NFFN - Standing Committee

National Finance

45-1 45th Parliament, 1st Session (May 26, 2025 - Present)
Select a different session
Download as PDF

THE STANDING SENATE COMMITTEE ON NATIONAL FINANCE

EVIDENCE

OTTAWA, Thursday, June 19, 2025

The Standing Senate Committee on National Finance met this day at 1:01 p.m. [ET] to study the Main Estimates for the fiscal year ending March 31, 2026, with the exception of Library of Parliament Vote 1 and to study the Supplementary Estimates (A) for the fiscal year ending March 31, 2026; and in camera for consideration of a draft report.

Senator Claude Carignan (Chair) in the chair.

[Translation]

The Chair: Honourable senators, good afternoon and welcome. Before we begin, I would like to ask all senators and other in-person participants to consult the cards on the table for guidelines to prevent audio feedback incidents.

Please make sure to keep your earpiece away from all microphones at all times.

Do not touch the microphone. It will be turned on and off by the console operator. Please avoid handling your earpiece while your microphone is on; you may either keep it on your ear or place it on the designated sticker. Thank you all for your cooperation.

[English]

I wish to welcome all senators as well as viewers across the country who are watching us on sencanada.ca. My name is Claude Carignan, a senator from Quebec. I am chair of this committee.

I now wish to ask my colleagues to introduce themselves.

[Translation]

Senator Forest: Welcome. Éric Forest from the Gulf division in Quebec.

[English]

Senator Pupatello: Hi. I’m Sandra Pupatello, an Ontario senator from Windsor.

[Translation]

Senator Galvez: Good afternoon. Rosa Galvez from Quebec.

[English]

Senator Pate: Welcome. I live here on the unceded, unsurrendered and unreturned territory of the Algonquin Anishinaabeg.

[Translation]

Senator Gignac: Good afternoon. Clément Gignac from Quebec.

[English]

Senator MacAdam: Jane MacAdam, Prince Edward Island.

Senator Kingston: Joan Kingston, New Brunswick.

[Translation]

Senator Moreau: Pierre Moreau, Laurentides division, Quebec.

[English]

Senator Marshall: Elizabeth Marshall, Newfoundland and Labrador.

[Translation]

Senator Dalphond: Pierre Dalphond from Quebec.

The Chair: Honourable senators, today we will resume our study on the Main Estimates for the fiscal year ending March 31, 2026, and the Supplementary Estimates (A), 2025-26, which were referred to this committee on May 29, 2025, and June 11, 2025, respectively, by the Senate of Canada.

We are pleased to have with us witnesses from the Communications Security Establisment Canada. I imagine that many people will be listening to us today.

I would like to introduce Caroline Xavier, Chief; Julie Chassé, Chief Financial Officer; and Samantha McDonald, Assistant Deputy Minister of Strategic Policy, Planning and Partnerships.

Welcome and thank you for accepting our invitation to appear today. We will now hear opening remarks from Ms. Xavier. Ms. Xavier, the floor is yours.

Caroline Xavier, Chief, Communications Security Establishment Centre: Good afternoon, Mr. Chair and members of the committee. Thank you for the invitation to appear today to discuss the 2025-26 Main Estimates and Supplementary Estimates (A) 2025-26 on behalf of the Communications Security Establishment Canada, also known as CSE.

[English]

Today, I am joined by my colleagues, Samantha McDonald, Assistant Deputy Minister for Strategic Policy, Planning and Partnerships; as well as Julie Chassé, Chief Financial Officer.

Before we begin, I wish to acknowledge we are on the traditional unceded territory of the Algonquin Anishinaabe Nation. We acknowledge that this nation has been on this land since time immemorial. We recognize the important history of their stewardship of this land and understand their contributions to its present and future well-being.

For committee members less familiar with our agency, CSE is an important part of Canada’s security and defence ecosystem. As a stand-alone agency, we report directly to the Minister of National Defence. Our role is to collect and report on foreign signals intelligence; provide cyber security, information assurance and secure communications for the Government of Canada; as well as provide cyber guidance and services to help protect systems of importance to the Government of Canada.

We disrupt foreign cyber operations and threats, and take action in cyberspace to defend systems of importance to the Government of Canada and to support Canadian international affairs, defence and security. We provide technical and operational assistance to federal law enforcement and security agencies, including to the Department of National Defence and the Canadian Armed Forces. We also lead the Canadian Centre for Cyber Security, the Cyber Centre, which offers cybersecurity advice to external stakeholders and the public. It is also the national lead and technical authority on cybersecurity.

[Translation]

CSE is a proud and valuable member of the Five Eyes, the world’s longest-standing and closest intelligence-sharing alliance. The Five Eyes is a key element in Canada’s intelligence and security landscape — a force multiplier for CSE and Canada — providing a forum to share intelligence, technology and insights to hone our understanding of threats, risk and adversaries, and strengthen our collective defences, helping to protect Canada’s security and prosperity.

[English]

CSE’s information advantage gained through our activities to support our mandate and our partnerships, provides Canada with a comprehensive understanding of the threat landscape. As a national security and intelligence organization, you can understand that we cannot publicly disclose all our information and intelligence. However, we use publications, such as our unclassified National Cyber Threat Assessment report, to share threat information to help raise Canada’s cybersecurity bar so Canadians can live and work online safely and with confidence.

[Translation]

Canada is confronting an expanding and complex cyber threat landscape with a growing cast of malicious and unpredictable state and non-state cyber threat actors, from cybercriminals to hacktivists, that are targeting our critical infrastructure and endangering our national security. These cyber threat actors are evolving their tradecraft, adopting new technologies, and collaborating in an attempt to improve and amplify their malicious activities.

[English]

Canada’s state adversaries are becoming more aggressive in cyberspace. State-sponsored cyber operations against Canada and our allies almost certainly extend beyond espionage. State‑sponsored cyber-threat actors are almost certainly attempting to cause disruptive effects, such as denying service, deleting or leaking data and manipulating industrial control systems to support military objectives and/or information campaigns. We assess that our adversaries very likely consider civilian critical infrastructure to be a legitimate target for cyber sabotage in the event of a military conflict.

[Translation]

At the same time, cybercrime remains a persistent, widespread, and disruptive threat to individuals, organizations and all levels of government across Canada that is sustained by a thriving and resilient global cybercrime ecosystem.

[English]

In this year’s Main Estimates, CSE sought a total of $1.22 billion. In addition, through the Supplementary Estimates (A), CSE sought $370.1 million for a total of $1.59 billion, all of which contribute toward reaching the 2% of GDP in defence expenditures this year.

