Transition binder for the Honourable David McGuinty, Minister of National Defence, May 13, 2025

Dear Minister,

Congratulations and welcome to your new role as Minister of National Defence. As Minister, your portfolio includes the Communications Security Establishment Canada (CSE) - an important member of Canada’s security and defence ecosystem, and a contributor to Canada’s defence investments. This letter provides a brief introduction to CSE’s mandate, and your responsibilities in relation to our authorities. As Chief (Deputy Minister) for CSE, I look forward to working with you and discussing how our expertise and capabilities will support you in advancing the priorities and commitments of the Government of Canada.

Who we are and what we do

CSE is the national authority for foreign intelligence - we collect signals intelligence, or SIGINT, to provide timely and relevant intelligence to you, your Cabinet colleagues, and leads across other departments, on emerging priorities, strategic issues, and crises. CSE’s foreign intelligence collection capabilities are guided by Cabinet-approved Government of Canada’s Intelligence Priorities. Accordingly, CSE supplies foreign intelligence on key priorities including Arctic sovereignty, Russia’s invasion of Ukraine, Border Security, Economic Security and Trade, the People’s Republic of China, Indo-Pacific regional stability, terrorism and violent extremism, and hostile state activity (for example, foreign interference, intellectual property theft, cyber threat activity). Additionally, we have a long history of working together with the Canadian Armed Forces (CAF) as CSE supports Canadian military missions abroad, providing information to enable military objectives and keep personnel safe.

CSE also has a mandate to conduct cyber operations to advance Canadian interests, including countering some of the toughest national defence and security challenges we face, including economic security. As Minister, you oversee the foreign cyber operations authorities that enable Canada to take direct action to disrupt, degrade, or influence an adversary’s networks. As these tools are a significant element of military and state power needed to deter and defeat external threats to Canada, you discharge these duties in close consultation with the Minister of Foreign Affairs, and the Intelligence Commissioner (IC). CSE often conducts foreign cyber operations in coordination with our Five Eyes partners to achieve common goals. We also conduct joint cyber operations with the CAF and law enforcement partners to support their mission objectives.

CSE includes the Canadian Centre for Cyber Security (Cyber Centre) - Canada’s world-renowned lead agency in cyber defence and cyber security. Using our network of sensors placed across federal institutions, we defend Government of Canada systems against malicious attacks aimed at federal systems, databases and websites. When cyber incidents happen, the Cyber Centre provides fast support recognizing that actioning the right steps quickly can significantly reduce the harm and economic impact and speed up the recovery process. Through these activities, the Cyber Centre gains knowledge of the trends and threat landscape, which it then uses to provide actionable advice and guidance to Canadian businesses and governments, and to help inform Canadians on how to take steps to protect themselves and their networks. Having our intelligence, cyber security, cyber operations, enterprise technology and all mission support functions under the same roof allows the Cyber Centre to work together with other CSE teams to achieve unique outcomes that benefit Canadians, such as CSE’s ongoing campaign against cybercrime.

As the resiliency of critical infrastructure in Canada is key to national security, the Cyber Centre’s mandate also includes systems of importance to Canada – as such we are focused on increasing trusted relationships with critical infrastructure partners across all sectors. The recently launched National Cyber Security Strategy demonstrates the Government of Canada’s shift towards a whole-of-society partnership and, as a first step, announces the establishment of the Canadian Cyber Defence Collective which will serve as a national multi-stakeholder engagement body to advance Canada's cyber resilience through direct public-private partnership on national-level cyber security challenges, policy priorities, and defence efforts. Given cyber threats are increasingly directed at critical infrastructure networks and technology used to run vital sectors, the Cyber Centre is well positioned to support further activities to raise the collective cyber resiliency of Canada – this could include cyber security legislation such as the former Bill C-26: An Act Respecting Cyber Security, which was introduced but not passed in the last parliamentary session, and would have required operators in the federally regulated energy, finance, telecommunications, and transport sectors to report cyber incidents to CSE’s Cyber Centre - a best practice already enacted by likeminded partners.

Cryptography is a fundamental part of cyber security. For nearly 80 years, CSE has been Canada’s national cryptologic agency, making and breaking codes. As the national authority for Communications Security (COMSEC) in Canada, CSE contributes to the security and protection (encryption) of the Government of Canada’s most classified information and data, ensuring that departments and agencies, as well as private industry partners who work with the government, are deploying equipment that is approved for use and effective in keeping Canada’s information secure. For instance, when you hold a virtual meeting with Cabinet colleagues at the SECRET or TOP SECRET level, the technology and standards enabling that secure communication were developed, tested, and deployed by CSE. Through its own research and partnership with Five Eye partners, CSE plays a key role in ensuring that Canada is prepared to respond to new technologies, such as the emergence of quantum computers with the capacity to break modern encryption. Opportunities exist for Canada to increase its own sovereignty, increase resiliency across the North Atlantic Treaty Organization and the Five Eyes, and contribute to our own industrial base through investments in Canada’s cryptologic industry.

