A look at CSE's Annual Report 2024-2025
CSE released its Annual Report 2024-2025 on 27 June 2025.
The document is 56 pages long, so I won’t try to summarize it here, but it’s worth reading if you want a sense of what the agency has been up to over the past year – or at least those things that it is willing to talk about. For reasons that should be obvious, it doesn’t reveal any deep secrets. But the report does continue the trend we have seen in recent years of gradually growing transparency on the part of the agency. That's good to see.
In this post I will highlight some of the elements of the report that I found especially interesting.
Canadian SIGINT clients up 41%
The number of employees at CSE has been growing almost continuously since 2001, reaching, the report reveals, 3,841 full-time, permanent employees as of 31 March 2025. Over the next several years, that growth is expected to continue, with the total number of employees almost certain to surpass 4,000 and maybe even approach 5,000, although that news is not in the report.
What the document does disclose, however, is that major growth is also underway in the number of SIGINT clients in the Canadian government. That number leapt by a somewhat astounding 41 percent, rising from 2,137 in 2023-24 to 3,016 in 2024-25.
Four years before that, in 2020-21, there were just 1,450 SIGINT clients. However, that number was artificially low due to the COVID-19 pandemic. In 2019-2020, the year before the pandemic, there were approximately 2,100 SIGINT clients, more or less the same as there were in 2023-24. The big drop in 2020-21 occurred, presumably, because most public servants worked from home during the worst part of the pandemic, leaving large numbers unable to visit the SIGINT Secure Areas needed to access SIGINT products. Client numbers rebounded to the more normal level over the succeeding three years as public servants gradually returned to the office.
But what explains the giant leap last year?
One part of the explanation may be that CSE began a significant expansion of Canada’s Top Secret Network (CTSN) in 2024-25. The CTSN is a CSE-run secure IT network used to collaborate at the Top Secret level, including for the delivery of CSE and partner intelligence products to SIGINT clients. According to the annual report, “CSE supported major site expansions for existing CTSN clients, including the National Security and Intelligence Review Agency (NSIRA), PCO, Justice Canada and the RCMP, resulting in a 20% increase of deployed endpoints.... CSE also deployed a significant number of its Top Secret terminals at CAFCYBERCOM and its satellite stations across Canada, and in support of deployed military operations.”
The annual report also reveals that CSE plans to onboard three new government departments to CTSN this year: Environment and Climate Change Canada, the Public Prosecution Service of Canada, and the Office of the Commissioner of Canada Elections. This suggests that the growth in SIGINT clients will continue into 2025 at least.
The expansion of CTSN services (and presumably an at least somewhat corresponding increase in the number of clients) at Justice Canada, the RCMP, and, soon, the Public Prosecution Service of Canada points to growing interest in bringing SIGINT and other intelligence capabilities to bear in relation to the investigation, disruption, and prosecution of criminal matters.
The report acknowledges that CSE's intelligence collection, cyber security, and cyber operations activities directed at foreign ransomware groups and other cyber criminals continue to expand.
But that's not the only way in which CSE's anti-crime activities are growing. CSE was also very publicly recruited into the war on drug trafficking in 2024, notably but not exclusively against the purveyors of fentanyl:
“In December 2024, the Government of Canada... announced an investment of $180M over 6 years to expand CSE’s intelligence collection and foreign cyber operations capacity, enabling CSE to target transnational organized crime and fentanyl trafficking more effectively. CSE’s vital intelligence relationships—within the Government of Canada and with international partners—are an asset as we put Canada’s Border Plan into action. This year, we developed new campaigns to identify and disrupt transnational criminal networks responsible for fentanyl and synthetic opioid supply chains into Canada. We are working closely with domestic and international partners to achieve this priority objective. We remain closely engaged with our Five Eyes partners, particularly with US counterparts, to share information and coordinate operations aimed at disrupting the transnational criminal networks involved in the supply chain of illicit synthetics.”
According to the Privy Council Office, the $180 million is being provided to CSE (along with $20 million to Public Safety) to establish a “Joint Operational Intelligence Cell to better leverage information sharing to target transnational organized crime, money laundering, drug trafficking and improve border security.”
The JOIC, Public Safety says, “will facilitate expedient and effective flow of intelligence for use by law enforcement operations in Canada and abroad. Canada’s national security, law enforcement, and intelligence community will use the new resources made available through Canada’s Border Plan to share actionable intelligence with provincial, territorial and international partners, as required, on organized crime and fentanyl.”
