Working Against Information Security Threats

The threat of attacks on critical information systems and the infrastructures that depend on them will, in the foreseeable future, be almost impossible to eliminate entirely, owing to the fact that attack tools, networks and network control systems are constantly evolving. As new technologies develop, so too will new attack tools along with the sophistication of the perpetrators who use them.

CSIS focuses its investigations on threats or incidents where the integrity, confidentiality or availability of critical information infrastructure is affected. Three conditions must be present in order for CSIS to initiate an "information operations" investigation. The incident must

• be a computer-based attack;
• appear to be orchestrated by a foreign government, terrorist group, or politically motivated extremists; and
• be done for the purpose of espionage, sabotage, foreign influence, or politically motivated violence (terrorism).

This definition excludes many of the computer intrusions occurring within Canada. For example, most hacking activity is done by thrill-seeking amateurs with no political agenda. Some hacking is conducted by criminals for monetary gain and by companies seeking an unfair competitive advantage over another company. These types of computer intrusions fall outside the CSIS mandate but may be of interest to law enforcement agencies. CSIS confines its investigation to computer intrusions conducted with a "political motivation." Whether a hostile intelligence service is hacking into Canadian computer systems, or an extremist group is targeting a government Web site, there must be a political aspect to the computer intrusion in order for CSIS to be involved.

Since the threat from cyber-sabotage and cyber-terrorism is part of a broader economic threat to key sectors of Canadian society, CSIS works closely with other government departments such as the Royal Canadian Mounted Police, National Defence, the Communications Security Establishment, and Public Safety Canada.

To assist Canadian businesses and other organizations in gaining a better appreciation of the risks that may be facing them, and to enhance their ability to protect sensitive or proprietary information and technology, CSIS operates the Liaison/Awareness Program.

CSIS also liaises and exchanges information with foreign security intelligence agencies to remain abreast of the global threat and how it may affect Canada's national security. CSIS also participates with the Government of Canada in broader efforts of G-8 countries aimed at addressing the cyber-threat.