House Standing Committee on National Defence (NDDN) Supplementary Estimates B - December 4, 2025

Table of contents

• Summary
• Key Messages
• Defence Investments
  • Supplementary Estimates B
  • Budget 2025
  • Main Estimates
  • Supplementary Estimates A (Defence Investments)
  • Defence industrial strategy (DIS)
  • Bureau of Research, Engineering and Advanced Leadership in Science (BOREALIS)
  • Digital sovereignty
• The Office of the Auditor General Performance Audit of Network Cyber Security
• Cyber Security and Cyber Threats
  • Threat Landscape
  • Addressing the Threats
  • Government Response and Collaboration
  • Federal, Provincial, and Territorial Multilateral Cyber Security Collaboration Agreement
  • Cyber Range Program
  • Pre-ransomware notifications
  • Government Position on Ransom Payments
  • Guidance for Organizations
  • Support and Resources
  • Diversification
• Recent Cyber Threat Assessments and Statements
  • Joint Ministerial Statement on Malicious Cyber Activity Targeting Critical Infrastructure
  • Addressing the Threats
• Recent Cyber Incidents
  • Responsive Lines on Cyber Incidents and Attribution
  • Nova Scotia Power incident
  • Other Cyber Incidents
• Arctic Sovereignty and Security
• Border Security
• Canada and U.S. Relations

Communications Security Establishment Canada – supplementary estimates B 2025-26 overview

speaking notes

• The Communications Security Establishment Canada (CSE) is one of Canada’s key security and intelligence agencies and the lead federal technical authority for cyber security and information assurance.
• CSE provides valuable foreign intelligence to inform the Government of Canada’s decision making and protect national security.
• Its sophisticated cyber and technical expertise also helps identify, prepare for, and defend against threats to Canada and its cyber systems and networks.
• While conducting these activities, CSE respects the highest standards of lawfulness, ethics, values, and the protection of the privacy of Canadians.
• CSE’s 2025-26 Supplementary Estimates B represent a net funding increase totaling $70.0M.

details

• Treasury Board (TB) Submission funding of $9.5M for the Classified Security Management Infrastructure (CSMI) Phase 2B Project.
• Reprofiled funding of $22.5M from 2023-24 and 2024-25 for the Canadian Cryptographic Modernization Program (CCMP) Project.
• A net funding increase of $38.0M resulting from six interdepartmental transfers.

• Funding of $9.5M for CSMI Phase 2B Project to support the development and implementation of cryptographic capabilities as part of the CCMP Project.
  • CSMI Phase 2B replaces the Government of Canada’s (GC) aging core cryptographic infrastructure and completes the development and implementation of new cryptographic key management systems that are required to protect the GC and Canadian Armed Forces communications and information.
• Reprofiled funding of $22.5M from 2023-24 and 2024-25 for the Canadian Cryptographic Modernization Program (CCMP) Project to re-align lapsed funding with new project timelines.
  • This funding will be used to support the CCMP to modernize the Government of Canada’s aging cryptographic equipment and infrastructure in order to safeguard classified information and maintain Canada’s ability to establish secure communications both nationally and internationally.
• A net funding increase of $38.0M resulting from six interdepartmental transfers:
  1. Transfer of $30.0M from the Department of National Defence (DND) relating to Information Management and Information Technology (IM/IT) support services.
     • $17.2M for Top Secret Network Convergence; and
     • $12.8M for IM/IT support provided to the Canadian Armed Forces Cyber Command.
  2. Transfer of $6.5M from DND relating to the CSMI Phase 2B Project.
  3. Transfer of $2.9M from Shared Services Canada to support the Secure Communications for National Leadership program (SCNL).
     • This program provides secure mobile phone capabilities for Ministers and senior officials. The SCNL is a joint PCO, CSE and SSC initiative that enables a modern, mobile and secure means of communications for Ministers and senior officials classified up to SECRET.
  4. Transfer of $806K to the Global Affairs Canada for Foreign Service Directives.
     • GAC is a common service provider for Government of Canada operations abroad and receives compensation for the increased cost of operations resulting from staff being posted at Canadian missions and liaison offices by other government departments.
  5. Transfer of $493K to Royal Canadian Mounted Police for Law Enforcement Record Checks.
  6. Transfer of $150K to Employment and Social Development Canada to support Policy Horizons Canada.
     • Policy Horizons Canada is the Government of Canada’s centre of excellence in foresight. Policy Horizon Canada’s goal is to empower the Government of Canada with a future-oriented mindset and outlook to strengthen decision making.

Summary

Date: December 4, 2025
Location: Room 025-B, West Block
Time: 8:15 am – 10:15 am

summary:

• This appearance is scheduled for 2 hours from 08:15 to 10:15.
• You are appearing alongside the Minister of National Defence and CSE and DND officials:
• 8 h 15 – 9 h 15 Hon. David J. McGuinty, P.C., M.P., Minister of National Defence
• 8 h 15 – 10 h 15 National Defence
  Stefanie Beck, Deputy Minister of National Defence
  Mario Pelletier, Commissioner of the Canadian Coast Guard
  Lieutenant-General Stephen R. Kelsey, Vice Chief of the Defence Staff
  Jonathan Moor, Chief Financial Officer
  Heather Sheehy, Assistant Deputy Minister (Materiel)
• CSE
  Caroline Xavier, Chief
  Julie Chassé, Deputy Chief Corporate Services and Chief Financial Officer

