It’s been a banner month. Three statements about state cyber effects just entered the public record within four weeks of one another.
First, at the end of June 2026, Canada’s Communications Security Establishment published its annual report for the year ending March 31, 2026.

As the global security environment became more complex and contested, we enhanced our operations, partnerships and capabilities to better execute our mandate. Our throughline is greater integration – bringing together diverse perspectives, creativity, and focus to support Canada’s security today and into the future. This report provides an unclassified summary of CSE’s activities from April 1, 2025, to March 31, 2026. Unless otherwise stated, “this year” refers to this reporting period.
Second, on June 30, a recurring podcast segment argued that signals intelligence agencies are the wrong institutional home for cyber forces, a claim I examined in my Empty Hat post.
Third, five days after that, the German interior ministry circulated its 691-page Referentenentwurf granting automated countermeasure and deception powers to the domestic services, which I examined in an earlier post here.
The three landed independently, so they beg a comparison here. The podcast asserted, without falsifiable support, that a certain kind of organization cannot exist. The German draft proposed to build that thing that can not exist, without describing it. And then the Canadian report describes one that has been operating for years, with measured details. Are we having fun yet?
Can’t make maple syrup without a tap
The Canadian Communications Security Establishment is a signals intelligence agency, eighty years old this year, answering to the defence minister. Its founding mandate is collection. Since the CSE Act of 2019 it has also held two more mandates, defensive and active cyber operations. The annual report describes a year of them, with specific cases.
A SIGINT team identified foreign brokers selling precursor chemicals for deadly fentanyl; the agency collected intelligence on the brokers, developed disruption options, and conducted authorized active cyber operations that diminished their ability to operate.
A second case followed the same sequence against a foreign extremist group recruiting in Western countries: collection, analysis of the group’s network and vulnerabilities, then an operation against its credibility and recruiting.
A third, run with Five Eyes partners and law enforcement, rendered the infrastructure of a ransomware-as-a-service group inoperable and deleted stolen data that had been advertised for sale; the group had been tied to more than twenty-five incidents against Canadian transportation, healthcare, pharmaceutical, and business targets.
Alongside these three, the agency reports concurrent technical disruptions against ten ransomware groups and one defensive operation that disrupted the infrastructure of a phishing campaign aimed at federal institutions.
Each case study in the report is written in the same order: collection first, analysis second, operation third. The sequence is blindingly obvious: a ready step, an aiming step, and then fire. It is the operating model the report describes throughout, in which foreign intelligence, cyber defence, and cyber operations are integrated so that action follows insight. Because who in the world would ever argue professionals should leap and then look?
The intelligent operator
The report restates the statutory limits under which these operations run. Active cyber operations cannot target Canadians anywhere in the world, nor anyone inside Canadian borders. They must not interfere with the course of justice or democracy, and must not cause death or bodily harm to an individual, either deliberately or by criminal negligence.
The negligence standard is written into the authorization system itself, before any operation is proposed. Approval runs on what the report calls a two-key system: every cyber operation requires the approval of the Minister of National Defence, active operations additionally require the consent of the Minister of Foreign Affairs, and Global Affairs Canada assesses the foreign policy and international law implications of each proposal. Dual key, split control is classic baseline safety.
The report then does a count. Thirteen ministerial authorizations were issued in the year. Nine, covering foreign intelligence and cyber security, went to the Intelligence Commissioner, a retired judge, for independent approval before any activity could begin; all nine were approved. Four covered foreign cyber operations, three active and one defensive, each valid for one year and issued for specific objectives that may support multiple operations. These four do not pass through the Intelligence Commissioner, a gap in the Canadian architecture that its critics have noted since the CSE Act was passed.
The gap is visible to the public as nine authorizations independently pre-approved, four not.
