Christine Gadsby
Chief Security Advisor, BlackBerry
John De Boer
Vice-President of Government Relations, BlackBerry
Maaz Yasin
Global Head of Government Solutions, BlackBerry
The Government of Canada’s Defence Industrial Strategy prioritizes trusted communications as a sovereign capability because they protect coordination, decision-making, and operational resilience.
Canada is modernizing its defence capabilities. The federal government’s first-ever Defence Industrial Strategy (DIS), launched in February 2026, sets out a clear vision for a more robust defence industry in Canada. It aims to provide technological and operational advantage to the Canadian Armed Forces and its security partners, and part of this means prioritizing secure, reliable communications.
Encryption is no longer the primary target. Today’s adversaries bypass it – and that changes the rules for securing national security communications. They’re now exploiting metadata and communication patterns, engaging in identity spoofing via AI-driven impersonation, and disrupting networks, which can push teams onto unsecured communication channels. These threats can disrupt timely decision-making, cause coordination breakdowns, and manipulate command chains.
Trusted, sovereign, secure communications matter now more than ever. When coordinated across the Department of National Defence (DND), industry, and essential services, secure communications protect leadership decision-making during complex, high-tempo operations. Secure communications have effectively become a sovereign capability — an essential component of Canada’s ability to independently protect our national interests without relying on foreign support.
With over 40 years of secure communications expertise and extensive experience working with governments, including the Government of Canada, Canadian technology company, BlackBerry, has secured government communications across G7 nations and NATO allies for over four decades and works directly with the Government of Canada on sovereign communications infrastructure. To explore what this all means in practice, key experts at BlackBerry — Christine Gadsby, Chief Security Advisor; John de Boer, Vice-President of Government Relations; and Maaz Yasin, Global Head of Government Solutions — share their perspectives on how the communications threat landscape has evolved, the role of sovereign communications infrastructure, and the practical steps Canada can take to strengthen trusted coordination across its defence ecosystem.
Mediaplanet: Why should Canada treat secure communications as a modernization capability, not just an IT tool?
John de Boer: For too long, communications security has been treated as a procurement line item — a technical specification managed by IT departments rather than a strategic capability debated in policy circles. The DIS changes that framing, and rightly so.
When secure communications are sovereign, high-assurance, and interoperable by design, Canada protects the integrity of its conversations, accelerates decision-making, and coordinates responses with allies without hesitation. The moment communications infrastructure sits in a foreign jurisdiction, Canada’s ability to act in a crisis is no longer fully its own. A legal hold can freeze access. A geopolitical dispute can create hesitation. An intelligence-sharing window can close. None of those are hypothetical, they are the predictable consequences of dependency, and they surface at the worst possible moment.
Maaz Yasin: In grey-zone conflict, where adversaries probe, deceive, and disrupt without crossing the threshold of open warfare, the speed and integrity of decision-making is itself a strategic asset. Trusted communications are not just about keeping messages private. They’re about ensuring that leaders receive accurate information, that they can verify who they’re speaking with, and that their coordination patterns aren’t being mapped by an adversary.
MP: How have threats evolved beyond “breaking encryption”?
Christine Gadsby: The assumption that encryption is the primary line of defence has become a strategic vulnerability. Today’s most sophisticated adversaries aren’t only trying to break encryption – they’re operating around it entirely, targeting the metadata, human, and behavioural layers of communications.
AI-driven impersonation is one of the global threats that demands immediate attention. Adversaries can now clone a senior official’s voice from minutes of audio, replicate a commander’s writing style from open-source material, and inject synthetic communications into decision chains that are indistinguishable from the real thing. In an environment where manufactured doubt is a deliberate instrument of statecraft, a single convincing impersonation at a critical moment can trigger the wrong decision, delay a critical response, or fracture allied trust.
Sovereignty is not achieved by declaration – it is achieved by design.
The DIS sets out an ambitious vision for a sovereign, integrated defence ecosystem. Realizing it requires confronting an uncomfortable truth: it is no longer sufficient to secure the message alone. We must secure the identity behind it, the pattern around it, and the integrity of the entire communications environment.
MY: Metadata is the intelligence adversaries do not need a decryption key to collect. Encryption protects content, but communication patterns can still expose command hierarchies, track leadership movements, and map covert networks.
MP: Where does communications dependency become a readiness risk?
JB: We tend to think about dependency in physical term – a bridge, a power grid, a supply chain node. Communications dependency is less visible, but no less consequential. Relying on a single platform, vendor, or foreign-hosted infrastructure hands a potential adversary a lever that requires no cyberattack to pull.