• Supplementary Estimates B (Supps B) 2025-26 were tabled in the House of Commons on 7 November 2025.
• National Defence is seeking $1.11 billion to fund investments in Canadian Armed Forces capabilities, including infrastructure, equipment, and training.
• In these Supps B, CSE is requesting a net funding increase of $70.0 million.
• This funding includes:
  • $22.5 million in reprofiled funding from 2023-24 and 2024-25 for the Canadian Cryptographic Modernization Program (CCMP) Project.
  • $9.5 million in Treasury Board (TB) Submission funding for the Classified Security Management Infrastructure (CSMI) Phase 2B Subproject.
  • $38.0 million in net funding increase resulting from six interdepartmental transfers.
• An overview note on CSE’s Supps B can be found at TAB 2.

key messages

• CSE is Canada’s cyber and signals intelligence agency and a member of the Defence portfolio, reporting directly to the Minister of National Defence.
• The Canadian Centre for Cyber Security (Cyber Centre), part of CSE, leads national efforts in cyber security and information assurance.
• CSE and its Cyber Centre are Canada’s digital frontline, defending against cyber threats that target our government, critical infrastructure and democratic institutions.
• CSE’s integrated mandate combines foreign intelligence, cyber defence, and foreign cyber operations, giving Canada the tools to inform, detect, disrupt, and deter malicious cyber activity.
• CSE’s Information Assurance program is the cornerstone of Canada’s national security in the digital age.
• In simple terms, Information Assurance is like securing the entire house, while Communications Security (COMSEC) makes sure the locks are strong and the keys can’t be copied or stolen.
• Cryptography is a fundamental part of cyber security and is essential to keeping data and communications secure.
• As the national COMSEC authority in Canada, CSE protects the Government’s most classified information by ensuring that departments and agencies, as well as private industry partners working with the government, are deploying equipment that is approved for use and effective in keeping Canada’s information secure.
• Cyber threats are growing. The additional funding in Supplementary Estimates B strengthens our ability to protect Canadians and government systems and information, and ensures they remain secure, trusted, and resilient against an increasingly hostile cyber landscape.
• This investment supports critical projects like modernizing cryptographic infrastructure that strengthen Canada’s digital security by upgrading the systems that protect our most sensitive government communications - essentially improving the digital ‘locks and keys’ that keep classified information safe.
• The Cyber Centre is responsible for supporting departments and agencies in the migration to Post-Quantum Cryptography (PQC).
• The best time to start the Post-Quantum Cryptography (PQC) transition was years ago; the next best time is today.
• CSE’s COMSEC program underpins all military communications and capabilities from fighter jets to satellites, and radar systems to radios.
• As experts in cryptography, CSE is working closely with DND and CAF to ensure that systems are protected from the cyber threat posed by sophisticated threat actors and by quantum computing.

defence investments

supplementary estimates b

canadian cryptographic modernization program (ccmp)

• The Canadian Cryptographic Modernization Program (CCMP) Omnibus Project is part of CSE’s Information Assurance and Communications Security (COMSEC) Program.
• CCMP renews Canada’s cryptographic systems to protect and defend government communications against evolving cyber threats.
• This project strengthens Canada’s ability to remain interoperable with partners while protecting sensitive information from sophisticated threats.
• Ongoing funding is essential to operate and maintain these cryptographic systems.
• Supplementary Estimates B reprofiled $22.5 million to align with updated timelines and keep the project on track.

classified security management infrastructure (csmi)

• The Classified Security Management Infrastructure (CSMI) subproject replaces the aging infrastructure that creates and manages cryptographic keys required to protect the Government of Canada (GC) and Canadian Armed Forces (CAF) communications and information.
• CSMI strengthens cryptographic key management - the digital equivalent of upgrading locks and keys for classified communications.
• Not all encryption is created equal.
• Government-grade cryptography is essential to protect Canada’s most critical assets and supply chains.
• The $9.5M investment (and $6.5 transfer from DND) ensure Canada maintains robust cryptographic standards, counters emerging threats like quantum computing, and protects critical assets.

transfers from other organizations

Source	Amount	Purpose
DND	$30 million	$17.2 million for IM/IT support services to support secure, interoperable systems between CSE and the Canadian Armed Forces (CTSN). $12.8 million for IM/IT support services for CAFCYBERCOM to reinforce cyber defence posture.
DND	$6.5 million	For the Classified Security Management Infrastructure (CSMI) Project.
Shared Services Canada	$2.9 million	To support the Secure Communications for National Leadership (SCNL) program.

transfers to other organizations

Recipient	Amount	Purpose
GAC	$806K	Compensation for increased cost of operations abroad for staff posted at Canadian missions and liaison offices.
RCMP	$493K	Law Enforcement Record Checks.
ESDC	$150K	Support for Policy Horizons Canada.

budget 2025

key messages

• Budget 2025 includes several major investments that directly support CSE’s mission and long-term strategic priorities.
• These investments recognize the critical role CSE plays in defending Canada’s digital infrastructure and advancing national security in an increasingly complex global environment.
• Every dollar for CSE strengthens Canada’s NATO pledge.

summary of investments

Initiative	Recipients	Investment	Duration	Purpose / Focus
Operation AMARNA	CSE, DND	$300.1M	3 years (from 2025–26)	Reinforces Canada’s global security role and strengthens intelligence capabilities abroad.
BOREALIS Initiative	CSE, DND, ISED, NRC	$68.2M	3 years (from 2025–26)	Establishes the Bureau of Research, Engineering and Advanced Leadership in Innovation and Science. Positions Canada as a leader in defence innovation and advanced research partnerships.
Digital Infrastructure Upgrades	CSE, DND, CAF	$10.9B	5 years	Modernizes digital platforms and cyber defence systems for modern warfare capabilities. Critical to safeguarding national security and ensuring readiness against cyber threats.
Made‑in‑Canada AI Tool	CSE, DND, SSC	Strategic partnership (value not specified)	(not specified)	Protect Canada’s digital sovereignty, secure government data, support Canadian tech sector, collaborate with domestic AI companies.

