Upload File

cse response to cbc re- cyberwarfare revelations.pdf

  • Home
  • Documents
  • CSE Response to CBC Re- Cyberwarfare Revelations.pdf
5
An excerpt of CSE’s response to CBC’s questions Friday, March 6, 2015 CSE response: Here is CSE’s official response to this set of questions. CSE has the authority under the National Defence Act to acquire and use information from the global information infrastructure to collect foreign signals intelligence. This protects Canadians, Canada and our allies. Under this foreign intelligence mandate, CSE does not direct its foreign signals intelligence activities at Canadians or anywhere in Canada. Under its cybersecurity mandate, CSE monitors government networks with the sole purpose of protecting them from malicious cyber activity. CSE’s foreign signals intelligence has played a vital role in uncovering foreignbased extremists’ efforts to attract, radicalize, and train individuals to carry out attacks in Canada and abroad. Any suggestion that CSE monitors Canadian internet space – outside of the Government of Canada network – for any purposes other than those defined in the National Defence Act is false. CSE regrets the disclosures, and the speculative and often incorrect analysis of them, particularly given that the professional and dedicated men and women of CSE work diligently every day to protect Canadians. The independent CSE Commissioner scrutinizes CSE’s activities. The CSE Commissioner has never found CSE to have acted unlawfully, and has noted CSE’s respect for the privacy of Canadians. Monday, March 2, 2015 CSE response: Many of the questions presented relate to specific operations, methods or capabilities that help protect Canada and Canadians against threats. As you know, CSE must respect the Security of Information Act and cannot comment on classified operations, methods and capabilities. In some instances, the questions presented indicate a misunderstanding of CSE’s actual capabilities or intentions. Furthermore, CSE regrets that the publication of these documents renders our methods less effective when addressing threats to Canada and Canadians.

Upload: anondownload

Post on 16-Nov-2015

222 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • AnexcerptofCSEsresponsetoCBCsquestions

    Friday,March6,2015CSEresponse:HereisCSEsofficialresponsetothissetofquestions.CSEhastheauthorityundertheNationalDefenceActtoacquireanduseinformationfromtheglobalinformationinfrastructuretocollectforeignsignalsintelligence.ThisprotectsCanadians,Canadaandourallies.

    Underthisforeignintelligencemandate,CSEdoesnotdirectitsforeignsignalsintelligenceactivitiesatCanadiansoranywhereinCanada.

    Underitscybersecuritymandate,CSEmonitorsgovernmentnetworkswiththesolepurposeofprotectingthemfrommaliciouscyberactivity.

    CSEsforeignsignalsintelligencehasplayedavitalroleinuncoveringforeignbasedextremistseffortstoattract,radicalize,andtrainindividualstocarryoutattacksinCanadaandabroad.

    AnysuggestionthatCSEmonitorsCanadianinternetspaceoutsideoftheGovernmentofCanadanetworkforanypurposesotherthanthosedefinedintheNationalDefenceActisfalse.

    CSEregretsthedisclosures,andthespeculativeandoftenincorrectanalysisofthem,particularlygiventhattheprofessionalanddedicatedmenandwomenofCSEworkdiligentlyeverydaytoprotectCanadians.

    TheindependentCSECommissionerscrutinizesCSEsactivities.TheCSECommissionerhasneverfoundCSEtohaveactedunlawfully,andhasnotedCSEsrespectfortheprivacyofCanadians.

    Monday,March2,2015CSEresponse:Manyofthequestionspresentedrelatetospecificoperations,methodsorcapabilitiesthathelpprotectCanadaandCanadiansagainstthreats.Asyouknow,CSEmustrespecttheSecurityofInformationActandcannotcommentonclassifiedoperations,methodsandcapabilities.Insomeinstances,thequestionspresentedindicateamisunderstandingofCSEsactualcapabilitiesorintentions.Furthermore,CSEregretsthatthepublicationofthesedocumentsrendersourmethodslesseffectivewhenaddressingthreatstoCanadaandCanadians.