CSE is unique in that we have combined our foreign intelligence, cyber security, cyber operations, and communications security authorities under one agency. This is what I like to call Canada’s “secret sauce”: it distinctively positions CSE to respond to threats in a nimble and decisive manner. What we learn from our intelligence or cyber-threat reporting serves to inform our cyber operations, and vice versa, thereby strengthening the advice that the government provides to Canadians and domestic industry partners and solidifying our collective security posture and safety. Our ability to capitalize on the various aspects of our mandate makes us a key partner in priorities such as economic security and Canada’s Border Plan where CSE is working with partners both within Canada and in collaboration with the United States to disrupt and mitigate the threat of fentanyl and organized crime.

Partnership and collaboration are key to our success; they are a big part of what I believe positions CSE and its partners to respond to the dynamic threat environment we face. CSE is a core member of the Five Eyes, an almost 80-year-old partnership between Canada, Australia, New Zealand, the United Kingdom, and the United States. This alliance is a force multiplier for CSE and Canada – providing a forum to share intelligence, technology, collaborate on research and generate insights to hone our understanding of our threats, risks and adversaries and strengthen our collective defences. The Five Eyes also issue joint publications on issues of common concern (e.g. guidelines on the secure development and use of Artificial Intelligence (AI)) which serve to amplify the message around the world. In addition to the Five Eyes, CSE also maintains bilateral and multilateral relationships with like-minded allies as part of our SIGINT and cyber security activities. For example, CSE participates in two multinational intelligence forums to coordinate with like-minded allies on Arctic security. One forum, chaired by CSE, is specific to signals intelligence and concerns both polar regions. The other is an all-source intelligence forum focused exclusively on the Arctic.

CSE strives to be at the forefront of innovation and research. CSE and the Cyber Centre host several events throughout the year to work intensively on problems related to our mission. These workshops are innovation incubators that bring together participants from across Canada and the Five Eyes, academia, industry and the public sector. CSE also has its own researchers focused on foundational research related to cryptography, vulnerability research and data science - our own classified research and our research partnerships ensure we have the expertise to tackle current and emerging challenges. As a data-centric organization, CSE has been on the forefront of the foundational data science that underpins AI, as well as the use of AI and machine learning to help support mission activities. We work closely with other federal, academic and industry partners on AI safety and security. Although CSE has some of the most powerful high-performance computers in the country, we anticipate our compute needs escalating exponentially as we seek to collect more data and leverage emerging technologies. Looking ahead, new measures will be key to strengthening the common and interoperable systems that enable Canada’s high security organizations to securely communicate and work together to address threats to Canada’s sovereignty and security.

I want to close with the assurance that CSE delivers on its mandate responsibly. CSE’s authorities are aligned with government priorities and direction, protect the privacy of Canadians and people in Canada, and are subject to robust controls, oversight and review. CSE is explicitly prohibited in legislation from directing its foreign intelligence, cyber security, or foreign cyber operations activities at Canadians anywhere in the world, or at any person in Canada. Our legislation also requires us to have measures in place to protect the privacy of Canadians whom we may incidentally encounter as we carry out our activities. CSE’s activities are subject to independent oversight by the IC and retroactive review by the National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians. CSE is also subject to audits by the Auditor General, reviews by the Office of the Privacy Commissioner, requests for access to documents through the Access to Information Act and the Privacy Act, and examination, primarily in response to complaints, by the Office of the Commissioner of Official Languages and the Human Rights Commission.

At your convenience, I look forward to the opportunity of welcoming you to CSE’s Edward Drake building to learn about the important work that we are doing as a member of the defence portfolio and security and intelligence community. In the meantime, I am pleased to share this QR code that links to a digital binder that provides you and your office with additional documents, in both official languages, on CSE’s mandate and activities.

(QR code)

At a time when Canada is more threatened by hostile states than at any time since the Cold War, and in an increasingly complex threat landscape of foreign interference, cyber attacks, and a destabilized geopolitical environment – I look forward to working with you, Minister, to protect Canada and Canadians and enhance national resilience.

Yours sincerely,

Caroline Xavier
Chief
Communications Security Establishment Canada

CSE within Canada’s Current National Security Apparatus

• Canada’s security and intelligence community defends the safety and security of Canada’s territory, government, economy, and people, and provides insights to promote and protect Canadian interests.
• The national security apparatus works to:
  • Produce intelligence
  • Assess key issues and events
  • Reduce threats
  • Build resilience
  • Screen people and investments for security concerns
• Intelligence and law enforcement agencies work together along with a range of departments and with international partners

Canada’s National Security Apparatus and Ministers responsible for Canada’s Core Intelligence Organizations