main estimates

• In this year’s Main Estimates, CSE sought a total of $1.22 billion to advance its mandate and strengthen Canada’s security posture.
• Within these estimates, $21 million was allocated to enhance foreign intelligence coverage of transnational organized crime and illegal drug supply chains.
• This funding enables CSE to bolster its capacity to provide actionable intelligence to federal partners on foreign transnational criminal actors involved in trafficking of fentanyl, other illicit drugs, and their precursors into North America.
• This funding also supports cyber operations, enabling CSE to disrupt illicit supply chains.

supplementary estimates a (defence investments)

• In June 2025, the Government of Canada announced additional funding for CSE and DND to strengthen tools, capabilities and digital foundations required to support operations.
• Through Supplementary Estimate A, CSE received $370.1 million, contributing to Canada’s commitment to reach 2% of GDP in defence expenditures this year.
• As part of these new defence investments, CSE is hardening and modernizing the federal government’s critical systems that encrypt and secure Canada’s most sensitive communications, information and operations.
• These investments will enable CSE to deliver sovereign, secure digital solutions and build a resilient backbone that protects Canada’s economy and critical infrastructure from evolving cyber threats.
• Furthermore, these investments will allow CSE to expand its capabilities for timely access to mission-critical information, leveraging emerging capabilities such as artificial intelligence to support decision-makers at the most classified level.

defence industrial strategy (dis)

• In June 2025, Prime Minister Carney announced a $2.1 billion commitment to strengthen Canada’s defence industry and launch a comprehensive Defence Industrial Strategy (DIS).
• This strategy ensures Canada has secure, timely, and reliable access to sovereign capabilities.
• The DIS focuses on removing barriers that limit industry’s ability to deliver critical equipment and support to the Canadian Armed Forces, while fostering innovation and resilience across Canada’s defence ecosystem.
• CSE is proud to work alongside the Department of National Defence in shaping and implementing the DIS, supporting a thriving Canadian defence industrial ecosystem and enabling partnerships that drive Canadian innovation in defence technologies.
• Through its mandate, CSE is hardening and modernizing Canada’s secure systems to support ongoing defence initiatives, strengthening Canada’s defence industry, boosting research and development, and ensuring secure access to sovereign capabilities.
• CSE has not sought funding for the DIS; this initiative is led by the Department of National Defence.

bureau of research, engineering and advanced leadership in science (borealis)

• Announced in the Liberal Party’s platform, BOREALIS accelerates delivery of advanced capabilities to meet Canada’s defence and security needs.
• Built on strategic integration across government, academia, and industry to harness research and innovation and support CAF and CSE operational requirements.
• Adopts a Team Canada approach to innovation, emphasizing cooperation, shared priorities, and results.
• Focuses on cutting-edge solutions in artificial intelligence, quantum computing, and cybersecurity.
• Highlights agility, effective research and development, and timely delivery of meaningful outcomes.
• Establishes Defence Innovation Secure Hubs (DISH) – classified spaces for defence and security partners, industry and academia to co-develop, test, and validate emerging technologies.
• On 21 November 2025, Canada launched its first Maritime DISH at COVE in Halifax starting a national network of secure, purpose-built spaces for collaborative innovation on sensitive technologies.
• CSE has reallocated resources in 2025-26 and will continue to review operational needs and funding priorities. Additional funding may be sought through future Estimates, as required.

digital sovereignty

• Digital sovereignty ensures Canada retains strong control over its digital infrastructure to stay resilient and autonomous in a rapidly evolving digital world.
• Digital sovereignty is essential for protecting national interests, safeguarding sensitive data, ensuring privacy, and maintaining authority over digital assets.
• Emerging technologies such as artificial intelligence and quantum computing are essential for advancing Canada’s defence, security, and international objectives.
• Investing in Canada’s digital foundations is a strategic necessity amid global geopolitical shifts. This ensures secure, resilient, and sovereign solutions that protect classified operations while enabling interoperability within Canada and with Five Eyes partners.
• Investing in sovereign infrastructure and open-source technologies strengthens Canada’s economy, fostering innovation, competitiveness, and opportunities for Canadian businesses and talent.

the office of the auditor general performance audit of network cyber security

background

• The Office of the Auditor General recently conducted a performance audit of Network Cyber Security to assess whether effective governance structures and technical tools are in place to protect and defend the government against cyber threats.
• Treasury Board of Canada Secretariat (TBS) and Shared Services Canada (SSC) are the main leads on the recommendations.
• The audit makes three recommendations that implicate CSE.
• The audit emphasized the need for stronger collaboration between government departments on cyber incidents and raised concern that not all government departments have adopted CSE’s cyber defence sensors.

key messages

• CSE welcomes the Office of the Auditor General’s (OAG) report on the performance audit of federal network cybersecurity.
• CSE welcomes the Auditor General’s recommendations and remains committed to working closely with TBS & SCC to strengthen the security and resilience of Government of Canada (GC) digital infrastructure.
• These findings build on the significant progress the Government of Canada has made to modernize and secure the digital systems that support essential programs and services for Canada.
• Cyber Security is a team effort, and CSE continues to seek new ways to enhance GC resilience against emerging threats.
• Through its Canadian Centre for Cyber Security (Cyber Centre), CSE partners with GC departments to protect networks, mitigate incidents, and share best practices.
• CSE operates a globally recognized cyber defence sensors program, available to all federal departments, agencies, and Crown corporations upon request.
• While many federal organizations manage their own IT infrastructure, they can leverage CSE’s sensors program or seek expert guidance from the Cyber Centre to strengthen their defences.
• CSE supports TBS in identifying unknown IT assets and vulnerabilities across GC systems using advanced tools, including the cyber defence sensors program.
• In collaboration with SSC, CSE will work towards establishing a GC-wide cyber event collaboration platform and incident case management tool to enable seamless coordination, centralized information sharing, and tracking of mitigation efforts during cyber incidents.
• In the interim, CSE continues analysis of daily cyber perimeter security events to protect GC networks and systems.
• CSE continues to work with TBS and SSC to improve incident management frameworks and protocols, ensuring clear roles, responsibilities, and escalation paths are understood across departments.
• CSE will also assist TBS and SSC in updating GC cyber incident management policies to reflect evolving threats, integrate lessons learned, and align with international standards.

