Canada Fighting “Billions” of Attacks a Day, Cyber Agency Says
The annual reports from Communications Security Establishment Canada make for unexpectedly good reading. In recent years, the intelligence and cybersecurity agency has intercepted foreign espionage efforts, extremist networks, cybercriminal crews, and sprawling disinformation campaigns. The newest edition recounts how, in 2024, its units shut down a ransomware threat aimed at a Canadian industrial sector in only forty-eight hours.
The CSE patrols a vast digital turf, its most critical work largely invisible to the public. But as it prepares to turn eighty, the organization’s role has never been more central, with Canada’s most basic systems—from energy infrastructure to elections—now prime targets for adversaries.
CSE origins stretch back to 1941, when Canada created the Examination Unit (XU), the country’s first civilian bureau devoted to breaking and protecting coded communications. During the war, the XU decrypted enemy messages and forged intelligence relationships that would later anchor today’s Five Eyes alliance. The bureau’s success convinced Ottawa that understanding foreign networks was strategically indispensable, and, in 1946, the Communications Branch of the National Research Council was established—what we now know as CSE.
In the conversation that follows, I spoke to CSE chief Caroline Xavier, by email, about that legacy and the challenges facing the agency today.
Looking back, what would you say are the biggest changes that have affected the organization?
From its earliest days, CSE has operated behind the scenes. As technology evolved, so did CSE. We embraced computing early, becoming Canada’s largest supercomputer user by the mid-1990s. The fall of the Berlin Wall and the end of the Cold War challenged us to redefine our mission. We responded by expanding our workforce, recruiting linguists, engineers, and computer scientists, and fostering a more diverse and multidisciplinary organization.
The events of 9/11 reshaped global security, and CSE’s role was formally recognized under Canada’s Anti-Terrorism Act. In 2011, we became a stand-alone agency. And in 2019, the CSE Act expanded our mandate to include active and defensive foreign cyber operations. Another major milestone came in 2018 with the launch of our Canadian Centre for Cyber Security, or Cyber Centre. This unites cyber experts from across government, and has positioned us as a world-class authority on cybersecurity, defending Government of Canada networks.
Today, we block billions of malicious actions daily, respond to thousands of cyber incidents annually, and issue pre-ransomware alerts that save Canadian organizations millions of dollars.
How big is CSE?
From sixty-two employees in 1946 to over 3,800 today. We publish reports and advisories like the National Cyber Threat Assessment and Threats to Canada’s Democratic Processes. Our latest annual report highlights our work across foreign signals intelligence, cyber operations, Arctic security, and critical infrastructure protection. In it you will read about how, last year alone, we produced over 3,000 foreign intelligence reports, responded to more than 2,000 cyber incidents, and issued 336 pre-ransomware notifications—preventing up to 148 incidents and saving an estimated $6 to $18 million.
Compared to allies like the United States and United Kingdom, what is the greatest cyber threat facing Canadians? What makes us uniquely vulnerable?
Many of the challenges we face are shared with our partners. This underscores the importance of international co-operation. The most significant threats come from state-sponsored cyber actors who are growing more assertive. These adversaries target Canadian government institutions, critical infrastructure, and private sector organizations to steal sensitive data, disrupt services, and influence public discourse. Their attacks are becoming more sophisticated and persistent.
The most persistent threat?
Ransomware. It remains the most pervasive cybercrime affecting Canadians. The attacks are not just costly; they can cripple essential services like health care, energy, and transportation, putting lives and livelihoods at risk.
Why so pervasive?
A number of reasons. First, as a member of Five Eyes, and a vocal advocate of democratic values, Canada is a high-value target for adversaries seeking to undermine Western institutions. The strategic value of our private sector and world-class universities further increases our exposure to cyber threats.
That exposure is compounded by vulnerabilities closer to home. Our critical infrastructure is often decentralized, managed at provincial and municipal levels, which can result in inconsistent cybersecurity standards and coordination challenges. The cybercrime ecosystem is highly interconnected and often knows no borders, as we see play out when threat actors target large companies that provide services to the US as well as Canada.
Additionally, many small and mid-sized Canadian organizations face resource constraints that limit their ability to implement robust cybersecurity defences. And, of course, the growing use of artificial intelligence by threat actors, combined with our reliance on a small number of technology providers, introduces new risks that are difficult to mitigate quickly.
How has CSE addressed all that?
We’ve taken decisive action. For example, at the 2025 Symposium on Digital Trust and Cyber Security, federal, provincial, and territorial governments signed a landmark agreement to strengthen cyber collaboration. Then there’s our Cyber Centre. One of our recent initiatives, the Cyber Security Readiness Goals, offers practical, achievable actions that organizations can take to build resilience against the most common and damaging threats, including ransomware.
It’s striking how closely you work with public organizations.
