Canada’s electronic intelligence agency says it’s waging a “long-term” campaign aimed at degrading cyber criminals’ abilities to target Canadian individuals and institutions.
The Communications Security Establishment (CSE) has been warning for some time that “ransomware” attacks – where hackers lock up or steal data and demand money for its return – are a growing threat for Canadian individuals and institutions.
The agency’s latest annual report, released Tuesday, made clear CSE believes that threat will remain persistent for the foreseeable future.
CSE is “not under the illusion that we’re going to fix that problem in the short term,” Dan Rogers, the agency’s associate chief, said in a rare interview Tuesday.
“We realize this is a long-term problem and something that’s going to affect Canadians for some time.”
The agency reported late last year it was aware of 235 ransomware attacks in Canada between January and November of 2021, and that half of those attacks were directed at critical infrastructure providers – which includes sectors like health, manufacturing and energy.
Get daily National news
It’s almost certain that many more attacks go unreported to federal authorities. But the most high-profile incidents – like last year’s attack on Colonial Pipeline, which stalled oil products to the U.S. East Coast – have driven home how costly and impactful ransomware can be.
Global News first reported in December 2021 that CSE was using new powers to target cyber criminals. It was the first time the agency has acknowledged the use of new “active cyber operations” authorities, which allow CSE to “disrupt the capabilities” of foreign threats to Canada.
But it also raised questions about the state agency targeting criminal groups abroad. CSE is specifically prohibited from using its offensive powers to interfere with “the course of justice.”
Rogers said the agency consults “a huge breadth of stakeholders” about foreign cyber operations, particularly when CSE is going after a criminal group.
“It kind of goes without saying that we work closely with the RCMP, with (the Canadian Security Intelligence Service), with Public Safety, but not just with them,” Rogers said.
“Within our Five Eyes context and even broader international contest, we have to make sure that we’re (not conflicting with) law enforcement, that we’re not interfering with the investigation and that we’re taking actions that are the most reasonable actions to be taken.”
What exactly those actions are, however, remains largely secret from the Canadian public.
CSE’s report indicated that in 2021 the government authorized three cyber operations – two “active” or offensive, one defensive. But because a single authorization could permit CSE to launch multiple operations, it is difficult to know the scale of the agency’s activities in this space.
While Rogers suggested the latest report was more forthcoming about the kinds of “active” operations the agency could engage in, he acknowledged the balance between operational secrecy and public transparency will continue to “evolve.”
Comments