Leave a comment

Editor Notes:

• I have two new papers out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

  • Everything You Should Know About CAF Cyber Command

• Go sign Tanya Janca’s Secure-Coding Petition!

  • The article is finally out and can be read here.

• Microsoft invited me and other academics, privacy experts, and various business/tech/thought leaders to try to convince us they’re good at protecting Canadian digital sovereignty. I trust them less now. New paper on this soon.

Feature your business in Canadian Cyber in Context through sponsorship.

Share

Canadian News

• A network of YouTube accounts is promoting U.S. annexation to Albertans, researchers say. It has 40M views

  • Dutch YouTube creators behind Alberta separatist videos getting millions of views

    • Some additional research and coverage by CBC

• Canada’s new US economic advisory committee draws backlash from tech leaders

  • This is not surprising. When you have Evan Solomon as your Minister for AI and Emerging Tech, it means you have a cabinet who is illinformed on emerging technology. You need those with knowledge about IP, emerging technology, data, and more. This cabinet has shown that it is illequipped to understand emerging technology and are relying heavily on the bureaucracy, which can only do so much without political leadership.

• Kevin O’Leary pins water licence for $70-billion data centre project on a small Alberta municipality

  • Canadian con-man continues to grift Alberta and Canada. Also, water is wet. The municipality declared an agricultural emergency in 2025, so there is a risk they will be unable to secure water rights.

• Surveillance vendors caught abusing access to telcos to track people’s phone locations, researchers say

  • This is coverage of University of Toronto’s Citizen Lab report. Telcos have been abused for a long time and Canadian telcos are not immune to this.

• New IDEaS Challenges:

  • Multi-modal AI for advanced situational decisions

  • Cognition and trust: Real-time dynamic calibration for human-autonomy teams

  • For those unfamiliar, Innovation for Defence Excellence and Security (IDEaS)

  • Rather than force you into initial lower level funding as a gate to higher level funding, IDEaS is now allowing you to apply to greater levels of funding based on the TRL of the solution..

• Cohere to acquire Germany’s Aleph Alpha in sovereign AI play

  • Major news in Canada, and likely Germany. Cohere has been a Canadian AI darling, building organization-specific tools and LLMs, of which I have generally heard positive things. And at the very least I haven’t heard anything negative.

  • This is being described as a merger, but Cohere is coming out with a bigger edge here and sources tell Betakit that Cohere is buying Alph Alpha, so it is not a merger at all. They are likely playing up the merger angle to keep EU and German regulators and shareholders happy. While there are obvious mercantalist concerns about the Canadian-ness or German-ness of the company as nationalism and sovereignty in commerce continue to rise, this could be a significant boon for Canada and the EU to counter the dominance of US-based AI companies.

• BDC’s new $500-million loan program will help smaller businesses adopt AI

  • “$500-million LIFT initiative (which stands for “Lead with Innovation and Focus on Technology”) connects SMEs with consultants who will help them figure out where AI can best be integrated into their businesses, then provides a loan to get it done.”

  • Sounds like a big cash grab for consultants.

• Cybersecurity incident at Canada Life reportedly impacts thousands

  • As I highlighted last week, a cybersecurity incident at Canada Life is now making Canadian news.

• Data portability and interoperability are key to competition in the digital health care sector

  • These are remarks by Brad Callaghan, Associate Deputy Commissioner of the Policy, Planning and Advocacy Directorate before the Senate Standing Committee on Social Affairs, Science and Technology

• 369 Global Launches The Canadian Centre for Cyber Defence to Strengthen Canada’s Digital Security Posture

  • A non-profit launched by a consulting group to function as a “cybersecurity innovation hub.” The website is full of buzzword bingo, but I remain optimistic about what they intend to accomplish if they are genuine. I’m also not a fan of them specifically taking a name so similar to the government’s Canadian Centre for Cyber Security.

• Toronto police make arrests in text-message cyberattack, 13M disruptions reported

  • I’m actually a bit surprised this is the first time. SMS blasting is a pretty low-level, easy thing to do, but it’s also pretty easy to get caught in most cases.

• Canadian Armed Forces to conduct inaugural active participation in Exercise BALIKATAN

  • United States- and Philippines-led exercise in which CAF Cyber Command will participate.

• Bring military, spy agencies under federal whistleblower law, review report urges

  • There are certain reporting gaps, especially related to CAFCYBERCOM.

• Bill C-22: An Act respecting lawful access - Charter Statement

  • Government releases charter statement regarding Bill C-22. They’re glossing over a lot of issues with this and many privacy experts are not happy.

• Avi Lewis is smart to shed light on surveillance pricing

  • This is an opinion article, but as I have not included anything on the surveillance pricing discussions so far, I felt this was a good introduction.

• OpenAI’s Altman ‘deeply sorry’ company didn’t flag Tumbler Ridge shooter’s messages to police

  • Wrote in a letter, which feels very disingenuine.

• Checking out the political optics of Bell’s AI data centre near Regina

  • The project has a lot of political support, but the community support appears unclear.

• Manitoba to ban social media, AI chatbots for youth, premier says

  • All actors involved are trying to pass the buck on actually managing such bans that inadequate systems are put in place and the average person will lose their privacy.

• Government of Canada invests $23.8 million to help youth build the skills necessary for the evolving digital economy

  • A few similar programs have ended in the last few years, so it is good there is new funding.

• Government of Canada investing in Winnipeg industry to strengthen Canada’s defence capacity

  • Part of this funding goes to StandardAero, which is “[integrating] advanced digital technologies.”

• Government of Canada strengthening our economy and military readiness through new defence investments in Saskatchewan

  • Includes funding for Saskatchewan Polytechnic’s Digital Integration Centre of Excellence.

• Government of Canada invests $976,650 to help more Northern Ontario business diversify and expand into the defence sector

  • Looks like at least some of this is going towards cybersecurity.

• Backgrounder: CanNor invests in projects to strengthen Nunavut’s economy, infrastructure and Arctic security

  • Some of the funding is going to support the Kivalliq Hydro-Fibre Link.

• Locked Shields 2026: 41 Nations Strengthen Cyber Resilience in World’s Biggest Exercise

  • Canada participated in NATO cyber exercise Locked Shields.

Canada-Relevant News

As many issues don’t respect borders, this section is for stories that impact Canada, but may not be Canadian-sourced or focused, to differentiate from the previous section, which is 100% focused on Canada

• Cloud platform Vercel says company breached through third-party AI tool

  • An employee’s use of compromised context.ai that allowed the threat actor to access Vercel via the employee’s google workspace account. This appears to be significant enough to warrant inclusion in this section.

• We translated the Palantir manifesto for actual human beings

  • A good breakdown of Palantir’s fascist manifesto. Palantir operates in Canada, and Canadians should be careful.

• Anthropic secretly installs spyware when you install Claude Desktop

• How Amazon’s AI Algorithms Raise the Prices You Pay

• Your period tracking app has been yapping about your flow to Meta

  • The sharing of women’s health data via apps like this has been going on for years now, so this is an evolution of it to show how major corporations are involved in accessing and hoarding your data.

• Exclusive: SpaceX says unproven AI space data centers may not be commercially viable, filing shows

  • Anyone with a cursory understanding could tell you this. Stop listening to these people who are just perpetually scamming everyone.

• New Gas-Powered Data Centers Could Emit More Greenhouse Gases Than Entire Nations

  • All the work that went into power efficiencies in data centres is going out the window.

• Meta Is Sued Over Scam Ads on Facebook and Instagram

  • Canadians should pay attention to this. It is unclear if Canadians have also been targeted for this from the article itself, but Canadians are often also exposed to the same scams as Americans and could potentially make Meta liable in Canada.

Canadian Cyber Threat Intelligence

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Alert - AL25-012 - Vulnerabilities impacting Cisco ASA and FTD devices – CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363 – Update 1

• The Internet Changes Before the Advisory Drops (h/t Catalin Cimpanu)

  • Mass-interenet scanning activity now often precedes vulnerability disclosures. This is not a big surprise, but some great data to confirm these indicators.

• Detection strategies across cloud and identities against infiltrating IT workers

  • These days we instantly think North Korea, but

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Share

Research, Op-Eds, and Events

• Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet

  • For cyber conflict historians and analysts this is major news. Gives some additional insight into early/mid-2000s doctrinal and behavioural dynamics of US cyber operations.

  • Full write up here by SentinelLabs

• Op-ed: We can’t trust Palantir with our NHS data

  • Palantir just said it doesn’t want democracy, so can they be trusted in a democracy?

• Citizen Lab Research: Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors

• Event, May 4-5 Ottawa: Chips North Executive Summit

  • “Designed as a working summit, CHIPS NORTH is built for alignment on priorities, candid examination of trade-offs, and informed decision-making on the issues shaping the semiconductor sector. The 2026 program brings together strategic plenary sessions and focused, action-oriented discussions to move conversations toward real-world outcomes beyond the event itself.”

• Video: Canadian Defence Procurement 101

  • Roger Cybersecure Catalyst held a Defence Procurement 101 session with Caleb Walker from 123 Cyber and Randy Purse, one of the Catalyst’s senior traners. This has a focus on helping SMEs, particularly cyber or cyber-adjacent, to participate in defence procurement.

• Seeing the Cyber in Economic Statecraft

  • By Jason Blessing, who does great research and whose PhD research influenced mine. A state’s ability to engage in cyber statecraft and cyber defence requires an industry which can support it.

United States News

• Former FBI official proposes terror designations for ransomware hackers targeting hospitals

• Scoop: CISA lacks access to Anthropic’s Mythos

• Cyber Command carried out over 8,000 missions in 2025, director says

  • This is a 25% increase.

• CISA director pick Sean Plankey withdraws his nomination

  • Of all the nominations to oppose and stall, this is the one? CISA is an absolute and complete mess and has lost most of its talent and is barely functional from what I hear.

• US Space Command: Russia is now operationalizing co-orbital ASAT weapons

• US State Department Cancels Visas and Green Cards of Researchers who study Social Media Platforms and Tech Regulators

• Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims

  • There are increasing amount of negotiators being linked to criminals. Or at least more are being identified.

• A Prominent PR Firm Is Running a Fake News Site That’s Plagiarizing Original Journalism at Incredible Scale

  • This has been occurring for a couple years now, but the fact that major corporations and PR firms are actively trying to degrade our information environment should be a major cause for concern and lawsuits.

• Anthropic takes $5B from Amazon and pledges $100B in cloud spending in return

  • Tech ouroboros.

• Google to invest up to $40B in Anthropic in cash and compute

  • Tech ouroboros.

• Exclusive: Meta to start capturing employee mouse movements, keystrokes for AI training data

  • Meta continues to show how depraved it is.

• Pentagon grapples with securing AI as it moves toward autonomous warfare

  • Drones and AI are one massive attack vector if not handled correctly.

• FCC expands WiFi router ban. What it means for you.

  • US shakedown of router makers continues.

United Kingdom and European Union News

• UK intelligence: 100 nations have spyware that can hack Britain

  • This is the first source to comment on the scale of the issue that could likely be accurate. Researchers have known for a while this is a growing problem, but the scale has not been fully known.

• Investigation into the provider of Telegram and its compliance with duties to protect users from illegal content under the Online Safety Act 2023

  • Investigation into Telegram for allegedly hosting CSAM materials.

• China threatens EU firms over cybersecurity plans targeting Chinese companies

  • Country who legally requires all zero-days to be reported to the government have issues with countries not trusting their cybersecurity firms. China would be taken more seriously if it just acknowledged why people don’t trust them or its companies.

• Commission awards €180 million tender for sovereign cloud to four European providers

  • Canada is watching what Europe does very closely. I would say the EU’s cloud capacity is better than Canada’s, but there is significant potential in Canada.

• UK cyber agency handling four major incidents a week as nation-state attacks surge

  • This is pretty signficant.

• World-first NCSC-engineered device secures vulnerable display links

  • Cool new plug-and-play device that sits between a monitor and computer and protects from malicious connections.

• China’s cyber capabilities now equal to the US, warns Dutch intelligence

  • After completing my dissertation chapter on China last year I would argue that China’s capabilities likely surpass the United States. It all matters on how you measure cyber capabilities, and Dutch intelligence’s assessment is a cautious one.

• Ukraine’s Cyber Division Infiltrates Russian Military Satellite Comms “Gonets” in Multi-Year Breach

• President of German parliament hit by Signal hack, report says

• France confirms data breach at government agency that manages citizens’ IDs

  • “data stolen in the breach could include full names, dates and places of birth, mailing and email addresses, and phone numbers on an undisclosed number of citizens.”

• Italian regulator fines national postal service orgs $15 million for data privacy violations

• Another spyware maker caught distributing fake Android snooping apps

  • This time an Italian spyware maker.

• (Google Translated) A hacker, nicknamed “HexDex,” has been charged and imprisoned after several cyberattacks targeting, among others, sports federations.

  • Individual responsible for a string of cyber attacks in 2025 was arrested.

• Scotland Yard can keep using live facial recognition on people in London, say judges

Other International News

• Sri Lanka Finance Ministry confirms cyber hackers stole funds (H/t Catalin Cimpanu)

  • Threat actors stole $2.5 USD that was diverted during a foreign debt repayment.

• Hackers deployed wiper malware in destructive attacks on Venezuela’s energy sector

  • Criminal groups generally don’t use wiper malware. This is usually the action of a state/APT.

• (Iranian Source) Networking equipment mysteriously malfunctioned at Iranian nuclear site before US/Israeli Strikes (H/t Risky Business)

  • Not a big surprise if true. Iran is one of the most targeted countries for cyber operations by Israel and the United States.

Media of the Week

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Share

All views expressed belong to Canadian Cyber in Context and do not reflect the position of any sponsor.

Feature your business in Canadian Cyber in Context through sponsorship.

In 2025, Public Services and Procurement Canada (PSPC) conducted an evaluation of the Canadian Program for Cyber Security Certification (CPCSC). Luckily for us, the full report and management action plan were released to the public early this year.

The evaluation covered the period from April 2023 to June 2025, which includes the soft launch in early 2025. This means this only covers the initial preparation and phase 1 of implementation for CPCSC, and roughly a year of CPCSC activity is not covered by this report. Despite this gap, we get some interesting insights into program’s organization and the delays that occurred during this time. In particular, the report confirms much of what has been unspoken about CPCSC and the program's direction since January 2025.

Although this evaluation focuses on a period approximately a year ago, note that it was conducted specifically to improve the program, and a management action plan was developed in response. As a result, we can use the report and the management action plan to understand the CPCSC's current operations and direction.

With that said, the CPCSC Secretariat officially released CPCSC level 1, including the level 1 self-assessment tool and scoping guide. As much as this evaluation can inform us about the program itself and how it is developing, the program itself is continuing and making progress. Despite this major progress and milestones, the program still needs ongoing industry and stakeholder feedback on its activities, as this evaluation found.

Andrew Laliberte and I are underway with reviewing the new materials and hope to have a lot more out soon about CPCSC level 1, so make sure you are subscribed.

Subscribe now

Share

What is the Evaluation?

PSPC’s Departmental Evaluation Plan for 2024-2025 to 2026-2030 included a mandatory evaluation of CPCSC, which was conducted by the Evaluation Services Directorate between April and June 2025. The evaluation focused on “assessing stakeholder engagement and its contribution to CPSCC implementation, the extent to which risk management practices have been employed, as well as the prioritization of activities and available resources.” To assess these variables, the evaluators reviewed documents, conducted interviews and surveys.

As noted, the evaluation was conducted to improve the program, in particular, to ensure that the CPCSC program, as it is being rolled out, is in line with the priorities of the Government of Canada, to assess PSPC’s support of the program, and the inclusion/role of other departments in the implementation of the CPCSC.

In response to the report, PSPC developed a Management Action Plan, which will be reviewed at the end of this article.

Key Findings

The key findings of the evaluation are divided into three categories: relevance, effectiveness, and delivery.

Issue 1: Relevance

Relevance generally asks,” Why do we even need the CPCSC?” The answer is simple: Canada needs a mechanism to ensure the security of sensitive government data in non-government systems. CPCSC has been developed to fill this gap.

Although reciprocity with the United States’ Cybersecurity Maturity Model Certification (CMMC) was one of the primary motivations for creating the CPCSC, the CPCSC remains relevant and necessary regardless of alignment with other programs. Nevertheless, as will be discussed more later, the lack of reciprocation with CMMC had a major impact on the program.

One key question that was asked, and continues to be asked, is why CPCSC was not integrated into PSPC’s existing programs, such as Contract Security Program (CSP) and Controlled Goods Program (CGP). The report explains that CPCSC, CSP, and CGP all require specific compliance and assurances that, while complementary, address different areas that are governed by different policies and authorities. In particular, CSP is managed under the Policy on Government Security and CGP is governed by the Defence Production Act and Controlled Goods Regulations. CPCSC is managed under the Policy on Government Security and is defined by the ITSP 10.171 and ITSP 10.172 standards (10.172 not yet released).

Issue 2: Effectiveness

As CPCSC is still an in development program, effectiveness predominantly deals with the program’s ability to deliver the program based on its own timeline and goals. Unfortunately, the report obfuscates the actual effectiveness of the program delivery by putting it into the context of the entire program versus the completion status of deliverables during the period examined. As a result

The report explicitly states that the CPCSC implementation was slower than anticipated due to “factors such as the need to redevelop it with a Canada-only focus in early 2025.” In other words, Canada did not anticipate the United States' refusal to agree to reciprocity and thus had to switch to a Canada-only approach. What I find curious is that the phrasing makes it sound like there was a completely different plan and design for the program, and that they had to make modifications to launch it in March 2025 rather than January 2025. This begs the question as to what was so different to require changes, or was this a reassessment of the overall plan about CPCSC. Despite this lack of reciprocation, CPCSC is still based on CMMC and the ITSP 10.171 standard that is used in CPCSC is based on CMMC’s NIST 800-171. Further, the recently released self-assessement tool is based heavily on United States tools and wording. So there appears to be very little change.

Although the report states the delays are a result of a lack of reciprocity, a more kind interpretation would likely be that, after the initial delay, the delays have had a domino effect. These delays have been compounded by additional, more recent delays in CPCSC implementation that were not covered in the evaluation. All of this is understandable, and perhaps their timeline was optimistic in the first place, but what has increasingly frustrated industry and stakeholders is the CPCSC secretariat's lack of communication, which quietly updates its website with new dates and timelines.

While the program ultimately continues to roll out with occasional delays, the lack of communication about these delays and the resulting frustration are not captured by this report. However, as will be shown, we at least have an answer for this lack of communication.

Feature your business in Canadian Cyber in Context through sponsorship.

Issue 3: Delivery

Issue 3 predominantly deals with the governance and overall organization of CPCSC program and its secretariat to implement the program. In other words, less to do with the work of implementing the CPCSC and more to do with the work of the government implementing the CPCSC program. Overall, the CPCSC secretariat reported satisfaction with PSPC's support, but there was a need to clarify roles and responsibilities in administering the CPCSC.

Despite this, the report greatly overstates the organization and governance of the CPCSC and makes it sound like they have more resources and support than they have. The report states that the CPCSC is supported by clearly defined governance that includes The ADM Cyber Security Commtitee, Director General committees, and the Tiger Team. The Tiger Team Working Group is the group actually responsible for developing and implementing the CPCSC. So while the ADM Cyber Security Committee and Director Generals do technically have oversight and manages the Tiger Team, this is like saying Cabinet oversaw the creation of the Defence Industrial Strategy. While technically correct, the actual writing and work is done by a smaller team that reports up.

The precise composition of the The Tiger Team Working Group, also known as the CPCSC Secretariat, is unclear, but it is primarily composed of and led by members of PSPC’s Defence and Marine Procurement Branch and the Departmental Oversight Branch as the designers, implementers, and technical authority for the CPCSC. They are then supported by an inter-departmental group from DND, Treasury Board Secretariat, Communications Security Establishment/Canadian Centre for Cyber Security. The Standards Council of Canada is mentioned among partners, but as a Crown corporation, it is likely more of a partner than an active participant on the Tiger Team. This small, multi-departmental team is what has allowed them to stand up the program without running into mandate issues and ensure everyone is involved without being enormously slow.

One of the biggest complaints I have heard related to CPCSC thus far is about understanding its role in broader government cybersecurity compliance, such as the role of Canadian cloud profiles and CPCSC/ITSP 10.171. The reason that there has yet to be any adequate reconcilitation is stated plainly in the report:

“Several interviewees recognized the CSE-CCCS as the primary source of cybersecurity technical expertise for CPCSC and noted their limited involvement to date, citing a lack of funding and capacity as a barrier.”

CPCSC essentially rely upon CSE/CCCS for technical expertise related to the standard, but their capacity to deal with anything other than the standard are significantly limited or non-existent. As much as the Tiger Team organization has allowed them significant leeway to develop the CPCSC, there are limitations as it relates to the implementation of the program. The report notes insufficient technical cybersecurity expertise within CPCSC stakeholder departments, leading to reliance on technical authorities and experts such as CSE/CCCS.

These existing gaps were identified as risks to the ongoing implementation of CPCSC and could lead to further delays in the program.

This is closely related to the CPCSC's risk management. The report notes that the Secretariat undertook significant efforts to identify risks and included multiple stakeholders in this process, but there was minimal activity to address the identified risks, other than to help inform the planning and implementation of the CPCSC. Despite this, some interviewed noted that some risks were not fully addressed, which include:

• SMEs are struggling with the financial and technical demands of CPCSC

• Lack of reciprocity

• Insufficient personnel, project management, and technical cybersecurity expertise in CPCSC stakeholder departments

• Inconsistent stakeholder priorities, coordination, and engagement

• Unclear plans to transfer CPCSC management following implementation.

Take note that all of these risks have still not been adequately addressed. While some issues may not be fully addressable, such as the lack of reciprocity, CPCSC has found a middle ground by allowing CMMC to apply to CPCSC on a case-by-case basis.

The management action plan includes details related to the development of CPCSC risk management tools after the evaluation was completed, but these tools do not neccesarily address the full breadth of risks noted above.

Long Term Program Governance and the CPCSC

What CPCSC is and where to start have already been covered in detail, but this report does a good job of showing how many different departments and teams are involved. Here is a breakdown of the overall structure of those involved, including those outside of the program (Thanks to Andrew Laliberte):

DM Committees (Defence Procurement Strategy)

└── ADM Committees (GC Cyber Security Oversight)

    └── DG Cyber Security Certification Steering Committee

        └── PSPC – DMPB (Program Lead)

            └── CPCSC Secretariat

                ├── DOB (Technical Authority / Business Owner)

                ├── Procurement Branch (Data Systems)

                ├── Tiger Team Working Group

                │   ├── PSPC (DMPB + DOB)

                │   ├── DND (Client / Assessments)

                │   ├── TBS (Policy)

                │   ├── CSE / CCCS (Technical Authority)

                │   └── SCC (Accreditation)

                └── External Ecosystem

                    ├── Industry (Suppliers)

                    ├── Third-Party Assessors

                    └── Cyber / IT Providers

Before CPCSC and informed folk yell at me, I know this does not fully/accurately reflect how the Tiger Team is organized, but it is a rough breakdown of the overall organization and stakeholders involved. it is meant to show just how many people are involved in this. As much as we would like to complain about a lack of communication or about how CPCSC is developing or being delayed, they’re essentially doing a giant juggling act among the different mandates of the organizations involved in this process.

The report is very explicit that a lack of personnel, project management, and cybersecurity knowledge is affecting implementation. The Tiger Team organization gives them a lot of flexibility, but may not have the capacity to accomplish everything to ensure that the program’s successful implementation. This should be a major concern for the government, military, and defence industry, as this is essentially saying CPCSC does not have the resources it needs.

Costs

One particular passage really stood out to me that I want to unpack:

“The evaluation also found that cost to industry is a major concern for all cyber security programs reviewed. In the case of Canada, CPCSC Secretariat-led industry engagements in May 2024, reported 46% of sub-contractors expecting to invest less than $50,000, while 29% of consultants projected costs of $150,000 to 175,000. 68% of respondents want comprehensive support: financial assistance, guidance, and resources in order to prepare for CPCSC assessment.”

When PSPC conducted the evaluation, this data was already approximately a year old. At this point, it is one month shy of being two years old and is likely inaccurate.

This data is from May 2024, long before ITSP 10.171 was released. Although we generally knew it would be based on CMMC’s NIST SP 800-171A, CPCSC remains a different mechanism and had to pivot after failing to acquire reciprocity with the United States’ CMMC. As a result, PSPC/CSPSC Secretariat must consider doing another RFI to determine how well industry is beginning to understand CPCSC, especially as level 1 is being introduced.

Takeaways - What Does This Tell Us About CPCSC?

• The government has not provided CPCSC with sufficient resources to develop and implement the program.

The program states that there is “insufficient personnel, project management and technical cyber security expertise within CPCSC stakeholder departments.” It is unclear if this has been resolved since this report was released

Part of the problem with this appears to be the level of funding allocated to departments, where DND, the Treasury Board Secretariat, and CSE/CCCS were not given any funding for CPCSC activities despite having a role in implementation.

The need to prioritize funding is also likely what has led to a lack of communication between CPCSC and industry and external stakeholders, as they’re prioritizing program development over engagement. This is a completely understandable approach, but it is making it harder for the CPCSC Secretariat to develop the program.

Communication and engagement with external stakeholders are critical to maintaining an active dialogue for additional feedback and ensuring successful implementation. Ultimately, it is industry that will be implementing the program and be affected by it, so any supply chain program should include the feedback of the supply chain. Deprioritizing engagement due to a lack of funding ultimately hurts the CPCSC and makes their job so much harder.

In the end, the report even confirms this when it states “it was suggested that industry engagement should be increased to boost CPCSC awareness and buy-in, however interviews noted that CPCSC was not provided funds for industry engagement or program promotion.”

• The CPCSC Secretariat does not have an accurate survey of the state of the defence industry and CPCSC implementation, particularly costs.

When CPCSC first conducted their RFI a few years ago, CPCSC was still in its very early stages and only 91 organizations responded. There is likely a strong chance that you only responded to this RFI if you were already aware of CMMC and the role it plays on CPCSC.

This is to say that many more organizations are now aware of CPCSC; we have the standard and understand its full scope, so now is a time for CPCSC to release another RFI to gain a better understanding of the preparedness of Canada’s defence industry supply chain and perceptions of CPCSC.

The report specifically notes recognition of the risk of SMEs struggling with financial and technical demands. More information about these risks and concerns from a new RFI and surveys could potentially help persuade the government, that is very defence conscious, to provide additional funding to ensure the success of the CPCSC.

The report specifically highlights the high costs associated with similar compliance programs, especially for SMEs, and notes that Australia used loans and regional development funds. This does not mean that the government will institute such programs, but awareness of this and the compliance costs are a positive step towards the government developing programs to assist SMEs and the broader sector in ensuring compliance. This is optimistic thinking, but these types of evaluations and audits are bureaucratic processes that motivate a lot of action on cyber-related programs in the Canadian government.

• The CPCSC Secretariat is temporary

Unless this has changed, the handoff plan seems risky. The evaluation states that “the current CPCSC management model… was designed to be temporary with a reassessment and transfer of management to another entity following program implementation.” Authority and oversight of CPCSC was always going to be vested in other authorities when the implementation of CPCSC was completed, but there does not appear to be long-term thinking about governance of this program.

The evaluation in particular notes that CPCSC’s management is concerned about when CPCSC moves from DMPB in PSPC to “another organization.” Although we know that CPCSC level 3 will be largely be overseen and assessed by DND, there remain questions about the long-term management of the overall CPCSC program. As the CPCSC Tiger Team is a multi-departmental group with an organization and mandate that is unique, it is likely difficult to transition this into normal operations and continue on as normal.