Discovering that primary communications infrastructure is constrained mid-crisis is not an IT problem. It’s a readiness failure that sovereign diversification can prevent.
MY: When operational tempo increases, communications fragment fast. Teams reach for what works: consumer apps, personal devices, unapproved channels. We have seen at the highest levels of government what that looks like in practice. Sensitive military decisions coordinated over consumer messaging tools is not a technology failure. It is a governance failure. It happens because secure channels that are hard to use get bypassed by people under pressure. The real risk is not just the exposed content. It is the metadata trail, the unmanaged devices, and the fact that no one has visibility or control over what was said, to whom, or from where. Communications sprawl is not an operational inconvenience. It is an intelligence gift.
MP: What does “sovereignty” mean in practical terms when it comes to secure communications?
JB: Sovereignty in communications is ultimately a governance question: who is accountable, who has the authority to act, and who can prevent others from acting without Canada’s consent. In practical terms, that means four things must remain under Canadian control: the systems, the encryption keys, the access and enforcement policies, and the data environment.
CG: Sovereignty is not an abstract principle. In communications security, it has a precise technical meaning. Canada’s DIS is explicit that sovereignty means control of the operating environment. From a security standpoint, that must extend beyond hardware and geography to encompass where systems run, who administers them, and, critically, who holds the keys. These are not procurement details. They’re the foundational conditions of operational trust.
Today’s most sophisticated adversaries aren’t only trying to break encryption — they’re operating around it entirely.
When communications systems are hosted in foreign jurisdictions, Canadian government communications become subject to legal frameworks and geopolitical pressures beyond Ottawa’s control. Encryption itself is only as strong as the governance around the keys that protect it.
JB: Sovereignty is not achieved by declaration – it is achieved by design. Governments can claim digital sovereignty, but it only becomes real when communications systems are designed so that infrastructure, data and security controls remain under national authority.
MP: How does “total defence” change the secure communications requirement across the DND, industry, and essential services?
JB: When sensitive programs span DND, primes, and subcontractors, a trusted communications layer becomes the connective tissue that keeps design, procurement, and delivery aligned without compromise.
MY: “Total defence” fundamentally raises the bar for secure communications. Securing military channels in isolation is no longer sufficient. Civilian agencies, critical infrastructure operators, and industry partners are now part of the same operational fabric. Systems must therefore be accessible from any location, under time pressure, while withstanding cyberattacks, network degradation, and contested environments. Decentralised architectures and failover mechanisms aren’t optional features. They’re the baseline.
Allied coordination raises the stakes further. When Canada operates alongside Five Eyes partners or NATO allies, the security of the communications layer becomes a condition of operational trust. A weak link in one nation’s architecture can compromise an entire joint operation.
MP: How should Canada think about certified trust in defence communications?
CG: In defence environments, trust is not declared. It’s demonstrated and earned – independently, and under conditions that leave no room for ambiguity.
Any organization can assert that its encryption is robust and its systems resilient. Independent validation is what converts assertion into evidence.
Certification establishes a shared language of trust that makes genuine interoperability possible without compromising sovereignty.
Procurement decisions in defence are not reversible on short notice. Systems acquired today will underpin operations for decades – across administrations, threat cycles, and technological shifts that no one can fully anticipate. That reality alone should reframe how leaders think about certification.
Certified, independently validated security is how procurement decisions demonstrate – not merely assert – that they meet that standard.
MP: What are the first practical steps Canada can take right now?
JB: The DIS gives Canada a clear strategic direction. The harder question is always: where do you start. The answer is to stop treating communications readiness as a downstream consideration and start treating it as the foundation everything else is built on.
First, establish a sovereign communications baseline. That means Canadian-controlled systems, Canadian-held encryption keys, and access policies governed by Canadian institutions. Not aspirationally. By design and by contract.
Second, make certification a procurement gatekeeping condition, not a checkbox. FIPS 140, Common Criteria, FedRAMP High, and NATO Restricted are not self-attestations. They are independent, adversarial validation processes. If a system has not passed them, it has not been tested against the threat environment Canada is operating in.
Third, plan for infrastructure failure before it happens. The ability to operate in a dark site or air-gapped environment when networks are compromised or unavailable is not an edge case. It is the baseline requirement. Any system that cannot function without external infrastructure has a dependency Canada cannot afford in a contested environment.
Canada has a generational opportunity with the DIS to get this right.
CG: Identity assurance is non-negotiable. Metadata protection must be treated with the same seriousness as content encryption. Communication patterns reveal as much as the messages themselves.
Strategy documents do not defend networks. The systems Canada chooses to trust do.
To learn more about how trusted communications can support secure coordination and operational resilience, visit blackberry.com.
