New National Security Approach Lets Electronic Spy Agency Play Cyber Offence

June 22, 2017 Updated: June 22, 2017

OTTAWA—Canada is going all-in when it comes to cyberwarfare.

Weeks after giving the military permission to start developing cyberweapons and other offensive capabilities, the Trudeau government wants to issue a similar directive to Canada’s electronic spy agency.

New national security legislation unveiled on June 20 would, among other things, let the Communications Security Establishment launch cyberattacks against foreign targets. Those would include potential threats ranging from hackers and terrorists to countries and governments.

The 70-year-old agency’s existing mandate includes protecting computer systems that are deemed critical by the federal government, and only allows for the collection of information from foreign targets.

Those responsibilities would continue under the proposed legislation.

The changes being introduced by the government are necessary to protect Canada in the 21st century, Defence Minister Harjit Sajjan, who is responsible for overseeing the agency, told a news conference.

“Currently we only have a defensive shield,” he said. “We have to wait to be hit.”

The spy agency is also being tapped to help the Canadian military when it comes to developing the latter’s ability to fight online, which was included as part of the Liberal government’s recently released defence policy.

Taken together, the new measures for CSE and the military mark Canada’s entrance into a new realm of warfare.

Taken together, the new measures for CSE and the military mark Canada’s entrance into a new realm of warfare—a realm many of its allies already inhabit but which remains extremely complicated and in flux.

They also come days after the CSE warned that cyberthreats to the democratic process around the world are on the rise, and that Canada faced the risk of cyberattacks during the next federal election in 2019.

Public Safety Minister Ralph Goodale, who introduced the proposed legislation, said the government is matching the new powers being given to CSE with additional checks and balances.

Offensive operations will need advance approval from the defence minister and a new intelligence commissioner, while a new committee will review the actions of CSE and several other agencies each year.

The electronic spy agency will also be forbidden from targeting Canadians or anyone in Canada, except when it comes to collecting or analyzing information for another government department with a warrant.

CSE will be allowed to keep information that it obtains “incidentally”—data that was not expressly sought, but obtained in the process of targeting a legitimate target.

That could stoke concerns about the privacy of Canadians given the CSE’s expanded mandate and revelations, exposed by Edward Snowden in 2014, of the widespread nature of electronic spying globally.

NDP public safety critic Matthew Dube said he was worried the safeguards built into the legislation wouldn’t be enough to ensure CSE’s new powers were being used appropriately.

“The government must explain how they intend to prevent the leaking of cyberweapons into the wrong hands,” he added, “as we saw last month with the global attack based on a vulnerability stolen from an NSA stockpile.”

Hackers reportedly stole a large amount of cyberweapons from the NSA in April, one of which was later used in May to launch the WannaCry attack, which struck different parts of Europe and Asia.

From The Canadian Press