The Honourable David McGuinty, Minister of Public Safety, on February 6th unveiled Canada's National Cyber Security Strategy (NCSS), a long-term plan to protect Canadians, businesses, and critical infrastructure from an increasingly complex cyber threat landscape.
With cybercrime, state-sponsored attacks, and digital risks evolving rapidly, the strategy aims to modernize Canada's cyber defenses through enhanced collaboration, industry leadership, and proactive threat mitigation.
For cybersecurity professionals, the new strategy signals a shift toward greater public-private collaboration, stronger regulatory measures, and increased investment in cyber innovation.
"Technology is an integral part of our lives that has become increasingly linked to critical infrastructure and the services we rely on daily like our hospitals, transit systems, energy suppliers, and telecommunications systems," said a press release from Public Safety Canada. "Along with this connectedness come cyber threats, including cybercrime, that are evolving rapidly and creating greater impacts on our national, economic, and continental security."
"The immediate knee jerk reaction to this is, FINALLY!" said Kenrick Bagnall, Founder, KONCYBER & RB-Cyber Assurance; RCMP Contractor/Instructor; Toronto Police Service Cybercrime Unit (Ret.). "With emerging and evolving cyber threats perpetually pushing practitioners in various disciplines to be at the top of their game, strategic guidance from a federal perspective is very important. So the questions become: now that the new strategy is out, did they hit the mark, and if not, where did they fall short?"
Bagnall added that his key point of reference for answering that question is the "Report of the Auditor General of Canada to the Parliament of Canada on Combatting Crime," specifically Report 7.
"This 2024 report, produced by the Office of the Auditor General of Canada, makes their findings quite clear. I think the objectives within each pillar of the strategy are on point. I don't believe they can be realistically achieved before the auditor general's points and recommendations are addressed," Bagnall said. "Specific references are made regarding issues with case management and incident response, notification and collaboration with cybercrime victims, limited resources resulting in cybercrime reports not being acted on, and more."
"If the 2025 National Cyber Security Strategy for Canada expands our capability and improves our resiliency, while addressing and mitigating the concerns raised and recommendations made in the auditor's report, then we really have something that will move the needle," added Bagnall.
The three pillars of Canada's new cyber strategy
1. Strengthening cyber defenses for Canadians and businesses
Recognizing that cyber threats impact all sectors, the government is prioritizing whole-of-society partnerships to enhance cybersecurity resilience. Key initiatives include:
- Establishing the Canadian Cyber Defence Collective (CCDC), a national public-private partnership to tackle cyber threats.
- Expanding cybersecurity awareness programs like Get Cyber Safe to improve cyber hygiene among individuals and businesses.
- Launching a Cybersecurity Attribution Data Centre (CADC) at the University of New Brunswick to bolster cyber threat intelligence and AI-driven cyber research.
2. Positioning Canada as a global cybersecurity leader
To drive innovation and workforce development, the NCSS introduces initiatives to:
- Support secure-by-design technologies and IoT security labeling.
- Expand cybersecurity talent pipelines through apprenticeship programs and upskilling initiatives.
- Strengthen Canada's role in post-quantum cryptography research to protect against future quantum computing threats.
- Promote AI security guidelines to mitigate risks posed by generative AI and deepfake-driven cyber threats.
3. Detecting and disrupting cyber threat actors
Cybercrime, ransomware, and state-sponsored attacks remain top concerns. The government is ramping up proactive threat detection and response efforts, including:
- Expanding cybercrime enforcement via the National Cybercrime Coordination Centre (NC3) and RCMP cyber units.
- Introducing mandatory ISP botnet blocking rules to disrupt malicious networks before they reach Canadian users.
- Strengthening nation-state threat mitigation through cyber operations led by CSE, CSIS, and the Canadian Armed Forces.
George Al-Koura, CISO, Ruby Life, and Co-Host, Bare Knuckles & Brass Tacks Podcast (and Ottawa resident), had this to say on LinkedIn:
"I think that it's a step in the right direction, generally. The Three Pillars of NCSS are on point and is the best part of this strategy (IMO). Though the new strategy is certainly an improvement upon the one section in 'Joint Capabilities' mentioning cyber in Strong, Secure, Engaged, but it still falls short of setting an actionable strategic shift in our national cyber defence policies.