cyber security and cyber threats

threat landscape

• Canada is navigating a rapidly evolving cyber threat environment, where hostile state activity, cybercrime, and AI-driven disinformation are converging to challenge our national security, economic stability, and democratic institutions.
• Adversaries are probing our systems, attempting to interfere in our democracy and targeting our prosperity and sovereignty.
• The most significant threats come from assertive state-sponsored cyber actors, who are increasingly persistent and sophisticated in their operations.
• These actors target government institutions, critical infrastructure, and the private sector, probing systems and networks every single day, looking for vulnerabilities and attempting to gain unauthorized access.
• Cybercrime is the most common cyber threat Canadians face. And ransomware remains one of the most damaging forms of cybercrime. It targets our hospitals, municipalities, and infrastructure operators, putting essential services at risk.
• We have warned Canadians and Canadian organizations about malicious cyber threats targeting critical infrastructure in the National Cyber Threat Assessment 2025-26, and the recent joint ministerial statement on Malicious Cyber Activity Targeting Critical Infrastructure.

addressing the threats

• CSE’s activities are directed by Canada’s intelligence priorities, focusing on national security, economic prosperity, Arctic sovereignty, and the protection of democratic institutions.
• CSE combines foreign signals intelligence, cyber defence, and foreign cyber operations under one roof, enabling effective responses to a broad spectrum of threats.
• CSE works closely with domestic partners, such as law enforcement, and international allies to share intelligence, coordinate responses, and strengthen collective cyber resilience.
• Every day, CSE’s Cyber Centre uses sophisticated cyber capabilities to identify and defend against threats to Canada’s systems and networks.
• The Cyber Centre provides expert advice, guidance, and leads the government’s response to cyber incidents, helping Canadians adopt best practices.

government response and collaboration

key messages

• There is work to be done to make Canada more resilient – ensuring that as a nation we are more able to anticipate, withstand, and recover from whatever threats may come our way.
• Collaboration is the foundation of resilience:
  • Government and industry should ensure they are collaborating to help defend Canada’s national security strategy.
• Work with critical infrastructure:
  • CSE and its Cyber Centre has worked hard to develop intelligence-sharing arrangements with critical infrastructure partners across Canada.
  • We share indicators of compromise, mitigation techniques, and cyber threat bulletins to ensure that they are informed about cyber threats.
  • We maintain ongoing engagements with CI owners and operators to prevent and respond to incidents that could have widespread impact.
  • Through the Canadian Security Telecommunications Advisory Committee (CSTAC), we maintain a trusted forum where the private and public sectors exchange information and collaborate strategically on issues that may affect the telecommunications infrastructure.
• Partnerships are force multipliers:
  • The complexity of today’s cyber threats means no single organization, public or private, can manage them alone. Our strength lies in collaboration – across government, industry, academia, Indigenous communities, civil society, and international partners.

national cyber security strategy (ncss)

• The Government of Canada released its new National Cyber Security Strategy (NCSS) in February 2025.
• The NCSS articulates Canada’s long-term plan to partner with provinces, territories, law enforcement, industry, Indigenous communities and academia to tackle Canada’s cyber security challenges.
• Under the NCSS, the Government of Canada established the Canadian Cyber Defence Collective (CCDC), a multi-stakeholder engagement body.
• The CCDC helps critical infrastructure, businesses and Canadians benefit from shared intelligence and best practices, improving Canada’s ability to prevent and respond to cyberattacks and creating a safer digital landscape for Canadians.
• The Cyber Centre, as part of CSE, provides operational leadership within CCDC. It drives engagement with critical infrastructure operators and industry partners, shares actionable threat intelligence, and promotes best practices to strengthen Canada’s cyber resilience.
• CSE received funding of $4.1M in 2025-26 and $6.9M for 2026-27 for the implementation of CCDC.

federal, provincial, and territorial multilateral cyber security collaboration agreement

• In September 2025, CSE attended the Federal, Provincial and Territorial Ministerial Symposium on Digital Trust and Cyber Security in Kananaskis, Alberta, alongside ministers from across Canada responsible for digital trust and cyber security.
• During the symposium, governments from coast to coast signed a multilateral cyber security collaboration agreement to better protect Canada’s critical infrastructure and the personal information of Canadians.
• This trailblazing agreement aims to establish a community of information sharing to facilitate the exchange of unclassified, confidential information, expertise, and technology. The Cyber Centre is proud to play a leading role in fulfilling the purpose of this agreement.
• Ministers also highlighted the importance of organizing a pan-Canadian tabletop exercise to enhance our country's resilience to cyber attacks.

cyber range program

• Leaders play a critical role in how organizations respond to threats. And we’re doing our part to develop the next generation of cyber leaders who can think strategically and act decisively in moments of crisis.
• CSE has partnered with the University of Ottawa’s Telfer School of Management to provide cutting-edge professional development to public sector and critical infrastructure leaders across the country.
• Through this partnership, we’re expanding the school’s Cyber Range program to include new crisis simulation exercises, a catalogue of simulation scenarios, professional training, and talent development programs.
• These initiatives are designed not only to built technical expertise, but to cultivate the kind of adaptive, systems-level thinking that modern cyber leadership demands.
• In today’s threat landscape, ingenuity is as critical as intelligence – and our programs challenge participants to approach problems through a cyber lens, where complexity, speed, and ambiguity are the norm.

