NEWS
Canada’s Cyber Agency Guards the North as Arctic Billions Pour In
Canada’s Communications Security Establishment has installed cyber sensors across Yukon, the Northwest Territories and Nunavut, its newest report shows.
Canada’s spy agency has finished wiring every territorial government north of 60 with cybersecurity sensors, closing a gap that hackers exploited for years. The Communications Security Establishment (CSE, Canada’s foreign signals intelligence and cyber defence agency) rolled the software out to the Northwest Territories in late 2022, then to Yukon and Nunavut by 2024, CBC News first reported.
That rollout is the visible layer of something bigger. CSE’s budget is on pace to nearly double in three years, its workforce is growing faster than almost any other federal agency, and Ottawa is simultaneously pouring more than $40 billion into developing the same Arctic region those sensors now guard.
Sensors in Every Territorial Capital
Bridget Walshe, an official with CSE’s Canadian Centre for Cyber Security, said the sensors are software installed on laptops, servers and cloud systems. They check whether machines are running outdated software, flag unpatched vulnerabilities and watch for suspicious activity.
Whatever the sensors catch gets sent to analysts at the Cyber Centre’s Ottawa headquarters. They review it, then relay a warning back to whichever government is affected so it can decide what to do next. Walshe said the northern deployments generated 150 threat “prevention and detection” reports for territorial and provincial governments, a figure she said made up just five percent of all such reports the sensor network produced.
CSE runs four categories of sensors at a national scale. By March 2024, host-based sensors alone covered 102 federal institutions, up from 85 a year earlier, according to the agency’s own count of sensor deployments across federal institutions.
- Host-based sensors – installed on individual devices like laptops and desktops, covering 102 federal institutions
- Cloud-based sensors – monitor cloud infrastructure, covering 80 federal institutions
- Network-based sensors – sit at the network perimeter, covering 84 institutions
- Virtual network-based sensors – extend perimeter coverage into virtualized systems, covering 5 institutions
Those figures describe CSE’s federal footprint. The territorial rollout is smaller and newer, but it runs on the same underlying technology.

A String of Costly Break-Ins Forced the Issue
The sensors did not arrive on their own. A string of expensive, disruptive breaches across the North pushed Ottawa to act.
- November 2019: A ransomware attack knocked out the Government of Nunavut’s entire IT system for weeks. Fixing the damage in the Department of Community and Government Services alone cost more than $5.4 million, CBC News reported.
- November 2022: A cyber incident hit the Government of the Northwest Territories, triggering an urgent, unscheduled sensor rollout. Containing it cost the territory more than $700,000.
- January 2023: Hackers locked Qulliq Energy Corporation, Nunavut’s public power utility, out of its billing, payroll and email data.
- July 2023: A database at the Nunatsiavut Government, the Inuit self-government based in Labrador, was hacked.
- September 2023: A distributed denial-of-service attack hit government websites across the country, including in Nunavut and Yukon.
- 2025: The City of Yellowknife took its own services offline for a week as a precaution against a ransomware threat.
Yukon and Nunavut got their sensors within roughly two years of that Northwest Territories breach. Nunavut’s own 2019 attack, the costliest of the bunch, happened years before any sensor reached its network.
Arctic Billions Raise the Stakes
In March, Prime Minister Mark Carney announced more than $40 billion for the North, most of it aimed at military infrastructure and transportation routes meant to knit the region together. The plan includes $32 billion for military hubs in Yellowknife, Inuvik and Iqaluit, plus billions more for new roads, a hydro expansion and a deepwater Arctic port.
Walshe said the spending itself is drawing unwanted attention.
“From a cyber security perspective, threat actors are looking at and could use cyber methods to be able to know and get insight and understand that investment in the North to be able to use it to their advantage,” she said.
The economic interest is already real. ATCO Ltd., a Calgary-based energy and logistics company, acquired a 40 percent stake in West Kitikmeot Resources for $10 million weeks after the announcement, and Rio Tinto secured prospecting permits in the Northwest Territories’ Sahtu region.
CSE’s Own Budget Is Nearly Doubling
CSE’s own growth is outrunning almost every other federal department. Its workforce and its authorized budget have both climbed sharply across just two annual reports.
| Metric | 2024 to 2025 | 2025 to 2026 |
|---|---|---|
| Workforce | 3,841 employees | 4,178 employees (up 8.1 percent) |
| Total budget or authorities | Just over $1 billion | Set to surpass $2 billion in 2026 to 2027 |
| Ministerial authorizations for cyber operations | 12 | 13, including 4 for foreign cyber operations |
This year’s report also disclosed, for the first time, that CSE hacked into systems used by foreign criminals brokering fentanyl precursor chemicals, disrupting their operations under an active cyber operation authorization. The agency’s budget is set to surpass $2 billion in 2026 to 2027, up from just over $1 billion two years earlier, according to Main Estimates tabled in Parliament.
Is CSE Reading Canadians’ Private Messages?