Cyber is run at the DM & ADM levels by committee, with the recent standup of CAFCYBERCOM being the most substantive move towards operationalization of a centralized, modern approach to cyber defence. To use the language of Agile leadership is disingenuous to the reality of the matter. Each of these committees have competing interests and priorities within the portfolios of their personnel.
What we actually need is a proper federal minister for cyber defence/security along with an empowered 'cyber czar' who should be a civilian public servant (whether or not they are hired in such a role from the private sector or elevated from the public service). The CCDC could be a good place to transition to a centralized leadership approach too. Time will tell."
Colonel Cedric Leighton, CNN Military Analyst; USAF (Ret.), Chairman, Cedric Leighton Associates, LLC, added his expert commentary:
"The whole-of-society approach the new Canadian National Cyber Security Strategy takes is commendable. Similar approaches to cybersecurity should be standardized across NATO, given the cyber threats the Alliance faces on a daily basis.
It will be interesting to see how the CCDC and the CADC coordinate their respective efforts. If that coordination takes place in real-time, it will have a greater chance of success.
The strategy's emphasis on countering generative AI threats and its goal of establishing Canada as a potential key player in post-quantum cryptography research could open the door to Canada becoming a major cybersecurity innovator.
The success of this new strategy will also depend on Canada continuing its 'special relationship' with its U.S. intelligence and law enforcement counterparts. The current political climate in the U.S. could prove challenging in this regard."
[RELATED: Cyber Powers: Ranking the Top 30 Nations by Capabilities, Intent]
What this means for Canadian cybersecurity professionals
1. More compliance and regulatory changes – Expect new cybersecurity regulations for critical infrastructure, secure software design, and AI governance.
2. Stronger public-private partnerships – Private sector organizations will play a larger role in national cybersecurity efforts through threat intelligence sharing and coordinated incident response.
3. Greater investment in cyber workforce development – Programs for training, hiring, and upskilling cybersecurity talent will expand, helping address Canada's cyber skills gap.
4. Emphasis on emerging tech security – The NCSS signals a major focus on AI, quantum computing, and IoT security, creating new opportunities for cybersecurity innovation.
"The success of Canada's National Cyber Security Strategy will ultimately depend on addressing vulnerabilities across all levels of society," said Gennady Duchovich, Principal Cybersecurity Advisor, 1SEC Solutions Inc. "In cybersecurity, we are only as strong as our weakest link—whether that link is an individual who falls for a phishing attack, a small business struggling with limited resources, or a critical infrastructure provider with outdated systems. By fostering a culture of cyber resilience through education, equitable resource distribution, and robust public-private collaboration, we can ensure that no link in the chain is left behind."
Duchovich added additional considerations the new strategy sparked for him:
- Integrating cybersecurity literacy into educational curricula and community programs.
- Ensuring transparent funding mechanisms to promote equitable resource allocation across sectors.
The global impact: how this affects Canada's trading partners
Canada's commitment to strengthening cybersecurity aligns with broader global initiatives, such as:
- Collaboration with the U.S. and allies on cybercrime enforcement and supply chain security.
- Aligning cyber regulations with international standards to facilitate cross-border business.
- Deepening partnerships with NATO and the Five Eyes to counter state-sponsored cyber threats.
Canada's 2025 National Cyber Security Strategy underscores the urgent need for cyber resilience, industry collaboration, and workforce development. For cybersecurity professionals, this is both a challenge and an opportunity:
- CISOs and security teams should prepare for new compliance requirements and industry standards.
- Organizations should prioritize secure-by-design technologies to align with government incentives and regulations.
- Cybersecurity professionals should invest in upskilling, particularly in AI security, quantum-resistant cryptography, and cyber threat intelligence.
"Canada must continue to be a leader in cybersecurity, especially in the face of persistent and ongoing cyber threats," Minister McGuinty said. "The new National Cyber Security Strategy demonstrates the Government of Canada's commitment to a whole-of-society and agile approach to protecting our nation's cybersecurity for citizens across our great country, for Canadian businesses, and for essential cross-border services and critical infrastructure."
