Government Operations committee  Sometimes, if I have a lot of time, I'll try to keep them occupied so at least if they spend time with me they don't spend time on another Canadian. In general, this is where I would look to the work that the CRTC and some of our telecommunication partners have been doing to try to deal with this.

Government Operations committee  Maybe I'll answer the general cybersecurity questions first. On the first aspect in terms of where they come from, they come from all around the world. This is typical for cyber-actors. There is no unique location. What we really look at is how to take care of any of the malicious activity rather than the individuals behind it.

Government Operations committee  Thank you, Mr. Chair, and thank you for having me continue to appear before you today. I am the head of the Canadian Centre for Cyber Security within the Communications Security Establishment. We are one of Canada’s key intelligence agencies and the country’s lead technical and operational agency for cybersecurity.

Government Operations committee  Thank you. I'll just add a bit more onto that. The Government of Canada has multiple layers of defence that we use. Then we take everything we learn in defending the Government of Canada and make sure it's available to every Canadian business. We've done that in many different ways.

Government Operations committee  Yes. Thank you, Minister. In general what we've done is that we've worked with commercial partners and with cyber-centres from around the world to take down anything that is impersonating the Government of Canada to try to dupe Canadians into taking some sort of online action. We've taken down hundreds of websites or malicious indicators, but we've also taught the commercial sector what the official CERB site, for example, looks like, so that they know and can recognize it and can take the malicious sites down on their own as well.

Government Operations committee  Unfortunately, because we look for the malicious activity, we don't look towards Canadians. The CSE Act precludes us from looking towards Canadians. We don't have a count of victims. We have to turn to our colleagues at the Canadian Anti-Fraud Centre, if a Canadian has reported it.

Government Operations committee  In general, the Government of Canada is targeted with approximately two billion malicious activities per day. A lot of that is purely reconnaissance, looking for any vulnerable service, but we're able to take action and we block those with our colleagues at Shared Services. Yes, there continue to be attempts to target Government of Canada users.

Government Operations committee  We have seen no breach of any government systems since the beginning of this event.

Industry committee  We continue to work with organizations, but one of the things that we don't do.... There's not a giant magnifying glass looking at Canada and the Internet activity. We don't direct our activities at Canadians, so we really do rely on a partnership and an engagement with colleagues in the private sector, in research and in other levels of government to really try to report this and put the picture together.

Industry committee  We have worked with some private sector actors. Whether or not it's related to COVID or the research and development type of activity remains to be seen, but we've been working with private sector actors ongoing. It increases as more people become aware of what we can provide and what work we can do together.

Industry committee  Yes, we've seen activity coming from organizations that have seen malicious, or at least suspicious, activity. We're working with them to determine whether or not it was malicious, where it came from and if it was successful.

Industry committee  We've turned that over to the intelligence side of the business to look at where it's coming from.

Industry committee  I'll start and then turn it over to my colleagues in the RCMP. The first thing we've done is we've really tried to give practical things that every Canadian can do that are within reach. That's something all countries are doing. We've tried to make this as accessible as possible through, say, Get Cyber Safe.

Industry committee  We're trying to leverage the mandate we have today. I think anything else would be a policy question that should probably be debated by you and the ministry.

Industry committee  Our goal is to really make sure we're getting information out so that people can protect themselves before it becomes an actual incident—