Canada prides itself on being a cultural mosaic, but sometimes I wonder if that presentation is a marketing ploy designed to protect something that we don’t like to think about: silos. Coming out of education, I am amazed at how engrained we are in our siloed and inefficient regionalism. That fixation on doing everything locally comes from Canada’s relatively recent formation, and its colonial past. Canada is the only developed country in the world that doesn’t have an education strategy or any mechanisms for protecting students from regional extremism.
What does this have to do with cybersecurity you ask?  When it comes to the digitally connected world we live in, Canada offers a glorious opportunity. Every edge between siloed regions is an opportunity, every gap a needless extension of the attack surface. By not coordinating resources and aligning them together, Canada offers cyber criminals and foreign powers opportunities that they can’t resist. This lack of central coordination also means that poorer regions lack the resources they need to participate in digital transformation safely. This doesn’t stop them from doing it though because you can’t ignore digital advantage in 2024.

If your neighbors have insecure education, health, and critical infrastructure thanks to this ‘mosaic’, you end up with even more cybersecurity headaches because you have to treat everyone around you as a potential threat which further exacerbates Canadian regionalism. In my travels I’ve seen numerous government, industry and NFP organizations trying to resolve this deeply ingrained cultural practice, but since this is Canada they all compete with each other rather than collaborating, even if they are federal!

If you’re a tightly coordinated foreign power, this fractured digital landscape is a wealth of opportunities. You can easily push political arguments that further fracture any sense of Canadian identity thanks to Canada’s lax privacy and online information laws. A strategic approach to this disorganization would dismantle Canadian news media and render the country incapable of understanding itself through any credible local source – which is what has happened.
We sometimes forget that the internet is much like international waters, but those sailing these digital waters enter everyone’s thinking and break down social expectations of mutual support. In Canada, with its already fractured sense of self, this causes problems that more cohesive countries don’t face. From cyber criminal groups to state funded cyber-military units, everyone is online ensuring their interests, often at Canada’s expense. Only Canadians seem unaware of this.

Imagine being asked to digitally secure public internet connected critical infrastructure, government services or businesses in Canada in this situation. Thanks to foreign interference, you can expect political extremists to threaten cuts to support this work. Thanks to lax privacy laws you can expect everyone to hide incursions into their systems rather than reporting them and working together to resolve them. Thanks to a lack of national strategy and coordination, you can expect many neighbouring Canadian organizations to have wildly different qualities of approach to cybersecurity. You can also enjoy watching random influencers invade the Canadian cybersecurity space with questionable products and backgrounds thanks to a lack of oversight.

How do we make a siloed culture that has been centuries in the making (one that is particularly vulnerable to the caustic global digital network) cyber secure? We begin by working together and closing gaps. If Canada has core infrastructure that is open to cyberattack (and boy, does it!), we must leverage the strategic oversight of the federal government with regional provincial governance to produce a coordinated response. This does not mean partnering over and over again with your alma mater in order to create competitive programs with another program doing the same thing. It means building collaborative opportunities that leverage the expertise and agility of industry with the research prowess of many post-secondary organizations supported by the inclusive strategic awareness of the government. Perhaps most importantly, this approach must work with grass roots professionals in the field of cybersecurity (if they are willing to be collaborative rather than self serving) and design a defence from the ground up. Self-serving approaches should find themselves out in the cold.

When I see individual school boards in Ontario all doing the same privacy and cybersecurity auditing over and over again (with varying levels of expertise and effectiveness) in order to establish whether a software is secure and safe for children to use, I shake my head at the wastefulness of it all. With a bit of oversight and organization we could provide safe, accessible technology for students provincially and nationally. Instead Canadian education institutions are constantly being breached (though most hide it).

When I see municipal governments struggling to create cybersecure systems with limited resources, I wonder why people up stream from them in provincial and federal positions offer them funding rather than organization and collaboration. This is another area where a coordinated network of cybersecurity professionals could help. If governments don’t have the cyber-talent they need, many academic and industry partners would be happy to assist. This isn’t entirely altruistic. As mentioned earlier, we are stronger together. A united Canadian cybersecurity front that is inclusive, collaborative and intent on best practices with credible partners would be a force to be reckoned with. That Canada wouldn’t be the cyber-punching bag of the world.

Our country is often seen as technically advanced but disorganized by the international community. It will take a coordinated effort to overcome our historical predilection for regionalism, but if we can master that urge, we might just establish Canada as a world leader in cybersecurity.