Canada’s cybersecurity agency’s acknowledgment that it is undertaking “foreign cyber operations” is significant as it shows the agency’s willingness to engage in activity that involves questions of authorization of operations in other jurisdictions, and is joining allies in actively deferring cyber threats.
Canada’s Communications Security Establishment (CSE) said Monday that it has both the “active” (offensive) and defensive cyber tools to make it more costly for the foreign hackers behind the growing number of cybercrimes.
“We can also confirm we are using these tools for such purposes, and working together with Canadian law enforcement where appropriate against cybercrime.”
“What does it mean that CSE has undertaken this kind of operation to disrupt criminals?” Parson wrote on Twitter. “Perhaps most importantly, it’s that our signals intelligence agency is now dealing with criminal activities as part of its mandate in practice, and not just in theory.”
Meanwhile, Parson also said that the decision to rely on its intelligence agency raises questions about whether the federal government has “started giving up on pursuing criminals vis-a-vis the criminal justice system” and the police forces.
“What was the coordination system between the CSE and the RCMP/Public Safety? Was this a case where a case was seen as outside the RCMP’s ability to address and issue and, so, CSE stepped in, or something else?” Parson wrote. “This matters for predicting/understanding future actions by the CSE.”
“These things matter because Canadians need to understand the rules of Internet that are being made without public consultation.”
Experts also warn that conducting an active cyber operation against hackers, criminal groups, or state intelligence agencies situated in a foreign country could violate that country’s sovereignty and international laws, which is why it requires the authorization from both the defence minister and the foreign affairs minister.
The agency, along with the RCMP, warned that cyberattacks involving ransomware—a type of malware that holds the victims’ device, system, or data hostage in exchange for a ransom—have increasingly targeted Canada’s critical sectors during the COVID-19 pandemic, including health care services, utility organizations, and medium-sized businesses.
“Together with law enforcement, and other federal and international partners, we are working hard to make threat information more publicly available and provide you with specific advice and guidance to help you stay safe from the impacts of ransomware,” the letter stated.
Signed by four federal ministers, the letter also noted that Canada is working closely with its allies to “pursue cyber threat actors and disrupt their capabilities.”