  • Theleakedmaterialsaredateddocuments,andsomeexploredpossibleideastobetterprotecttheGovernmentofCanadasinformationsystemswhilealsoseekingcostefficiencies.Asaresult,informationinthesedocumentsdoesnotnecessarilyreflectcurrentCSEpracticesorprograms,orthedegreetowhichCSEhasvisibilityintoglobalorCanadianinfrastructures. Inmovingfromideasorconceptstoplanningandimplementation,weexamineproposalscloselytoensurethattheycomplywiththelawandinternalpolicies,andthattheyultimatelyleadtoeffectiveandefficientwaystoprotectCanadaandCanadiansagainstthreats.TechnologiesortoolsthataredeployedorusedbybothoperationalareasaredonesoseparatelyunderCSEsforeignintelligenceorcyberdefencemandates,andinformationismanagedseparatelyincompliancewithasuiteofinternalpoliciesspecifictoeachmandate.UnderitsITsecuritymandate,CSEhasinplaceautomatedscanningongovernmentnetworkstoidentifymaliciouscyberactivity.CSEonlycollectsinformationthatisnecessaryandrelevanttounderstandthenatureandmethodsofmaliciouscyberthreatsandtopreventmaliciouscyberactivityagainstGovernmentofCanadasystemsandnetworks.Wheninformationissharedbetweenthetwooperationalareas,itistohelpbetterunderstandmaliciouscyberthreatssothatCSEcanmoreeffectivelydefendgovernmentsystems.Forexample,whereappropriate,informationaboutforeigncyberactivitiesdiscoveredbyourITsecurityanalystscanbesharedwithdesignatedforeignsignalsintelligenceanalystsforfollowupunderCSEsforeignintelligencemandate.Foreignintelligenceonthesethreatactivities,andthemethodsandtechniquesbehindthem,iscriticaltounderstanding,mitigatinganddefendingagainstmaliciouscyberactivitiesthatthreatenCanadianinfrastructuresandinformation.InformationcollectedbyCSEismanagedaccordingtoestablisheddataretentionschedulesthataredocumentedininternalpoliciesandprocedures.Toprovidemoredetailcouldassistadversarieswhowanttoconductmaliciouscyberactivityagainstgovernmentnetworks,orevadeourforeignsignalsintelligenceefforts.Underitsassistancemandate,CSEprovidestechnicalassistancetofederallawenforcementandsecurityagenciesonlyattheirspecificrequest,andonlyundertherequestingagencyslegalauthority,suchasawarrant.PrivacyprotectionsareestablishedbylawandreflectedinpoliciesgoverningCSEsactivities.MeasuresarebuiltintoCSEsoperationsandtechnologiesforthehandling,retention,useanddestructionofinformationaboutCanadians.

  • TheindependentCSECommissionerandhisstaffscrutinizeCSEactivities.TheCSECommissionerhasneverfoundCSEtohaveactedunlawfully,andhasnotedCSEsrespectfortheprivacyofCanadians.Tuesday,March3,2015CBCquestions:1. WeunderstandCSEemployeesareboundbysecrecyunderSIAduetonationalsecurityconcerns.ButwhycanttheagencydisclosewhetheritmonitorsallofCanadianinternettraffic?(Sucharevelationdoesntputnationalsecurityindangerandisinthepublicsinterest.)2.Inwhichinstancesdoourquestions(sentFebruary24,2015)indicateamisunderstandingofCSEsactualcybercapabilitiesorintentions?Pleaseknow,basedonCSEsowndocuments,andinconsultationwithnumerousauthoritiesacrossaspectrumofviewpointsandexpertise,CBCispreparingtoreportthefollowing:CSEhasdevelopedsophisticatedcapabilitiestoexploitcybernetworks,aswellastoattackanddisruptpotentialopponents/threats.TheseCNE/CNAcapabilities,andCanadasglobalaccesspointsandsensorsaretheverytoolsCSEcouldusetoassistotheragencies(CSIS,RCMP)todisruptterrorthreatsshouldBillC51becomelaw.Pleaseanswereachofthefollowing:3.Whatoftheabovestatement(initalics)isincorrect?4.YouindicatedtoCBCinyourresponsesofMarch2thatCSEsleakeddocumentsarebothdated,andspokeofplansandthatasaresult,informationinthesedocumentsdoesnotnecessarilyreflectcurrentCSEpracticesorprograms,orthedegreetowhichCSEhasvisibilityintoglobalorCanadianinfrastructures."However,the2011CASCADEdocumentdiscussesplansfor2015andstatesthatCSEcurrentlyhas"fullvisibilityofournationalinfrastructure."AreyousayingCSEnolongerhasfullvisibilityofCanadiancyberinfrastructure?5.UnderwhatauthorityisCSEcurrentlymonitoringCanadasentirenationalcyberinfrastructure?6.OnwhichdateshasaministersofdefenceauthorizedmonitoringoftheentirenationalcyberinfrastructureunderMandateA?