• National Defence (DND) and Canadian Armed Forces (CAF), Minister of National Defence
• Communications Security Establishment (CSE), Minister of National Defence
• Public Safety (PS), Minister of Public Safety
• Canadian Security Intelligence Service (CSIS), Minister of Public Safety
• Integrated Terrorism Assessment Centre (ITAC), Minister of Public Safety
• Royal Canadian Mounted Police (RCMP), Minister of Public Safety
• Canada Border Services Agency (CBSA), Minister of Public Safety
• Financial Transactions and Reports Analysis Centre (FINTRAC), Minister of Finance
• Global Affairs Canada (GAC), Minister of Foreign Affairs
• Privy Council Office (PCO), National Security and Intelligence Advisor to the Prime Minister

CSE’s role is to

• Collect and report on foreign intelligence in line with the Government of Canada intelligence priorities
• Provide cyber security, information assurance/secure communications for the Government of Canada, as well as guidance and services to help protect systems of importance to the Government of Canada
• Take action online through foreign cyber operations to disrupt and degrade foreign threat actors and activities in support of Canadian international affairs, defence and security, and to defend systems of importance to the Government of Canada
• Provide technical and operational assistance to federal law enforcement and security agencies, including DND/CAF
• Lead the Canadian Centre for Cyber Security, which offers cyber security advice to external stakeholders and the public

CSE’s Mandate

• Our mandate is defined in the Communications Security Establishment Act (CSE Act), enacted in 2019.
• As Minister of National Defence, you play a direct role in determining how CSE operationalizes its mandate by issuing Ministerial Authorizations, Orders and Directives that help give effect to CSE’s statutory authorities.
• CSE is explicitly prohibited from directing its activities at Canadians anywhere in the world, or at any person in Canada.
• CSE’s activities are subject to independent oversight by the Intelligence Commissioner (IC) and retroactive review by the National Security and Intelligence Review Agency (NSIRA) and the National Security and Intelligence Committee of Parliamentarians (NSICOP).

The CSE Act – A 5-part mandate

• Foreign intelligence
  • CSE’s ability to collect Foreign Signals Intelligence through the use of advanced techniques.
  • Acquire information from or through the Global Information Infrastructure (GII) located outside Canada, including by engaging or interacting with foreign entities located outside Canada.
• Cyber Security and Information Assurance
  • Defend important Canadian networks.
  • Provide advice, guidance, and services to protect important networks across the country, federal institutions, and electronic information and infrastructures of importance to the GC.
• Defensive Cyber Operations
  • Disrupt foreign cyber threats targeting important Canadian networks by taking online action.
  • Defend systems designated by the MND as being of importance to GC.
• Active Cyber Operations
  • Interfere with foreign online efforts that threaten Canada.
  • Online action to degrade, disrupt, influence, respond to, or interfere with foreign online efforts and capabilities as they relate to international affairs, defence or security.
• Technical and Operational Assistance
  • Provide assistance to federal law enforcement and security agencies, CAF, and DND.
  • Use advanced techniques to support partners’ activities, including cyber operations for government-authorized missions.

Delivering the Mandate: Foreign Intelligence objectives

• CSE acquires and analyzes electronic information to detect and inform the Government of Canada on activities of foreign entities that seek to undermine Canada’s national security and prosperity. Our foreign intelligence also provides insights with an information advantage to Canadian policy makers.
• CSE’s intelligence reporting offers:
  • Unique insights into, and advance warning of foreign threats to Canada to prevent surprises that could harm Canadians, Canadian institutions, or allies;
  • Unique insights to support foreign and economic policy and decision-making; and
  • Information to support trade, economic security, law enforcement and military operations by providing information that goes far beyond public sources.

Intelligence cycle

• Intelligence priorities are set by Cabinet and further refined into intelligence requirements
• CSE collects foreign signals (emails, phone calls)
• CSE analyzes signals and produces foreign intelligence reports
• CSE disseminates intelligence reports to domestic and international clients and partners
• CSE collaborates with international partners to provide a larger intelligence picture
• Intelligence reports inform Canada’s decision making and help identify new intelligence gaps

Delivering the Mandate: Foreign Intelligence – measures and mechanisms

• In 2024/2025, CSE provided 2,878 reports to 3,016 clients from 32 federal departments and agencies.
• Reports can only be read by authorized users across the Government of Canada and the Five Eyes. Robust mechanisms ensure this information is shared safely:
  • Electronic dissemination
    • Reports are shared via Canada’s Top-Secret Network (CTSN) – run by CSE and used to collaborate and communicate at the Top-Secret level.
  • Client Relations Officers (CROs)
    • CSE employees embedded across the Government of Canada who deliver intelligence reports to authorized users, such as Cabinet ministers.
  • SIGINT Dissemination Officers (SDOs)
    • Employees of other Government of Canada departments who are accredited by CSE to share intelligence reports with authorized clients within their departments.
• Guided by the Government of Canada’s priorities, topics include:
  • hostile state activity (e.g. cyber threat activity, espionage, foreign interference and malign influence, counterintelligence, and intellectual property theft);
  • terrorism and violent extremism;
  • People’s Republic of China actions and intent;
  • Russia’s invasion of Ukraine; and
  • Arctic Sovereignty