Another aspect that the report overlooks is that the loss of expertise about CPCSC is likely to occur if CPCSC management is transferred. The report only emphasizes ensuring proper documentation of roles to enable short and long-term effectiveness, but this may not capture the full institutional knowledge and experience with CPCSC stand up that will be important during the course of implementation.

As a result, it may be better for the program to transition to long-term management sooner rather than later, as the program becomes more complex, the more difficult it may be to transfer management. Despite the stated problems of lack of technical knowledge in PSPC to manage CSPSC, this can be addressed better with a more long-term arrangement with CSE/CCCS.

Conclusion

There are many in the wider cyber defence and compliance space in Canada that does not give enough credit to the work of the CPCSC Secretariat. As this report notes, the CPCSC has simply not been provided with sufficient resources by the federal government and remains constrained in what it can achieve. Despite these constraints, its unique construction and “Tiger Team” approach have enabled the program to accomplish a great deal with a relatively small team.

It is unclear how much PSPC has been able to adjust its processes based on this evaluation report and the subsequent action plan, because the Management Action Plan only addresses the need for risk management tools and improved program documentation. These types of programmatic actions are relatively easy and do not suggest that the government has yet to provide CPCSC with the appropriate resources to ensure its success.

Although this evaluation covers a relatively old time period, it still tell us a lot about how the program is being developed and what has contributed to the delays. Rather than addressing some of the major risks the program has identified, PSPC has strengthened programmatic functions, since addressing anything beyond this would likely require ministerial or cabinet input.

In the coming weeks, will be releasing content and informational content about CPCSC level 1 with Andrew Laliberte. Already, Andy and I are finding that many of the risks identified in this evaluation are affecting the level 1 implementation.

Feature your business in Canadian Cyber in Context through sponsorship.

Editor Notes:

• I have two new papers out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

  • Everything You Should Know About CAF Cyber Command

• Go sign Tanya Janca’s Secure-Coding Petition!

  • The article is finally out and can be read here.

Leave a comment

Share

Canadian News

• Edmonton police emails, documents provide new information on Canada-first AI facial recognition bodycam pilot

  • AI Facial recognition has been shown to produce false positives often, so this should be a major concern.

  • “The facial recognition model was supplied by Corsight AI, an Israeli company whose technology has reportedly been used for mass surveillance in Gaza.”

• AI firm Cohere in merger talks with Germany’s Aleph Alpha, sources say

  • This is pretty big news because Cohere is a Canadian AI darling that the Government of Canada has championed as a Canadian AI leader. Cohere has also loved to play up its Canadianness, so a merger with German company would upend a lot of the dynamics.

  • Cohere exec pledges AI firm will stay Canadian-headquartered amid merger reports

• Government of Canada introduces Level 1 of Canadian Program for Cyber Security Certification

  • For those unfamiliar, CPCSC is Canada’s answer to the Cybersecurity Maturity Model Certification. Originally, Canada wanted reciprocity, but it didn’t get it. Nevertheless, the program is still important. This is a big milestone as we steadily get closer to a defence industry-wide implementation.

    • Canadian Program for Cyber Security Certification Level 1 Self-Assesment

    • How to meet Level 1 Cyber Security Certification Requirements

    • Level 1 CPCSC Certification Scoping Guide

• Kepler to lead testing of European Space Agency’s high-speed data network

  • Toronto-based Kepler Communications will be the prime contractor for the ESA’s HydRON ELement 3. There’s been a lot of Canada-European engagement on space, particularly space communications. I wouldn’t be surprised if this is the start of wider industry moves.

• From last week, but activities continued to this week: CAFCYBERCOM participates in Latvia-led Threat Hunt Workshop in Riga

• QNX and TKMS Collaborate to Bring Canadian Software Innovation to Global Naval Defence Programs

  • TKMS has partnered with QNX, a division of Blackberry, fo collaboration in support of Canada’s submarine program

• MDA Space Unveils Space Control Platform MDA Midnight, Designed to Defend and protect the Space Domain

  • MDA has a VERY interesting new platform that raises questions:

    • On-orbit inspection and reporting of satellite status

    • Electronic counter measures detection, attribution and mitigation

    • Rendezvous and proximity operations, cooperative satellite capture and release

    • De-orbiting of a customer’s non-operational asset

• Canada launches national initiative to build large-scale AI supercomputing capacity

• Wealthsimple bets on X and Canadian users aren’t happy

  • I honestly cannot imagine this was done with any understanding of the limited number of Canadians who still use Twitter.

• Canada and European Space Agency sign General Security of Information Agreement

  • These agreements usually precede greater levels of cooperation between organizations/countries.

• Canadian Centre for Cyber Security launches Critical infrastructure resilience and escalated threat navigation initiative

  • “The Critical Infrastructure Resilience and Escalated Threat Navigation (CIREN) initiative to drive immediate preparedness across organizations to reinforce and protect Canada’s sovereignty and essential services.”

• Canada-Finland Joint Statement on Sovereign Technology and AI Cooperation

  • I’d argue that a quantum-focused agreement would be even better for Canada and Finland. Quantum is included in this, but is just one part of a large whole.

• Government of Canada invests in Francophone and bilingual digital health innovation

• Alberta creates Cyber Crime Task Force: Protecting Albertans from cybercriminals

  • Cyber crime is one of the most pervasive crimes that affect all Canadians, so establishing it as a central priority is good for protecting Canadians and is good politics.

• British Columbia Launching AI Pilot Project: Disrupting the illicit drug trade with first-in-Canada technology

  • BC is launching a pilot project to use AI for “enhance police intelligence and understanding of toxic-drug supply patterns to help inform enforcement efforts and issue earlier warnings for bad batches of toxic drugs .”

• Privacy Commissioner of Canada appears before Parliamentary Committee to discuss potential privacy implications of the Canada-China Preliminary Joint Arrangement on the Electric Vehicle Sector

  • Privacy Commissioner says new privacy laws are needed. The context was about the incoming electric vehicles from China, but really, the concerns about privacy and cybersecurity with Chinese electric vehicles are just as much of an issue with North American-built electric vehicles.

• Canada must move quickly to address AI-related cybersecurity risks, Macklem warns

  • Bank of Canada Governor warns about looming risks to cybersecurity due to AI like Claude’s Mythos.

• Canadian banks, regulators discussed Mythos AI, minister to meet with Anthropic

  • Solomon says Canada can withstand such risks, but I trust anything Solomon says as much as I trust any snake oil salesman.

Canada-Relevant News

As many issues don’t respect borders, this section is for stories that impact Canada, but may not be Canadian-sourced or focused, to differentiate from the previous section, which is 100% focused on Canada

• Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators

• Rockstar Games Hacked, ShinyHunters Threaten A Massive Data Leak If Not Paid Ransom

  • Unclear if this will affect the release date of GTA 6.

• Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit

• The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought

  • “Nearly 90 schools and 600 students around the world impacted by AI-generated deepfake nude images” - Keep in mind this is only verified and reported, the problem is significantly much worse than this.

• We’re only seeing the tip of the chip-smuggling iceberg

• Booking.com Confirms Data Breach as Hackers Access Customer Details

  • No payment data accessed, but customer information was exposed.

  • Booking.com breach gives scammers what they need to target guests

    • Good article from MalwareBytes on potential impact.

• Ransomware reaches elevated ‘new normal’ as attack volumes hold steady into 2026, reshape baseline risk expectations

• Understanding security warnings when opening Remote Desktop (RDP) files

  • Windows will begin to show warnings when remote desktop connection files are opened. This is great news, but also what took them so long?

• The RAM shortage could last years (h/t Catalin Cimpanu)

  • Although many organizations have already adjusted, I feel like we’re only seeing the tip of the iceberg when it comes to RAM shortages. Massive demand for AI is putting pressure on RAM producers, who cannot keep up. Additional fabrication capacity will not be online until 2027, and I don’t think it will be sufficient to meet current demand, which is likely to continue increasing.

• Internet Protocol Version 8 (IPv8)

  • IPv6 traffic has crossed 50%, so it is time to think about the future.

Canadian Cyber Threat Intelligence

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Google Search to classify ‘back button hijacking’ as spam

• How often do threat actors default on promises to delete data?

  • This is a few weeks old, but a great article that I want to highlight.

• ‘By Design’ Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

• Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

  • Easier to do this than to take over open-source projects.

• Vercel April 2026 security incident

  • Cloud provider hit by ShinyHunters

• Ransomware Group shinyhunters Hits: The Canada Life Assurance Company (canadalife.com)

  • Major Canadian life assurance company hit by Shinyhunters.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research, Op-Eds, and Events

• More than 60% of Australian children still using social media despite ban for under-16s, research shows

  • The Liberal Party is interested in a ban and should pay attention to how it doesn’t work.

• To build a modern Canadian defence sector, make SMEs cybersecure

  • Op-ed by Charles Finlay of Rogers Cybersecure Catalyst and Daniel Blanc, former Chief of Staff of CAFCYBERCOM

• EVENT: 23rd Annual International Conference on Privacy, Security & Trust (PST) to be held in Ottawa, Canada

  • To be held August 26 - 28. Submission deadline is passed, but should be an interesting conference.

• The Risk of Making Offensive Cyber the New Shiny Silver Bullet

  • The direction many NATO countries are considering does not have modern precedence and has a lot of preconceived notions.

• Parliamentary Meetings of Note:

  • April 21: Senate Transport and Communications Committee - Examine and report on the opportunities and challenges of artificial intelligence (AI) in the information and communication technology sector

  • April 22: Senate Transport and Communications Committee - Examine and report on the opportunities and challenges of artificial intelligence (AI) in the information and communication technology sector

United States News

• FCC Selects New Lead Administrator for U.S. Cyber Trust Mark Program (h/t Eric Geller)

  • The FCC selected ioXt Alliance to oversee its Internet of Things labeling program

• The White House is expanding the market for offensive cyber capabilities — and drawing more of the private sector into that ecosystem — even as policy boundaries around their use remain unclear

  • The White House has had they aren’t interested in cyber letters of marquee, but there are still major changes underway in how the US uses and cooperates with the private sector to counter cyber threat actors.

• Missouri town fires half its city council over data center deal

  • Yes we need data centres, but governments at all levels must recognize the harm that they can do to local ecosystems and communities and do consultation.

• The FCC just saved Netgear from its router ban for no obvious reason

  • There were already some concerns that this would lead to corruption and this is not quelling those concerns.

• Drivers sue San Jose over nearly 500 police cameras used to track drivers across the state

  • This has the potential to establish a lot of precedence regarding private surveillance.

• Two Americans sentenced for helping North Korea steal $5 million in fake IT worker scheme

  • I have yet to see any specific reports about Canadian firms hiring North Korean fake IT workers nor anyone assisting them apart from general warnings about North Korea, although this just means it has yet to be reported.

• Maine passes first-in-nation freeze on big data centers

  • Although temporary, this is pretty big and likely to lead to similar legislation.

• White House Works to Give US Agencies Anthropic Mythos AI

  • Remember, just a few weeks ago, Anthropic was being labelled a supply chain risk?

• Cargo thieving hackers running sophisticated remote access campaigns, researchers find

  • Criminal hackers helping organized crime with cargo thefts.

• Scoop: NSA using Anthropic’s Mythos despite blacklist

  • Almost like the current US administration’s words are hollow and they can’t be trusted.

• Cyberattack targets city of Tallahassee; official says no data compromised

• Justice Department refuses to assist French probe into Musk’s X, WSJ reports

  • US Justice Department claims child sexual abuse material constitutes free speech.

• Parents Decide Act: Mandatory Age Verification for Operating Systems

  • This would require operating system providers to verify the age of all users.

United Kingdom and European Union News

• 500 million euro warship found with 5 euro gadget

  • Dutch ship tracked via cheap bluetooth tracker.

• European civil servants are being forced off WhatsApp

• How Big Tech Lobbied the EU to Hide Data Centers’ Environmental Toll

• Brussels launched an age checking app. Hackers say it takes 2 minutes to break it.

  • Governments increasingly want to strip the average person of privacy to avoid responsibility for regulating social media, but they are putting so little effort into implementing these bans that it’s making everything worse.

• Ukraine confirms suspected APT28 campaign targeting prosecutors, anti-corruption agencies

Other International News

• Hospitals face cyberattacks as Korea underfunds medical data security

  • Republic of Korea is very much like Canada and other Western countries in underfunding cybersecurity in healthcare.

• New ‘JanaWare’ ransomware targeting Turkish citizens as cybercriminal ecosystem fragments

• Sweden blames Russian hackers for attempting ‘destructive’ cyberattack on thermal plant

  • Russia has been stepping up cyber attacks on critical infrastructure over the past few years.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Editor Notes:

• I have two new papers out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

  • Everything You Should Know About CAF Cyber Command

• Go sign Tanya Janca’s Secure-Coding Petition!

  • The article is finally out and can be read here.

Leave a comment

Share

Canadian News

• AI being used to add fake details in immigration, asylum applications, federal officials say

  • An article on one instance of this came out a couple of weeks ago; this is a broader exposé on the wider use of AI and the problems it will cause.

• Kyndryl Foundation backs JEDI for cyber skills training

  • JEDI is a New Brunswick group that focuses on working with Indigenous communities on economic and workforce development.

• Saab dangles sovereign data centre in Montreal to undercut F-35 fighter contract

  • I honestly don’t think this will affect the overall calculus that much because the military is 100% behind F-35, and any decision is based on politics and long-term strategic balancing.

• Invisible shield: How CAFCYBERCOM protects the systems that protect Canada

  • Bit of a fluff piece out by CAFCYBERCOM Public Affairs

• A new, alarming scam trend is running rampant in Canada

  • About leveraging media reports about class-action settlements for use in scams. This is not really “new,” it’s just another scam.

• Liberals adopt policy to restrict kids from social media

  • The Federal Liberal Party of Canada adopted a non-binding resolution in favor of banning the use of social media by those under the age of 16.

  • There are major issues with such policies because it relies on identity verification. Canada doesn’t even have updated privacy laws yet, but the Liberals want to rush ahead and force private corporations to store our data to verify ages. This is quite dangerous for Canadians’ privacy.

• Ontario and Quebec police probing cyber network that hacked millions of household devices

• How a volunteer-run cyber conference grew to fill Halifax’s convention centre

  • Article about ATLSEC

• Lockheed Martin Canada Invests $3.6M CAD in Ottawa-based Lemay.ai

  • Investment as part of ITB commients to support in-service support for CC-130J Super Hercules aircraft fleet.

• Canada is Working with Organisation for American States on Cybersecurity

  • Canada is the listed donor country on projects addressing the gender gap in cybersecurity and strengthening capacity to address cybercrime in the Americas

• CRTC seeking new Broadband Fund proposals to help improve Internet services for Canadians

• CRTC launches new call for proposals to its Broadband Fund to help improve Internet and cellphone services

  • Rural and Northern/Arctic communities remain severely underserved with limited options for access in Canada.

• Provinces view digital sovereignty very differently…

  • Ontario Welcomes Microsoft’s AI Infrastructure Expansion

  • (Google Translated) Minister Gilles Bélanger’s mission: to strengthen the strategic partnership between France and Quebec in the area of ​​digital sovereignty

• Bank of Canada, Major Lenders Met on Anthropic AI Cyber Risk

  • While it is good they are meeting to discuss cyber risk, it should likely be focused more broadly than just Anthropic’s latest marketing.

• CAFCYBERCOM participates in Latvia-led Threat Hunt Workshop in Riga

  • CAF Cyber Forces have been working closely with Latvia on cyber threat hunting since at least 2022.

• Ambassador of the Phillipines to Canada met with Sami Khoury, who is the Senior Official for Cyber Security and former head of the Canadian Centre for Cyber Security.

  

Canada-Relevant News

As many issues don’t respect borders, I am creating this section for stories that impact Canada, but may not be Canadian-sourced or focused, to differentiate from the previous section that will be 100% focused on Canada

• Microsoft Says You’re Not Supposed to Take Copilot’s Advice Seriously

  • Microsoft recently slipped into its terms of service that you should basically treat copilot as a toy and not for anything important. That should tell you a lot about its efficacy.

• Anthropic limits access to Mythos, its new cybersecurity AI model

  • I am seeing/hearing a lot of interesting things about this new model. Anthropic is making some major advancements in the use of AI for cybersecurity. With that said, people should still have a healthy amount of skepticism about Anthropic’s marketing.

• OpenClaw gives users yet another reason to be freaked out about security

  • I haven’t shared too much about OpenClaw, but it is just a colossal mess.

• Analysis Finds That Google’s AI Overviews Are Providing Misinformation at a Scale Possibly Unprecedented in the History of Human Civilization

• Bringing Rust to the Pixel Baseband (h/t Catalin Cimpanu)

  • Apparently Google used the Rust in the last Pixel release. Rust is a programming language that is know for its benefits to cybersecurity, especially regarding memory safety..

• Men Are Buying Hacking Tools to Use Against Their Wives and Friends

  • The ease of access is turning this into a crime of convenience for many.

• WebinarTV Secretly Scraped Zoom Meetings of Anonymous Recovery Programs

  • Zoom remains popular in Canada.

Canadian Cyber Threat Intelligence

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Alert - AL26-007 - Vulnerability impacting Fortinet FortiClientEMS - CVE-2026-35616

• Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed

• Disgruntled researcher leaks “BlueHammer” Windows zero-day exploit

  • If you don’t have an engaged, cooperative disclosure process, you’ll get disclosures you’ll wish you had cooperated with.

• Investigating Storm-2755: “Payroll pirate” attacks targeting Canadian employees

• Adobe Reader zero-day vulnerability in active exploitation

• CISA Adds One Known Fortinet Exploited Vulnerability to Catalog

• CPUID website hacked: users report HWMonitor and CPU-Z delivering malware

• New VENOM phishing attacks steal senior executives’ Microsoft logins

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research, Op-Eds, and Events

• Michael Geist: Could Bill C-22 Make Canadians Less Safe? The Systemic Vulnerability Gap in Canada’s New Surveillance Law

• Globe and Mail OpEd by Michael Geist: The U.S. isn’t happy about Canada’s quest for digital sovereignty

• Event April 29: Defence Disrupted: Technology, Readiness, and the Future of Canadian Defence

  • Put on by IBM Canada

• Citizen Lab: Uncovering Webloc: An Analysis of Penlink’s Ad-based Geolocation Surveillance Tech

  • “Webloc is a global geolocation surveillance system that monitors hundreds of millions of people based on data purchased from consumer apps and digital advertising. It was developed by Cobwebs Technologies and is now sold by its successor Penlink.”

• The Conversation: Canada’s cybersecurity sector has a pipeline problem — and a glass ceiling

  • By Sepideh Borzoo, Atefeh (Atty) Mashatan, and Rupa Banerjee from Toronto Metropolitan University

• Harassment as Infrastructure: How Telegram’s design enables TFGBV

  Natto Thoughts

  Cybersecurity Strategy in China’s 15th Five-Year Plan

  On March 12, 2026, the National People’s Congress approved the “Outline of the 15th Five-Year Plan for National Economic and Social Development (15th FYP) of the People’s Republic of China” (中华人民共和国国民经济和社会发展第十五个五年规划纲要) (15th FYP), the country’s highest-level development blueprint, which covers the years 2026 to 2030. Over the years, the Western cybersecurity…

  Read more

  21 days ago · 5 likes · Natto Team

  • Natto Thoughts is one of the best sources for research and analysis on Chinese cyber, so go give them a follow.

• Parliament is holding a few hearings on AI this upcoming week:

  • April 13, House of Commons Industry and Technology Committee: Opportunities, Risks, and Regulation of AI in Canada’s Strategic Industries

  • April 14, Senate Transport and Communications, Examine and report on the opportunities and challenges of artificial intelligence (AI) in the information and communication technology sector

  • April 15, Senate Transport and Communications, Examine and report on the opportunities and challenges of artificial intelligence (AI) in the information and communication technology sector

• DND is holding public engagement sessions related to NORAD modernization infrastructure projects in the North, some of which will include information infrastruture

  • Inuvik: April 21

  • Yellowknife: April 23

United States News

• Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure

  • Ongoing warnings to all critical infrastructure operators.

• Trove of sensitive LAPD records leaked in data hack of city attorney’s office

  • It’s hard to find a more corrupt police department than the LAPD in the US (there are receipts for this), so it's unsurprising that this has happened.

• CIA director quietly elevated agency’s cyber espionage division

  • This should not be a big surprise and is likely the direction for many Western human-intelligence organizations, but should be a major concern. The CIA has been in the game for a while, but it’s generally been a tertiary tool. The use of privately developed exploits and spyware sold to governments and private actors is greatly proliferating, and this will increasingly endanger civilians and the general public.

• Dark Web Market Lists Alleged 375TB Lockheed Martin Data for $600M

  • By a group “APT Iran”

• Massachusetts hospital turning ambulances away after cyberattack

  • Healthcare is one of the favorite targets for cyber threat actors.

• Minnesota governor sends national guard to county after cyberattack

  • There is previous precedence for this in Minnesota. The importance of such actions are not always about skilled cybersecurity knowledge, but sometimes about additional labour to have people on hand to run programs, click through prompts, physically remove infected hardware from networks for additional work and recovery, etc.

• FBI Extracts Suspect’s Deleted Signal Messages Saved in iPhone Notification Database

  • Deleted signal messages recovered, along with a charge for “Antifa” activities.

• Trenchant Exec Says He Had Depression, Money Troubles When He Decided to Sell Zero Days to Russian Buyer; Also, New Info Reveals Nature of His Work for Australian Intelligence Agency

  • A pretty common set of conditions that often leads to insider threats.

• Treasury Department announces crypto industry cyber threat sharing initiative

• Inside the FBI’s router takedown that cut off APT28’s ‘tremendous access’

• Inside the Army’s new data operations center and its ‘sprint’ to help fix digital headaches

  • DND/CAF are also dealing with various digital headaches, but I am not sure I would describe them as being in a similar “sprint” to fix them.

• Suspect Arrested for Allegedly Throwing Molotov Cocktail at Sam Altman’s Home

• Senator launches inquiry into 8 tech giants for failures to adequately report CSAM

• Florida investigates OpenAI for role ChatGPT may have played in deadly shooting

United Kingdom and European Union News

• Cyberattack hits Northern Ireland’s centralized school network, disrupting access for thousands

• Russian government hackers broke into thousands of home routers to steal passwords

  • Edge devices will always remain a priority target for all cyber threat actors.

• France Launches Government Linux Desktop Plan as Windows Exit Begins

  • This is after France dropped Teams and Zoom in January. It’s not clear what distro they’re using, which, honestly, they may not want to make too public but also likely something that will be determined later.

• Russia accuses former Radio Free Europe journalist of aiding cyberattacks for Ukraine

• U.K.-based Chevin cyber incident disrupts U.S. fleet operations (H/t Catalin Cimpanu)

  • The attack is targeting fleet management software.

• Greece to ban under-15s from social media from next year

  • I would not be surprised if we begin to see this in many more Western countries. Unsure how successful it will be in Canada, but hte liberals are interested in a similar ban.

Other International News

• Russia supplies Iran with cyber support, spy imagery to hone attacks, Ukraine says

• A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data

• Eurail says December data breach impacts 300,000 individuals

• Espionage for repression: hack-for-hire phishing campaign targets civil society in MENA (h/t Catalin Cimpanu)

  • Hack-for-hire is slowly growing as a viable option for cyber criminal groups.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Editor Notes:

• I have two new papers out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

  • Everything You Should Know About CAF Cyber Command

• Go sign Tanya Janca’s Secure-Coding Petition!

  • The article is finally out and can be read here.

Leave a comment

Share

Canadian News

• Hackers, barns, and breakfast: Why agriculture needs cybersecurity

  • Agriculture cyber security has been a long time coming.

• Rogers and Freedom Mobile say they suffered data breaches in recent weeks

  • Have any Canadian telecoms not suffered a breach?

• Why Does Ottawa Keep Funding Fake Canadian Companies?

  • The definitions of what is a “Canadian” company are very loose. This affects cyber and cloud as we have discussed before, but it has larger economic impact that the government is slowly trying to address.

• Oracle slashes 30,000 jobs with a cold 6 a.m. email

  • Unclear of the direct impact on Canada, but Oracle has a large presence in Canada, especially in government.

  • Oracle fired up to 30,000 workers via email after a 95% profit surge. Tech companies are cutting almost 1,000 jobs/day

• Government of Canada advances digital sovereignty and secure communications through contract extension with BlackBerry

  • Blackberry has shifted away from its cellphone does and does great now in cybersecurity, so they are ones to keep an eye on.

• U.S. targets Canada’s cloud-computing move as trade irritant

  • The United States doesn’t want Canada to have sovereignty. They are incapable of understanding they are the risk we want to avoid.

• Anthropic employee error exposes Claude Code source

  • Company that habitually infringes on other’s copyright is now concerned about their own copyright.

• Microsoft’s Terms of Use says Copilot is only for entertainment purposes

  • Exact wording: “Copilot is for entertainment purposes only. It can make mistakes, and it may not work as intended. Don’t rely on Copilot for important advice. Use Copilot at your own risk.”

    • This should tell you everything you should know about LLMs. They are toys that Microsoft and others are trying to convince you will change the world, while they themselves know it is breaking and making everything worse.

• Exclusive: Meta has discussed ending funding to the Oversight Board

  • This should be grounds to increase litigation against Meta and Facebook. This oversight board was setup due to the overwhelming unethical behaviour on behalf of Facebook, now Meta. Meta stands out amongst social media companies in that they seem to actively try to make things worse, more toxic, and harmful all to produce profit.

  • Stop using Facebook.

• PacifiCan invests $13.8 million to advance defence innovation in AI and aerospace in British Columbia

  • There’s a small, but growing defence and security industry in BC.

• Government of Canada supports aerospace and space innovation to strengthen security, boost prosperity, and enhance sovereign capabilities

• LinkedIn Is Illegally Searching Your Computer

  • Major claims that Microsoft is essentially running one of the largest corporate espionage operations via Linkedin.

• Canadian Armed Forces Cyber Command launches Official Command Badge

  • They’ve had an unofficial patch/bade for a while, so great they now have an official command badge.

    

  • “The green and black field reflects the Command’s integration of signals intelligence, electronic warfare, and cyber operations across the digital and electromagnetic domains. The green represents signals intelligence heritage, while the black represents electronic warfare and operations within the contested electromagnetic spectrum. The chess knight represents the deliberate application of cyber capabilities in both defensive and offensive contexts. A lightning bolt and interlaced rings highlight operational precision and expertise in signals intelligence, while the Royal Crown and maple leaves affirm constitutional authority and national service.”

• Alberta scraps environmental assessment for Kevin O’Leary’s ‘world’s largest’ data centre

  • Still in the planning phases so there’s a chance nothing will come of this, especially with O’Leary attached to this. However, this lack of environmental assessment is likely to become the norm, which sets a concerning precedent due to how major of an impact data centres can have on local environments and populations.

• Officials still investigating what led to cyber incident at London health unit

• CAFCYBERCOM showcases new AI cyber tool at NATO exercise

  • I have heard of this tool before, but I don’t know much about it other than that it’s really well liked and getting a lot of attention

  • “The capability, a Cyber Indications and Warning (I&W) tool, was designed and developed by five members of 33 Signals Regiment working on Class A time since January 2025. Their objective was to explore how large language models could support cyber operations through analysis, translation, and geolocation, while also enabling the seamless sharing of insights into a broader operational picture.”