No, according to CSE. Walshe said the sensors flag vulnerabilities and suspicious activity without reading the content of emails or documents. But civil liberties advocates say that assurance misses the point. The metadata CSE and its broader programs collect, records of who Canadians contact, when and how often, can reveal nearly as much as the messages themselves.
Canada’s Intelligence Commissioner Simon Noel found that CSE improperly shared information with international partners between 2020 and 2023 without first removing data tied to Canadians.
“There’s a real problem with not recognizing that it’s not just the contents of our communications that we have an interest in privacy in but also our physical movements, which can be tracked by metadata, and the fact that we are communicating with others and who we are communicating with, those people are also part of metadata.”
Aislin Jackson, a lawyer with the British Columbia Civil Liberties Association (BCCLA), said the distinction between content and metadata does not settle the privacy question. “Metadata can be incredibly revealing and it’s not enough to say we respect privacy because we are not touching the content, even if that’s true,” she told CBC News.
The BCCLA has pressed this argument before. More than a decade ago it filed the first constitutional challenge to CSE’s surveillance activities, arguing metadata collection alone amounts to a serious invasion of privacy.
Yellowknife, Whitehorse and Iqaluit Have Little Say
Ottawa is asserting physical sovereignty over the Arctic with new roads, ports and military bases. Digital sovereignty over the same territory looks different.
The Northwest Territories’ Office of the Chief Information Officer referred all questions about the sensors to CSE. A Yukon government spokesperson said a variety of vendors and partners help protect its networks, including the Cyber Centre, but declined to say which tools, technologies or systems it actually uses. Nunavut’s informatics planning and services branch did not respond to a request for comment at all.
None of the three territorial governments would describe, in any detail, what is actually running on their own networks or who else can see what it collects.
A New Pact Aims to Close the Gap
CSE’s newest report points to two fixes already underway. In fall 2025, federal, provincial and territorial governments signed the Canadian Cybersecurity Collaboration Agreement, meant to make it easier to share threat information and tools across jurisdictions.
Provinces and territories with sensor access also gained entry to ObservationDeck this year, an interactive dashboard pulling together data from Cyber Centre services so local officials can see their own network’s vulnerabilities instead of relying entirely on Ottawa’s analysts.
The sensors keep running regardless, feeding reports back to Ottawa from government computers in Iqaluit, Whitehorse and Yellowknife every day of the year.
Frequently Asked Questions
What Does the Canadian Centre for Cyber Security Actually Do?
The Cyber Centre is CSE’s operational arm for cyber security, providing advice, incident response and technical services to federal departments and, increasingly, to provinces, territories and critical infrastructure operators. Its work reaches beyond Canada’s borders too: CSE’s 2023-2024 annual report disclosed that the Cyber Centre provided cyber security assistance to Ukraine and Latvia.
Is CSE Legally Allowed to Monitor Canadians?
CSE says no. The agency states it does not target Canadians anywhere in the world or any person in Canada through its foreign intelligence or cyber operations. Active and defensive cyber operations still require sign-off from the Minister of National Defence. CSE reported 13 Ministerial Authorizations in 2025 to 2026, four of them tied to foreign cyber operations.
How Can a Business Report a Cyberattack to the Cyber Centre?
Companies affected by a cyber incident can contact the Cyber Centre toll free at 1-833-CYBER-88 or by email, a channel CSE has published as part of its mandate to reduce cybercrime’s impact on Canadian businesses and individuals.
What Is the Five Eyes Alliance?
Five Eyes is the intelligence-sharing partnership joining the signals intelligence and cyber security agencies of Canada, the United States, the United Kingdom, Australia and New Zealand. CSE is a member, and it is the international sharing inside that alliance, not the northern sensors themselves, that the Intelligence Commissioner flagged for improperly including Canadian data between 2020 and 2023.
How Does Cybersecurity Spending Compare to Ottawa’s Arctic Investment?
CSE’s entire agency budget, set to surpass $2 billion in 2026 to 2027, is a fraction of the more than $40 billion Ottawa has committed to the North overall, most of it for military infrastructure, roads and energy projects rather than cyber defence specifically.
-
CRYPTO1 month agoXPL Rallies 30% Ahead of Plasma One Card Tier Launch
-
AI1 month agoSpaceX’s Google Deal Turns a Rocket Company Into a Cloud Landlord
-
NEWS1 month agoGoogle Search Profiles Build a Follow Graph Inside Discover
-
GAMING1 month agoMicrosoft Xbox Layoffs Start in July as Sharma Slams 3% Margin
-
AI3 weeks agoOracle Cuts 21,000 Jobs in a Year, Cites AI in 10-K Filing
-
AI1 month agoMoonshot AI Targets $30 Billion in China’s Fastest AI Funding Sprint
-
AI7 days agoWhatsApp Meta Business Agent Reaches India, With a New Pricing Meter
-
NEWS1 month agoOppo’s ColorOS 17 Eligibility List Leaves A-Series Buyers Behind
