Canada's Cyber Defences Under Fire

Show Notes

🔍 Canada’s Cyber Defences Under Fire | Global Intelligence Weekly Wrap-Up
This week on Global Intelligence Weekly Wrap-Up, Neil Bisson — retired CSIS intelligence officer and Director of the Global Intelligence Knowledge Network — examines how espionage, sabotage, and cyber warfare are converging to test the resilience of Western democracies.

🇵🇱 In Poland, authorities arrest eight individuals linked to Russian-directed sabotage — part of a wider hybrid campaign targeting NATO infrastructure and logistics routes supporting Ukraine.

🇷🇴 In Romania, security services foil a coordinated plot against a commercial courier network, exposing how Moscow’s proxy operations are expanding beyond the battlefield.

🇬🇧 In the U.K., three men are arrested under the new National Security Act for assisting Russian intelligence, reinforcing how deeply human espionage networks have penetrated Western societies.

🇳🇱 In the Netherlands, intelligence chiefs reveal they are now sharing less data with Washington — a rare signal of strained trust within the Western alliance.

🇨🇦 Back home, CSIS calls for greater precision in Canada’s new lawful-access powers under Bill C-2, while a federal audit warns of “significant gaps” in Canada’s cyber defences — raising serious questions about how prepared we are to face a full-scale digital assault.

🇦🇺 And in Australia, new proposals to expand ASIO’s interrogation powers have sparked a heated debate about the balance between national security and democratic oversight.

Each story this week underscores one message: the threats of espionage, sabotage, and cyber intrusion are not distant — they’re already here.

🎧 Chapters

0:00 – Intro
1:30 – Poland detains eight people suspected of sabotage
5:40 – Romania foils Russian-backed sabotage attempt
10:20 – UK arrests three men for spying for Russia
14:55 – Dutch intelligence services share less with the U.S.
19:30 – India never provided evidence on Sikh separatists
23:15 – Bill C-2 expands CSIS lawful-access powers
26:50 – CSIS warns new powers need “precision”
30:05 – Canada’s cyber defences under fire
32:50 – ASIO’s expanded interrogation powers
34:00 – Outro

🧠 Learn More
📘 Register for Neil’s upcoming University of Ottawa Professional Development Institute course:

“Sabotage and Proxy Operations in Modern Intelligence”
👉 https://pdinstitute.uottawa.ca/PDI/Courses/National-Security/Sabotage-and-Proxy-Operations/Course.aspx?CourseCode=S0245

🎙 Support independent intelligence analysis:
🔗 Buzzsprout – Global Intelligence Weekly Wrap-Up

Transcript

2025 10 24 Global Intelligence Weekly Wrap Up


INTRO:
Welcome to the Global Intelligence Weekly Wrap-Up — the podcast where open-source reporting meets expert analysis.

This week, Neil Bisson, Director of the Global Intelligence Knowledge Network and a retired CSIS intelligence officer, unpacks a wave of espionage and sabotage cases that reveal just how far hybrid warfare has spread across the Western world.

In Europe, Poland and Romania uncover Russian-directed sabotage networks targeting supply routes and civilian infrastructure — part of a growing campaign to destabilize NATO allies.

In London, three men are arrested under the UK’s new National Security Act for assisting Russian intelligence — proof that Moscow’s human networks are still active on Western soil.

The Netherlands takes the rare step of scaling back intelligence-sharing with Washington, citing concerns about political interference under the Trump administration.

And here at home, Canada’s spy agency faces scrutiny as Parliament debates new lawful-access powers under Bill C-2 — while the Auditor General warns of “significant gaps” in the nation’s cyber defences.

Each of these stories speaks to a single reality: espionage, sabotage, and digital warfare are no longer confined to the shadows — they’re shaping the front lines of democratic security.

What are you waiting for? Let’s get started! 

MUSIC

Hello and welcome back to the Global Intelligence Weekly Wrap Up. 

I’m your host Neil Bisson, the Director of the Global Intelligence Knowledge Network and a retired Intelligence Officer with the Canadian Security Intelligence Service. 

Each week, I take stories from reputable news media regarding espionage, sabotage, foreign interference and terrorism and through analysis and corroboration, I provide you with the insights and intelligence you need to understand how the world of intelligence affects your career, your country and your wellbeing. 

We’ve had another busy week, from more arrests of Russian spies and saboteurs to the Canadian Intelligence Community trying to gain traction on bill C-2. 