The Main Estimates include allocating $21 million to enhance foreign intelligence coverage of transnational organized crime and illegal drug supply chains, including combating fentanyl.

This funding was allocated to CSE to bolster the capacity to provide actionable intelligence to federal partners on foreign transnational criminal actors involved in the trafficking of fentanyl, other illicit drugs and their precursors to North America. This funding will also be used to bolster the cyberoperations aspect of its mandate to disrupt these illicit supply chains.

[Translation]

As announced last week by the Prime Minister, Canada will meet the NATO spending for investing 2% of GDP on defence this year. You will have heard from our colleagues at National Defence earlier this week that the Supplementary Estimates will provide both DND and CSE with investments for enhanced tools, capabilities and digital foundations, to support operations and help protect Government of Canada systems including our most top secret networks against the cyber threats I outlined earlier.

[English]

In support of defence, security and diplomatic goals, the $370.1 million sought through Supplementary Estimates (A) for CSE will strengthen and modernize our equipment and technology.

To continue toward a secure and sovereign Canada, investments in these digital foundations will expand our capabilities to keep Canada’s most sensitive information, communications and operations protected, communicate securely with our allies and enable emerging capabilities such as artificial intelligence to be used in real time to support decision makers at the most classified level.

These investments will further allow us to expand our capabilities toward timely access to sensitive, mission-critical information, maximizing technological advancements that we know are being used by our adversaries. They will also increase the diversification of technology and equipment used by the Five Eyes, helping to build both the interoperability and resilience among allies.

[Translation]

In conclusion, CSE continues to deliver its important mandate and investments detailed in these Estimates represent Canada’s commitment towards a hardened and modernized Top Secret ecosystem, in support of Canada’s defence security, diplomatic and economic goals.

[English]

The funding we are requesting through these Main Estimates is critical to the integral role that CSE and the Cyber Centre play in helping to protect Canada and Canadians against foreign threats, helping to ensure our nation’s security, stability and prosperity now and into the future.

[Translation]

Once again, thank you for the invitation to appear before the committee today and my colleagues and I look forward to answering any questions you may have.

The Chair: We will begin the question period with Senator Marshall.

[English]

Senator Marshall: Thank you for being here today. I am especially interested in your request for the $370 million in Supplementary Estimates (A). Could you tell us what the money is for? I have read some media articles, and I understand that there has been a contractor selected for artificial intelligence, a systems firm, I imagine. Could you tell us about the contract with regard to how they were selected, how the price was obtained and whether it’s a stand-alone contract or a multiyear contract? Will you give us background information there?

Ms. Xavier: Thank you, Mr. Chair, for the question.

As was stated, $370.1 million is being provided to us for this fiscal year with the intent to strengthen and modernize our equipment and technology.

In doing so, as you mentioned, an aspect of that will be linked to artificial intelligence but no contracts have been specifically signed related to this $370.1 million. The intent is that we will be able to, as I said, invest in a digital backbone that allows us to be able to ensure we are modernizing the one that already exists and leveraging, for the most part, existing standing offers.

Senator Marshall: Is there no contract with a supplier? You are saying that the $370 million is sitting there. Have you designated what it is to be used for? The impression I had from reading the media is that there has been a contract with an AI firm.

Ms. Xavier: There are contracts that might be let, including with artificial intelligence firms. In particular, this funding will be used for several contracts not just with one artificial intelligent firm. It’s important to note the majority of the funding allocated for CSE’s use is within existing contracts, not only to sign with an artificial intelligence firm but also to do more in our top secret classified space, which is a space we already run for the Government of Canada.

We’re expanding that and including the diversification of technology and equipment used in terms of being able to increase our interoperability domestically and internationally.

Senator Marshall: Is the $370 million going to one supplier, or is it broken down with regard to what it is going to be used for?

The sum of $370 million is a lot of money. Is there an itemized list of what the money is going to be used for, or is it a global amount?

Ms. Xavier: I will ask Samantha McDonald to add a few more details. Before I hand it over to Ms. McDonald, I will say that because we are an organization of national security, we do not itemize how we will spend the funds we receive in detail in public for reasons of national security.

Senator Marshall: I see.

Ms. Xavier: It will be a little difficult to give you the breakdown that you would —

Senator Marshall: But the numbers still —

Ms. Xavier: Correct. Ms. McDonald, is there anything you would like to add?

Samantha McDonald, Assistant Deputy Minister, Strategic Policy, Planning and Partnerships, Communications Security Establishment Canada: Maybe I can break down some of the pieces, but it will be at a high level.

Senator Marshall: It will be general, yes.

Ms. McDonald: As the chief has mentioned, some of the digital infrastructure that we use both in our organization and to interact with our colleagues at a top secret level across the Government of Canada requires us to always be looking at cybersecurity and the materials we use to do that in a protected and secure way.

Some of the funding will be used to continue to uplift that network in relation to the threats that we know and see as an organization and make sure that we are strengthening. As the chief has mentioned, some of that will be to ensure that network and our systems are ready to use.

Different types of emerging technologies are evolving. We know that AI has recently come online in a bigger way, and there are other technologies like that, so there may be contracts or different ways of doing that across the organization.

Then as the chief also mentioned, a part of our mandate is the information assurance part. This is the equipment we use both in Canada and across the Five Eyes, equipment and a process we use —

Senator Marshall: Is the $370 million for your organization alone, or are you linked up? You mentioned the Five Eyes. I know that Innovation, Science and Economic Development Canada is involved in artificial intelligence. Is this stand alone, or are you linked up with other governments or government departments? I just need a quick answer.

Ms. Xavier: We are linked up with other government departments. However, the $370.1 million is for Communications Security Establishment Canada’s use.

Senator Marshall: Thank you.

[Translation]

Senator Forest: Thank you for being with us. We understand the very nature of your activities, so we will try to stick to more general facts.

Can you give us an overview of the evolution of CSE’s workforce? Is it increasing or stable? Budgets are increasing now, but is there also an increase in staff?

Ms. Xavier, in an interview you gave, you confirmed that the shortage of cybersecurity experts is a widespread problem; in fact, the CBC article referred to it as a “personnel crisis.” Has the situation improved since that interview?

