CSE's annual report gives some details about the cyber campaigns it's waging to safeguard national security
Canada's electronic spy agency says it's used its arsenal to try and stop foreign extremists from recruiting Canadians and sharing violent material online.
The acknowledgement is nestled in the Communications Security Establishment's annual report made public Tuesday, which points to recent cases where it flexed its cyber muscles.
While the details are largely sanitized in the report, the examples shed some light on how the foreign signals intelligence agency has been using the
active cyber capabilities granted to it by the Liberal government in 2019.
CSE has both defensive capabilities and what are called
active capabilities — which allow it to disrupt foreign online threats to Canada's system.
In its Tuesday report, CSE said it has used its active cyber operations capabilities to disrupt the efforts of foreign-based extremists to
recruit Canadian nationals, operate online and disseminate violent extremist material.
- Microsoft says hackers got further into its systems than the corporation previously thought (new window)
- Spyware used on separatists in Spain 'extensive,' Canadian cybersecurity group's investigation reveals (new window)
I can't speak to the specific details of the operation, I can say that CSE in our foreign intelligence program and in our cyber program, are concerned with extremism of any sort, whether religious or ideologically motivated, Dan Rogers, associate chief at the agency, told CBC News.
If violent extremist organizations were trying to use an online platform to recruit Canadians or to disseminate material online, preventing that from working as intended would be an element of disruption that we would engage in under the foreign cyber operations mandate.
The annual report also said it has triggered those active powers to assist the Canadian Armed Forces in support of
their mission, although few other details are provided.
The agency has said it has supported the military in Ukraine and Eastern Europe as well as its missions in Iraq, Jordan, and Lebanon.
As previously reported, (new window) CSE has also acknowledged that it has used its cyber operations on cyber-criminals
to impose a cost on the people behind these kinds of incidents.
CSE has embarked on a long-term campaign designed to reduce the ability of cyber-crime groups to target Canadians, Canadian businesses and institutions, reads the annual report
Millions in budget to prop up operations
Rogers said that campaign is
starting to have an effect.
CSE said it expects to run more long-term operations now that the Liberals have pledged millions of dollars to the agency in this year's budget.
Rogers said before that, they conducted those activities by reallocating internal resources.
Which is why in the last few years, we've had successes, but they've been limited by the number of resources, he said.
If we have the ability to take threat actors infrastructure offline before it affects Canadians, before it causes significant damage in Canada, that's what we'll seek to achieve, Rogers said.
The report said in the leadup to the 2021 election CSE had its defensive cyber operations authorities in place in case there was a malicious cyber threat against the electronic infrastructure used by Elections Canada.
According to the 2021/22 report, the federal defence minister issued three authorizations for foreign cyber operations: two active and one defensive.
The minister of defence can authorize an active operation, with the foreign affairs minister's consent, if the action deemed reasonable, proportionate and if the objective could not reasonably be achieved any other way.
There are restrictions: the action can't cause bodily harm, target Canadians or interfere with democracy.
The Intelligence Commissioner, the person meant to provide independent external oversight of CSE's foreign intelligence and cyber security authorizations, has sometimes taken issue with the linkages used by the minister to justify the authorizations.
In 2019 Jean-Pierre Plouffe wrote that some ministerial conclusions
were insufficient or non-existent.
Last year Plouffe approved four of five authorizations from the minister of defence.
He deemed both active cyber authorizations reasonable. He also received three foreign intelligence authorizations — needed for activities like intercepting private communications — and deemed two reasonable and one
The intelligence commissioner felt that more information was required to make a reasonable decision there. And that's something that we respect and that we'll be working on going forward, said Rogers.
Intelligence aid in Ukraine
The 2021/22 report also briefly touches on how the foreign signals intelligence agency has responded to the Russian invasion of Ukraine. CSE has a mandate to intercept and analyze electronic communications and other foreign signals to inform the Canadian government about the activities of foreign entities that seek to undermine Canada's national security.
The agency said it's been providing "timely and relevant foreign signals intelligence reporting.
For example, we supported operations to repatriate Canadian diplomatic personnel from Ukraine by providing intelligence on potential risks affecting them, said the report.
We continued to provide technical and operational assistance to Operation UNIFIER, the Canadian Armed Forces mission in support of Ukraine. This included intelligence sharing and cyber security support.
CSE said it has also been tracking Russian-backed disinformation campaigns related to the war in Ukraine, including antisemitic, anti-LGBTQ, anti-immigrant, anti-globalist conspiracy theories, false stories about Canadian forces committing war crimes, disinformation about NATO allies and claims that the U.S. established military bio-labs in Ukraine.
Last year CSE said it reported on a range of foreign-based threats, including cyber threats from hostile states, espionage, disinformation campaigns, kidnappings of Canadians abroad, terrorism and extremism, including ideologically motivated violent extremism and threats to Canadians and Canadian forces abroad.
Rogers wouldn't say if the kidnappings mentioned in the report referred to the detention of Michael Spavor and Michael Kovrig, who were released from detention in China last year after 1,019 days. Their arrests were seen as retaliation for the arrest of Huawei (new window) telecoms executive Meng Wanzhou (new window) in Vancouver in 2018.
I wouldn't want you to read into that any specific cases because we can't speak to those cases. But certainly, a big part of our foreign intelligence mandate is to protect Canadians when they are in harm's way, wherever that may be in the world, he said.
The report said it also shared foreign signals intelligence with Global Affairs Canada and the armed forces to help airlift Canadians out of Kabul after the Taliban's return to power in Afghanistan last summer.
Catharine Tunney (new window) · CBC News