There’s a lot to discuss so let’s dive in.  

For our first story, we head to Poland, where Prime Minister Donald Tusk has announced the detention of eight individuals suspected of carrying out acts of sabotage on behalf of foreign powers. 

This latest development underscores the intensifying shadow war playing out across Europe as Moscow and its proxies seek to disrupt NATO member states that support Ukraine. 

According to Tusk, the suspects were part of a wider network operating under foreign intelligence direction — another clear sign that hybrid warfare tactics are escalating on the continent.

While details remain limited, the arrests appear to be linked to a series of coordinated operations designed to undermine critical infrastructure and logistics routes used for moving Western military aid into Ukraine. 

Polish authorities believe the network’s activities were directed or inspired by Russian intelligence services, most likely the GRU, which has been accused of multiple sabotage campaigns across Europe, including parcel bomb plots, arsons, and rail disruptions.

The fact that these individuals were apprehended before any major attack took place reflects the heightened vigilance of Polish counterintelligence and security services. 

However, the pattern fits the broader strategy of Russian gray-zone operations: using covert proxies, criminal elements, and influence agents to destabilize European cohesion while maintaining plausible deniability.

Since Russia’s full-scale invasion of Ukraine in 2022, Poland has emerged as one of Kyiv’s staunchest allies and a logistical hub for Western weapons transfers. 

That makes it a prime target for Kremlin retaliation. 

Over the past two years, Polish investigators have disrupted multiple plots tied to Russian networks — including attempts to derail trains carrying munitions, burn warehouses storing military aid, and spread disinformation through social media.

The timing of these new arrests also coincides with increased sabotage incidents across NATO territory — from Germany and the Baltic states to the UK — suggesting an organized campaign rather than isolated acts. 

These attacks serve not just to cause physical damage but to test Western intelligence response times and expose potential vulnerabilities in border security and supply chains.

Prime Minister Tusk stated that the sabotage network “was not working independently” and hinted that “foreign services” were directly involved. 

Polish counterintelligence sources told local media that the suspects had received funding and logistical support through intermediaries outside the country.

From an intelligence perspective, these comments point toward a Russian or Belarusian-directed cell operating under the model already observed in several European countries: the use of civilians and contract agents to carry out low-tech, high-impact acts of disruption. 

This mirrors Russia’s evolving doctrine of hybrid warfare, which blends espionage, psychological operations, and sabotage under a single umbrella of statecraft.

Poland’s arrests are a reminder that Russia’s campaign against NATO countries is far from theoretical. 

The Kremlin continues to test the resolve and readiness of Western allies through sabotage, infiltration, and subversion. 

Each disrupted plot — whether in Warsaw, Berlin, or Prague — adds to the intelligence mosaic showing a systematic attempt to weaken European solidarity with Ukraine.

For Canada and its partners, there is a clear takeaway: what’s happening in Poland today could easily play out tomorrow in North America. 

Since 2022, Canada has committed more that 6.5 billion in military assistance to Ukraine. 

Canadian defence contractors who provide support through direct procurement, contracted services and by brokering contracts are likely high up on the list of Russian sabotage targets. 

As I’ve often said, grey zone tactics don’t stop at borders — and the better we understand these European cases, the better prepared we’ll be to recognize similar patterns here at home.

MUSIC

Following the arrests in Poland of suspected saboteurs, another chapter has emerged in the same network of covert disruption. 

Romania’s intelligence service, the SRI, has announced that it has foiled a sabotage attempt believed to be orchestrated by Russian intelligence. 

The plot targeted a commercial courier company in Bucharest, adding another example of how hybrid warfare tactics are evolving and spreading across Europe.

Romanian authorities confirmed that two individuals entered the country from Poland, delivering parcels to the headquarters of a private courier firm in Bucharest. 

Inside the packages were improvised incendiary devices, built to ignite remotely and disguised within everyday items.

The goal was not a mass-casualty event but rather a disruption of logistics and communications that support Ukraine’s war effort and Europe’s commercial networks. 

By targeting a courier hub, the perpetrators aimed to damage infrastructure, sow fear, and send a political message — all while maintaining plausible deniability for their sponsors.

This operation is part of a broader trend. 

Russia’s intelligence apparatus has increasingly relied on criminal proxies and hired intermediaries to conduct sabotage and arson across Europe. 

