The Communications Security Establishment is Canada's national cryptologic agency, responsible for foreign signals intelligence (SIGINT), cybersecurity, and the protection of federal government information systems. Headquartered in Ottawa, it operates under the Minister of National Defence but is a separate agency from the Department of National Defence and the Canadian Armed Forces.
CSE's modern legal foundation is the Communications Security Establishment Act, which came into force in 2019 as part of Bill C-59 (the National Security Act, 2017). The Act sets out five core aspects of CSE's mandate:
- Foreign intelligence — collecting information from the global information infrastructure about foreign entities.
- Cybersecurity and information assurance — protecting electronic information and infrastructures of importance to the Government of Canada.
- Defensive cyber operations — taking action online to defend Canadian systems.
- Active cyber operations — degrading, disrupting, or interfering with the capabilities of foreign actors.
- Technical and operational assistance — supporting federal law enforcement, security agencies, and the Canadian Armed Forces.
CSE is prohibited by statute from directing its activities at Canadians or persons in Canada, with narrow exceptions when assisting domestic partners under their own legal authorities. Ministerial authorizations are required for activities that risk contravening Canadian law or affecting a reasonable expectation of privacy, and these are reviewed by the Intelligence Commissioner, a retired judge whose role was created by the same 2019 reforms. Independent review is provided by the National Security and Intelligence Review Agency (NSIRA) and the National Security and Intelligence Committee of Parliamentarians (NSICOP).
CSE houses the Canadian Centre for Cyber Security (the Cyber Centre), launched in 2018 as the country's unified source of cyber defence advice and incident response for government, critical infrastructure, and the public. CSE is also Canada's member of the Five Eyes signals intelligence partnership alongside the US NSA, UK GCHQ, Australia's ASD, and New Zealand's GCSB.
Example
In 2022, the Canadian Centre for Cyber Security — part of CSE — publicly attributed cyberattacks on Ukrainian government networks to Russian state-sponsored actors, coordinating its statement with Five Eyes partners.