What CSIS’s 2023 Public Report Tells Us About Threats to Canada’s Digital Economy

Canadians face a torrent of complex national security threats that risk damaging the country’s economic, institutional, social, and technological well-being and, in turn, Canada’s digital economy, according to the Canadian Security Intelligence Service’s (CSIS) 2023 public report. The multitude of risks outlined in the CSIS report demonstrates the full spectrum of threats Canada faces in today’s international security environment. This blog article discusses the risks outlined in the CSIS report, highlighting those most pertinent to Canada’s digital economy.

Cyberspace and Securing Canada’s Digital Economy

Cybersecurity threats facing Canada’s digital economy are growing year over year. In the report, CSIS highlights how ransomware remains a common and ongoing menace to Canada’s digital systems. The report notes that critical infrastructure in Canada, such as internet and telecommunications networks and hospitals, are regular targets of ransomware attacks. For example, in fall 2023, five hospitals in southwestern Ontario were subjected to a significant ransomware attack, disrupting healthcare services throughout the region and affecting thousands of patients. The report also observes that, while usually conducted for financial gain, ransomware attacks are also used by state and state-aligned actors as a tactic to mask their involvement when stealing sensitive data.

The use of social media platforms by hostile entities as a tool in information operations is another significant aspect of the digital economy that CSIS raises as a concern in the report. Canadian national security officials recently specified that some popular social media apps threaten national security and individual privacy. Recently, the United States has taken steps in response to such risks.

While not directly responsible for government network security and cyber incident response, CSIS allocates resources to cybersecurity initiatives, including investigations, information gathering, and threat reduction, to “harden the Canadian cyber ecosystem.” In the report, CSIS notes that it also engages with partners within Canada and internationally to help secure Canada’s critical digital networks.

Safeguarding Canada’s Economic and Research Security

Canada, as a global pioneer in several key emerging digital technologies such as artificial intelligence (AI), is a regular target for theft of research data and IP. In a global economy where countries derive their prosperity and economic dynamism through innovation and technological development, safeguarding research and sensitive technology is an important national security concern.

The report notes that in some cases, foreign governments seek to illegitimately appropriate Canadian research and innovative technologies for nefarious uses. It specifies how foreign governments may acquire Canadian technology through insincere overtures for international scientific collaborations, disingenuous appeals to open research practices, targeted acquisitions of Canadian companies, and outright theft of IP and research data through means such as cyberattacks.

The report outlines how CSIS cooperates with other federal partners such as Innovation, Science and Economic Development Canada and the Tri-Council research funding agencies, as well as individual Canadian universities and research institutes, to enhance security throughout Canada’s research ecosystem. Two key policy tools for achieving this challenging task are the federal government’s National Security Guidelines for Research Partnerships and Policy on Sensitive Technology Research and Affiliations of Concern. Internationally, Canada and its “Five Eyes” security partners have significantly emphasized safeguarding critical technologies such as AI, quantum computing, and biotech, from hostile foreign actors.

Artificial Intelligence and Canadian National Security

An emerging technological threat identified in the report is AI, which malicious actors can use to facilitate and enhance cyberattacks — increasing the likelihood that such attacks succeed, are more widespread, and potentially more damaging. However, the report also notes that AI can be an invaluable tool in helping CSIS protect Canada’s national security by quickly and accurately parsing through large quantities of information to spot patterns and identify threats.

CSIS says that AI tools can assist bad actors in carrying out social engineering campaigns and spreading disinformation across Canada’s digital media landscape. The use of deepfakes — images and other media that are digitally generated or altered by AI to deceive viewers — to spread disinformation poses an emerging AI threat to Canadian national security.

When used as a disinformation tool, deepfakes have the potential to reduce the public’s trust in visual media, threaten individual privacy and exact emotional harm, and potentially spark social instability while deepening divisions. A recent report by Policy Horizons Canada warns that AI threatens to cloud the “information ecosystem” with AI-generated disinformation, creating an environment where it becomes “almost impossible to know what is fake or real.”

CSIS’s 2023 public report presents a jarring overview of the national security threats Canada currently faces. The associated risks to the digital economy outlined in the report speak to the challenging international security situation Canada must navigate.

Erik Henningsmoen is a research and policy analyst with the Information and Communications Technology Council (ICTC).