Delivering the Mandate: Cyber Security

• CSE’s Canadian Centre for Cyber Security (Cyber Centre) provides advice, guidance and services to help defend Canada against cyber threats and foster a stronger, more resilient cyberspace in Canada.
• The Cyber Centre:
  • Defends federal government networks – for example by deploying sensors on endpoint devices (e.g. servers, laptops) that automatically detect malicious activity like malware to defend against threats.
  • Leads Canada’s federal response to cyber security events.
  • Provides a unified source of expert advice, guidance, services, and support on cyber security and threat assessments for Canadians and Canadian organizations.
  • Works in collaboration with all levels of government, the private sector, industry, academia, critical infrastructure, and international partners.
  • Supports cyber resilience in Canadian research, economic and investment activities.
• Advice and Guidance
• Community Building
• Cyber Defence Services
• Incident Handling
• Information Assurance
• Threat Intelligence

Delivering the Mandate: Information Assurance

• CSE is responsible for information assurance, known as Communications Security (COMSEC) for the Government of Canada a fundamental part of cyber security which protects sensitive information and prevents our information from being accessed by adversaries, using encryption which:
  • Converts data into unreadable code, accessible only with keys — a strong defence against cyber threats
  • Helps verify that data has not been altered during transmission
  • Enables trust and confidence among stakeholders, partners and the public.
• As the backbone of information security, encryption enables the military equipment to identify ‘friend or foe’ and keeps national security operations and cabinet deliberations safe from breaches.
• At the nexus of COMSEC, CSE:
  • Provides the Government of Canada and some industry partners with secure hardware, software and cryptographic keys;
  • Works with federal and international partners to ensure rigorous cryptography standards; and
  • Is working to prepare for the emergence of quantum computers — which could break encryption and may be available as early as the 2030s.

Delivering the Mandate: Foreign Cyber Operations

• CSE can take action online in support of Canada’s international affairs, defence, and security, and to defend federal systems and systems of importance to the Government of Canada.
• As Minister of National Defence, you authorize CSE to conduct Active and Defensive Cyber Operations. The Minister of Foreign Affairs must be consulted for defensive cyber operations and must consent to active cyber operations.
• Defensive Cyber Operations (DCO) disrupt foreign activities aimed at federal institutions and systems of importance (e.g. energy grids, telecoms networks, healthcare databases, banking systems). For example, CSE could prevent cyber criminals from stealing information from a Government of Canada network by disabling their foreign server.
• Active Cyber Operations (ACO) are proactive actions to disrupt foreign based threats to Canada’s defence, security, or international affairs. For example, CSE used active cyber operations to counter foreign groups in their dissemination of violent extremism materials online.
• The CAF and CSE have a longstanding partnership in developing advanced technical and specialized capabilities for providing intelligence to support military operations. Over the last decade, the partnership has evolved to include collaboration in the areas of cybersecurity, and defensive and active cyber operations. Through CAFCYBERCOM, CSE continues to conduct joint cyber operations with the CAF to support their mission objectives.
• Cyber operations must not:
  • target Canadians or anyone in Canada
  • interfere with the course of justice
  • interfere with the course of democracy
  • cause death or bodily harm

In 2023, CSE used DCO capabilities against a foreign ransomware group that was targeting multiple Canadian critical infrastructure organizations.

The Cyber Centre worked to mitigate the compromise within Canada, while the foreign cyber operations team acted in cyberspace to interfere with the cybercriminals’ foreign servers, thus reducing the effectiveness and profitability of their activities.

Delivering the Mandate: Technical and Operational Assistance

• As Canada’s national cyber security and foreign intelligence agency, CSE has unique technical and operational capabilities that can help other federal organizations keep Canadians safe and secure.
• CSE is authorized to assist:
  • Federal law enforcement and security agencies:
    • Royal Canadian Mounted Police (RCMP)
    • Canadian Security Intelligence Service (CSIS)
    • Canada Border Services Agency (CBSA)
  • Department of National Defence (DND) and Canadian Armed Forces (CAF)
• When assisting federal partners, CSE acts under their legal authority (e.g. judicial warrants).
  • In 2024/25, CSE provided assistance to 51 requests from federal partners.

Collaboration in Action: Synchronizing CSE’s Mandate

• CSE’s cyber security, foreign intelligence and cyber operations mandates work together to achieve a range of outcomes that benefit Canadians.
• Having one agency carry out this full mandate provides CSE and Canada with unique advantages
  • Cyber Incident – A Canadian critical infrastructure organization reports a ransomware attack to the Cyber Centre.
  • Cyber Security (Digital Forensics) - The Cyber Centre’s incident response team identifies a prominent ransomware group as the culprit.
  • Foreign Intelligence - CSE gathers foreign signals intelligence on the ransomware group and advises several government clients, as well as senior leadership. This intelligence is also used to enable cyber operations and cyber resilience.
  • Foreign Cyber Operations - CSE and Five Eyes partners conduct cyber operations to disrupt the group and deter future incidents.
  • Cyber Security (Cyber Resilience) - The Cyber Centre uses digital forensics and foreign intelligence to improve Canada’s cyber resilience and cyber defence. They also provide advice and guidance to critical infrastructure to help them defend against future attacks.