In certain respects, this is nothing new. CSE and the Canadian Forces have been cooperating with the U.S. to monitor international narcotics networks that seek to bring drugs into North America since at least 1993, when Canada began participating in the U.S. SANDKEY program. We became a member of the SANDKEY Committee that coordinated the program in 1996.
SANDKEY was (and probably still is) focused on the radio communications of smuggler aircraft and vessels operating from South and Central America and the Caribbean. However, it is virtually certain that Canada-U.S. counter-drug cooperation is much broader than that and has long incorporated other forms of intelligence collection, including Internet monitoring and computer network exploitation (CNE) operations.
Still, these recent announcements indicate that such activities are on the increase, and it seems likely that the growth in CSE's SIGINT clients may be attributable at least in part to its growing attention to these and other criminal activities.
Let’s hope the Carney government is alert to the dangers of mission creep in co-operating with the U.S. on such activities and is scrupulous about not contributing to the network of extra-judicial detention, lawless deportation, and foreign rendition and incarceration currently taking shape in that country. NSIRA, this looks like an area that you folks might want to keep an especially watchful eye on.
It’s also an area likely to be of interest to the Intelligence Commissioner, as the reasonableness of the invasions of the privacy of Canadians and persons in Canada that CSE commits in the course of its activities hinges in part on the use to which the information collected is put and how widely it is disseminated.
In this context, it is worth noting that the increase in law-enforcement surveillance powers proposed in the Carney government’s recently introduced Bill C-2, and the possibility that information so collected will be shared internationally, is the subject of deep concern among civil liberties advocates and watchdogs.
Circling back to the question of SIGINT clients, it’s unclear how long the number of authorized SIGINT recipients will continue to climb. The new government has decided to take a chainsaw to the federal public service, so it’s possible that the ranks of CSE’s clients will begin to drop over the next several years. But intelligence activities fit within the broadly defined “defence spending” category that the government is equally determined must skyrocket over the same time-frame, so CSE’s own growth is unlikely to falter, and many of its users may also be protected in that way.
CII disclosures down
When information that might identify Canadians or persons in Canada (Canadian identifying information, CII) is used in CSE SIGINT reports, it is normally “suppressed,” i.e., replaced by a generic term such as a “named Canadian.” But the suppressed information can be disclosed to clients who request it if they have the lawful authority and a suitable operational justification for receiving it.
According to the annual report, in 2024-25 CSE received 752 requests for CII, including 669 from Canadian clients and 83 from Five Eyes recipients. Ten of those requests were still being considered at the end of the fiscal year, but of the known resolutions 75.3% were approved and 24.7% were either denied or cancelled (the latter presumably meaning withdrawn by the requester, likely in many cases because CSE had questioned the rationale for the request).
This represents a substantial drop in disclosure requests compared to 2023-24, when there were 1,087 requests, including 945 from Canadian clients and 142 from Five Eyes recipients.
(CSE’s 2023-24 annual report incorrectly stated that 1,072 requests were made that year. The agency provided the correct figure in an e-mail to me on 28 November 2024. Unfortunately, CSE chose not to correct the record in their current report, nor has it been corrected anywhere on CSE’s website, so this blog and a post I made on BlueSky are currently the only places where you can find the correct information. NSIRA’s 2023-24 annual report also contained incorrect, although different, CII figures. Maybe that agency, which can blame the mistake on information provided by CSE, will print the correct 2023-24 figures in its still-to-come 2024-25 report.)
CII request totals seem to fluctuate quite a bit from year to year – there were just 719 in 2022-23, whereas totals over 1,000 were not unusual in years before that – so it’s probably foolish to try to ascribe much significance to the drop this year. Still, from a privacy perspective, a smaller total seems like a good thing to see. It’s especially nice in the context of the big jump in the number of SIGINT clients last year, which one might have expected to result in a corresponding increase in CII requests. It will be interesting to see where the number of requests goes in future years.
The number of denied/cancelled CII requests is a more mixed picture. CSE used to approve around 99% of requests, so the approval rate of around 75% reported in both of the last two years suggests that CSE has begun demanding a much higher standard of justification for CII requests. However, it also suggests that around one out of every four requests that CSE’s clients make is not yet meeting that standard, which certainly shows room for improvement.
What we might hope to see eventually is a significant reduction in the overall number of requests, with clients restricting their requests to just those cases where the justification for receiving the information is robust and clear, and a correspondingly high approval rate of those more legitimate requests.
