Good afternoon, Mr. Chair, and thank you for the opportunity to appear today. My name is Sami Khoury and I am the head of the Canadian Centre for Cyber Security, also known as the cyber centre, within the Communications Security Establishment. I’m joined by my colleague Samantha McDonald, assistant deputy minister of the innovative business strategy and research development branch at CSE.
For those who may be unfamiliar with us, the Communication Security Establishment, often referred to as CSE, is Canada's national cryptologic agency, providing the government with information assurance and foreign signals intelligence.
The cyber centre is part of CSE and serves as a unified source of expert advice, guidance and support on cybersecurity operational matters. The cyber centre works very closely with Samantha’s branch at CSE in the fields of cryptography, cybersecurity, vulnerability research, high-performance computing, data science and artificial intelligence.
Partnership is at the very core of what the cyber centre does, because ensuring and strengthening Canada’s online security is a responsibility shared by stakeholders across the country.
We work in collaboration with Canadian businesses, critical infrastructure, law enforcement, and external partners like researchers and academia to raise Canada’s collective cyber security bar.
A significant component of this collaboration involves sharing important information with Canadians and Canadian businesses about the cyber-threats Canada faces.
Informed by our classified sources, we release public reports like the National Cyber Threat Assessment, also known as the NCTA.
One of the most prominent of these threats is state-sponsored cyber-threat activity against Canada, which is a constant and ongoing threat. In the 2023-24 NCTA, we shared that state-sponsored threat actors engage in commercial espionage, targeting intellectual property and other valuable business information. They do so with the goal of sharing stolen information with state-owned enterprises or domestic industry in their home country.
We reported that over the next two years, Canadian organizations with information of value to foreign states will almost certainly continue to be targeted by malicious cyber threat activity from state-sponsored actors.
While we assess that the state-sponsored cyber-programs of China, Russia, Iran and North Korea continue to pose the greatest strategic cyber-threats to Canada, we also know that cyber-threats can come from anywhere at any time. Consequently, CSE takes a country-agnostic approach, focusing on combatting the cyber-threat activity Canada faces—