Collaboration in Action: Five Eyes alliance

• CSE is a proud and valuable member of the Five Eyes, the world’s longest-standing and closest intelligence-sharing alliance.
• The Five Eyes is a key element in Canada’s intelligence and security landscape, providing a strategic advantage in understanding and responding to global events.
• This enduring partnership continues to deliver results that make the citizens of all five nations safer by:
  • Sharing foreign intelligence;
  • Supporting joint foreign cyber operations;
  • Ensuring interoperability and redundancy of systems;
  • Conducting classified research of strategic importance; and
  • Communicating threats and guidance jointly.
• This partnership adds weight to public communications when Five Eyes speak as one voice. On joint publications regarding topics like cybercrime, AI, and threats to critical infrastructure, the message is amplified.
• CSE also collaborates closely with like-minded allies in both bilateral partnerships and multilateral forums.

How we accomplish our mission

• At CSE, our people are our greatest strength. Our workforce is made up of dedicated individuals who draw from their diverse skillsets, backgrounds, perspectives and experiences to protect our country, 24/7.
• The complex problems we face require a wide range of perspectives, skills, and mindsets to tackle them, and this means increasing representation at all levels in the organization is a top priority.
• With over 3,800 employees, CSE’s workforce is comprised of a wide range of specialists who are dedicated to keeping Canada and Canadians safe.
• We are a thought leader and pathfinder in emerging digital and cyber technologies, with a research program focused on quantum cryptography, artificial intelligence and advanced analytics.
• Innovation and agility are fundamental to how we execute our mission and increasingly represent the key to our future.
• We operate within a robust oversight and review system and uphold our culture of compliance, lawfulness, and transparency in the conduct of our mandate to maintain the trust and confidence of Canadians.
• We deliver to protect Canadians, defend Canadian values and reinforce Canada’s role as a trusted partner on the world stage.

Mandate

• The CSE Act sets out five aspects of CSE’s mandate: Cyber security and information assurance; Foreign Intelligence; Defensive Cyber Operations; Active Cyber Operations; and Technical and Operational Assistance.
• The Canadian Centre for Cyber Security is the national Cyber Emergency Response Team (CERT).

CSE - Key facts

• Budget 2022 provided CSE with $875.2 million over 5 years.
• Budget 2024 provided CSE with $917.4 million over 5 years.
• In 2024-2025:
  • CSE’s total authorities were just over $1 billion.
  • CSE produced 2,878 foreign intelligence reports.
  • CSE disclosed 10 vulnerabilities to affected vendors.
• The Government is investing $180 million over 6 years to expand CSE’s intelligence collection capacity, enabling CSE to target transnational organized crime and fentanyl trafficking more effectively.

CSE - Workforce

• CSE’s current workforce consists of over 3,800 full-time permanent employees, up by 6% from last year.
• In 2024-2025:
  • CSE hired approximately 339 full-time employees.
  • CSE’s candidate outreach team travelled across the country to participate in over 175 events.
• At CSE, there is a total of 3% attrition.
• CSE is one of Canada's Top Employers for Young People for the 9th year in a row (2017 to 2025).
• For the 10th time, CSE is a Top Employer in the National Capital Region (2013, 2014, 2015, 2018, 2020, 2021, 2022, 2023. 2024, 2025).

CSE – Campus

• CSE is based in Ottawa. We have two locations: the Edward Drake Building (EDB) and 1625 Vanier Parkway.
• The Edward Drake Building (EDB) opened in 2014.
• The EDB is LEED® Gold Certified and is also a recipient of the 2020 BOMA BEST Platinum Certification, an award that recognizes environmental excellence.
• The Vanier building opened in 2018 and is the primary home of the Cyber Centre. Vanier allows us to host outside partners for meetings, conferences, learning events and long-term projects.

CSE - External Review and Ministerial Authorizations

• CSE values independent, external review and oversight of its activities, and has a culture of compliance.
• In 2024-2025:
  • CSE contributed to 25 external reviews and reports, gave 29 briefings to review bodies and answered 412 questions.
  • Of these 25 external reviews, 3 reviews focused on foreign interference in Canada’s federal elections.
  • These reviews were conducted by NSIRA, NSICOP, the Independent Special Rapporteur (ISR) and the Foreign Interference Commission.
• There are currently 12 Ministerial Authorizations which include 4 Cyber Security MAs for Non-Federal Entities, and 4 on foreign cyber operations: ACO-3, DCO-1.
• Chief CSE must seek an Authorization from the Minister of National Defence if either: CSE’s activity may contravene an act of Parliament, or CSE’s activity may interfere with a reasonable expectation of privacy.
• In 2024-25, CSE submitted 8 authorizations to the Intelligence Commissioner and all were approved.

