Government of Canada / Gouvernement du Canada
Symbol of the Government of Canada

Search

Communications Security Establishment Act (S.C. 2019, c. 13, s. 76)

Act current to 2020-10-21 and last amended on 2019-08-01. Previous Versions

Communications Security Establishment (continued)

Human Resources

Marginal note:Personnel

  •  (1) The Chief has exclusive authority to

    • (a) appoint or lay off the Establishment’s employees, revoke their appointment or terminate their employment; and

    • (b) establish standards, procedures and processes governing staffing, including governing the appointment of employees, lay-off of employees, revocation of their appointment or termination of their employment otherwise than for cause.

  • Marginal note:Right of employer

    (2) Nothing in the Federal Public Sector Labour Relations Act is to be construed so as to affect the right or authority of the Chief to deal with the matters referred to in subsection (1).

Marginal note:Powers of the Chief

 In exercising his or her authority under subsection 12(1), the Chief may

  • (a) determine the human resources requirements of the Establishment and provide for the allocation and effective utilization of human resources in the Establishment;

  • (b) provide for the classification of positions and of the Establishment’s employees;

  • (c) after consultation with the President of the Treasury Board, determine and regulate the pay to which the Establishment’s employees are entitled for services rendered, their hours of work and their leave and any related matters;

  • (d) after consultation with the President of the Treasury Board, determine and regulate the payments that may be made to the Establishment’s employees by way of reimbursement for travel or other expenses and by way of allowances in respect of expenses and conditions arising out of their employment;

  • (e) determine the learning, training and development requirements of the Establishment’s employees and fix the terms on which the learning, training and development may be carried out;

  • (f) provide for the awards that may be made to the Establishment’s employees for outstanding performance of their duties, for other meritorious achievement in relation to their duties or for inventions or practical suggestions for improvements;

  • (g) establish standards of discipline and set penalties, including termination of employment, suspension, demotion to a position at a lower maximum rate of pay and financial penalties;

  • (h) provide for the termination of employment, or the demotion to a position at a lower maximum rate of pay, of the Establishment’s employees for reasons other than breaches of discipline or misconduct;

  • (i) establish policies respecting the exercise of the powers granted by this section; and

  • (j) provide for any other matters, including terms and conditions of employment not otherwise specifically provided for in this section, that the Chief considers necessary for effective human resources management in the Establishment.

Marginal note:Negotiation of collective agreements

 Before entering into collective bargaining with the bargaining agent for a bargaining unit composed of Establishment employees, the Chief must have the Establishment’s negotiating mandate approved by the President of the Treasury Board.

Mandate

Marginal note:Mandate

  •  (1) The Establishment is the national signals intelligence agency for foreign intelligence and the technical authority for cybersecurity and information assurance.

  • Marginal note:Aspects of the mandate

    (2) The Establishment’s mandate has five aspects: foreign intelligence, cybersecurity and information assurance, defensive cyber operations, active cyber operations and technical and operational assistance.

Marginal note:Foreign intelligence

 The foreign intelligence aspect of the Establishment’s mandate is to acquire, covertly or otherwise, information from or through the global information infrastructure, including by engaging or interacting with foreign entities located outside Canada or by using any other method of acquiring information, and to use, analyse and disseminate the information for the purpose of providing foreign intelligence, in accordance with the Government of Canada’s intelligence priorities.

Marginal note:Cybersecurity and information assurance

 The cybersecurity and information assurance aspect of the Establishment’s mandate is to

  • (a) provide advice, guidance and services to help protect

    • (i) federal institutions’ electronic information and information infrastructures, and

    • (ii) electronic information and information infrastructures designated under subsection 21(1) as being of importance to the Government of Canada; and

  • (b) acquire, use and analyse information from the global information infrastructure or from other sources in order to provide such advice, guidance and services.

Marginal note:Defensive cyber operations

 The defensive cyber operations aspect of the Establishment’s mandate is to carry out activities on or through the global information infrastructure to help protect

  • (a) federal institutions’ electronic information and information infrastructures; and

  • (b) electronic information and information infrastructures designated under subsection 21(1) as being of importance to the Government of Canada.

Marginal note:Active cyber operations

 The active cyber operations aspect of the Establishment’s mandate is to carry out activities on or through the global information infrastructure to degrade, disrupt, influence, respond to or interfere with the capabilities, intentions or activities of a foreign individual, state, organization or terrorist group as they relate to international affairs, defence or security.