  • 7.(above)UnderMandateB?Tuesday,Feb.24,2015CBCquestions:1.IsCSEmonitoringallofCanada'sinternetspace?2.Ifso,underwhatmandates(A/BorC)?3.IsCSEcollectingdataormetadatafromCanada'sentireinternetspace?4.Howmuchofthiscollectionisusedandretained?5.Forhowlong?6.HasCSEsucceededinmergingitsCyberSensorArchitecture(bothdefenceofCanadiangovernmentnetworksusingPhotonicPrismprogram,andforeign/warrantsintelligencegatheringthroughtheEONBLUIEprogram)asimaginedasagoalfor2015intheCSEslidedeck"CASCADE?"7.WhatdoesitmeanforPhotonicPrismandEONBLUEsensorstobemerged?8.Whatisthenameofthenewlyunifiedsensorarchitectureprogramthathasreplaced/mergedthesetwoprevioussystems?9.WhatdoesitmeanthatCSEhas"fullvisibilityofournationalinfrastructure?"(CASCADEslidedeck,p.30)10.Whatarethe"SpecialSources"(whichtelecommunicationscompanies,internetcables,coreinternetproviders?)thatprovideCSEwithaviewofallofCanadianInternetSpace?(CASCADEslidedeck,illustrationp19)?11.UnderwhatauthorityisCSEacquiringaccesstoall'internationalgatewaysaccessiblefromCanada"fromthesesocalled"SpecialSources?"(CASCADEslidedeckp.22)12.How,underthenewly'synchronized'systememploying'commondatarepositories,'doesCSEdistinguishandkeepseparate(bothinCSEuseandinsharingwithallies)thedatacollecteditstwoseparatemandates?(Canadiansemailsanddatacollectedexpresslyunderthe"cybersecuritymandate"toprotectgovernmentnetworks,versusdata/metadatacollectedunderthe'foreignintelligence"and/or'assistance'toCSIS/RCMP/ect'SIGINT"mandate?)(CASCADEslidedeckp.23).13.Howissurveillingtheentireinternet'nationalinfrastructure'effectiveindefendingagainstcyberattacks?14.Inthe2010slidedeck"CSECCyberThreatCapabilities:SIGINTandITS:anendtoendapproach"thereisadiagramonpage15,layingoutthevarioustypesofinternettraffic/communicationsbeingcollectedandobservedbyCSEunderitsdifferentmandates(MandateBdefenceofgovernmentnetworks,versusMandatesA+Cforeignintelligencegathering,andassistancetoCSIS/RCMP/etc).Howdoyouaccountforthe"domestictodomestic"communicationthatCSEissurveillingunderitsMandateA+C...distinctfromthe'warranteddomestic'collectionidentifiedinthe

  • diagram?(CSEisn'tsupposedtobetargeting/directingactivitiesatCanadians,beyondwarrantedauthorization).Canyouexplainthis?15.Onpage22ofthe2010slidedeck"CSECCyberThreatCapabilities:SIGINTandITS:anendtoendapproach"thereisacharton"CyberActivitySpectrum"whichdetailsCSE'scapacityforCyberNetworkExploitationandAttacks(implants,takingcontrol,disruption,destroyingofadversarynetworks).Canyouprovideexampleswhenthesecapabilitieshavebeenused?16.UnderwhatauthoritydoesCSEbreakinto,disruptordestroyadversaryinfrastructure?17.Howmanytimessince2010hasCSEbeencalledonunderitsMandateC(Assistance)toemploytheseCNE/CNAcapabilities?18.HowwouldBillC51,shoulditbecomelaw,affectCSE'sactivitiesintheCNE/CNArealm?


