Canadian Intelligence Agency’s Acknowledgement of Active ‘Cyber Operations’ Against Foreign Hackers Is Significant, Experts Say

Canadian Intelligence Agency’s Acknowledgement of Active ‘Cyber Operations’ Against Foreign Hackers Is Significant, Experts Say
A sign for the Government of Canada's Communications Security Establishment (CSE) outside their headquarters in Ottawa in a file photo. The CSE is one of Canada’s primary contributors of intelligence to the Five Eyes network. Sean Kilpatrick/The Canadian Press
Andrew Chen
Updated:

Canada’s cybersecurity agency’s acknowledgment that it is undertaking “foreign cyber operations” is significant as it shows the agency’s willingness to engage in activity that involves questions of authorization of operations in other jurisdictions, and is joining allies in actively deferring cyber threats.

Canada’s Communications Security Establishment (CSE) said Monday that it has both the “active” (offensive) and defensive cyber tools to make it more costly for the foreign hackers behind the growing number of cybercrimes.

“Although we cannot comment on our use of foreign cyber operations (active and defensive cyber operations) or provide operational statistics, we can confirm we have the tools we need to impose a cost on the people behind these kinds of incidents,” CSE spokesperson Evan Koronewski told Global News in a statement.

“We can also confirm we are using these tools for such purposes, and working together with Canadian law enforcement where appropriate against cybercrime.”

Christopher Parson, senior research associate at Citizen Lab, said on social media that the CSE’s acknowledgment of its use of active-defensive cyber tools is a “watershed” moment, showcasing a “sword” that Canada deploys internationally while indicating that the country has joined ranks with its allies in fighting cybercrime.

“What does it mean that CSE has undertaken this kind of operation to disrupt criminals?” Parson wrote on Twitter. “Perhaps most importantly, it’s that our signals intelligence agency is now dealing with criminal activities as part of its mandate in practice, and not just in theory.”

Meanwhile, Parson also said that the decision to rely on its intelligence agency raises questions about whether the federal government has “started giving up on pursuing criminals vis-a-vis the criminal justice system” and the police forces.

“What was the coordination system between the CSE and the RCMP/Public Safety? Was this a case where a case was seen as outside the RCMP’s ability to address and issue and, so, CSE stepped in, or something else?” Parson wrote. “This matters for predicting/understanding future actions by the CSE.”

“These things matter because Canadians need to understand the rules of Internet that are being made without public consultation.”

Experts also warn that conducting an active cyber operation against hackers, criminal groups, or state intelligence agencies situated in a foreign country could violate that country’s sovereignty and international laws, which is why it requires the authorization from both the defence minister and the foreign affairs minister.

Leah West, assistant professor of national security law at Carleton University, wrote on social media that active cyber operations could also violate the CSE Act if done without the consent of the host country. She also noted that the operation can only be directed at non-Canadians outside of Canada.
In an open letter published Monday, the CSE called on the Canadian public to follow the guidelines issued by the agency’s Canadian Centre for Cyber Security (the Cyber Centre) in face of “a marked rise in the volume and range of cyber threats.”

The agency, along with the RCMP, warned that cyberattacks involving ransomware—a type of malware that holds the victims’ device, system, or data hostage in exchange for a ransom—have increasingly targeted Canada’s critical sectors during the COVID-19 pandemic, including health care services, utility organizations, and medium-sized businesses.

“Together with law enforcement, and other federal and international partners, we are working hard to make threat information more publicly available and provide you with specific advice and guidance to help you stay safe from the impacts of ransomware,” the letter stated.

Signed by four federal ministers, the letter also noted that Canada is working closely with its allies to “pursue cyber threat actors and disrupt their capabilities.”