When cyber incidents affect Canadian infrastructure, the response is often predictable. Officials emphasize that systems remain secure, services are restored, and investigations are underway. The incident is framed as a technical disruption or a criminal act – serious but contained.
This framing is reassuring, but it is also incomplete.
Recent joint advisories from Canada’s Centre for Cyber Security (CCCS) and allied partners warn that pro-Russian hacktivist groups continue to conduct opportunistic cyber activity against global critical infrastructure (CCCS, 2024). These operations include website disruptions, denial-of-service attacks, and other forms of digital interference designed to be highly visible yet difficult to attribute conclusively. In Canada, similar activity has already affected essential services, including the energy sector, where incidents have often been publicly characterized as temporary or symbolic disruptions (CBC News, 2023).
The problem is not that Canada lacks cyber expertise. It is that Canada continues to misinterpret what this activity represents.
This misinterpretation carries strategic consequences: it leaves Canada structurally exposed to persistent forms of cyber pressure that rarely cause catastrophic damage but steadily test resilience, coordination, and public confidence.
Understanding this dynamic requires looking beyond individual cyber incidents to the strategic logic that shapes them. This article situates recent cyber activity within Russia’s broader approach to hybrid competition, examines how historical strategic continuity informs contemporary digital coercion, and considers why Canada’s institutional and policy frameworks remain particularly exposed to sustained, low-level cyber pressure.
Cyber Activity as Strategic Pressure
From a Canadian policy perspective, cyber threats are usually categorized as cybercrime, hacktivism, espionage, or warfare. This framework is operationally useful because it helps guide legal attribution, incident response, and resource allocation, but it can obscure how Russia treats cyber operations as instruments of sustained strategic pressure rather than isolated technical or criminal events.
For Moscow, cyber activity is not primarily about theft or destruction. It is about applying sustained pressure on governments, critical infrastructure operators, and public confidence in essential systems, often to signal capability, test resilience, and shape political decision-making without escalating to open conflict.
Russian-aligned cyber operations are intentionally calibrated to remain below the threshold of armed conflict. They disrupt services, shape public perception, and exploit ambiguity to avoid escalation while sustaining pressure over time.
Strategically, this reliance on cyber and other grey-zone tools functions as an equalizer, compensating for constraints in conventional military performance and enabling Russia to project influence even where it has struggled to prevail militarily, including in conflicts involving former Soviet Socialist Republics (SSR).
This interpretation aligns with broader analyses of Russian hybrid warfare, which emphasize the deliberate blurring of boundaries between espionage, cyber operations, political influence, and coercion as a long-standing strategic practice rather than a recent innovation (Stoddart, 2025).
Canada’s own intelligence assessments acknowledge that ransomware and other cyber threats targeting Canadian organizations are increasing in frequency and sophistication, and that critical infrastructure remains particularly attractive to threat actors (CCCS, 2025). Many ransomware groups targeting Canada are most likely Russian-speaking and operating from the post-Soviet space, highlighting the concentration of cybercriminal ecosystems in environments where enforcement constraints and geopolitical dynamics complicate accountability (CCCS, 2025).
Despite this pattern, cyber incidents in Canada are still largely treated as isolated technical events rather than as part of an ongoing pattern of strategic coercion.
Canada’s ransomware threat outlook projects that cyber threats to Canadian organizations will remain significant through at least 2027, with continued targeting of critical infrastructure and public-facing services (CCCS, 2025). These assessments emphasize preparedness and resilience, but they also highlight a broader issue: Canada faces a sustained campaign of digital pressure, not a series of disconnected events.
Recognizing the strategic nature of cyber activity does not mean treating every incident as an act of war. It does mean acknowledging that cyber operations linked to hostile states are part of continuous competition, not isolated crises.
The Soviet Roots of the Russian Federation’s Cyber Approach
This pattern becomes clearer when viewed through a historical lens. Long before the internet existed, Soviet military doctrine emphasized indirect forms of conflict. Rather than relying exclusively upon decisive battlefield engagements, Soviet strategists focused on shaping an adversary’s perceptions, decision-making, and political resolve. Psychological pressure, ambiguity, and the manipulation of information were central tools, particularly when open military confrontation carried high risks (Rid, 2020; Giles, 2023).