Ms. Xavier: Thank you for the question. Yes, we have seen a significant increase in our workforce. I am happy to say that, over the past two years, we have hired more than 800 people. The agency now has over 3,800 employees. We have no difficulty attracting talent, and we are very proud of that. Our organization has an extraordinary mandate and, because of our mandate, there are things we can do that others outside our agency cannot. In general, we receive between 10,000 and 15,000 resumes per year from people expressing an interest in our organization.

I am also happy to say that our attrition is about 3% for the fiscal year. This figure is quite low compared to other institutions and agencies. We are also proud of the fact that we have been named employer of choice for 10 consecutive years in the National Capital Region and employer of choice for young professionals. I believe we are doing things right and can be proud of that.

Senator Forest: The problem is that you can’t talk too much about it.

Ms. Xavier: If I may, I would add that we will be releasing our annual report next week, which will make as many details as possible public.

Senator Forest: Given the nature of your activities, one of the issues seems to be retention. Am I right?

Ms. Xavier: Of course, we never like to see people leave the agency. At the same time, it is good to have staff turnover, with people coming and going. As a technology agency, we like to stay at the forefront of new technologies. As I mentioned earlier, attrition for the agency is 3%, which is quite low, compared to 4% in the past. If we don’t count people who leave the agency to retire, it’s 2%. We are not doing badly. At the same time, we do experience staff losses, just like any other organization.

Senator Forest: According to Statistics Canada, losses attributable to cybercrime increased by 50% to $1.2 billion in 2023. We do not have the figures for 2024-25 yet. Can you explain your role with respect to other organizations, such as the RCMP, in the fight against cybercrime?

Ms. Xavier: As I said, the CSE is a technical leader and an authority on cybersecurity. That said, we cannot do everything on our own. We work very closely with colleagues in the security and intelligence community, including the RCMP. When it comes to cybersecurity, the RCMP focuses mainly on the criminal aspect and fraud. We focus on defence. We issue notices, advice and alerts. We work to make Canada and its critical infrastructure more cyber resilient. In conjunction with other colleagues, we produce a number of domestic and international publications so that as many people as possible can see the advice we give. Our guidelines and mandates are very clear in terms of ensuring that everyone has the same starting point. The RCMP is a police force; we are not.

The Chair: If I may, I would like to comment on the same subject. If I understand correctly, when you talk about the attrition rate, you are talking about the number of people who leave the agency or the centre.

Ms. Xavier: That is correct.

The Chair: You say that the rate is 3%, including retirees and 2% otherwise. That rate is extremely low. Is it not too low? It will take 50 years before everyone leaves, but I would imagine that a career lasts 25 years. Since the CSE is in the technology sector, you want to have the best people in the field. It seems to me that the rate is too low.

Ms. Xavier: I understand the question and the thinking. That is why I say that it is not seen as a bad thing when someone leaves. The CSE even encourages development and encourages people to try something else and come back. It does that within the government and with the private sector. While the rate seems low, I do not want to give you the impression that the agency doesn’t provide ongoing development and training, because we do, in cooperation with international partners and the private sector. We could not do what we do without them.

The Chair: You understood my concerns well, even though I did not express them that clearly.

Ms. Xavier: It was a good question. Thank you.

The Chair: I was concerned about the consequences of a low rate.

Senator Gignac: Welcome, witnesses. I looked through your annual report, and it’s very informative. I understand that you can’t go into too much detail for security reasons. I paused on one part in particular. Two years ago, some of my colleagues and I had the opportunity to visit the military and civilian infrastructure in the Canadian Arctic. We went to Inuvik, where there is a radar station that is unable to detect the missiles that Russia is using against Kyiv.

Could you talk about that a bit more? You were involved in the decision to modernize the radar station. I think it is Australia that is going to help us do that work. What can you tell us about that? According to media reports, the cost of carrying out the modernization, or at least identifying threats, is estimated at $6 billion.

Ms. Xavier: Thank you for the question. I am not a radar expert. Our agency works very closely with our counterparts and colleagues in the Canadian Forces on radar-related matters. Our expertise is in ensuring that data captured by radar remain secure. We are experts in signals intelligence and data security. We make sure that the data are also available in real time to those who need them. We provide the digital foundations, not the radar itself. I would not want to give you details on a topic I am not an expert on.

Senator Gignac: You mentioned a cyberincident that happened in 2022. You even came to the conclusion that you had to provide the Northwest Territories with equipment. That is no longer about an agency or a federal department; that is about providing equipment at the provincial and territorial level. Could you talk a bit about your relationships with the provinces? What is true for one will be true for the others. It could be Quebec or any other province. What are your relationships, and how can you properly provide equipment to all regions in Canada and ensure that they are on par with the federal government?

Ms. Xavier: I appreciate the question very much. We have an excellent relationship with the provinces and territories. We meet with them at least once a year, in addition to all the regular conversations we have with them. We invite the provinces and territories to talk to us and provide us with higher-level briefings so that they fully understand what the threats are.

As you said regarding the Northwest Territories, we were able to deploy our sensors to get a better idea of the threats that exist in the North, given the incident the Northwest Territories experienced. For us to do that work with the provinces and territories, they have to be open to those exchanges. We cannot impose anything on them. They have to ask us for help. We work with them so that they understand what the threats are and how to increase cyber resilience in each province and territory.

We maintain close ties with them, thanks to the work we do together and our ability to notify them of threats quickly, given our mandate. They are happy with our relationship, and the same is true for Indigenous communities. We even translated our publications into other languages to ensure that they understand the threats. Whenever possible, we work closely with local communities to raise awareness of cyber-threats.

We also work with our counterparts in the Canadian Security Intelligence Service, or CSIS, who are more involved in Canada’s national security. That cooperation enables us to work together to increase resilience in all areas of national security in all provinces, especially those in the North.

Senator Gignac: Okay.

[English]

Senator Pupatello: Can I understand exactly the area that you cover, because I understand that you are involved in surveillance where it is cyber-related. So electronic messaging, is that a good way to encapsulate the area you cover and protect?

Ms. Xavier: The way we like to describe ourselves is we call ourselves the “foreign intelligence collection agency.” Our space is very much focused in the foreign space. We are not allowed to target our apparatus toward Canadians or any individuals in Canada, so an important point to make there.

The other thing, we are code makers and code breakers. Basically, we do our part to go and find intelligence linked to the priorities that have been put in place by the Government of Canada via cabinet. They are the ones who decide what the priorities are and what the intelligence that matters to them for decision making is.

The collection of that foreign intelligence is very focused on those priorities, and in doing so, we do that in the foreign space.

