OTTAWA — As U.S. President Donald Trump talks openly about annexing Canada, using economic force if he has to, the countries’ cybersecurity authorities are working together as co-operatively as ever.

“Cyber is a non-partisan issue, right? Everyone wants to see cybersecurity. Everyone wants to protect our critical infrastructure,” said Rajiv Gupta, the head of the Canadian Centre for Cyber Security, in an interview with The Logic.

As part of the Communications Security Establishment (CSE), which answers to the defence minister, the centre is charged with protecting government devices and networks and supporting the private sector in defending itself against cyber attacks. That particularly applies to operators of critical infrastructure like pipelines, electricity systems and telecom and financial networks—key economic assets.

Gupta has been the centre’s head since September, after three years as the No. 2. It’s been a turbulent time between Canada and its closest ally, as Trump’s musings about this country becoming the 51st state have shaken Canadians’ trust in their neighbour.

Of recent concern, Elon Musk’s strike force of government reformers is digging around in deeply sensitive U.S. systems. And even some Republicans are skeptical of Trump’s pick to lead the U.S. intelligence community, Tulsi Gabbard. Reportedly, so are the British. The Five Eyes intelligence-sharing alliance (Australia, Canada, New Zealand, the United Kingdom and the United States) might be wobbling.

If relations kept deteriorating and the United States really wanted to wreak havoc on Canada, cyberattacks on that critical infrastructure would be one way to do it; Russia, keen on annexing Ukraine, has carried out a cyber campaign against banks, telcos, broadcasters, power stations—even the post office.

But the cybersecurity centre had been exchanging information with its American counterpart, the Cybersecurity and Infrastructure Security Agency (CISA), just the day before Gupta spoke to The Logic. Canadian and American security authorities have decades of co-operation behind them and he said he assumed that would continue. 

”We have a huge amount of shared critical infrastructure between the Americans and ourselves that we collaborate daily on in terms of protecting,” he said. “That’s a very close partnership that we need to continue to do, because it benefits both of us.”

Does Canada trust the United States as much as it did, say, six weeks ago?

“From my perspective, we’re non-partisan. We’re working closely with them, as we have in the past,” Gupta said.

Indeed, a few days later, Gupta’s organization issued advice, in concert with CISA and equivalent bodies in other Five Eyes countries, on securing network components like routers and firewalls.

In a separate interview last week, Public Safety Minister David McGuinty echoed Gupta’s faith in Canada’s traditional partners to the south.

“I have no hesitation in working with the United States. This is our neighbour, our largest trading partner and our greatest ally,” McGuinty said. “At the working level, at the security- and intelligence-sharing level, [the relationship has] never been stronger.”

That co-operation makes up some of the cinderblocks in the foundation of the Canada-U.S. alliance, said McGuinty—who does not oversee the CSE, but is responsible for numerous other intelligence and security bodies such as the RCMP.

“We cannot compromise co-operation on security and intelligence at a time when the Five Eyes are being targeted, when each individual country is being targeted,” he said.

Gupta talked to The Logic in a boardroom in the centre’s “innovation centre,” which is located in an office building just east of downtown Ottawa. Clad in mirrored blue glass, it could have been dropped there from a suburban tech park.

The facility is separate from the CSE headquarters, a well-appointed fortress a few kilometres away. The lower-security site allows for things like meetings with un-cleared civilians, such as the corporate cybersecurity specialists the centre considers its partners.

The innovation centre is set up like a co-working space, with big tables, scatterings of offices and conference rooms, movable wall partitions and fake (but convincing) plants. It was empty late on a Monday afternoon, but its whiteboards were covered in hand-drawn flow charts and fragments of math.

Gupta’s shaved head and square jaw make him look fierce. He’s visibly fit (he climbs mountains for fun) but slim rather than hulking. His voice is higher than you might guess. He talks fast. He wouldn’t share his age.

But he began his career in the private sector in Ottawa as the pre-2000 tech bubble inflated and traditional telephony companies—like Mitel, where Gupta worked—became internet technology companies.

“I was an embedded-systems engineer, so I got to see that nexus between hardware and software,” he said.

“We actually built semiconductors in Canada, which was amazing. We had manufacturing in the same building—you could walk for 90 seconds and actually see the manufacturing folk and understand what was going on in that space,” Gupta said.

The tech bust that followed was painful, and drove companies to innovate even as they cut and shrank. “That keen focus on what your customers really needed was really important,” Gupta said. 

The experience defined his approach to everything he’s done since, he said: “The beginning of your career really does shape the rest of your career, and burns your culture and identity into you.”

The larger CSE doesn’t say much in public—it released 12 statements, announcements and reports in all of 2024, including rote filings on subjects like how it’s contributing to meeting federal sustainability goals. But then, the government didn’t even admit that the CSE existed until the 1980s, decades after it was born as a codebreaking service in the Second World War.

Cybersecurity, however, isn’t strictly a state vs. state affair, like a pitched battle between uniformed armies. When critical infrastructure like pipelines, telecom systems and financial networks are in private hands and under digital controls, a secretive government entity can’t protect it. Cybersecurity, the cliché goes, is a team sport.

Unlike its parent organization, the cybersecurity centre talks publicly all the time—issuing big-picture geopolitical threat assessments and posting scores of security advisories from vendors that only techies will understand, let alone act on. Last fall it published a “cybersecurity readiness goals toolkit” whose main feature is a 20-page checklist that could have been titled, So You’ve Been Promoted to VP and Now You’re in Charge of Cybersecurity; Here’s Your Cheat Sheet.

The centre has also fallen down at times.

In a report published last June, the federal auditor general found the organization does a great job responding to high-priority incidents, but has often let down individuals who went to it for help with possible cybercrimes.

Arresting cybercriminals is the RCMP’s business; the CRTC plays a role in running down certain telecom-related scams. Although it offers plenty of advice for how regular Canadians can protect their digital lives, answering complaints from them is not what the cyber centre is for—and the auditor’s team found that it had simply deleted 1,870 of those over the three years examined, because they weren’t the cybersecurity centre’s problem. 

Everyone agreed that wasn’t good. The different authorities are working on a single, unified way to report cyber attacks and crimes. “Behind the scenes, we’ll figure out where it’s supposed to go without dropping anything,” Gupta said.

That new system is not expected to be ready to go until April 2026. Gupta said the technical part is easy but the legal part isn’t—police, the telecom regulator and a defence agency aren’t allowed to freely share private information, even if they’d guess the person filing a report would want them to.

The cyber centre is also dealing with the failure at the finish line of Bill C-26. The bill would have given the federal government the power to ban Huawei gear from Canada’s telecom networks, but it had a whole second part letting federal industry regulators inspect the cyberdefences of critical infrastructure operators.

“It would have been interesting to see the consistency of cybersecurity across Canada,” said Gupta. “Some organizations will be incredibly well prepared, and at some there’ll be gaps.”

Without the law, the cybersecurity centre remains an adviser at most. Gupta said that a decade ago, preaching to boards of directors about cybersecurity could be tough. Now, more of them seem to understand the hazards of service disruptions, revenue losses and reputational damage, he said.

“We are working voluntarily with organizations, he said, “but it’s up to the boards of these organizations to understand the risks.”