Modern Russia is not the Soviet Union. However, it would be a mistake to assume a complete break in strategic thinking. Analyses of Russian hybrid warfare consistently highlight continuity between Soviet-era active measures and contemporary cyber and information operations (Stoddart, 2025; Galeotti, 2025). Russian military scholarship since the Cold War has maintained a sustained focus on the evolving nature of conflict, including subversion, destabilization, and information warfare as integral components alongside conventional force (Giles, 2016).
Recent observations from the war in Ukraine reinforce this continuity. Russian cyber and information operations often preceded or accompanied conventional military activity, with coordinated cyberattacks used to disrupt communications, degrade situational awareness, and shape the informational environment before kinetic operations unfolded (Giles, 2023). Such patterns reflect longstanding strategic practices being adapted to digital technologies rather than entirely new doctrines.
Cyberspace provides an ideal environment for applying these ideas. Digital operations exert pressure continuously, at relatively low cost, and with plausible deniability. They blur the line between peace and conflict and exploit hesitation about when, and how, to respond. Seen in this context, pro-Russian cyber activity is not random or merely opportunistic. It represents an updated expression of a longer Soviet strategic tradition rather than a wholly new form of conflict.
Canada’s Structural Exposure to Persistent Cyber Pressure
Canada is particularly vulnerable to this form of pressure because most critical infrastructure is owned and operated by civilian entities and cybersecurity governance is fragmented across federal departments, provincial authorities, regulators, and private-sector partners. As a result, legal and policy frameworks tend to prioritize managing risk and restoring services after incidents occur rather than treating persistent disruption as a defence issue.
This fragmentation shapes how cyber incidents are perceived. When a utility website is disrupted, or services are temporarily unavailable, the primary objective is restoration. Once systems are back online, the incident is considered resolved.
From a strategic perspective, however, success does not depend on lasting damage. The value of these operations lies in repetition. Even brief or unsuccessful attacks generate uncertainty, test coordination between public and private actors, and gradually normalize disruption as an accepted condition.
Canada’s public discourse rarely addresses this cumulative effect. Cyber incidents are discussed individually, stripped of geopolitical context, and quickly forgotten. That pattern aligns closely with the logic of grey-zone conflict.
Canada faces two distinct state-linked cyber challenges that demand different defensive postures: long-term strategic access and data acquisition, and disruptive, coercive cyber activity designed to test resilience and public confidence. Russia’s approach more frequently emphasizes disruption and coercive signalling. It prioritizes visible effects and psychological impact, even when immediate material gains are limited, and is more readily aligned with grey-zone pressure short of open conflict (Giles, 2016; Stoddart, 2022; CISA, 2025). By contrast, Chinese cyber activity has often emphasized persistent access, data acquisition, and long-term strategic positioning linked to economic and technological advantage. In practice, this tends to reward patience: maintaining stealthy presence in networks, collecting sensitive data over time, and positioning for leverage in future contingencies.
For Canada, the distinction matters because it affects how risk is measured and how readiness is built. A posture optimized for counter-espionage and intellectual property theft, strong perimeter controls, long-term detection of covert persistence, and rigorous data governance, does not automatically translate into resilience against disruptive activity aimed at eroding confidence in essential services.
The latter requires rapid recovery, strong public-private coordination, mature incident communications, and an ability to treat repeated low-level disruption as strategically meaningful rather than merely operationally inconvenient (Stoddart, 2022).
Recognizing these differences does not require inflating every incident into a geopolitical crisis. It requires clarity about intent. Where the PRC often seeks advantage through sustained access and information accumulation, Russia more frequently seeks advantage through disruption, ambiguity, and the normalization of instability. Canada’s cyber posture must be capable of addressing both.