pre-ransomware notifications

• Canadian operators can sign up for pre-ransomware notifications - early warnings to potential victims during the initial access stage of a ransomware incident.
• These alerts help defenders stop compromises before encryption or data theft occurs.
• In 2024, the Cyber Centre issued over 300 pre-ransomware notifications to Canadian organizations across sectors including healthcare, energy, finance, manufacturing, and education.
• Our notifications prevented up to 148 incidents and saved an estimated $6 to $18 million.
• Ransomware remains pervasive in Canada for several reasons:
  • Canada’s role in the Five Eyes intelligence alliance makes it a high-value target for sophisticated threat actors.
  • Decentralized critical infrastructure leads to inconsistent cybersecurity standards across sectors.
  • Small and mid-sized organizations often face resource challenges, making them more vulnerable.
  • Threat actors exploit interconnected cybercrime ecosystems to launch attacks at scale.
  • The growing use of AI introduces new risks and enables more persistent, sophisticated attacks.
• The Cyber Centre’s proactive notifications are designed to address these challenges, helping organizations of all sizes and sectors strengthen their defenses against ransomware.

government position on ransom payments

• The Government of Canada does not condone paying ransom to cyber criminals, as it fuels ransomware activity without guaranteeing data recovery.
• This position aligns with the international consensus expressed in the Counter Ransomware Initiative Joint Statement on Ransomware Payments, which strongly discourages ransom payments and highlights that paying a ransom:
  • Does not guarantee the end of an incident or the removal of malicious software,
  • Provides incentives for criminals to continue and expand their activities,
  • Funds further illicit activity,
  • Does not guarantee data recovery.
• Ultimately, paying ransom remains a business decision.

guidance for organizations

• Cyber security is a shared responsibility.
• We urge organizations in all critical infrastructure sectors, including transportation, government, healthcare, financial service and technology, to remain vigilant and follow the guidance issued by the Cyber Centre to protect against cyber threats.
• Organizations should regularly review their cyber security posture and leverage the Cyber Centre’s guidance, threat intelligence, and readiness tools to assess their risks and strengthen their defences.
• The Cyber Centre’s Cyber Security Readiness Goals provide clear, achievable steps that organizations can implement immediately to strengthen their cyber security posture.
• If organizations suspect or are experiencing a cyber incident, they should report it to the Cyber Centre at 1-833-CYBER-88 or through the online portal.

support and resources

• The Cyber Centre supports government and systems of importance, including critical infrastructure providers by sharing:
  • Best practices, including Top 10 IT security actions and Cyber Security Readiness Goals (CRGs).
  • Threat bulletins and briefings to assess risks.
  • Indicators of compromise (IOCs) to detect intrusions
  • Notifications: advisories (routine), alerts (urgent), and cyber flashes (urgent and sensitive).
  • Pre-ransomware notifications (over 300 issued in 2024).
• All Canadians should follow basic Cyber Hygiene including:
  • Patching and updating software and devices.
  • Using strong, unique passphrases or passwords.
  • Enabling multi-factor authentication.
  • Staying alert to phishing and spear-phishing attempts.
  • Storing data securely and maintain backup procedures.
• Canadians can visit GetCyberSafe.ca for practical, easy-to-follow advice on how to stay safe online.

diversification

• Cyber security is a whole-of-society concern. The federal government works together with other jurisdictions, small and medium enterprises, and critical infrastructure owners and operators to raise Canada’s cyber security bar.
• Canada already has existing cyber talent, resources, knowledge and tools. Mobilizing this capacity is essential to safeguarding our nation’s collective cyber safety.
• If there is one thing we have learned in cyber security, it is that no one—no agency, no government, no company—can succeed alone. Collaboration is not a nice-to-have, it is the foundation of resilience.
• By cultivating strong, enduring partnerships across all sectors and all levels of government, we position ourselves to meet the evolving challenges of the cyber landscape.
• Diverse partnerships with industry allow the Government to support domestic capacity and enhance global competitiveness, aligning with Canada’s broader economic resilience objectives.
• A diverse supplier and partner ecosystem enables rapid adaptation in the face of emergencies, market disruptions, or geopolitical shifts.
• Engaging a wide range of partners, including industry, academia, SMEs, equity‑deserving groups, introduces fresh perspectives and new technologies that improve adaptability and innovation.
• CSE collaborates with specialized groups such as the Enhanced Security Taskforce Advisory Committee (ESTAC), the Critical Security Taskforce Advisory Committee (CSTAC), and the Quebec Security Taskforce Advisory Committee (QSTAC), as well as other federal, provincial, and territorial partners, to strengthen Canada’s cyber resilience.

recent cyber threat assessments and statements

joint ministerial statement on malicious cyber activity targeting critical infrastructure

background

• The Honourable David McGuinty, Minister of National Defence, and the Honourable Gary Anandasangaree, Minister of Public Safety, issued a joint statement in November 2025 on malicious cyber activity targeting Canadian critical infrastructure, including power, water, health, finance, and transportation.
• These malicious activities are conducted by both state and non-state actors and can disrupt essential services Canadians rely on every day. Any disruption to critical infrastructure is not only a threat to public health and safety, but also a threat to public confidence, the environment and economy.

key messages

• State-sponsored cyber actors pre-position themselves on critical infrastructure to disrupt or destroy critical services in times of crisis or conflict.
• Cyber criminals and other non-state cyber actors continue to target critical infrastructure for financial gain, in support of geopolitical or ideological interests, or for personal reasons, such as acts of revenge by disgruntled former employees or customers.
• Protecting our critical infrastructure is essential for keeping Canadians safe and our economy strong.
• We call on all sectors and citizens to remain alert and take action - together, we can defend against cyber threats and safeguard our nation’s future.

