CSIS's Viewpoint: The Long Awaited Public Report

June 22, 2019

By Stephanie Carvin

Friday, the government tabled the CSIS Public Report in the House, on the last day of this Parliament. This is the formerly annual report the Service releases which provides a small window into how they see the threat environment. There is also often a small section on how a particular section of the Service operates – this year there is a very small section on the Intelligence Cycle and the “going dark” problem for example. However, for the purpose of this blog, I’m going to mainly stick to the threat environment discussion.

Upon first reading, the report itself is a welcome back to basics. The approach in 2016 with then-CSIS Director Michel Couloumbe looking as if he was in some kind of unfortunate hostage video, was a misstep, even if it was a well-intended attempt to make the report more accessible. This year’s version is clean, crisp and looks very good. It is also far longer and goes into a more detail, even if readers like myself will always be wanting more.

 

So the style is good – what about the substance?

I have been eagerly awaiting this report since December 2018, after the speech the CSIS Director, David Vigneault, gave to a business crowd in Toronto. (If you have not read it yet, you should definitely do so.) What was so remarkable was Vigneault indicated that, from the perspective of the Service, terrorism remains the number one threat to public safety, however “the greatest threat to our prosperity and national interest” was foreign interference and espionage. It seemed as if the director was suggesting a serious rebalancing of priorities – or the adoption of a long-term vision that suggested a bunch of homegrown inspired losers was less of a long-term threat than a systematic campaign to hack major Canadian companies by our adversaries. Would we see this language reflected in the Public Report which basically outlines the way the Service ranks threats?

While there is significant attention given to foreign influence and espionage in the Report, the answer to that question is “no”. The Director’s letter is more in line with other post-2001 Service assessments, namely that terrorism remains “the number one national security threat to public safety for Canada”. Foreign influence and espionage continue “to persist and pose long-term, strategic challenges to Canada.” While the Director is not minimizing these threats, this is definitely a step down from “the greatest threat to our prosperity and national interest.” That language is not in this report.

I confess that I am a little disappointed – but since I do not have access to the information upon which these assessments are based, I am not in a position to tell the Service it is wrong. Instead, it is indicative of two things: first, (perhaps unsurprisingly) that there continue to be serious terrorism investigations in this country, or with major links to Canada – enough so that they deem it to be the priority. (More on this below.) Second, I see this as part of the ongoing battle the Service has to face in prioritizing short-term (violent extremists) versus long-term (foreign influence and espionage) threats. And to be fair, terrorism is described as “a top priority”, not “the top priority” – so there is some wiggle room here. And certainly the sections on foreign influence and espionage are not rosy. These threats are described as continuing unabated and increasing in some areas.  

Also keeping in line with previous Public Reports, CSIS does not “name names” of any adversarial state – something that our allies regularly do, including the US and The Netherlands. This somewhat strange since the Canadian Centre for Cyber Security (CCCS) has at least named Russia as a malicious cyber actor in its report. Moreover, China was publicly identified by the CSE as having engaged in an attack against managed service providers (MSPs) in December of 2018, not long after the Director’s speech. And of course, NSICOP publicly identified China as engaging in these activities. One can appreciate that given two Canadians are being held hostage in China over the detention of Meng Wanzhou, that there are sensitivities at stake. But at some point, the refusal to name countries becomes a bit ridiculous.

 

Violent extremism

It is noteworthy that the subtitle for the Terrorism section is “inspired violence” rather than “directed violence”. This suggests that most individuals in Canada that engage in violent extremism are homegrown and not working at the direction of others, or that the threat is coming from abroad. Significantly, and since there is so much attention on it, the known traveller/returnee numbers are the same. These numbers, however, are likely to change if Canada is required to bring back our detained foreign fighters (as it will almost be certainly required to in the future.)

