AnexcerptofCSEsresponsetoCBCsquestions

Friday,March6,2015CSEresponse:HereisCSEsofficialresponsetothissetofquestions.CSEhastheauthorityundertheNationalDefenceActtoacquireanduseinformationfromtheglobalinformationinfrastructuretocollectforeignsignalsintelligence.ThisprotectsCanadians,Canadaandourallies.

Underthisforeignintelligencemandate,CSEdoesnotdirectitsforeignsignalsintelligenceactivitiesatCanadiansoranywhereinCanada.

Underitscybersecuritymandate,CSEmonitorsgovernmentnetworkswiththesolepurposeofprotectingthemfrommaliciouscyberactivity.

CSEsforeignsignalsintelligencehasplayedavitalroleinuncoveringforeignbasedextremistseffortstoattract,radicalize,andtrainindividualstocarryoutattacksinCanadaandabroad.

AnysuggestionthatCSEmonitorsCanadianinternetspaceoutsideoftheGovernmentofCanadanetworkforanypurposesotherthanthosedefinedintheNationalDefenceActisfalse.

CSEregretsthedisclosures,andthespeculativeandoftenincorrectanalysisofthem,particularlygiventhattheprofessionalanddedicatedmenandwomenofCSEworkdiligentlyeverydaytoprotectCanadians.

TheindependentCSECommissionerscrutinizesCSEsactivities.TheCSECommissionerhasneverfoundCSEtohaveactedunlawfully,andhasnotedCSEsrespectfortheprivacyofCanadians.

Monday,March2,2015CSEresponse:Manyofthequestionspresentedrelatetospecificoperations,methodsorcapabilitiesthathelpprotectCanadaandCanadiansagainstthreats.Asyouknow,CSEmustrespecttheSecurityofInformationActandcannotcommentonclassifiedoperations,methodsandcapabilities.Insomeinstances,thequestionspresentedindicateamisunderstandingofCSEsactualcapabilitiesorintentions.Furthermore,CSEregretsthatthepublicationofthesedocumentsrendersourmethodslesseffectivewhenaddressingthreatstoCanadaandCanadians.

Theleakedmaterialsaredateddocuments,andsomeexploredpossibleideastobetterprotecttheGovernmentofCanadasinformationsystemswhilealsoseekingcostefficiencies.Asaresult,informationinthesedocumentsdoesnotnecessarilyreflectcurrentCSEpracticesorprograms,orthedegreetowhichCSEhasvisibilityintoglobalorCanadianinfrastructures. Inmovingfromideasorconceptstoplanningandimplementation,weexamineproposalscloselytoensurethattheycomplywiththelawandinternalpolicies,andthattheyultimatelyleadtoeffectiveandefficientwaystoprotectCanadaandCanadiansagainstthreats.TechnologiesortoolsthataredeployedorusedbybothoperationalareasaredonesoseparatelyunderCSEsforeignintelligenceorcyberdefencemandates,andinformationismanagedseparatelyincompliancewithasuiteofinternalpoliciesspecifictoeachmandate.UnderitsITsecuritymandate,CSEhasinplaceautomatedscanningongovernmentnetworkstoidentifymaliciouscyberactivity.CSEonlycollectsinformationthatisnecessaryandrelevanttounderstandthenatureandmethodsofmaliciouscyberthreatsandtopreventmaliciouscyberactivityagainstGovernmentofCanadasystemsandnetworks.Wheninformationissharedbetweenthetwooperationalareas,itistohelpbetterunderstandmaliciouscyberthreatssothatCSEcanmoreeffectivelydefendgovernmentsystems.Forexample,whereappropriate,informationaboutforeigncyberactivitiesdiscoveredbyourITsecurityanalystscanbesharedwithdesignatedforeignsignalsintelligenceanalystsforfollowupunderCSEsforeignintelligencemandate.Foreignintelligenceonthesethreatactivities,andthemethodsandtechniquesbehindthem,iscriticaltounderstanding,mitigatinganddefendingagainstmaliciouscyberactivitiesthatthreatenCanadianinfrastructuresandinformation.InformationcollectedbyCSEismanagedaccordingtoestablisheddataretentionschedulesthataredocumentedininternalpoliciesandprocedures.Toprovidemoredetailcouldassistadversarieswhowanttoconductmaliciouscyberactivityagainstgovernmentnetworks,orevadeourforeignsignalsintelligenceefforts.Underitsassistancemandate,CSEprovidestechnicalassistancetofederallawenforcementandsecurityagenciesonlyattheirspecificrequest,andonlyundertherequestingagencyslegalauthority,suchasawarrant.PrivacyprotectionsareestablishedbylawandreflectedinpoliciesgoverningCSEsactivities.MeasuresarebuiltintoCSEsoperationsandtechnologiesforthehandling,retention,useanddestructionofinformationaboutCanadians.