These low-tech but high-impact operations are designed to create economic damage and psychological pressure without crossing the threshold of open conflict.

The Romanian case connects directly to the earlier arrests in Poland, suggesting a coordinated cross-border campaign. 

The same tradecraft — using civilians or foreign nationals as unwitting couriers, employing thermite-based incendiaries, and choosing targets tied to supply chains — points to a single network operating across NATO territory.

What makes this case especially concerning is the shift toward attacking civilian logistics infrastructure. 

By targeting courier networks and businesses that serve diaspora and humanitarian links with Ukraine, these operations aim to undermine trust in everyday systems that sustain both economies and communities.

These hybrid tactics now extend beyond state institutions and military assets. 

Civilian sectors, including, transport, communications, and even private companies are now potential targets of covert Russian sabotage.

Romanian officials have described the incident as part of a wider campaign of sabotage directed by a foreign intelligence service. 

The operational details fit a pattern seen elsewhere in Europe — the use of disposable assets, indirect command structures, and non-military targets chosen for their symbolic and disruptive potential.

From an intelligence perspective, the Romanian case shows how modern covert action blends espionage, sabotage, and organized crime. 

By outsourcing to criminal intermediaries, foreign states can operate below the radar, leaving local authorities to clean up the aftermath while they deny involvement.

Taken together, the Polish and Romanian cases reveal a clear strategy of testing Europe’s resilience through hybrid operations. 

The pattern is deliberate: coordinated sabotage, proxy actors, and deniable strikes against infrastructure that supports the Western alliance.

For Canada, these incidents shouldn’t be viewed as just distant problems. 

They demonstrate how easily similar tactics could be replicated against North American infrastructure or businesses.

The battlefield that is the conflict between Ukraine and Russia has expanded and as such, so must our understanding of what constitutes a national security threat.

MUSIC

Russian intelligence activity remains highly visible, more than in any time in recent history, as our next story highlights. 

British authorities have detained three men in London on suspicion of assisting the Russian intelligence service. 

The arrests, made under the National Security Act of 2023, highlight the escalating intelligence war between the United Kingdom and Moscow. 

For Western nations — particularly those supporting Ukraine — these developments serve as a timely reminder that espionage and subversion are active tools in Russia’s broader strategy to destabilize its adversaries.

The three men — aged 44, 45, and 48 — were arrested by the Metropolitan Police Service in coordinated operations across London. 

Investigators allege the men were acting on behalf of Russian intelligence, violating Section 3 of the National Security Act, which makes it a criminal offence to assist a foreign intelligence service in UK-related activities.

This is the second high-profile case this year involving suspected Russian agents or proxies operating on British soil. 

It underscores Moscow’s continued efforts to maintain human intelligence networks in Western democracies — networks that are often used to collect sensitive information, identify potential recruits, or conduct influence and sabotage operations.

Russia’s intelligence services have a long history of covert activity in the United Kingdom, from the 2018 Salisbury nerve-agent attack on former GRU officer Sergei Skripal to recent arrests involving suspected Bulgarian operatives working for Moscow. 

The UK’s National Security Act of 2023 was introduced partly in response to these events, giving law enforcement new legal tools to counter espionage and foreign interference.

But this is not a uniquely British problem. 

Canada, as a steadfast ally of both the UK and Ukraine, faces similar vulnerabilities. 

Ottawa’s strong political, military, and intelligence support for Kyiv places it firmly within Moscow’s adversarial crosshairs. 

Russian operatives and influence networks have already been observed attempting to interfere in Canadian affairs — from cyber-intrusions to disinformation campaigns targeting public trust and domestic unity.

Security analysts have noted that the UK’s experience mirrors what other NATO countries — including Canada — should expect as Russia seeks to undermine Western cohesion over its war in Ukraine. 

Canada’s intelligence community, including CSIS and the Communications Security Establishment, has repeatedly warned that Russian actors are employing hybrid tactics to weaken support for Ukraine and erode democratic institutions.

Experts also emphasize that espionage is evolving and rather than relying solely on declared intelligence officers under diplomatic cover, states like Russia increasingly use cut-outs, contractors, and local sympathizers to mask their operations. 

This is a method that challenges law enforcement and counterintelligence agencies worldwide.

The arrests in London reinforce a growing reality: espionage, influence operations, and proxy recruitment are no longer confined to Cold War history books — they are active elements of modern statecraft. 