• Larus awarded an $8.3 million IDEaS Test Drive contract by DND to advance AI/ML in tactical planning and decision intelligence

• ‘Security incident’ may have exposed files of thousands of patients, Waterloo Regional Health Network warns

• Canada’s first full-stack, university-owned quantum computer comes to USask

  • Some of the best uses for quantum computers remain to write academic papers about, but we’re slowly getting to more operational use with hybrid computing.

• NGen announces nearly $80 million for Canadian manufacturers to adopt AI

• Government of Canada launches review of the Privacy Act

  • Canada is LONG overdue for updated privacy laws.

• Canada is expanding high-speed Internet access in Nunavut

  • $86 million federal investment, piggybacks off the $600 million contract w/Telesat

• CDW Canada: Cyberattacks Targeting Canadian Enterprises Surge Nearly 80% Year Over Year

  • Report from CDW Canada has some very interesting info and statistics. Suggest that there is a “security maturity illusion.” which is a common topic, but fascinating that it is getting to a level that a cybersecurity firm is saying it’s impacting the wider Canadian threat surface.

Canadian Cyber Intelligence

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Alert - AL26-006 - Vulnerability impacting Citrix NetScaler ADC and NetScaler Gateway - CVE-2026-3055

  • Critical Citrix NetScaler memory flaw actively exploited in attacks

    • Citrix used to be quite common in Canada amongst businesses, but not sure what its market presence is these days.

• One of the most popular JavaScript packages on earth Axios has been compromised

  • I’ve been saying for a year now that there needs to be industry- and government-wide engagement to address the growing security problem with open-source software.

  • Google links axios supply chain attack to North Korean group

    • Google’s report here

• Iran targets M365 accounts with password-spraying attacks

  • They’ve been doing M365 password spraying for years

• Qilin EDR killer infection chain

• Ransomware detection and file restoration for Google Drive now generally available

• Leaked memo suggests Red Hat’s chugging the AI Kool-Aid

• Critical Claude Code vulnerability: Deny rules silently bypassed because security checks cost too many tokens

• New criminal service plans to monetize data stolen by ransomware gangs

  • This is a particularly concerning innovation. If successful, this will change the cyber crime market.

• DPRK Malware Modularity: Diversity and Functional Specialization

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research, Op-Eds, and Events

• Largest study of its kind shows AI assistants misrepresent news content 45% of the time – regardless of language or territory

  • This will change nothing. Those selling you AI will downplay this.

• Evolution of Ransomware: Multi-Extortion Ransomware Attacks

• The Perils of Privatized Cyberwarfare

  • By Ron Deibert from Citizen Lab, who is on the forefront of defending civilians from privatized cyber warfare.

• Event: Securing AI systems: New challenges and research priorities

  • Being held April 20-21, online attendance is possible.

  Teresa Scassa’s Substack

  Consultation on long overdue Privacy Act reform promises a significant overhaul

  Treasury Board Secretariat has published a discussion paper and launched a consultation into the long-overdue reform of the federal Privacy Act. The consultation is open until July 10, 2026…

  Read more

  22 days ago · 5 likes · Teresa Scassa

United States News

• Meta ordered to pay $375m after being found liable in child exploitation case

• How Thomson Reuters Powers ICE and Palantir

  • Data brokers generally don’t care about ethics.

• State Department reissues $10 million reward for info on Iranian hackers (Handala)

• Iran threatens Nvidia, Apple and other tech giants with attacks

  • Also includes Cisco, HP, Intel, Oracle, IBM, Dell, Palantir, JPMorgan, Tesla, GE, and more.

• Hasbro takes some systems offline after cybersecurity incident

  • May need a few weeks to recover.

• ‘Serious cyberattack’ impacts phones, public safety systems in Massachusetts towns

• FBI declares suspected Chinese hack of US surveillance system a ‘major cyber incident’

• New NSA director pushes for more intel-sharing with allies in internal meeting

  • This is good to hear. He is former Indo-Pacific deputy commander, so that likely plays a role in his understanding that partnerships are key.

• ICE says it bought Paragon’s spyware to use in drug trafficking cases

  • Acting Director states they will comply with constitutional requirements. Somehow we’re supposed to believe ICE, which has a greater track record than any other agency of infringing on people’s constitutional rights.

  • Rep. Summer Lee, Colleagues Slam DHS Response on ICE Use of Foreign Spyware, Vow Continued Oversight

• CyberCorps grads consider private sector as fed hiring challenges persist

  • CyberCorps is a program of the US Office of Personnel Management to provide scholarship for cybersecurity professionals. It has been a great program to bring cybersecurity professionals in the government and has been a constant source of people. The Trump admin has completely destroyed its government cybersecurity workforce and institutions.

• Even Artemis II Astronauts Have Microsoft Outlook Problems

  • At the end of time and the universe there will be Microsoft Outlook problems.

• DoD still failing to properly mark CUI data years after initial audit

• Commanders now responsible for cybersecurity training after Army cuts online course requirement to once every 5 years

  • This is a hilariously bad idea. China and DPRK have growing and more advanced cyber operations programs, but the Army is relaxing cybersecurity training.

• Mercor, a $10 billion AI startup that works with companies including OpenAI and Anthropic, confirms major data breach

• House Committee Passes Chip Security Act

United Kingdom and European Union News

• The rise of facial recognition policing

  • This is a UK-focused article, but has global implications.

• European Commission downplays ShinyHunters cyberattack impact

  • ShinyHunters do have a history of overblowing their extortion attempts. However, most ransomware and extortion cyber threat actors tend to do the same, so it’s why everything they cyber threat actors claim should always be taken cautiously.

• Europe’s cyber agency blames hacking gangs for massive data breach and leak

  • “The stolen data was then posted online by another hacking group, the notorious ShinyHunters. “

• (Google Translated) An Italian company’s spyware was posing as WhatsApp. Meta: “Affected users notified.”

• UK Regulator Probes Microsoft While Backing Voluntary Cloud Rules

Other International News

• An AI Agent Was Banned From Creating Wikipedia Articles, Then Wrote Angry Blogs About Being Banned

  • Didn’t take them long to ban their first clanker.

• An AI avatar is running to represent Indigenous voters in Colombia

• Australia: Five social media platforms flagged for compliance issues

  • Facebook, Instagram, Snapchat, TikTok and YouTube are being investigated related to Australia’s social media minimum age laws.

• (Google Translated) Korea Internet & Security Agency Launches ‘Ransomware Full Lifecycle Response Task Force’

  • There has been a spat of high level ransomware incidents in South Korea of late, so this is an unsurprising, but welcome response.

• Iran Says It Hit Oracle Facilities in the UAE

  • Not the first data centres hit, but now confirms and shows that data centres are a target in military conflict.

• Sydney Councils Warn Data Centre Boom Is Set To Strain Housing And Utilities

  • Good article as this strain is going on everywhere right now. Because Western countries can no longer trust the United States, there’s a mad rush to develop sovereign data centres.

• Cambodia parliament approves law to combat cybercrime scam rings

• The Hack That Exposed Syria’s Sweeping Security Failures

  • I’m not a fan of this article, but it is important to share. This sort of overlooks the context for which Syria is in and assumes a similar baseline of capacity.

• Mexico Confronts a Silent Cyber War. It Can No Longer Outsource (H/t Sherpa Intelligence, go give them a follow)

  • As Mexico increasingly digitizes, it becomes the primary target in Latin America for cyber attacks.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Editor Notes:

• I have a new paper out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

• Go sign Tanya Janca’s Secure-Coding Petition!

  • The article is finally out and can be read here.

Leave a comment

Share

Canadian News

• Spark Microsystems secures additional $17 million in Series B funding

  • Spark specializes in next-gen short-range wireless communications.

• Online Privacy at Stake in Cambridge Analytica Supreme Court of Canada Case

• Cohere teams up with Swedish defence firm Saab on AI for surveillance jets

  • Canadian AI darling Cohere is starting to make increasingly big moves into defence.

• Canadians Split on AI Data Centres as Cost Concerns and Local Opposition Emerge

  • New data from Abacus Data concerning Canadian attitudes towards AI data centres, which can likely be applied to data centres broadly despite there unique differences as the public is unlikely to care about the distinction when they both have massive impacts.

    

• Federal government worried extremists recruiting through video games

  • They are, but it’s a multi-prong issue. Toxic gaming culture is super prevalent that encourages extremist views and takes, which makes individuals predisposed to be influenced.

• PC MLA says hackers accessed and shared intimate images on his devices

  • I am honestly surprised this does not occur more often, but I'm glad the MLA didn’t pay and is working with police and the RCMP.

• Canada rejected her permanent residence application. Her job duties were made up — by Immigration’s AI reviewer

  • This is just the start. More is to come as the CRA is experiencing MASSIVE cuts and will be investing significantly into AI.

• Updated statement on proposed changes to Ontario’s Freedom of Information and Protection of Privacy Act

  • Ontario’s Privacy Commissioner updates their statement on the Ontario government’s attempts to exempt the premier and high levels of provincial government from freedom of information requests.

  • This is a great statement and really goes to the heart that Doug Ford is trying to hide what he is doing and prevent accountability. Doug Ford hates transparency and doesn’t want to be held accountable for his activities.

• CoolIT sold to Ecolab for $4.75-billion in one of biggest-ever Canadian tech takeovers

  • Oh look, another Canadian company sold to American company. Bought by private equity, no less. Guess that means we should start counting until another private equity firm destroys a company.

• Joint guidance on securing space and cyber security for low earth orbit satellite communications

  • Canada’s CCCS joins Australia, New Zealand, and the United States.

• Cohere launches an open-source voice model specifically for transcription

  • A nice move by Cohere. I’ll hold off until third-party verification of how good their model is, but with so many transcription models out there for voice-to-text, many are bad. Cohere is releasing an open source model based on Cohere’s tech and work, this could be great for those with disabilities, like myself, who use transcriptions of other people’s speech to help them.

• OpenText lays off four percent of its global workforce

• Denvr signs two defence deals to deepen sovereign AI push in Canada

  • Deals signed with Dominion Dynamics and Sapper Labs. Sapper Labs is pretty well known in Canada's cyber defence scene, so this automatically catches my eye.

• Can­ada’s banking regulator gives itself substandard score on cybersecurity

  • I provided some comments for this story.

• CAF and Five Eyes partners advance Cyber Mission Assurance in pre-RIMPAC 26 tabletop exercise

  • CAFCYBERCOM is doing a lot in the Indo-Pacific.

• Government of Canada invests $3.6M in defence sector with support for Université du Québec en Outaouais

  • A big part of this will be going towards cybersecurity range. I should likely map out how many cyber ranges there are in Canada. Just a few years ago, I would likely count on one hand, but now I feel like there’s been a major boom in just the last couple years.

• Nova Scotia Power agrees to beef up security after customer data breached

  • They are responding to a compliance letter from Canada’s privacy commissioner.

• Prime minister commits more than $3B for defence projects in the Maritimes

  • A significant part of this will be cyber, information, and communications technology related.

• Bill C-25: Government of Canada introduces measures to further protect Canada’s electoral processes and strengthen democracy

  • A few cyber-related aspects of this new bill. Includes privacy policy requirements and requirement to disclose data breaches, and bans deepfakes.

  • Read the full Bill C-25 here

• Final report from the second Financial Industry Forum on Artificial Intelligence (FIFAI 2) now available

  • Final report for the forum held last year.

• Competition Bureau’s experts available to discuss AI-generated government impersonation scams with media

  • Appears competition bureau is increasingly concerned about AI-generated government scams.

• Canada and India Advance Dialogue on Digital Trade and Bilateral Economic Agreement

  • Includes digital trade.

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• NIST updates Secure Domain Name System (DNS) Deployment Guide

  • First update in a decade! As they say, it’s always DNS.

• If threat actors gave you a chance to redact the patient data they hacked before they leak it, would you take them up on the offer? Read about the Woundtech incident (H/t Catalin Cimpanu)

  • Very interesting case of a cyber threat actor targeting a health care provider and taking considerable effort to redact patient data. Even offering Woundtech to redact the data themselves.

• Ransomware gang exploits Cisco flaw in zero-day attacks since January

• ‘DarkSword’ iOS Exploit Kit Used by State-Sponsored Hackers, Spyware Vendors

  • More technical reporting on the Coruna exploit/toolkit

• GlassWorm Supply-Chain Attack Abuses 72 Open VSX Extensions to Target Developers

  • Github/open source attacks. So hot right now.

• GitHub adds AI-powered bug detection to expand security coverage

  • And in response Github is trying to beef up their security

• The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond

• CISA orders feds to patch max-severity Cisco flaw by March 22

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research, Op-Eds, and Events

• Canada needs a secure-coding policy — and AI is making that more urgent

  • My new op-ed about the need for a secure-coding policy.

• M-Trends 2026: Data, Insights, and Strategies From the Frontlines

  • Dwell time increases as hand-off window “collapses” to 22 seconds. A lot of concerning trends, however, one positive trend is detections are up.

• Can Canada ever have true digital sovereignty?

  • Good op-ed, which really gets to the heart of current debates: “When in doubt, remember that sovereignty is determined by which court can compel the access of data, not where that data is ultimately stored.”
    

• The Defence Industrial Strategy’s initial spending is not as Canadian as hoped

  • Some good research by ana anlyst from the Canadian Shield Institute.

• Sycophantic AI decreases prosocial intentions and promotes dependence

  • Some great research on impacts of the use of certain types of AI models

• International Defence Industry Exhibition (MSPO 2026)

  • Apply to join Canadian delegation to Europe’s third largest defence and security trade show.

• Rogers Cybersecure Catalyst held a Defence Sector 101 catered for cyber and dual-use technology sectors.

United States News

• FCC Updates Covered List to Include Foreign-Made Consumer Routers

  • The FCC basically just banned all consumer routers not made in the United States. This will be a major disruption.

• State Department launches effort to counter cyberattacks, AI risks from Iran, others

  • Just in case you forgot that the United States is run by the biggest of idiots: In July 2025, the State Department began to dismantle their Bureau of Cyberspace and Digital Policy.

• Google launches threat disruption unit, stops short of calling it ‘offensive’

  • Although we’re not likely to see cyber letters of marquee, we’re going to see private actors getting into “disruption.”

  • An explanation from one of the heads of Google Threat Intelligence”

    

• Stryker says malware was involved in recent cyberattack as production lines reopen

  • Stryker originally said malware was not used, so it is now unclear to what degree Stryker is releasing information for PR reasons versus what information is about the attack.

• Crunchyroll confirms data breach after hacker claims unauthorized access

  • The attack stole customer service ticket information via a third-party vendor, which makes me suspect they may use this data to target customers.

• When Satellite Data Becomes a Weapon

  • Focused on the US, but this is universal and impacts Canada a lot.

• Using a VPN May Subject You to NSA Spying

  • The logic here is sound whereby the US is actively encouraging its citizens to use foreign VPNs to enable greater surveillance of their citizens.

• Iran-linked group claims hack of FBI Director Kash Patel

  • Handala has claimed responsibility, who are also the ones behind the Stryker attack.

  • FBI confirms theft of director’s personal emails by Iran-linked hacking group

• The “Internet YIFF Machine” leaks millions of “anonymous” tips to DDoSecrets

  • Anonymous tip line for police leaked.

• America goes on cyber-offence

  • Economist article about the US’ new cyber strategy and Iran.

• A School District Tried to Help Train Waymos to Stop for School Buses. It Didn’t Work

  • Businesses argue that their technology should be exempt from laws while humans continue to suffer.

United Kingdom and European Union News

• Russia-linked malware operation collapses after security failures, developer’s arrest

• Vulnerability in German CampusNet:Addresses of over one million students exposed online

• Russia arrests alleged owner of cybercrime forum LeakBase, report says

  • Russia arresting cyber criminals is still relatively rare as many will cooperate with Russian intelligence services and police, but this uneasy alliance has been strained in recent years.

• ‘Dangerous’ AI child sexual abuse reaches record high as public backs clampdown on ‘uncensored’ tools

  • Internet Watch Foundation identified over 8,000 AI-generated videos and images of child sexual abuse in 2025. How much of this was Grok?

• Chinese Partnerships With European Universities Stir Security Concerns

  • Funny how China is okay with Europeans sharing/bringing research to China, but doesn’t want Chinese researchers sharing research or threat information with anyone outside of China.

• Ukrainian drones hit all three Baltic States − did Russia redirect them?

  • Cyber Electro Magnetic Activities (CEMA) is the name of the game now for militaries. It is why CAFCYBERCOM commands electronic warfare in addition to cyber.

• Elon Musk loses big in court; X boycott perfectly legal

  • Musk’s efforts to stiffle free speech and association fails and said to be a “fishing expedition.” Just a reminder that Musk profited off of CSAM. Yet, MInister of AI Solomon still believes X is a reputable platform.

• Pro-Ukraine hacker group Bearlyfy targets Russian companies with custom ransomware

• The Not so Great Firewall of Russia to increase capacity by 2.5 times by 2030

  • Russia is slowly moving towards a similar domestically controlled information space and internet as China.

• Poland faced a surge in cyberattacks in 2025, including a major assault on the energy sector

  • Led by Russia and increasingly includes destrutive attacks.

Other International News

• Hackers breach South Korea’s top lender subsidiary, leak customer data

• WTF: Police responded on Saturday night due to a zero-day

• Self-propagating malware poisons open source software and wipes Iran-based machines

  • A self-propagating backdoor in open source software that likes to deploy a data wiper on Iranian computers. Sounds like Israel to me.

• ‘GEO’ Services Are Flooding the Chinese Internet With Misinformation (h/t Catalin Cimpanu)

  • “Generative engine optimization, or GEO, to manipulate AI models, distort search result rankings, and spread misinformation to achieve commercial goals such as product promotion.”

• National Cyber Authority: 50 Israeli companies ‘digitally erased’

  • The scope of cyber attacks related to conflict is never fully captured by mainstream media and you generally have to go to cybersecurity firms to understand the state of things. This can actually make things difficult because not all cybersecurity firms publish reputable information.

• Wikipedia Bans AI-Generated Content

  • Good.

• Statement from the Cybersecurity Tech Accord: Advancing International Alignment in Cybersecurity Regulation to Strengthen Collective Resilience

  • The Accord is calling on G7 and OECD to work together to better align regulations.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Feature your business in Canadian Cyber in Context through sponsorship.

The federal government spends approximately $6.8 billion on information and communications technology every year.

It contracts extensively with the private sector for software development, database administration, cybersecurity, and more, handling core Canadian services that include sensitive financial and health information. Despite the scale of that investment and the criticality of those systems, Canada does not have a secure-coding policy. That gap is getting harder to ignore.

Secure coding refers to a set of practices designed to instill security into software development from the start. Security educator Tanya Janca describes it as “fostering a proactive, security-minded culture in software development teams”. The goal is to eliminate bugs and exploits that expose sensitive data or allow threat actors into an application or network.

The stakes are real. On average, Canadian businesses lose nearly $7 million per data breach. Total recovery costs from cybersecurity incidents exceeded $1.2 billion in 2023. Secure coding is not yet standard practice across the industry, but the case for it is becoming more difficult to dismiss.

AI is a big reason why.

PwC has found that AI is already automating tasks previously performed by developers, driving labour reductions, and enabling smaller teams to deliver software-as-a-service models. The Information and Communications Technology Council finds that many junior-level tasks, including programming, are increasingly automated. As AI accelerates through the industry, the need for a clear market signal around secure development is growing.

That signal has not come.

AI is increasingly used in programming and operations despite ongoing debate about its reliability. Anthropic, the creator of the Claude programming model, has acknowledged that the model “frequently overstated findings and occasionally fabricated data during autonomous operations.” AI can be productive and transformative, but it is not infallible. In some cases, poorly developed models can obscure their own errors. Human-in-the-loop oversight is not optional; it is a necessary condition for responsible deployment.

The Government of Canada is the largest ICT client in the country. Adopting a secure-coding policy would be a significant market lever, establishing strict requirements for secure software development across all government contracts, not just IT contracts.

That matters not just for security, but for digital sovereignty. A secure-coding policy can help ensure that Canadian data used in software development is handled in accordance with Canadian law without cross-border data transfers that could compromise sovereignty when US infrastructure is involved.

This is not about constraining AI or slowing innovation. It is about ensuring that adoption meets a security and safety standard, one that allows the federal government to tell Canadians their data is protected.

Such a policy also fits squarely within Canada’s National Cyber Security Strategy. Pillar 2 seeks to make Canada a global cybersecurity industry leader by prioritizing trusted innovation and building a foundational workforce. Fostering secure-coding and secure-AI practitioners advances all three of those objectives.

Janca, a Canadian information security leader and secure-coding advocate, has initiated a petition to the Government of Canada calling on the federal government to adopt a secure-coding policy for all custom software systems. It is one of the clearest signals yet that the practitioner community sees this as urgent. Whether Ottawa is paying attention is another question.

Feature your business in Canadian Cyber in Context through sponsorship.

Subscribe now

Editor Notes:

• I have a new paper out with the Canadian Global Affairs Institute:

  • Following the Digital Snail’s Trail: The Short History of Canadian Armed Forces Cyber Operations

• Go sign Tanya Janca’s Secure-Coding Petition! (Article on this coming soon)

Leave a comment

Share

Canadian News

• Bell to build 300MW Data centre in Saskatchewan

  • Bell Canada to build 300MW data centre in Saskatchewan

  • Bell plans $1.7B AI data centre in Saskatchewan as demand for computing power surges

  • George Gordon First Nation excited for Bell Canada partnership on AI data centre

    • I have frequently said that Canada’s big telecoms are best positioned to enter the data centre game. Glad to see Bell leading the charge.

    • The tenants will be United States corporations “CoreWeave and Cerebras [which] will be bringing in the compute hardware to run the AI workloads in the data centre. If you take the $1.7 billion of direct Bell investment and consider the compute hardware the two tenants will bring, we’re talking essentially close to $12 billion of direct investment right here in the province.”

      • This has major risk exposure under the US CLOUD Act, but unclear how much non-American data will be processed in this AI data centre.

• Meta and TikTok let harmful content rise after evidence outrage drove engagement, say whistleblowers

  • Whistleblowers confirming what we already knew.

• Bill C-22: Lawful access bill could create vulnerabilities for hackers, experts warn

  • One of the primary worries of Bill C-22 has been it could potentially enable the government to require integrating backdoors for easy lawful interception. Beyond the concerns that this could be abused, there is also major concerns that cyber threat actors, particularly China and Russia, could exploit this infrastructure.

• Secret Canada: Doug’s transparent cloak of self-serving secrecy

  • Doug Ford doesn’t want to be accountable and wants to hide what he is doing. Should we assume that Doug Ford’s office is engaged in illegal activities and that is why he does not want to release information?

• Manitoba Government Ending Predatory Pricing in Grocery Stores and Other Retail

  • “Manitoba government has introduced an amendment to the Business Practices Act that would ban retailers from using consumers’ personal data to increase the price of goods for a specific consumer”

  • Manitoba bill goes after grocers using ‘predatory pricing’ to charge some customers more online

• Instagram to remove end-to-end encryption for private messages in May

  • Meta will be ending end-to-end encryption in private messages. My only assumption can be that they will soon begin harvesting data from these messages to make a greater profit off of their users and occasionally for legal takedowns and removal of criminal content.

• “We’re in a moment in Canada”: Solomon brings AI pitch to Platform Calgary

• Montréal computer scientist Gilles Brassard wins Turing Award for quantum discoveries

  • A good reminder that Canada is the source for a lot of the most high-end and emerging quantum research that is helping Canada be amongst the leaders in quantum research and quantum applications.

• Manitoba launches AI consultations as it weighs tougher privacy and youth protections

  • Provinces will increasingly try to address the legal gap on AI as the federal government fails to enact regulations and laws to address the risks and threats of unmitigated AI.

• Google Search is now using AI to replace headlines

  • Google is destroying what turned it into a global giant.

• 1Password launches new platform to rein in companies’ AI agents

  • Securing AI agents is going to be massive business. Interesting to see 1Password getting in so early.

• DND/CAF 2026-27 Departmental Plan

  • DND/CAF releases its departmental plans. I am likely to do a long review of this and the departmental results for next month as I do every year.

• Defence Investment Agency announces new contract for Surveillance of Space 2 project

  • DIA continues to be busy with space ISR projects.

• C4ISR & Beyond 2026 Highlights

  • Vanguard Canada summary of C4ISR and Beyond, a yearly conference on C4ISR and the CAF.

  • Canadian Cyber in Context subscribers can view and watch more here.

• US, Canada and Germany move to dismantle four high-volume IoT botnets

  • Taking down botnets

• Individuals associated with Canadaland Podcast Allgedly Sends Phishing Emails with IP tracers to Journalists

  • Developing story where it has been discovered that the Canadaland podcast worked with the Canadaland subreddit to create an IP tracer website and attempting to phish journalists to discover the ownership behind sock puppet accounts.

• Canadians face ‘tsunami’ of transnational repression in coming years, cyber-research group says

  • Ron Deibert and Citizen Lab providing testimony to House of Commons, this is coverage of that testimony.

• CRTC making it easier to connect Indigenous communities to high-speed Internet and cellphone services

• Leaders, creators and innovators come together at Canada’s first-ever national summit on artificial intelligence and culture

  • The first National Summit on Articial Intelligence and Culture is held

• Cost of federal IT project explodes to up to $6.6 billion

  • Not surprising. Ottawa has habitually underfunded such modernization efforts, so this is maybe a positive sign that the proper investment will occur.

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Alert - AL26-005 – Critical vulnerability impacting Microsoft SharePoint Server – CVE-2026-20963

• ShinyHunters Hackers Threaten 400 Firms Over Stolen Salesforce Data

  • ShinyHunters have seen increasing success lately. (See Telus)

• Supply-chain attack using invisible code hits GitHub and other repositories

  • A lot of supply chain attacks are hitting Github as both state actors and criminals see the potential to compromise github repositories as an attack vecture.

• FancyBear Exposed: Major OPSEC Blunder Inside Russian Espionage Ops

  • Russian APT left open directories on a server with exploits and other major tools and information.

• New Malware Highlights Increased Systematic Targeting of Network Infrastructure

• Crypto e-commerce platform Bitrefill accuses North Korea of stealing 18,500 purchase records

  • Bitrefill can be used in Canada, so this has some impact on Canadians.

• Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls

• Vancouver-based Westport Fuel System’s Statement on Cybersecurity Incident

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research, Op-Eds, and Events

• Recorded Future 2025 Identity Threat Landscape Report

  • Nice eye catching opener: “Credential theft is the dominant initial access vector for enterprise breaches.”

• Google Threat Intelligence Group: Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape

  • Report on the broader ransomware ecosystem.

• Telegram’s Crackdown in 2026 and Why Cyber Criminals Are Still Winning (h/t Catalin Cimpanu)

  • More than 43.5 million channels were blocked in 2025, but that has done little to stem the flow of criminal activity on Telegram.

• Michael Geist: The Lawful Access Privacy Risks: Unpacking Bill C-22’s Expansive Metadata Retention Requirements

• Why Alignment Matters: Cyber Capabilities and Military Operational Schemes in All-Domain Operations

  • By the authors of cyber persistence theory. A great article.

NewsGuard's Reality Check

China Pushes Pro-Iran War Claims

Welcome to Reality Check, NewsGuard’s nonpartisan newsletter that tracks the false claims and conspiracy theories that shape our world — and who’s behind them. Support us by becoming a premium member or sharing our work…

Read more

2 months ago · 33 likes

NetAskari

China's massive data leak of military secrets ?

About two months ago we saw a sales announcement on a dark web forum by a hacker that goes by the name of “airborneshark1". It offered a massive data set of 10 Petabyte that was apparently extracted from the National Super Computer Center of China ( NSCC ) in Tianjin. It was re-upped again a few days ago, probably to drive up the bidding process. The fi…

Read more

a month ago · 65 likes · 6 comments · NetAskari

United States News

• US Congress Judiciary committee demands Big Tech share private comms with EU officials

  • US politicians are demanding the communications of the European Commission related to enforcement of EU law.

