This article first appeared in The Wire Report on January 26, 2026
Despite integrated defence capabilities, the federal government should start viewing the White House as a potential source of digital interference, according to Charles Finlay from the Rogers Cybersecure Catalyst.
Charles Finlay has spent the last seven years partnering with businesses, advocacy groups, and governments on cybersecurity initiatives. As founding executive director of the non-profit Rogers Cybersecure Catalyst (https://cybersecurecatalyst.ca/) at Toronto Metropolitan University, Finlay wants Canadian organizations to be protected from digital risks created by rapidly-evolving technologies, such as artificial intelligence (AI).
Finlay recently spoke with The Wire Report for a wide-ranging interview about his concerns about large-scale AI adoption, Canada’s cybersecurity vulnerabilities, and his belief that one of the most pressing threats might be right next door.
Your organization’s goal is to promote cybersecurity within Canada and around the globe. With that in mind, what are the major issues you’re currently focused on?
There’s a couple of key areas. First, we’re focused on defence and supporting a buildout of the Canadian defence sector as it relates to cyber. Cyber is another theatre of conflict, just like the oceans, air or the ground, and Canada must have significant capacity in cybersecurity as part of its new defence capacity development.
So, we have two major challenges. How do we build a world-class cybersecurity defence capacity in Canada? And, how do we protect—from a defence perspective—our critical infrastructure? That’s a really important area of work for the country.
On that front, is there work to be done? The Wire Report recently published a story on whether Canada’s warming relationship with China could have an effect on the government’s 5G ban on Huawei.
Most security experts we spoke to suggested the ban should remain in place, but is that something you believe should be revisited?
China still presents a significant security risk to Canada, and nothing that’s happened recently has changed that fact.
Based on what we know, China is still keen on influencing Canada’s internal political dynamics and it’s keen on influencing and intimidating Chinese dissidents who are living in Canada. So, no, I don’t think the current geopolitical environment calls for a reduction in vigilance in respect to China from a security perspective.
However, what it does call for is an increase in economic activity with China. We are facing a very serious economic and political crisis in Canada, and the prime minister was absolutely right to increase our economic ties with China, but I think we can do that while remaining vigilant to security risks.
Now, one thing that I think is really important is that we now have to think about the United States as a cybersecurity risk.
That’s interesting, especially given our discussion on the importance of defence. Many of Canada’s defence capabilities are integrated with the U.S. under the North American Aerospace Defense Command (NORAD).
Does that need to change?
In my view, yes. The position that senior security officials are taking is a careful one regarding the Canada-U.S. relationship because, from a security perspective, it’s very intertwined and interconnected.
I appreciate the position those security officials are taking in terms of their caution about disrupting a longstanding and mutually beneficial relationship. But, in my view, those days are over and there’s really important work that needs to be done to ensure that Canadian infrastructure and the Canadian information environment is safe from U.S. interference.
I’m particularly worried about upcoming referendums. When you look at where the current U.S. administration would look to potentially weaken Canadian sovereignty, it could be influencing the information environments, particularly in Quebec and Alberta, in the lead up to potential referendums in the coming years.
I think that’s a very dangerous situation.
Along with defence, is there anything else you’re keeping an eye on?
I think AI is the other one. We will have the federal government’s AI strategy pretty soon, we are going to see the labour market impacts, and we are going to see security vulnerabilities.
I’m really concerned about the very rapid adoption of AI by small- and medium-sized businesses because we’ve seen this movie before. We had the internet of things in the early 2020s, which is this idea that every physical thing can be connected to the internet, and data flows can drive efficiencies.
We saw the adoption of the internet of things and the integration of sensors across physical platforms, and it created a huge new attack surface for hackers, which caused a lot of problems because it wasn’t done carefully.
What we’re seeing now is a similar rush to adopt AI technologies without first assessing security concerns. There’s no question AI technologies need to be adopted because Canadian businesses of all sizes need to leverage those technologies, but it needs to be done safely.
Are there any vulnerabilities you’re particularly worried about? When you talk about AI-related security concerns, are you referring to existential threats or more local issues?
I’m more concerned in the intermediate term about data privacy. I’m concerned about workplace environments and LLM [large language model] exploitation by bad actors. I’m also concerned about cyberattacks using AI vulnerabilities, so it’s much more practical and pragmatic.
I’m concerned about the small business that’s pumping customer data into a large language model without properly considering data privacy. I’m concerned about prompt injections into LLMs by bad actors that can reveal private information and lead to major privacy breaches.
And, I’m not worried about the bigger companies or the banks or the telcos. I’m worried about the small- and medium-sized businesses.
Some stakeholders have criticized the federal government and Artificial Intelligence Minister Evan Solomon for enthusiastically promoting a scale-up of AI technologies without appropriately addressing the risks you’ve outlined. Do you think that’s a fair assessment?
These things go hand-in-hand. I don’t think there’s necessarily a problem with being enthusiastic about AI. Canada needs to innovate and adopt new technologies. That’s crystal clear.
I just think we need to do this with a view of doing it smartly and securely at the same time. That doesn’t necessarily have to slow us down, but we need to do this in a way that makes sense so that we don’t disrupt the economy we’re trying to build.
I’m sympathetic with the government’s posture and I appreciate the energy, I would just add the corollary that, as we do this, let’s do it safely.