We can probably thank NSIRA for the recent improvement in CSE’s CII performance. In November 2020, NSIRA completed a review of CSE's recent disclosures of Canadian Identifying Information. In that review, NSIRA determined that 28% of the sample of disclosures that the review agency examined were “insufficiently justified to warrant the release of CII,” concluding that “CSE’s implementation of its disclosure regime may not be in compliance with the Privacy Act.” (The latter being NSIRA's polite way of saying we think you're breaking the law.) The review agency made ten recommendations for tightening up CSE’s disclosure regime. [Update 7 August 2025: Eleven recommendations, actually.]
A redacted version of NSIRA’s classified report on the review was released to me earlier this month following an Access to Information request and simultaneously posted on the agency’s website. For those interested in the topic, there’s a lot of good reading in there.
The spies who went back into the cold
In October 2024, I made a presentation at the Canadian Intelligence History at the Crossroads conference called The spies who came south from the cold: CSE’s 1980s renaissance.
In that talk, I described how, during the 1980s, CSE had moved away from an almost exclusive focus on the Arctic and the northern Soviet Union to embrace a series of other collection techniques and targets. But I also pointed out that CSE never abandoned its Arctic mission, and that it still goes on today.
I’m glad I added that caveat, because this year’s annual report (like the 2023-24 report) makes it clear that Arctic surveillance not only remains an important CSE mission, it is a mission that has been growing in importance in recent years:
“CSE works hard alongside domestic and international partners to support Canada’s security and sovereignty in the Arctic—a priority for the Government of Canada. Canada’s new Arctic Foreign Policy cites CSE as a key partner in bridging the intelligence gap to address the complex range of threats facing the Arctic, and we continue to invest to meet the growing demand for intelligence from a variety of Arctic stakeholders. We work closely with domestic partners and international allies to provide foreign intelligence and advance partnerships in areas such as cyber defence, economic security and countering foreign interference.”
The report lists several steps the agency took during 2024-25 to “deepen our ongoing Arctic partnerships, including:
• participating in an annual Arctic security conference hosted in Yellowknife, Northwest Territories, with other federal organizations and territorial governments
• continuing to co-chair, alongside the Privy Council Office (PCO), the Arctic Intelligence Coordination Group, which coordinates Arctic security activities across the Government of Canada
• continuing to provide leadership at international forums dealing with polar issues
• hosting an in-person conference in Ottawa for an international forum on signals intelligence concerning both polar regions
» CSE founded and continues to provide leadership to this forum
• participating in an all-source intelligence forum focused exclusively on the Arctic”
It’s also great to see CSE become a little more open about the targets of some of its northern surveillance:
“CSE continues to support the Canadian Armed Forces (CAF) as they monitor and track threats from foreign adversaries in the Arctic region. This includes supporting the Royal Canadian Navy and the Royal Canadian Air Force as they patrol the high north and defend Canada’s sovereignty from foreign actors. We also provide indications and warning of Russian aircraft as part of Canada’s joint command of the North American Aerospace Defence Command (NORAD), and monitor naval-based threats in an increasingly crowded space.”
Indications and warning (I&W), by the way, is a term of art in the intelligence world referring to near-real-time reporting of intelligence about adversary activities that may pose an imminent threat to military forces in the field or to the public at home or even provide strategic warning of preparations for war, such as forward staging of nuclear forces or the conventional forces build-up that preceded Russia’s invasion of Ukraine.
While it’s certainly no secret that Canada and its SIGINT partners track the movements of Russian aircraft and other targets in the Arctic basin and off our coasts by monitoring their radio transmissions and other electromagnetic emissions, the fact that this is well-known has not always convinced the security redactors to acknowledge the obvious, as this 2019 NSICOP report demonstrated. It's nice to see a more sensible approach in this report.
Tim Sayle’s new open-access book about early Cold War threat intelligence and the establishment of the Tripartite Intelligence Alerts Agreement is a great source for those interested in learning more about the origins of Canada-U.S.-U.K. cooperation on strategic and tactical warning questions.
Another recent innovation in CSE’s annual reports is the agency’s discussion of the Arctic-related intelligence reports it issues. CSE first published a number for this category of reporting last year, when the figure was 132. “This year,” the agency reports, “we shared 196 intelligence reports on Arctic security with 20 Government of Canada departments and with Canada’s international allies. These reports included information on foreign states’ political intentions, military capabilities, technological advancements, economic interests and research activities in the region. CSE also actively pursues intelligence on foreign cyber actors seeking to exploit and compromise systems related to the Arctic.”