  • This is a direct attack on European sovereignty. The US CLOUD Act makes this infinitely easier for them to do this. This is a warning shot and it will only get worse.

• House Republicans introduce bill to go after Canada’s Online Streaming Act

  • This was inevitable and there are major problems with the Online Streaming Act, but new implications as Republicans and the United States continue to attack Canadian sovereignty.

• Elon Musk’s xAI faces child porn lawsuit from minors Grok allegedly undressed

• U.S Strikes Killed Iranian Cyber Chiefs, But The Hacks Continued

  • Not all countries conduct cyber operations the same. To assume a strict command and control and to remove all an actor’s capabilities to take our leadership or the HQ is extreme naivety or ignorance.

• Federal Cyber Experts Thought Microsoft’s Cloud Was “a Pile of Shit.” They Approved It Anyway.

  • Kind of reminds me of a few other examples north of the United States. The Government of Canada loves to spend money on Microsoft cloud, including DND/CAF.

• Declassified Report Reveals NSA Broke Surveillance Rules

  • And now we are supposed to believe they’ll follow the US CLOUD Act rules correctly? This is how they act regarding their own citizens personal information and data. They care even less about non-Americans data.

• Hacked crosswalks in Denver claim ‘Trump murders children’

  • Low level hacktivism

• Energy Department set to release its first-ever cyber strategy

  • I am of the opinion all departments should have a cyber strategy. Most will have some level of planning, but it’s a matter of how much leadership is engaged in this planning that also includes strategizing.

• FBI is buying data that can be used to track people, Patel says

  • Why request data through a process that may not be legal when the corporation will just sell you the data?

• Watchdog urges DOD to address external factors affecting CMMC implementation

  • CMMC is what CPCSC is modelled after, although it has begun to diverge enough to make CPCSC its own approach.

• Cyberattack on vehicle breathalyzer company leaves drivers stranded across US

  • An Insane story of what happens when critical services that work on behalf of the state fails in their cybersecurity. Appears to be affecting multiple states.

• Customer Updates: Stryker Network Disruption

  • Stryker providing updates on its recovery operations after the Iranian cyber attack.

• Marquis says over 672,000 people had personal and financial data stolen in ransomware attack

  • A lot of fintech compromises of late, which are a favorite target of criminals.

• White House pours cold water on cyber ‘letters of marque’ speculation

  • Senior officials finally made clear they were not interested in allowing private companies to conduct offensive cyber operations. With that said, this administration is now to change directions on a whim, misinformation, or current senile rambling of the president, so take this with a grain of salt.

• President Donald J. Trump Unveils National AI Legislative Framework

  • Six key objectives: Protecting Children and Empowering Parents; Safeguarding and Strengthening American Communities; Respecting Intellectual Property Rights and Supporting Creators; Preventing Censorship and Protecting Free Speech; Enabling Innovation and Ensuring American AI Dominance; Educating Americans and Developing an AI-Ready Workforce.

• California city reports ransomware attack as LA transit agency finds ‘unauthorized activity’

  • I get the sense that attacks on public organizations is on the rise.

United Kingdom and European Union News

• EU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure

  • Sanctioning a few companies and individuals.

• New UK disruption unit launched in crackdown on fraud

  • UK investing $250 over 3 years into new Online Crime Centre.

• Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

  • Another major iphone exploit tool found in the wild used by Russia.

• Russian hackers exploit Zimbra flaw to breach Ukrainian maritime agency

  • Cyber conflict remains active between Russia and Ukraine

• Belgium launches secure messaging app for government staff

  • With how much no one can rely upon US-based apps and infrastructure, I am not surprised by this move.

• (Google Translated Title) The aircraft carrier “Charles de Gaulle” located in real time by “Le Monde” thanks to the sports app

  • « StravaLeaks » : le porte-avions « Charles-de-Gaulle » localisé en temps réel par « Le Monde » grâce à l’application de sport

  • An every present problem for state defence and national security institutions. This has been a problem since the late 2000s with US forces in Iraq and Afghanistan. This is a known issue that I would wager a guess that all NATO countries have a policy about.

• Cyber attacks inflicted $220 mln losses on Russia, says Kyiv

  • Indirect losses amount to approximately $1.5 billion.

• Russian government hackers targeting Signal and WhatsApp users, Dutch spies warn

  • Encrypted messaging apps will always be a top target.

Other International News

• Digg Shut Down due to Bot Problem

  • This is just the beginning. This will continue to be a problem as many social media platforms

• Japan to Begin Active Cyber Defense Operations in Oct.

  • CAFCYBERCOM has increasingly been cooperating with many Indo-Pacific countries including Japan as part of greater Canadian presence in the Indo-Pacific.

  • CAFCYBERCOM and JDF conducted joint defensive cyber operations in 2025.

• Payload Claims Data Breach on Royal Bahrain Hospital (RBH)

  • Noteworthy for its target as Bahrain is amongst the targets for Iranian drones and reprisal attacks due to the United States and Israel’s attack on Iran.

• Linux Foundation Announces $12.5 Million in Grant Funding from Leading Organizations to Advance Open Source Security

  • Great to see this. Open source software is a massive target for APTs and cyber threat actors and a major ecosystem change needs to happen to better protect open source software.

• Industry Accord Against Online Scams & Fraud

  • A group of major multinational corporations have signed an accord to word together and fight online scams and fraud.

  • Signatories so far include: Adobe, Pinterst, Google, OpenAI, LinkedIn, Match Group, Meta, Amazon, Microsoft, Target, Levi Strauss & Co.

• Blocking the Internet Archive Won’t Stop AI, But It Will Erase the Web’s Historical Record

  • Internet Archive is increasingly being blocked as part of sweeping efforts to block website scraping, particularly to prevent AI and LLMs.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Editor Notes:

• Go sign Tanya Janca’s Secure-Coding Petition! (Article on this coming soon)

Leave a comment

Share

Canadian News

• Telus Digital confirms breach after hacker claims 1 petabyte data theft

  • A PETABYTE of data. Telus Digital confirms one of the largest data thefts in history. ShinyHunters have claimed resonsibility. This is a massive mess up by Telus Digital to allow this much data to be exfiltrated. While Telus cannot be blamed for ShinyHunters getting access via a supply chain attack, but there should have been controls and monitoring to prevent this much theft to occur.

• Supreme Court of Canada hearing in Facebook v Privacy Commissioner is on March 19

  • Supreme Court case concerning whether Facebook breached PIPEDA related to the Cambridge Analytica scandal.

• Canada and global partners advance 6G security and resilience at Mobile World Congress

  • Western countries learned after what happened with 5G and China and are much more active in developing future protocols.

• Minister Sidhu concludes productive meeting on Comprehensive Economic and Trade Agreement with European Union in Toronto

  • This has a lot of potential implications. The EU is potentially even more concerned about digital sovereignty than Canada, so improving Canada-EU digital trade would be great to grow Canadian cyber industry in the EU.

• Bell teams up with Coveo to modernize digital services for Ottawa, provinces

• Cybersecurity and Enterprise AI: Silicon Valley Canadian Technology Accelerator

  • Trade Commissioner and a group of Canadian cyber firms are headed to RSAC

• Minister Joly’s statement on the outcome of the further national security review of TikTok Technology Canada Inc. under the Investment Canada Act

  • Government of Canada says jk, nevermind, TikTok is cool now as long as Americans are harvesting and exploiting our data instead of China.

• Loblaw says some customers affected by data breach

  • “Low-level data breach” is an interesting phrasing here. A “criminal third-party” accessed names, phone numbers, and emails. Sounds like they’re trying to downplay this breach.

• Canada advances Defence Industrial Strategy to strengthen security, sovereignty and prosperity

  • Largely for innovation overall, but part of this does go to cyber and ICT.

• Projects supporting the growth of Atlantic Canada’s artificial intelligence ecosystem

  • This is the list of projects/businesses through the government’s $8.5 million investment into AI, which includes a handful of cybersecurity

• Satellites are Canada’s next sovereignty frontier as global ‘race’ heats up

  • I have been saying for a while now that Canada has a really strong domestic space defence industry.

• Privacy Commissioner of Canada tables in Parliament Special Report on ArriveCAN app investigation

  • The special report can be read here. The investigation was based on a complaint that the contractor did not have appropriate security clearances. OPC found the complaint is “not well-founded,” however they did find some deficiencies and provided recommendations for improvements.

• Turning intent into action: inside CAFCYBERCOM’s Command Evolution Team

  • Article from CAFCYBERCOM Public Affairs Officer on the standing up of CAFCYBERCOM.

• Pictures from CAFCYBERCOM’s Military Cyber Security Operations Course Philippines 2026

• Xanadu in talks with government over potential $390 million for domestic quantum manufacturing

  • This would be a big win for Canada. There’s limited quantum manufacturing in Canada right now, but it has been slowly growing over the past couple of years and is a great potential area for growth.

• Government of Canada reconvenes the expert advisory group on online safety

  • Kind of makes you wonder why they decided to not convene it until now.

• Ontario health agency vendor suffered major ransomware attack in 2025

  • This really highlights the major gaps in cybersecurity regulations and reporting in Canada.

• Government Reintroduces Bill C-22: Canada introduces new tools for law enforcement to investigate threats and keep Canadians safe

  • Some news coverage:

    • Police will get new powers for online data in tweaked ‘lawful access’ bill

    • New lawful access bill would give police, CSIS more powers to track suspects online

    • The scope of data retention is clarified: only prescribed metadata may be retained for up to one year, excluding content, browsing history, and social media activity.

• CRTC eliminates fees to make it easier to switch Internet and cellphone plans

  • Every so often the CRTC makes some good decisions for the consumer. Part of CRTC’s overall Consumer Protections Action Plan.

• Standing Senate Committee on Social Affairs, Science and Technology

  • Canadian Senate studying impacts of AI in Canada

• Ontario Updating Cyber Security, Privacy and Access Framework to Align More Closely with Jurisdictions Across Canada

  • Privacy and cyber security laws are not uniform across Canada, with Quebec having the most modern/up to date laws, so there’s a lot of incongruency across the provinces.

• Coalition Enters Excess Cyber Insurance Market in Canada

  • US-Based Coalition announces expansion into excess cyber insurance market in Canada. I’m honestly not a big fan of cyber insurance and think it can excerbate many problems.

• Retail & Hospitality ISAC and Retail Council of Canada Announce Strategic Partnership to Strengthen Cybersecurity Across Canadian Retail Sector

  • Retail & Hospitality Information Sharing and Analysis Center (RH-ISAC) and Retail Council of Canada is a partnership I am surprised isn’t done more with other trade associations. This is an easy path for any trade association to take to specifically address the cyber needs of their sector.

Read my analysis of sovereign cloud RFI and what it tells us about the Government of Canada's direction on sovereign cloud:

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• ShinyHunters Hackers Threaten 400 Firms Over Stolen Salesforce Data

  • ShinyHunters have seen increasing success lately. (See Telus)

• Supply-chain attack using invisible code hits GitHub and other repositories

  • A lot of supply chain attacks are hitting Github.

• Sandworm: Russia’s global infrastructure wrecking crew

  • Decent CTI profile on Sandworm/APT44

• Global Cyber Attacks Remain Near Record Highs in February 2026 Despite Ransomware Decline

  • Checkpoint says Canada ranks second worldwide in ransomware. This isn’t good.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research, Op-Eds, and Events

• Briefing Note: Quebec’s Sovereign IT Policy

  • Briefing note on Quebec’s Digital Sovereignty and IT Procurement Policy by Emily Osborne @ Canadian Shield Institute

• As U.S. state and Big Tech become one, we become digital serfs, and it sucks

  • Opinion piece by Vass Bednar, Managing Director of the Canadian Shield Institute

• Sovereign by Design: Strategic Options for Canadian AI Sovereignty

  • Report on options to develop sovereign AI in Canada by former government bureaucrat who had a large role in the government’s policy, Jaxson Khan, and former Trudeau economic advisor Sean Mullin

• Event: Rogers Cybersecure Catalyst is hosting a Defence Sector 101

  • Hosted by Daniel Blanc, former CAFCYBERCOM. If you are in the cyber sector and curious about defence, this is one not to miss.

• Inside the Dirty, Dystopian World of AI Data Centers

  • There’s a massive demand for cloud and AI data centres, but there’s a major social, environmental, and health impact on humans.

• Panel Discussion on Canada’s AI Strategy Consultations

  • “Industry experts gather in Ottawa to discuss the findings of the federal government’s recent public consultations on Canada’s national artificial intelligence (AI) strategy. This panel discussion features Erin Kelly (Advanced Symbolics Inc.), Michael Geist (University of Ottawa), and Jaxson Khan (Aperture AI). The event is hosted by the Canadian Internet Society and is moderated by Brent Arnold, the society’s chair. Katie Preiss (TELUS) provides opening remarks.”

• Deception and Detection: Why Artificial Intelligence Empowers Cyber Defense over Offense

  • Article by Lennart Maschmeyer, easily one of the best academics doing research on cyber conflict. (Even though we disagree on a lot)

• Age Verification Lobbying: Dark Money, Model Legislation & Institutional Capture

  • An investigation has found Meta and other social media companies behind a major push to lobby governments to shift age verification from websites to app stores.

United States News

• Whistleblower claims ex-DOGE member says he took Social Security data to new job

  • I would not be surprised if this turned out to be true with how terrible DOGE was at security and ruining everything it touched.

• An iPhone-hacking toolkit used by Russian spies likely came from U.S military contractor

  • Likely designed by L3Harris. L3Harris has a pretty big presence in Canada, but it is unclear if they sell exploits to Canada. I have been trying to learn just to what degree Canada purchases exploits from private sellers the past few years with nothing coming up yet, but that does not mean it is not occurring.

  • An L3Harris executive was sentenced to 7 years in prison for selling zero-days to Russian Operation Zero. There are some suspicions that he also sold this toolkit, which is also being used by Trickbot ransomware.

  • Feds take notice of iOS vulnerabilities exploited under mysterious circumstances

    • This is the Coruna exploit mentioned above.

• Viral ‘Quittr’ Porn Addiction App Exposed the Masturbation Habits of Hundreds of Thousands of Users

  • From the author of this story: “these kids are making Ferrari money telling people to use their app in order to stop watching porn, but they exposed their most intimate data and then lied to me about it”

• Rudd confirmed to head NSA, Cyber Command after near year-long vacancy

• Cybersecurity Regulations: Additional Industry Perspectives on the Impact, Progress, Challenges, and Opportunities of Harmonization

  • GAO report on cybersecurity regulations in the US

• Iranian Hacktivists Strike Medical Device Maker Stryker in “Severe” Attack that Wiped Systems

  • Major attack on Stryker affecting global operations in US, Australia, India, Ireland.

• No, it’s not ‘unnecessarily burdensome’ to control your own data

  • No one is believing the State department’s efforts to undermine digital sovereignty.

• 235,000 affected by cyberattack on largest ambulance provider in Wisconsin

  • A lot of critical information stolen in this attack.

• Hackers may have breached FBI wiretap network via supply chain

  • A lot of organizations getting hit with supply chain attacks at the moment.

• Exclusive: New data shows increase in FBI searches of Americans’ data last year

  • Not a surprise at all. This will continue and I worry it will eventually increase in targeting non-Americans.

• Starbucks discloses data breach affecting hundreds of employees

  • Unclear how much and who are affected so far, could potentially include Canada.

United Kingdom and European Union News

• Finnish intelligence warns of persistent cyber espionage from Russia, China

• Cork Stryker plants hit by suspected global Iranian-linked cyberattack

  • Appears to be hitting global operations. This comany makes medical devices include defribulators.

• Swiss e-voting pilot can’t count 2,048 ballots after USB keys fail to decrypt them

  • Technical errors are dooming this test in e-voting.

• Lloyds issues apology after Bank of Scotland and Halifax bank customers ‘see other people’s transactions’

  • Reason doesn’t seem to be clear yet, but investigation is ongoing.

• Iran-linked hackers claim cyberattack on Albania’s parliament email systems

• German Military University Adopts British Defense Hacking Program

  • “London-based Common Mission Project UK has announced the launch of its Hacking for Defense academic program in Germany in partnership with the University of the Bundeswehr Munich, marking the initiative’s first deployment in continental Europe.”

• Poland says foiled cyberattack on nuclear centre may have come from Iran

  • Hard to say how much of this is scare mongering, but Iran will be looking for any potential vulneraiblity just like Russia right now.

• Lost in translation: How Russia’s new elite hit squad was compromised by an idiotic lapse in tradecraft

  • Understanding tradecraft is important to understanding many dynamics to international cyber conflict.

• Moscow businesses struggle as Russia restricts cellphone internet services

  • The article tries to frame this as Russia is increasingly trying to roll back the Internet in the country so that they eventually have their own Great Firewall of China. In reality, it is more likely to do with preventing use of mobiel internet by Ukraine. I have seen some rumors of other concerns related to a coup, but nothing official yet.

• Europol and international partners disrupt ‘SocksEscort’ proxy service

  • Paid criminal proxy service taken down: Law enforcement shuts down botnet made of tens of thousands of hacked routers

• Cyberattack against former BND vice president

  • Former high-ranking official falls for Signal spear-phishing

• Office.eu officially launches in The Hague as Europe’s fully sovereign office platform

Other News

• ‘Invasive’ AI-led mass surveillance in Africa violating freedoms, warn experts

  • Where Authoritarian and dictatorial people operate, spyware and AI-led surveillance will follow.

• ‘AI Is African Intelligence’: The Workers Who Train AI Are Fighting Back

  • Fantastic reporting here. AI is based on data, but not just any data, AI requires good data. To ensure the data that AI is trained on is good, reliable, and accurate requires a lot of labour, which can be both physically and mentally taxing.

• Iran-Linked Handala Hackers Claim Major Hacks on Stryker and Verifone

  • Verifone has not reported a breach yet, but Stryker is already making a lot of headlines (noted above).

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

The Canadian Program for Cyber Security Certification (CPCSC) is still in development and is subject to change. The information in this will be updated as the CPCSC Secretariat releases more information.

I’m Andrew Laliberte. For years, I worked inside the Canadian Armed Forces and Department of National Defence networks, deploying and sustaining technical capabilities under strict governance, risk, and compliance constraints. It was not glamorous work. It was long hours, rapid learning curves, and constant pressure to keep complex systems stable in environments where resources were scarce and the rules were rigid… except when they weren’t.

That experience gave me something invaluable. A practical understanding of how compliance frameworks shape architecture, operations, procurement, and organizational survival.

Today, I work with organizations across the defence industrial base (DIB), from primes to specialized subcontractors, who are entering a new era. An era where compliance is not optional, not theoretical, and not negotiable.

Here is what many still miss.

Compliance is no longer a checkbox buried in the back of a contract.
In the defence industrial base, it is becoming the price of entry.

The defence industrial base is becoming one of the most compliance-driven sectors in North America. While it may not entail the liquidity and capital controls of banking, its cybersecurity requirements are increasingly mandatory, enforceable, and directly tied to revenue.

Over the next few years, mandatory frameworks like CMMC in the United States and Canada’s evolving CPCSC requirements will determine who can bid, who can handle controlled information, and ultimately who gets paid.

Compliance is not just a cost center.
Done properly, it is a market filter.
Market filters create competitive advantage.

This series breaks down what the coming compliance landscape means for your business and how to turn governance requirements into strategic leverage.

Because in the DIB, compliance is not paperwork.

It is cash.

Share

The 101 on CPCSC Level 1

Who

Program governance is distributed across federal authorities:

• Program Manager: Public Services and Procurement Canada (PSPC)
• Defence Authority: Department of National Defence (DND)
• Standards Development: Canadian Centre for Cyber Security (CCCS)
• Accreditation Authority: Standards Council of Canada (SCC)

What

The Canadian Program for Cyber Security Certification (CPCSC) is the Government of Canada’s official cybersecurity certification program for defence suppliers.

It safeguards unclassified Specified/Sensitive Information that flows from federal departments to industry under defence contracts.

Specified/Sensitive Information is categorized as:

• SI Low
• SI Medium
• SI High

These categories align with specified/sensitive information data types such as Protected A, Protected B, and certain Controlled Goods contexts, as well as several others. Organizations must understand how their data maps to these operational impact levels.

When

Beginning in Spring 2026, PSPC will introduce contractual language requiring self-attested CPCSC Level 1 compliance for award on most DND contracts.

Where

If non-commercial off-the-shelf (COTS) activity or Specified/Sensitive Information (SI) is involved, CPCSC applicability and level will be determined through the Industry Contract Cyber Security Risk Assessment, CCSRA.

SI Low, aligned to CPCSC Level 1, includes:

• Protected A information
• Low sensitivity Dual Use Goods technical data
• Non-critical sensitive supplier financial information
• Low sensitivity procurement documentation such as RFQs, purchase orders, and schedules

Why

CPCSC is Canada’s response to systemic cybersecurity risk across the Defence Industrial Base. It marks a shift from compliance on paper to structured, enforceable cybersecurity maturity requirements.

Three realities drive this shift.

• The threat environment has evolved. Smaller subcontractors are often the easiest path into larger defence programs.

• Self-attestation alone proved insufficient. Documentation did not always reflect operational reality.

• Verification is now built into the model, but in a graduated form. Level 1 remains self-attested. Levels 2 and 3 introduce formal assessments to validate implementation and operational effectiveness.

The direction is clear. Canada is moving toward higher assurance requirements for higher sensitivity work.

Cybersecurity in Canadian defence contracting is no longer an honour system. It is becoming a tiered eligibility framework.

For DIB firms, CPCSC is not a policy update. It is a structural shift in how eligibility, competitiveness, and trust are determined.

Those who treat compliance strategically will find it does more than protect contracts.

It positions them to win.

How

The best way to keep your costs and timelines down is accurate scoping. You must first identify the systems, services, people, and workflows that touch defence contracts or Specified/Sensitive Information.

Once scoped, apply the 13 CPCSC Level 1 controls to that environment and build a controlled operating model that integrates people, process, policy, facilities, and technology.

Level 1 is not advanced security engineering.
It is just the minimum acceptable standard in 2026.

In 2026, we are 38 years removed from the first major internet worm (Morris Worm). Thirty-eight years of warnings. Thirty-eight years of incidents. Thirty-eight years to get the basics right.

There is no strategic justification left for ignoring technical debt, postponing governance, or hoping regulators will look the other way.

CPCSC Level 1 is not an innovation burden. It is the baseline cost of doing business in the modern defence ecosystem. Align with it or step aside for organizations that will.

It forces clarity on who has access, what systems matter and whether they are maintained. For some organizations, this will feel like overhead. For disciplined organizations, it becomes structured.

And structure scales.

Share

Feature your business in Canadian Cyber in Context through sponsorship.

Where to Start with CPCSC

In CPCSC level 1, there are 13 security requirements from 6 of the 17 security requirements families found in ITSP.10.171.

All of that translates into 71 assessment objectives (AO), which is really the only thing you should focus on applying to your organization’s scope.

The AO are the questions on the open-book test. If you can confirm you’ve applied them to every applicable part of your scope, then you pass the test.

To make life interesting, of course, you also need to track and insert various “organization-defined parameters” or ODPs

Direct from ITSP.10.171 Sec. 2.2:

“ODPs are an important part of specifying a security requirement. ODPs provide both the flexibility and the specificity needed by organizations to clearly define their specified information security requirements according to their particular missions, business functions, operational environments and risk tolerance. In addition, ODPs support consistent security assessments to determine if specified security requirements have been satisfied. If a GC department or agency, or a group of departments or agencies, does not specify a particular value or range of values for an ODP, non-GC organizations must assign the value or values to complete the security requirement.”

And

“The term ‘organization’ is used in many security requirements, and its meaning depends on context. For example, in a security requirement with an ODP, an organization can refer to either the GC department or agency or to the non-GC organization establishing the parameter values for the requirement.”

Which means that so far, unlike CMMC for which the DoD released an official list of ODP values you can just plug in and plan for, the ODPs in CPCSC will be left up to whichever government entity wants to take a stab at defining it before ultimately leaving the rest up to you.

How will that shake out? Will it be regulatory chaos? Time will tell but the most practical thing you can do is take those DoD-defined values as your starting point when planning as it would be unlikely to require much modification once you get your official values on a contract.

Now, let’s run through a couple of the most impactful security requirements to get a sense of what your new day-to-day reality looks like.

Family: 3.1 Access control

Security Requirement: 03.01.01 Account management

AO:

A.03.01.01.d.01: access to the system is authorized based on a valid access authorization

A.03.01.01.d.02: access to the system is authorized based on intended system usage

Impact: For the average defence contractor, these CPCSC Level 1 objectives represent a shift from a “convenience-first” to a “compliance-first” operational mindset. Meeting A.03.01.01.d.01 requires a formal administrative process where identity is verified before a single login is generated; gone are the days of informal account creation or shared credentials.

Meanwhile, A.03.01.01.d.02 introduces the concept of Least Privilege, mandating that access isn’t granted simply because a person is “on the team,” but only because their specific role requires it. For a small-to-mid-sized firm, this means an increased administrative burden for which you’ll need documented evidence of who has access and why.

In practice, this forces contractors to tighten their internal HR and IT workflows, ensuring that when an employee’s role changes or they leave the company, their access is adjusted or revoked immediately to prevent unauthorized data exposure.

Family: 3.14 System and information integrity

Security Requirement: 03.14.01 – Flaw Remediation

AO:

A.03.14.01.a[03]: system flaws are corrected

Impact: For the average defence contractor, objective A.03.14.01.a[03] transforms patch management from a “best effort” IT task into a high-stakes compliance requirement. The primary impact is the loss of operational flexibility; contractors can no longer afford to delay updates for months out of fear of software instability. Instead, they must implement a disciplined vulnerability remediation lifecycle that includes identifying, testing, and applying security patches within specific timeframes.

For many firms, this necessitates a move away from manual updates toward automated patch management tools to ensure nothing slips through the cracks. Beyond the technical shift, there is a significant documentation burden. Assessors won’t just want to see that the system is currently updated; they will want to see historical logs proving that flaws were corrected consistently and promptly. This effectively raises the “floor” for cybersecurity maturity, forcing smaller contractors to invest in more robust IT support or managed service providers to keep pace with the constant stream of newly discovered software vulnerabilities.

Even if you’re assessing your own organization, this is the level of consistent organizational effort required to meet that attestation.

Family: 3.13 System and communications protection

Security Requirement: 03.13.01 Boundary protection

AO:

A.03.13.01.a[02]: communications at external managed interfaces to the system are controlled.

Impact: For the average defence contractor, objective A.03.13.01.a[02] marks the end of “open-door” networking and necessitates strengthening the digital perimeter. The impact is felt most acutely in how the company interacts with the outside world—specifically at the Managed Interface, which serves as the single, guarded gateway between the internal network and external entities such as the public internet or subcontractor portals.

Contractors must move away from ad hoc connectivity and instead implement strict Boundary Protection technologies, such as enterprise-grade firewalls or specialized gateways that perform deep packet inspection. This requirement often forces a structural redesign of the network to ensure that all data “traffic” is funnelled through controlled checkpoints where it can be monitored, filtered, and restricted based on pre-defined security policies.

For smaller firms, this typically means moving away from consumer-grade routing hardware toward more sophisticated managed security services, as the burden of constantly updating and auditing these interface controls requires specialized expertise to prevent unauthorized data exfiltration.

