About CSE and the Canadian Centre for Cyber Security
The Communications Security Establishment (CSE) is Canada’s national cryptologic agency, responsible for providing advice and guidance on all aspects of cyber security to Government of Canada departments and agencies. On October 1st, 2018, the Canadian Centre for Cyber Security was established, consolidating cyber security operational expertise from across Government under CSE. The Cyber Centre works with private sector owners and operators of information infrastructures of importance to the government to enhance their capacity to withstand and mitigate cyber threats.
Protecting critical infrastructure: The Security Review Program for 3G/4G/LTE
Protecting telecommunications equipment and services from cyber threats is extremely important, as it is the backbone for how Canadians communicate, work and live online. In the context of current 3G/4G/LTE networks, a Canadian Security Review Program is in place to mitigate the cyber security risks.
CSE and its partners at Public Safety Canada, Innovation, Science, and Economic Development and the Canadian Security Telecommunications Advisory Committee actively engage with Canadian Telecommunications Service Providers (TSPs) and equipment vendors to help ensure the security of today’s existing Canadian critical telecommunications infrastructure.
The program has been in place since 2013, and has helped mitigate risks stemming from designated equipment and services under consideration for use in Canadian 3G/4G/LTE telecommunications networks, including Huawei. To date, this program has led to:
- excluding designated equipment in sensitive areas of Canadian networks;
- mandatory assurance testing in independent third-party laboratories for designated equipment before use in less sensitive areas of Canadian networks; and
- restricting outsourced managed services across government networks and other Canadian critical networks.
Canadian TSPs, vendors and the independent third party assurance providers enter into the equipment review arrangements voluntarily. CSE defines and monitors the risk mitigation program, accredits third party labs to perform assurance testing on technology and equipment, defines the testing requirements, oversees the quality of lab testing, and reviews proposed architectures to provide tailored advice and guidance to help mitigate risks to Canada’s telecommunications networks.
The results of these equipment reviews are shared with Canadian TSPs to inform industry standards and establish best practices. Equipment vendors work collaboratively with the assurance providers to address any security vulnerabilities identified in the equipment evaluation. The program also includes system checks to ensure the integrity of the testing regime.
The Program is part of a broader collaborative approach to strengthen cyber security throughout Canada’s telecommunications sector. To date, CSE has worked with a total of 31 TSPs representing over 99% of the Canadian mobile market to help mitigate the risk of cyber espionage and network disruption through the exploitation of supply chain vulnerabilities in the current 3G/4G/LTE environment.
Annual evaluations of TSPs’ architectures have shown year-over-year improvements in adoption of cyber security best practices as a result of this program. The program continues to raise the bar in the telecommunications sector.
CSE, through its Canadian Centre for Cyber Security, will continue to work in collaboration with all relevant TSPs vendors, service providers, laboratories, and allies to help deliver secure and resilient Canadian systems.
While non-disclosure agreements prohibit CSE from disclosing further details of this testing process, Canadians can be assured that the Government of Canada is working to make sure the strongest protections possible are in place to safeguard the systems Canadians currently rely on.
Next: 5G networks and technology
A government review is underway. Over the coming years, 5G mobile technology will be introduced that has the potential to improve Canadians’ lives through enhanced, real-time connectivity. As the government anticipates the implementation of 5G infrastructure in Canada, the Cyber Centre’s expertise and experience will be important in assessing cyber threats and risks, as well as providing advice and guidance about possible mitigations.
CSE and the Cyber Centre work closely with a wide range of partners and stakeholders – domestically and internationally – and will continue to contribute to the development of cyber security best practices that can be promoted in the interests of Canada’s national and economic security.