For Canada, this should serve as yet another cautionary signal. 

As a strong supporter of Ukraine and a member of the Five Eyes alliance, Canada remains an appealing target for Russian intelligence operations seeking to disrupt Western resolve and access sensitive defense or energy information.

Both the UK and Canada are on the same battlefield — one fought not with tanks and missiles, but with information, deception, and influence.

MUSIC

We head to the Netherlands for our next story. 

In a surprising shift within the Western intelligence community, the Netherlands’ two principal intelligence agencies — the AIVD (General Intelligence and Security Service) and MIVD (Military Intelligence and Security Service) — have publicly confirmed they are now sharing less intelligence with the United States and strengthening ties with their European counterparts instead.

In a rare joint interview with de Volkskrant, AIVD director Erik Akerboom and MIVD director Peter Reesink said this decision stems from growing concern about politicization of intelligence under President Donald Trump’s administration and potential human rights violations linked to intelligence misuse.

This marks one of the first times in modern history that developments inside the United States have directly shaped the intelligence-sharing posture of a key NATO ally.
 
According to Akerboom and Reesink, Dutch agencies are now evaluating information-sharing with Washington on a case-by-case basis, no longer automatically providing raw data to the CIA or NSA.

Their caution reflects a deeper anxiety that U.S. domestic politics are beginning to compromise international intelligence cooperation. 

President Trump’s dismissal of senior officials for “disloyalty” and his legal pressure on journalists, judges, and universities have raised alarm bells across Europe about the reliability and independence of the American security apparatus.

Meanwhile, intra-European intelligence collaboration has grown. 

Akerboom revealed that northern European agencies — including those in Britain, Germany, France, the Scandinavian nations, and Poland — are now exchanging more raw data, primarily in response to Russia’s ongoing aggression and the rising cyber threat from China.

For decades, the U.S.–Netherlands relationship has been a cornerstone of the Five Eyes–adjacent intelligence framework, with the Dutch providing vital European intercept data and counterintelligence leads. 

The NSA’s past practice of mass intercepts, however — including Dutch phone communications — has long been a sensitive issue in The Hague.

By becoming more selective, the Dutch intelligence community is signaling that trust among allies is not unconditional. 

This shift mirrors a broader European trend: balancing alliance obligations with the need to protect national sovereignty and data privacy.

Akerboom also issued a stark warning about Russian cyber intrusions, confirming that dozens of successful hacks occur in the Netherlands each year, while China’s digital espionage is expanding rapidly. 

He advised Dutch officials and journalists to take precautions when traveling to China, citing “close access” operations in which devices are copied or infiltrated — even encrypted data, he noted, can be stored and later decrypted using AI-based tools.

Both intelligence chiefs have urged the Dutch government to grant broader operational powers to act faster against state-sponsored cyberattacks. 

Current legal procedures, they said, are too slow to keep pace with real-time threats from Russia and China.

Their remarks reveal the tension now running through Western intelligence circles: how to maintain trust in traditional alliances while adapting to the digital and political realities of 2025.

From an intelligence perspective, this moment is telling. 

When a NATO member begins reducing intelligence flow to Washington, it indicates not hostility — but a recalibration of strategic confidence. 

Trust, once lost or eroded, takes years to rebuild.

The Dutch decision underscores a new reality in allied intelligence relationships: political stability and rule of law are now operational concerns, not just diplomatic ones. 

Allies are beginning to weigh not only what information they share, but with whom — and under what political conditions.

For Canada, this development carries a warning. 

If U.S. domestic instability can weaken European confidence, it may also affect the flow of intelligence that Canada depends on through its Five Eyes partnerships. 

The global intelligence alliance system functions best when trust is mutual, consistent, and apolitical — and that principle is being tested in real time.

MUSIC

We head back to Canada for our next segment, where a panel of former senior Canadian intelligence officials has declared that while India regularly raised concerns about Sikh separatist activity in Canada, it never provided its own evidence to Canadian authorities. 

The assertion highlights the tension between diplomatic demand and intelligence-sharing norms, especially in politically sensitive cases.

According to these former officials, over many years India flagged individuals in Canada it claimed were involved in separatist or extremist activities linked to the “Khalistan” movement, yet did not accompany those requests with raw intelligence, data trails, or legal disclosure. 