AnalyticalReport Cyberwarfare& Cyberterrorism

Cyberwarfare e Cyberspace: Aspetti Concettuali, Fasi ed ... · 3. Fasi della Cyberwarfare: Globalizzazione, Network e Cyberterrorismo..... 48 3.1 Cyberspazio e Cyberwarfare – un

By Disanalogy, Cyberwarfare is Utterly Newkryten.mm.rpi.edu/SB_JL_cyberwarfare_disanalogy_112113IT.pdf · By Disanalogy, Cyberwarfare is Utterly New Selmer Bringsjord Rensselaer Polytechnic

Cyberwarfare · 2019. 11. 20.  · • Cyberwarfare will continue to happen in the background and with the involvement of third parties • It is already technically possible to harm

CBC&CBC-M SERIES SERIE CBC-M CBC-M SERIE · CBC&CBC-M SERIES (EN) SERIE CBC-M (FR) CBC-M SERIE (DE) SERIE CBC-M (ES) SERIE CBC E CBC-M (IT) (P.N. 3026610534, Revision A3, July 2013)

CBC OBJECTIVES COVERED GRADE 2 CBC CBC …studentservices.dadeschools.net/trust/pdfs/gr_2.pdf · CBC OBJECTIVES COVERED GRADE 2 CBC CBC OBJECTIVE Sunshine State Standards LESSON NAME

Cyberwarfare, Ethics, and International Humanitarian Lawethics.calpoly.edu/ICRC_program.pdf · Cyberwarfare, Ethics, and IHL: 21-22 May 2014 2workshop @ ICRC Purpose Welcome to our

A Cyberwarfare Weapon: Slowreq

ICT Security 2011 - Cyberwarfare: intelligence penetration_response

Information Operations, Cyberwarfare

Cyberwarfare Vulnerability Assessment (2007)

Information Operations, Cyberwarfare, and Cybersecurity

ANF AA B CBC ARO AA B CBC APPL AA B CBC TA B CTA B C ADBE AA B CBC MO AA B CBC BRK/A AA B CBC HRB AA B CBC BA AA B CBC BKE AA B CBC BNI AA B CBC CAB AA

Civilians in Cyberwarfare: Casualties

Cyberwarfare and International Law - UNIDIR

The Age of Cyberwarfare - Columbia University

UPDATING THE LAW OF TARGETING FOR AN ERA OF CYBERWARFARE BENJAMIN · 2020. 2. 25. · UPDATING THE LAW OF TARGETING FOR AN ERA OF CYBERWARFARE BENJAMIN WEITZ* ABSTRACT Cyberwarfare

cac@ Icec@ # 10 'CBC 'CBC@ í3fì 1fRe±ï ICBC @ ZHEJIANG ... · 'cac@ icec@ # 10 'cbc 'cbc@ í3fì "1fre±ï" icbc @ zhejiang university icbc @ 'cbc@ 'cbc@

Collateral damage in cyberwarfare

Cyberwarfare by Stefano Mele

Chapter 8 Cybercrime, Cyberterrorism, and Cyberwarfare

Office Documents: New Weapons of Cyberwarfare

North Korea and Cyberwarfare: How North Korea’s Cyber Attacks …s-space.snu.ac.kr/bitstream/10371/85190/1/02_Tom Papain.pdf · 2019-04-29 · North Korea and Cyberwarfare: How

Cyberspionage, Cyberwarfare und Cyberabwehr · 4 CyberWarfare actions by a nation-state to penetrate another nation's computers ornetworks for the purposes ofcausing damage ordisruption

Cyberwarfare and Aggressiveness in Cyberspace

On Cyberwarfare

Cyberwarfare - Political 1 and 2mun.mcsoxford.org/briefings/2019/Cyberwarfare - Political... · 2019. 1. 30. · Cyberwarfare Introduction Cyberwarfare defines any form of conflict

Cyberwarfare and Operational Art · 2018. 1. 16. · Cyberwarfare and Operational Art, by MAJ Timothy J. Williams, US Army, 49 pages . International actors engage in cyber warfare

Cetmons Cyberwarfare

CBC Global Business Solutions Provider CBC Business ...€¦ · International Sourcing Solutions / China –Swiss – Japan –India –Hongkong CBC Agenda 2 CBC Group CBC Contact

THE FAILED APPLICATION OF JUST WAR DOCTRINE TO CYBERWARFARE

Cyberwarfare & Cybersecurity

The U.S. Army and the Future of U.S. Cyberwarfare

Cyberwarfare examples

Cyberwarfare focusing on higher education as a prime target