I still find it rather surprising (although entirely positive) that CSE is willing to provide information of this detail about one of its categories of reporting. It’s worth noting, however, that the discussion relates to CSE’s reports only: the gists and other reports issued by the Canadian Forces Information Operations Group (CFIOG) when tracking Russian aircraft movements and other activities are not included. No information is provided about the scale of the CFIOG’s reporting on this (or any other) topic.
[Update 6 August 2025: I probably should have written CAF Cyber Command (CAFCYBERCOM) here, as I think Cyber Command absorbed CFIOG when the former was created in September 2024.]
Traditionally, SIGINT agencies like CSE have been directed to limit their reporting specifically to the information they obtain – to report SIGINT facts – and to leave broader assessments of the significance of that intelligence to other agencies that work with all-source information.
But this model has never been entirely workable in practice: in some cases SIGINT might be the sole, or nearly sole, source of information on a topic, and sometimes it can only be understood by compiling and analyzing a myriad of minor data points about a target or subject with the benefit of the background knowledge possessed only by SIGINT analysts.
Thus, back in the days when CSE was focused almost exclusively on the North it would sometimes generate broader analytical reports on subjects such as the activities of Soviet nuclear icebreakers.
With the end of the Cold War, however, this practice seems to have largely disappeared. In 2015, CSE told incoming Defence Minister Harjit Singh that "CSE is an intelligence collector and compiler; CSE does not currently conduct intelligence assessments.”
I wonder whether that is still true. As the agency carves out (or expands) its expertise on niches such as the Arctic, and increasingly accesses entire collections of files through CNE operations, surely the case has been made for CSE to produce its own intelligence assessments on topics where the agency has special expertise or access. (The cybersecurity side of the agency already produces assessments on its areas of expertise.)
Is CSE back in the intelligence assessments business?
Cyber ops up
Another topic on which CSE is gradually providing more information is the expansion of what it calls its foreign cyber operations “portfolio.”
“Budget 2024 announced additional funding for CSE and GAC to enhance intelligence and cyber operations programs to respond to the increasingly evolving and complex threats to Canadian national security, prosperity and democracy. This funding has allowed CSE to strategically expand the scope and scale of its foreign cyber operations efforts. CSE was also directed by the Prime Minister to use the funding allocated as part of the border security initiative to bolster cyber operations to disrupt illegal drug supply chains (for example, fentanyl).”
In 2024-25, the report reveals, “CSE conducted numerous foreign cyber operations to:
• defend Canadians from malicious state and non-state cyber threats
• disrupt espionage activities directed at the Government of Canada
• counter foreign disinformation campaigns
• protect Canadians from violent extremism”
On the subject of non-state cyber threats, the report states that “CSE stood up a campaign to counter the 10 most significant ransomware groups impacting Canada and our allies. We also participated in a multinational operation aimed at disrupting the activities of a ransomware actor. CSE used a variety of covert techniques to degrade and disrupt the illicit operations of this group, significantly impacting the group’s ability to target Canadians.”
The report also provides some details of the agency’s efforts to disrupt what it calls violent extremist organizations (VEOs):
“Using a multi-faceted approach that targeted VEOs’ technical infrastructure and online presence, CSE conducted active cyber operations to:
• damage the credibility and influence of key group leaders, reducing their ability to inspire and lead
• weaken trust and reduce cohesion between leaders and followers, undermining the unity and strength of these organizations
• highlight the legal and personal risks associated with engaging in VEO activities, potentially deterring individuals from involvement
• remove violent and extremist content from online platforms, denying VEOs a vital tool for radicalization and recruitment”
Cyber operations conducted against states and associated actors are, not surprisingly, much less discussed.
We do get a bit of information, however, about the effort to produce a joint CSE-Canadian Forces cyber operations capability:
“Through the Government of Canada’s Defence Policy Update and Budget 2024, CSE received significant new investments to continue to expand our foreign cyber operations program to counter the growing number of threats impacting Canada’s safety and security. In this updated policy, CSE, the Department of National Defence (DND) and CAF were directed to stand up a 'joint Canadian cyber operations capability.' This joint capability builds on CSE’s foundational elements, and we are actively advancing this initiative in close partnership with the newly established Canadian Armed Forces Cyber Command (CAFCYBERCOM).”