the cyber threat to canada’s water systems: assessment and mitigation

background

• On 25 November 2025, the Cyber Centre published cyber security guidance addressing the growing threat to Canada’s water systems. This assessment aims to raise awareness as cyber threats to water infrastructure are increasing in scale, evolving rapidly, and can affect every community in Canada.
• Across Canada, utilities, municipalities, and provincial and territorial partners have shown a strong commitment to improving their cyber resilience. What’s needed now is a clear, evidence-based analysis of the cyber threats facing our water systems, ensuring that decision-makers have the insight needed to protect this critical infrastructure.

key messages

• Cybercriminals are becoming increasingly sophisticated, state-sponsored actors are more willing to target essential services, and disruptive tools are easier than ever to obtain. Canada’s water systems now face a threat landscape they were never designed to withstand.
• We assess that financially motivated cybercriminals remain the most likely threat to our water systems.
• We assess they will almost certainly continue exploiting organizations through ransomware-driven extortion, stolen information, and business email compromise.
• We assess that water systems are almost certainly a strategic target for state-sponsored actors seeking to project power through disruptive or destructive cyber threat activity.
• As highlighted in the National Cyber Threat Assessment 2025–2026, non-state cyber actors are a growing threat to Canada’s critical infrastructure. The wide proliferation of easy-to-use disruptive cyber capabilities has fuelled an ecosystem of hacktivists and other opportunistic actors targeting Canada and its allies for a variety of reasons.
• Such activity often aims to intimidate or coerce targets, or to influence Canadian public opinion or policy decisions related to geopolitical events outside Canada.
• The Cyber Centre is committed to advancing cyber security and increasing the confidence of Canadians in the systems they rely on every day. This includes supporting critical infrastructure and other systems of importance to Canada.
• Our approach is rooted in collaboration - bringing together expertise from government, industry, and academia.
• By working together, we can enhance Canada’s resilience against cyber threats.

recent cyber incidents

responsive lines on cyber incidents and attribution

• The Cyber Centre generally does not comment on specific or alleged cyber security incidents.
• We can confirm that we are aware of the situation and are working closely with Government of Canada partners, and where applicable, international partners.
• Our immediate priority during any cyber incident is mitigation and impact management.
• Attribution of cyber incidents is complex and resource-intensive, requiring time and careful consideration.

nova scotia power incident

• Although we generally do not comment on incidents, CSE and its Canadian Centre for Cyber Security (Cyber Centre) are aware of a cyber incident that impacted Nova Scotia Power earlier this year and they did engage with us.
• Nova Scotia Power did engage with us, but I am unable to provide further details due to operational security.
• If asked about the President and CEO of Nova Scotia Power publicly attributing the incident to a Russian-based threat actor: Our immediate priority in any cyber incident is mitigation and impact management. Attribution of a cyber incident is difficult. Investigating cyber threat activity takes resources and time, and there are many considerations involved in the process of attributing malicious cyber activity to specific threat actors, and/or nation-states.

other cyber incidents

Incident	Date	Description	Impact	Response / Actions
Airports	October 2025	Compromise of PA systems and display screens, pro-Hamas imagery at Kelowna and Windsor, Arabic music broadcast	Disruption of PA systems and internal displays	RCMP and police of jurisdiction responded
US‑based F5 cybersecurity provider	October 2025	State‑actor maintained long‑term access, and downloaded files from F5 systems	Persistent access, files downloaded	CSE’s Cyber Centre issued an alert to amplify F5’s public statement.
House of Commons	August 2025	Threat actor exploited Microsoft vulnerability, gained access to technical database	Unauthorized access to database managing computers and mobile devices	Internal investigation, MoU signed in 2024, outlined cyber security services, protocols for incident management, regular bilateral meetings.

arctic sovereignty and security

• As one of Canada’s leading security and intelligence agencies, CSE plays a critical role in safeguarding the Arctic - working with domestic and international partners to protect one of the world’s most strategically important regions and supporting Arctic sovereignty and continental defence.
• CSE provides tailored intelligence to the Canadian Armed Forces, Navy, and Air Force, including monitoring Russian aircraft and naval threats via NORAD.
  • In the past year alone, CSE delivered 196 intelligence reports on Arctic security to 20 Government of Canada departments and Canada’s international partners.
  • These reports provided essential insights into foreign states’ political intentions, military capabilities, technological advancements, economic interests, and research activities in the region.
• On the cyber front, the Cyber Centre deployed sensors to protect the systems of high-priority non-federal institutions, including the governments of the Northwest Territories, Nunavut, and Yukon.
• Northern partners - from airports and universities to Indigenous communities - continue to rely on the Cyber Centre’s expertise to strengthen cyber resilience across the region.
• Canada’s new Arctic Foreign Policy recognizes CSE as a key partner in bridging intelligence gaps and addressing the complex threats facing the Arctic.
• Partnerships remain central to this mission, and CSE has taken significant steps to deepen collaboration, including:
  • Supporting the Canadian Armed Forces in monitoring and tracking threats from foreign adversaries in the Arctic region.
  • Co-chairing the Arctic Intelligence Coordination Group with the Privy Council Office to align Arctic security activities across the Government of Canada.
  • Leading discussions at domestic and international conferences and forums on Arctic and polar issues.
  • Hosting an in-person conference in Ottawa for an international forum on signals intelligence concerning both polar regions.
• CSE is committed to advancing Arctic security - delivering timely intelligence, forging stronger partnerships, and leading efforts in cyber defence, economic security, and countering foreign interference.

