CSE stopped billions of malicious actions against federal IT networks: Report

Canada’s signals intelligence agency protected federal IT networks from an average of 6.3 billion malicious actions a day — such as attempts to deploy malware — in the last fiscal year, as well undertaking three foreign cyber operations against targets outside the country, according to its latest annual report.

The Communications Security Establishment, the country’s foreign signals intelligence agency, gave that example of its work Thursday, releasing the public version of its annual report covering 12 months ending March 31st.

CSE’s mandate includes taking action online to counter foreign-based threats and advance Canada’s international affairs, defence, or security interests. To that end, in 2022 the government authorized three foreign active cyber operations, the report says. No details were provided about what was done. An active cyber operation could include bringing down a criminal or nation-state IT service.

As of March, the CSE had deployed host-based sensors in 85 federal institutions (up from 79 in 2022), including protections on 860,000 devices; cloud-based sensors in 72 federal institutions; network-based sensors in 84 federal institutions; and virtual network-based sensors in five federal institutions.

This year it also deployed over 5,100 host-based sensors to protect an unnamed non-federal institution that was experiencing what the report calls a serious cyber incident. It isn’t known if this refers to a cyber attack on a Canadian pipeline that a Russian gang took credit for. Prime Minister Justin Trudeau confirmed there was an attack, adding that it caused no physical damage.

Part of the Department of National Defence, the CSE has an annual budget of $948 million and 3,232 full-time employees. Its latest chief is Caroline Xavier. CSE is overseen by the National Security and Intelligence Review Agency (NSIRA) and the National Security and Intelligence Committee of Parliamentarians (NSICOP).

Its outward-facing division, the Canadian Centre for Cyber Security, which advises the public and private sectors, produces the annual National Cyber Threat Assessment.

The report discloses a number of ways CSE and the Cyber Centre help the private sector:

— discovering several high-impact vulnerabilities that were disclosed to the affected vendors;

—  offering a malware detection and analysis platform called Assemblyline, where companies and defence sensors can submit suspicious files for analysis. It scans a billion files a year;

— offering Aventail, an automated threat intelligence and indicators of compromise sharing service;

— holding The Big Dig, a two-week annual classified cyber security workshop with select companies, government staff, and members of the Five Eyes intelligence partners to find ways to speed up detection and mitigation of malware, build an analysis platform “in a box” to deploy to non-government victims of cyber attacks, and ways of protecting internet-connected industrial devices;

— creating, with Public Safety Canada, the Canadian Cyber Security Safety Tool (CCST), a self-assessment tool for critical infrastructure providers such as hospitals, utilities, transport companies, financial services, and telecom providers.

During the fiscal year, Public Safety Canada and the Cyber Centre ran a pilot program with 18 municipalities, who used the CCST to help identify gaps in their cyber security, identify priorities and create action plans.