructure and businesses about what some of these indicators are.

Yes, indeed. Maybe just further on the aspect of your question in terms of what we've seen Russia do in Ukraine, I think there has been a considerable amount of information—including in open sources—documenting Russia's use of cyber-tools against Ukraine in its most recent conflict and the use of those cyber-attacks and cyber-threats against Ukraine in conjunction with their kinetic attacks, the most prominent example being the disabling of satellite communications over Ukraine in the lead-up to the war.

For us, what we would call “hybrid warfare”, the use of cyber-tools along with kinetic tools, has been well documented in this conflict, both by the cyber centre and, in fact, by Microsoft, which did an excellent study on mapping out those two capabilities and how they were used together in this conflict.

Thank you for this question.

We have called out those four nation-states in our third national cyber-threat assessment. They have a variety of motivations to go against Canada by targeting Canadian individuals, by compromising some technology through worldwide campaigns, by targeting Canada's economic value or by pursuing financial gains.

For example, we know that Iran is using cybercriminal tools to avoid attribution. This is one of their techniques. China is going after research, technical data, business intellectual property and military capabilities. North Korea is very much interested in enhancing its economic value by stealing credentials and then stealing funds.

They each have a motivation to conduct those activities or to at least go after a certain aspect of Canadian society to further their own interests.

I think Sami described it well.

We are constantly surveying the space in terms of looking for new tactics and techniques that are used by ransomware actors to target Canadians. It is an evolving space, and it's something that requires a dedicated effort to follow up on to make sure that we continue to protect Canadian infrastructure.

The information-sharing mechanism is very effective and very transparent, especially between the members of the Five Eyes alliance. We work in partnership to address all the threats we've discussed today.

We have very close relationships with our partners in those organizations. We have other allies all over the world that we share information with. These threats affect all of us. I would say that we have very good relationships in this sphere.

I'll pass it over to Mr. Khoury now.