International cyber policy
Canada engages internationally to promote and protect a free, open and secure cyberspace. This supports Canada’s economic prosperity, online and offline security, and helps advance Canadian values.
To protect Canadians and promote a rules-based international order in cyberspace, Global Affairs Canada (GAC) works with:
- other government departments
- international allies
- the private sector
- non-governmental partners
GAC supports Canada’s National Cyber Security Strategy (NSSC) by working with its international partners to advance Canadian interests in cyberspace. This includes:
- advocating for an open, free, and secure internet
- enhancing international cooperation to carry out norms of responsible State behaviour in cyberspace and combat cybercrime
- working with partners and allies to deter and respond to malicious cyber activity
While there is work left to do, GAC has completed many activities and milestones to support the NSSC. Those achievements are identified by the National Cyber Security Action Plan, including:
- the Launch of the Government of Canada International Cyber Engagement Working Group in 2018
- the creation of a cyber-unit at GAC in 2018
- the development of a policy for public attribution of malicious cyber activity by States in 2019
On this page
- International cyber security overview
- Canada’s UN cyber involvement
- Capacity building
- Confidence building measures
- Malicious cyber activity response
International cyber security overview
A free, open, and secure cyberspace is critical to Canada’s economy, social activity, democracy and national security. Canada faces cyber security risks from both state and non-state actors. Protecting Canada’s and Canadian’s cyber infrastructure from malicious actors is a serious challenge and never-ending task. Canada works with allies and partners to improve cyber security at home and counter threats from abroad. This includes identifying cyber threats or vulnerabilities and developing capabilities to respond to a range of cyber incidents.
Internationally, Canada has supported the development and application of rules of the road for State behaviour in cyberspace. These are found in the conclusions of past United Nations (UN) Groups of Governmental Experts (UN GGEs) on Developments in the field of information and telecommunications in the context of international security. The 2013 and 2015 UN GGE reports recognized the applicability of international law. The 2015 report also outlined voluntary norms for state behaviour in cyberspace. These have been unanimously agreed upon by the United Nations General Assembly.
Canada is working to support the implementation of these norms at home and abroad. This includes calling States to account for malicious activity that counters the norms for responsible state behaviour in cyberspace.
Canada released its Statement on International Law applicable in cyberspace in April 2022 to outline our current view on key aspects of international law applicable in cyberspace and explain how these apply.
In addition to releasing our own statement, Canada strongly advocates for capacity building on the application of international law in cyberspace. Canada supports efforts to help other States develop their capacity to publish their own submissions on how they see international law applying in cyberspace.
Canada’s UN cyber involvement
Canada is actively involved in promoting a safe, secure, and open cyberspace. We work in multilateral forums to build a common understanding of the rules of responsible state behaviour in cyberspace as outlined in the 2015 endorsed GGE norms. Canada has proposed guidance to States on norms implementation and to address the gender aspects of cyber security in the ongoing UN Open Ended Working Group on Developments (OEWG). Canada’s submissions to this process include:
- Canada’s Proposal for the Report of the 2019-2020 UN OEWG
- Canada’s implementation of the 2015 GGE norms
- Canada’s response to the questions in Chair’s paper: February 2020 OEWG meeting
- Canada’s OEWG text proposals
Mindful of Canada’s Feminist Foreign Policy, GAC has taken specific steps to advance gender equality in cyber policy discussions and improve women’s meaningful participation in international discussions.
- Funding research on gender and cyber to help advance our knowledge of the interactions between gender and international cybersecurity:
- Making Gender Visible in Digital ICTs and International Security by Dr. Sarah Shoker (executive summary)
- Why gender matters in international cyber security by Allison Pytlak and Deborah Brown (executive summary)
Canada promotes participation of women in international cyber security negotiations through the Women in International Security and Cyberspace Fellowship (WiC). Over 35 women participated in the WiC as experts and diplomats representing their government at UN OEWG negotiations. The WiC allowed gender balance for the first time in the history of a UN First Committee process.
