AnexcerptofCSEsresponsetoCBCsquestions

Friday,March6,2015
CSEresponse:

HereisCSEsofficialresponsetothissetofquestions.

CSEhastheauthorityundertheNationalDefenceActtoacquireanduseinformationfrom
theglobalinformationinfrastructuretocollectforeignsignalsintelligence.Thisprotects
Canadians,Canadaandourallies.
Underthisforeignintelligencemandate,CSEdoesnotdirectitsforeignsignalsintelligence
activitiesatCanadiansoranywhereinCanada.
Underitscybersecuritymandate,CSEmonitorsgovernmentnetworkswiththesolepurpose
ofprotectingthemfrommaliciouscyberactivity.
CSEsforeignsignalsintelligencehasplayedavitalroleinuncoveringforeignbased
extremistseffortstoattract,radicalize,andtrainindividualstocarryoutattacksinCanada
andabroad.
AnysuggestionthatCSEmonitorsCanadianinternetspaceoutsideoftheGovernmentof
CanadanetworkforanypurposesotherthanthosedefinedintheNationalDefenceActis
false.
CSEregretsthedisclosures,andthespeculativeandoftenincorrectanalysisofthem,
particularlygiventhattheprofessionalanddedicatedmenandwomenofCSEworkdiligently
everydaytoprotectCanadians.
TheindependentCSECommissionerscrutinizesCSEsactivities.TheCSECommissioner
hasneverfoundCSEtohaveactedunlawfully,andhasnotedCSEsrespectfortheprivacy
ofCanadians.
Monday,March2,2015
CSEresponse:

Manyofthequestionspresentedrelatetospecificoperations,methodsorcapabilitiesthat
helpprotectCanadaandCanadiansagainstthreats.Asyouknow,CSEmustrespectthe
SecurityofInformationAct
andcannotcommentonclassifiedoperations,methodsand
capabilities.Insomeinstances,thequestionspresentedindicateamisunderstandingof
CSEsactualcapabilitiesorintentions.Furthermore,CSEregretsthatthepublicationofthese
documentsrendersourmethodslesseffectivewhenaddressingthreatstoCanadaand
Canadians.


Theleakedmaterialsaredateddocuments,andsomeexploredpossibleideastobetter
protecttheGovernmentofCanadasinformationsystemswhilealsoseekingcostefficiencies.
Asaresult,informationinthesedocumentsdoesnotnecessarilyreflectcurrentCSEpractices
orprograms,orthedegreetowhichCSEhasvisibilityintoglobalorCanadianinfrastructures.

Inmovingfromideasorconceptstoplanningandimplementation,weexamineproposals
closelytoensurethattheycomplywiththelawandinternalpolicies,andthattheyultimately
leadtoeffectiveandefficientwaystoprotectCanadaandCanadiansagainstthreats.

Technologiesortoolsthataredeployedorusedbybothoperationalareasaredoneso
separatelyunderCSEsforeignintelligenceorcyberdefencemandates,andinformationis
managedseparatelyincompliancewithasuiteofinternalpoliciesspecifictoeachmandate.

UnderitsITsecuritymandate,CSEhasinplaceautomatedscanningongovernment
networkstoidentifymaliciouscyberactivity.CSEonlycollectsinformationthatisnecessary
andrelevanttounderstandthenatureandmethodsofmaliciouscyberthreatsandtoprevent
maliciouscyberactivityagainstGovernmentofCanadasystemsandnetworks.

Wheninformationissharedbetweenthetwooperationalareas,itistohelpbetterunderstand
maliciouscyberthreatssothatCSEcanmoreeffectivelydefendgovernmentsystems.For
example,whereappropriate,informationaboutforeigncyberactivitiesdiscoveredbyourIT
securityanalystscanbesharedwithdesignatedforeignsignalsintelligenceanalystsfor
followupunderCSEsforeignintelligencemandate.Foreignintelligenceonthesethreat
activities,andthemethodsandtechniquesbehindthem,iscriticaltounderstanding,
mitigatinganddefendingagainstmaliciouscyberactivitiesthatthreatenCanadian
infrastructuresandinformation.

InformationcollectedbyCSEismanagedaccordingtoestablisheddataretentionschedules
thataredocumentedininternalpoliciesandprocedures.Toprovidemoredetailcouldassist
adversarieswhowanttoconductmaliciouscyberactivityagainstgovernmentnetworks,or
evadeourforeignsignalsintelligenceefforts.

Underitsassistancemandate,CSEprovidestechnicalassistancetofederallawenforcement
andsecurityagenciesonlyattheirspecificrequest,andonlyundertherequestingagencys
legalauthority,suchasawarrant.

PrivacyprotectionsareestablishedbylawandreflectedinpoliciesgoverningCSEsactivities.
MeasuresarebuiltintoCSEsoperationsandtechnologiesforthehandling,retention,use
anddestructionofinformationaboutCanadians.

TheindependentCSECommissionerandhisstaffscrutinizeCSEactivities.TheCSE
CommissionerhasneverfoundCSEtohaveactedunlawfully,andhasnotedCSEsrespect
fortheprivacyofCanadians.

Tuesday,March3,2015
CBCquestions:

1.
WeunderstandCSEemployeesareboundbysecrecyunderSIAduetonational
securityconcerns.ButwhycanttheagencydisclosewhetheritmonitorsallofCanadian
internettraffic?
(Sucharevelationdoesntputnationalsecurityindangerandisinthepublicsinterest.)

