
CSE
Canada's cryptologic intelligence and cybersecurity agency; Five Eyes member, co-signed the 16-agency advisory.
Last refreshed: 30 April 2026
How does Canada's CSE fit into the world's most coordinated cyber attribution of 2026?
Timeline for CSE
Sixteen agencies put IOC extinction in print
Cybersecurity: Threats and DefencesWhat is Canada's CSE and how does it differ from CISA?
Did Canada sign the joint advisory about Chinese cyber operations?
How many cyber attacks does Canada's Cyber Centre block?
Background
The Communications Security Establishment (CSE) is Canada's national cryptologic intelligence and cybersecurity agency, founded in 1946 as the Communications Branch of the National Research Council. It now sits within the National Defence portfolio, headquartered in Ottawa at the Edward Drake Building, with 3,841 employees as of 2024-25 and an annual budget of $1.04 billion CAD. Chief since August 2022 is Caroline Xavier.
CSE's mandate covers foreign signals intelligence, defensive and offensive cyber operations, and information assurance across Canadian government and military systems. Its public cybersecurity Arm is the Canadian Centre for Cyber Security (Cyber Centre), established in 2018, which reported defending against 2.3 trillion malicious actions in 2024-25. CSE also maintains the Tutte Institute for Mathematics and Computing for cryptology research and a Vulnerability Research Centre for security assessments. CSE participates in the UKUSA Agreement (1948), forming the Five Eyes alliance with the NSA, GCHQ, ASD, and GCSB.
CSE appears across Lowdown topics as a recurring Five Eyes intelligence source on Russia (Russia-Ukraine-war-2026), China (this topic), and state-sponsored influence operations.
CSE was a signatory of the sixteen-agency joint advisory on China-nexus covert networks on 23 April 2026, the most coordinated public attribution gesture of 2026. Canada's inclusion reflects both its Five Eyes obligations and the Canadian Cyber Centre's direct tracking of Flax Typhoon and Volt Typhoon activity against Canadian critical infrastructure — energy, finance, and telecoms sectors have all been assessed as targets. The advisory's formal acceptance that IOC-based defence is inadequate is consistent with CSE Cyber Centre guidance issued to Canadian operators throughout 2025, which had already recommended edge-device traffic baselining over static blocklist management.