In addition to that, we then are the information’s assurance team. So in trying to ensure that any information that the Government of Canada is collecting, for example, or any data we would want to remain in Canada is protected and shielded from cybersecurity.

Senator Pupatello: Can I ask you, from a hard-asset perspective, by way of example, in the north Baltic Sea area between England and France or Scandinavian countries, a ship managed to get in there and cut all of the fibre-optic cables. That seems to me to be fairly easy to do. These pirates got in there and caused all kinds of trouble, and of course, all this data was then either stolen or communication cut.

Do we have exposure like that anywhere around our country where there is a hard asset that could easily be damaged in that fashion?

Ms. Xavier: Mr. Chair, that question would be better directed at the Canadian Armed Forces and our Department of National Defence. Our domain is truly in the collection of data. Where my role would come in this example that was presented is potentially in the collection of foreign intelligence that would have identified that X adversary may have cut that. I would pass that information on to the necessary other partners to potentially act accordingly.

The other space that we are often able to be called in for, especially by a request for assistance. If, for example, the RCMP needed our assistance from a technical perspective, they could seek to ask us for our assistance. We would be operating under their mandate.

The other role we play and the other part of our mandate is what we call foreign cyber operations. In cyberspace, again, if I have sufficient intelligence or awareness, again linked to intelligence priorities, working with my colleagues at Global Affairs Canada, I might choose to do an active cyber operation linked to the priorities of national interest as well as economic interest to disrupt, perhaps, something that I’m seeing, again, in the cyberspace that potentially could be something that is targeted toward Canada or its allies. So it’s mainly in the cyberspace that I operate, not in the physical, tangible space, if that’s helpful.

Senator Pupatello: Based on that space you operate in, after an event has occurred, you would know that is a weak link.

Ms. Xavier: It’s fair to say it is possible that I might see it after, but it’s also possible I might see it before. Part of what we do when we are doing foreign intelligence collection is possibly looking for warnings in advance, so not only after. I might be able to warn somebody.

We do this, for example, in the cyberdefence perspective. We actually contact organizations where we give them what we call a pre-notification saying “X company, we have good indications to identify that you have a cyber possible incident that is happening” because we have seen it either in the foreign intelligence space or through a defence sensor that is letting us know that there is something — an anomaly — going on there. We have been able to prevent over 300 Canadian companies from being attacked by ransomware as a result of it.

Senator Pupatello: That’s good to know. Is that in that report coming up?

Ms. Xavier: It will be in the report. It was in last year’s, and it will be in this year’s as well.

Senator Pupatello: Just one more quick question. Is there anything you collect as far as data or work you do in prevention that is of use in a briefing to MPs, ministers or senators? Do you do those types of regular briefings besides the annual report?

Ms. Xavier: We do. And absolutely, a great deal of the information that we learn, both from our intelligence mandate as well as our cyber defence mandate, is extremely helpful in the publication that we put out, as well as for the briefings we have given to MPs, senators, politicians, anybody who will listen to us —

Senator Pupatello: Do you do that on request or do you hold quarterly briefings?

Ms. Xavier: We do it in a variety of ways. For example, leading up to the general election, we did those on a regular basis, because we wanted to make sure that various individuals were quite aware of what could be coming. But we also do them on request. But that’s also why we do the publications, because we try to do it using our social media channels as well as another feature. During the month of October, which is Cyber Security Awareness Month, we go out and do a proactive splash campaign to be able to reach various generations of people so that they are interested in cyber resilience.

[Translation]

Senator Moreau: I would like to note that Canada has entrusted its cybersecurity to women; that means we are safe. Congratulations on that. Thank you for being with us.

I fully understand the top-secret nature of your activities. When it comes to public finances, who knows what you are doing with the money entrusted to you, apart from your Chief Financial Officer, Julie Chassé? Who do you ultimately report to, or is the idea to have complete independence in discretion and the use of funds?

Ms. Xavier: As I said in my opening remarks, we report directly to the defence minister, and I’m accountable to him. We are also supported by an extensive system of review bodies, including the National Security and Intelligence Committee of Parliamentarians, or NSICOP, the National Security and Intelligence Review Agency, and the Intelligence Commissioner, who scrutinizes everything we do, especially when we request special authorization from the minister. Everything we do needs to be authorized by the minister and reviewed by the commissioner. We are audited by the Auditor General of Canada, but we also have our own internal auditor. My Chief Financial Officer ensures that expenditures are reported to the Comptroller General of Canada.

In other words, we are accountable to several authorities and need to act in accordance with the law.

Senator Moreau: I understand that this information may not be public, but does the Auditor General, for example, have access to all the funds you are allocated? Unlike some police forces, your organization doesn’t have a slush fund. Is that correct?

Ms. Xavier: I’m not sure I understand what you mean by “slush fund.”

Senator Moreau: I mean a fund that no one can examine. The overall amount is known, but there is no way of finding out what it will be used for.

Ms. Xavier: The fund’s overall amount is publicly known. I will now defer to my colleague.

Julie Chassé, Chief Financial Officer, Communications Security Establishment Canada: We have no slush fund. Anyone from the Office of the Auditor General of Canada with the proper security clearance has access to our information.

Senator Moreau: That person can ask any question about all the amounts spent?

Ms. Chassé: Exactly. We also have an internal audit committee, including external members, that has access to all information.

Senator Moreau: Great.

Governments in general have a very bad reputation when it comes to IT services. Examples around here include the federal Phoenix pay system and SAAQclic in Quebec. You are in the business of gathering sensitive information. How do you ensure that the systems available to you are reliable? I have some related sub-questions.

What do you do to make sure that the security-related data you collect remains confidential to avoid situations like Wikileaks?

What do you do about people who leave the CSEC? Senator Carignan said that very few people leave. Do you have to kill them to make sure the information they collect when working for you is kept secret?

How do you ensure the security chain for the information gathered?

Ms. Xavier: It’s important to know that all employees who join us, especially ones working in highly sensitive areas, need to have enhanced top secret clearance. This is referred to as an “enhanced top secret security clearance.” There is a very strict process to get that. Just the fact that someone wants to join us means that the person is already very committed.

Not to mention that the clearance is renewed every five years. If an employee’s circumstances change, they are required to proactively share that information. We do a lot of training and pay close attention to how our employees act.

If someone starts acting strangely, we take swift action. Our managers and supervisors are very well trained to know what they need to keep an eye on.

We look very closely at tendencies. We work very hard to build a culture of values, ethics and compliance with the law. That’s part of our values. Something else we put in place last year is a code of conduct that very clearly shows our expectations toward our employees.