This leaves Canadian agencies in a difficult position — forced to evaluate whether a foreign state’s warnings are credible while lacking the evidentiary backbone needed for investigations or prosecutions.

From an intelligence collection perspective, this dynamic introduces key risks: intelligence shared without substantiation may become political pressure, intelligence gaps may hamper domestic investigations, and the absence of transparency complicates allied cooperation. 
For Canada’s intelligence community, it means the credibility of the requestor becomes part of the assessment, not just the content of the request.

The context is important: Canada hosts the largest Sikh diaspora outside India. 

The movement for a separate Sikh homeland in Punjab (Khalistan) has had historic links to extremist and militant activity, which India regards as terrorism. 

For New Delhi, Canadian-based activists are a diaspora concern and part of its national security calculus. 

For Ottawa, balancing freedom of expression, immigration rights and allied intelligence-requests presents a complex challenge.

In practice, the lack of shared evidence has delayed or blocked investigations. 

Canadian agencies find it difficult to justify the allocation of resources to follow up on foreign requests, when intelligence partners supply little more than allegations or unfounded rhetoric. 

This complicates trust in intelligence-sharing regimes: allies expect reciprocity and substance, not just rhetoric.

The former officials emphasised that intelligence cooperation must rest on verifiable data, not just diplomatic statements. 

Without documented evidence or witness materials, Canadian law enforcement and intelligence agencies cannot move from suspicion to action — and risk being manipulated into foreign-policy disputes. 

In the longer term, this undermines the principle that allied intelligence communities rely on each other for reliable, actionable information rather than one-sided requests.

This case illustrates a broader point: foreign-state intelligence requests are not only about “what we do in our backyard” — they’re about who can we trust, what we need to act, and how we process the information provided. 

For Canada, maintaining sovereignty over its own criminal and intelligence work requires that foreign-state inputs meet the same standards we expect from domestic intelligence.

If we accept intelligence referrals without sufficient intelligence related evidence, we risk becoming a conduit for external agendas rather than independent investigators upholding the values of Canadian citizens.

MUSIC

We stay in Canada for this week’s main segment. 

The federal government’s proposed Bill C-2 — part of the “Strong Borders Act” — has sparked national debate by expanding lawful access powers for the Canadian Security Intelligence Service (CSIS) and law enforcement. 

The bill marks one of the most significant changes to how Canadian authorities can request or compel access to digital data, raising complex questions about privacy, oversight, and the balance between civil liberties and national security.
Under Bill C-2, CSIS and police would be able to issue information-demand orders to service providers, requiring them to confirm whether they hold data for a specified subscriber or account and, in some cases, to produce that data. 

The legislation also requires certain major electronic-service providers to maintain systems capable of lawful access, with financial penalties for non-compliance.

Supporters argue these powers are essential for modern intelligence operations. 

The rapid adoption of encrypted platforms and foreign-based service providers has made it increasingly difficult for CSIS and the RCMP to investigate cyber threats, foreign interference, terrorism, and espionage. 

The government maintains that the new framework is about efficiency — ensuring investigators can move as quickly as the threats they face.

Canada’s debate over lawful access has spanned decades, with earlier efforts repeatedly stalled due to privacy concerns. 

What makes Bill C-2 different is the context: the rise of hybrid threats, sophisticated cyber intrusions, and increasing foreign interference, particularly from Russia, China, and Iran.

For intelligence professionals, the inability to access real-time digital information has created operational gaps. 

Canada’s allies in the Five Eyes — the United States, the United Kingdom, Australia, and New Zealand — already have broader lawful-access frameworks. 

This legislation would bring Canada closer to those standards and strengthen intelligence-sharing partnerships.

However, critics argue that the bill’s provisions may lower the threshold for obtaining information, especially in cases where “exigent circumstances” are cited. 

That raises concerns about transparency, judicial oversight, and potential overreach.

National-security officials emphasize that this legislation is about closing dangerous gaps that adversaries exploit. 

CSIS and the RCMP have repeatedly warned that foreign intelligence services are operating in Canada’s digital space — from data theft and cyber espionage to covert online influence operations. 

They argue that investigators need timely access to information to identify foreign operatives and neutralize threats before they escalate.

Civil-liberties advocates, however, caution that greater power must come with greater accountability. 

They worry that warrantless or expedited access mechanisms could be abused or used too broadly, eroding public trust in Canada’s intelligence institutions. 