Cyber Centre and industry statistics

• Contact the Cyber Centre by phone at 1-833-CYBER-88 or by email at contact@cyber.gc.ca.
• As of March 2025, 174 federal institutions have deployed cyber defence sensor services to protect their networks and endpoints (host-based sensors, network-based sensors and/or cloud-based sensors.)
• In 2024-2025:
  • Cyber Centre responded to 2,561 cyber security incidents across the GC and Canadian critical infrastructure.
  • 1,155 were federal institutions and 1,406 were critical infrastructure.
• CSE leads the Get Cyber Safe national public awareness campaign. Get Cyber Safe delivers key information via its website and various social media channels so Canadians and small businesses can help protect their digital landscape and stay safe online.
• The CIRA Canadian Shield is a free service for Canadians to protect themselves on their home networks and personal devices.
• Through our pre-ransomware notification initiative, we have provided, in 2024, pre-ransomware notifications to more than 300 Canadian organizations, including organizations in critical infrastructure sectors.
• The Cyber Centre’s motto: Protect, Inform, Empower.
• 3 Rs:
  • Reduce the threat
  • Revise our advice and guidance
  • Recycle the information to help us improve
• In 2024-2025, the Cyber Centre published the following:
  • 29 new guidance publications
  • 20 joint advisories (aka co-badges)
  • 2 major threat assessments
  • 38 bi-weekly threat briefings for IT security professionals in Canada’s critical infrastructure sectors
  • 1,371 supply chain risk assessments
• The Cyber Centre provided 7 “walk the talks” sessions providing valuable actionable information about technical topics and participated in over 200 speaking engagements.
• The NCTA 2025-26 listed five groups as global top ransomware threats (LOCKBIT, ALPHV, CL0P, PLAY, BLACK BASTA).

Cyber threats

• In 2024, Lockbit mostly deployed Ransomware-as-a-service (RaaS). In February 2024, LockBit’s infrastructure was seized by law enforcement and cryptocurrency accounts linked to LockBit were frozen. Some core members were also arrested.
• APT31 is quite persistent in Canada, GOC and the private sector.
• The People’s Republic of China’s (PRC) is the greatest strategic cyber threat.
• Misinformation and Disinformation are a whole of society concern.
• CSE’s mandate includes taking action online to counter these foreign-based threats and advance Canada’s international affairs, defence, or security interests.
  • These foreign cyber operations (FCO) can be either defensive to protect the Government of Canada or systems of importance from malicious cyber activity; or active to disrupt foreign adversaries.

Public reporting

• Cyber Threats to Canada’s Democratic Process - 2017, 2019, 2021, 2023, 2024 (5)
• National Cyber Threat Assessment - 2018, 2020, 2022, 2024 (4)
• CSE Annual Report
• Online Disinformation https://www.canada.ca/en/campaign/online-disinformation.html

Foreign intelligence (Article 16, CSE Act)

Mandate

• Activities must not be directed at Canadians or Persons in Canada, and must not infringe the Canadian Charter of Rights and Freedoms
• Activities Requiring Ministerial Authorization: MA’s protect CSE where our activities would contravene any other act of Parliament (*or of any foreign state for FI, DCO, and ACO only); and/or would interfere with a reasonable expectation of privacy in relation to a Canadian or person in Canada

Conditions

• Activities must be reasonable, necessary, and proportionate
• Unselected information could not be reasonably acquired by other means
• Measures are in place to protect the privacy of Canadians or persons in Canada
• Information identified as relating to a Canadian or a person in Canada will be used, analyzed or retained only if the information is essential to international affairs, defence and security
• Measures to protect privacy:
• Policies, training, retention, suppression, management approvals, ACL, audit, review, DLS, D2
• Canadian Identifying Information (CII) is only disclosed to designated people/classes of people if the disclosure is essential to international affairs, defence, security, or cyber security.
• Information relating to Canadians or persons in Canada may be disclosed to designated people/classes of people if necessary to protect systems of importance

Exceptions

• Using publicly available information that has been published or broadcast for public consumption, is accessible to the public on the GII or otherwise or is available to the public on request, by subscription or by purchase (does not include information where a Canadian or person in Canada has a reasonable expectation of privacy).
• Testing or evaluating products, software, and systems for vulnerabilities
• Analysing information and providing advice regarding foreign investments in Canada to the Ministers of PS/ISED for the purposes of the Investment Canada Act.
• Acquiring, using, analysing, retaining or disclosing infrastructure information for the purpose of research and development, for the purpose of testing systems or conducting cyber security and information assurance activities on the infrastructure from which the information was acquired.

