CSE stopped billions of malicious actions against federal IT networks: Report

Canada’s signals intelligence agency protected federal IT networks from an average of 6.3 billion malicious actions a day — such as attempts to deploy malware — in the last fiscal year, as well undertaking three foreign cyber operations against targets outside the country, according to its latest annual report.

The Communications Security Establishment, the country’s foreign signals intelligence agency, gave that example of its work Thursday, releasing the public version of its annual report covering 12 months ending March 31st.

CSE’s mandate includes taking action online to counter foreign-based threats and advance Canada’s international affairs, defence, or security interests. To that end, in 2022 the government authorized three foreign active cyber operations, the report says. No details were provided about what was done. An active cyber operation could include bringing down a criminal or nation-state IT service.

As of March, the CSE had deployed host-based sensors in 85 federal institutions (up from 79 in 2022), including protections on 860,000 devices; cloud-based sensors in 72 federal institutions; network-based sensors in 84 federal institutions; and virtual network-based sensors in five federal institutions.

This year it also deployed over 5,100 host-based sensors to protect an unnamed non-federal institution that was experiencing what the report calls a serious cyber incident. It isn’t known if this refers to a cyber attack on a Canadian pipeline that a Russian gang took credit for. Prime Minister Justin Trudeau confirmed there was an attack, adding that it caused no physical damage.

Part of the Department of National Defence, the CSE has an annual budget of $948 million and 3,232 full-time employees. Its latest chief is Caroline Xavier. CSE is overseen by the National Security and Intelligence Review Agency (NSIRA) and the National Security and Intelligence Committee of Parliamentarians (NSICOP).

Its outward-facing division, the Canadian Centre for Cyber Security, which advises the public and private sectors, produces the annual National Cyber Threat Assessment.

The report discloses a number of ways CSE and the Cyber Centre help the private sector:

— discovering several high-impact vulnerabilities that were disclosed to the affected vendors;

—  offering a malware detection and analysis platform called Assemblyline, where companies and defence sensors can submit suspicious files for analysis. It scans a billion files a year;

— offering Aventail, an automated threat intelligence and indicators of compromise sharing service;

— holding The Big Dig, a two-week annual classified cyber security workshop with select companies, government staff, and members of the Five Eyes intelligence partners to find ways to speed up detection and mitigation of malware, build an analysis platform “in a box” to deploy to non-government victims of cyber attacks, and ways of protecting internet-connected industrial devices;

— creating, with Public Safety Canada, the Canadian Cyber Security Safety Tool (CCST), a self-assessment tool for critical infrastructure providers such as hospitals, utilities, transport companies, financial services, and telecom providers.

During the fiscal year, Public Safety Canada and the Cyber Centre ran a pilot program with 18 municipalities, who used the CCST to help identify gaps in their cyber security, identify priorities and create action plans.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Featured Tech Jobs


CDN in your inbox

CDN delivers a critical analysis of the competitive landscape detailing both the challenges and opportunities facing solution providers. CDN's email newsletter details the most important news and commentary from the channel.