CSE and the Canadian Forces have for several years had a Combined Cyber Unit where they could work on developing the policies and procedures for joint operations under CSE authorities, Canadian Forces authorities, or a blend of the two.
It looks like they now plan to formalize the existence of this unit, possibly with a new name, as an operational capability. Will the result be something like a small version of the U.K.’s National Cyber Force? Maybe next year’s report will provide an answer.
Cybersecurity: A federal or provincial responsibility?
The official line, I think, is that it’s everyone’s responsibility.
But through CSE and its Canadian Centre for Cyber Security, the federal government has capabilities that are unmatched, and indeed unmatchable, by any other level of government, and those may be the kind of capabilities governments need if they want to have any hope of resisting sophisticated state threats.
Last year, CSE acknowledged that it had begun providing direct cybersecurity assistance to the territorial governments of the Yukon, the Northwest Territories and Nunavut, with proactive deployments of CSE cybersecurity sensors on the IT systems of those governments.
It now looks like CSE may have begun to extend those services to one or more provincial governments as well. As I noted here, such sensor deployments can only be made if the Minister of National Defence issues and the Intelligence Commissioner approves a relevant ministerial authorization (MA), and an unexplained cybersecurity MA approved sometime in 2024 looks like it fits that bill.
The 2024-25 annual report doesn’t come out and explicitly confirm that one or more provincial governments have joined CSE’s list of customers, but it does state that “Increasing cyber security collaboration with the provinces and territories remains a top priority for CSE. We are working with provincial and territorial partners to mitigate ongoing compromises and to warn of potential malicious cyber threat activity from sophisticated actors.”
Later on the same page the report refers in passing to “provinces and territories with access to our sensor services,” which is actually pretty close to an explicit confirmation when you think about it.
In that other blog post, I speculated that the provincial government in question might be that of British Columbia. It’s possible but less likely, I think, that other provincial governments were also covered by that MA. (It looks like the number of cybersecurity MAs is on the rise, however, so more provincial customers may have signed on since.)
Maybe CSE will be more forthcoming next year.
Whatever the actual explanation of these developments may be, what we can say for certain is that CSE is further expanding its cybersecurity presence outside the Ottawa area:
“In August 2024, the Cyber Centre opened an office in Montreal, its first office outside of the National Capital Region. We aim to work closely with local partners in cyber security and critical infrastructure within the Montreal region to deliver programs and services, cultivate relationships, and facilitate information exchange. In addition to promoting partnerships with critical infrastructure and other key stakeholders, this pilot project will allow us to assess the impact and benefit of further expanding CSE’s national presence, including exploring the possibility of expanding to other locations in Canada.”
EDIA: Not just whistling Dixie
CSE has an active Equity, Diversity, Inclusion, and Accessibility (EDIA) program that it makes a point of regularly talking about, even posting about it in the gibbering madhouse known as X.
Does actual, existing EDIA at the agency live up to the lofty goals espoused in CSE's public communications? I would guess there will always be a pretty substantial gap between the rhetoric of programs like this, no matter how sincerely offered, and the realities of how they get translated into action when human beings, bureaucracy, and the quest for “measurables” meet. But for what it’s worth, in internal surveys of employee attitudes, CSE seems to do pretty well in comparison to the Public Service as a whole. And I think the goals of such programs are entirely worthy, first and foremost for reasons of principle, but also because they stand a good chance of bringing greater organizational efficacy.
It’s a bit poignant, therefore, to read in this year’s report about CSE’s efforts to share its work on EDIA with its Five Eyes partners. Those efforts, the report notes, included initiatives such as “steadily increasing EDIA items in programs and agendas of major multilateral gatherings,” “considering diversity of representation when selecting delegations for representation abroad,” “opening new avenues for Five Eyes collaboration through the first Five Eyes EDIA Summit, which enabled us to leverage and share best practices at a partnership level and opened pathways to future knowledge exchange,” and “starting to embed EDIA best practices at an institution level in our Five Eyes partnerships through 2 EDIA-specific delegations.”
It's hard to imagine these initiatives making any headway south of the border at the moment. Given that "whistling Dixie" may actually be a pretty good description of the current direction in U.S. government personnel policies, we can probably assume that EDIA is now DOA as a Five Eyes-wide project, at least for the next several years.
Let’s see if the other partners have the courage to keep it going on a Four Eyes basis.
posted by Bill Robinson at 12:51 am
0 comments
