Evidence of meeting #48 for National Defence in the 44th Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cse.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Sami Khoury  Head, Canadian Centre for Cyber Security, Communications Security Establishment
Alia Tayyeb  Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment
Aaron Shull  Managing Director and General Counsel, Centre for International Governance Innovation
Wesley Wark  Senior Fellow, Centre for International Governance Innovation
Clerk of the Committee  Mr. Andrew Wilson

3:40 p.m.

Conservative

The Vice-Chair Conservative James Bezan

I call this meeting to order.

We're here at meeting 48. We welcome here today the Communications Security Establishment, CSE, for the first part of our study on cybersecurity and cyberwarfare, pursuant to Standing Order 108(2).

I'm not going to be able to give us the full hour because we're starting 10 minutes late, so we're going to do 55 minutes in this round and 55 minutes in the next round with our next set of witnesses.

Joining us for the first hour, we have Sami Khoury, who is the head of Canadian centre for cybersecurity; and Alia Tayyeb, who is the deputy chief of signals intelligence at CSE.

I will open up the floor. You have seven minutes between the two of you to bring forward your opening remarks.

3:40 p.m.

Sami Khoury Head, Canadian Centre for Cyber Security, Communications Security Establishment

Thank you, Mr. Chair and members of the committee, for the invitation to appear today.

My name is Sami Khoury. My pronouns are he and him. I am the head of the Communications Security Establishment's Canadian centre for cybersecurity, known as the cyber centre.

I am joined today by my colleague, Alia Tayyeb. She is the deputy chief of CSE's signals intelligence branch.

I'm glad to appear before the committee to discuss cybersecurity and cyber operations.

As this is the first meeting of your study, I'd like to begin by providing an update on the current cyber-threat landscape and what CSE is doing to protect Canada and Canadians. I will largely focus on the cybersecurity aspect of our mandate, whereas my colleague, Ms. Tayyeb, will focus on the foreign intelligence piece of CSE's mandate, our support to partners, and our active and defensive cyber-operation capabilities.

Now, more than ever, we understand that cybersecurity is the foundation of Canada's future: for our digital economy, our personal safety and privacy, and our national prosperity and competitiveness. In October, the cyber centre released its third national cyber-threat assessment. This report outlines the current cyber-threat environment.

One of the key points in the report is that cybercrime remains the largest cyber-threat to Canadians and that critical infrastructure is the main target of cybercriminals and state-sponsored threat actors.

Ransomware, specifically, was prominent in the past two years, and it remains a persistent threat to Canadian organizations. The state-sponsored cyber-programs of China, Russia, Iran and North Korea continue to pose the greatest strategic cyber-threat to Canada. In the face of these threats, and as Canada's technical and operational authority on cybersecurity, CSE defends Government of Canada networks and the cyber centre leads the government's response to cyber-incidents. However, cybersecurity is not solely a federal government responsibility or concern, as cyber-threats continue to target and impact Canadian individuals and organizations.

CSE works with partners in the industry, including those outside government, sharing information about threats and best practices in cybersecurity. The Canadian Centre for Cyber Security regularly publishes guidance and expert advice for Canadians.

Moving forward, to continue to adapt to the evolving threat environment, bolster defences and help better protect Canada and Canadians, we hope to see the continued progress of Bill C-26, an act respecting cybersecurity, in Parliament. This legislation would establish a regulatory framework to strengthen cybersecurity for services and systems that are vital to national security and public safety and give the government a new tool to respond to emerging cyber-threats.

We also look forward to continued work to support public safety in the renewal of Canada's national cybersecurity strategy. The renewed NCSS will articulate Canada's long-term strategy to protect our national security and economy, deter cyber-threat actors and promote norms-based behaviour in cyberspace.

For CSE, the renewal of the strategy provides an opportunity to review the situation and build on what the Canadian Centre for Cyber Security has achieved over the past five years. The creation of the centre was actually one of the main initiatives set out in the National Cyber Security Strategy, developed in 2018.

Finally, as we work to build relationships with Canadian industry and other levels of government, we are also focused on collaboration with our international partners, in the Five Eyes and beyond.

I will now hand it over to my colleague, Ms. Tayyeb, to speak to her area of responsibility.

February 7th, 2023 / 3:40 p.m.

Alia Tayyeb Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Thank you, Sami.

As my colleague noted, I am the deputy chief of CSE, signals intelligence branch, and I'm also responsible for the foreign cyber-operations aspect of the CSE mandate. My pronouns are she and her.

As mentioned, the severity of cybercrime and cyber-incidents targeting Canadians and Canadian critical infrastructure, both public and private, is growing exponentially. Beyond cybercriminals, however, state and state-sponsored cyber-actors also pose a continuing threat to Canada. Through CSE's foreign intelligence mandate, we continue to provide intelligence on foreign cyber-threats, including the activities and intentions of state and non-state actors, which is used by government clients, including the cyber centre, to defend Canada.

Recognizing the evolving threat landscape, the CSE Act came into force in August 2019, which allowed CSE to expand its tool suite to conduct active and defensive cyber-operations, together referred to as foreign cyber-operations.

