National Defence Committee on Feb. 14th, 2023

I'll start and then hand it over to the admiral in case he'd like to add something.

The Canadian Armed Forces have the authority to conduct offensive cyber-operations in the context of approved military missions. In those, it's the Canadian Armed Forces leading and conducting offensive cyber-operations under their own authorities, often with assistance from colleagues at the Communications Security Establishment.

There are other offensive cyber-operations that are conducted under CSE authorities, under the CSE act. I think you had previous witnesses from CSE who would be much more qualified than I am to speak in detail about how those operations are conducted. Equally, as the admiral mentioned, when CSE is conducting offensive cyber-operations under the CSE act, they are able to reach over to the Canadian Armed Forces for assistance as required under section 20 of the act.

I have nothing else to add to that, Jon.

I won't be able to give you definitive numbers with respect to the sizes because I don't have the numbers for CSE. That's not within my area of responsibility.

With respect to the importance of the two teams working together, as I had previously indicated, the teams work together day in and day out, every single week. We have embedded personnel in each other's teams so that we understand each others' techniques, tactics and policies and can best support each other to meet our respective operational requirements.

At the various levels, we meet regularly. I meet with my CSE counterparts on a weekly basis in certain meetings and more globally on a monthly or quarterly basis. Those relationships are absolutely essential to ensuring that both organizations have the tools and the capabilities available to each other.

Unfortunately, I cannot answer that question, as I don't know what technology is on those high-altitude objects. I would not want to speculate on what the capabilities are or are not.

Radio telescopes are not within my area of expertise. I would not be able to answer that question.

I can't respond to that question, as I believe the two examples with respect to transport in the U.S. and in Canada were linked to software issues. They were not cyber-related, to the best of my recollection. It was several weeks ago. I have no understanding of the link between that and the high-altitude objects, as I've not read into that file.

The response to that is obviously quite complicated, as it depends on the technologies. I will indicate, as a naval officer and naval engineer, that underwater techniques are some of the most difficult to jam. They're also the most difficult to communicate with because of the medium.

I'll leave my answer at that because, again, it's not my area of expertise and it's not within my area of responsibility at this time.

I am not an expert on the components that go into the Canadian Armed Forces' capabilities. My suspicion is that there probably are some components of the Canadian Armed Forces' capabilities that have components that were manufactured in China, but I'm not an expert on that. I'm sorry.

As I previously indicated, the Canadian Armed Forces take responsibility for defending our networks and IT systems. We have various means and ways to protect our networks and the systems that are being used. We have levels at different granularity. We start off at perimeter defence, which is the external networks, and it goes all the way down to host space, which is, as an example, a laptop or a computer.

Of course, due to security classifications I cannot go into details in this room on how that's done, but it is something that we do on a daily basis to protect our networks.