Canada’s New Cyber Strategy

Canada adapts its cyber strategy amid US tensions, focusing on whole-of-society engagement, agile leadership, and international collaboration.

The era of close cooperation between the US and Canada has been interrupted by Donald Trump’s new administration. This week, we explore how Canada is adapting its domestic cyber preparedness in the context of an increasingly fragmented international scene.

President Trump’s plan to place tariffs on Canada, Mexico, and China were a large part of the economic agenda he touted during his 2024 campaign - and on March 3, 2025, he announced that his plan to tax 25% on imports from Mexico and Canada would start the next day. Both countries have said they would respond with retaliatory tariffs on American goods, with Justin Trudeau, the Prime Minister of Canada specifically calling Trump's tariffs “a very dumb thing to do.” It’s worth noting that tensions between Trump and Trudeau have been elevated since Trump confirmed he wanted Canada to be the 51st state of America. Even while the tariffs on the US’s neighbors have been delayed for a month, concerns about a possible trade war with Canada have spread into other areas that the US and Canada collaborate on, like cybersecurity. 

The head of the Canadian Centre for Cyber Security (CCCS), Rajiv Gupta, called cyber “a non-partisan issue,”  in an interview with The Logic. Gupta explained that most people can agree on the need for cybersecurity and critical infrastructure protection - and that international cooperation has been, and will continue to be, a large part of that: “We have a huge amount of shared critical infrastructure between the Americans and ourselves that we collaborate daily on in terms of protecting. That’s a very close partnership that we need to continue to do, because it benefits both of us…We’re working closely with them, as we have in the past.” 

This appears to be true, for now. In 2024, and leading up to the newest administration, Canada worked with the US’s Cybersecurity and Infrastructure Agency (CISA) - and other international partners - to disrupt Volt Typhoon, LockBit, takedown Ghost, release joint guidance on the Salt Typhoon hack, and joint guidance on choosing secure technologies. Even after Trump’s inauguration, the US and Canada worked together to publish guidance and strategies to protect network edge devices, including routers, firewalls, and VPNs in early February. It’s uncertain if more collaboration between CCCS and CISA can be expected in the future, as Elon Musk’s Department of Government Efficiency (DOGE) has cut more than 130 positions from CISA as part of his widespread efforts to shrink the federal workforce.  

Though the future of federal cybersecurity in the US appears murky, Canada has been working to clarify their cyber strategy. On February 6, 2025, Canada released a new National Cyber Security Strategy, which aims to address the changes in the cyber threat space since their last edition in 2018. 

The plan is based on two guiding principles: “whole-of-society engagement” and “agile leadership”. Canada plans to strengthen partnerships with important groups across all parts of society (government, indigenous peoples, private sector, academia and civil society), and make the general public more aware of cybersecurity and the more pressing threats. To establish more flexible leadership, their government will have an ongoing process for security solutions, so action plans are tailored to the specific problems that arise. 

There are three pillars upholding the strategy, with three objectives each, with some actionable items and recent developments for each objective: 

• Work with Partners to Protect Canadians and Canadian Businesses from Cyber Threats

1. Forge whole-of-society partnerships: Public Safety Canada (PS) and the CCCS will create the Canadian Cyber Defence Collective (CCDC), allowing the government to gain insights related to cybersecurity threats and policies from the public and private sectors. To connect with academia, the government is funding the Cybersecurity Attribution Data Centre (CADC) at the Canadian Institute of Cybersecurity and the University of New Brunswick, which could help close the cyber workforce gap and set up artificial intelligence (AI) specialists.  
2. Defend and advocate for Canadian interests and values internationally: Global Affairs Canada (GAC) established a new position, the Senior Official for Cyber, Digital and Emerging Technology to facilitate international collaboration and represent Canada internationally. 
3. Advance national cyber awareness and hygiene: The government will use the ‘Get Cyber Safe’ program and the Canadian Anti-Fraud Centre to make the public more knowledgeable about cyber security and foster cyber resiliency.

• Make Canada a Global Cyber Security Industry Leader

1. Make Canada a trusted innovator that prioritizes cyber security: Canada will set up a strategy to encourage secure-by-design products, reminiscent of the Canadian Cyber Security Certification program that requires government defense contractors to meet a certain level of cybersecurity. They are also developing new guidelines for AI use and development. 
2. Grow the foundational workforce of the future: Building off the Upskilling for Industry Initiative and the other programs for cyber expertise, Canada will invest more in cybersecurity talent and develop a job pipeline for youth. 
3. Identify and support targeted areas of research to meet Canadian needs: While there aren’t any additional developments, research will be supported by the new policy that protects intellectual property and the CADC.  

• Detect and Disrupt Cyber Threat Actors 

1. Identify, deter and defend against cyber threats: The government of Canada will continue to use previously established groups like the Canadian Security Intelligence Service (CSIS) and programs like the Royal Canadian Mounted Police’s Federal Policing Cybercrime to address cybersecurity concerns in all communities. 
2. Improve capacity to combat cybercrime: Reflecting its participation in the Counter Ransomware Initiative, Canada is looking for ways to deter ransomware payments and will also create a new cybercrime and fraud reporting system.
3. Make critical systems more resilient: Continuing their partnerships with other cyber related federal groups in Canada, the government will work with the CCDC to diversify supply chains. 

In the press release, David McGuinty, the Minister of Public Safety, said the document “demonstrates the Government of Canada’s commitment to a whole-of-society and agile approach to protecting our nation’s cyber security for citizens across our great country, for Canadian businesses and for essential cross-border services and critical infrastructure.” The strategy is coupled with a $37.8 million investment over the next 6 years, and involves some elements that also appeared in other cyber policies - like the safe-by-design style laws in the European Union’s Cyber Resilience Act. 

It’s still not clear exactly how US-Canada trade will be affected by the rollout of tariffs on Canadian exports, but their new cyber strategy suggests that Canada is at least prepared to start improving their nation’s cybersecurity. Time will tell if this strategy will be undertaken by Canada alone or if there is still room for America to collaborate with their ‘upstairs neighbor’.