Canada’s national cybersecurity strategy 2025

Strategies and Action Plans

Canada’s 2025 National Cyber Security Strategy, titled ‘Securing Canada’s Digital Future‘, sets out a comprehensive and dynamic approach to countering the rapidly evolving cyber threat landscape. This long-term strategy is structured around three core pillars, guided by two foundational principles: whole-of-society engagement and agile leadership. Below is a detailed explanation of its framework and vision:


Foundational principles

  1. whole-of-society engagement
    Cybersecurity is a shared responsibility. The strategy emphasises collaboration across all levels of government, Indigenous communities, industry, civil society, and academia. Public awareness and individual digital hygiene are integral to national resilience.
  2. agile leadership
    Recognising the fast-changing digital environment, Canada commits to an evolving set of issue-specific action plans, rather than a static roadmap. These plans will be created in consultation with stakeholders, ensuring adaptability and ongoing relevance.

Three strategic pillars

Pillar 1: work with partners to protect canadians and canadian businesses from cyber threats

  • whole-of-society partnerships:
    Establish the Canadian Cyber Defence Collective (CCDC) to enhance coordination across public and private sectors. Efforts include regional inclusion, especially for Indigenous and remote communities.
  • international advocacy:
    Canada promotes norms-based behavior in cyberspace, aligns with the UN’s cyber norms, and leverages diplomatic tools including sanctions. It created a new Senior Official for Cyber within Global Affairs Canada to lead international coordination.
  • national cyber hygiene:
    Programs like Get Cyber Safe and support from the Canadian Anti-Fraud Centre aim to enhance public digital literacy, combat misinformation, and reduce cybercrime victimisation.

Pillar 2: make canada a global cyber security industry leader

  • trusted innovation:
    Canada aims to be a ‘secure-by-design’ technology leader. This involves strengthening consumer protections, developing IoT labeling, and aligning with international cyber certification standards (e.g., compatibility with U.S. CMMC).
  • cyber workforce development:
    Through programs like Upskilling for Industry, Express Entry, and the Cyber Security Cooperation Program (CSCP), Canada is investing in training, attracting global talent, and ensuring diversity in the cyber workforce.
  • research and innovation:
    Canada supports homegrown research in quantum-safe cryptography, secure AI development, and national initiatives like the Cybersecurity Attribution Data Centre (CADC) and the National Quantum Strategy.

Pillar 3: detect and disrupt cyber threat actors

  • cyber defence operations:
    Agencies like CSE, CSIS, RCMP, and the CAF play roles in offensive and defensive operations against state actors and criminals. These include foreign interference, ransomware disruption, and filtering malicious traffic via ISPs.
  • combating cybercrime:
    The National Cybercrime Coordination Centre (NC3) and international law enforcement partnerships address ransomware, online fraud, and child exploitation. Canada is aligning with the Counter Ransomware Initiative to reduce ransom payments.
  • resilience of critical systems:
    Mechanisms such as the Government Cyber Security Event Management Plan and the Federal Cyber Incident Response Plan ensure national preparedness. Collaboration with infrastructure stakeholders and groups like CIRA, CCTX, and Rogers Cybersecure Catalyst further strengthens systemic resilience.

Implementation and oversight

  • The Strategy will be implemented through ongoing action plans, supported by a flexible structure to adapt to emerging threats.
  • Federal roles are clearly defined for key institutions including:
    • Canadian Centre for Cyber Security (CSE)
    • Public Safety Canada
    • RCMP & CSIS
    • Transport, Natural Resources, and Innovation Canada, among others.