I work with employees who are totally dedicated to what they do and are extremely passionate about it. That’s why we try to keep them very engaged, because we do highly creative, interesting things, and the projects they work on are unique.

Senator Moreau: How do you ensure that?

Ms. Xavier: Being part of an organization like ours, we are all very dedicated.

[English]

We’re all having to adhere to the Foreign Interference and Security of Information Act.

[Translation]

I think the act has a new name, so I might not be saying it right. If I quit my job, I need to follow the instructions.

[English]

I’m committed until death.

[Translation]

So yes, basically, they’d have to kill me.

We don’t take it lightly. When someone leaves, we remind them that they can’t repeat anything they’ve learned here or use it in any way. There are ex-employees who go on to write a book, for example, but they need to share its contents with us before it’s published.

We have a legal right to enforce the law, if necessary. We hope that people will continue to uphold Canadian patriotism and defence even after they leave.

[English]

Senator Galvez: I propose to change the subject. Communications Security Establishment Canada, or the CSE, must contribute to Federal Sustainable Development Strategy goals from 2023 up to 2026, specifically on Goal No. 10 and Goal No. 12 and, for me more important, Goal No. 13, “Take action on climate change and its impacts.”

Now, we know that Canada relies heavily on both domestic and international satellite systems to track crucial environmental indicators. Actually, 26 of the 52 essential parameters come from satellites. We know that Canada depends significantly on the National Oceanic and Atmospheric Administration, or NOAA, and other U.S.-operated satellite platforms for early-warning systems related to wildfire, floods and extreme weather. We need more and more security for our infrastructure.

In light of the cuts that the U.S. administration has done to NOAA, and in light of Minister Guilbeault telling us that the Canadians satellites that can do this job will only be ready in 2027 or before 2030, how much funding has been allocated for you to do this work? Can you provide the committee with a brief summary on your progress? How do you secure the information technology and the infrastructure to help us to do this job?

Ms. Xavier: Thank you for the question. Part of the question, unfortunately, is not within my mandate. Again, my mandate is very much focused on ensuring the protection of the data that the satellites might collect and ensuring that the infrastructure linked to Canadian infrastructure is cyberdefended and protected.

In terms of the satellite itself, it’s not something that we own. Again, this question might be better directed toward the Department of National Defence and the Canadian Armed Forces.

Senator Galvez: [Technical difficulties] — data that you collect?

Ms. Xavier: Yes. Again, in the collection of the data that we would collect from these satellites, if they’re coming into my systems, our priority is ensuring it will be made available in real time back to the users who will need access it to make decisions, either in the form of intelligence or potentially in this digital backbone that we’re going to be building with the investments that have been made in Supplementary Estimates (A).

As well, the other part is in continuing to work toward what we call building secure communications so that we can ensure that information we collect will remain sovereign. In that way, it can be properly shared, again with decision makers or other individuals who will need that data to make decisions on future investments or to make defence decisions.

We have supported low Earth orbit Lightspeed projects by providing, again, that high-assurance, cryptographic equipment. Our focus is totally on securing the communications rather than worrying about the direct satellite placement, if you see what I mean.

Senator Galvez: These security methods, are they relying on Canadian technology or American technology or European technology?

Ms. Xavier: It is fair to say that, right now, especially in the Five Eyes, we are all collectively reliant on various types of technologies. Part of our focus with the investment we receive will be on continuing to build out that sovereign element of the technology.

It’s not to say that we still might not rely on other partners for parts of the infrastructure, because we have to build up the defence industrial base here in the country to ensure we can also have Canadian producers of some of the products we may need. Having said that, many things that we have in Canada will continue to allow us to have sovereignty. But the piece we worry about the most is ensuring that the data, once collected, remains in sovereign, protected hands. That is what we help to do.

Senator Galvez: I’m curious. Do we use Elon Musk’s technology?

Ms. Xavier: I don’t know that I can answer that question to that level of detail. I’m sorry. Thank you.

Senator Galvez: Because it’s confidential?

Ms. Xavier: For national security reasons.

Senator Galvez: Thank you.

Senator Loffreda: Thank you for being here. This is very interesting. My question is on cyber-threat landscape and adaptability. Given the rapidly evolving global cyber-threat environment, including threats from state and non-state actors, how is CSE adapting its tools, training and intelligence-gathering strategies to respond in real time to new and emerging threats, particularly with the rise of generative AI and deep fake technologies?

Ms. Xavier: Thank you for the question. As you can imagine, Canada’s not immune to cyber-threats. This is why we put out national cyber-threat assessments every couple of years. We also put out threats of democratic processes every couple of years. We put out regular publications because of the threats we are seeing coming toward Canada.

It’s also because of all that we’re learning in the defence of Government of Canada systems that we can know the types of threats out there, combined with what we learn from the foreign intelligence collection that we have.

In the business of cyberdefence of Canada — in the Government of Canada systems, in particular — we already use artificial intelligence. We already use automation. We already use machine learning to defend that in an automated way. We could not do our jobs in the effective way we do in stopping billions of actions per day against Government of Canada systems without those automated systems.

Senator Loffreda: Billions of actions per day. Wow. Billions.

Ms. Xavier: Billions of actions per day are prevented because of the fact that we are seen as very interesting target when you think of data in the Government of Canada systems.

That’s in addition to the fact that many private sectors and critical infrastructure are also seeing cyber-threats. Which is why we work so hand-in-glove with partners like industry, academia and critical infrastructure in the form of governance communities where we share intelligence with them. We share threat pictures and do exchanges with them to better understand what their security domains are like. We learn a lot from them, as much as they learn from us — and we learn a lot in the defence of the Government of Canada systems. All of that gets fed back in, in an automated way, to continue to raise the resilience of our systems in the defence of Canada.

Senator Loffreda: Thank you. My next question would be on public trust and institutional confidence. Public trust is important in today’s day and age, especially with privacy concerns. CSE plays a critical role in safeguarding national security, but it operates largely behind closed doors, and rightfully so. You have to operate behind closed doors.

What efforts are being made to build public trust and institutional transparency without compromising operational security, which is so important, particularly as public concern about surveillance and data privacy grow?

Ms. Xavier: Thank you again for the question. The part that I think is worth re-emphasizing here is that, as an agency, we do not target Canadians nor any persons in Canada. Our apparatus in general is targeting foreign intelligence and foreign adversaries. With that itself, we hope that is already a foundational piece for building trust with Canadians.