The priority violent extremist threat remains the Islamic State, but there a lengthy section on far-right extremism, which is a lot considering that it wasn’t even mentioned in the 2016 report. Indeed, to my mind this is the first lengthy treatment of far-right extremism in a CSIS report. While it mirrors the language in the Public Report on the Terrorist Threat, but it also shows how fast the landscape has shifted in just a few years.

CSIS itself is still debating how it fits in on the far-right file within the broader national security/public safety architecture in Canada. As such, the report makes it clear that other government agencies have the lead “CSIS continues to engage government and law enforcement partners”, but that “increased its posture” means that it is doing more to understand the issue, which could mean a variety of things, from enhanced outreach and information sharing, to increased collection. (The link to extreme misogynist groups is reflective of the Toronto Van Attack, but also an interesting point on what the Service is thinking about this issue.)

When it comes to the international landscape the regular players again make the headlines: Islamic State, Al Qaida and Hizballah. More interesting is the section on violent extremists targeting “India”; the word “Sikh” does not appear given the anger when it appeared in the Public Report on the Terrorist Threat. This is an important statement given that these investigations have continued for some time but have not been discussed – leading to that earlier controversy. It is also significant in that the Service says there has been “an increase in observed threat activity” in this area. Canada has been under pressure from India for some time to pay more attention to Sikh extremism in Canada. If this means that the Service is doing so, activities that may have been previously undetected may not be coming to light. At the same time, the nationalist Modi government may be inspiring extremism in Canada.

 

Espionage and Foreign Influence

There is not much new when it comes to traditional espionage in this report. As I observed above, it is less interesting than the Director’s 2018 speech. However, there are new sections in the report which highlight the key trends in this area: protecting democratic institutions and economic national security. While these issues have been discussed before, they have not been featured in this way since before 2002.

One thing that caught my eye was the discussion of state-owned enterprises (SOEs). In previous years the Service has described the risk posed by SOEs as “opaque” or instrument which can “be used to advance state objectives that are non-transparent or benefit from covert state support such that competitors may be disadvantaged and market forces skewed.” This has been expanded somewhat and made more precise:

While much of the foreign investment in Canada is carried out in an open and transparent manner, a number of state-owned enterprises (SOEs) and private firms with close ties to their government and/or intelligence services have pursued corporate acquisition bids in Canada, raising national security concerns. Corporate acquisitions by these entities pose potential risks related to vulnerability of critical infrastructure, control over strategic sectors, espionage and foreign influence activities, and illegal transfer of technology and/or expertise.

 

This is also interesting because SOEs did not even make the last (albeit brief) version of the Public Report.

On cyber security, the Report somewhat clarifies what it sees as its position relative to the CSE on cyber: “CSE’s role is to protect computer networks and electronic information of greatest importance to Canada, helping to thwart state-sponsored or criminal cyber threat activity on our systems. In responding to cyber threats, CSIS carries out investigations into cyber threats to national security as outlined in the CSIS Act.” However, there is not much on threat activity here.

 

Cryptic?

Finally, an issue that is raised in at least three areas of the document is the “going dark” problem – the fact that actors engaging in threat-related activity are using encryption to hide their activities from national security and police services. If there wasn’t an election coming up, one would get the impression that there might be some policies coming down the line. Importantly, as far as I can tell, there is no unified position within the Canadian government on this issue, especially whether or not companies should be forced to weaken encryption to assist with investigations. While the Service may simply be describing the challenges they are encountering in investigations, in my view the language in this document brings CSIS closer in line with the RCMP, who have stated that they need some kind of lawful access provisions. While I cannot find much online with regards to the CSE position in this debate, officials from that organization have noted that weakening encryption would actually make their mandate to protect Government of Canada systems harder.

In summary, the new CSIS Public Report is a welcome return to form. While the shake-up I had anticipated with regards to threats was not there, it is still an interesting read and certainly there is enough new things to make it different from previous versions. With so few opportunities to communicate with the Canadian public about national security threats, these documents take on a new importance. And certainly there is not a lack of topics to discuss.