Canada has previously engaged in the United Nations (UN) Groups of Governmental Experts (UN GGEs) on Developments in the field of information and telecommunications in the context of international security as a member of two of these groups (most recently in 2016-2017).
To promote and enforce stability in cyberspace, Canada works with a variety of organisations and partnerships including, but not limited to:
- North Atlantic Treaty Organization (NATO)
- NATO Cooperative Cyber Defence Centre of Excellence
- Organization for Security and Co-operation in Europe (OSCE)
- Organization of American States (OAS)
- United Nations
- G7 (including the Ise Shima Summit)
Internationally, Canada also supports capacity-building efforts to increase the resilience of States to malicious cyber activity. Since 2015, Canada has contributed over $13 million to cyber capacity-building projects around the world. Among other outcomes, these projects have helped 10 countries in the Americas develop their national cyber strategies. Thanks to Canada’s support, 17 Computer Security Incident Response Teams have been developed or improved throughout the Americas.
Confidence building measures
Confidence building measures (CBMs) are essential to building relationships and capabilities for improved cyber security. CBMs reduce the risk of conflict between States by using preventive measures for the management of crises between States in cyberspace. Canada is engaged in implementing confidence building measures internationally for cyber security through:
- our participation in the OSCE CBMs, including the implementation of CBM # 4 on taking measures to ensure an open, interoperable, and secure Internet as well as sharing national approaches to its implementation
- support work provided to the OAS and ASEAN Regional Forum to adopt or implement a similar set of CBMs
Multiple stakeholders have been engaged for confidence building measures including academia, non-governmental organizations, think tanks and the private sector. Canada understands the need for a multi-stakeholder approach to manage cyber security concerns. We have engaged with academics and non-governmental organizations as detailed above with gender and cyber research. Further, Canada was a leader in organizing a multi-stakeholder engagement series in December 2020 to allow non-State stakeholders to express their views on the OEWG process. This is all to support building a common understanding of the rules for responsible behaviour in cyberspace.
Malicious cyber activity response
Canada is stronger when working in cooperation with our partners and allies. GAC works with likeminded partners to hold States accountable for activity in cyberspace. By coordinating with partners and allies abroad, GAC is able to evaluate and respond to identified threats accurately. After a review of the evidence, Canada will attribute malicious cyber activities to the hostile States who perpetrate them. Canada will hold them to account under international law and agreed norms of State behaviour in cyberspace. Canada will continue to promote responsible state behaviour in cyberspace and call out those that act irresponsibly.
- Canada expresses concern over pattern of malicious cyber activity by Russian Military Intelligence
- Canada welcomes European Union’s announcement of new cyber sanctions listings
- Joint statement by the Honourable François-Philippe Champagne, Minister of Foreign Affairs, and the Honourable Harjit Sajjan, Minister of National Defence, on the Communications Security Establishment statement directly below
- Statement on Threat Activity Targeting COVID-19 Vaccine Development
- Statement on malicious cyber threats to the health sector
- Canada condemns Russia’s malicious cyber-activity targeting Georgia
- Canada identifies malicious cyber-activity by Russia
- Canada and Allies Identify China as Responsible for Cyber-Compromise
- Statement on the NotPetya Malware
- Statement on the Attribution of WannaCry Malware
- Statement on cyber-attack targeting the federal government
- Canada’s submission included in the United Nations General Assembly Report on Developments in the field of information and telecommunications in the context of international security (2017)
- Canada’s National Cyber Security Strategy released by Public Safety Canada
- National Cyber Security Action Plan (2019-2024) released by Public Safety
- Strong, Secure, Engaged: Canada’s Defence Policy released by the Department of National Defence
- National Cyber Threat Assessment 2020 released by Communications Security Establishment’s Canadian Centre for Cyber Security
Report a problem on this page
- Date Modified: