Working Against Information Security Threats

The threat of attacks on critical information systems and the infrastructures that depend on them will, in the foreseeable future, be almost impossible to eliminate entirely, owing to the fact that attack tools, networks and network control systems are constantly evolving. As new technologies develop, so too will new attack tools along with the sophistication of the perpetrators who use them.

CSIS focuses its investigations on threats or incidents where the integrity, confidentiality or availability of critical information infrastructure is affected. Three conditions must be present in order for CSIS to initiate an "information operations" investigation. The incident must

• be a computer-based attack;
• appear to be orchestrated by a foreign government, terrorist group, or politically motivated extremists; and
• be done for the purpose of espionage, sabotage, foreign influence, or politically motivated violence (terrorism).

This definition excludes many of the computer intrusions occurring within Canada such as those carried out by thrill-seeking amateurs with no political agenda,  criminals seeking  monetary gain, and companies seeking an unfair competitive advantage over  rivals. These types of computer intrusions fall outside the CSIS mandate, but may be of interest to law enforcement agencies. CSIS confines its investigation to computer intrusions conducted with a "political motivation." Whether a hostile intelligence service is hacking into Canadian computer systems, or an extremist group is targeting a government Web site, there must be a political aspect to the computer intrusion in order for CSIS to be involved.

Since the threat from cyber-sabotage and cyber-terrorism is part of a broader economic threat to key sectors of Canadian society, CSIS works closely with other government departments such as the Royal Canadian Mounted Police, National Defence, the Communications Security Establishment, and Public Safety Canada.

To assist Canadian businesses and other organizations in gaining a better appreciation of the risks that may be facing them, and to enhance their ability to protect sensitive or proprietary information and technology, CSIS operates the Liaison/Awareness Program.

CSIS also liaises and exchanges information with foreign security intelligence agencies to remain abreast of the global threat and how it may affect Canada's national security. CSIS also participates with the Government of Canada in broader efforts of G-8 countries aimed at addressing the cyber-threat.

As outlined in Canada's Cyber Security Strategy, CSIS will analyze and investigate domestic and international threats to the security of Canada, responding to the evolution in cyber security technologies and practices and the cyber threat environment.

Canada's National Strategy for Critical Infrastructure and the Action Plan for Critical Infrastructure foster the development of partnerships among all branches and levels of government and critical infrastructure sectors to improve information sharing and protection.