Procedure and House Affairs Committee on June 6th, 2024

I think, Mr. Chair, that I've answered the question.

Thank you very much for the question.

As I said before, since the start of January 2021, we observed anomalies, troubling cyber-activities. We then contacted the House of Commons cybersecurity analysts to advise them of our concerns on a technical level. As we gained understanding of what was happening, we submitted 12 reports to them, met with them and also met with our colleagues from the Canadian Security Intelligence Service, or CSIS. We participated in conversations and advised the House of Commons that a nation-state actor was involved, and that it was in fact ATP 31.

It happened between January 22, 2021, and—

Yes, that’s right.

We send a great deal of information, as much as we can, especially when it is not classified. Sometimes, we declassify information if sending it is useful.

I will ask Mr. Gupta, who was present during some of those conversations, to shed a bit more light on the type of information we send.

Thank you, Mr. Chair.

When you have classified intelligence reporting, there's a lot of context and information, and then there's often a tear line, so there is another set of information that you can provide to an incident responder or to another organization to enable it to take immediate action in resolving an incident. In the lead-up to the incident, we would be sharing tear-line information: “Here is a sophisticated threat actor,” which, in cybersecurity terms, typically means a nation-state and is super important. It definitely reinforces the seriousness and the importance of the event.

However, all we're allowed to share, because of the intelligence, are the technical indicators. We didn't have the email addresses, so we would share the things that would be needed to find the email addresses. That's what we shared with the House of Commons, and we worked with the House of Commons collaboratively to figure out exactly what was going on, because typically you have a thread you need to pull.

We started the thread-pulling by saying, “Hey, this is what we know. You can go find your emails.” We didn't have the emails. We had the thing to look for the emails with. They would go and look for that. That's what they did, and then they came back with that information. Every time we found something new, they understood the scope of the incident. That's how we work collaboratively with the House of Commons, and we've worked collaboratively with the House of Commons for a decade or more.

Thank you very much for the question.

We take our role very seriously. For us, it’s important not to keep Canadians’ private information with CSE data, because our role plays out on the international stage. When we understand that the origin of the threat to Canada is coming from abroad, it’s very natural for us to pass the torch to CSIS, because it has the mandate to act within Canada. We therefore take very seriously the fact that we do not intervene, and we are careful not to manage personal information. The reason why we passed the torch to CSIS in that situation was because the incident had to be managed here, in Canada.

As my colleague Mr. Gupta said, when we manage an incident involving an institution, we maintain a continuous relationship in order to better understand the threat. It also provides us with information.

With the exception of the House of Commons, an institution could manage everything internally and inform us of the incident only after it is resolved. It’s also possible that it will not inform us at all.

Thank you for your question.

Yes, our mandate involves protecting Canada’s government systems and critical infrastructure, but we also have an international mandate. Even if our mandate does not involve protecting individuals directly, you will find information on our website about ways to improve individual cyber-hygiene.

Our first mandate is to protect Canada and Canadians, especially government systems, industry, critical infrastructure and government communication sectors, among others.