For CSIS, the key challenge will be ensuring that operational agility does not come at the cost of credibility or oversight.

Bill C-2 represents a turning point for Canada’s intelligence and surveillance capabilities. 

It’s a move toward modernizing how CSIS and law enforcement track digital threats — but it also forces an uncomfortable conversation about how much access to private data the state should have.

For Canadians, the issue isn’t simply one of privacy versus security. 

It’s about whether the systems designed to protect us can adapt responsibly to an era where a growing amount of intelligence is being collected through data as opposed to just human sources. 

The outcome of this debate will shape not only CSIS’s operational future but also public confidence in how Canada protects its national security.

MUSIC

We stick with this story for our next segment. 

CSIS has publicly voiced concerns about the proposed expansion of its warrantless search powers, warning that the current legislative language lacks the necessary precision and safeguards. 

This highlights the ongoing debate over balancing national-security tools with civil-liberties protections.

CSIS officials acknowledge that while the government’s intent to enhance intelligence authorities is understandable in a changing threat environment, the proposed bill fails to clearly define key parameters. 

Without tighter wording, CSIS cautions, warrantless powers could be broad-brushed and misused or could face legal challenge and public backlash. 
The agency emphasises that precision in legislation is critical: who is covered, under what circumstances searches may occur, what oversight applies, and how accountability will be maintained.

From an operational perspective, this stance signals clear maturation in CSIS’s approach: they are not simply asking for more powers—they are asking for better-designed powers. 

That suggests CSIS anticipates scrutiny not only from Parliament and the courts but also from public opinion and civil society. 

For the intelligence community, this emphasizes that legislative expansion must come with commensurate clarity, oversight and justification—not just broad legislative permissiveness.

Canada is currently navigating an elevated threat posture: foreign interference, espionage, cyber-intrusions and grey zone tactics, are increasing in pressure. 

In response, the government has sought to update intelligence and security legislation to keep pace. 

However, such legislation touches directly on foundational principles of democracy and rule of law—particularly when warrantless searches are in play.

CSIS’s intervention underscores the tension between speed and safeguards: intelligence agencies want tools that can respond quickly, while legal and civic frameworks demand clear definitions, democratic oversight, and rights protections. 

This moment arguably marks a turning point—where the intelligence-community request is no longer simply “give us more power,” but “give us precisely defined powers.”

Legal scholars and intelligence professionals have welcomed CSIS’s positioning, noting it improves transparency and credibility for the agency. 

If CSIS is prepared to publicly critique aspects of the legislation, it increases trust and indicates a more accountable intelligence posture. 

On the other hand, some critics warn that if the legislation isn’t tightened now, the result could be years of legal uncertainty, increased risk of abuse or judicial rebuke—and that could hamper operational effectiveness.

The CSIS statement is a reminder: in the modern intelligence era, legislative design matters as much as operational capability. 

For Canada’s national-security ecosystem, the key takeaway is this: 

possessing vast powers is one thing — possessing well-defined, accountable, and rights-aware powers is another.

For practitioners in intelligence, law enforcement, policy and academia, this is critical: stay abreast not just of what tools are being proposed, but how they’re being structured, debated and scrutinised. 

Because power without precision is often the precursor to backlash, oversight failures—or worse, compromised intelligence operations.

MUSIC

In an ironic twist to this story, a recent federal audit has concluded that Canada’s cyber-defences—particularly within the Communications Security Establishment (CSE) and other related agencies—contain “significant gaps” in capability, readiness, and resilience. 

The report cautions that while the government recognises an elevated cyber threat environment, the systems and processes in place are not fully aligned with the level of risk.

The audit highlights several key weaknesses, including: 
1) insufficient real-time detection across federal networks. 
2) slow coordination between agencies during major incidents. 
and 3) a lack of clearly defined accountability for certain cybersecurity responsibilities.

 While CSE and the federally mandated Canadian Centre for Cyber Security, or just the Cyber Centre, are active in defence initiatives, the audit suggests that operational readiness and cross-government integration still trail behind the pace of threat evolution.

Looking at this from an intelligence/operations lens, the audit sends a strong message: adversaries are already shifting from espionage to disruption and degradation. 

Canada’s platforms may be technically compliant—but may not yet be fully resilient or agile enough to respond dynamically. 

The audit also emphasizes that threats today are less about isolated intrusions and more about persistent campaigns exploiting supply chains, cloud-services, infrastructure interdependencies, and digital supply-points.