From Vibes to Verifiable

Seventy-one assessment objectives. ODPs that may or may not be pre-defined for you. Evidence trails. Role catalogs. Patch clocks. Firewall rules that now require justification instead of “vibes”. All of this at level one is your new reality. It is the methods and actions your organization will have to live by.

But here’s the uncomfortable truth: none of this is exotic. None of it is bleeding-edge cyber wizardry. It’s basic governance. It’s discipline. It’s documentation. It’s doing the boring fundamentals consistently enough that you can prove it.

CPCSC Level 1 doesn’t demand a security operations center or classified infrastructure. It demands that you stop running your defence business like a startup lab and start running it like a regulated supplier in a national security supply chain. Access must be justified. Vulnerabilities must be fixed. Network boundaries must be controlled, and you must be able to demonstrate that this isn’t aspirational, it’s operational.

Ultimately, the shift toward CPCSC Level 1 isn’t just about checking boxes or surviving an assessment. It’s about a fundamental change in how the defence supply chain operates. For the average contractor, these objectives move cybersecurity out of the IT basement and into the boardroom. Whether it’s formalizing who can log in, automating your patch cycles, or hardening your network boundaries, the common thread is verifiable control.

The tedious technical stuff is the baseline for doing business today. If you cannot prove you’re doing it, you technically aren’t doing it in the eyes of the Government of Canada. By aligning your ODPs with established benchmarks such as the DoD’s published values and treating the assessment objectives as your operational roadmap, you transform a regulatory obligation into a capability signal.

The transition is not light work. It requires structure, investment, and consistency. But what it builds is something far more valuable than compliance: a resilient, professional, and contract-ready organization positioned to compete in a regulated defence marketplace.

If you want to win defence-related contracts, accountability isn’t optional anymore. CPCSC will be the price of admission.

Feature your business in Canadian Cyber in Context through sponsorship.

Editor Notes:

• I have completed the first rough draft of my dissertation (yay!). I will be entering a major editing phase over the next few weeks, so my availability may fluctuate.

• Go sign Tanya Janca’s Secure-Coding Petition! (Article on this coming soon)

• Coming tomorrow, the first in Compliance is Cash! https://www.cyberincontext.ca/p/compliance-is-cash-where-to-begin

Leave a comment

Share

Canadian News

• Ottawa makes first RDII investments in Ontario with $15 million for CDL Defence and Wolf Advanced Technology

  • A few really promising companies are being supported through this.

• JetScaleAI secures $5.4 million to keep cloud costs and climate impact down

  • As compute costs continue to skyrocket amid the AI boom, there will be an increasing demand for the ability to reduce costs and increase efficiency.

• From Bill C-26 to C-8: Canada’s cyber law reboot explained

  • A good explainer on the current Bill C-8 making its way through Parliament.

• Ottawa puts $8.5 million behind 40 Atlantic Canadian AI projects

• Previously harmless Google API keys now expose Gemini AI data

  • People are stealing Google API keys to use for Gemini, leading to some very shocking surpising costs.

• Prime Minister Carney announces changes in the senior ranks of the public service

  • Chief Information Officer Dominic Rochon of Canada (TBS Secretariat) is now Deputy Secretary to the Cabinet (National Security and Intelligence). This is a big promotion, so props to Mr. Rochon, whom I have only heard nice things about.

  • Nothing yet on who the next Chief Information Officer is, which is not a good look.

• CCCS Cyber threat bulletin: Iranian Cyber Threat Response to US/Israel strikes, February 2026

  • Nothing major has surfaced yet, but we’re likely to see some reprisal operations. Iran was among the first to use wiper malware with the Shamoon virus against Saudi Arabia in 2012. They have capabilities

• Alberta to spend $40M on software upgrades after surge in cybersecurity incidents

  • Technical debt remains one of the top sources of vulnerability. $40 million for updating “legacy application” is quite interesting and could mean a few different things. A good amount of it is likely to upgrade to software that is currently being supported. Some of these applications are likely to be software that is no longer supported by the developer. Some cases could also be custom software where updates are needed.

• AI-generated CRA tax scams increasing, cybersecurity experts warn

  • Scams and fraud has particularly been helped by AI.

• TikTok won’t protect DMs with end to end encryption, saying it would put users at risk

  • Claims end to end encryption is “controversial,” which is an absolute load of bullshit. I guarantee you this means they’re scraping data from DMs. Do not use Tik Tok.

• Federal institutions average 259 days to report privacy breaches. They’re supposed to flag major incidents within 7 days

  • This is way worse than I would have expected, but I am honestly not surprised. Privacy breaches are usually treated less severe than cybersecurity breaches. While it may seem obvious, both are not the same, but often treated similarly as it involved the segmentation and protection of data. As David Fraser states in the article: "There seems to be no accountability for non-compliance with these laws and policies"

• Internal briefing says Canada’s National Research Council remains exposed to high-risk cyber attacks

  • National Research Council and any research-based organization should have a priority on cybersecurity, but it seems like they’re jumping from incident to incident.

• Canadian Manufacturers Confront Rising OT Cyber Risk

• From Iran to Ukraine, everyone’s trying to hack security cameras

  • Operational technology cybersecurity - so hot right now. More threat actors are aware of operational technology and its importance, so they’re increasingly trying to target it.

• Government of Canada Privacy Breach Class Action – Proposed Settlement

  • Potential class action for privacy breach of Government of Canada account between March 1, 2020 and December 31, 2020. An Approval Hearing will be held on March 31, 2026, at 9:30 a.m. PST

• Halifax Water investigating privacy breach, shuts down online portal

  • Hard to tell if this is a cybersecurity incident yet based on their messaging.

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• New AirSnitch attack bypasses Wi-Fi encryption in homes, offices, and enterprises

  • A new person in the middle attack that intercepts a target’s downlink traffic.

• Threat Actor leveraged a Popular AI security testing platform tool for Attack

• APT37 Targets Air-Gapped Networks With Novel Malware Strain

  • Over the past few years we’ve been increasingly seeing unique methods of attack to jump air-gaps. Usually APTs, I don’t think we’ve seen one from a non-APT.

• Google says half of all zero-days it tracked in 2025 targeted buggy enterprise tech

  • Part of this report says that zero-days were exploited by syware makers (15) more oftenthan government-backed espionage groups (12). This should be a concern for everyone because, believe it or not, spyware firms are less trustworthy than governments.

• Anthropic Partnering with Mozilla to improve Firefox’s security

  • Claude is increasingly doing great stuff with vulnerability discovery, so we’ll likely see more and more of these partnerships.

• Microsoft: Hackers abusing AI at every stage of cyberattacks

  • More of what everyone is saying: AI is making it easier for everyone to conduct cyberattacks.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research and Op-Eds

Read my cyber review of the Defence Industrial Strategy. TL;DR: It will help a lot of Canada’s cyber industry, but there are major gaps and hurdles to overcome regarding infrastructure and hyperscalers.

• Cross-Border Data Transfer Regimes: Current Landscape and Outlook Ahead

  • A good overview at global cross-border data transfer regimes, including Canada.

• Link11 Releases European Cyber Report 2026: DDoS Attacks Become a Constant Threat

  • I feel like we’ve certainly have already accepted DDoS attacks as a constant threat, but few have really elaborated on this.

• Fog, Proxies and Uncertainty: Cyber in US-Israeli Operations in Iran

  • A good overview on the role of cyber in current war against Iran.

Teresa Scassa’s Substack

BC's Court of Appeal decision in Clearview AI saga is a win for privacy

The British Columbia Court of Appeal has ruled that the BC Privacy Commissioner’s enforcement order against Clearview AI is both reasonable and enforceable. Clearview AI is a US-based company that scrapes photographs from the internet, including from social media websites, to build a massive facial recognition database which it offers as a service to la…

Read more

2 months ago · 3 likes · Teresa Scassa

United States News

• How Cyber Command contributed to Operation Epic Fury against Iran

  • USCYBERCOM and USSPACECOM were the first to take action, degrading comms and command and control of Iran including its air defence.

• Hacktivists claim to have hacked Homeland Security to release ICE contract data

  • Hacktivist group called “Department of Peace” leaked contract data between DHS Office of Industry Partnership and more than 6,000 companies including Raytheon, Anduril, Palantir, and more.

• How OpenAI caved to the Pentagon on AI surveillance

  • Sam Altman is either lying, is grossly ignorant, or was intentionally misled by the Pentagon. The redlines that Altman thinks the Pentagon agreed to, they actually did not.

• CBP Tapped Into the Online Advertising Ecosystem To Track Peoples’ Movements

  • Every level of United States law enforcement are trying to track your every movement because everyone who isn’t law enforcement is considered a threat to them. Do not travel to the United States unless you have to.

• A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals

  • I am getting a lot of deja vu about this and the Wannacry ransomware attacks.

• The FBI Discusses the Potential to Use AI to Hack Targets

  • The FBI states this is all hypothetical, but I trust the FBI as much as I trust the Trump administration.

• Will NSO’s US Lobbying Pay Off Under Trump?

  • Those who have bribed Trump with money have achieved significant gains. So, unless there is major internal pushback, then spyware firm NSO will benefit from bribing Trump.

• Iran war heralds era of AI-powered bombing quicker than ‘speed of thought’

  • Anthropic’s Claude and other models used to support the attack on Iran.

• Ransomware Breach at University of Hawaii Cancer Center Affects 1.2M People

  • Ransomware groups love to target healthcare.

• How Vulnerable Are Computers to an 80-Year-Old Spy Technique? Congress Wants Answers

• United States releases its Cyber Strategy

  • Six pillars include: Shape adversary behavior; promote common sense regulation; modernize and secure federal government networks; secure critical infrastructure; sustain supriority in critical and emerging technologies, and build talent and capacity.

  • Long story short: They are out of their depth and it is clear they don’t fully understand what they’re talking about. A lot of hot air. Long story short, they’ll do whatever they can get away with.

• FBI investigating ‘suspicious’ cyber activity on system holding sensitive surveillance information

  • Chinese threat actor access FBI internal network that stores wiretaps and intelligence surveillance warrants.

• Fact Sheet: President Donald J. Trump Combats Cybercrime, Fraud, and Predatory Schemes Against American Citizens

  • Some hints that the National Coordination Center may work with private sector orgs for hack-back.

• Congress looks to revive critical cyber program for rural electric utilities

• Air Force cybersecurity chief tapped to lead Pentagon’s information-security efforts

European Union & United Kingdom News

• ShinyHunters Leak 2M Records From Dutch Telecom Odido, Claim 21M Stolen

  • This will likely continue as Odido has said it will not pay the ransom. I would honestly be a bit worried if I was ShinyHunters. The Dutch have a long history of and are well regarded for their hacking skills, so I wouldn’t be surprised if the Netherlands makes targeting ShinyHunters a priority.

• Transport for London hack in 2024 affected around 10 million people, BBC can reveal

  • BBC claims this is one of the biggest hacks in British history. TfL was attacked by Scattered Spider

• Project Compass: first operational results against The Com network

  • I applaud and celebrate whenever The Com members are arrested.

• Major data leak forum dismantled in global action against cybercrime forum

  • Leakbase forum taken down.

Other International News

• North Korea’s APT37 hackers use new malware to breach air-gapped networks

• Amazon says drone strikes damaged 3 facilities in UAE and Bahrain

• The Iran war has a cyber story. It’s not the one you’re reading

• Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East

  • Iran appears to be conducting a lot of scanning and using IP cameras to aid in missile target selection.

• Israel says it knocked out Iran’s cyber warfare headquarters

  • Take this with a grain of salt.

• Chinese state hackers target South American telcos with new malware toolkit

  • If you’re a telco, China is targeting you.

• She Came Out of the Bathroom Naked, Employee Says

  • Swedish investigation into the mass privacy infringement of Meta glasses.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Canadian Cyber in Context is sponsored by

All views expressed belong to Canadian Cyber in Context and do not reflect the position of any sponsor.

Feature your business in Canadian Cyber in Context through sponsorship.

Share

Where are we at with Sovereign Cloud?

Since early 2025, the Government of Canada has increasingly looked to shore up and improve Canada’s digital sovereignty. The reasons for this are myriad, including many strong economic reasons to invest in Canadian capacity to develop data centre infrastructure to support Canada’s digital technology. However, the most influential reason is the significant turn the United States has taken towards authoritarianism, and Canada’s growing realization of how much its digital sovereignty is compromised by its reliance on United States cloud providers.

Initial explorations by the federal government noted big loopholes in policy and procurement that allow major hyperscalers and United States-based corporations to refer to themselves sovereign cloud. This is problematic because United States law states that any data on a foreign server that a United States-based corporation has access to can be requested by the United States as part of a “criminal investigation,” and the country where that data is hosted will have no say in its transfer.

One of the primary problems is that there are four different definitions of a “Canadian company,” including “any company that is formed in Canada following the laws of either the Government of Canada or a provincial government. This includes government and private companies of any size.” As a result, a company incorporated in Canada but owned by an American corporation still counts as a Canadian company. The Canadian Shield Institute have done some great work on this topic.

Those opposed to Canadian sovereign cloud being wholly owned by Canadian firms refuse to acknowledge Canadian national security and sovereignty issues, particularly due to United States law. Their error is ignorance and naivety in believing that their sovereignty matters more than ours. Fortunately, the Government of Canada is invoking the national security exception, which is something common in most countries that can be triggered to exclude a procurement from trade agreement obligations. This means Canada can say trade agreement rules concerning data localization and inclusion in procurement don’t matter, sovereign cloud is a matter of national security.1

SSC updated the request for information (RFI) on March 3, which provides new information on the program's direction and who will be allowed in. Before jumping into what’s new, let us figure out what SSC first learned that may have contributed to this update.

What has SSC Learned?

SSC released the first wave of its RFI on sovereign cloud capability last year. In addition to requiring that data is processed, transmitted, and stored exclusively within Canada, the RFI also included a minimum requirement that “at all times only under the control of service providers, up to and including their ultimate parent corporations, that are not subject to foreign laws that permit foreign governments to obtain access to Canada’s data without Canada’s prior written consent.” This RFI is intended to inform the development of a procurement vehicle for a sovereign cloud Infrastructure as a Service (IaaS) and a native Platform as a Service (PaaS).

In the update to the RFI, this has been changed to “Cloud services remain at all times under the control of service providers (including their ultimate parent corporations) that are not subject to foreign laws permitting foreign governments to access or compel actions affecting Canada’s data or services without Canada’s prior written consent.”

This difference in wording is very telling as SSC figure out how to specifically frame and define the techno-legal constraints to ensure digital sovereignty.

The RFI examined a range of issues related to sovereign cloud, but that this is the basic entry point for it is a very positive sign. After the first wave, SSC released documents that elaborate upon what they are looking for and what they have learned so far:

Rfi Dr Wave 1 Vague 1 Sovereign Cloud Webinar Questions & Answers No1

189KB ∙ PDF file

Download

Download

Rfi Dr Wave 1 Wave 1 Sovereign Cloud Webinar Questions & Answers No2

189KB ∙ PDF file

Download

Download

Rfi Dr Sovereign Cloud What We Heard Report

376KB ∙ PDF file

Download

Download

Rfi Dr Wave 1 Vague 1 Sovereign Cloud Supplier Webinar August 22 2025 0

625KB ∙ PDF file

Download

Download

Share

The Carney Government is making a lot of policy and proclamations about Canadian digital sovereignty in cloud and AI, but it is doing so without understanding the extent to which Canadian industry can meet what it is calling for, or the obstacles it faces.

This RFI is intended to help with this, and as SSC determine what is possible, it will seek more granularity to inform the government and eventual competitive process. Some highlights of what they’ve learned so far (Keep in mind that this is all self-reporting):

• 40 suppliers participated, and 32 met the sovereign eligibility requirements

  • This is honestly more than I expected.

• Sovereign cloud options do not match the “scalability” of hyperscalers.

  • This confirms what I have been saying. Canadian cloud providers exist, but they cannot match the scale of the giants.

• Limited sovereign hardware and reliance on proprietary software

  • This is no surprise. I do not want to call Canadian cloud providers resellers, but Canada hasn’t had much domestic innovation or development of cloud capabilities and technology. That means relying on other’s intellectual property a lot.

  • However, the current landscape and investment in this space mean this will be a growing sector.

I provide some additional commentary on some RFI Q&A at the end.

What’s New in the Update?

However, the federal government appears poised to address this gap. On March 3, Shared Services Canada (SSC) updated the Request for Information (RFI) - Sovereign Cloud Capability - Upcoming Competitive Processes with specific, targeted requests for information that should make proponents of Canadian sovereign cloud happy. I have covered a lot of information from last year here, so what’s new and so interesting about the update?

• As I already noted above, they have slightly adjusted their definition concerning what counts as sovereign cloud: “Cloud services remain at all times under the control of service providers (including their ultimate parent corporations) that are not subject to foreign laws permitting foreign governments to access or compel actions affecting Canada’s data or services without Canada’s prior written consent.”
  

• They have released details on the planned competitive process

  • Only Canadian small and medium businesses (SMBs) will be able to compete.

  • They use the Statistics Canada definition of SMBs:

    • A small business has 1 to 99 paid employees

    • A medium-sized business has between 100 and 499 paid employees.

  • When talking SMBs, they again want to emphasize that neither the corporation nor any parent corporation should be compelled by a foreign government to take any action without Canadian consent.

• There are likely to be one-off competitive processes that “address specific [security or] sovereignty related challenges where Canadian firms can offer concrete solutions that materially enhance Canada’s sovereign cloud posture.”

  • This seems to indicate that there will potentially be contracts where SMBs cannot meet the needs. This may even mean that United States-owned Canadian corporation could compete in these one-offs, but it is unclear what definition they are using for “Canadian firm” here. It likely means the narrow one they have developed to sovereign cloud, but for these one-off contracts it could be more permissible depending on the context.

• We also have a very vague timeline, but we at least know the steps. We know they are undertaking an agile procurement process, which is much more collaborative and can at times be quicker, so this is reflected in their timeline. It appears they are aiming to have a draft solicitation as soon as possible, which will be developed through engagement with industry.

  • One thing to note is that SSC/PSPC may move towards an initial technical qualification as the process progresses, because they will need to discuss some security requirements at some point.

    

Takeaways

• Shared Services Canada (SSC) is specifically “leveraging an adjusted definition specific to Sovereign Cloud Services procurement.”

  • This may run into some difficulty later in the procurement process as the government’s wants and needs for sovereign cloud may not align with a lot of existing policies. This is particularly reflected in many of the questions received about specifics related to qualifications and existing definitions and policies of SSC
    

• SSC are trying to determine what can be achieved with current capabilities that meet the specific guidelines they set out.

  • This may mean the results are not what we want to hear, but it will help the government determine what is feasible right now and what to invest in for the long term.
    

• Because there is a major market gap for Canadian firms specializing in data centre infrastructure, this creates a potential obstacle to seeing a full-stack sovereign cloud that is Canadian, but this is a starting point
  

• Post-Quantum cryptography will likely be required. They don’t have much more on this yet, but they at least acknowledge it’s likely a requirement.
  

• Do not expect any sovereign cloud investment and competitive process to replace the hyperscalers. The information SSC has received indicates significant market potential, but there remains a gap between the current potential of the Canadian sovereign cloud market and that of hyperscalers. This is likely contributing to the big focus on SMBs.

  • In other words, major cloud and data centre/infrastructure projects, like secret cloud, will still likely go to a hyperscaler.

Selected Q&A Commentary

• One question raised during the initial RFI was why the national security exception was invoked and whether this could limit competition.

  • It all depends on how you view competition. As this is an RFI, it is not a competition yet, but the exception will affect the competition in the end. Canada wants a sovereign Canadian cloud so using a national security exception doesn’t limit competition if it is specifically looking for Canadian firms. For American corporations who do not want Canadian to have digital sovereignty, this could be viewed as limiting competition because they aren’t involved. The problem here is that Canada doesn’t want their involvement, which is why the national security exception is being used. Americans do not seem to understand that they are the security problem we want to avoid.

• There was a question about the involvement of American hyperscaler-owned Canadian corporations in the process, such as Microsoft Canada and AWS Canada.

  • The response was that the RFI is not a qualification process and is just about collecting market information. The question is largely wanting to speak to being qualified for the eventual IaaS and PaaS of sovereign cloud, many of them claim to sell sovereign cloud as well. However, the development of this specific procurement vehicle will mean American hyperscalers will not be able to say they provide sovereign cloud, because according to the RFI, they are leaning towards a very strict definition where

• One question specifically asked about using “multiple services and technology layers” and the degree to which part or all of the components are affected by the United States CLOUD Act.

  • This is one of the best questions. We think of digital technology as a black box, all-inclusive, but when it comes to large data centres, cloud, servers, and everything in between, this can involve a vast range of supply chains spanning software and hardware. This is where a lot of Canadian service providers are likely to have some trouble because even if it is wholly owned by a Canadian firm, it could be using all United States products, such as software developed by an American hyperscaler.

• One of the most important questions is concerning what is meant by “subject to foreign laws.”

  • The core of this question is concerning a Canadian company with operations in the United States would still be affected by the United States CLOUD Act, or really other laws for that manner.

  • SSC is particularly looking for input on how a Canadian-owned company would address this. A major issue is that any major Canadian-owned corporation that operates at the data centre level and provide government cloud services are likely to be operating in the United States as well.

    • I am of the view that any sovereign cloud would have to either not operate in the United States or places with similar sovereignty-infringing laws or to explicitly state they will refuse all foreign requests/demands for Canadian-hosted data.

• One question asked if a Canadian-hosted service is sufficient, insinuating it is outside the scope of the US CLOUD Act.

  • This is false and part of the ongoing strategy of misinformation from American hyperscalers. It is no longer sufficient for data to only be hosted in Canada. A United States-based corporation like Microsoft or AWS, which owns its Canadian subsidiaries, is still required to give data to the United States if the courts say so, even if the data is hosted in Canada.

  • This is the entire reason for seeking to develop sovereign Canadian cloud.

Editor Notes:

• I have completed the first rough draft of my dissertation (yay!). I will be entering a major editing phase over the next few weeks, so my availability may fluctuate.

• Go sign Tanya Janca’s Secure-Coding Petition! (Article on this coming soon)

• There are no indications of major Iranian cyber attacks yet, but be careful out there.

Leave a comment

Share

Canadian News

• A $10-billion AI data centre races ahead in a rural Alberta town, population 9,679

  • “The project, if built, would include the second-largest power plant in Alberta and consume as much electricity as the city of Edmonton.”

  • Reminds me of this article I wrote last year:

• Government of Canada AI Register

  • The Government of Canada has opened the consultation on the public AI register. The AI Register provides information on where and how AI is being used in the federal government. The consultation is specifically seeking information on if it include the right information and how the AI register could be make easier to use. Submissions end March 31

• CIRA MDR delivers a 24/7 Canadian-based managed detection and response cybersecurity service

  • I certainly did not see this coming. CIRA is the Canadian Internet Registration Authority, which is in charge of the .CA domain. This is a pretty smart move as demands for sovereign security options grow, CIRA already has a strong market position. It will be interesting to see them entering what I feel to be a already heavily competitive sector.

• Meta Director of AI Safety Allows AI Agent to Accidentally Delete Her Inbox

  • These are the people we are supposed to trust about AI safety. It appears they gave OpenClaw access to their computer and email, which led to the entire inbox being deleted. I have resisted covering OpenClaw at all because of how plain dumb it is, but may

• Google Cloud calls for unified AI defense as energy sector faces cyber ‘perfect storm’

  • There is a growing need to better organize and defend critical infrastructure sectors. Although they frame this as defending things, this is really trying to say we should put more things in the cloud. While they do so as a means to leverage greater security tools and security, this is just marketing.

• Cyberattaque au CSS du Fer : voici ce que les parents peuvent faire pour se protéger, selon Steve Waterhouse

  • Amid so many data leaks and breaches, I like Steve’s advice: assume your data will eventually be misused and respond accordingly. Compartmentalization, two-factor authentication, and password managers should all be the norm.

  • For my Francophone subscribers: I am working on including more Quebec and French content in some capacity. I do not know it myself

• AI minister ‘disappointed’ by OpenAI meeting held in wake of Tumbler Ridge shooting

  • Who is going to tell Evan Solomon that his rose-colored glasses, failure to recognize and address risks and security threats, approach is a product of this, and he is part of the disappointment?

  • Canada Tells OpenAI to Boost Safety Measures or Be Forced to by Government

    • This was based on statements from Justice Minister Sean Fraser. I would say this is likely all bark and no bite, but it remains to be seen if this tragedy will change the government’s course. The Carney government and AI Minister Solomon have sent major signals that they did not intend to be restrictive or will focus on regulations, particularly to distinguish themselves from the Trudeau government and to lean into the economics of AI.

    • The perpetrator had a second ChatGPT account after their first was banned and OpenAI has

    • Feds reconvene Trudeau-era online harms panel amid chatbot fears

• Bell and Hypertec partner to strengthen Canada’s sovereign AI ecosystem

  • I have said that the best short term pathway for Canada to quickly develop a capacity to compete domestically is for Canada’s big telecoms, such as Bell, to get into the game. This is potentially one step in that direction.

  • The problem with US corporations is geographic and legal. If a corporation operates in the United States, it is exposing itself to the US Cloud Act. This is why we need a Canadian corporation that either does not operate or minimal liability in the United States.

• Videotron taps Samsung to modernise Canadian 5G core

  • An example of when I talk about Canada does not have the ability to compete with hyperscalers and often must partner with non-Canadians. Time and again they have to partner with others, usually for infrastructure needs.

• Minister Anand and Minister McGuinty welcomed Republic of Korea counterparts to Ottawa

  • Includes major cyber component. North Korea is one of the most prolific state cyber threat actors, and the Republic of Korea is often a target for this. Increasing cyber relations and cooperation is good and cyber is a major component to Canada’s Indo-Pacific strategy.

• Canada’s critical infrastructure is being targeted in cyber attacks | Deception Decoded

  • Short interview with the Head of the Canadian Centre for Cyber Security Rajiv Gupta

• Bell invests $1 million in McKenna Institute to strengthen Canada’s cybersecurity talent pipeline

  • This investment will help establish the “McKenna Institute Cyber Talent Program powered by Bell Canada. This 12-to-16 week, full-time, industry-led intensive program is designed to complement existing academic pathways by providing applied, real-world experience that reflects the rapidly evolving needs of the cybersecurity sector.” Sounds like this is setting up a co-op program.

• Canadian Tire Data Breach

  • HaveIBeenPwned confirms Canadian Tire data breach.

• Quantum, cloud and cyber take shape in Canadian defence plan

  • I was interviewed for this news story on the role of quantum, cloud, and cyber in the Defence Industrial Strategy.

• CSE calls on Canadian organizations and critical infrastructure providers to strengthen defences on fourth anniversary of Russia’s invasion of Ukraine

  • Canada remains a favorite target for Russian cyber threat actors.

• CRTC Releases Updated Strategic Plan: CRTC takes action to connect Canadians through technology and culture

  • Focus appears to be on connectivity and competition.

• Federal support to help an Alberta business adopt artificial intelligence technologies and compete in global markets

• Canada and India deepen education collaboration with new talent and innovation strategy

  • Includes 13 MOUs between Canadian and Indian universities of tech/research organizations. A few of these include AI, computer science/engineering, and other cyber-related.

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Alert - AL26-004 - Critical vulnerability affecting Cisco Catalyst SD-WAN - CVE-2026-20127

• CCCS Joint guidance on malicious cyber threats to SD-WAN networks

• 2026 CrowdStrike Global Threat Report: AI Accelerates Adversaries and Reshapes the Attack Surface

  • A crazy figure: Breakout time for initial access to network compromise went from 98 minutes in 2021 to 29 minutes in 2025.