We emphasize the importance of public–private collaboration, threat intelligence sharing, and proactive risk management. Cybersecurity is a shared responsibility, and our collective defence depends on coordinated action across government, industry, and civil society. We encourage all Canadians to explore our latest National Cyber Threat Assessment to better understand the trends we’re seeing and the steps we can all take to stay secure.
AI is transforming both cyberattacks and defences. What role does it play in CSE’s current operations, and what concerns does it raise?
There’s no question AI is rapidly reshaping the cyber landscape. It now plays a dual role in our operations. It strengthens our defences and sharpens our threat detection, but it also introduces new risks that demand constant vigilance.
On the defensive front, CSE uses AI and machine learning to automate threat detection, spot anomalies in massive data streams, and accelerate incident response. These tools help us identify patterns in malicious activity faster and more accurately than ever before. But AI isn’t just a tool. It can be a weapon. Malicious actors, including state-sponsored groups, are using AI to supercharge cyberattacks. From crafting convincing phishing campaigns to automating vulnerability scans and spreading disinformation, AI is amplifying the scale and sophistication of threats. Our 2025 update on threats to Canada’s democratic process highlights how AI is being weaponized to spread disinformation, harass public figures, and interfere with elections.
Lastly, AI systems themselves are becoming prime targets. If compromised, they leak sensitive data or make flawed decisions with serious consequences. That’s why the Cyber Centre emphasizes the need for secure design, deployment, and continuous monitoring of AI technologies.
What is CSE’s role in combatting disinformation?
CSE plays a vital role, but we want to be clear: CSE does not monitor domestic communications or social media. Our mandate is strictly focused on foreign signals intelligence and protecting government systems from cyber threats.
Our contribution is more visible through the Security and Intelligence Threats to Elections Task Force, alongside Canadian Security Intelligence Service, the Royal Canadian Mounted Police, and Global Affairs Canada. Together, we identify and reduce threats to Canada’s democratic institutions, including foreign interference and disinformation campaigns targeting voters, political parties, and media.
Through our Cyber Centre, we provide technical expertise and public guidance, especially during elections. We don’t moderate content or surveil platforms, instead we empower Canadians to think critically. For example, in partnership with the Canadian Anti-Fraud Centre, we issued an alert about high-level officials being impersonated by threat actors—tactics that, while not traditional disinformation, can still mislead the public and distort democratic discourse.
CSE’s work is split between threats from hostile governments and threats from international criminal networks.
Yes. We’re guided by the government’s intelligence priorities, which focus on national security, economic prosperity, Arctic sovereignty, and democratic institutions. That includes confronting state-sponsored threats, like espionage, malicious cyber activity, and foreign interference. It also includes monitoring violent extremist groups—sometimes, but not always, aligned with hostile nation states—and countering criminal activity, such as ransomware and data theft.
How do you do all this?
What sets CSE apart is our integrated mandate, combining foreign signals intelligence, cyber defence, and foreign cyber operations under one roof. This allows us to respond effectively across a broad threat landscape. Hostile governments often pursue long-term strategic objectives, while criminal networks are typically financially motivated—but both actively target Canadians and Canadian interests. Also, we don’t do this work alone. CSE works closely with domestic partners, including law enforcement, and international allies.
In the context of new attention to border security issues, is CSE being drawn more into the fight against organized crime?
In alignment with the Prime Minister’s Directive on Transnational Crime and Border Security, CSE plays a key role in Canada’s efforts to disrupt transnational organized crime, particularly as part of the enhanced focus on fentanyl trafficking. CSE has always provided foreign intelligence coverage of transnational crime and illegal drug supply chains. What’s new here is the additional investment and the renewed domestic and international coordination. It’s going to help all of us within Canadian and US law enforcement institutions to better identify, monitor, and stop high-risk individuals and drugs from crossing Canadian borders.
How would you describe the new powers the establishment was given in legislation in 2019? Can you explain the purpose of these powers and how effective they have been?
In 2019, CSE was granted new legislative authorities to conduct both active and defensive cyber operations. Active operations disrupt foreign threats to Canada’s security and interests, while defensive operations safeguard critical systems during major cyber incidents. That means we can do more than simply collect and report on these threats. We also take action to degrade the ability of foreign actors who would do us harm.
I think when Canadians hear “new powers,” they get worried.
These operations are strictly limited to foreign targets and must comply with Canadian law, international law, and established norms of responsible state behaviour in cyberspace. All foreign cyber operations activities are subject to CSE’s robust system of independent review, including by the National Security and Intelligence Review Agency and the National Security and Intelligence Committee of Parliamentarians. CSE has been found to be compliant in all of the reviews completed to date.
What is CSE’s contribution to achieving security in the Arctic?
Canada has a long history of co-operation with Arctic states, leading international multilateral meetings and maintaining productive bilateral ties. That extends to being a key partner in bridging the intelligence gap to address the complex range of threats facing the territory. We continue to invest to meet the growing demand for intelligence from a variety of Arctic stakeholders—domestic partners and international allies alike.
