Two different searches land on “Canadian Security Intelligence Service.” Some are looking for basic information about what CSIS is and does. Others are tracking recent threat intelligence — CSIS’s 2024 public report, Director Daniel Rogers’ November 2025 speech, or the National Cyber Threat Assessment that names China’s cyber program as Canada’s most serious state-level threat. This piece covers both: what CSIS is, how it operates, and what its current assessments say about the threat environment Canada is actually navigating.
- CSIS was established June 21, 1984, replacing the RCMP’s security service — Director: Daniel Rogers (since October 15, 2024)
- Budget reached CAD $828.4 million in 2023-2024, up 35.6% over five years, reflecting expanded threat scope
- Director Rogers’ November 2025 speech: “most complex national security landscape in decades” — overlapping threats, not separate files
- CSIS 2024 Report: China is the greatest counterintelligence threat; Russia actively planning sabotage operations against Canada for the first time in years
- National Cyber Threat Assessment 2025-2026: PRC cyber program rated “most sophisticated and active state cyber threat to Canada today”
CSIS Mandate, Structure, and Oversight
What CSIS Does: Mandate and Legal Authority
The Canadian Security Intelligence Service is Canada’s domestic intelligence agency. Its job is to investigate activities suspected of constituting threats to Canadian security and to advise the government accordingly. CSIS can also take measures to reduce those threats under specific legal conditions defined by the CSIS Act and ministerial direction. The agency does not have arrest powers — that’s the RCMP’s jurisdiction. CSIS collects, analyzes, and reports. What the government does with that intelligence is a separate question.
The mandate covers five categories: terrorism, espionage, foreign interference in Canadian political and economic affairs, proliferation of weapons of mass destruction, and threats to the security of government infrastructure and information systems. That last category has expanded significantly as cyber operations by state actors have become more frequent and more damaging. The role of AI in cybersecurity has changed what CSIS is actually investigating — foreign interference no longer means just diplomats; it means automated disinformation campaigns, AI-generated personas targeting Canadian officials on LinkedIn, and state-sponsored intrusions into federal networks.
Organization and Regional Structure
CSIS headquarters sits in Ottawa, Ontario. Below headquarters, Canada is divided into six regional offices: Atlantic, Quebec, Ottawa, Toronto, Prairie, and British Columbia. Each region handles investigations, collection, and liaison with local law enforcement and government partners. The agency also maintains liaison officers posted abroad to coordinate with allied intelligence services — the Five Eyes partners (US, UK, Australia, New Zealand) being the primary relationships, though CSIS shares intelligence with a broader set of partners depending on the threat.
CSIS is not the only Canadian intelligence body. The Communications Security Establishment (CSE) handles signals intelligence and cybersecurity. The RCMP handles law enforcement with national security implications. The Canadian Centre for Cyber Security (a CSE arm) publishes the National Cyber Threat Assessment. CSIS and CSE coordinate closely; the threat assessments they produce cross-reference each other on state actor priorities. Understanding this division matters because when Canadians encounter news about “Canadian intelligence,” the specific agency doing the work determines what kind of intelligence it is.
Budget, Workforce, and Oversight
CSIS’s approved spending reached CAD $828.4 million in the 2023-2024 fiscal year, a 35.6% increase from the $611.1 million spent in 2019-2020. The workforce ranges between roughly 3,000 and 4,500 employees across headquarters and regional offices. Oversight comes from three directions: the Security Intelligence Review Committee (SIRC), which reviews CSIS activities for compliance with its mandate; the National Security and Intelligence Committee of Parliamentarians (NSICOP), which provides parliamentary-level review; and the courts, which issue warrants for intrusive investigative techniques. CSIS cannot conduct surveillance of Canadians without authorization from the Federal Court.
Director Daniel Rogers took office October 15, 2024, succeeding David Vigneault. Rogers delivered his first public annual threat address on November 13, 2025 — describing a “most complex national security landscape in decades,” one where violent extremism, foreign interference, espionage, transnational repression, Arctic intelligence activity, and hybrid operations are no longer separate files but overlapping layers of the same strategic challenge. That framing is accurate to the public reporting: the threat categories are converging, not separating. The broader context of how state actors use AI against democratic institutions is covered in the guide to AI security concerns that enterprise and government defenders are tracking.
CSIS Threat Priorities for 2025-2026
Foreign Interference and State-Sponsored Espionage
The CSIS Public Report 2024 named China the “greatest counterintelligence threat” to Canada. China’s operations include theft of classified information, political manipulation, and influence operations targeting Canadian politicians, diaspora communities, and academic institutions. Chinese intelligence services have been documented attempting to recruit Canadians with government access through social media platforms and online job postings — a scalable, low-risk approach to talent recruitment that doesn’t require traditional in-person meetings.