The other part that helps us to build trust with Canadians are the publications we put out. We have a website called cyber.gc.ca, which is one that we take pride in because it really caters to the variety of individuals who are potentially interested in cybersecurity, from the expert in cybersecurity to the layman grandmother who may want to know what she needs to do to protect herself from anything on her mobile phone. This is where we take advantage of October as cyber month to be proactive in talking to various generations of people, so they know the things that they could do to be able to protect themselves.

The other thing is we do a lot in the outreach space. We work hard with communities, like the Indigenous communities, as I said earlier. We translate our publications in various languages, but we also do things with high schools and with various other groups to encourage — especially women in STEM — to not fear coming into the domain of cybersecurity or mathematics, because these are the types of talents we sometimes look for.

We try to make ourselves as available as we can in trying to lower the bar of entry into the domain of interest into cybersecurity. We recognize the importance of continuing to do our part to educate, to make sure that people understand the difference between misinformation and disinformation, and to become critical thinkers in how they are looking at information online. In doing that, we’re raising the whole of society’s resilience.

In February, the National Cyber Security Strategy was released by the Government of Canada where, again, a whole-of-society element is a very big part of what we’re all collectively working on to raise cyber resilience.

Senator Loffreda: Thank you.

[Translation]

Senator Dalphond: In your June 2024 annual report, you claim to prevent 6.6 billion potential attacks per day. That’s pretty impressive work.

In the same report, the minister at the time points out that in the 2024 budget, the government projected an additional $917 billion to CSEC over five years, so around $200 million per year. The estimates for 2024-25 are the same as for 2023-24, so it wasn’t yet reflected in the costs. This year, there will be an increase. Which part is new in terms of the announcement? The supplementary estimates show $370 million, but I assume that there was probably $200 million already budgeted for 2024. Which is the old part and which part was added?

Ms. Xavier: I will let my colleague answer. I might have something to add afterward.

Ms. Chassé: The $200 million difference between last year’s main estimates and this year’s is the result of decisions made for the 2024 budget. There is $131.2 million from the 2024 budget to augment intelligence and cyber operations.

As Ms. Xavier mentioned in her opening remarks, there is also $21 million related to border management, meaning border security and fentanyl control. I’d say that these are the two largest items contributing to the discrepancy of around $200 million.

Senator Dalphond: The budget is around $150 million more than for 2024?

Ms. Chassé: Thereabouts.

Senator Dalphond: Ms. Xavier, in the annual report, you indicate that CSEC has 3,529 full-time employees.

Earlier, you mentioned 3,800 employees, almost 300 more, and you also said you had recruited 800 people. According to my calculations, there are 500 employees missing. At first, you had 3,529 employees, and now you have 3,800. That’s an increase of 300 employees, yet you hired 800 people.

Ms. Xavier: Let me clarify. In 2025, we had already hired over 400 people the previous year, which is 800 people over the two fiscal years. Last year, when the report was published, we had around 3,500 employees. In the fiscal year, we hired 400 more people, which brings us to over 3,800 employees.

The exact number of employees at the end of this fiscal year, March 31, is 3,841 people. We are currently in a phase of continuing growth, and we have close to 4,000 employees. This year, we plan to hire around 400 more people.

I hope that clarifies things for you.

Senator Dalphond: I understand. The figure of 800 is for two fiscal years rather than one.

Ms. Xavier: Exactly.

Senator Dalphond: That brings the rate to 5%; I get it.

My colleague Senator Moreau referred to technology. The government has proved that it is not the best at managing the costs associated with new technologies. You work with extremely new technology. What guarantees that you can do better than the rest of the government?

Ms. Xavier: I would never say that anything is risk-free, and I can’t guarantee that we won’t make mistakes. Our organization is always in learning mode, and we try to learn from the way others implement technology in order to improve.

That said, I have a lot of very brilliant tech employees who are very creative, skilled and innovative. I’m confident, especially since we give advice to the government about the best ways to protect their systems and set them up so that they work as they should. We also have good project management experts who love a challenge. We will do our best.

I don’t want to give you the impression that we won’t learn anything. We are already learning from our international counterparts by looking at the way they put in place certain techniques. That helps us learn how to do things better on our side.

Senator Dalphond: How do you share this type of information with others? If Treasury Board audits you, they aren’t able to supervise the costs themselves.

I hope you can compare technologies with your international counterparts and see what they’re worth.

Ms. Xavier: Yes, in fact, we work closely with the Five Eyes, but we also learn from colleagues in France, for example, since we’re diversifying our international partners.

I can tell you that I work very closely with my counterparts at Treasury Board and at Shared Services Canada.

The three of us make sure we’re on the same page in terms of giving advice and implementing major upcoming projects.

The Chair: We had scheduled an hour with you, but you can see how interested and enthusiastic we are about this. We have time to continue and even go to a second round. Are you on a tight schedule?

Ms. Xavier: We do have other commitments. That said, I see the interest you have. If you don’t mind, I would recommend that we finish the first round and then be on our way.

The Chair: You’ll allow us another 15 or 20 minutes?

Ms. Xavier: Yes.

The Chair: Thank you.

[English]

Senator MacAdam: Thank you for being here. As part of the government’s new strategic approach to defence and security, the Prime Minister announced that the government would establish the Bureau of Research, Engineering and Advanced Leadership in Innovation and Science, or BOREALIS. This commitment was also outlined in the Liberal platform, which describes its purpose as ensuring:

. . . the Canadian Armed Forces and Communications Security Establishment have the made-in-Canada innovation solutions they need in areas such as AI, quantum computing, cybersecurity, and other advanced research and technology.

I wonder if you are able to provide more information on BOREALIS and how it will support your work. I understand that you cannot provide many details, but anything that you could provide would be useful.

Ms. Xavier: I will turn this question over to Ms. McDonald because as part of her duties. She also owns the Tutte Institute for Mathematics and Computing, which is our research and development institute.

Ms. McDonald: Thank you for the question. I will not speak directly to BOREALIS itself, but what I can say, as the chief mentioned, we do have our own research teams within CSE. The most well known is the Tutte Institute, which does a lot of the foundational math that is required to encrypt the code-breaking and code-making that our equipment requires, as does much across Canada. They also do a lot of data science work that then helps us be experts in the domain of artificial intelligence and other emerging technologies.

Those researchers are working both in classified spaces within our organization and then in unclassified spaces for those across the country. Then we are pulling that information and research and sharing it with our Five Eyes partners and other groups, such as the Canadian AI Safety Institute.