    

• ByteVanguard Threat Brief Notes Canada as a Top Ransomware Victim

• Revolut says Telegram now Rivals Facebook as Top Fraud Source

  • Woohoo! Go Telegram and Facebook/Meta! You two are really knocking it out of the park for making the world a worse place.

• IBM Threat Index Report: AI is Speeding Up Cyberattacks, IBM Cautions Canadian Organizations

• Ransomware payment rate drops to record low as attacks surge

  • Ransomware victims only pay approximately 28% of the time

• Scattered Lapsus$ Hunters (SLH) Kicks Off Campaign to Recruit Women

  • With the prevelance of AI voice tools, it is interesting they are focusing on cruiting real women.

• New Gmail Account Attack Warning—Hackers Abuse Critical Security Check

• When Copilot Can See Too Much: Why AI Security Starts with Data Governance

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research and Op-Eds

Read my cyber review of the Defence Industrial Strategy. TL;DR: It will help a lot of Canada’s cyber industry, but there are gaps to overcome major hurdles regarding infrastructure and hyperscalers.

• The cybersecurity market is not consolidating. It is rewiring itself

  • Article by Francois Guay, creator of the Canadian Cybersecurity Network. It’s an interesting article. I especially like his emphasis on the importance of leadership, which is exactly the thing that I have been saying the Government of Canada is lacking on cybersecurity.

United States News

• North Korean Lazarus group linked to Medusa ransomware attacks

  • Medusa ransomware is a ransomware-as-a-service, which has been in operation for a few years now. North Korea is widely known to be heavily investing in ransomware operations to fund its regime, so this is continues to show it will use whatever tools are out there to get this done. Further, the fact that they appear to specifically be targeting healthcare is concerning for geopolitical reasons and because healthcare tends to be very cyber insecure.

• US Treasury sanctions Russian zero-day broker accused of buying exploits stolen from US defense contractor

  • They sanctioned OperationZero, which is the broker that purchased the exploits from the former L3Harris executive who was recently jailed:

• Former L3Harris Trenchant boss jailed for selling hacking tools to Russian broker

  • Sentenced to 7 years for selling 0day exploits to Russian buyer OperationZero.

• Marquis sues firewall provider SonicWall, alleges security failings with its firewall backup led to ransomware attack

  • Ouch. Cybersecurity companies, regardless of their services or products, should ensure their contracts are sound.

• Exclusive: US orders diplomats to fight data sovereignty initiatives

  • The United States does not want Canada to have digital sovereignty. For Canada to control what happens within its laws with data is apparently a concern for the United States. This should be a wake up call.

• Anthrophic Refuses to Remove Safeguards Preventing Autonomous Killing

  • Pentagon wanted no safeguards. Anthrophic reasonably understand why that’s a problem. Then Hegseth and the Trump Admin has proceeded to throw a temper tantrum and ban all federal agencies to cease using Anthrophic.

  • According to the New York Times: “the Pentagon wanted the company to allow for the collection and analysis of unclassified, commercial bulk data on Americans, such as geolocation and web browsing data”

• CISA replaces acting director after a bumbling year on the job

  • CISA has been gutted by the Trump admin and is stumbling at every step.

  • Canceled contracts, a failed polygraph and personal disputes: Inside the turbulent tenure of Noem’s former cyber czar

• Peace Corps Announces the Tech Corps

  • Using the Peace Corps to help people use… AI

  • This would be a good idea if it wasn’t focused on AI.

• Strikes on Iran will test US cyber strategy abroad, and defenses at home

  • There is a lot we still do not know about the use of cyber operations in the war against Iran, but we do know that Iran was innundated with attacks before Internet was cut.

European Union & United Kingdom News

• ShinyHunters extortion gang claims Odido breach affecting millions

  • Obido is the Dutch telecom that I included last week. ShinyHunters is one of the top extortion gangs working right now.

• Dutch police arrest man who refused to delete confidential files shared by mistake

  • Dutch police accidentaly gave a man access to confidential police documents and refused to give them back unless he receceived something in return. Police proceeded to arrest him for computer hacking. “Computer hacking” is an absolute major stretch here as the police accidentally sent a download instead of an upload link. The man (allegedly) willingly downloaded the files and tried to extort the police, so there is some level of wrongdoing here.

• Ransomware gangs advancing Moscow’s geopolitical aims, Romanian cyber chief warns

  • It’s long been known in the information security community that there is cooperation, or at least some level of communication, between Russia’s intelligence organizations and Russian cyber criminals. There has been some research to show that there are direct connections between the government and intelligence organizations and criminal groups. It’s why it is always noteworthy when Russia arrests any cyber criminals.

• US Orders diplomats to fight data sovereignty initiatives

  • This is not a surprise and the natural escalation of activities from a country who doesn’t want your business but your subjugation, but will punish you for not wanting their business. The best solution is to stop using US products. The United States does not want Canada to have digital sovereignty.

• New CLTC Report Analyzes Cybersecurity Policy Across State Legislatures

  • “lawmakers across 37 states passed 99 cybersecurity-related bills in 2025, establishing 393 new cybersecurity rules cumulatively.”

• Ukraine Turns Hackers and AI Loose on Its Own Weapons Marketplace to Hunt Cyber Threats

  • AIs and LLMs are increasingly being used for bug and vulnerability hunting, so it’s not a surprise that Ukraine is one of the first to scale this.

• ‘I can fight with a keyboard’: How one Ukrainian IT specialist exposed a notorious Russian ransomware gang

  • Ukraine has some of the best cyber operators in the world.

• Belarusian Cyber Partisans hacked Industrial Plant

  • Cyber Partisans hacked a plant belonging to Khimvolokno, which produces nylon uses for Russian military body armour.

• Netherlands Approves Sale of Solvinity to Kyndryl

  • Despite the Netherlands often being on the forefront of ensuring digital sovereignty, this means that a US company now owns most of the government’s cloud networks are now run by a US corportion.

  • As a Canadian I say welcome to the club!

• Palantir Sues Swiss Magazine For Accurately Reporting That The Swiss Government Didn’t Want Palantir

  • I am increasing hearing that Palatir is overrated anyways. Being overly litigious to protect your reptutation is increasing evidence maybe your product just sucks and the issue is the company just has no ethics and was the first in the game.

• UK Government cuts cyber-attack fix times by 84% and launches new profession to protect public services

  • A very cool initiative that I wish the Canadian federal government would also adopt.

• The cyber attack that accidentally fixed M&S

  • An interesting story that suggest M&S took time during their recovery from a cyber attack to rework its business that seems to have been a success.

• OpenAI agreement with the Department of War

  • OpenAI to allow Department of Defense to conduct domestic surveillance using Executive Order 12333, which allows the NSA to hide its domestic surveillance by tapping into infrastructure outside of the United States. This means OpenAI will be used by the NSA to conduct domestic surveillance against Americans.

  • Stop using OpenAI. Sam Altman is either a liar or is too stupid for his own good. This is a stepping stone to autonomous killing. This is Sam Altman and OpenAI helping the United States develop a means to avoid blame in war crimes by allowing them to blame AI.

• Ukraine says cyberattacks on energy grid now used to guide missile strikes

  • Cyberattacks on energy grid are used to collect intellligence to guide missiles strikes.

• Japan and the UK Announce Strategic Cyber Partnership Among Growing Global Focus on Privacy and Cyber Risks Posed by Foreign Actors

  • Canada has also signed a cyber-agreement with Japan and I believe Canada and Japan are already conducting defensive cyber ops together as well.

Other International News

• UAE claims it stopped ‘terrorist’ ransomware attack

  • Not sure I would say terrorist, but it’s not out of the question for a terrorist group to try ransomware as a source of funding.

• A Chinese official’s use of ChatGPT accidentally revealed a global intimidation operation

  • Chinese information operations are slowly picking up intensity..

• Air Côte d’Ivoire Data Breach

  • Cote d’Ivoire airline hit by INC Ransomware.

• Hacker Used Anthropic’s Claude to Steal Mexican Data Trove

  • “They don’t believe the attack is tied to a Foreign government.” The limited details about this attack are quite interesting. Does not sound like a normal cyber threat actor, but potentially domestic actor or espionage. This is a lot of data they stole.

• New Zealand Releases new Cyber Security Strategy

• AWS UAE suffers AZ outage after “objects strike data center” and cause fire, amid Iran attacks

  • Physical attack affecting infrastructure, but nothing major on cyber front yet.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Editor Notes:

• I have completed the first rough draft of my dissertation (yay!). I will be entering a big editing phase over the next few weeks, so my availability may fluctuate over the coming weeks.

Leave a comment

Share

Canadian News

• Canadian researchers develop AI tool to fight online disinformation

  • Feels like a drop in the bucket of the overwhelming amount of AI contributing to disinformation, but the people behind this are good people, so I hope it succeeds.

• Leaked Email Suggests Ring Plans to Expand ‘Search Party’ Surveillance Beyond Dogs

  • “Search party” is an AI application that uses Ring Cameras to scan for lost pets. Emails now suggest that Ring has long term plans to not keep this to just pets. Ring cameras are growing in use in Canada, just as they are in the United States, and are essentially becoming private surveillance companies, not for households, but for themselves to eventually leverage for profit.

• HaveIBeenPwned Verifies Canada Goose Data Breach

  • Canada Goose customer data stolen from a third party (supply chain!). Compromised data includes partial credit card, IP, physical address, names, phone numbers, email addresses. Lots of data stolen here.

• Hackers claim Canada Goose breach but researchers reveal data is “several years old”

  • Sounds like a third-party was attacked, but still an attack and Canada Goose is gauging the impact.

• Some Nova Scotia Power customers aren’t paying because they don’t trust their bills

  • Nova Scotia Power’s customer base has lost a lot of trust in them following the cyberattack.

• Organized crime groups targeting police data across Canada, report says

  • One reason it is so difficult to govern cyberspace is that the state lacks a monopoly on violence, and private actors have the same capacity to infiltrate or access databases the state does not want them to access. Many cyber threat actors readily sell their services to organized crime, so law enforcement must respond and protect their systems accordingly.

• Québec has a new digital sovereignty plan. Will it work?

  • Quebec has committed $1.4 billion for digital projects to be developed in the province. Long story short, everyone loves to commit to digital sovereignty until it actually means making the tough decisions to cut out those that would put Canada’s digital sovereignty at risk. Current Quebec contracts with US corporations raise doubts on their actual commitment. Part of the trouble comes down to definitions of digital soverignty, which US corporations and governments use to ignore the actual issue and to continue business as usual with clear word play and legal definitions of what qualifies as “Canadian.” Hint: Being built in Canada is no longer enough because United States law dictates that it can force corporations in the United States to hand over data regardless of where it is in the world.

• IDMerit data breach: 1 billion records of personal data exposed in KYC data leak

  • Pretty massive supply chain attack. Unsure of the degree to which this affects Canada, but the degree to which IDMerit is used likely means Canadians are caught up with this.

• A cyberattack paralyzes the CHOC FM radio station in Portneuf

  • No matter how big or small, you are a target for ransomware.

• Canadian Defence Review has a nice survery of some of the top Canadian AI defence companies

  • These articles are often little more than free marketing, but take this as an introduction to the topic.

• DOD leaders warn AI, cryptocurrency ‘lowers the bar’ for cybercriminals

  • This is talking about the United States, but this is very much true globally. The barrier to entry was already relatively low, but AI/LLMs and cryptocurrency have made the barrier to entry simply getting around the weak controls of an LLM to tell you what to do.

• Ottawa plans major investment in non-profit launched by AI pioneer to build safe, trustworthy systems

  • I’m a heavy critic of Evan Solomon as AI Minister, butr this is a good move. I don’t know much about LawZero, but it has a big focus on security and trust, so I am a big proponent of this.

• Youth involved in terrorist activities of the 764 Network/The Com placed on Peace Bond by RCMP

  • The Com is one of the more heinous groups operating.

• MDA Space Launches 49North, a Canadian defence business delivering multi-domain and mission-critical capabilities

  • MDA Space is one of Canada’s top space capabilities firm, so this move is no surprise and I anticipate that they will have a lot of success.

• Tumbler Ridge shooter’s ChatGPT messages were flagged months before attack

  • “The Wall Street Journal reported Friday that employees at ChatGPT wanted law enforcement to be warned after the shooter’s posts about gun violence last June were flagged by OpenAI’s automatic review systems. Their concerns were rebuffed, the WSJ reported, quoting unnamed sources familiar with the matter.”

• Bell Cyber and Radware expand AI-driven, cloud-delivered security services to address evolving cyber threats

  • What’s the solution to more vulnerabilities and threats because of AI? Add more AI to the mix for the defenders.

• Micrologic Partners with Cohesity to Become the Leading Sovereign Cloud Data Protection Solution in Canada

  • Digital sovereignty is the it product to sell right now, so if you can develop and sell a capability that promotes digital sovereignty you’re in for a smooth ride.

• Anthropic announces Clause Code Security

  • Anthropic’s Claude LLM was already popular for programming and being used for code review for vulnerabilities and Claude has now developed a model specifically for this.

• TeamSpeak claims an ‘incredible surge of new users’ has maxed out its hosting capacity in multiple regions as many would-be voice chatters seek a Discord alternative

  • Feeling like the 2000s again! Can’t blame everyone for avoiding Discord following its announcement that it would require ID scans. Discord had a data leak last year, so raises doubts about their security.

• 2024 Canadian Defence, Aerospace, Marine and Cybersecurity Industries Survey Released

  • You have to actually request them, but I think I may request them and see if I can pull any interesting information from it.

• BC Invests in Quantum Computing Research

  • Functional quantum computing is still quite a way out, but the stepping stones to it will have major impacts.

• Horizontal Red Tape Reviews

  • The federal government wants to hear from you about regulations which may impede business activities.

• The House of Commons Public Safety and National Security committee will be doing a clause-by-clause consideration of Bill C-8

  • I largely haven’t covered Bill C-8 because of burnout from its predecessor, but this is one to keep an eye on. While it’s a good step forward, it does have its issues.

• Government of Canada launches CFP to establish Defence Innovations Secure Hubs for quantum and uncrewed system technologies

  • The Bureau of Research, Engineering, and Advanced Leadership in Innovation and Science (BOREALIS) is launching a CFP to establish secure hubs for quantum. A great difficulty in quantum is being able to interact with defence officials and the military, so this should be a big help in contributing to cross-sector discussion, innovation, and advancement.

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Alert - AL26-003 - Vulnerability affecting BeyondTrust - CVE-2026-1731

• Play Ransomware Targets Canadian Organization Makivik

  • Play ransomware claims to have targeted Makivvik, a Quebec Inuit organization.

• China-Linked Hackers Use Dell RecoverPoint Flaw to Drop GrimBolt Malware

  • The federal government uses a lot of Dell equipment. I do not think RecoverPoint is used, or at least not common, but I would not be surprised if there is some limited exposure to this.

• Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets

  • A really interesting botnet to watch out for on Android devices: “[deploys] components that click on ads inside a hidden container, hijack browser search settings, or deploy unwanted apps in pay-per-install schemes.”

• 0APT Bluff Campaign Evolves Into Potential Threat

  • Despite a lot of 0APT fake intrusions, they are in fact deploying an encryptor.

• AI platforms can be abused for stealthy malware communication

  • Not surprised at all. If you can get something to point anywhere, it will be used for C2.

• AI-augmented threat actor accesses FortiGate devices at scale

  • A closer look at how a threat actor used commercial AI to compromise 600 FortiGate devices in more than 55 countries.

• CISA: BeyondTrust RCE flaw now exploited in ransomware attacks

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research and Op-Eds

Read my cyber review of the Defence Industrial Strategy. TL;DR: It will help a lot of Canada’s cyber industry, but there are gaps to overcome major hurdles regarding infrastructure and hyperscalers.

United States News

• CISA threat-hunting leader to depart for private sector role

  • CISA used to be one of the most respected cyber security organizations in the world. Now it’s a hollow shell.

• CISA and DHS Conducting Town Hall Meetings Regarding Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) Rulemaking

• Data breach at fintech firm Figure affects nearly 1 million accounts

• Mississippi Medical Center closes all clinics after ransomware attack

  • Hospitals often fight cybersecurity regulations, yet are some of the favourite targets for threat actors. They have closed all clinics and rescheduled many appointments, including surgeries.

• US cyber responses will be ‘linked to adversary actions’ and involve industry coordination, official says

  • US needs to impose ‘real costs’ on bad actors, State Department cyber official says

  • A lot of statements from US government about imposing costs on cyber threat actors and including industry in this response. Remains to be seen how or what this response will be or if it’s a lot of hot air.

• Increase in Malware Enabled ATM Jackpotting Incidents Across United States

  • FBI Flash report on the increase in ATM jackpotting malware.

European Union & United Kingdom News

• Safe and Inclusive E‑Society: How Lithuania Is Bracing for AI‑Driven Cyber Fraud

  • The Baltic states tend to be on the forefront of addressing deception-based attacks in part due to being undering constant attack from Russian through information confrontation.

• Massive Wave of WhatsApp Takeover Attacks Targeting Armenian Users — What Happened

• Your Car Is Spying on You – and Israeli Firms Are Leading the Surveillance Race

• Dutch telco Odido suffers data breach exposing data of 6.2 million customers

  • Pretty significant breach.

• The State Duma passed a law allowing communications to be blocked at the request of the FSB, even if there is no security threat

  • Bureaucratic efficiency in Russia is passing laws that mean that your security services no longer have to lie to do what they were already doing.

• EU Parliament blocks AI tools over cyber, privacy fears

  • Blocked in large part because that such tools sent data to servers outside the control of the EU. This is what taking digital sovereignty seriously looks like.

• Ireland’s Data Protection Commission opens investigation into X (XIUC)

  • Ireland joining many other ethical countries by iniating an investigation into Twitter/X due to the profiting of of Grok’s use of deepfakes for nonconsensual sexual material and child sexual abuse material.

• Adidas investigates third-party data breach after criminals claim they pwned the sportswear giant

  • Allegedly includes technical data.

• A Chinese hack exposes data of 5,000 Italian counterterrorism officers

  • A pretty major attack and intelligence win for China.

• Deutsche Bahn says cyberattack hit ticket and info systems

  • German rail operator is being hit with a significant DDoS attack that is described as coming in waves.

• EU Cyber Census 2025

  • EU Cyber Census tracks the implementation of the EU Policy on Cyber Defence. Full report is classified, but executive summary indicates EU members are all slowly developing their own cyber commands and cyber forces.

• Attackers breach France’s national bank account database

  • This is a pretty major attack, the first of its kind on a target of this type, as far as I know, in terms of accessing the country’s National Bank Accounts File (FICOBA), recording all bank accounts in the country. Depending on how much information the attacker accessed, this could be leveraged for all sorts of fraud and phishing.

Other International News

• Hackers target supporters of Iran protests in new espionage campaign

• Highly sensitive Australian court data accessed by foreign entity based in India

  • An Indian subcontractor that was hired by an Australian firm in breach of a contract accessed Australian court data.

• A Wave of Unexplained Bot Traffic Is Sweeping the Web

  • Traffic is linked to Lanzhou, China

• How Private Equity Debt Left a Leading VPN Open to Chinese Hackers

  • Chinese hackers breached Ivanti’s internal networks back in 2021.

• Advantest Responds to Cybersecurity Incident

  • Advantest makes semiconductor test equipment and is responding to ransomware attack.

• Fraudsters arrested in Nigeria following NCA intelligence sharing

  • Cambodia isn’t the only one with scam compounds. Nigeria is historically known for fraud (who remembers the Nigerian prince scams?), so it’s not a surprise the “compound” organizational concept is being globalized.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

All views expressed belong to Canadian Cyber in Context and do not reflect the position of any sponsor.

Feature your business in Canadian Cyber in Context through sponsorship.

On February 17th, the Government of Canada finally released its long-awaited Security, Sovereignty and Prosperity: Canada’s Defence Industrial Strategy. As authoritarian states rise and seek to dismantle the rules-based international order established since the end of World War 2, Canada cannot rely on its allies and must increase its own defence investments to counter decades of inattention. The Defence Industrial Strategy is meant to accomplish this and I will breakdown and highlight where cyber and broader ICT plays a role in the strategy.

The vision of the Defence Industrial Strategy is to build "A robust Canadian defence industry that provides technological and operational advantage to the Canadian Armed Forces and its security partners in their mission to defend Canada, and maximizes growth, job creation and economic benefits for all Canadians."

Share

The Strategy has five pillars:

1. Renewing the government’s relationship with industry

2. Procuring strategically through the new Defence Investment Agency and a new Build-Partner-Buy framework

3. Investing purposefully to strengthen an innovative Canadian defence sector

4. Securing supply chains for key inputs and goods

5. Working with domestic partners, including in Canada’s North and Arctic

The Strategy identifies seven key areas where Canada already has strengths: space, artificial intelligence, cyber, quantum technologies, medical countermeasures, robotics, and drones. These are key areas that area repeated throughout the strategy and where we will see some of the largest and most focused investments.

Many of the key 10-year goals of the strategy will impact including build world-leading Canadian firms in key sovereign capability areas; increase the share of defence acquisitions awarded to Canadian firms to 70%; accelerate procurement of successful Canadian R&D innovations; boost government investment in defence-related reseach and development by 85%; increase total Canadian defence industry revenues by more than 240%; grow defence revenues for Canadian SMEs by more than $5.1 billion annually; increase Canada’s defence exports by 50%; create 125,000 new jobs.

All of these goals tie directly into Canada’s cybersecurity industry, which is as dual-use of a technology as you can get.

Cyber as a Key Sovereign Capability

The federal government’s increased focus on defence matters has also coincided with a greater emphasis on cyber as a key capability, yet it is often overlooked because many capabilities are not considered intrinsically required for national security. In the Defence Industrial Strategy, the government actually lays out the Canada’s key sovereign capabilities. While there is no specific “cyber” capability, the closest is Digital Systems, with some overlap with other key capabilities areas.

Key Area 3: Digital Systems

• Secure Cloud; Artificial Intelligence; Quantum Computing and Communications; Integrated Command, Control and Communications; High-Assurance Communications Equipment

You can also say cyber touches on:

Key Area 1: Aerospace:

• Aerospace Platforms; Avionics; and Aircraft Communications.

Key Area 6: Sensors

• Marine Sensors; Quantum Sensors; Electronic Warfare.

Key Area 7: Space

• Space-based intelligence; Surveillance and Reconnaissance; Space Domain Awareness; Satellite Communications; Space Launch.

Cyber and digital capabilities touch nearly everything. Although the areas above are most directly connected to cyber, it can be argued that everything relies on cyber in some capacity; the question is how large or small that role is. The future of warfare is data and connectivity, which means cyber is at the heart of everything.

Canadian Cyber Security Industry Quick Facts

• Canada is the 4th largest hub for cybersecurity in the world

• The broader cyber security industry and value chain contribute more than $3.2 billion to Canada’s annual GDP, representing more than 30,000 jobs.

• In 2020, Canadian cyber security services produced over $1.15 billion in exports, with nearly 80% going to Five Eyes partners.

• 94% of Canada’s cyber firms are SMEs and 99.7% of Canadian AI firms are SMEs

• The research and development intensity in the cyber security industry was close to 2.5 times the Canadian ICT average in 2020.

• Growth in cyber security revenues is nearly double that of the broader ICT sector

In other words, Canada’s cyber security is a major economic force in the country and was already growing quickly without the additional support and investments via the defence industrial strategy. Many of these figures are old, but the stats remain the same or are even higher in 2025/26.

The strategy estimates that more than half a trillion dollars of downstream economic activity and overall investment will occur. This is a massive opportunity for Canada’s cyber industry that must take advantage, but it will take some adjusting to understand the nuances of the defence sector compared to the general market.

Pillar 1: Renewing Relationship with Industry

While no one will dispute that there is an inefficient and unproductive relationship between the federal government and defence industry, the cyber security industry wishes it had the relationship with the government that the defence industry does.

In Canada’s National Cyber Security Strategy, forging whole-of-society partnerships was the first objective that centred on a Canadian Cyber Defence Collective. However, the government’s efforts to do this are not off to a great start. The cyber industry should not expect any cyber-specific gains or advantages from Pillar 1 efforts, but there is still room for cyber to benefit from this, as with all other sectors.

This pillar focuses on how the government will improve its engagement with industry, including through procurement and partnerships. This includes the already launched Defence Investment Agency, as well as two other key actions of interest to the cyber industry in security clearance and ISED support.

The government will invest to speed up the security clearance process. This is something that everyone, including cyber folk, is hit with. Many people must go through the process to work in a field that many complain is overly classified, which can bottleneck operations due to security clearance requirements. This is good news for everyone.

The Government will also be investing in “dedicated ISED ‘concierge’ service for companies working on defence and dual-use technologies.” This includes cyber and is likely to be of a massive benefit once implemented. Given the niche, small areas cyber firms can cover, this concierge service and the many opportunities listed are likely to be a significant advantage for the cyber industry and the broader defence industry in integrating Canadian cyber.

Pillar 2: Procuring Strategically/Build-Partner-Buy Framework

This pillar centers on Canada’s need to develop strategic capabilities domestically, supported by the Build-Partner-Buy framework to guide this process. A significant focus here is on developing and securing Canadian intellectual property (IP) to ensure Canada maintains strategic capability and that the economic benefits of that IP remain in Canada.

The Build-Partner-Buy framework will be an approach led by the Defence Investment Agency to integrate the separate defence, industry, and procurement authorities and inputs to enable faster, coordinated decisions on capability acquisition. The framework seeks to prioritize purchasing from Canadian suppliers, investing in Canadian capabilities, including frontier areas such as AI and cyber, and partnering to build and maintain sovereign control. The Defence Investment Agency has already taken on multiple projects, including the Enhanced Satellite Communications Project – Polar, Airborne Early Warning and Control, Operational Training Infrastructure Enterprise Modernization, and others that are cyber or overlap with cyber.

Part of this pillar that has already been making headlines is that the Government will enter into partnerships with “champions” to help “[secure] domestic ownership and control over critical intellectual property and capacities - while also supporting Canada’s larger geopolitical objectives…” The government has already been doing this to a degree If you have been following the government’s approach to AI at all and their support of Cohere. This is a good approach and something that could be good with championing certain cyber firms, but it comes down to their process.

It is important to note that this approach is intended to protect IP and the economic benefits thereof AND to safeguard strategic capabilities and knowledge for Canada’s security. The framework’s emphasis on domestic reinvestment and sovereign control has a major impact on cyber capabilities. As the top cloud and AI hyperscalers are all American, there are no Canadian firms occupying the same space and competing at the same level as AWS, Microsoft, or Google. This means that there will need to be a middle ground between investment and purchasing of Canada products balanced with non-Canadian products and services that the Government of Canada will need to find ways to invest in while avoiding risks to Canada’s digital sovereignty. However, the Government of Canada has yet to demonstrate a full understanding of how to maintain digital sovereignty, as current policies still risk it by using cloud and AI data centres owned by American corporations. Despite these troubles, the partner dimension of the framework opens major opportunities with European enterprises, many of which are in a similar position as Canada, to leverage mutual efforts to build American-free cloud and AI infrastructure.

It appears the government will use the Industrial and Technical Benefits (ITB) Policy as a key lever to achieve many of these objectives. I have long advised any company or individual in the Canadian cyber space dealing with defence that ITBs are your key. ITBs are massive math equations for businesses that quantify how a government contract with said business will benefit the Canadian economy. The government’s intent to reform this system could benefit Canada's cyber sector by enhancing the benefits of hiring Canadian cyber firms. I have long said the ITB is the lever to actually build a coherent and strong Canadian defence ecosystem, not just defence industry. This is likely to be of incredible importance and benefit as the Canadian Program for Cyber Security Certification slowly enters into force over the next few years and increases cyber security compliance demands for Canada’s defence industrial base.