Canada’s cyber-risk environment has been escalating: state-sponsored actors from nations like Russia, China and Iran are increasingly targeting Canadian government systems, critical infrastructure, and private-sector networks. 

Meanwhile, cyber-criminal ecosystems — including ransomware and “cybercrime-as-a-service” models — further complicate the landscape. 

The audit’s findings arrive as Canada prepares for major national-security events and increased reliance on digital operations.

Given Canada’s role in the Five Eyes alliance and its interconnected dependencies with the U.S. and its allies, any systemic gaps in federal cyber-defence not only raise domestic risk but also have wider bilateral and multilateral implications.

Cybersecurity experts say the audit provides a timely, if sobering, reality check. 

Having strong rules and frameworks is necessary, but not sufficient: what matters is integration across agencies, real-time visibility, and the ability to respond at scale. 

Some analysts argue that the audit should be treated as a call to action for modernization: from incident response playbooks to cross-departmental governance to public-private sector interfaces. 

Without this, the risks of cascading failures—data loss, infrastructure disruption, reputational damage—are increasing.

This audit is more than bureaucratic housekeeping — it is a strategically important wake-up call. 

Canada’s cyber-defences may be engaged, but they are not yet fully battle-hardened. 

For professionals in intelligence, law enforcement, policy and critical infrastructure, the takeaway is clear: cyber-resilience isn’t just about perimeter hardening—it’s about organisation, coordination and adapting faster than the threat.

In a world where digital attack vectors evolve faster than ever, gaps become targets. 

The good news: identifying the gaps is the first step. The harder part is closing them.

MUSIC

For our last segment this week, we’re ending in land down under. 

Australia’s federal government is seeking to make permanent and significantly broaden the compulsory-questioning powers of its domestic spy agency, ASIO, prompting sharp warnings from human-rights and civil-liberties organisations that the changes risk creating intrusive intelligence practices with minimal oversight.

Under proposed legislation, the powers originally introduced after the 9/11 attacks—allowing ASIO to compel individuals, including minors, to answer questions or produce items—would be expanded in both coverage and permanence. 

The sunset clauses that required periodic parliamentary review would be removed, and the set of offences triggering such powers would be widened to include sabotage, promotion of communal violence, attacks on defence systems and serious border threats.

Civil-liberties groups argue this could enable “fishing expeditions” — compelling individuals who have not been charged with any crime to submit to intensive questioning under threat of warrant. 

They warn the reforms could shift ASIO from an intelligence-gathering body into a quasi-police force, with significant implications for due process, rights protections and democratic oversight.

From an intelligence-practitioner’s perspective, this debate is not just about power, but about how that power is designed, governed and used. 

The fact that such extraordinary tools—originally conceived as temporary—are now being considered for permanence signals a major shift in Australia’s intelligence-legal landscape.

ASIO has had compulsory-questioning powers since the early 2000s, but their actual usage has been rare. 

The proposed reforms reflect Australia’s heightened threat environment: foreign interference, espionage, supply-chain vulnerabilities and hybrid warfare have all been publicly cited by ASIO leadership as increasing risks. 

Yet critics point out the gap between the threat narrative and existing usage metrics: minimal active cases versus broad new powers proposed.

For Canada and its allies, the significance of Australia’s move is clear: intelligence agencies are seeking new terrain, both in targets and in legal authority. 

When allied states expand interrogation powers, it shifts the broader intelligence ecosystem — from what we expect of responders to how we benchmark rights, transparency and oversight.

This is a key moment for intelligence professionals, policymakers and academics: the nature of permissible intrusion in democratic societies is being recalibrated. 

The challenge is not whether intelligence agencies should adapt to evolving threats — they must — but how they adapt while preserving their institutional legitimacy and public trust.

For practitioners in Canada, the message is: don’t just watch the adversary tactics but also the allied-state legal evolutions. 

Because intelligence frameworks matter — they define what we do, who we become and the trust we maintain in our legal systems and with the public we are mandated to protect.

Well, that’s another week of intelligence wrap up.

As always, the links to the stories discussed in this podcast are available in the transcript for you to read. 

I want to inform my listeners that I will be conducting a new online course at the University of Ottawa entitled “Sabotage and Proxy Operations in Modern Intelligence”. 

This week’s podcast makes it clear why the course couldn’t be timelier. 