If Canada is to reduce its exposure to persistent cyber pressure, the response must move beyond incident-by-incident triage toward resilience-oriented defence policy. A more effective approach would integrate cybersecurity more explicitly into defence and national security thinking. This does not require militarizing cyberspace. It requires practical conceptual clarity, implemented through three shifts:
- Treating repeated low-level disruption against public-facing services and critical infrastructure as a strategic indicator rather than a series of isolated incidents.
- Strengthening public-private coordination through clear incident escalation pathways and joint exercises that include civilian critical infrastructure operators.
- Aligning procurement and lifecycle assurance with cyber resilience requirements so that essential systems are designed to recover quickly and communicate credibly during disruption (CCCS, 2025).
In parallel, Canada should improve public communication on state-linked cyber activity by explaining patterns and intent, not merely technical remediation, so that public confidence is reinforced rather than eroded.
The Strategic Costs of Misinterpretation
Russia’s cyber operations did not originate in the digital era. They reflect a longer strategic lineage rooted in Soviet approaches to coercion, ambiguity, and influence, where shaping perceptions and imposing pressure below the threshold of open conflict were considered integral elements of statecraft. Cyberspace has simply made these methods easier to deploy, more scalable, and harder to attribute.
Canada’s vulnerability does not primarily stem from weak technology or inadequate cyber hygiene. Rather, it arises from a persistent tendency to interpret strategic pressure as a series of isolated technical incidents. When cyber disruptions are treated solely as operational nuisances rather than components of sustained geopolitical competition, their cumulative strategic impact is underestimated.
Until this framing evolves, disruptive cyber activity will continue to achieve disproportionate effects, not necessarily because it is technologically sophisticated, but because its intent and strategic function remain insufficiently recognized.
About the Author:
David Medcalfe is an interdisciplinary researcher specializing in the protection of critical infrastructure at the intersection of law, cybersecurity, and artificial intelligence governance. Trained as a jurist (LL.B., J.D., D.E.S.S., LL.M.), he is currently pursuing a Master of Information Studies at McGill University under the supervision of Professor Benjamin Fung, Canada Research Chair in Data Mining for Cybersecurity. His work examines legal accountability, cybersecurity risk, and the responsible deployment of AI in essential critical infrastructure systems such as transportation, energy, and communications.
In addition, he is a recipient of the Fonds de recherche du Québec – Nature et technologies (FRQNT) Master’s Research Scholarship and a 2026 Mila (Québec Artificial Intelligence Institute) – Building 21 BLUE Fellow, and contributes to initiatives related to technology governance, standardization, and digital security policy. His research trajectory stems from his Joint First Class Honours specialization in the history of the Union of Soviet Socialist Republics (USSR/CCCP) at McGill University, a foundation that continues to shape his analysis of technology, state power, and resilience in contemporary digital infrastructures.
References
Canadian Centre for Cyber Security. (2024). Joint cyber security advisory: Pro-Russia hacktivists conducting opportunistic attacks against global critical infrastructure. Government of Canada.
Canadian Centre for Cyber Security. (2025). Ransomware threat outlook 2025–2027: An assessment of the evolving ransomware threat to Canada. Government of Canada.
CBC News. (2023). Hydro-Québec website hit by cyberattack. Canadian Broadcasting Corporation.
Cybersecurity and Infrastructure Security Agency. (2025). AA25-343A: Russian-aligned cyber activity targeting critical infrastructure. U.S. Department of Homeland Security.
Galeotti, M. (2025). Siloviki at war: The Russian security community since February 2022. Russian Analytical Digest, (323), 6–9.
Giles, K. (2016). Russia’s “new” tools for confronting the West: Continuity and innovation in Moscow’s exercise of power. Chatham House.
Giles, K. (2023). Russian cyber and information warfare in practice: Lessons observed from the war on Ukraine. Chatham House.
Rid, T. (2020). Active measures: The secret history of disinformation and political warfare. Farrar, Straus and Giroux.
Stoddart, K. (2022). Cyberwarfare: Threats to critical infrastructure. Routledge.
Stoddart, K. (2025). Russia’s hybrid warfare offensive against the West. De Gruyter Brill. https://www.degruyterbrill.com/document/doi/10.1515/9783111583464/html