Marginal note:Technical and operational assistance

 The technical and operational assistance aspect of the Establishment’s mandate is to provide technical and operational assistance to federal law enforcement and security agencies, the Canadian Forces and the Department of National Defence.

Marginal note:Designation

  •  (1) The Minister may, by order, designate any electronic information, any information infrastructures or any class of electronic information or information infrastructures as electronic information or information infrastructures — as the case may be — of importance to the Government of Canada.

  • Marginal note:Statutory Instruments Act

    (2) An order made under subsection (1) is not a statutory instrument within the meaning of the Statutory Instruments Act.

Activities

Marginal note:No activities — Canadians and persons in Canada

  •  (1) Activities carried out by the Establishment in furtherance of the foreign intelligence, cybersecurity and information assurance, defensive cyber operations or active cyber operations aspects of its mandate must not be directed at a Canadian or at any person in Canada and must not infringe the Canadian Charter of Rights and Freedoms.

  • Marginal note:No activities — global information infrastructure in Canada or without authorization

    (2) Activities carried out by the Establishment in furtherance of the defensive cyber operations or active cyber operations aspects of its mandate

    • (a) must not be directed at any portion of the global information infrastructure that is in Canada; and

    • (b) must not be carried out except under an authorization issued under subsection 29(1) or 30(1).

  • Marginal note:Contravention of other Acts — foreign intelligence

    (3) Activities carried out by the Establishment in furtherance of the foreign intelligence aspect of its mandate must not contravene any other Act of Parliament — or involve the acquisition by the Establishment of information from or through the global information infrastructure that interferes with the reasonable expectation of privacy of a Canadian or a person in Canada — unless they are carried out under an authorization issued under subsection 26(1) or 40(1).

  • Marginal note:Contravention of other Acts — cybersecurity and information assurance

    (4) Activities carried out by the Establishment in furtherance of the cybersecurity and information assurance aspect of its mandate must not contravene any other Act of Parliament — or involve the acquisition by the Establishment of information from the global information infrastructure that interferes with the reasonable expectation of privacy of a Canadian or a person in Canada — unless they are carried out under an authorization issued under subsection 27(1) or (2) or 40(1).

Marginal note:Establishment’s activities

  •  (1) Despite subsections 22(1) and (2), the Establishment may carry out any of the following activities in furtherance of its mandate:

    • (a) acquiring, using, analysing, retaining or disclosing publicly available information;

    • (b) acquiring, using, analysing, retaining or disclosing infrastructure information for the purpose of research and development, for the purpose of testing systems or conducting cybersecurity and information assurance activities on the infrastructure from which the information was acquired; and

    • (c) testing or evaluating products, software and systems, including testing or evaluating them for vulnerabilities.

  • Marginal note:Investment Canada Act

    (2) Despite subsection 22(1), in furtherance of its mandate the Establishment may analyse information for the purpose of providing advice to the Minister of Public Safety and Emergency Preparedness and to the Minister responsible for the administration of the Investment Canada Act with regard to that latter Minister’s powers and duties under Part IV.1 of that Act.

  • Marginal note:Cybersecurity and information assurance

    (3) Despite subsection 22(1), the Establishment may carry out any of the following activities in furtherance of the cybersecurity and information assurance aspect of its mandate:

    • (a) carrying out activities on information infrastructures to identify or isolate malicious software, prevent malicious software from harming those information infrastructures or mitigate any harm that malicious software causes to them; and

    • (b) analysing information in order to be able to provide advice on the integrity of supply chains and on the trustworthiness of telecommunications, equipment and services.

  • Marginal note:Information acquired incidentally

    (4) The Establishment may acquire information relating to a Canadian or a person in Canada incidentally in the course of carrying out activities under an authorization issued under subsection 26(1), 27(1) or (2) or 40(1).

  • Marginal note:Definitions

    (5) The following definitions apply in this section.

    incidentally

    incidentally, with respect to the acquisition of information, means that the information acquired was not itself deliberately sought and that the information-acquisition activity was not directed at the Canadian or person in Canada. (incidemment)

    infrastructure information

    infrastructure information means information relating to

    • (a) any functional component, physical or logical, of the global information infrastructure; or

    • (b) events that occur during the interaction between two or more devices that provide services on a network — not including end-point devices that are linked to individual users — or between an individual and a machine, if the interaction is about only a functional component of the global information infrastructure.

    It does not include information that could be linked to an identifiable person. (information sur l’infrastructure)

 
Date modified: