A group representing key Canadian businesses wants legislative changes that would allow Canada's spy agency to share threat intelligence with companies to help them take timely protective measures.

The Business Council of Canada is also urging the federal government to borrow a U.S. idea and create a new body that would ensure the intelligence is securely and broadly shared across the Canadian economy.

Business council president and CEO Goldy Hyder argues for the new approach in a submission to a federal consultation on possible changes to the legislation governing the Canadian Security Intelligence Service.

The government says the CSIS Act does not provide the spy service with sufficient authority to disclose classified intelligence to provinces, territories, Indigenous governments or municipalities.

It says the prohibitions on disclosure also limit how CSIS can share relevant information with private sector and academic institutions.

Proposed revisions would allow CSIS to share information on threats to the security of Canada beyond the federal sphere, with the aim of increasing awareness and resiliency.

The idea may be gaining support in government and business circles, but it is also stirring concern among civil libertarians who fear inappropriate disclosure of sensitive information about people under CSIS scrutiny.

The government says any broader authority for CSIS to disclose information would be accompanied by measures to safeguard privacy protections.

In his letter to Public Safety Minister Dominic LeBlanc, Hyder says council members increasingly find themselves in the crosshairs of malicious actors seeking to undermine Canadian livelihoods through sabotage of critical infrastructure, disruption of vital supply chains or theft of proprietary information. 

"The nefarious methods employed by these actors are wide-ranging, from the use of foreign intelligence officers and corporate insiders to state-affiliated hackers and seemingly benign joint ventures," says the letter, which the council shared with The Canadian Press.

The consequences are diminished economic growth and competitiveness, leading to the loss of well-paying jobs, foregone tax revenues and weakened competitive advantage in advanced industries, adds the council, composed of chief executives and entrepreneurs of leading Canadian enterprises.

"Government-produced threat intelligence is of increasing value to companies combating malicious actors," says the letter.

Hyder notes that CSIS can share information in specific circumstances, under its threat reduction mandate, to alert a targeted company about a security event.

"This means of communication — a legislative workaround not designed for sharing threat intelligence with the private sector — is deeply flawed," the letter says. "The restrictive nature of the regime means that these authorities are rarely used."

In addition, such an alert arrives only after a threat has materialized, it adds.

"With new threat intelligence sharing authorities, CSIS could communicate more specific and tangible information with Canadian companies," Hyder writes. "This would give business leaders a clearer understanding of the threat's nature, as well as the protective measures that could be taken to better safeguard their employees, customers, and the communities in which they operate."

Hyder contends it would also help CSIS build greater trust with the private sector, and encourage business leaders to share more with the government about the threats they are seeing.

The business council calls for creation of a formal threat intelligence exchange akin to the U.S. government's Domestic Security Alliance Council, a partnership between 700 strategically important American corporations, the Federal Bureau of Investigation and the Department of Homeland Security.

The business council says member companies in the U.S. alliance benefit from direct engagement with senior FBI and DHS leaders, tailored threat intelligence from these agencies and access to a members-only network where private-sector and government officials collaborate, resolve problems, and exchange best practices. 

CSIS, Public Safety Canada, and the Canadian private sector are well placed to build and operate a similar threat intelligence exchange, the business council says.

There is value in ensuring security threats are addressed promptly rather than in a reactive way, said Tim McSorley, national co-ordinator of the Ottawa-based International Civil Liberties Monitoring Group, which brings together unions, professional associations, faith groups, environmental organizations and human rights advocates.

"There needs to be a broader debate about this," McSorley said.

However, the group is not persuaded that allowing access to classified information in private briefings "is the best way to go."

Indigenous and environmental activists have come under the lens of security agencies while organizing to protecting natural spaces and treaty rights, McSorley said. As a result, allowing CSIS to share information with the private sector could lead to more such targeting of communities that have legitimate concerns.

In addition, he said, some intelligence about alleged terrorists has turned out to be wrong over the years — more in service of security agencies' concerns than the goal of "protecting the rights of Canadians and ensuring their safety."

This report by The Canadian Press was first published Jan. 19, 2024.


Microsoft says exec email breached in

Russia-backed hack


Agence France-Presse
January 20, 2024

Hacker over a screen with binary code. (Shutterstock)

Hackers linked to Russia's intelligence service broke into email accounts of senior Microsoft executives, according to a regulatory filing available Friday.

Microsoft identified the cyber attacker as a group referred to as "Midnight Blizzard," which it said has been connected to Russia's Foreign Intelligence Service by US and British governments.

"This threat actor is known to primarily target governments, diplomatic entities, non-government organizations, and IT service providers primarily in the US and Europe," Microsoft said in a blog post in August last year detailing an earlier cyberattack.

"Their focus is to collect intelligence through longstanding and dedicated espionage of foreign interests."

Activity by Midnight Blizzard, also known as "Nobelium", has been traced to early 2018, according to Microsoft.

Microsoft's security team detected the latest attack on January 12, triggering defenses that blocked further access by the hackers, the company said.

The attack began in November of last year, with the hackers trying a password on an array of accounts and getting it right on an old test account, according to Microsoft.

The hackers then used that "foothold" to access some Microsoft corporate email accounts including those of senior leaders and security team members, taking emails and attached documents.

"The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself," Microsoft said.

There was no evidence the hackers accessed customer accounts, production systems, source code, or artificial intelligence software at Microsoft, according to the company.

"Given the reality of threat actors that are resourced and funded by nation states, we are shifting the balance we need to strike between security and business risk," Microsoft said.

"We will act immediately to apply our current security standards to Microsoft-owned legacy systems and internal business processes, even when these changes might cause disruption to existing business processes."