Cyber-defence agency on the offensive
CSE used its new cyberattack powers to disrupt foreign extremists and cyber-threat actors targeting Canadians: report
Canada’s cyber-defence agency says it has used its new powers to conduct offensive operations to disrupt foreign extremists trying to recruit Canadians to their causes or cripple cybercriminals targeting Canadians.
In 2019, Canada’s Communications Security Establishment (CSE) was granted the ability not only to defend the country’s cyberspace but also to launch foreign cyber operations (in other words, “hacking” operations) to either actively disrupt foreign threats pre-emptively or defend Canadian interests.
In its latest 2021-2022 annual report, CSE published the first, albeit very broad, details about how it has used those offensive powers.
The report lists four cases in which CSE says it has used those hacking powers to date.
Firstly, it says it used offensive attack powers to “disrupt the efforts of foreign-based extremists” who were trying to either recruit Canadians to their cause, operate online or propagate “violent extremist material.” The report does not retail which groups were targeted.
Secondly, CSE has embarked on a “long-term campaign” to cripple or at least hamper cybercriminals’ ability to attack Canadian individuals and organizations, particularly against the “dramatic increase” in ransomware attacks.
“The ability of what some people might have considered state-level cyber capabilities being in the hands of cybercriminals who can create large disruptions in any sector of the Canadian economy or against any connected system is a real concern for us,” CSE Associate Chief Dan Rogers said in an interview.
The agency reported more than 300 known ransomware attacks in 2021, a 151 per cent increase on the previous year though officials contend the crime remains profoundly underreported.
CSE says it has also used its offensive hacking powers to assist the Canadian Armed Forces abroad, but the report gives no details as to where or when. But speaking generally, Rogers said CSE is currently “very focused” on Russia and its “irresponsible behaviour” as a cyber threat.
Finally, CSE says it had a defensive operation in place during the 2021 federal election to counter any attacks on Elections Canada’s electronic infrastructure. But ultimately, the report implies that power was never used.
“Had there been malicious cyber activity targeting the election process, CSE would have been ready to act on it right away,” reads the report.
Rogers said CSE provided briefings during the 2021 election to the panel of public servants tasked with surveilling and ensuring the vote was free and fair and that “the panel did not make a determination that the threshold was crossed and that they needed to make a public statement about the fairness” of the election.
CSE was granted the ability to conduct its own cyberattacks back in 2019, but that power is very circumscribed and requires approval from the minister of national defence as well as the minister of global affairs if the operation is “active” as opposed to “defensive.”
These operations cannot target any Canadian, cause “death or bodily harm” or interfere with foreign justice or democratic systems.
Over the last three years, CSE has been approved to use those powers barely a handful of times, three of which were authorized by the minister of national defence in 2021: two offensive, and one defensive.
Overall, CSE reported just over 2,000 cyber attacks in Canada in 2021-2022, or roughly 5.5 incidents on average every day.
That’s a slight decrease over the 2,206 cases in the previous year, but Rogers says that is more likely due to underreporting of attacks rather than an actual decrease year over year.
“I would not say that the overall trend for cyber incidents is on the decline,” he said.
Rogers said China and Russia remain the biggest cyber threats to Canada, but that CSE is keeping a particularly close eye on the latter since it’s invasion of Ukraine in February.
“Russia has sophisticated cyber capability,” he said. “We and our allies have publicly attributed them as having engaged in irresponsible behavior, including with cyber activity against the energy sector globally.”
“I think that Canadians need to remain vigilant against Russian cyber activity.”
To help curb the risk of successful attacks namely on government organizations, CSE offers a defence system of sensors ready to be deployed to interested departments and agencies.