Since being granted these new powers, CSE has leveraged its cyber operations capability to hinder the efforts of foreign-based extremists seeking to recruit Canadians, to carry out online campaigns and to disseminate violent extremist content.

We have also used these authorities to disrupt the activities of cybercriminals planning ransomware attacks.

Recognizing the importance of investing in cyber-resilience and bolstering Canada's capability, budget 2022 provided Canada's first stand-alone investment in its cyber-operations capability, earmarking $273.7 million over five years and $96.5 million ongoing annually for CSE to build its foreign cyber-operations capabilities and conduct a specific range of cyber-operations focused on countering cybercriminals and protecting Canadian critical infrastructure from cyber-attacks.

Further to CSE's role of providing assistance, CSE has also used its capabilities to support the Canadian Armed Forces in carrying out its mandate.

Our allies, international partners and adversaries all invest heavily in their capabilities, working to build broad-based cyber operations capacity. It goes without saying that CSE monitors cyberspace closely to ensure a responsive approach in protecting Canada and defending its interests.

As the cyber-threat landscape in Canada continues to evolve, CSE is dedicated to advancing cybersecurity and increasing the confidence of Canadians in the systems they rely on daily.

With that, I thank you for the opportunity to appear before you today, and I look forward to answering any questions you may have.

3:45 p.m.

Conservative

The Vice-Chair Conservative James Bezan

Thank you for your opening remarks.

We'll kick off the first round of six-minute questions.

Ms. Gallant.

3:45 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

Thank you, Mr. Chairman.

I'd like, first of all, to put a motion on notice. I believe the motion will be distributed. It is:

That the Standing Committee on National Defence invite the Minister of National Defence, the Hon. Anita Anand and the Deputy Commander of NORAD, Lt. General Alain Pelletier, to provide a briefing of no fewer than two hours concerning the foreign airship from the People's Republic of China that recently violated Canadian airspace, and that the briefing be held in public within the next four days.

3:45 p.m.

Conservative

The Vice-Chair Conservative James Bezan

Okay, that is on notice.

You have the floor. You have five and a half minutes left.

3:45 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

Mr. Chair, through you to CSE, how and when was CSE made aware of the Chinese balloon in our airspace?

3:45 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

As the minister said over the weekend, she indicated that we've been working very closely with our U.S. allies on this matter, particularly through NORAD, which had been tracking this high-altitude balloon and monitoring its activities since last weekend, I believe.

However, I think it would be better placed for the CAF to answer more specifics on that question.

3:45 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

Has the CSE been made aware of similar instances or incursions in the last 10 years?

3:45 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

From the balloons...?

3:45 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

That's correct.

3:45 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

I'm unsure about how to answer that question at this time without getting into what could be intelligence or operational details, so I would have to defer to my Canadian Armed Forces colleagues on this question.

Thank you.

3:45 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

Did the CSE play a role in electronic warfare or blocking or jamming the devices attached to the spy balloon?

3:45 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

Again, I apologize that I am not able to answer your question. I hope you can understand that, in matters of intelligence and operations, I wouldn't be able to provide any further details on this question.

Thank you.

3:45 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

Okay, let's get back to the first question that was answered. When exactly did the CSE learn of the Chinese balloon in Canadian airspace?

3:45 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

I wouldn't want to provide you with an incorrect answer, so if you'll permit me, I could verify that information exactly and return to the committee.

3:45 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

I'm not interested in when the armed forces.... I'm interested in when CSE first learned of its existence.

3:45 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

My understanding is that it was sometime over the last...two weekends ago. I'd have to get the exact date for you, but I'd rather be precise and return to you with a more detailed answer.

3:50 p.m.

Conservative

The Vice-Chair Conservative James Bezan

If you could return in writing with that answer, we'd appreciate it.

Thank you.

3:50 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

Absolutely.

3:50 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

How did the CSE learn of it? Was it with its own equipment, or was it notified by another part of the government, National Defence or NORAD?

3:50 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

Again, just to be absolutely precise and not to mislead anyone at the committee, if I could return to you in writing on that question, it would be very much appreciated.

3:50 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

Okay.

Given the unknown nature of the payload of the Chinese balloon, whatever it was carrying, was there an additional risk to cybersecurity or of cyberwarfare that was or was not addressed by the CSE?

3:50 p.m.

Deputy Chief of Signals Intelligence (SIGINT), Communications Security Establishment

Alia Tayyeb

What I can say is that we do work very closely with our U.S. allies in addition to the Canadian Armed Forces and all other Canadian agencies who would have been monitoring this event. We would be monitoring for any risk to Canadian information, Canadian assets or Canadian infrastructure in partnership with those agencies.

3:50 p.m.

Conservative

Cheryl Gallant Conservative Renfrew—Nipissing—Pembroke, ON

You haven't clarified how you found out, but if CSE learned of the balloon in the same way most Canadians did—through the news—how would you advise changing any of the protocols related to incursions into Canadian airspace?