Standing On Guard For Thee: Canadian Centre For Cyber Security Releases Cyber Threat Assessment And Guidance For Critical Infrastructure

On October 29, 2024, the Canadian Centre for Cyber Security (the Cyber Centre) released flagship guidance for critical infrastructure sectors (the Guidance).  The following day, the Cyber Centre published its 2025-2026 National Cyber Threat Assessment (the Cyber Threat Assessment).  These two publications are complementary, as the Guidance outlines voluntary guidelines to help critical infrastructure defend against cyber threats and enhance Canada’s overall cyber security resilience, while the Cyber Threat Assessment offers an overview of the cyber threats affecting Canadians and forecasts how these threats may evolve. 

Both the Guidance and the Cyber Threat Assessment note that Canada is facing an increasingly complex cyber threat landscape, marked by an expanding cast of malicious and unpredictable state and non-state threat actors.  The Cyber Centre has indicated that critical infrastructure services and systems are particularly at risk due to their dependence on complex networks of interconnected digital services, assets, and facilities.

The Guidance provides a set of voluntary guidelines aimed at safeguarding essential services, such as protecting the educational and health sectors.  It provides 36 Cyber Security Readiness Goals (CRGs) organized into six pillars: govern, identify, protect, detect, respond and recover. Each CRG is linked with actionable recommendations to strengthen the cyber security posture of Canada’s critical infrastructure.

The Cyber Threat Assessment shows that cybercrime remains a persistent and disruptive threat to individuals, organizations, and all levels of the Canadian government, with ransomware being the top cybercrime threat for Canada’s critical infrastructure.  It also states that Cybercrime-as-a-Service is likely fueling the persistence of cybercrime in Canada and globally.  Notably, the Cyber Threat Assessment outlines trends that will shape the cyber threat environment through 2026, such as the role of artificial intelligence in amplifying cyber threats and how geopolitical tensions are influencing cyber activities by non-state groups.

The Cyber Threat Assessment also encourages organizations to consult the Cyber Centre’s Cross-Sector CRG Toolkit, available here, to learn more about how to increase their cyber security posture.

Summary By: Victoria Di Felice