Here at home, CSE works closely with the Canadian Armed Forces to reinforce Arctic sovereignty and support continental defence. This includes providing tailored foreign intelligence, communications security, and cybersecurity capabilities. We support the Royal Canadian Navy and the Royal Canadian Air Force as they patrol the high north. As part of Canada’s joint command of NORAD, we provide indications and warning of Russian aircraft activity and monitor naval-based threats. Our Operational Production and Coordination Centre ensures 24/7 response readiness.
In the past year alone, CSE shared 196 intelligence reports on Arctic security with twenty Government of Canada departments and international allies. These reports covered foreign states’ strategic intentions, military capabilities, technological advancements, economic interests, and research activities in the region.
Can you explain the ways that CSE is helping Ukraine since Russia’s invasion?
Canada has remained a steadfast supporter of the Ukrainian people in their fight for sovereignty. CSE has played a critical role in this support. In October 2022, the minister of national defence announced approximately $2 million in funding to provide satellite communications services for the country. This joint initiative between the Canadian Armed Forces, Department of National Defence, CSE, and satellite operator Telesat came into effect in April 2023.
We’ve worked closely with domestic partners and international allies to provide actionable intelligence and cyber defence capabilities to protect both Canadian and Ukrainian interests. CSE has supplied the Government of Canada with foreign intelligence to inform sanctions, monitor malicious Russian cyber activity targeting the country, Ukraine, and NATO allies. We also protect Canadian diplomatic and military personnel operating in the country. We support Operation Unifier, the Canadian Armed Forces’ training mission in Ukraine. In addition, we collaborate with allied intelligence agencies to address high-priority intelligence needs and bolster Canada’s defences against Russian-backed cyber threats.
Anything notable you can share?
One of the most significant actions was the designation of Ukraine and Latvia’s electronic networks as “Systems of Importance” to the Government of Canada in March 2022. This designation, made by the minister of national defence under the CSE Act, marked the first time such powers were used for entities outside Canada. It enabled CSE to provide direct cybersecurity assistance to both countries. Since then, CSE has notified Ukraine of hostile cyber activities targeting its national infrastructure and identified vulnerabilities in its network systems. This work is based on data shared by Ukrainian authorities.
CSE has also deployed cyber experts to Latvia at the request of its government. Over the course of eight deployments since spring 2022, Canadian cyber teams have helped investigate cyber incidents, conducted threat hunting operations, identified adversarial activity, provided training and tools, and improved coordination between Canada and NATO allies. These efforts have significantly strengthened Latvia’s cyber resilience and demonstrated Canada’s commitment to defending NATO’s eastern flank.
There’s a public face to this work too?
The Cyber Centre has also issued public reports and joint advisories with Five Eyes partners on Russian-linked cyber threats, providing briefings to critical infrastructure and provincial governments. We also work to counter Russian disinformation about the invasion. In 2022, the Cyber Centre released declassified intelligence on social media for the first time, exposing false claims and helping Canadians identify disinformation. These posts reached more than 650,000 views by March 2023.
CSE has a deep intelligence-sharing relationship with the US. Has that relationship changed?
Our relationship with the US remains strong and deeply rooted in mutual strategic interest. As a proud and valuable member of the Five Eyes, we have maintained close partnerships for nearly eighty years. The history of our organizations is, in many ways, a shared and intertwined history. It’s a partnership born out of value and need, and it continues to deliver results that make us all safer. A recent example is the series of publications, developed jointly with our Five Eyes partners, on security considerations for edge devices—such as routers—which are prime targets for hostile actors looking to gain access, disrupt systems, or quietly extract data.
With growing public concern over digital sovereignty, how does CSE ensure that deep integration with US cyber defence doesn’t compromise our independence?
While CSE maintains deep and long-standing partnerships with the Five Eyes, these relationships operate within clearly defined mandates and operational frameworks. But partnership is only one side of the equation. Protecting sovereignty also means securing not only our borders but also our digital frontiers and the homeland. It’s fundamental to Canada’s national security, economic resilience, and democratic integrity.
Recent defence investments, including over $370 million allocated to CSE, are enabling the development of Canadian-led solutions to protect the country’s most sensitive information, communications, and operations. And our participation in initiatives like the Federal–Provincial–Territorial cybersecurity collaboration agreement reinforces a whole-of-government approach. These efforts both strengthen the integrity of Canada’s classified services and enhance interoperability with our Five Eyes partners.
I ask because there are recent indications the director of national intelligence has prohibited the sharing of US intelligence with Five Eyes partners on Ukraine war negotiations. Do you fear there will be more restrictions on US intelligence sharing with Canada?
CSE is closely monitoring the evolving geopolitical landscape, and we will continue to engage with our partners to ensure that Canada’s national security interests are protected and that our contributions to global security remain impactful.
The post Canada Fighting “Billions” of Attacks a Day, Cyber Agency Says first appeared on The Walrus.
Comments
Be the first to comment