Canada's inclusion of India as cyberadversary is a deliberate political move; here’s why

Canada naming India a cyberadversary was all over Indian media.

By Lokendra Sharma

On October 30, the Canadian Centre for Cyber Security released the ‘National Cyber Threat Assessment 2025-2026’ report. It named China, Russia, Iran, North Korea and India as Canada’s cyber adversaries. By 2 November, Canada naming India a cyberadversary was all over Indian media. On the same day, when asked about the report, India’s Ministry of External Affairs (MEA) official spokesperson responded: ‘We see this appears to be another example of a Canadian strategy to attack India. As I mentioned earlier, their senior officials have openly confessed that they are seeking to manipulate global opinion against India. As on other occasions, imputations are made without any evidence.’

Coming amidst the deteriorating India-Canada relations, I argue that India’s inclusion in the report as a cyberadversary is a deliberate afterthought. And it is not because India’s MEA dismissed the report. But because a careful perusal of the report indicates as much.

Anatomy of the report

The lengthy report only dedicates two short paragraphs in a section on India. Let us examine these paragraphs line-by-line. ‘India’s leadership almost certainly aspires to build a modernized cyber program with domestic cyber capabilities,’ says the first one. Almost every state in the international system is currently attempting to have a modern cyber programme with domestic capabilities. The next line adds: ‘India very likely uses its cyber program to advance its national security imperatives, including espionage, counterterrorism, and the country’s efforts to promote its global status and counter narratives against India and the Indian government.’ This assessment is also true for all major and aspiring powers — nothing unique about India. Alluding to the controversy surrounding India using spywares such as pegasus and even its rivals, the report assesses ‘that India’s cyber program likely leverages commercial cyber vendors to enhance its operations.’ Notwithstanding the legality and controversies surrounding the usage of spyware by the Indian government, pegasus usage has been traced to 45 states according to Citizen Lab and even at least five EU member-states have also used it. Therefore, on this front also, India does not particularly stand out.

The second paragraph provides the reason for including India in the report. Pinning down India conducting espionage as the primary factor, the report states: ‘We assess that Indian state-sponsored cyber threat actors likely conduct cyber threat activity against Government of Canada networks for the purpose of espionage.’ But espionage again is something all states, to varying capacities, engage in. Friends and foes alike are subject to cyber espionage by major powers. The report ends the paragraph with: ‘We judge that official bilateral relations between Canada and India will very likely drive Indian state-sponsored cyber threat activity against Canada.’ While it is generally understood that the dynamics of relationship between two states drives their cyber engagement, the last line of the section is significant as it hints at why India’s name has been included in the report.
A deliberate afterthought

The National Cyber Threat Assessment report is released by the Canadian Centre for Cyber Security every two years. The previous report (covering 2023-2024) did not mention India even once in the entire report; while ‘state-sponsored cyber programs of China, Russia, Iran and North Korea’ did ‘pose the greatest strategic cyber threat to Canada’ according to the previous report. Therefore, between the current and the previous report what changes is the inclusion of India. Even when the level of detailing is compared between India and other adversaries in the latest report, India is only given two brief paragraphs, while the thoroughly researched/referenced section on China gets three pages and Russia and Iran get two pages each. White at two paragraphs, North Korea too gets slightly more space than India.

The only specific claim on India that the report makes is in a section called ‘Geopolitically inspired non-state actors are creating unpredictability.’ The report claims: ‘After Canada accused India of involvement in the killing of a Canadian citizen, a pro-India hacktivist group claimed to have defaced and conducted brief DDoS attacks against websites in Canada, including the public-facing website of the Canadian Armed Forces.’ But even if the pro-India hacktivist group was actually behind the distributed denial-of-service (DDoS) attack and even if the group was linked to the Indian government, the DDoS attacks are very low on the cyber offence spectrum. As Canada’s Defence Minister Bill Blair himself said in context of the aforementioned DDoS attacks: ‘That's a very common thing that happens, unfortunately, often.’

Given how inadequately substantiated the threats emanating from India are, it is questionable whether India qualifies to be called a cyberadversary on par with other actors such as China, Russia, Iran and North Korea. It is safe to assume that the report — a product of Canadian governmental machinery — would take at least a few months from conception to getting all approvals to final release (on 30 October). When this is seen along with inadequate treatment of India as a cyberadversary, it becomes clear that inclusion of India was a last-minute political decision.
With the report being released at a time when Canada and India have recalled/expelled diplomats and relations have dived down to historical lows, the reason for the deliberate afterthought appears to be to signal to fellow Five Eyes intelligence-sharing alliance members (US, UK, Australia and New Zealand in addition to Canada) about potentially redirecting efforts towards monitoring India’s cyber activities. Canadian prime minister Trudeau’s regime is also signalling to India that Canada has various tools to calibrate in a cross-domain manner based on the trajectory of the Canada-India relationship.

(Lokendra Sharma is a Research Analyst with the High-Tech Geopolitics Programme of the Takshashila Institution in Bengaluru.)

Views are personal, and do not represent the stand of this publication.