border security

• In December 2024, the Government of Canada released Canada’s Border Plan – a bold blueprint for securing the country’s frontiers.
• In alignment with the Prime Minister’s Directive on Transnational Crime and Border Security, CSE plays a key role in Canada’s efforts to disrupt transnational organized crime, particularly the trafficking of fentanyl and its precursors into North America.
• CSE has always provided foreign intelligence coverage of transnational crime and illegal drug supply chains. What’s new is the additional investment and renewed domestic and international coordination, enabling all Canadian and U.S. law enforcement institutions to better identify, monitor, and stop high-risk individuals and drugs from crossing Canadian borders.
• Backed by a commitment of $180 million over five years, CSE is ramping up its intelligence collection and foreign cyber operations capacity, enabling it to target transnational organized crime, money laundering, and fentanyl trafficking more effectively.
• Leveraging its technical expertise, CSE provides critical operational assistance to federal law enforcement and security partners on key border security priorities.
• When threats escalate, CSE stands ready to launch foreign cyber operations to disrupt and degrade activities that threaten the security of Canadians and partners.
• Both foreign intelligence and cyber operations are conducted in close collaboration with domestic and international partners to achieve this priority objective.
• For example, CSE actively participates in the Joint Operational Intelligence Cell (JOIC), which brings together Canadian security departments, agencies, and law enforcement partners to better protect Canada’s border.
• The JOIC builds on existing cooperation between law enforcement and security agencies to enhance the production, analysis, sharing, and actioning of intelligence on transnational organized crime, money laundering, and drug trafficking.

canada and u.s. relations

• Canada maintains a longstanding partnership with the United States and all members of the Five Eyes, the world’s longest-standing intelligence-sharing alliance.
• The interconnectedness of our national security communities means we are best placed to protect North American security when we work together.
• We share information with the US on a case-by-case basis in accordance with Canadian and international law.
• The information sharing relationship with all of our allies, including the US, is governed by policies and procedures all aimed at ensuring the respect of our legal and international obligations. These policies and procedures are followed by each side of an arrangement, which ensures the protection of each other’s equities, regulations and laws.
• Canada’s surveillance and cyber capabilities remain essential to the success of NORAD and the defence of North America, particularly in the Arctic, where global competition is intensifying.
• CSE works closely with U.S. counterparts to strengthen our collective cyber resilience, counter state-sponsored threats, cybercrime, and disrupt transnational criminal networks.
• In support of Canada’s Border Strategy, CSE has enhanced foreign intelligence collection on organized crime and drug trafficking networks, sharing actionable intelligence with law enforcement agencies in both countries to disrupt the supply chains of illicit synthetic drugs.
• From a cyber security perspective, CSE provides real-time, actionable threat intelligence to U.S. partners, helping to defend critical infrastructure and systems of national importance on both sides of the border.
• As an example of this ongoing cross-border solidarity, CSE and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) regularly issue joint cyber security alerts and advisories to protect critical infrastructure and inform businesses and governments of emerging threats.

As always, we encourage Canadian businesses and critical infrastructure operators to remain vigilant by maintaining strong cyber security practices, timely patch management and robust contingency planning. These measures help ensure early detection and resilience against emerging cyber threats.

Committee dashboard

About the committee

Mandate

Under its mandate, the Standing Committee on National Defence (NDDN):

• Reviews all matters pertaining to the Department of National Defence (“the department”) and the Canadian Armed Forces. It may examine and report on matters referred to it by the House of Commons or it may undertake studies on its own initiative.
• Examines legislation, activities and expenditures concerning the Department of National Defence and the Canadian Armed Forces, as well as the effectiveness of related policies and programs; and
• Studies topics of interest related to agencies and partners within the Defence Portfolio.

About the appearance

Background

The topic for this appearance will be Supplementary Estimates (B) 2025-26.

CSE will appear alongside the Minister of National Defence and DND officials:

• Stefanie Beck, Deputy Minister of National Defence
• Mario Pelletier, Commissioner of the Canadian Coast Guard
• LGen Stephen R. Kelsey, Vice Chief of the Defence Staff
• Jonathan Moor, Chief Financial Officer
• Heather Sheehy, Assistant Deputy Minister (Materiel)

The Committee members present in the meeting will be allowed to ask questions based on party representation.

The committee will meet for two hours, with CSE appearing for the complete duration of the meeting.

Environmental scan

Conservative Party of Canada (CPC)

CPC Committee members:

• James Bezan (Co Vice-Chair)
• Scott Anderson
• Cheryl Gallant
• Jeff Kibble

At CSE’s October 2025 NDDN appearance, Cheryl Gallant (CPC) informed the Chair that Chief Xavier had encouraged her to submit a formal request to NDDN to tour the Cyber Centre. While no decision was made during the meeting, MP Gallant may again request a future tour and briefing.

Topics of Interest for Conservative Party of Canada (CPC) members:

• Cyber threats
• Cyber attack readiness
• Funding for cyber initiatives
• Foreign Interference
• Misinformation/Disinformation
• Protecting Democratic Institutions
• Intragovernmental coordination
• Bill C-8

Historically, Cheryl Gallant (CPC) has adopted an assertive approach in her questioning of CSE, particularly on issues such as:

• satellite communications,
• underwater sea cables, and
• Canada’s shortcomings in cyber defence.