Through that work and through the work happening, as you would have heard in the announcement the Prime Minister made last week with the Defence Industrial Strategy, we know that much of what we need related to research and development, as well as to create industry in Canada, will require different partnerships.

Programs such as BOREALIS, as they unfold, we recognize will be very positive developments because we can’t do this by ourselves internal to government. We have learned a lot through our partnership work with others, and those challenges include having spaces across Canada to work in secure physical spaces, as well as having personnel going through security processes. We want to work and partner with researchers specifically in the defence and security intelligence space who are cleared and we know have Canada’s best interests at heart.

We also need to ensure that those institutions and individuals we are working with have cybersecurity protections on the system so that our intellectual property and economic prosperity in Canada are protected. As the Defence industrial base and BOREALIS are developed, we are excited to see those elements addressed so that we can further work with industry and academia in Canada.

Ms. Xavier: If you would permit, I would add that in the cybersecurity space especially, we are world class known for the technologies and expertise we bring. That is sovereign owned and sovereign created. Those will remain in the world-class space that we’re in.

Senator MacAdam: I want to revisit a question asked by Senator Marshall when your organization appeared before our committee on the Main Estimates last October. Her question was around critical infrastructure and the energy sector.

An official testified that your cyber centre is constantly engaging with the energy sector across all levels, that you share threat information in real time and that energy providers are a high priority for your organization. The Prime Minister’s mandate letter to ministers describes that Canada will need to build an enormous amount of new infrastructure at speeds not seen in generations, including to support Canada in becoming an energy superpower.

Can you outline how your funding will enable you to support this new growth and the system protecting the energy sector?

Ms. Xavier: Thank you for the question. To build on the comment you made, we already have great relationships with many sectors related to critical infrastructure, energy being one of those sectors. We regularly meet with energy sector experts, both with what we call their chief information security officers as well as their chief executive officers, in a way to ensure that they have a good understanding of the cyber-threats. We meet with them in a way that we can also share with them classified material because some of them have been security cleared. We do that in a way that enables us to go both ways.

The other thing with the launch of the National Cyber Security Strategy, We are also launching what we call the Canadian Cyber Defence Collective, or CCDC. That will permit the ability to have this governance that brings in various sectors of importance, like the energy sector but not only the energy sector. It is a governance we are going to be able to co-chair with Public Safety because Public Safety is the policy arm when it comes to cybersecurity, while we’re the operational arm. We are jointly working with these various sectors and continuing to raise their cyber understanding and cyber resilience.

Many of them are what we call subscribers to our services, where they get automatic alerts on anything that we know with regard to cyber that we can share. We have ways in which we can communicate with them at a higher security level, so there are a myriad of ways we are able to connect with partners.

We have been working hard since the creation of the cyber centre, and even before, which is now over six years old, where we have been building these partnerships. This past year, to the point you made around the Mains Estimates of last year, we had made a conscious effort. We saw, based on the learnings from the war in Ukraine, how the energy sector, in particular, was being targeted. To be able to continue to have Canada ready and resilient, we wanted to ensure we were really targeting that sector.

Senator Kingston: Building on Senator MacAdam’s question, the Communications Security Establishment’s annual report from 2023-24 states that CSE works with other federal partners, and you have spoken about them throughout this hour or so — CSIS, the RCMP and Global Affairs Canada — on several files. I would like to ask a couple of questions.

Is the intelligence you gather shared with your federal partners, those I mentioned? In what form is the information provided by CSE integrated in the screening program or screening report from partner organizations to other organizations, such as Immigration, Refugees and Citizenship Canada? That is an extra organization. How do you interact? What do you provide to them?

Ms. Xavier: As mentioned, as the foreign signals intelligence organization for Canada, the intelligence we provide — its intent linked to the intelligence priorities provided by the Government of Canada — is to permit decision makers to make decisions. All the partners that you mentioned have access to intelligence either in an electronic way or via the use of what we call our client relationship officers, where they are physically brought intelligence, and that intelligence is taken back so we can track where it has gone, for example.

Most of those partners, especially CSIS, the RCMP and Global Affairs, are able to access the intelligence by electronic means because that is how we ensure that our intelligence gets to decision makers in a timely way. That includes the Department of Immigration, Refugees and Citizenship Canada. We are not specifically sending them intelligence that says, “Use this intelligence for X applicant.” How they use the intelligence is a better question directed to them.

Having said that, for a person to access the intelligence they access from us, they have to have the necessary clearance and the “need to know” to access that intelligence. Those are the principles that frame how intelligence is disseminated: that individual has the necessary indoctrinations, classification, security screening as well as the need to know to be able to make that decision.

Senator Kingston: The “need to know” brings me back to an extra question I have. We were talking about how you ensure that all your thousands of employees are remaining secretive about the work they do.

You must have levels within your organization. I worked in health care, and very often we used information on a need-to-know basis. Can you describe the layers you have in your organization in that way?

Ms. Xavier: That is exactly right. The majority of our employees come in with what we call an enhanced top secret. In coming in with an enhanced top secret, to a fundamental level you may have access to a certain level of documents that allow you to read intelligence at that classification. But even being able to have access to that intelligence has to be because it is something you require to do your duties or a part of your job. You cannot just have access to it because you have a classification that is a top secret clearance.

Under that we have various other subcategories. One can have what we call gamma or more compartmentalized versions of access of intelligence. Every level requires you to be indoctrinated. With that, we document all of that indoctrination to know whether someone should continue to have that indoctrination. If I were to leave a particular section of my area within my agency that no longer requires me to have a particular indoctrination, you are de-indoctrinated and no longer have access, despite the fact that you may still be an employee of the agency.

The way we take care of how we classify our data, our intelligence, to begin with, and then who has access, is something that we have care and rigour with because we are protecting Canada’s intelligence, but also the intelligence of partners who entrust us to ensure that we classify and protect that information effectively. Ultimately, when I am impacting that, I am impacting many others.

Senator Kingston: Do you audit that? Do you not watch your employees but do random checks to ensure people are working on a need-to-know basis?

Ms. Xavier: Yes. We are a highly digital organization and have automated systems that help us to understand the logging of whom has access to what.

For example, when an investigation occurs, we clearly know who had access or who even printed a document. It is to that level of detail.

Yes, a part of the job is we have compliance individuals who do exactly that and confirm whether the right people had access for whatever information they had access to.

[Translation]

The Chair: You mentioned recruitment. Your field could be very attractive to young people, since you deal with matters related to the nation, defence, security and patriotism. You’re an employer of choice, and young people are drawn to that.