2.In
whichinstancesdoourquestions(sentFebruary24,2015)indicateamisunderstanding
ofCSEsactualcybercapabilitiesorintentions?

Pleaseknow,basedonCSEsowndocuments,andinconsultationwithnumerousauthorities
acrossaspectrumofviewpointsandexpertise,CBCispreparingtoreportthefollowing:

CSEhasdevelopedsophisticatedcapabilitiestoexploitcybernetworks,aswellastoattack
anddisruptpotentialopponents/threats.
TheseCNE/CNAcapabilities,andCanadasglobalaccesspointsandsensorsarethevery
toolsCSEcouldusetoassistotheragencies(CSIS,RCMP)todisruptterrorthreatsshould
BillC51becomelaw.

Pleaseanswereachofthefollowing:

3.Whatoftheabovestatement(
initalics
)isincorrect?

4.YouindicatedtoCBCinyourresponsesofMarch2thatCSEsleakeddocumentsareboth
dated,andspokeofplansandthatasaresult,informationinthesedocumentsdoesnot
necessarilyreflectcurrentCSEpracticesorprograms,orthedegreetowhichCSEhas
visibilityintoglobalorCanadianinfrastructures."

However,the2011CASCADEdocumentdiscussesplansfor2015andstatesthatCSE
currentlyhas"fullvisibilityofournationalinfrastructure."
AreyousayingCSEnolongerhasfullvisibilityofCanadiancyberinfrastructure?

5
.UnderwhatauthorityisCSEcurrentlymonitoringCanadasentirenationalcyber
infrastructure?

6.Onwhichdateshasaministersofdefenceauthorizedmonitoringoftheentirenational
cyberinfrastructureunderMandateA?

7.(above)UnderMandateB?

Tuesday,Feb.24,2015
CBCquestions:

1.IsCSEmonitoringallofCanada'sinternetspace?
2.Ifso,underwhatmandates(A/BorC)?
3.IsCSEcollectingdataormetadatafromCanada'sentireinternetspace?
4.Howmuchofthiscollectionisusedandretained?
5.Forhowlong?
6.HasCSEsucceededinmergingitsCyberSensorArchitecture(bothdefenceofCanadian
governmentnetworksusingPhotonicPrismprogram,andforeign/warrantsintelligence
gatheringthroughtheEONBLUIEprogram)asimaginedasagoalfor2015intheCSE
slidedeck"CASCADE?"
7.WhatdoesitmeanforPhotonicPrismandEONBLUEsensorstobemerged?
8.Whatisthenameofthenewlyunifiedsensorarchitectureprogramthathas
replaced/mergedthesetwoprevioussystems?
9.WhatdoesitmeanthatCSEhas"fullvisibilityofournationalinfrastructure?"(CASCADE
slidedeck,p.30)
10.Whatarethe"SpecialSources"(whichtelecommunicationscompanies,internetcables,
coreinternetproviders?)thatprovideCSEwithaviewofallofCanadianInternetSpace?
(CASCADEslidedeck,
illustrationp19)?
11.UnderwhatauthorityisCSEacquiringaccesstoall'internationalgatewaysaccessible
fromCanada"fromthesesocalled"SpecialSources?"(CASCADEslidedeckp.22)
12.How,underthenewly'synchronized'systememploying'commondatarepositories,'does
CSEdistinguishandkeepseparate(bothinCSEuseandinsharingwithallies)thedata
collecteditstwoseparatemandates?(Canadiansemailsanddatacollectedexpresslyunder
the"cybersecuritymandate"toprotectgovernmentnetworks,versusdata/metadatacollected
underthe'foreignintelligence"and/or'assistance'toCSIS/RCMP/ect'SIGINT"mandate?)
(CASCADEslidedeckp.23).
13.Howissurveillingtheentireinternet'nationalinfrastructure'effectiveindefendingagainst
cyberattacks?
14.Inthe2010slidedeck"CSECCyberThreatCapabilities:SIGINTandITS:anendtoend
approach"thereisadiagramonpage15,layingoutthevarioustypesofinternet
traffic/communicationsbeingcollectedandobservedbyCSEunderitsdifferentmandates
(MandateBdefenceofgovernmentnetworks,versusMandatesA+Cforeignintelligence
gathering,andassistancetoCSIS/RCMP/etc).

Howdoyouaccountforthe"domestictodomestic"communicationthatCSEissurveilling
underitsMandateA+C...distinctfromthe'warranteddomestic'collectionidentifiedinthe

diagram?(CSEisn'tsupposedtobetargeting/directingactivitiesatCanadians,beyond
warrantedauthorization).Canyouexplainthis?

15.Onpage22ofthe2010slidedeck"CSECCyberThreatCapabilities:SIGINTandITS:an
endtoendapproach"thereisacharton"CyberActivitySpectrum"whichdetailsCSE's
capacityforCyberNetworkExploitationandAttacks(implants,takingcontrol,disruption,
destroyingofadversarynetworks).Canyouprovideexampleswhenthesecapabilitieshave
beenused?
16.UnderwhatauthoritydoesCSEbreakinto,disruptordestroyadversaryinfrastructure?
17.Howmanytimessince2010hasCSEbeencalledonunderitsMandateC(Assistance)to
employtheseCNE/CNAcapabilities?
18.HowwouldBillC51,shoulditbecomelaw,affectCSE'sactivitiesintheCNE/CNArealm?