In the context of ongoing tariff tensions between Canada and the United States, discussions often center around key sectors such as the auto industry, electricity, aluminum, lumber, and tourism. However, it's crucial to remember that these industries are deeply reliant on technology.
Some political figures have raised the idea of boycotting U.S. software, but is such an approach truly feasible? Is it more of a political stance or a lack of understanding of the underlying issues?
This article examines Canada's technological dependence on its southern neighbor.
A nod to Russia?
The Five Eyes is an intelligence alliance of five countries: the United States, Canada, the United Kingdom, Australia, and New Zealand. Originating from World War II, this partnership is based on intelligence sharing among these nations' security and surveillance agencies, particularly in cybersecurity, counterintelligence, and counterterrorism.
A strategic shift seems to be taking place in U.S. diplomacy, where Russia is being treated with a more conciliatory tone, while traditional allies are facing growing hostility. This shift could impact our ability to respond to traditional cyber threats.
In late February, U.S. Secretary of Defense Pete Hegseth reportedly ordered the suspension of all offensive operations by U.S. Cyber Command (USCYBERCOM) against Russia. The decision was said to be motivated by diplomatic efforts to negotiate a resolution to the conflict in Ukraine. However, other official sources have contradicted this, and the Pentagon has formally denied halting cyber operations against Russia.
These contradictions may weaken the Five Eyes alliance by casting doubt on the reliability of U.S. cybersecurity strategy. A lack of clarity could affect information sharing and operational coordination. From a Canadian perspective, it is fair to ask what our real contribution is, and whether we have the necessary capabilities to act independently of the U.S. in countering threats from Russia and China. Unsurprisingly, the U.S. sees Canada as a junior partner.
As of now, there has been no specific official reaction from Canada regarding the potential U.S. withdrawal from cyber operations against Russia. Canada remains a prime target for Russian cyber activities due to its NATO membership and support for Ukraine. In the U.K., Russia is seen as an imminent threat. In November, a senior British official warned that Russia is preparing a series of cyberattacks against the U.K. and NATO allies. Russian efforts are reportedly focused on targeting power grids, according to British threat intelligence.
A Paradigm Shift
As the U.S. adopts a more transactional posture in international relations, Canada must urgently reassess its priorities and reduce its dependence on U.S. infrastructure. Building resilience requires a more autonomous and proactive approach by strengthening national capabilities and diversifying strategic alliances.
Here are five major areas where Canada remains heavily dependent on the U.S.:
1. Canadian Internet Infrastructure:
A significant portion of Canada’s Internet traffic still passes through the U.S., even for domestic communication. This is due to north-south oriented infrastructure and limited access to international submarine cables. A study by Packet Clearing House and CIRA found that 64% of Internet routes between Canadian sources and destinations transited through the U.S.
Think of it like air travel: large airports offer connections to many destinations, while smaller ones rely on them as hubs. Internet traffic works similarly, with data routed through major connectivity centers—most of which are in the U.S. Hubs like New York, Chicago, and Seattle are central to Canadian data routing, underlining our dependence and the need to invest in local infrastructure and direct international interconnections.
2. The PRISM Program:
Revealed in 2013 by Edward Snowden, PRISM shows that the U.S. National Security Agency (NSA) collects and analyzes data flowing through American communications infrastructure. With massive storage capabilities—including a Utah facility estimated to store up to 12 exabytes—the NSA can retain this data for years and share it with agencies like the FBI and CIA.
PRISM illustrates a hard truth: the U.S. has near-total access to data passing through its infrastructure and can use it as it sees fit. This reality poses a serious challenge to Canada’s digital sovereignty, emphasizing the need to reduce reliance on U.S. networks to protect sensitive communications and data.
3. Website Hosting:
About 70% of the top 250 websites visited in Canada are hosted in the U.S. Most ".ca" domain sites are hosted outside of Canada, primarily south of the border.
4. Cloud Services:
Many Canadian businesses rely on cloud services provided by U.S. companies, exposing their data to American jurisdiction. Some Canadian providers are making efforts to offer local alternatives, but these still often rely on U.S.-developed virtualization technologies, limiting their true independence.
5. Cybersecurity Services:
When it comes to threat detection and mitigation, most Canadian cybersecurity solutions are built on infrastructure provided by major U.S. vendors like AWS, Microsoft, CrowdStrike, Palo Alto Networks, and Fortinet.
6. Semiconductors and AI:
Canada imports large quantities of American-made components. Although it has assembly facilities such as the one in Bromont, Quebec, these depend heavily on U.S. parts. In AI, despite strong research capabilities, Canada remains dependent on American cloud infrastructure for data processing and storage.
This dependence limits Canada’s technological sovereignty and its ability to independently address geopolitical challenges. While the Canadian government has invested in national initiatives—including $2.4 billion for AI infrastructure in 2024—these efforts pale in comparison to U.S. investments.
Toward Canadian Resilience
Almost all of Canada’s critical infrastructure relies on telecom networks connected to U.S. servers and on software developed and maintained by American firms. While some U.S. sectors also depend on Canada, the imbalance clearly favors our southern neighbor. This massive dependency means Canada lacks true digital sovereignty.
In a world where technology underpins economic competitiveness and security, Canada must accelerate its digital transformation, bolster cybersecurity, and build its own AI capabilities. If the U.S. were to apply strategic pressure, Canada could be left digitally paralyzed, exposing the fragility of our autonomy.
What if U.S. Internet transit were suddenly cut off? What if critical software updates were delayed in Canada, leaving systems vulnerable to foreign attacks? What if the Five Eyes alliance stopped sharing intelligence, forcing Canada to go it alone? These are no longer just hypotheticals but real risks our leaders must consider.
From Posturing to Action
Many Canadian politicians take a defiant stance toward threats from the Trump administration, perhaps to appeal to voters. But it’s time to move from bravado to action. Canada must reassess its priorities and work toward real digital sovereignty.
This means supporting local innovators, investing in modern telecommunications infrastructure, and empowering Canadian players that drive our technological independence.
Instead of funding flashy projects, it would be far more strategic and cost-effective to invest in digital sovereignty—a critical lever for ensuring competitiveness and preserving national identity.