Russia’s threat profile shifted in 2024. For the first time in many years, CSIS made concerted efforts to counter Russian sabotage operations — not just espionage. The Russian Intelligence Service targeted Canada with activities that included operational planning related to potential sabotage, alongside the traditional espionage and influence operations. India’s foreign interference in Canadian politics has also been a persistent CSIS priority following the Hogue Commission inquiry. Iran continues operating through criminal proxies to target dissidents and perceived enemies in Canada, with credible “threats to life” being actively investigated. The intelligence community’s overall assessment: the simultaneous scale of threats from multiple state actors is unprecedented in the combined history of Five Eyes intelligence services.
Cyber Threats and AI-Enabled Operations
The National Cyber Threat Assessment 2025-2026, published by the Canadian Centre for Cyber Security, rated China’s cyber program as the “most sophisticated and active state cyber threat to Canada today — scale, tradecraft, and ambitions in cyberspace second to none.” Russia’s cyber program supports Moscow’s broader goals of confronting and destabilizing Canada and its allies. Ransomware remains the top cybercrime threat to Canada’s critical infrastructure, with criminal groups increasingly using ransomware-as-a-service tooling that lowers the technical barrier for new actors.
AI is amplifying the threat on multiple vectors. The 2025 election security assessment found that China, Russia, and Iran are “very likely” using AI to support disinformation campaigns and hack-and-leak operations targeting Canadian elections. State-sponsored actors are using generative AI to make social engineering attacks more personal and persuasive — phishing emails that are contextually accurate to the specific target rather than generic templates. Nation-states are also using AI to process and analyze large datasets for intelligence production, including election targeting. The AI security tools deployed by Canadian government and critical infrastructure operators are the defensive response to these capabilities.
Terrorism and Emerging Domestic Threats
CSIS’s terrorism workload has grown and shifted in profile. Director Rogers disclosed in 2025 that nearly one in ten CSIS terrorism investigations now involves at least one subject under the age of 18 — a significant increase that reflects online radicalization dynamics. Minors are being reached through social media platforms, gaming environments, and encrypted messaging applications by ideologically motivated actors. The range of ideologies driving threats spans Islamist extremism, ideologically motivated violent extremism (IMVE), and a growing category that CSIS describes as having no clear ideological anchor beyond personal grievance.
Transnational repression — where foreign states target diaspora communities in Canada to silence dissent — has also expanded significantly as a CSIS priority. India and Iran have both been cited in this context. The Arctic has emerged as a new area of strategic concern: Director Rogers flagged both China seeking an economic foothold in Canada’s Arctic and Russia’s unpredictable posture in the region. These are not traditional CSIS threat categories — they reflect a genuinely expanded mandate that has grown alongside the threat environment. The enterprise security threat intelligence frameworks developed for the private sector increasingly draw on the same state actor data that CSIS collects.
Frequently Asked Questions
What is the Canadian Security Intelligence Service?
The Canadian Security Intelligence Service (CSIS) is Canada’s domestic intelligence agency, established by Act of Parliament on June 21, 1984. It investigates threats to Canadian security — terrorism, espionage, foreign interference, weapons proliferation, and cyber threats — and advises the government. CSIS does not have arrest powers; it collects and analyzes intelligence. The RCMP handles enforcement. The current director is Daniel Rogers, who took office in October 2024.
What is CSIS’s budget and how many employees does it have?
CSIS’s approved spending reached CAD $828.4 million in the 2023-2024 fiscal year, a 35.6% increase from $611.1 million in 2019-2020. The workforce is estimated between 3,000 and 4,500 employees across headquarters in Ottawa and six regional offices. CSIS is overseen by the Security Intelligence Review Committee (SIRC), the National Security and Intelligence Committee of Parliamentarians (NSICOP), and Federal Court warrant authorization for intrusive surveillance.
What are the biggest threats CSIS is tracking in 2025-2026?
According to the CSIS Public Report 2024 and the National Cyber Threat Assessment 2025-2026, the top threats are China (greatest counterintelligence threat and most sophisticated cyber program), Russia (espionage, sabotage planning, and cyber operations), Iran (transnational repression and criminal proxy operations), and AI-enabled foreign interference in Canadian elections. Ransomware is the top cybercrime threat to critical infrastructure. Nearly one in ten CSIS terrorism investigations now involves a subject under 18.
How is CSIS different from CSE and the RCMP?
CSIS (Canadian Security Intelligence Service) collects and analyzes domestic intelligence on security threats — espionage, terrorism, foreign interference. CSE (Communications Security Establishment) handles signals intelligence and cybersecurity for government networks. The RCMP is the federal police force with arrest powers for national security offenses. All three coordinate on national security, but each has a distinct legal mandate. CSIS gathers intelligence; CSE protects communications; the RCMP prosecutes.
Does CSIS monitor Canadian citizens?
CSIS can investigate Canadians when there are reasonable grounds to believe they are involved in activities that threaten national security. Intrusive surveillance techniques require a warrant from the Federal Court. CSIS is explicitly prohibited from investigating people solely on the basis of their political beliefs, religious practices, or union membership. The Security Intelligence Review Committee (SIRC) reviews CSIS activities to ensure compliance with its legal mandate and ministerial direction.
