Canada prepares for battle in cyberspace

Read: 3 min

Canada’s military is preparing for battle in cyberspace.

The Canadian Armed Forces’ newly established cyber command, called CAFCYBERCOM, recently deployed teams to NATO’s flagship CYBER COALITION exercise in Estonia. 

The deployment comes as the alliance prepares for a future where cyberattacks on power grids, government services and military systems are treated as challenges to national security, not just technical disruptions.

“Cyber conflict tends to mirror real-world politics,” said Alexander Rudolph, a PhD candidate at Carleton University whose research focuses on Canadian cyber policy. “As tensions rise between states, cyber operations intensify alongside them.”

This year’s CYBER COALITION exercise ran from Nov. 28 to Dec. 6 and brought together military and civilian cyber experts to rehearse responses to complex cyber incidents. 

CAFCYBERCOM, which was first launched in September 2024, contributed CAF personnel in Europe and an Ottawa team that operated remotely.

Cyber capabilities are just one part of the CAF’s strategic arsenal, says Christian Leuprecht, a distinguished professor at the Royal Military College of Canada.

“Cyber would never be deployed on its own,” said Leuprecht. “It would be used alongside other capabilities to achieve political effects.”

Cyber’s growing role

NATO describes CYBER COALITION as the alliance’s premier collective cyber defence exercise, designed to reflect how cyber conflict now unfolds: continuously, ambiguously and often below the threshold of conventional war.

“This is an ever-expanding, complex, fast-moving problem,” Rudolph said, adding that both state actors and criminal groups are now capable of producing similar levels of disruption, particularly when targeting civilian systems.

A central concern is that cyber vulnerabilities do not respect national borders, says Rudolph. There is a risk that a breach in one ally’s systems could  be leveraged to compromise others across the NATO alliance.

On Dec. 18, NATO member state Denmark accused two hacker groups linked to the Russian state of carrying out cyberattacks — one on a Danish water treatment plant in 2024 and one on local elections last month.

“The fear is that the compromise of one ally will potentially lead to the compromise of another,” said Rudolph.

The exercise scenarios conducted in recent weeks were not based on specific, real-world incidents, a spokesperson for CAFCYBERCOM said in an emailed statement.

Instead, the goal was to provide a controlled environment to practise coordination, information-sharing and decision-making without exposing sensitive information.

Exercises like CYBER COALITION also signal to adversaries that NATO treats cyberspace as a contested domain and is prepared to respond collectively.

“There is no threshold in cyberspace,” Leuprecht said, describing it as an “anarchic environment” where norms remain contested. “Usually these types of exercises are intended to draw red lines.”

Leuprecht cited as an example a 2014 cyberattack on film studio Sony Pictures, where the attackers demanded Sony withdraw a satire film about the assassination of North Korean leader Kim Jong Un.

U.S. officials blamed North Korea for the attack, and days later, allegedly hit back, causing North Korea to experience widespread internet outages.

“ That was a famous retaliation by the United States … that basically incapacitated North Korea’s internet for a week,” Leuprecht said.

Canada’s contribution

Rudolph says Canada’s contribution to CYBER COALITION is just one part of broader efforts to build relationships with allied cyber forces. 

“Canada doesn’t have the largest cyber forces,” he said. “But their ability to be able to work with others, and have a high level of skill and knowledge despite a relatively smaller footprint, allows them to be able to do more than they would otherwise.”

Leuprecht noted that the creation of a dedicated cyber command reflects how cyber forces operate differently from traditional military units.

“If you look at Cyber Command in the U.S. or Space Command, these are very flat organizations,” he said. “Hierarchy doesn’t really matter. In a cyber command, what matters is how effectively you can work together.”

Leuprecht also noted Canada is unlikely to pursue offensive cyber operations except in extreme circumstances. But it may take “active measures” to disrupt or neutralize adversary capabilities, often in coordination with allies.

At home, Canada has work to do.

“Unfortunately it seems like Canada’s not in the best position,” Rudolph said, pointing to a recent report by the Auditor General of Canada that found gaps in the federal government’s cybersecurity services. 

Rudolph described financially motivated cybercrime — especially ransomware and extortion — as the most persistent day-to-day threat to Canada. 

But he said state actors pose a different kind of risk, particularly if they gain footholds in cyber infrastructure during peacetime that could be leveraged during periods of geopolitical tension.

CAFCYBERCOM does not publicly discuss specific vulnerabilities or capability gaps identified during exercises. Doing so would undermine operational security, the spokesperson told Canadian Affairs. 

“Instead, NATO exercises provide a controlled environment to identify and address such issues internally,” said the spokesperson. 

“Lessons learned are shared through protected channels and used to guide improvements in training, development, and investment without compromising security.”

Related Posts