I know the salaries, and some of them are more than what the Prime Minister of Canada makes. A young person of 32, for example, would find that appealing.

Is there anything in your pay scales or classifications that would allow you to go after these young people and offer them salaries that are competitive with other organizations?

It’s one thing to get 10,000 résumés per year, but they won’t all be top-notch, even though we have a very good rating system. Do you use headhunters to identify the whiz kids and approach them before they come knocking?

Ms. Xavier: Thank you for the question. Yes, there are many people who show interest and join us directly, but we also reach out to them. Last year, we made over 100 recruitment efforts across the country. When we look for employees, we don’t just stay within the national capital region. Of course, when someone joins our ranks, we’re not able to pay them exactly what the private sector offers. However, I can tell you that our organization’s work and its mission, the patriotism you mentioned and the fact that we can do really interesting things that would be technically illegal anywhere else are all major draws. We apply strict rules when recruiting talent. We test them to make sure they have the required skills. After they are recruited and come to work with us, they develop their talent.

The fear I sometimes have as chief is losing them to other organizations. They’re so happy with the way we help them develop their talent that we lose them, because they’ll be better paid elsewhere. Most of our employees are very passionate. They understand the mission. They want to deliver on that mission for Canada and Canadians. That’s why we continually remind them why we are here and what Canada’s mission is.

We work very hard to give them a welcoming environment and give them room for creativity. That gives them a chance to do unique things that they can’t do in other systems outside the government. In terms of salary, we are a separate employer with an allocation beyond what a regular department can offer. That’s another draw. Even with that, we can offer slightly more than what a regular government employee is paid, but not as much as Google or Microsoft can offer them. However, our employees are proud to work with us.

The Chair: I imagine you have contracts with large companies that provide cybersecurity, for example. I won’t name them, since I understand that might be classified information. I imagine that there are non-disclosure clauses for your staff?

Ms. Xavier: Absolutely. We have non-disclosure provisions in our contracts. That said, we don’t have a ton of contracts with consultants to do the same type of work that we do. We’re the experts. That’s why it’s sometimes the opposite: They recruit us to fulfill their needs. We work closely with a lot of industries. We try to be complementary. Part of the CSEC’s mission and vision is to stay within our field, one in which no one else should or could work. That’s one way of distinguishing ourselves from the private sector.

The Chair: Thank you.

[English]

I forgot Senator Pate. Sorry, senator.

Senator Pate: I have two questions. First, it was revealed earlier this year that CSE’s Canadian Centre for Cyber Security was defrauded by nearly $330,000 as part of an IT overbilling fraud campaign.

In your 2023-24 annual report, the CSE noted that it has implemented a new cybersecurity certification required for all defence procurement contractors, and in the supplementary estimates it indicates that you are seeking $370 million as a part of a $550 million horizontal initiative with the Department of National Defence. The funds are needed, it says, for digital tools and capabilities.

I’m curious about two things. What changes have you made to your contracting processes in response to the fraud campaign, and how much of the funds proposed for this initiative will go to contractors?

My second question is: In the 2022 Auditor General’s report on cyber crime, it concluded that our response to rising cyber crime was hindered by the siloed and disconnected approach of departments and agencies, and I note that Canada lags behind on dealing with money laundering and other cyber crime.

Given the rise of the threat of U.S. issues, I mean, much of what has been happening from the U.S. historically as well, are there new changes that have been made there to address that siloed approach?

Ms. Xavier: On the situation with regard to contracting, as my colleague said earlier, we do have in place what we call a contract review committee.

One of the big things that I have been focused on, going into year three since I have been chief in this role, is trying to add more controls and being able to ensure that when we are putting in contracts that we are being more rigorous in the follow-up.

We don’t have a whole lot of contracts in place so there is no reason, to the point that you’re making, to ensure that we are addressing that in an effective manner.

I won’t go into details of exactly how the $270.1 million will be used and what number of possible contractors might make part of that. I can assure you we will have rigorous contracting mechanisms in place because of the learnings of this fraud element that was caught by the OAG.

I will hand it over to my colleague Ms. Chassé here who might have more to add, because that falls directly in her responsibility.

Ms. Chassé: In terms of fraudulent billings, we are collaborating with PSPC who, in turn, has referred that situation to the RCMP. We are actively involved in supporting the investigation over fraudulent billing. We take those matters very seriously and are fully collaborating with our federal partners.

Senator Pate: In terms of money laundering and cyber crime?

Ms. Xavier: In terms of money laundering or anything else we see in what we call the cryptocurrency space, that is very much a space we worry about when it comes to fraud or cybersecurity. Working hand-in-glove, particularly with our RCMP colleagues, that is very much an area we are going to continue to strengthen and manage more effectively.

I would say the other opportunity we have, especially in the cryptocurrency space, because it occurs in the cyber realm, is being able to eventually use some of our foreign cyber operations to disrupt what we see as fraudulent behaviour, or networks that may be taking advantage of Canadian systems or vulnerabilities which may exist.

In keeping it the way we work with critical infrastructure, working with the finance sector to continue to raise that cyber resilience, to make sure the necessary protections are in place from a cybersecurity perspective. But, in addition, from the signals from our foreign intelligence collection, ensuring what we can do in either disrupting what could be networks that could be impacting Canada, and doing that hand-in-glove with our RCMP colleagues. That is definitely an area, as well as working with our FINTRAC partner.

Senator Pate: It is not clear to me how much of the money you have allocated in the Main Estimates will go to this work.

Ms. Xavier: Because foreign intelligence is part of our bread and butter, at the core of our business, it is becoming an ongoing priority for the government of Canada and will be part of our Mains Estimates. It wouldn’t be allocated a separate line item in the budget, it would be a part of what we do in the federal intelligence collection and in the domain of our cyber security mandate already.

Senator Pate: If there’s any details you can provide, I’m asking, in part, because we lag far behind even the U.S. in documenting money laundering, particularly through our main banks.

Ms. Xavier: This is where this question would be better directed to FINTRAC and the RCMP. Ultimately, we work with them, in partnership, from the foreign intelligence lens and the cyber security defence. In terms of understanding where we rank, they would be better to explain that than we would in our lane, but I will take that back for them.

[Translation]

The Chair: Thank you for being here and providing clear, direct and precise answers. I’m impressed. We realize how important it is to have chiefs at the table. The answers we get are less hesitant, to put it kindly.

(The committee continued in camera.)