Let’s start the year by comparing recent U.S. government initiatives to protect critical infrastructure with Canada’s more hesitant efforts.
In December, I wrote about China’s likely cyber intrusion into American telecom networks. The “Salt Typhoon” campaign exfiltrated user data, sensitive infrastructure info, and employee credentials—compromising communications and paving the way for future attacks.
On Canada’s side, the Communications Security Establishment stated on December 7, 2024, that it was “not aware of any Canadian networks affected by this activity.” In other words, we don’t know—but we suspect something.
A Brutal Cybersecurity Reality Check
2024 ended with a sobering reminder: critical infrastructure is under siege. In the U.S., the Salt Typhoon breach—labeled the worst telecom hack in American history—hit at least nine major providers, including AT&T, Verizon, and T-Mobile.
The U.S. was already advancing a national cybersecurity strategy, but this attack accelerated it. Here’s a brief overview of their key actions:
Key U.S. Cybersecurity Measures
New Executive Order on Cybersecurity (Jan 13, 2025)
- AI-powered cyber defense tools at the Pentagon
- Stricter secure software development for federal contractors
- Enhanced security for federal cloud systems
- Strong encryption and identity verification for government comms
Launch of “U.S. Cyber Trust Mark” (Jan 7, 2025)
A voluntary cybersecurity labeling program for consumer IoT devices.
Public-Private Partnerships Boosted
- Discounts for small hospitals on security products
- Free/low-cost tools for school districts
- “Illicit Virtual Asset Notification” program to tackle crypto crime
FCC Regulations (Dec 11, 2024)
- Mandatory cybersecurity risk plans for telecoms
- Annual compliance certification
- Legal obligation to secure networks
Joint Federal Guidelines (Sep 5, 2024)
From CISA, NSA, and FBI:
- Configurations, vulnerabilities, network segmentation, and information sharing.
Secure American Communications Act (Jan 2025)
A new bill mandating robust telecom cybersecurity standards.
Post-Quantum Standards (Aug 13, 2024)
NIST finalized three FIPS standards for post-quantum encryption—crucial for future data protection.
What’s Happening in Canada?
International Collaboration (Dec 7, 2024)
Canada’s CCC co-published guidance with allies on securing telecom infrastructure.
Increased Monitoring
CCC has ramped up efforts to support critical infrastructure operators.
Cyber Threat Assessment (Oct 15, 2024)
Canada acknowledged state-sponsored cyber threats are intensifying, especially against critical sectors.
Legislative Setbacks
Bills C-26 and C-27, meant to strengthen cybersecurity and modernize data/privacy laws, died when Parliament was prorogued on Jan 6, 2025. They’ll need to restart the entire legislative process.
Stop Stalling—Time to Act
Despite rising budgets and well-intentioned initiatives, Canada lags far behind in implementing robust cybersecurity frameworks.
While countries like the U.S., UK, and Australia enforce strict regulations and mandatory certifications, Canada hesitates. Key sectors—energy, health, finance, telecom—remain dangerously vulnerable to advanced attacks.
Thankfully, some private institutions are leading by example with strong cyber defense. But they are the exception, not the rule.
In an era of state-sponsored cyberattacks and rising geopolitical instability, Canada must stop dragging its feet. Endless consultations and stalled bills aren’t enough. Citizens and businesses deserve confidence that their data and critical systems are secure.
The next government must lead.
Cybersecurity is now a matter of national survival. Canada must catch up—and fast. Inaction is no longer an option in a world where digital threats are as real as physical ones.