The proposed changes include:

Feature your business in Canadian Cyber in Context through sponsorship.

Pillar 3: Investing to Strengthen Canadian Defence Innovation

This pillar focuses on broad mechanisms that support defence innovation, including government initiatives and broader economic conditions that encourage investment. Many of the listed mechanisms are applicable to cyber, but it depends on finding the right program and CFP. It can be difficult for cyber capabilities to fit into many of these programs due to the niche nature of their work or product, so I at least hope they are developing these new programs with this in mind and recognizing that cyber is a frontier and key sovereign capability that needs to be recognized and included.

Where cyber is likely to see the biggest benefit is the additional capital for investment and support for defence exports. There is significant competition right now, but if you have a key sovereign capability, you should engage with all of these instruments. As noted above, Canada already is a major player in cyber security and support from the government can help to maintain and grow Canada’s cyber industry. The strategy also touches on growing the defence workforce, which should include cyber security professionals, but unfortunately, this is unlikely to be the case.

Pillar 4: Securing Supply Chains

This section discusses securing supply chains in a way that differs from how we do in cyber. A very loose definition of the supply chain in cyber refers to the components and applications that make up an individual piece of software or business suite. A compromise of a single supplier in a cyber supply chain can compromise the entire product or service. This is increasingly a common vector for cyber attacks. However, this section focuses on securing capacity or access to physical supply chains such as critical minerals or steel. As a result, these initiatives are unlikely to have a major impact on cyber.

One area which could impact cyber is the government’s commitment to looking at “legislative and policy tools to safeguard its most sensitive technologies, research, and know-how from malign actors.” Two potential dimensions to this instantly come to mind. First, as cyber operations are a common mode for intellectual property theft, the government may be seeking ways to punish cyber threat actors. Second, the government could be looking at levers to punish actors which try to export intellectual property illicitly. The section is quite unclear about this, but both raise interesting questions.

Pillar 5: Working with Domestic Partners, including in Canada’s North and Arctic

Of the categories, Pillar 5 is likely the least directly connected to cyber issues, but that does not make it any less important. Pillar 5 includes collaborating with provinces and territories, indigenous groups, and Northern and Arctic partners. Much of this section discusses partnering with local communities to ensure the critical infrastructure and capacity needed to secure Canadian sovereignty.

The most direct connections to cyber here are that in the North and Arctic there is very little digital infrastructure. The government is currently investing in satellites to improve connectivity in the North and Arctic, but relying solely on satellites is risky; you will also need on-the-ground infrastructure. Satellites are prime real estate for cyber threat actors, especially during an invasion or active conflict. Nevertheless, to accomplish anything the government wants, cyber or otherwise, you need people, which is much easier said than done. Cyber security and cyber overall are often known for their labour shortages, while it is debatable about how much of a shortage there actually is, this is something that should be really addressed in the workforce of the future and in the North and Arctic.

There is a significant opportunity among people in the North and Arctic, and cyber is a powerful vehicle and sector to support this enable further growth.

Takeaways - So What?

There is much to commend in the Defence Industrial Strategy overall, and it is well received in part because it is well constructed. Over the past few years, Canada has been bad at developing strategies. As Phil Lagasse says, Canada doesn’t do strategy. So, it is good to see them actually hit it out of the park on this one.

That said, from a cyber and digital perspective, this strategy is likely to benefit Canada’s cyber industries overall but is unlikely to affect capabilities that require a hyperscaler-level corporation. Ultimately, many of these efforts will help support and grow Canada’s defence and cyber industries, but current investment plans do not provide the means to counter the major risks to Canada’s digital sovereignty posed by hyperscalers. The reason I included stats about Canada’s cyber industry at the start is to highlight just how many are SMEs, which struggle to engage with DND/CAF. They often rely on attaching themselves to a large, prime contractor to contribute to a larger contract or do task-based contracts. Defence traditionally has a very difficult time engaging with start ups and small businesses, which is where most of the advanced, emerging cyber innovation is done. There is a lot of room for improvement in how DND/CAF engaged with Canada’s cyber industry and ecosystem, which this strategy is certain to help, we must be realistic about its limitations in affecting the broader economic realities of cyber and broader ICT industry.

Cyber and ICT are among the most dual-use technologies you can get. Individuals, businesses, and government agencies largely use the same software, run on the same operating systems, use the same protocols, and employ similar network technologies (for the most part). The difference between civilian and security or defence software or ICT, in most cases, is often about scale, uptime, use case, and additional security and protection. You can find many Canadian SMEs that develop niche software or hardware applications, but in certain major hyperscaler capabilities, you are unable to find a major Canadian corporation that can readily fill this spot anytime soon.

Secure Cloud/Secret Cloud is a perfect example of this and why I have been talking about it non-stop for 5 years. Secret Cloud refers to the military capability of a cloud networking environment that supports the use of secret-level data, including operational data. There is no single “Secure Cloud” or “Secret Cloud” project for DND/CAF; however, Information Technology Infrastructure in Support of Command and Control (ITI in SP of C2) is the primary one discussed when we talk about military secret cloud. The $250 to $499 million funding range is very small. To get a secret cloud in the way DND/CAF wants/needs will likely be more expensive than this. This is part of why the project has been taking so long: the cost expectations and the lack of a sole-source Canadian option.

ITI in SP of C2 is software- and hardware-intensive, with a large infrastructure footprint that likely requires a hyperscaler to support. That means either Amazon Web Services, Microsoft, Google Cloud, or potentially Oracle (All American). As I have discussed, there are significant sovereignty concerns with using any American cloud option. The only potential Canadian option that I am aware of is ThinkOn, but the scale and depth of security and control required may be beyond what ThinkOn can provide at this time, given its relatively new position in the government cloud space compared to its American competitors. However, investment in ThinkOn or another sovereign Canadian option could position it as one of the “Canadian champions” competing with American hyperscalers for security- and defence-related cloud capabilities, but this will take time, which is not on our side.

The problem with these options is that, strategically, DND/CAF needed a secret cloud a couple of years ago. The ITI in SP of C2 has been stuck in the definition phase for many years. The implementation is (currently) scheduled to begin in 2025/2026, with initial delivery in 2028/29 and final delivery in 2030/31. Although the project is delayed and has encountered difficulties, the timeline can still be met, but it would require an American hyperscaler. Digital transformation and broader military modernization increasingly require cloud networking to enable seamless data transfer and support capabilities, including NORAD's cloud-based command and control and the many electronic and information capability suites of the F-35. As these capabilities are currently being acquired, there cannot be any further delay in DND/CAF acquiring its own secret cloud.

To compete with hyperscalers, the Government of Canada needs to think about sovereign Canadian cloud in terms of major government projects and understand the limits of the current economies of scale which make cloud, AI and other infrastructure-dependent capabilities difficult to overcome with the present Canadian business landscape. Canada’s cyber industry is world-leading and its SMEs are some of the best in the industry, but they usually cannot compete with hyperscaler capabilities in data centre and data infrastructure. If we fail to recognize the overreliance on last-mile technologies, we overlook that it is the first-mile technologies and infrastructure, like data centres, that the first-mile relies upon and determine if Canada maintains digital sovereignty.

Feature your business in Canadian Cyber in Context through sponsorship.

Share

Editor Notes:

• Rewire is out on Tuesday due to the holiday, regular will be released on Monday next week.

• I have begun receiving large batches of completed ATIPS that I requested, which are available to subscribers here.

Leave a comment

Share

Canadian News

• U.S. seeks to extradite Saskatoon man accused of hacking educational systems to mine crypto

  • Hacking a supercomputer just to mine crypto. That’s just sad.

• Regulator plans two-part inquiry into last year’s cyberattack at N.S. utility

  • I think that Nova Scotia has handled this incident tremendously by studying it in depth and being quite open about the process.

• Architect of Canada’s Early Military Cyber Capability

  • A great article from my friend Pete Hillier, who is a pillar of Canada’s cyber defence community. Pete goes into some of the beginning of the Canadian Armed Forces’ cyber capabilities, particularly focusing on the important work of Lieutenant-Commander (Ret’d) Robert Garigue.

• Volvo Group North America customer data exposed in Conduent hack

  • Supply chain attack: The compromise of Conduent led to the data breach of Volvo Group North America, which includes Canadian operations.

• Canada’s new AI strategy is off to a bad start

  • The AI Minister wants to build trust in AI, but keeps using AI terribly. This is why you need more social scientists in government to develop better methodology for you.

• Mapping the data that quietly threatens Canada’s national security

  • An article on the partnership between Calian and Dalhousie University. A bit of a puff piece and not too much details, but an interesting look into the partnership nonetheless.

  • Write up from Calian about the partnership from 2022

• Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns

  • While already a common target, the major boom in the defence industry means that defense companies are increasingly a prime target. With how much everyone is focused on profits, actual security often gets overlooked.

• GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Use

  • Google Threat Intelligence Group is basically saying that many APTs are making heavy use of AI in some capacity.

• Vimy Forge announces its first cohort

  • Vimy Forge is a national defence accelerator based in Fredericton, NB that aims to support Canadian innovation in defence. The first cohort includes a few cyber-related firms including 123 Cyber (our sponsor, woohoo!), Prodigy Intelligence, SeafarerAI, and Tehama.

  • Atlantic Canada invested almost $1million in Vimy Forge

• Ottawa-Gatineau launch task force to create defence innovation hub, bid for proposed bank

  • What is often lost in the discussion of defence is that cyber security is always part of the discussion. Cyber security is one of the most universal dual-use technologies that we can talk about. This is why I am glad that Invest Ottawa specifically mentions cyber security as one of the key areas for investment and and growth.

• Fiscal Implications of Meeting NATO’s 5% Commitment

  • NATO’s 5% defence commitments break down to 3.5% on core defence spending and 1.5% on “ancillary defence and security-related spending.” The Office of the Parliamentary Budget Officer released a report on the fiscal implications of these defence commitments, but I’m most interested in that 1.5% because it specifically impacts networks and information infrastructure. Approximately $60 billion must be spent to reach the 1.5% commitments. A great way to spend this money would be on secret cloud and actually developing a sovereign cloud beyond the control of US corporations.

• Canada and Germany sign AI joint declaration and launch Sovereign Technology Alliance

  • Maybe under the previous Trudeau government, Canada could say it was focused on “secure," but current AI Minister Evan Solomon and the government have made it clear they don’t care about security in digital issues. I would not be surprised if they simply do not understand it and accuse those wanting security as holding back economic investments. Evan Solomon is neither a serious person nor a serious minister. This government only cares about security as long as you can invest in it.

• Hack linked to gun licensing program was biggest federal data breach in last 5 years: documents

  • Great piece from Matt Malone. The federal government has has multiple breaches the past few years, but they have provided very little information about any of them.

• Canada’s Sovereign AI Compute Gap: Why We’re Still Treating a Strategic Assets as a Service

  • Despite many claims by the Government of Canada, nothing has changed about current policies and approaches, and Canada is just as exposed to United States infringement on Canadian digital sovereignty.

• Ottawa-Gatineau to host international cybersecurity summit in December

  • INCYBER Forum was a pretty big deal last year, so I am sure having the event in the capital will continue this.

• Alberta Begins Personal Information Protection Act engagement

  • I don’t normally cover provincial-level activities, but this crossed my feed. Canada still does not have modern privacy legislation, which puts additional onus on provinces to try to fill in the gaps that the federal government is failing to address.

• Canada’s NORAD commander outlines defense upgrades

  • We always think about radars and F-35s as NORAD modernization upgrades, but the core to NORAD modernization are digital upgrades. Radars also happen to be one of the most targeted military assets for cyber attacks, so cybersecurity is imperative for them and NORAD modernization.

• Discord faces backlash over age checks after data breach exposed 70,000 IDs

  • Everyone is turning to ID and facial checks for age verification, but everyone is ignoring the calls from security researchers and advocates about how dangerous this is without instituting sufficient levels of controls to protect users privacy.

• 0APT ransomware group rises swiftly with bluster, along with genuine threat of attack

  • A new ransomware group called oAPT has popped up claiming approximately 200 victims, including Canadian victims like Global News. However, majority of these claims appear to be hoaxes with only a few genuine attacks.

  • This is why you should always be suspicious of ransomware groups. They will always claim something is worse than it actually is, even outright lying that they have access or locked down anything. This is why in any circumstance where you are attacked or a ransomware actor reaches out to you, lock down your network and contact a professional.

• C4ISR and Beyond is a one-day conference in Ottawa focused on the defence ecosystem around C4ISR (including cyber!). Canadian Cyber in Context subscribers don’t have to worry about missing the event:

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Cybercriminals Exploit Fake Traffic Ticket Portals To Harvest Sensitive Information

• AgreeToSteal: The First Malicious Outlook Add-In Leads to 4,000 Stolen Credentials

  • Be careful about the in-office tools you use; they could be malware.

• Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws

  • I’m not usually one to cover patch Tuesday, but the fact that 6 zero-days were addressed I think it indicative of just how active the cyber threat environment is right now. (For those unfamiliar, Tuesday tends to be the day Microsoft and others release a lot of patches, hence Patch Tuesday)

• Apple patches decade-old iOS zero-day, possibly exploited by commercial spyware

  • Another step in Apple’s long battle against commercial spyware.

• Substack breach affected approximately 663K accounts.

• Stairwell detects widespread exposure to critical WinRAR vulnerability across customer environments

  • Et tu, Winrar?

• Social media and other platforms are increasingly require age verification. Unfortunately it seems easy to bypass.

• Crazy ransomware gang abuses employee monitoring tool in attacks

  • Alternative headline: Ransomware gang uses abusive employee monitoring tools in attack

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research and Op-Eds

• Recorded Future’s 2026 State of Security: How Global Fragmentation is Redfining Conflict Across Cyber, crime and Influence

  • Recorded Future is a favourite cybersecurity firm of mine, so their 2026 state of security report is a must-read in my opinion.

• FIRST Forecast: CVEs Expected to Surpass 50,000 in 2026 for First Time

  • CVE stands for Common Vulnerabilities and Exposures, which is a type of classification for a known vulnerability in software, which are verified and catalogued to inform defenders about them and to take appropriate action. CVEs are what is exploited by threat actors, so the active CVE expecting to pass 50,000 in 2026 is very noteworthy about the cyber threat environment.

• AI will disrupt millions of jobs, so what is Ottawa’s plan?

  • There is such an overwhelming focus on securing Canada’s role in AI as an economic force, but little attention is being paid to how AI will seriously impact society.

• Filière défense: sans trajectoire, pas de souveraineté( Defense sector: without a trajectory, there is no sovereignty)

  • We talk a big game on sovereignty, but we continue to let doors open which only provide a performative show of sovereignty and digital sovereignty issues are a top one.

NetAskari

Critical strike: China's hacking training grounds (PART 1)

China’s state-backed hackers have intensified their attacks on the critical infrastructure of other nations in recent years—often with notable success. Their techniques are highly sophisticated, but just as significant is the support ecosystem that enables them to develop and refine those attacks. Hidden “digital shooting ranges” allow operatives to pra…

Read more

5 months ago · 21 likes · 5 comments · NetAskari

Natto Thoughts

The Tianfu Cup Returns Under MPS Leadership as AI Takes Center Stage

The Tianfu Cup (天府杯), China’s premier exploit hacking competition, has returned to Chengdu, Sichuan Province, for its sixth edition, held from January 29 to 30, 2026. This time, under the organizational lead of China’s Ministry of Public Security (MPS), China’s domestic law-enforcement authority. Launched in 2018 after Chinese authorities…

Read more

2 months ago · 4 likes · Eugenio Benincasa

United States News

• Exclusive: Trump pauses China tech bans ahead of Xi summit

  • Everyone is claiming this is a negotiating tactic, but the United States’ lack of consistency and bold facing lying about everything means that we can only assume the most selfish and short sighted ambitions and purposes for any action that the United States undertakes. We especially cannot assume any action taken is the result of intelligent action, but is just as likely to be an emotional, shallow action with no strategy behind them.

• DOJ says Trenchant boss sold exploits to Russian broker capable of accessing ‘millions of computers and devices’

  • The market for zero-days and hacking exploits is still very unregulated and there are private actors that make a killing in this space, but usually they aren’t the ones leaving companies and selling their data. Usually it’s neutral, third parties that do the best on the open market, although if you’re in a Western country, Russia, or China usually you only have one option on who to sell your wares.

• US needs to impose ‘real costs’ on bad actors, State Department cyber official says

  • If cyber threat actors operate without concern for consequences, then they will continue to act as if there are no consequences.

• FTC Issues Second Report to Congress on its Work to Fight Ransomware and other Cyberattacks

• Attor­ney Gen­er­al Ken Pax­ton Demands Infor­ma­tion from Blue Cross Blue Shield of Texas and Con­duent as Part of Inves­ti­ga­tion into Largest Data Breach in U.S. History

• CIA, SOCOM gearing up for rapid capability assessment with an eye toward ‘field-forward’ ops

  • The future of warfare and conflict lies in leveraging data. Access to greater amounts of accurate data with quick and intricate data analysis will give actors a major decision-making advantage.

    • This is at the foundation of CJADC2 and the Canadian version of Pan-Domain Command and Control (PDC2). I have written an introduction to Canada’s approach to multi-domain operations and pan-domain for CGAI here. The core capabilities to this are cloud networking, big data analytics and processing, and AI.

European Union & United Kingdom News

• EU, Dutch government announce hacks following Ivanti zero-days

  • Ivanti is having major success in targeting European countries and organizations.

• Russian military scrambles to find Starlink alternative after access blocked

  • I gave big props to SpaceX for moving quickly on this, and this highlights just how important infrastructure is for modern capabilities. Secure and reliable data connectivity is paramount to modern military operations that Canada and other militaries are increasingly reliant upon. This is why fiber optic drones are increasingly common as the lack of infrastructure and secure data connectivity amid degraded electro-magnetic environment makes this very difficult to achieve.

• Russia’s sabotage campaign is becoming bolder

  • Russia is increasingly using cyber operations to continue its sabotage campaign targeting Europe and Ukraine-allied countries.

• Parliament again tells Dutch gov’t to prevent DigiD from ending up in American hands

  • Canada, unfortunately, is not in a position to do the same unless the government take a dramatically more risk-prone approach than they have been.

• WhatsApp domain disappeared from Roskomnadzor’s DNS server.

  • Russia blocks Whatsapp, YouTube, and many other services.

• The grid is the battlefield: what the Munich Security Report reveals about cyber warfare and the fight for Europe’s energy infrastructure

  • Cyber attacks are a top discussion at the Munich Security Conference this year and for good reason. Europe has been getting hit particularly

• Exclusive: Binance fires top investigators who claim to have uncovered evidence of Iranian sanctions violations

  • You remember Binance. The ones who were convicted of violating sanctions and anti-money laundering laws in 2023, but were able to avoid a lot of the punishments after providing bribes to the Trump administration.

Other International News

• Leaked technical documents show China rehearsing cyberattacks on neighbors’ critical infrastructure

  • First reported by NetAskari (linked above), this news article is based on that report. This shouldn’t be a surprise to anyone. This technology is readily available given how common large cloud infrastructures are, so it makes sense that China would be looking for gaps and practicing penetration testing against them daily. We should expect our cyber forces to do the same.

• X Tried to Sidestep Brazil’s Inquiry on AI Deepfakes. The Government Just Pushed Back.

• Largest Multi-Agency Cyber Operation Mounted to Counter Threat Posed by Advanced Persistent Threat (APT) Actor UNC3886 to Singapore’s Telecommunications Sector

  • Chinese APTs have penetrated all of Singapore’s major telecoms. This is not a surprise. Most telecoms have been penetrated by Chinese APTs at this point due to salt/volt typhoon.

  • News article about this.

• South Korea blames Coupang data breach on management failure, not sophisticated attack

  • Sometimes it isn’t external threat actors, but your own management that cause incidents. This is why CPCSC and CMMC are quite important for the defence industry, because they are meant to ensure internal compliance is sound so that we can focus on external threats.

• Security bodies say they foiled hundreds of Iranian cyberattacks against senior Israelis in past months

  • Iran has a comparatively large and prolific cyber operations capabilities. Two of the countries targeted the earliest with cyber operations also happen to be the ones that now have major cyber forces: Iran and North Korea.

• Exclusive: Palo Alto chose not to tie China to hacking campaign for fear of retaliation from Beijing, sources say

  • This is the type of stuff that should absolutely kill a cyber threat intelligence business. If you’re not here to be truthful about threats, then you’re actively helping the state. Congrats, Palo Alto Networks, you now support the Chinese Communist Party.

• His Excellency General Sar Thet is highly determined and orders the National Police Force to eradicate online scams from Cambodia

  • Cambodia is doing a big crackdown on scam compounds.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Share

Editor Notes:

• Thank you to those that filled out the Cyber News Rewire survey! Respondents favored releasing the Rewire on Monday, which will be the release day going forward. The survey will remain open and I will share it periodically.

• I had my wisdom teeth removed last week, so this Rewire and next might be a little light side as I recover.

Leave a comment

Share

Canadian News

• Canada Is Building a Surveillance Network in Space

  • The great Wesley Wark discusses how and why Canada is developing surveillance satellites to reduce dependence on allies and increase Canadian sovereignty and situational awareness. Cyber security for satellites is increasing in importance and remains a major gap area for protections compared to other areas. Over the last few years as attacks have increased, things have improved, but satellites of all types are increasingly becoming a lynchpin for militaries. People are growing aware and things are shifting towards the better, but we’re barely making progress.

• WhatsApp releases account feature that looks to combat spyware

  • WhatsApp is a common vector for attacks, so anything to improve security in encrypted messaging apps is good.

• ‘Chilling’ hacking network is targeting vulnerable children, charity warns

  • This is an article focused on the UK, but the group discussed here (The Com) is also targeting Canada and Canadians. One of the worst, most despicable threat actors whose members often targets children for extortion and to show off.

• AI and Digital Defence: Canada Among the Global Elite

  • “A Canadian Army team attended the event and showcased their AI-powered cyber defence system, which earned first prize at the NATO TIDE Hackathon in France earlier this year.”

  • This is cool stuff, but I believe this is a prototype and not in widespread use yet. There is a mention of CloudTAK, a cloud-based tactical network, which started in a similar small testing and now is in pretty widespread use.

• Building with AI is now the “price of admission” for software startups, Inovia report says

  • AI for the sake of AI is leading to the creation of a bubble. Yes, AI can produce great things with productivity gains. However, this is not a given. Not all AI products are made the same and there is a lot that really sucks. And even amongst the models that do work well, their application are very narrow and there remains a lot unintentional errors in LLM. This will produce more bad than good.

• Earth is full of power-hungry data centres. Is shooting them into space the answer?

  • No. Full stop. This is a hole to waste money and time. Data centres in space would be more expensive and have far less capacity. All you’re doing is creating more congestion in orbit.

• Substack data breach exposed users’ emails and phone numbers

  • Our emails and phone numbers were stolen in a Substack data breach. It sounds like this was data scrapping and login credentials and financial information was not obtained, but the information obtained could still enable criminals to commit fraud.

• AniSoft Group Inc. Secures Cybersecurity Attribution Data Centre Contract with the Canadian Institute for Cybersecurity

  • A major part of Canada’s latest National Cyber Security Strategy was to provide Cyber Attribution Data Centre (CADC) at the Canadian Institute for Cybersecurity (CIC) at the University of New Brunswick. The government is providing $10 million over 5 years to fund this project, which I hope is the start of things as the CADC has potential to do global good. The idea behind the CADC is to collect and analyze data on cyber attacks to improve the attribution and our collective understanding of cyber attacks.

• Nearly 1,300 customers affected by Canada Computers data breach, company says

  • More developments on this story. 1,300 customers affected by card skimming, which feels like a low estimate for a national brand whose website was affected during the holidays.

• Y Combinator reverses decision, will invest in Canadian-domiciled startups again

  • This decision is quite confusing. Y Combinator president claims the move was because all its top-performing Canadian companies reincorporate in the US. Yet, he also claimed that they weren’t saying “not saying Canadians should leave Canada,” just that “Where you are incorporated increases your access to capital. That’s it.” In other words, they got a lot of heat and are backpedaling due to their decision. For people with a lot of access to capital, they seem to lack a spine like most American corporations at the moment.
    
    This should be a wake up call for the Canadian ecosystem to build the means to bring capital to Canada, not to authoritarian states.

• N.B. government will no longer use X after child and youth advocate raises concerns

  • New Brunswick shows that it cares more about stopping deep fake child sexual pornography than the federal government as Minister of AI Evan Soloman still proclaims his love for the platform that produced deep fake child pornography for profit.

• Insider risk — Security starts with you

  • DND releases article on insider threat/risks. Cyber threat actors, particularly ransomware, are increasingly looking for insiders to provide them access in exchange for a kickback.

• Ransomware Threat Outlook 2025-2027

  • “We assess that threat actors carrying out ransomware attacks impacting Canadian organizations are almost certainly opportunistic and financially motivated. All Canadian organizations, regardless of size or sector, are at risk of being targeted by ransomware. In addition to impacting the infrastructure, data, supply chain, and operations of organizations, a ransomware attack can also impact Canadians’ livelihoods by disrupting the critical services they depend on.”

  • Canada continues to be a favorite target for ransomware operators. Like all other threat actors, they’re now using AI tools as well.

• The quantum era is coming. Are we ready to secure it?

  • Quantum technology is advancing quite steadily. We will see the slow integration of quantum sensing and related technology in the next 5 years, which will increasingly risk cyber security long before quantum computers will be worthwhile.

• Canada’s digital sovereignty dilemma

  • Honestly, not a great article (it’s really just the opening for a newsletter), but summarizes a lot of the variables. What is missed from this is how a lot of the standing Canadian policies on digital sovereignty does not even ensure Canadian digital sovereignty in the first place. As long as the software, infrastructure, or anything used is owned by a US corporation, it risks Canadian sovereignty as it forces the corporation to turn any data over to the United States due to a “criminal investigation.” The corporations will claim they it doesn’t “force” them, but it does if they do not decide to fight it in court. It thus means that you have to trust the United States judicial system to treat this accordingly and that the corporation will refuse and fight it. I will then ask you if you trust the current United States justice department and United States-based corporations?
    
    If you do, then I have a million dollar idea to sell you, you mark.

• ISED releases Summary of Inputs for Canada’s next AI Strategy

  • Results aren’t too surprising. Businesses want unfettered investment and growth without a care of how AI impacts anyone but them, whereas public institutions wants a coordinated response that regulates AI to offset the negatives. With Evan Soloman at the helm, we are likely to see things lean towards doing whatever businesses want and ignore the major negative impacts on the rest of society. I’ll be shocked if anything rational and nuanced is done comes out of this government on AI.

• A Defence-focused Red Team Hack-a-Thon will be taking place at University of British Columbia begins March 7

  • A very interesting event coming up. There’s been an explosion of hack-a-thons over the past year, especially focused on defence. This might be the first red team-focused one I have seen, or at least advertised.

Canada Cyber Threat Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Notepad++ Hijacked by State-Sponsored Hackers

  • Hosting provider was compromised leading to Notepad++ being attacked. They have since changed hosting providers. Another supply chain attack, which attempted to hijack the update process for older versions of Notepad++. Suggests that it was a Chinese APT, which is not a surprise based on the TTPs.

• Russian hackers exploit recently patched Microsoft Office bug in attacks

  • When we are all dead and gone, the only thing that will remain are Microsoft Office bugs and exploits.