Approvals

• Authorized by Minister of National Defence: MND must have reasonable grounds to believe that the conditions set out in law are met, including that the FI and CS activities are reasonable, necessary and proportionate and that the ACO/DCO activities are reasonable and proportionate.

Oversight

• Approved by Intelligence Commissioner:
• The IC must be satisfied that the ministerial conclusions are reasonable
• The IC approves CSE’s MAs before CSE can conduct any operations.

Review

• NSIRA: National Security and Intelligence Review Agency
• Responsible for reviewing all activities of CSE, and all national security activities across the GC
• NSIRA reviews CSE activities for compliance with the law and ministerial directions, and they review the reasonableness and necessity of CSE’s exercise of its powers
• Investigates any complaints against CSE
• NSICOP: National Security and Intelligence Committee of Parliamentarians
• Reviews CSE activities related to national security or intelligence, including the measures it has in place to protect the privacy of Canadians or persons in Canada

Cyber security and information assurance (Article 17, CSE Act)

Mandate

• Activities must not be directed at Canadians or Persons in Canada, and must not infringe the Canadian Charter of Rights and Freedoms
• Activities Requiring Ministerial Authorization: MA’s protect CSE where our activities would contravene any other act of Parliament (*or of any foreign state for FI, DCO, and ACO only); and/or would interfere with a reasonable expectation of privacy in relation to a Canadian or person in Canada

Conditions

• Activities must be reasonable, necessary and proportionate
• Measures are in place to protect the privacy of Canadians or persons in Canada
• Designation: MND may designate any electronic information, any information infrastructures or any class of either as being of importance to the GC
• Information identified as relating to a Canadian or a person in Canada will be used, analyzed or retained only if the information is essential to identify, isolate, prevent or mitigate harm to systems of importance
• Measures to protect privacy:
• Policies, training, retention, suppression, management approvals, ACL, audit, review, DLS, D2
• Canadian Identifying Information (CII) is only disclosed to designated people/classes of people if the disclosure is essential to international affairs, defence, security, or cyber security.
• Information relating to Canadians or persons in Canada may be disclosed to designated people/classes of people if necessary to protect systems of importance

Exceptions

• Using publicly available information that has been published or broadcast for public consumption, is accessible to the public on the GII or otherwise or is available to the public on request, by subscription or by purchase (does not include information where a Canadian or person in Canada has a reasonable expectation of privacy).
• Testing or evaluating products, software, and systems for vulnerabilities
• Analysing information and providing advice regarding foreign investments in Canada to the Ministers of PS/ISED for the purposes of the Investment Canada Act.
• Acquiring, using, analysing, retaining or disclosing infrastructure information for the purpose of research and development, for the purpose of testing systems or conducting cyber security and information assurance activities on the infrastructure from which the information was acquired.
• Carrying out activities on information infrastructures to identify, isolate, prevent and/or mitigate the activity and/or impact of malicious software on the infrastructure.
• Doing research and development and analysing information in order to provide advice and guidance on the integrity of supply chains and on the trustworthiness of e-communications, equipment and services.

Approvals

• Authorized by Minister of National Defence: MND must have reasonable grounds to believe that the conditions set out in law are met, including that the FI and CS activities are reasonable, necessary and proportionate and that the ACO/DCO activities are reasonable and proportionate.

Oversight

• Approved by Intelligence Commissioner:
• The IC must be satisfied that the ministerial conclusions are reasonable
• The IC approves CSE’s MAs before CSE can conduct any operations.

Review

• NSIRA: National Security and Intelligence Review Agency
• Responsible for reviewing all activities of CSE, and all national security activities across the GC
• NSIRA reviews CSE activities for compliance with the law and ministerial directions, and they review the reasonableness and necessity of CSE’s exercise of its powers
• Investigates any complaints against CSE

• NSICOP: National Security and Intelligence Committee of Parliamentarians
• Reviews CSE activities related to national security or intelligence, including the measures it has in place to protect the privacy of Canadians or persons in Canada

Defensive Cyber Operations (DCO) (Article 18, CSE Act)

Mandate

• Activities must not be directed at Canadians or Persons in Canada, and must not infringe the Canadian Charter of Rights and Freedoms
• Activities Requiring Ministerial Authorization: MA’s protect CSE where our activities would contravene any other act of Parliament (*or of any foreign state for FI, DCO, and ACO only); and/or would interfere with a reasonable expectation of privacy in relation to a Canadian or person in Canada

Conditions

• Activities must be reasonable and proportionate
• The objective of the ACO/DCO operation could not be reasonably achieved by other means
• Any information used to plan/conduct an ACO/DCO operation must be acquired under an FI or cyber security MA
• CSE is strictly prohibited from:
• Intentionally, or by criminal negligence, causing death or bodily harm;
• Interfering with the course of justice or democracy

Exceptions

• Using publicly available information that has been published or broadcast for public consumption, is accessible to the public on the GII or otherwise or is available to the public on request, by subscription or by purchase (does not include information where a Canadian or person in Canada has a reasonable expectation of privacy).
• Testing or evaluating products, software, and systems for vulnerabilities
• Analysing information and providing advice regarding foreign investments in Canada to the Ministers of PS/ISED for the purposes of the Investment Canada Act.
• Acquiring, using, analysing, retaining or disclosing infrastructure information for the purpose of research and development, for the purpose of testing systems or conducting cyber security and information assurance activities on the infrastructure from which the information was acquired.