From the Russian-directed sabotage plots uncovered in Poland and Romania to proxy networks operating across Europe — and even potential vulnerabilities here in Canada. 

These stories demonstrate exactly how foreign states use criminal intermediaries, extremist groups, and covert proxies to disrupt infrastructure, intimidate diaspora communities, and influence Western democracies.

This course will help listeners understand those same hybrid warfare tactics in detail — how they’re planned, funded, and concealed — and why learning to recognize them is critical for protecting Canada’s national security and democratic institutions.

I’ll leave a link in the show notes and the transcript for those who are interested in enrolling. 

Until next week. Stay curious, stay informed and stay safe. 


OUTRO: 
That wraps up this week’s Global Intelligence Weekly Wrap-Up.

Thank you for joining us.

This week, we examined how Russian-directed sabotage networks in Poland and Romania are expanding the shadow war against NATO allies.

We looked at the UK’s latest espionage arrests under the new National Security Act — a reminder that Moscow’s human networks remain active across Europe.

We explored how the Netherlands is scaling back intelligence-sharing with the United States, signaling a rare rift among Western allies.

And here at home, we analyzed CSIS’s call for precision in Canada’s new lawful-access powers, alongside a federal audit that found major gaps in our national cyber defences.

Each of these stories reveals the same hard truth: espionage, sabotage, and foreign interference are not distant problems — they are shaping the security of our own democracies right now.

Producing this podcast takes extensive research, assessment, and analysis to bring you the insights that help make sense of an increasingly complex world of intelligence and security.

If you find value in this work, please consider supporting the podcast through Buzzsprout — your contributions directly sustain the Global Intelligence Weekly Wrap-Up and help us continue delivering informed, independent analysis every week.

You can find the link in the show notes or visit globalintelligence.buzzsprout.com to make a one-time or monthly donation.

Don’t forget to subscribe, share the show, and leave a review — it’s one of the best ways to help grow our community of informed listeners.

And if you’d like to take your understanding of sabotage and proxy operations even deeper, Neil’s new course with the University of Ottawa’s Professional Development Institute is now open for registration.

Until next week and as Neil always reminds us. Stay curious, stay informed, and stay safe.


Links:
Sabotage and Proxy Operations in Modern Intelligence: https://pdinstitute.uottawa.ca/PDI/Courses/National-Security/Sabotage-and-Proxy-Operations/Course.aspx?CourseCode=S0245

Segments: 

Segment 1) Poland Detains Eight People Suspected of Sabotage, Tusk Says
https://www.bloomberg.com/news/articles/2025-10-21/poland-detains-eight-people-suspected-of-sabotage-tusk-says?embedded-checkout=true

Segment 2) Romania Intelligence Service Stops Russian-Backed Sabotage Attempt in Bucharest
https://www.romania-insider.com/sri-sabotage-attempt-russia-romania-oct-2025

Segment 3) UK police arrest three men on suspicion of spying for Russia
https://www.aljazeera.com/news/2025/10/23/uk-police-arrest-three-men-on-suspicion-of-spying-for-russia

Segment 4) Dutch Intelligence Services Now Share Less Information with US
https://www.dutchnews.nl/2025/10/dutch-intelligence-services-now-share-less-information-with-us/

Segment 5) India Never Provided Their Own Evidence Amid Concerns About Sikh Separatists in Canada: Former NSIAs
https://www.ctvnews.ca/canada/article/india-never-provided-their-own-evidence-amid-concerns-about-sikh-separatists-in-canada-former-nsias
 
Segment 6)  CSIS invites scrutiny as Bill C-2 gives expanded powers for lawful access
Link: https://www.cbc.ca/news/politics/csis-lawful-access-bill-c2-9.6931987

Segment 7) CSIS Says New Warrantless Powers Need More ‘Precision’
https://ca.news.yahoo.com/csis-says-warrantless-powers-more-080005040.html

Segment 8) Canada’s Cyber-Defences Have “Significant Gaps”, Federal Audit Finds
https://www.cbc.ca/news/politics/cyber-defences-ag-cse-9.6946646

Segment 9) Expanding ASIO’s Interrogation Powers Could Lead to ‘Fishing Expeditions’, Critics Warn
https://www.theguardian.com/australia-news/2025/oct/16/expanding-asio-interrogation-powers-damage-human-rights-activists-warn