• Wave of Citrix NetScaler scans use thousands of residential proxies

  • Citrix is often targeted by cyber threat actors due to its use by so many businesses. Scanning on this scale means a well resourced threat actor, which GreyNoise is specifically calling this an indication for pre-exploitation.

• Lakelands Public Health: Infectious disease data safe from cyberattack, Ontario public health unit says

• Qilin Ransomware Strikes Ontario Workers Health & Safety Centre

• Canadian Centre for Cyber Security: Security considerations for edge devices

  • As the United States pulls edge devices, CCCS has released a guidance document with international partners on how to protect edge devices.

• Flickr discloses potential data breach exposing users’ names, emails

  • DND/CAF use Flickr quite a bit, so I hope this is on their radar. Looks like logins are safe, but still a decent amount of details captured that could enable fraud or phishing.

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Research and Op-Eds

• Max Smeets’ Keynote at Black Hat Europe 2025 (60 minute keynote talk)

  • Max Smeets is the best political scientist researching cyber conflict today. Anything his name is attached to is worth a read/listen/watch.

• China’s Intelligence Community: An Overview

  • Over the last decade, China has completely reorganized its military and intelligence communities, including how it uses cyber operations. This reorganization, along with major investments into building an offensive security industry, has contributed to China’s massive success with cyber operations in the past 6 years. If you thought China was prolific in industrial espionage in the 90s, that has nothing on what they’re doing today.

• How European and allied cybersecurity strategies are shifting from defence to offence

  • The shift from pure defence to incorporating offensive is because only relying upon defence means you’re allowing threat actors the initiative to constantly attack you without stopping their means to constantly attack you. Western countries are still trying to figure out how to scale their offensive operations because it is difficult skill to master, but also Western countries primarily relegate offensive operations to their signals intelligence organization and military, which is often difficult to recruit individuals for because the private sector pays so much more and the heavy restrictions as a government employee or military member is a hard sell. (I am literally finishing my dissertation on this, so I could talk all day about this.)

United States News

• StopICE App blames hack on “a CBP agent here in SoCal.”

  • StopICE, an app that helps Americans track the location of US ICE raids has had a security breach, which they have blamed on a Customs and Border Protection agent. This is part of a series of attacks by partisan hackers on apps or websites that helps Americans track the activities of ICE.

• NSA Releases First in Series of Zero Trust Implementation Guidelines

  • Something I missed from last month. The NSA is released a series of guides on zero trust architecture, which is essentially becoming the default architecture for all networks.

• Exclusive: Pentagon clashes with Anthropic over military AI use, sources say

  • This is how the United States will continue to have significant control and influence over Canad. By relying upon United States technology and corporations, the United States’ continued descent into authoritarianism risks compromise a lot of information and communications technology. The United States’ support of science denialism and attempt to control what chat bots says will mean that AI LLMs and others which adhere to these principles of denialism and lies cannot be trusted and will ultimately make those who use them dumber.

• Tulsa, Okla., Airport Tech Teams Contain Ransomware Attack

• Panera Bread breach impacts 5.1 million accounts

• FCC urges telecoms to boost cybersecurity amid growing ransomware threat

  • Telecoms in North American, including Canada, are increasingly targeted by cyber threat actors, particularly China’s Volt Typhoon. Despite what Canadian telecoms will lie telling you, they have been victims of these attacks.

• FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled

  • Lockdown mode was originally developed to prevent remote access spyware, but increasingly is shown to help prevent authoritarian regime thugs from accessing a journalist’s phone they physically have.

• Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes

  • The #1 target for cyber operations during a conflict are air defences. This has been happening for over 20 years. The earliest public one we know of is Israel taking down Syrian air defenses when they bombed their nuclear facilities.

• Department of Defense Establishes CYBERCOM 2.0 - Revised Cyber Force Generation Model

  • DOD releases implementation overview for CYBERCOM 2.0 with three pillars: domain mastery; specialization; agility. Some interesting stuff in this plan, but will like save it for a research article to unpack for implications for Canada/CAFCYBERCOM. Won’t affect Canada much, but may influence future CAF cyber force development.

• ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are

  • This is the case for a lot of this type technology and cannot be trusted, just like the people using it.

• BOD 26-02: Mitigating Risk From End-of-Support Edge Devices

  • CISA issues binding order for the removal of edge devices that are no longer supported by the developer. Edge devices refers to networking devices on the outer “edge” of your network that

• Penn’s October data breach impacted fewer than 10 people, despite hackers’ claims it was 1.2 million

  • I really like this article because it highlights something that all ransomware groups do: lie. They’re going to lie to you about how bad the attack is, they’re going to lie that there’s nothing you can do, they’re going to lie that they’ll unlock everything if you pay. The criminal will say and do anything to do a payment from you.

    If worse case scenario happens and you are hit with ransomware with a criminal that wants to negotiate, listen to WOPR: The only winning move is to not play. (If you don’t understand this reference, I recommend watching the historically important hacking movie of WarGames.)

    

• Homeland Security is trying to force tech companies to hand over data about Trump critics

  • This is precisely why you cannot trust US-based corporations at the moment when they claim they will not just hand information over to the government. The United States government is already abusing the system to request information on its citizens. They will have even less qualms in demanding non-citizen data if they deem it necessary. There is no “but,” this is a United States administration actively seeking to break or stretch the law in ways it was not intended to intimidate, threaten, and turn the United States into an authoritarian state. This will only get worse.

• US military used new ‘non-kinetic’ cell to guide cyber ops during Maduro capture

  • Similar groups have been used before at lower operational and tactical levels, so it is not surprised there is now one at the Pentagon for strategic and operational oversight of the whole of the forces to help guide. Western militaries overall are moving in this direction, particularly with Cyber Electromagnetic Activities (CEMA) which is the overlapping functions and use of cyber and traditional electronic warfare capabilities. This is a big reason why CAFCYBERCOM has charge of cyber and electro-magnetic capabilities, with eletro-magnetic being a big area for attention to grow right now based on learned experiences from Ukraine.

• Payments platform BridgePay confirms ransomware attack behind outage

  • What would happen if a similar attack targeted Interac in Canada?

European Union & United Kingdom News

• Ukraine to share wartime combat data with allies to help train AI

  • The future of warfare is in big data analytics and AI/ML. Not surprising Ukraine is attempting to leverage this. I am more surprised it took them this long and I hope they receive a lot of money for this data.

• Fancy Bear Exploits Microsoft Office Flaw in Ukraine, EU Cyber-Attacks

  • Fancy Bear is a Russian military cyber unit. Good to keep in mind that Russia continues to focus is cyber activities on Ukraine, which faces

• Nobel Committee says Peace Prize winner likely revealed early by digital spying

  • “And while financial bets were placed, it was not known whether the ultimate purpose was to profit from the incident or to inflict damage to the credibility of the prize”

  • They seem to be suggesting they either think the hack is linked to polymarket betting or a state actor conducting a hack and leak operation. Either is a major possibility. I can definitely see both of them being likely, but the financial aspect seems the most likely.

• Police Raid Elon Musk’s X Paris Office in Criminal Probe

  • French police raid Twitter (X) offices in France as part of investigation into systematic, authorized production and profiting from Child Sexual Abuse Material (CSAM) by Grok and other alleged crimes.

• France releases National Cybersecurity Strategy

  • I am not too familiar with specifics of French policy, but I do like this strategy. However, reading it makes me depressed about just how bad Canada’s most recent National Cyber Security Strategy is and how much we lost out and continue to lose out from the Canadian government treating cyber security as a tertiary issue.

  • Ukraine hails ‘real results’ after Musk restricts Russian Starlink use

    • After reports that Russia was using Starlink for drones, an update was pushed to prevent the use of starlink on vehicles moving faster than 75 km/hr.

• Danish Defence Intelligence Service open applications for its Hacker Academy

• Italy claims cyberattacks ‘of Russian origin’ are pelting Winter Olympics

  • Olympic Destroyer 2. Russia targeted the Japan Olympics a few years ago as well.

• One of Europe’s largest universities knocked offline for days after cyberattack

  • La Sapienza in Rome hit with ransomware. Everyone is a target, especially public institutions. Invest in cyber security or you’re next.

• Rebooting the UK’s Cyber Strategy

  • A good write up about the UK’s new cyber strategy.

  • “The paper calls for bold action to address market failures, enhance resilience and ensure the UK is prepared to tackle evolving cyber threats. It provides a roadmap for policymakers to protect critical infrastructure, secure economic growth and safeguard national security in an increasingly uncertain global landscape.”

• Commission responds to cyber-attack on its central mobile infrastructure

Other International News

• In 2024 we traveled to the Chinese city of Chengdu to find follow the trails of three APT groups: I-Soon, No Sugar Tech, Chengdu404 and Sichuan Silence.

  • A fascinating read of individuals traveling to Chengdu, China to do site visits to Chinese APTs.

  • Full write up here:

NetAskari

Chasing Chengdu404, Sichuan Silence....and NoSugar Technology !?

In the recent months, there was quite some flurry around Chinese Cyber Security companies. Some spectacular operations around infiltrating the United States telecom networks, corporate firewalls of the company Sophos and other bigger and smaller breaches have woken Washington from its slumber on Chinese offensive cyber operations. Who knows if the atten…

Read more

a year ago · 1 like · NetAskari

• Cyberattack in Senegal: DGID targeted by Black Shrantac group

  • Major attack on Senegal’s government

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Media of the Week

Credit to the TLDR newsletter team at Wealthsimple for this. Media literacy has grown more important over the last 30 years, but it has not kept up pace with the breakdown of our information space that continues to be degraded with mis/disinformation and toxic, bad actors. Canada is not immune to this and it continues to get worse.

Editor Notes:

• We are hitting the head of the first month of the revival of News Rewire. I have created a short survey to help determine when the best day to release the News Rewire. I have been releasing the News Rewire on Saturdays, but want to hear from you if I should change this: Take the survey here.

• It appears amid resolving my DNS issues my email got disrupted, so if you sent me an email this past week please resend.

Leave a comment

Share

Canadian News

• Canada’s political parties want to be exempt from provincial privacy laws

• Russian military intelligence hackers likely behind December cyberattacks on Polish energy targets, researchers say

• Vancouver-based Hootsuite CEO says ICE contract will stand as long as agency honours terms and conditions

• Calian Mobilizes Initial $100 Million to Accelerate Canada’s C5ISRT Defence Capabilities

  • Calian outlines new $100 million platform to bolster Canadian defence businesses

• Y Combinator is no longer investing in Canadian startups

  • “YC now only backs firms registered in the U.S., Cayman Islands or Singapore, according to its standard deal terms. Canada was previously listed as an acceptable jurisdiction, but was removed in November 2025.”

• Ottawa is subsidizing a tech firm that provides wiretapping tools to ICE

  • “In December, the Canadian government gave $1 million to Ottawa’s JSI Telecom to commercialize AI-driven data analytics. JSI, a wiretaps and investigation support firm, had a banner year in U.S. government sales in 2025, including a big new contract with ICE.”

• Major Canada Computers Breach: Customers Warned to Cancel Cards

  • A classic case of someone trying to report a breach or cyber security problem to the company, but being ignored until the individual goes public.

• How to encrypt your PC’s disk without giving the keys to Microsoft

• Parliamentary petition to require secure coding in federal software

  • I signed it and so should you.

• Canadian Cyber Security Network released its State of Cybersecurity

  in Canada report.

• Cybersecurity bill won’t be used to kick people off internet, minister says

• Canada deal on Chinese EVs shows trade ‘trumped national security’: experts

  • If you’re so concerned about Chinese EV cyber security, then you should be just as concerned about North American vehicle cyber security. It’s not just a Chinese EV problem, it is almost all new vehicles with digital systems. In fact, this is really an internet of things problem.

• Canadian Centre for Cyber Security releases Ransomware Outlook 2025 to 2027

• Canada–Japan Keihanna Global Acceleration Program—Spring 2026

  • “The NRC IRAP, in partnership with Japan’s Keihanna Research Complex, is pleased to invite Canadian small and medium-sized enterprises (SMEs) to submit an expression of interest to participate in a 5-minute pitch event to seek co-innovation partnerships with world-class Japanese corporations. Selected Canadian SMEs may be invited to meetings in Osaka, Japan, to solidify their partnerships with interested Japanese corporations.”

• Why it’s so hard to get a tech job in Canada right now

  • “Layoffs and a hiring slowdown have combined to create nightmarish conditions for some job seekers in the Canadian tech sector.”

  • It is not going to get easier anytime soon. Training academies/schools are already going under.

• Manulife says your life insurance isn’t important enough to be reviewed by human

• Massive AI Chat App Leaked Millions of Users Private Conversations

• More criminals are using AI for ransomware attacks, cybersecurity centre warns

• Rachel Clark is taking on cybersecurity’s scalability problem

• Catalyst Executive Director, Charles Finlay flags US interference concerns, urges security and speed in Al adoption

  • Original paywalled article here

• Digital Government Leaders Summit 2026: Working together for a better tomorrow

• Linus Tech Tips: Explaining the RAM Crisis in 60 Seconds

• Payment processors were against CSAM until Grok started making it

• Canada’s cybersecurity startups have no room for error

• House of Commons Standing Committee on Public Accounts holds hearing on the 2025 Auditor General Report on Cyber Security of Government Networks and Systems

  • I plan to write an overview/analysis of this meeting in February.

• CCCS Head Rajiv Gupta: Cyber crime and ransomware becoming ‘most impactful’ threat to Canadians

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Canada Cyber Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list the Canadian Centre for Cyber Security’s (CCCS) alerts here, not all advisories; follow the full feed here.

• Hackers Use ‘rn’ Typo Trick to Impersonate Marriott in New Phishing Attack

• Clop ransomware group claims to have targeted multiple Canadian entities

• Microsoft Office Zero-Day (CVE-2026-21509) - Emergency Patch Issued for Active Exploitation

• Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088

• Hackers Say They’ve Hacked Match Group, Maker of Hinge, OkCupid

• Wave of ShinyHunters vishing attacks spreading fast

• CCCS Alert - AL25-019 - Vulnerabilities impacting Fortinet products - FortiCloud SSO Login Authentication Bypass - CVE-2025-59718 and CVE-2025-59719 - Update 2

• Aisuru botnet sets new record with 31.4 Tbps DDoS attack

• eScan confirms update server breached to push malicious update

  • Major supply chain attack.

Research and Op-Eds

• Volt Typhoon’s long shadow - IISS

  • Volt Typhoon is one of the top cyber threats to Canada

• The Primes Aren’t the Real Bottleneck in U.S. Weapons Production - War on the Rocks

  • Although this is focused on US weapons production, a lot of its discussion applies to Canada. HOWEVER, I dislike the framing of this as if there is no issue with the primes. There is blame to go around to everyone in the defence industry.

• Rethinking TikTok Regulation in Canada - CIGI

  • Policy Brief by Matt Malone and Oren Tsur

• The Trump Administration’s Cyber Strategy Fundamentally Misunderstands China’s Threat - Council on Foreign Relations

  • New US cyber security strategy is likely to emphasize offensive cyber operations.

• Is America’s Cyber Weakness Self-Inflicted? - War on the Rocks

  • I love this article, a must read.

• Canadian Data Protection and Cybersecurity in an Era of Diminishing North American Cooperation

  • A good policy brief by two Balsillie School MA students.

United States News

• DISA moving out on Mission Network-as-a-Service effort in 2026

  • “DISA will prioritize an effort to unify all of the combatant commands’ networks worldwide into a single, cloud-based platform to improve security and interoperability.”

• 5 things to know about the TikTok deal

• The Chair for the Subcommittee on Cybersecurity and Infrastructure Protection of the House Committee on Homeland Security sent letters to LinkedIn, Amazon Web Services and Palo Alto Networks to testify on threats of North Korean IT workers.

• US Treasury Cancels Contracts with Booz Allen Hamilton

  • “Booz Allen failed to implement adequate safeguards to protect sensitive data…” Data breach cited as reason for US Treasury to cancel all current contracts with Booz Allen Hamilton.

  • Theoretically a similar action could happen against a company under CPCSC where a company could lose all their contracts based on a singular failure.

• Amazon’s internet-beaming satellites are bright enough to disrupt astronomical research, study finds

• Salesforce lands $5.6B Army contract for data analytics, cloud capabilities

  • The three key technologies for future US and CAF military operations are cloud, data analytics, and AI/ML.

• Trump’s acting cyber chief uploaded sensitive files into a public version of ChatGPT

• Pentagon leaders expect Cybercom 2.0 to help thwart Chinese actors ‘living off the land’

• Google Aims Knockout Blow at Chinese Company Linked to Massive Cyber Weapon

• Software stocks fall premarket as Microsoft and SAP results weigh

  • “Software shares fell sharply in premarket U.S. trading Thursday after updates from Microsoft and SAP raised fresh questions about the durability of cloud and AI spending.”

• Here is the User Guide for ELITE, the Tool Palantir Made for ICE

• Silicon Valley’s Favorite New AI Agent Has Serious Security Flaws

European Union & United Kingdom News

• UK plans sweeping overhaul of policing amid surge in online crimes

• Saudi Arabia ordered to pay £3m to London dissident over Pegasus spying

  • Pegasus spyware is a particular favorite amongst authoritarian governments

• Russian Attack on Polish Power Sector

  • New DynoWiper Malware Used in Attempted Sandworm Attack on Polish Power Sector

  • Attack Against Poland’s Grid Disrupted Communication Devices at About 30 Sites

  • Polish Grid Systems Targeted in Cyberattack Had Little Security, Per New Report

• China hacked Downing Street phones for years

• Dutch cloud service “within reach”; MP’s demand gov’t action amid U.S. concerns

• The UK paid £4.1 million for a bookmarks site

  • I was waiting for a good article on the UK’s AI Skills Hub debacle. I feel like this encapsulates it well.

• UK leaders warned country risks ‘absorbing’ cyber and hybrid attacks without offensive deterrence

• Data breach: FRANCE TRAVAIL fined €5 million

  • France’s data protection authority fines France Travail, the French government agency responsible for assisting unemployed with financial assistance and finding employment.

Other International News

• Ghana to establish first cyber and electronic warfare centre - President Mahama

• Jordan’s king Orders three-Year military restructuring, focus on cyber and AI

• Starlink in Europe – US satellites, EU security, and space sovereignty

• Sri Lankan Police Report Surge in Cybercrime as Hundreds Arrested Nationwide

  • As global economies continue to fracture and poverty increases, we will see an increase in cybercrime due to its low barrier to entry and the increasing prevelance of AI tools that make it even easier to do.

• He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive

• Apple, Nvidia, and Tesla confidential files allegedly exposed in supplier breach

• France to ditch US platforms Microsoft Teams, Zoom for ‘sovereign platform’ amid security concerns

• Experts Detect Pakistan-Linked Cyber Campaigns Aimed at Indian Government Entities

• Latvia says Russia remains its top cyber threat as attacks hit record high

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Q&A

Every week, I will answer any questions that I receive through the Weekly News Rewire Slido here. Slido allows readers to anonymously submit questions they would like answered.

Editor Notes:

• I am increasingly thinking I should create a specific United Kingdom/EU section. If you would like me to do so, feel free to leave a comment.

• I am working to resolve some issues with my DNS and domain name, so if you have issues accessing Canadian Cyber in Context, you can always reach it at canadiancyber.substack.com

Leave a comment

Share

Canadian News

• Vancouver-based Hootsuite could receive up to $2.8 million USD for contract with US immigration enforcement (ICE)

• NGen is hosting the Canada Pavilion at Hannover Messe 2026.

  • Hannover Messe is one of the world’s largest industrial trade fairs that includes a lot of cyber security and emerging technologies.

• Prime Minister Carney forges new strategic partnership with the People’s Republic of China focused on energy, agri-food, and trade

  • Joint statement of the Canada-China Leaders’ Meeting

  • A few mentions of technology and exchanges including “digital content creators”

• Prime Minister Carney secures new partnership with Qatar to increase trade, investment, and defence cooperation

  • Prime Minister Mark Carney of Canada and Amir of Qatar His Highness Sheikh Tamim bin Hamad Al Thani commit to deepening bilateral engagement and economic cooperation

  • Among the bilateral agreements signed is a Memorandum of Understanding for Cooperation in the Field of Information Technology

• Military Cyber Security Operations Course officially begins in Manila, Philippines

  • Additional social media coverage: #1, #2

    

• Canada’s pension plan invested $416 million in Musk’s deepfake porn-generating AI

• Infrastructure failure and cybersecurity threats top list of risks for City of Calgary

• Data Privacy Week 2026: Prioritizing privacy by design

• Shared Services Canada hit with major layoffs among federal government layoffs

  • Digital services and cyber security are often one of the first to receive funding cuts regardless of if it is government or private sector.

  • Public service job cuts will be ‘minimal’ in procurement and contracting roles, says PSPC

• CSE breached law by directing actions at Canadian: report

  • The National Security and Intelligence Review Agency determined that CSIS providing a Canadian’s information to CSE to analyze for foreign intelligence was a breach of the law because CSE’s action still targeted a Canadian (via their information).
    
    This makes sense legally, but I worry about the potential gaps in Canadian intelligence this reveals. If I understand this right, theoretically what could have happened here is CSIS obtains a warrant on a Canadian that is spying on behalf of a foreign power, but because they are still a Canadian, CSE cannot use anything obtained from that individual to analyze the role of the foreign power involved because this would still involve CSE targeting a Canadian. Little is known about the case other than CSIS had a lawfully obtained warrant against the Canadian, which is allowed under CSIS’ mandate, so this is all speculative but does suggest that Canada’s intelligence services may have gaps in their cyber capabilities if they are unable to cooperate with CSE in such a manner.

• Experts say 6G networks still years away, but Canada’s already preparing for the technology of the future

  • Canada and a lot of Western countries learned the lessons of 5G where China strategically ensured that it had an advantage by putting a lot of investment into developing and formalizing 5G. This gave Chinese firms like Huawei an advantage by aligning industry to deploy 5G earlier than many Western telecom companies.

• Dominon Dynamics opening factory in Ottawa, Ontario Canada

  • Dominion Dynamics is a new Canadian defence firm focused on developing C4ISR/sensing technology for Canada’s North and Arctic.

• TikTok Is Now Collecting Even More Data About Its Users. Here Are the 3 Biggest Changes

  • “According to its new privacy policy, TikTok now collects more data on its users, including their precise location, after majority ownership officially switched to a group based in the US”

    I would normally put this in the US section, but it’s likely this affects Canada as well.

• Tanium and Computacenter Partner to Secure for Government of Canada’s Endpoint Visibility, Awareness and Security (EVAS) program

  • This is the program CSE/SSC will be using for better network visibility and identify where they need to deploy more of CSE’s sensors.

• Federal Court sets aside TikTok Canada shutdown order

• Government plans to bring forward online harms bill, AI minister says

Have your business and logo featured in Canadian Cyber in Context with a sponsorship.

Canada Cyber Watch

While not all attacks are reported or receive media attention, any notable or open-source cyber attacks on Canadian organizations and any relevant cyber threat intelligence to Canada will be posted here. I only list Canadian Centre for Cyber Security’s (CCCS) alerts here and not all advisories, follow the full feed here.

• Grubhub confirms hackers stole data in recent security breach

• Detailed Analysis of LockBit 5.0

  • “The update from LockBit 4.0 to 5.0 significantly enhances analysis evasion and attack efficiency.”

• New Phishing Campaign Targeting LastPass Customers

• Arctic Wolf Observes Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts

  • Threat actors are bypassing Single Sign-On (SSO) creating their own admin account for future access and stealing the device’s current configuration file. Fortinet patched the bug in December but now says the vulnerability continues to be exploited in the newer firmware.

• Cisco Unified Communications Products Remote Code Execution Vulnerability

• China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusion

  • Focused on critical infrastructure in North America

• Hackers Use LinkedIn Messages to Spread RAT Malware Through DLL Sideloading

• Alert - AL26-002 -Vulnerability affecting GNU Inetutils Telnetd - CVE-2026-24061

Research and Op-Eds

• Le Canada se voit-il vassal ou souverain? (Does Canada see itself as a vassal or a sovereign?)

  • Although not directly talking about cyber, information and communication technologies is at the heart of this discussion due to US dominance in this space.

• Center for Counter Digital Hate: Grok floods X with sexualized images of women and children

  • “Grok generated an estimated 3 million sexualized images, including 23,000 of children, based on our sampling.”

• Silverado Policy Accelerator: China’s Global Exports of Rare Earth Elements and Rare Earth Permanent Magnets

• Reflectiz: The State of Web Exposure 2026

  • According to the report, based on an analysis of 4,700 leading websites, 64% of third‑party applications access sensitive data without legitimate business justification

• Globe and Mail Opinion: Your e-mail to your co-worker might pass through the U.S. before returning

  • Byron Holland is the president and chief executive of the Canadian Internet Registration Authority, which manages the .CA domain.

United States News

• Microsoft Gave FBI Keys To Unlock Encrypted Data, Exposing Major Privacy Flaw

  • This needs to be a major wake up call for Canada. “A valid legal order” increasingly does not mean much in the United States, but American corporations are complying in advance.

• Anchorage PD Proactively Monitoring Third-Party Service Provider for Cybersecurity Incident

• Jordanian Man Admits Selling Unauthorized Access to Computer Networks of 50 Companies

• U.S. cyber chief nominee warns Congress of Chinese pre‑positioning in critical infrastructure

• China May Have Accessed U.S. Supercomputing Resources To Fuel Its Military Modernization Efforts

• United States National Defense Strategy 2026

  • There is very little on cyber, largely boilerplate stuff. The only thing that really stood out was what I included before. Department of Defense “will also develop other options to deter or degrade cyber threats to the U.S. Homeland.” Is very interesting and vague wording.

The United States is expected to release a National Cybersecurity Strategy in 2026, so we’ll hold out for that.

International News

• New Zealand: ManageMyHealth Breach Exposes 126K Users

• Germany: More storage, more monitoring, more hacking

  • Germany’s Federal Intelligence Service is seeking to develop more cyber capabilities to become more independent from the United States and allies.

• Georgia Probes How Russian Gas Purchase Details Appeared on Government Website

• X still allowing users to post sexualised images generated by Grok AI tool

• Brussels in move to bar Chinese suppliers from EU’s critical infrastructure

• Chinese AI Developers Say They Can’t Beat America Without Better Chips

  • The race for computing power will increasingly run into hardware bottlenecks. This is already affecting memory costs and the increasing politicization of chips and hardware amid the chip wars and will continue to increase tensions between China and the United States.

• Spanish power giant sparks breach probe amid claims of massive data grab

• Cyberattack on Iran state TV’s satellite transmission to broadcast exiled crown prince

• Television broadcasts hacked in Iran: ‘Continue your struggle. Freedom is closer than ever’

  • This is not to say it isn’t Iranian hackers, but Israel and the United States like to pretend to be hacktivists in Iran to target the government.

• Under Iran’s internet blackout, SpaceX’s Starlink is a lifeline — if it can stay online

• Everest ransomware gang said to be sitting on mountain of Under Armour data

• Parliament tells Dutch gov’t to keep DigiD data out of American hands

• Everest Ransomware Claims McDonalds India Breach Involving Customer Data

• Overrun with AI slop, cURL scraps bug bounties to ensure “intact mental health”

• Asking Grok to delete fake nudes may force victims to sue in Musk’s chosen court

• Cyberattack Targeting Poland’s Energy Grid Used a Wiper

• UK and China Set Up Forum on Cyberattacks to Lower Tensions

  • China is increasingly exhibiting an openness to communicate about cyber operations as part of its broader strategy.

Q&A

Every week, I will answer any questions that I receive through the Weekly News Rewire Slido here. Slido allows readers to anonymously submit questions and vote on those they would like answered.