The Canadian Government Under Digital Siege

As cyber threats continue to evolve, so too do the risks to Canadian security. The "National Cyber Threat Assessment 2025–2026" recently unveiled a troubling reality: the Canadian government is persistently targeted, compromised, and monitored by the People’s Republic of China (PRC). Chinese cyber operations have systematically breached federal, provincial, municipal, and Indigenous networks over the past five years, with multiple layers of government and public officials compromised.

This consistent targeting goes beyond mere espionage. The Canadian government has become a focal point for intelligence collection that serves China’s economic and political objectives, empowering China to gather information that aids in its broader global strategy. Even more concerning, China’s cyber activity intensifies following diplomatic frictions between Canada and the PRC. This suggests that China's cyber intrusions are not just data gathering operations but strategically timed acts of state influence, gauging Canada’s reactions to international events and potentially impacting policy formulation and national security decisions.

Beyond China’s ongoing hacking of Canada, here are some other highlights from the report:

1. The Growing Unpredictability of Geopolitically Motivated Hacktivism

Hacktivism is no longer a niche phenomenon. Recent events, such as conflicts in Ukraine and Israel-Palestine and Canada’s tense relations with India, have amplified cyber actions from politically motivated groups. These non-state actors, sometimes aligning loosely with state objectives, capitalize on geopolitical events to attack governmental and critical infrastructure. While their motivations may stem from patriotism, ideology, or self-promotion, the results can be disastrous. Hacktivist groups have disrupted municipal water systems, launched denial-of-service attacks on military websites, and even compromised industrial control systems. Canada’s digital infrastructure, increasingly in the crosshairs, must be prepared for this volatile and unpredictable cyber landscape.

2. Vendor Concentration: Canada’s Digital Chokepoints

Canada’s reliance on a handful of tech giants for critical digital services is creating high-risk single points of failure. The "digital chokepoints"—cloud providers, communication platforms, and enterprise solutions—have immense power over sectors like finance, healthcare, and logistics. This concentration makes Canada, and other similarly structured countries, incredibly vulnerable to attacks targeting these dominant vendors.

When a single vendor like Microsoft, Amazon, or Google experiences a breach, the resulting impact can cascade across entire industries and sectors. Even more worrisome, sophisticated state-sponsored actors are reportedly developing techniques to compromise and bypass security in these dominant platforms. This highlights the urgent need for Canada to diversify its technology infrastructure or face the systemic consequences of a potential “chokepoint” failure.

3. Emerging State Actors on the Cyber Stage

The cyber landscape is no longer defined solely by traditional adversaries like China and Russia. Emerging players, notably India, are growing their capabilities and expanding their influence through cyberspace. India’s cyber program, while focused on domestic priorities, has also targeted Canadian networks, particularly in the wake of recent diplomatic tensions.

India’s approach differs from China’s well-established infrastructure; instead, India is rapidly enhancing its operations by leveraging commercial cyber vendors, gaining access to robust capabilities without direct state development. The increasing presence of these new cyber actors underscores the shift toward a multipolar digital landscape, where more nations assert their authority and influence through cyberspace, often with subtle but far-reaching implications for Canada’s national security.

The Risks of Artificial Intelligence to Canada’s Security

As AI technologies reshape industries, they are also revolutionizing cyber threats. Malicious actors, including state-sponsored groups, are leveraging AI for data analysis, content generation, and, most troublingly, creating realistic audio, video, and text for social engineering attacks. AI-driven cybercrime could amplify attack frequency and precision, making it harder for organizations and government agencies to defend against them.

Ironically, Canada’s adoption of AI within government functions might make it more vulnerable. Without stringent security controls and thorough testing, AI-based systems could become both a target and a tool for adversaries. Government systems utilizing AI for data processing, communications, or decision-making could be exploited by attackers leveraging AI to infiltrate, manipulate, or disrupt critical functions.

In this era of rapid technological advancement, AI offers both opportunity and risk. Canadian agencies must adopt these technologies with foresight and caution, aware that with greater connectivity and complexity comes greater responsibility and vulnerability.

The Future of Digital Authority

As cyber threats escalate, Canada faces a critical juncture in defining the future of its digital authority. The breaches we see today—China’s relentless intrusions into government networks, hacktivist disruptions, and the unregulated rise of AI—are not just immediate threats; they are profound challenges to Canadian democracy. With dominant tech companies holding choke points in our infrastructure, and emerging state players like India asserting their influence through cyberspace, the very concept of authority is being redefined.

If our government cannot shield its own systems, what does this mean for Canada’s abilities to govern? Can we continue to entrust private companies with our most critical functions, or should Canada seek a different path toward digital resilience? As AI becomes a double-edged sword in both defense and exploitation, are we prepared for the consequences of integrating it deeper into our government?

These are the questions we must answer if we’re to protect the integrity of our institutions in an era of digital power struggles. The time to act is now—but what direction will Canada choose?