The counting includes failure, because it matters even more than success. The compliance section records 186 operational compliance incidents involving information related to Canadians and 14 that did not, each reviewed, with corrective actions identified. Requests for Canadian identifying information numbered 1,032 domestic and 75 international; 930 were disclosed and 177 denied or cancelled. The agency contributed to 26 external reviews, delivered 24 briefings to review bodies, and answered 454 of their questions. The National Security and Intelligence Review Agency piloted a Technical Assurance Review that examined the agency’s technical systems directly, and the agency published its management responses to two of that body’s reports.
The Auditor General separately audited the cyber security of federal networks, including the agency’s role.
None of this establishes that the operations themselves were wise or even that they were well-aimed. It’s an agency’s account of itself, listing successes without error rates. What it establishes is the authorization comes in advance by named officials, bounded by codified limits including a criminal-negligence standard, reviewed by external bodies with published output, and accounted for in numbers that include the denials and the compliance failures.
Empty Hat podcast
The podcast’s claim was that the collection-first mindset of a signals agency structurally suppresses effects, so that a separate organization is required. The Canadian report is a year-long record of the opposite arrangement functioning: a collection agency running active operations against criminal, extremist, and ransomware targets from inside the collection house, with the collection preceding and steering every operation described. The report even names the cooperative arrangement with the military’s cyber command, whose members are integrated into the agency’s operations.
Whether the operations achieved what the report says they achieved has to be accepted for now. That they were organized, authorized, and conducted at all is sufficient to answer a thesis which held that this organizational form is incapable of producing them.
German draft falls apart
The comparison with the Referentenentwurf is the real story here, because the two documents go entirely opposite directions.
On human oversight of automation, the German draft’s justification for automated countermeasures states that an intermediate step of human processing provides no relevant quality assurance and delays defence in ways that endanger success.
The claim is asserted, not demonstrated, in any of the draft’s 691 pages. The ministry found time for 691 pages of flourish ignoring Nazi history. It could not find time for one review. The one step it deleted is the one that catches repeating known errors.
The Canadian agency, which operates automation at scale, published guidance in March 2026 stating that AI systems require continuous monitoring and human oversight for critical decisions to remain within acceptable risk boundaries, describes its internal framework as maintaining the accountability and human oversight needed for responsible use, and instructs its own employees to always verify AI-generated processes and results.
The organization with the actual operational record treats the human step as the control. The ministry without one treats it as friction.
On harm, the Canadian statute prohibits death or bodily harm by criminal negligence before any operation begins. The German draft contains no error-rate analysis, no misattribution analysis, and no third-party harm analysis for either of its two novel powers.
On approval, the Canadian system requires two ministers and, for most of the agency’s authorizations, a retired judge in advance. The German draft consolidates three independent oversight bodies into one and permits an agency head to defer that one’s pre-approval on self-certified urgency.
On scope, the Canadian prohibition on domestic targets is absolute. The German draft’s deception power targets Germans, domestic by design, a ready-made instrument for whoever controls the ministry next.
On accounting, the Canadian report publishes its authorization counts, its refusal counts, and its compliance-incident counts, including the four authorizations that escape independent pre-approval. The German draft establishes no metric that would ever produce such numbers.
Comparative conclusions
The Canadian report is refreshing while also declining to say active cyber operations are prudent, proportionate, or effective. The agency’s annual report won’t ever show that, since at best it would quantify its own operational errors. What it shows is that a signals intelligence agency can run effects operations under prior authorization, codified harm limits, external review, and published accounting, because one does, and says so in a document anyone can read.
As someone who has publicly advocated and been involved in this for a very long time, the question was answered in practice at least a decade ago.
The podcast declared the arrangement impossible, days after the record of it being possible and successful was published.
The German draft proposes a rapid grab of powers without safety, declaring worthless the specific safety control that the one agency with a current public record insists upon.
A state is free to conclude that Canada’s model is running too slow, shows too much caution, or has been too constrained. What it cannot claim, with this detailed report out and on the table, is that no workable alternative to unaccountable automation was available to cite.
The correct answer was published first, before a 2+2=3 crew started campaigning that cyber means shoot first and ask questions later.



