Spy agency meets regularly with energy firms, says its foreign intelligence follows Canadian law

By Jason Fekete, Postmedia News October 9, 2013

OTTAWA — The chief of Communications Security Establishment Canada, the agency behind alleged industrial espionage against Brazil, insists all of its activities are legal, as details emerged Wednesday that CSEC had participated in private meetings between Canadian security agencies and energy companies.

Canadian Energy corporations acknowledged Wednesday they do, indeed, meet with security officials from CSEC and other departments, but said these are only to identify security threats and find ways to develop counter-measures to protect their operations.

Citing documents obtained under access to information laws, The Guardian newspaper in London reports federal government ministries, spy agencies — including CSEC — the RCMP and representatives from several energy companies, who were granted high-level security clearance, have met twice a year since 2005.

The federal meetings with energy industry officials were to discuss “threats” to energy infrastructure and “challenges to energy projects from environmental groups,” as well as “cyber-security initiatives and “economic and corporate espionage.”

The heavily redacted documents do not indicate that any international spying intelligence was shared by CSEC officials at the “off the record” meetings, according to the newspaper.

The most recent meeting of officials was in May 2013 to discuss “security of energy resources development.” The meeting included meals sponsored by Canadian pipeline company Enbridge, The Guardian reports.

CSEC chief John Forster, speaking Wednesday at a government technology conference in Ottawa, said “everything (CSEC) does in terms of its foreign intelligence mandate follows Canadian law,” and that it does not target Canadians at home or abroad.

Earlier this week, Brazil’s Globo Television — based on documents leaked by former U.S. National Security Agency contractor Edward Snowden — said CSEC targeted the metadata of phone calls and emails to and from the Brazilian ministry of mines and energy.

Metadata is information that can identify whom individuals are contacting, when and from where, in an effort to discover patterns of communication, but does not include the content of those communications.

The report infuriated the Brazilian government, and Prime Minister Stephen Harper has said he is “very concerned” about it.

Forster acknowledged Canadian security agencies meet with the Canadian private sector on cyber-security trends and help protect what the government deems critical infrastructure.

CSEC has its own cyber-threat evaluation centre, which then shares information with government departments such as Public Safety Canada. That information is shared with the private sector to protect critical infrastructure, he said.

Forster said CSEC, which collects signals intelligence from phone calls and emails, leverages information from the “Five Eyes” partnership of intelligence agencies from Canada, the United States, United Kingdom, Australia and New Zealand.

The agency also works with industry to make communications networks more secure for when they are considered for government use, he added.

“We actively share information on evolving cyber-threats and tap into that vast pool of knowledge and then help make it available to you,” he said.

Officials from the energy and utilities industry meet fairly regularly with federal agencies and departments to discuss cyber-security and critical infrastructure such as pipelines.

A spokesman for Enbridge said the company and others in the energy and utilities sector, at the request of Natural Resources Canada, typically pay for a portion of receptions, meals and coffee breaks associated with security briefings provided to industry officials.

The latest meeting this year was on May 23 at Canadian Security Intelligence Service headquarters in Ottawa, although Enbridge officials were unable to attend.

“The purpose of the briefings is to provide a timely and relevant summary of current security issues that may have an impact on Canada’s critical infrastructure,” said Enbridge spokesman Graham White.

“The information discussed is intended to make the energy and utilities industries aware of potential security threats and enable industry to make informed decisions regarding the implementation of appropriate security threat mitigation countermeasures, in an effort to protect critical Canadian energy and utility operations.”

The Prime Minister’s Office directed media calls on Wednesday to Public Safety Canada, which said federal security agencies began meeting with Canadian companies following the Sept. 11, 2001 terrorist attacks.

“We do not comment on operational matters of national security. However, it is standard practice for security agencies to discuss issues with Canadian industry in order to protect lives and sensitive infrastructure from terrorism and other threats,” Public Safety spokesman Jean Paul Duval said in an email.

Along with its role as one of Canada’s spy agencies, CSEC is responsible for protecting government information systems from cyber-threats.

Speaking about the Brazilian reports, NDP Leader Tom Mulcair said “the evidence is quite clear” that CSEC is complicit in industrial espionage.

“It’s totally unacceptable,” Mulcair told reporters Wednesday. “We’re talking about the type of behaviour that we reproach other countries, often countries that have no rule of law.”

Canada’s auditor general, in his fall 2012 report, highlighted how federal departments lost track of $980 million in approved spending that was meant for cyber-security over the previous decade.  Also, there were not any benchmarks to determine whether the money spent was having its intended effect.

A section of the auditor general’s chapter on cyber-security was on “partnering to protect critical infrastructure,” and explains how federal departments and agencies work with the private sector to protect operations from cyber-threats.

“Significant numbers of stakeholders are involved. Federal government departments, provinces, territories, the private sector and international partners all need to agree on how to protect Canada’s critical infrastructure,” the report noted.

“We found that the energy and utilities sector network, managed through Natural Resources Canada, meets regularly and has active participation from all stakeholders.”

[email protected]

Twitter.com/jasonfekete

© Copyright (c) Postmedia News
white