Bloc Québécois (BQ)

BQ Committee members:

• Simon-Pierre Savard Tremblay (Co Vice-Chair)

Likely Areas of Focus for BQ Member:

• Canada–US relations
• Competitiveness of CAF Cyber Command compared to allies
• Allocation of additional cyber security funding
• Measures to protect Canadians against foreign interference
• Bill C‑8

Liberal Party of Canada (LPC)

LPC Committee members:

• Charles Sousa (Chair)
• Viviane Lapointe
• Chris Malette
• Sherry Romanado
• Tim Watchorn

Likely Areas of Interest for LPC Members:

• Overall cyber security
• Support to the Canadian Armed Forces (CAF)
• Ukraine
• The Arctic
• Impact of new funding on:
  • Canada’s interoperability with NATO partners
  • NORAD modernization efforts

Top party issues

Conservative Party of Canada

Cyber defence funding and readiness

• Questioning whether Canada invests sufficiently in cyber capabilities compared to allies.
• Pressing for more advanced technologies, mandatory incident reporting, and stronger safeguards across government.

Accountability and transparency

• Raising concerns about lapsed funding, government data breaches, and inadequate disclosure of cyber threats.
• Challenging the government on broken public campaign links and transparency on foreign interference.

CAF support and equipment

• Highlighting supply issues, including ammunition and equipment shortages for CAF members.
• Raising concerns about accommodations for service members.

Bill C-8 An Act Respecting Cybersecurity

• Conservative members have raised privacy and Charter rights concerns about Bill C‑8 but acknowledge the need for cybersecurity legislation and aim to improve the bill through amendments. that prevent any violation of Charter rights.

Bloc Quebecois

CAF Cyber Command and credibility

• Questioning whether the creation of CAF Cyber Command adds value or simply reallocates resources.
• Pressing on how the command improves Canada’s competitiveness and credibility compared to allies.

Border Security

• At recent SECU meetings, the BQ raised concerns about porous borders due to CBSA staffing shortages, questioned delays in hiring 1,000 new CBSA officers, and highlighted limits in training capacity.
• BQ members have called for a dedicated Border Minister, criticized slow implementation of Bill C-70 (lack of registry and Transparency Commissioner), and raised security risks tied to firearms.

Transparency and International Coordination

• BQ members have stressed the need for parliamentarians to be well-informed and supported against cyber threats, signalling scepticism about Ottawa’s responsiveness and favouring stronger, formal accountability mechanisms.

Liberal Party of Canada

CSE cyber readiness and partner integration

• lpc members have questioned how CSE ensures interoperability with allies amid escalating cyber threats. in response, CSE highlighted robust five eyes collaboration, alignment with nato cyber operations, and the critical role of foreign intelligence in anticipating emerging risks.

protecting democratic institutions

• focusing on threats to canada’s democracy from cyber operations, mis/disinformation, and foreign actors.
• stressing the importance of coordination with allies, including nato and five eyes, to counter threats.

lawful access and border security (bill c-2 and c-12)

• at the recent secu appearance, the minister of public safety acknowledged that bill c-2 (the strong borders act) sought to address lawful access, and its withdrawal disappointed many law enforcement stakeholders. the minister committed to introducing new lawful access legislation that complies with the charter of rights and freedoms and reaffirmed the government’s intention to reintroduce provisions from bill c-2 that were excluded from bill c-12 (strengthening canada’s immigration system and borders act).

Recent party positions

Conservative Party of Canada

Cybersecurity Funding and Coordination Concerns

• MP Gallant (CPC) raised concerns from the Auditor General’s findings on weak coordination between SSC, TBS, and CSE during cyber attacks. She pressed CSE for clarity on whether funding for a unified Cyber Security Collaboration Platform and Incident Case Management Tool is scheduled (full exchange on pages 6-7).
  • Chief Xavier indicated that she would need to follow up at a later time when the assessment is completed.
  • MP Gallant asked what steps the government is taking to address cybersecurity gaps identified by the Auditor General and restore confidence in the system.

AI, Quantum, and Escalating Cyber Threats

• MP Gallant flagged risks associated with AI-enabled and quantum-accelerated cyber intrusions, seeking insight into their severity, duration, and detectability of cyber intrusions.

CSE–CAF Cyber Command Collaboration

• MP Gallant sought clarification on the operational collaboration between CSE and CAF Cyber Command in the cyber domain.

Bloc Quebecois

Cybersecurity and Foreign Interference

• Simon-Pierre Savard Tremblay (BQ) has warned of security risks from Chinese technology tied to the Communist Party, citing CSIS, RCMP, and allied bans on Huawei and TikTok. He urged excluding Chinese tech from sensitive domains, noting secure 5G alternatives exist.
• Simon-Pierre Savard Tremblay (BQ) may inquire on how the new defence funding is being allocated towards protecting Canada’s cyber systems from foreign adversaries such as the PRC.

Bill C-8 An Act Respecting Cybersecurity

• Simon-Pierre Savard Tremblay (BQ) has raised concerns about privacy risks and potential federal overreach in Bill C‑8, noting its failure to fully restrict access to Canadians’ old emails and web searches. He emphasized the need for a thorough committee review with expert testimony to refine the bill and strengthen privacy protections for Canadians.

Liberal Party of Canada

defence spending, nato/norad, and interoperability

• vivian lapointe (lpc) focused on how increased defence investments are enhancing canada’s credibility and interoperability within nato and norad, particularly regarding cyber defence, logistics, and arctic surveillance.
  • she sought clarity on how new norad modernization funding and capabilities, such as over-the-horizon radar, strengthen canada’s continental defence.
• liberal members have sought clarification on how new federal funding strengthens CSE’s ability to stay ahead of evolving cyber threats, particularly for defence supply chains and critical infrastructure protection.

CSE-caf partnership

• liberal members have focused on the deepening CSE - caf cyber command partnership, including joint cyber operations, intelligence sharing, and countering foreign disinformation.
• mp lapointe (lpc) requested an update on how CSE’s partnership with the canadian armed forces has evolved considering modernization initiatives and increasing disinformation threats.