TheindependentCSECommissionerandhisstaffscrutinizeCSEactivities.TheCSECommissionerhasneverfoundCSEtohaveactedunlawfully,andhasnotedCSEsrespectfortheprivacyofCanadians.Tuesday,March3,2015CBCquestions:1. WeunderstandCSEemployeesareboundbysecrecyunderSIAduetonationalsecurityconcerns.ButwhycanttheagencydisclosewhetheritmonitorsallofCanadianinternettraffic?(Sucharevelationdoesntputnationalsecurityindangerandisinthepublicsinterest.)2.Inwhichinstancesdoourquestions(sentFebruary24,2015)indicateamisunderstandingofCSEsactualcybercapabilitiesorintentions?Pleaseknow,basedonCSEsowndocuments,andinconsultationwithnumerousauthoritiesacrossaspectrumofviewpointsandexpertise,CBCispreparingtoreportthefollowing:CSEhasdevelopedsophisticatedcapabilitiestoexploitcybernetworks,aswellastoattackanddisruptpotentialopponents/threats.TheseCNE/CNAcapabilities,andCanadasglobalaccesspointsandsensorsaretheverytoolsCSEcouldusetoassistotheragencies(CSIS,RCMP)todisruptterrorthreatsshouldBillC51becomelaw.Pleaseanswereachofthefollowing:3.Whatoftheabovestatement(initalics)isincorrect?4.YouindicatedtoCBCinyourresponsesofMarch2thatCSEsleakeddocumentsarebothdated,andspokeofplansandthatasaresult,informationinthesedocumentsdoesnotnecessarilyreflectcurrentCSEpracticesorprograms,orthedegreetowhichCSEhasvisibilityintoglobalorCanadianinfrastructures."However,the2011CASCADEdocumentdiscussesplansfor2015andstatesthatCSEcurrentlyhas"fullvisibilityofournationalinfrastructure."AreyousayingCSEnolongerhasfullvisibilityofCanadiancyberinfrastructure?5.UnderwhatauthorityisCSEcurrentlymonitoringCanadasentirenationalcyberinfrastructure?6.OnwhichdateshasaministersofdefenceauthorizedmonitoringoftheentirenationalcyberinfrastructureunderMandateA?

7.(above)UnderMandateB?Tuesday,Feb.24,2015CBCquestions:1.IsCSEmonitoringallofCanada'sinternetspace?2.Ifso,underwhatmandates(A/BorC)?3.IsCSEcollectingdataormetadatafromCanada'sentireinternetspace?4.Howmuchofthiscollectionisusedandretained?5.Forhowlong?6.HasCSEsucceededinmergingitsCyberSensorArchitecture(bothdefenceofCanadiangovernmentnetworksusingPhotonicPrismprogram,andforeign/warrantsintelligencegatheringthroughtheEONBLUIEprogram)asimaginedasagoalfor2015intheCSEslidedeck"CASCADE?"7.WhatdoesitmeanforPhotonicPrismandEONBLUEsensorstobemerged?8.Whatisthenameofthenewlyunifiedsensorarchitectureprogramthathasreplaced/mergedthesetwoprevioussystems?9.WhatdoesitmeanthatCSEhas"fullvisibilityofournationalinfrastructure?"(CASCADEslidedeck,p.30)10.Whatarethe"SpecialSources"(whichtelecommunicationscompanies,internetcables,coreinternetproviders?)thatprovideCSEwithaviewofallofCanadianInternetSpace?(CASCADEslidedeck,illustrationp19)?11.UnderwhatauthorityisCSEacquiringaccesstoall'internationalgatewaysaccessiblefromCanada"fromthesesocalled"SpecialSources?"(CASCADEslidedeckp.22)12.How,underthenewly'synchronized'systememploying'commondatarepositories,'doesCSEdistinguishandkeepseparate(bothinCSEuseandinsharingwithallies)thedatacollecteditstwoseparatemandates?(Canadiansemailsanddatacollectedexpresslyunderthe"cybersecuritymandate"toprotectgovernmentnetworks,versusdata/metadatacollectedunderthe'foreignintelligence"and/or'assistance'toCSIS/RCMP/ect'SIGINT"mandate?)(CASCADEslidedeckp.23).13.Howissurveillingtheentireinternet'nationalinfrastructure'effectiveindefendingagainstcyberattacks?14.Inthe2010slidedeck"CSECCyberThreatCapabilities:SIGINTandITS:anendtoendapproach"thereisadiagramonpage15,layingoutthevarioustypesofinternettraffic/communicationsbeingcollectedandobservedbyCSEunderitsdifferentmandates(MandateBdefenceofgovernmentnetworks,versusMandatesA+Cforeignintelligencegathering,andassistancetoCSIS/RCMP/etc).Howdoyouaccountforthe"domestictodomestic"communicationthatCSEissurveillingunderitsMandateA+C...distinctfromthe'warranteddomestic'collectionidentifiedinthe

diagram?(CSEisn'tsupposedtobetargeting/directingactivitiesatCanadians,beyondwarrantedauthorization).Canyouexplainthis?15.Onpage22ofthe2010slidedeck"CSECCyberThreatCapabilities:SIGINTandITS:anendtoendapproach"thereisacharton"CyberActivitySpectrum"whichdetailsCSE'scapacityforCyberNetworkExploitationandAttacks(implants,takingcontrol,disruption,destroyingofadversarynetworks).Canyouprovideexampleswhenthesecapabilitieshavebeenused?16.UnderwhatauthoritydoesCSEbreakinto,disruptordestroyadversaryinfrastructure?17.Howmanytimessince2010hasCSEbeencalledonunderitsMandateC(Assistance)toemploytheseCNE/CNAcapabilities?18.HowwouldBillC51,shoulditbecomelaw,affectCSE'sactivitiesintheCNE/CNArealm?