Supplementary Estimates B 2019-20 – Appearance Before the House Standing Committee on National Defense

COMMITTEE INFORMATION & POTENTIAL QUESTIONS

Potential Questions

Estimates Details

  1. What funding is CSE requesting in these Estimates?
    • Transfers included in the Supplementary Estimates (B) will provide necessary funding to enable the Communications Security Establishment to:
      • Operationalize new authorities in the Communications Security Establishment Act;
      • Fund research that will ensure CSE can keep pace with advancements in quantum technology;
      • Secure cloud services used by the Government of Canada; and
      • Transfer funds to Global Affairs Canada for staff posted abroad.
  2. How will these funds help ensure Canada’s cyber security?
    • CSE has three items in these Estimates that will help protect Canada’s cyber security.
    • First, CSE is requesting a combined transfer of $6.9M from the Department of National Defence for joint initiatives.
    • This transfer will enable CSE to operationalize its new authorities under the Communications Security Establishment Act to provide assistance to National Defence on cyber activities.
    • Second, CSE is also requesting a transfer of $4.7M from Shared Services Canada to support security monitoring for the cloud based Digital Communications and Collaboration Program (DCCP).
    • This program will ensure that Government of Canada departments using various cloud services will be able to communicate securely up to the Protected B classification.
    • Finally, CSE is transferring $80,000 to the Department of National Defence to be redirected to the Natural Sciences and Engineering Research Council (NSERC) to support research in quantum technologies.
    • CSE is supporting research and development projects relating to quantum technology to ensure it is able to assess both the threats and opportunities posed by advances in this field.
  3. How does the Government evaluate how much we are spending on cyber security and whether it is enough funding? How do we know it is enough?
    • Like all Government of Canada departments and agencies, CSE has performance measurement indicators to evaluate the effectiveness of its programs.
    • Performance measurement is very important in the stand up the new Cyber Centre and as we look to fully integrate the functions of other government departments, including Shared Services Canada and Public Safety.
    • More broadly, the Government of Canada’s National Cyber Security Action Plan for 2019-2024 provides a whole of government roadmap for how to implement the three major goals identified in the 2018 National Cyber Strategy.
    • For CSE, the Action Plan includes several CSE-led initiatives, with corresponding milestones.
    • For example, under the goal of “secure and resilient systems”, CSE is looking to prepare the Government of Canada for advances in quantum technology. Funds in these Supplementary Estimates (B) for research and development in this area will help us meet this goal.
    • Ultimately, when it comes to investments in cyber security, CSE’s goal is that the security of information systems of importance to the Government of Canada is strengthened.
  4. What joint initiatives between CSE and DND are being funded in these Estimates?
    • In these Estimates, the Department of National Defence is transferring $6.9 million to CSE to, in part, plan, coordinate, and monitor the efforts to establish a unified approach to foreign cyber operations.
  5. Why is Shared Services Canada (SSC) transferring funds to CSE in these Estimates?
    • Shared Services Canada is transferring $4.7 million to CSE to support the Digital Communications and Collaboration Program (DCCP).
    • This program will help ensure that Government of Canada departments using various cloud services will be able to communicate securely up to the Protected B classification.
    • In support of this program, CSE is responsible for the initial development of the cyber security services and incident management capabilities necessary to protect cloud-based services.
    • CSE continues to assess its role in DCCP and avenues for funding requirements.
  6. What joint co-operative research and development is CSE funding in these Estimates?
    • In these Estimates, CSE is transferring $80,000 to National Defence to support joint research on quantum computing and communications.
    • This important research will help ensure that CSE is able to assess both the threats and opportunities posed by advances in quantum research.
    • Grants enable CSE to leverage external, cutting-edge expertise, increases CSE’s presence and reputation in this field, and will serve as a workforce multiplier.
  7. What kind of administrative support does CSE require from Global Affairs Canada for departmental staff located at liaison offices abroad?
    • CSE is transferring $0.7 million ($738,869) to GAC for administrative support to CSE liaison office positions.
    • GAC is a common service provider for Government of Canada operations abroad and receives compensation for the cost of staff being posted abroad by other government departments.
    • This funding will ensure that our liaison offices can operate effectively.

Other Potential Questions

  1. What is CSE doing about Huawei and the development of Canada’s 5G network?
    • CSE takes the security of Canada’s critical infrastructure very seriously.
    • 5G networks will be a key driver of innovation and enabler of new technology.
    • While I cannot comment on specific companies, the Government is currently reviewing its approach to emerging 5G technology.
    • CSE’s expertise and experience will be important in assessing cyber threats and risks, as well as providing advice and guidance about possible mitigations.
    • CSE and the Cyber Centre will continue to contribute to the development of cyber security best practices that can be promoted in the interests of Canada’s national and economic security.
  2. What is CSE’s Security Review Program?
    • As part of its cyber security mandate, CSE works with telecommunications service providers representing over 99% of Canadian subscribers.
    • In this role, CSE provides advice and guidance to mitigate supply chain risks in telecommunications infrastructures upon which Canadians rely, including, since 2013, the Security Review Program that has been in place to test and evaluate designated equipment and services considered for use on Canadian 3G and 4G/LTE networks.
    • Third party labs accredited by CSE perform this testing. CSE’s role includes accrediting the third party labs that perform this assurance testing and defining the testing requirements. CSE reviews the testing results and provides tailored advice and guidance to Canada’s telecommunications sector.
    • CSE, through its Canadian Centre for Cyber Security, will continue to work in collaboration with all relevant TSPs vendors, service providers, laboratories, and allies to help deliver secure and resilient Canadian systems.
    • While non-disclosure agreements prohibit CSE from disclosing further details of this testing process, Canadians can be assured that the Government of Canada is working to make sure the strongest protections possible are in place to safeguard the systems Canadians currently rely on.
  3. According to the 2018-19 Annual Report of the Office of the CSE Commissioner (OCSEC), CSE targeted a foreign national identified as possibly holding Canadian citizenship from 2010 to 2015. What happened in this case?
    • As reported in OCSEC’s most recent annual report, CSE inadvertently targeted a foreign national identified as possibly holding Canadian citizenship from 2010 to 2015.
    • This incident was discovered, reported, and fully mitigated in 2018, when a Second Party inquiry drew CSE’s attention to the fact that this incident had not been fully addressed.
    • CSE took all appropriate steps to mitigate this incident and prevent it from happening again.
    • The Commissioner was satisfied that CSE’s mitigative actions were adequate and undertaken in a timely manner.
  4. How did the coming into force of the Communications Security Establishment Act change CSE’s authorities?
    • The Communications Security Establishment Act gave CSE new authorities which are needed to keep up with rapid advancements in technology.
    • These new authorities enable CSE to work more effectively and proactively to protect Canada and Canadians.
    • CSE is now able, upon request, to deploy its cyber defence services to protect Canada’s critical infrastructure and other important systems.
    • CSE is also now authorized to undertake active and defensive cyber operations to defend Canada’s cyber security and to support broader government priorities.
    • At the same time, CSE is also now subject to a new oversight and accountability regime to ensure the protection of the privacy of Canadians.