Approvals

• Authorized by Minister of National Defence: MND must have reasonable grounds to believe that the conditions set out in law are met, including that the FI and CS activities are reasonable, necessary and proportionate and that the ACO/DCO activities are reasonable and proportionate.
• Approved if the Minister of Foreign Affairs is consulted

Oversight

• N/A

Review

• NSIRA: National Security and Intelligence Review Agency
• Responsible for reviewing all activities of CSE, and all national security activities across the GC
• NSIRA reviews CSE activities for compliance with the law and ministerial directions, and they review the reasonableness and necessity of CSE’s exercise of its powers
• Investigates any complaints against CSE

• NSICOP: National Security and Intelligence Committee of Parliamentarians
• Reviews CSE activities related to national security or intelligence, including the measures it has in place to protect the privacy of Canadians or persons in Canada

Active Cyber Operations (ACO) (Article 19, CSE Act)

Mandate

• Activities must not be directed at Canadians or Persons in Canada, and must not infringe the Canadian Charter of Rights and Freedoms
• Activities Requiring Ministerial Authorization: MA’s protect CSE where our activities would contravene any other act of Parliament (*or of any foreign state for FI, DCO, and ACO only); and/or would interfere with a reasonable expectation of privacy in relation to a Canadian or person in Canada

Conditions

• Activities must be reasonable and proportionate
• The objective of the ACO/DCO operation could not be reasonably achieved by other means
• Any information used to plan/conduct an ACO/DCO operation must be acquired under an FI or cyber security MA
• CSE is strictly prohibited from:
• Intentionally, or by criminal negligence, causing death or bodily harm;
• Interfering with the course of justice or democracy

Exceptions

• Using publicly available information that has been published or broadcast for public consumption, is accessible to the public on the GII or otherwise or is available to the public on request, by subscription or by purchase (does not include information where a Canadian or person in Canada has a reasonable expectation of privacy).
• Testing or evaluating products, software, and systems for vulnerabilities
• Analysing information and providing advice regarding foreign investments in Canada to the Ministers of PS/ISED for the purposes of the Investment Canada Act.
• Acquiring, using, analysing, retaining or disclosing infrastructure information for the purpose of research and development, for the purpose of testing systems or conducting cyber security and information assurance activities on the infrastructure from which the information was acquired.

Approvals

• Authorized by Minister of National Defence: MND must have reasonable grounds to believe that the conditions set out in law are met, including that the FI and CS activities are reasonable, necessary and proportionate and that the ACO/DCO activities are reasonable and proportionate.
• Approved if requested, or consented to, by Minister of Foreign Affairs

Oversight

• N/A

Review

• NSIRA: National Security and Intelligence Review Agency
• Responsible for reviewing all activities of CSE, and all national security activities across the GC
• NSIRA reviews CSE activities for compliance with the law and ministerial directions, and they review the reasonableness and necessity of CSE’s exercise of its powers
• Investigates any complaints against CSE

• NSICOP: National Security and Intelligence Committee of Parliamentarians
• Reviews CSE activities related to national security or intelligence, including the measures it has in place to protect the privacy of Canadians or persons in Canada

Technical and operational assistance (Article 20, CSE Act)

Mandate

• Subject to requests from federal law enforcement and security agencies, the Canadian Armed Forces (CAF), the Department of National Defence (DND)

Conditions

• CSE would have the same authority to carry out an activity as the agency requesting the assistance
• CSE would also be subject to any restrictions or conditions placed on the agency requesting that assistance, such as a warrant or applicable law
• In addition, for assistance to DND and the CAF, CSE would:
• Receive a written request from DND or CAF authorized by an appropriate representative
• Comply with all instructions, parameters, and limits of the authorized CAF activity
• Comply with all relevant Ministerial Directives issued by CSE by the MND
• Adhere to agreement or arrangements with DND and CAF
• Comply with all CSE policies and procedures related to the provision of assistance

Exceptions

• N/A

Approvals

• N/A

Oversight

• N/A

Review

• NSIRA: National Security and Intelligence Review Agency
• Responsible for reviewing all activities of CSE, and all national security activities across the GC
• NSIRA reviews CSE activities for compliance with the law and ministerial directions, and they review the reasonableness and necessity of CSE’s exercise of its powers
• Investigates any complaints against CSE
• NSICOP: National Security and Intelligence Committee of Parliamentarians
• Reviews CSE activities related to national security or intelligence, including the measures it has in place to protect the privacy of Canadians or persons in Canada