As an American, I can tell you that we in the U.S. are really, really good at making grand promises.
Just ask anyone who’s watched a presidential debate.
The latest example of this comes courtesy of the Cybersecurity and Infrastructure Security Agency (CISA), which has rolled out a plan to “align operational cybersecurity priorities” for all U.S. federal agencies. Translation: we’re going to fix cybersecurity by making it one giant, government-sized blanket that somehow covers everyone.
But before you, my dear Canadian neighbours, roll your eyes and think, “Well, that’s their problem,” let me tell you why our cybersecurity is very much your problem. In fact, when the U.S. bungles cybersecurity — and trust me, we will — you can bet Canada is going to feel the shockwaves.
The U.S. loves a one-size-fits-all approach, especially when it comes to big, scary, technical things like cybersecurity. CISA’s latest plan is essentially a top-down directive to “align” cybersecurity strategies across all federal agencies. Sounds good, right?
Except here’s the kicker: we’re talking about an enormous range of agencies, from the Department of Agriculture to the Department of Defence, all being squeezed into the same security blanket. And spoiler alert — blankets like that usually come with holes.
Sure, some agencies might share common goals and infrastructure, but do the needs of the Federal Reserve and NASA really line up so well that a single strategy can effectively protect them both?
I’m not holding my breath. When you treat every agency like it’s facing the same threats, you’re bound to leave gaping vulnerabilities. And what happens when those holes are found by hackers?
Now, I can already hear my Canadian friends saying, “What does this have to do with us?” Well, everything. When the U.S. cybersecurity systems go down, it’s not just our problem —i t’s yours too. Our economies are as tightly-knit as a Tim Hortons coffee and a frigid morning.
And if American agencies get hacked, Canadian businesses, banks, and even government agencies connected to our digital infrastructure could find themselves caught in the crossfire. It’s not just a matter of watching us fumble from afar — you’re likely to feel the aftershocks firsthand.
The harsh reality is that America’s cybersecurity isn’t contained by borders. Our digital economies, energy grids, supply chains, and defence operations are so deeply intertwined that a breach in the U.S. can have catastrophic consequences for Canada.
Recommended video
The moment a U.S. federal agency gets hacked, critical information could get compromised. And considering that the U.S. is Canada’s largest trading partner — by a mile — you can bet that hackers who gain access to American trade, defence, or financial systems won’t stop there.
The fact that Canada’s infrastructure and data pipelines are tightly interwoven with ours means that vulnerabilities in American cybersecurity could leave you wide open to attack. When America slips up, Canada is vulnerable by association.
And don’t get too comfortable thinking this is only about digital threats. Cyberattacks can shut down pipelines, derail trade systems, and even interfere with transportation networks. Remember the Colonial Pipeline ransomware attack in 2021? It shut down fuel supplies across the U.S. East Coast.
Imagine the ripple effect if an attack like that were to hit energy or transportation systems that serve both countries. The digital world is no longer confined to virtual space — real-world consequences follow.
As part of this new plan, CISA isn’t just focusing on American soil. There’s also talk of streamlining international cybersecurity cooperation, a fancy way of saying, “We’re going to make things easier to share across borders.” Which sounds great in theory — who doesn’t want countries working together to fend off cyberattacks? But here’s the catch: when you make it easier to cooperate internationally, you also make it easier for hackers to exploit the system.
International cybersecurity standards might sound like a diplomatic win, but from a practical standpoint, it’s like handing hackers the universal key to the digital kingdom. When security protocols are too standardized, once a hacker finds a weakness, they can exploit it across multiple countries. A vulnerability in the U.S. system could easily translate into a vulnerability in Canada’s.
If all of this sounds a little unsettling, wait until you hear about the White House’s brilliant solution to protect America (and, by extension, Canada) from cyber threats: a cybersecurity hiring sprint. The plan is to fill 500,000 vacant cybersecurity jobs. Yes, half a million jobs. In a sprint. You can’t make this stuff up.
To put it mildly, this is a Herculean task.
Now, don’t get me wrong — hiring more cybersecurity experts is crucial. But the notion that the U.S. government cannot only quickly find, but also properly equip and retain 500,000 experts in a highly technical, fast-paced field? Let’s just say I’ll believe it when I see it.
The kicker here is that the White House wants to do all of this in the context of diversity, equity, and inclusion (DEI) hiring practices.
Balancing DEI goals with the urgent need for cybersecurity professionals means we’re likely going to see rushed hiring, stretched qualifications, and undertrained personnel in key positions. And that’s a recipe for disaster, not just for American systems but for the Canadian systems that rely on our defences being airtight, not to mention the cybersafety of individuals in both countries against malware and cyberstalkers, amongst other dangers.
As we head toward the 2024 U.S. election, one thing is clear: American cybersecurity is about to become an even hotter mess than it already is.
But Canadians shouldn’t sit back and watch with bemused detachment. The fact is, you’ve got skin in this game. Whether it’s our bungling of a “one-size-fits-all” plan, our ill-advised international cooperation efforts, or the inevitable flop of our cybersecurity hiring sprint, when the U.S. messes up, Canada feels it.
So, while it’s tempting to joke about American inefficiency or bureaucracy, the truth is Canadians should be watching American cybersecurity plans with growing concern. The decisions made in Washington on general cybersecurity and other matters like artificial intelligence will ripple across the border, and if the U.S. can’t get its act together (and let’s be honest, we probably won’t), you might find yourselves helping to pick up the pieces of our digital blunders.
Even “big tech” is taking some bumps as the latest macOS 15 Sequoia update has encountered security issues, while Google has attempted to ramp up security by syncing passkeys across all devices
In the end, what happens to American cybersecurity doesn’t just stay in America. And like it or not, we’re all in this together — whether that makes you feel safer or a little more uneasy.
— Julio Rivera is a business and political strategist, cybersecurity researcher, founder of ItFunk.Org, and a political commentator and columnist. His writing, which is focused on cybersecurity and politics, is regularly published by many of the largest news organizations in the world.