In the past fiscal year, Canada's electronic intelligence organization revealed that it successfully thwarted an astonishing 2.3 trillion "malicious actions" targeting the federal government. This translates to an average of an astounding 6.3 billion disruptions per day.
In its most recent annual report released on Thursday, the Communications Security Establishment (CSE) disclosed a comprehensive account of its endeavors spanning from April 2022 to March 2023.
The report outlines the agency's endeavors to safeguard the nation, and its critical infrastructure, and counter foreign hacking activities, political manipulation, and cybercrime.
The volume of hacking attempts targeting the federal government seems to have surged beyond previous years, as indicated by the latest findings.
In the 2020-21 report, the CSE stated that its automated defenses typically neutralized an average of two billion to seven billion "malicious actions" against the government daily. Similarly, in the following year (2021-22), the agency reported averting approximately three billion to five billion actions per day.
According to Robyn Hawco, spokesperson for the CSE, the rise in blocked actions is likely a result of the agency's improved ability to prevent such incidents, in addition to an escalation in the global cyber threat landscape. In an emailed statement, Hawco emphasized that Canada's federal institutions and critical infrastructure face persistent risks from malicious cyber activities.
These threats encompass criminal endeavors like ransomware attacks, as well as state-sponsored operations aimed at achieving strategic advantages.
During the unveiling of Thursday's report, Bill Robinson, a University of Toronto's Citizen Lab fellow, highlighted an interesting revelation.
The report showcased that the agency had undertaken cyber operations aimed at disrupting and eradicating detrimental terrorist content propagated by foreign extremists driven by ideological motives. Robinson noted that this was the first instance where the agency publicly disclosed its efforts targeting politically motivated foreign extremists, distinct from those motivated by religious factors.
Within the 2022-23 timeframe, the report acknowledges that the CSE addressed a total of 2,089 "cybersecurity incidents," maintaining consistency with previous years' response levels. Among these incidents, 957 pertained to federal government institutions, while 1,132 targeted "critical infrastructure organizations" operating in sectors such as energy, finance, transportation, healthcare, and others.
Additionally, the report showcases a noticeable emphasis on Russia compared to other countries, including China. Despite months of political controversy surrounding China's alleged interference in Canadian democracy, the 68-page document merely mentions China twice.
One instance highlights China's efforts to "monitor and intimidate" diaspora populations in Canada, while the other references the incident involving a Chinese spy balloon entering Canadian and American airspace before being shot down by the United States.
In contrast, Russia receives more frequent mentions throughout the report. Notably, Canada has expanded its foreign cybersecurity operations to Latvia and Ukraine, as indicated by ministerial orders from Anand in March 2022, which occurred shortly after the Russian invasion.