Professional Documents
Culture Documents
CSE does not direct its foreign intelligence activities at Canadians or anyone in Canada.
Privacy protections are built into the laws and policies governing CSEs activities. The Ministerial Directive
on Privacy requires that measures be taken to protect the privacy of Canadians, and that appropriate
policies and procedures are in place for the handling, retention, use and destruction of information about
Canadians.
The independent CSE Commissioner and his staff review CSEs activities. In 17 years, the CSE
Commissioner has never found CSE to have acted unlawfully.
To provide some broader context on the cyber threat environment:
The cyber threat environment is incredibly complex and is constantly changing and evolving. Government
of Canada networks and systems represent a large infrastructure to protect: there are more than 57,000
servers and 9,000 internet connections. Government networks are an especially attractive target to
various cyber threat actors. Government systems are probed 75-80 millions of times each day.
Cyber threat actors are constantly probing government systems and networks looking for vulnerabilities.
These threats are persistent. Malicious cyber activities are becoming more frequent and more
sophisticated. The information they target within government systems cover a variety of subjects,
including for example, intellectual property for economic advantage; national security and defence
information; or personal information that can be used for on-line criminal activity.
There are four broad categories of cyber threat actors:
Hacktivists, activists who attempt to infiltrate computers and computer networks;
Criminals, who use the internet as an underground economy rooted in criminal activity;
Terrorist organizations, or their proxies, who use cyber space to disrupt activity on legitimate sites and
post propaganda; and
Nation states, who conduct cyber operations mostly to enable espionage and disruptive or destructive
activities. CSE estimates that there are now more than 100 nations that possess the ability to conduct
cyber operations on a persistent basis.
CSE defends government networks from malicious cyber activity using techniques similar to the defensive
measures that any responsible large system operator would take using commercial technologies.
However, in addition, CSE uses its foreign intelligence capabilities to identify and to better understand the
nature and methods of foreign threat actors who are trying to exploit our systems. With this knowledge,
CSE broadens protective measures against malicious cyber activities beyond what is commercially
available.
As noted in Canadas Cyber Security Strategy of 2010, cyber is a borderless global issue, and it needs
global approaches and solutions. Internationally, CSE works with its partners in the Five Eyes intelligence
partnership (Canada, the United States, the United Kingdom, Australia and New Zealand). Intelligence
gathered and shared within this trusted alliance greatly improves and advances Canadas cyber security
posture. Nationally, the strategy also notes that cyber security is a team sport that requires involvement
across all levels of government and the private sector. CSE works closely with the Canadian Cyber
Incident Response Center at Public Safety Canada who coordinates the sharing of cyber threat
information beyond the federal government.
As promised, here is CSEs official response to your additional four questions for Wednesdays story:
Any information used or retained under our cyber security mandate relates to the capabilities, intentions
and activities of malicious cyber threat actors, and is used to detect and defend government systems and
prevent future threats. For example, data or metadata could contain information that relates to a cyber
threat actors methods and techniques, such as malware. Specific communications are examined if they
are suspected to relate to a cyber threat that could harm Government of Canada systems and networks,
and the important information they contain.
Data and metadata used to help protect the Government of Canadas systems and networks are deleted
according to established data retention schedules, which are documented in internal policies and
procedures. To provide specific details on data retention schedules could assist those who want to
conduct malicious cyber activity against government networks. If cyber threat actors were to obtain CSEs
data retention schedules, they could use this knowledge to develop tactics or techniques that evade
detection.
According to the ministerial authorizations and internal policy frameworks that govern and guide CSE
activities, CSEs IT Security analysts only use and retain information that is necessary and relevant to
identify, isolate or prevent harm to Government of Canada computer networks or systems. Data that is
found to pose no threat and that is not necessary and relevant to identify, isolate or prevent harm to
Government of Canada computer networks or systems cannot be used or retained, and is deleted.
Data collected under CSEs IT Security mandate that is found to pose no threat cannot be accessed or
used for its foreign intelligence or technical assistance mandates.