Global Courant
The head of Canada’s cyber-espionage agency says Canadian individuals, organizations and critical infrastructure all face heightened threats from cybercriminals looking to gain economic advantage or punish people for supporting Ukraine.
In her first interview as head of the Communications Security Establishment (CSE), the federal agency responsible for signals intelligence and cyber defense, Caroline Xavier told CBC’s The House that ransomware attacks are growing in popularity among cybercriminals. And security services cannot fight back without the help of the public, she added.
“It can’t just be the government’s fault. We all have to do our part,” Xavier told host Catherine Cullen during the interview, which will air on Saturday.
Even simple steps, such as keeping software updated and aware of everyday scams, can help reduce risk across the board, she said. The CSE has compiled a series of guides for individuals and organizations across the country to improve their online defenses.
The House5:53 pmInside Canada’s secret cyber-espionage agency
“We talk about phishing and emails that can get into your organization and pay close attention to who sent them to you,” said Xavier. “We tell you that for a reason, because it only takes one click to get into a brand new game that you didn’t expect.”
The CSE has previously warned Canadians about online risks, but the threat has become even more apparent in recent years with a series of high-profile attacks.
The agency said earlier this year that a cyber actor at one point had “the potential to cause physical damage” to a piece of critical infrastructure in Canada. Hydro-Québec suffered a cyber attack on its website in April. Attacks on disparate targets, such as the Newfoundland and Labrador health system and the bookseller Indigo, have shut down key systems or exposed Canadians’ personal information.
Hackers temporarily shut down a series of Canadian government websites earlier this year, coinciding with the visit of Ukrainian Prime Minister Denys Shmyhal.
“It is not unusual for Russian hackers to target countries showing their steadfast support for Ukraine… so the timing is not surprising,” Prime Minister Justin Trudeau said at a joint press conference with Shmyhal in April.
Prime Minister Justin Trudeau and Ukrainian Prime Minister Denys Shmyhal participate in a joint press conference at the Royal York hotel in Toronto on April 11, 2023. (Evan Mitsui/CBC)
Xavier cited last year’s colonial pipeline attack in the United States as an example of a dangerous attack on critical infrastructure. The CSE released a report this week outlining the threat to Canada’s oil and gas industry from bad online actors.
“Imagine if you get to a gas distribution and the pressure rises, it could potentially explode and that could be very damaging to a local neighborhood or people around it, for example,” Xavier said.
The likelihood of such an attack by a state-sponsored actor in the absence of outright hostilities is very low, the CSE report said.
People are getting frustrated with standing in line for more than an hour for gas in Greensboro, NC on Tuesday, May 11, 2021 after the Colonial Pipeline was shut down due to a cyber-attack on Friday. The pipeline supplies about 45 percent of the fuel consumed on the US East Coast (Woody Marshall/Associated Press)
Still, the pace of attacks by foreign actors has increased since Russia’s invasion of Ukraine last year, she added.
“We certainly see an increase in cybercrime or people who may be passionate about the cause of the Russians rather than the Ukrainians, who may want to use these opportunities to harm those who mainly support Ukraine,” she said.
Steve Waterhouse, a cybersecurity expert and lecturer in information security at the Université de Sherbrooke, told CBC in April that the Hydro-Quebec attack didn’t seem to be about gaining access or getting information — “at least not right now.”
“It’s really just to protest Canada’s involvement in Ukraine,” he said.
3 authorizations for cyber operations
In 2019, Canada armed the CSE with the legal ability to strike back against cyber-attackers, although such actions require authorization from the Secretary of Defense.
The CSE has announced that it has received three authorizations for cyber operations in 2021. (It may disclose further activities in its 2022 annual report.)
“We have used our overseas cyber operations to disrupt what we would perceive as cybercriminals who may want to target certain Canadian government systems,” Xavier told Cullen.
Xavier gave no additional details about the nature of the operations. According to the annual report, CSE’s actions disrupted efforts by foreign-based extremists to “recruit Canadian nationals … operate online” and “spread violent extremist material.”
“We can’t discuss when and where we do it,” Xavier said.
Caroline Xavier, head of the Communications Security Establishment, speaks with the CBC’s Catherine Cullen at the CSE’s Visitor Center on June 21, 2023. (Jean-Francois Benoit/CBC)
She also declined to say which groups or organizations — or countries — were targeted by those actions, downplaying the significance of the specific target.
“My focus is usually (on) wanting to make sure I’m following the actual action, rather than being consumed with exactly who the actor is at the time,” she said.
Canadian intelligence agencies have repeatedly identified China, Russia, Iran and North Korea as the top foreign cybersecurity threats.