Skip to main content

Cyberspy agency monitored last federal election for cyber attack

A woman uses a computer keyboard in North Vancouver, B.C., on December 19, 2012. File photo by The Canadian Press/Jonathan Hayward

Canada's cyberspy agency launched a defensive operation to protect last year's federal election — including the party leaders' debate — from disruption by foreign agencies.

The operation was designed to disrupt hostile cyber activity aimed at the voting system, as well as to protect political parties from foreign interference, the Communications Security Establishment said in its annual report released on Tuesday.

The agency said it established strong and effective measures to protect the electronic infrastructure used by Elections Canada.

"CSE has the capabilities and the legal mandate to disrupt malicious online activity that threatens Canada's democratic processes," the report said.

"Had there been malicious cyber activity targeting the election process, CSE would have been ready to act on it right away."

Cyberspy agency launched operation to protect federal #election from foreign attack. #CDNPoli #Cybersecurity #CSE

The agency said it reached out to all registered parties to determine their cybersecurity concerns and offered guidance and threat briefings to meet those priorities.

It also worked with the Leadership Debates Commission and the debate venue to review their information-technology infrastructure and provide cybersecurity advice, it said.

The agency also said it disrupted attempts by foreign-based extremists, including those affiliated with Islamic militant groups, to recruit Canadians and disseminate violent propaganda here.

As part of its role in combating cybercrime, it removed 11,500 fake websites in Canada, including phoney government sites, and emails designed to trick Canadians into sharing personal information or clicking on infected links.

It also thwarted and exposed Russian disinformation campaigns, including claims that Russia was only attacking military targets in Ukraine.

Like the United Kingdom and United States, Canada's cyberspy agency declassified intelligence to spike campaigns from Russia to spread falsehoods about the war in Ukraine.

In the weeks leading up to the invasion of Ukraine, it warned Canadian critical infrastructure organizations, such as national communications companies, to bolster their defences against Russian-backed cyber threats.

CSE intercepts and analyzes electronic communications and other foreign signals so it can alert the government about the activities of foreign entities that seek to undermine Canada’s national security.

Foreign-based threats it reported on included espionage, including attempts to steal trade and business secrets, kidnappings of Canadians abroad, terrorism and extremism and threats to Canadians and Canadian Forces abroad.

The agency is banned by law from spying on Canadians at home and abroad as well as people in Canada. It is not allowed to disclose their names, email addresses or computer IP addresses if it comes across them in the course of its work — for example, while monitoring communications by a foreign extremist.

However, other federal agencies and foreign partners who receive these reports can ask for details of the information of Canadians if they have legal authority and proper justification.

The report disputes the national intelligence watchdog’s finding last year that more than one-quarter of the spy agency’s 2,351 disclosures of information about Canadians over a five-year period were not sufficiently justified.

The National Security and Intelligence Review Agency said in a report last June the CSE released additional personal information to clients beyond what was requested and explained this to be a standard practice.

The spy agency’s report on Tuesday said after a detailed analysis and consultations with government partners, it’s satisfied that all but one of the disclosures was compliant with the Privacy Act. The lone disclosure that was not compliant has been retracted and the data has been purged by the receiving institution, it said.

Foreign cyber operations are the newest part of the spy agency's mandate.

In 2019, it was given legal authority to take action in cyberspace against foreign adversaries to protect Canada with defensive and "active" cyber operations, which have to be authorized by the defence minister.

Daniel Rogers, associate chief of the Communications Security Establishment, said its foreign intelligence activities included tackling "violent extremism of all forms," a government priority.

He said the CSE is using its "capabilities to help disrupt some of these foreign threats."

"Through this annual report we have strived to be as transparent as possible about the nature of those operations," he said.

The report also said it had helped encrypt top secret material and secure sensitive communications between government ministers and civil servants.

This was particularly important in the pandemic when people were working in remote locations and required encrypted video links.

"We supply devices that allow ministers and senior officials to communicate securely from anywhere. In February 2021, we partnered with the Privy Council Office and Shared Services Canada to add secure video to meet the ongoing need for virtual meetings at the classified level," it said. "Demand for these services continued to grow this year."

This report by The Canadian Press was first published June 28, 2022.

Comments