National Economic Security Lists

Canada’s National Economic Security List: What It Means for Critical Infrastructure & How We Can Use It

On February 6, 2025, the Government of Canada released the Sensitive Technology List (STL)—the first in a series of national security-focused lists under the National Economic Security List (NESL) initiative. This marks a critical step in safeguarding Canada’s technological, economic, and infrastructure security, with additional lists on sensitive personal information and critical infrastructure expected to follow.

At NC-CIPSeR, we see this as a significant development in shaping national policies that directly intersect with critical infrastructure protection, security, and resilience (CIPSeR). But what does this initiative entail? How does it impact our work? And how can we leverage it to strengthen our understanding of emerging threats and vulnerabilities? How can we measure the effectiveness of these lists and how they are used?  How can we amplify and elevate this information so that it can be operationalized quickly and effectively?

What is the National Economic Security List (NESL)?

The NESL initiative is a government-led effort to identify and protect key assets that are vital to Canada’s national security. This framework is designed to guide policy, inform risk management strategies, and help public and private sectors mitigate economic and security threats.

The NESL consists of three key lists:

1. Sensitive Technology List (STL) (Published February 6, 2025)

The STL identifies eleven technology areas that the government considers sensitive due to their potential national security implications. These include:

• Advanced Digital Infrastructure (secure communications, AI-driven cybersecurity)
• Advanced Nuclear Generation Technology (including Small Modular Reactors (SMRs))
• Artificial Intelligence & Big Data (including Digital Twin technology!)
• Advanced Sensing & Surveillance (enhancing threat intelligence and infrastructure monitoring)
• Distributed Ledger Technology (DLT) (potential tool for secure data-sharing between OGDs)

Read the full STL here

2. Sensitive Personal Information List (Upcoming Release)

This list will define categories of sensitive personal information that, if misused, could threaten national security or personal privacy.

3. Critical Infrastructure List (Upcoming Release)

This anticipated list will identify key critical infrastructure sectors and assets that require protection, ensuring that security efforts are aligned with emerging threats, economic pressures, and geopolitical risks.

More on NESL.

How Does This Relate to NC-CIPSeR’s Work?  And are we on the right track?  Let’s calibrate.

As Canada’s National Centre for Critical Infrastructure Protection, Security, and Resilience (NC-CIPSeR), our focus is on safeguarding Canada’s critical infrastructure through research, innovation, collaboration and education. We have ongoing project in each area.  This includes ridentifying threats, vulnerabilities, and mitigation strategies for critical infrastructure across multiple sectors. The NESL—especially the upcoming Critical Infrastructure List—will be directly relevant to our work in several key ways:

1. Strengthening Threat Intelligence & Risk Assessments (Project CANVAS)

The STL’s inclusion of advanced sensing, AI, and DLT presents opportunities for enhanced threat detection and information-sharing models. These technologies could be integrated into Project CANVAS, NC-CIPSeR’s initiative to build a comprehensive, continuously updated threat and hazard intelligence platform that will fuel threat and risk assessments.  More on Project CANVAS.

2. Enhancing Security in the Energy Sector Task Force (SMRs & Energy Sector Task Force)

The inclusion of Advanced Nuclear Generation (including SMRs) aligns with our ongoing work through the Energy Sector Task Force and our partnership with Carleton University, government and industry. NC-CIPSeR has already been assessing risks, interdependencies, and policy challenges associated with SMRs, and the STL confirms that this remains a national priority. Our partnerships with Carleton University MIPIS program, where threat and risk assessments are being conducted on small modular nuclear reactors (SMR) installed on Canadian military bases in the three locations in the Arctic. Information sharing is a top priority and The Distributed Ledger Technology as a secure tool for data sharing is an area we will be diving in to, measuring it’s efficacy and writing about.

More on the Energy Sector Task Force

More on Energy Security and Resilience: SMR’s in the Arctic

3. Digital Twin Technology for Critical Infrastructure Protection

One of the biggest surprises in the AI & Big Data category was the inclusion of Digital Twin technology—an area we’ve been actively exploring! NC-CIPSeR is currently collaborating on a white paper with Dr. Stephen Fai and CIMS at Carleton University on how Digital Twins can enhance resilience and security in infrastructure planning. This validation from the STL could open new opportunities for collaboration and funding in this space.

More on our collaboration with Carleton Immersive Media Studio Digital Twin project.

More on Imagining Canada’s Digital Twin.

4. Future Applications in NC-CIPSeR’s Risk Models & Training Programs

As additional lists are published—especially the Critical Infrastructure List—we expect this information to be integrated into our risk models, research, and training programs. Our upcoming NC-CIPSeR training certificate on CI protection could incorporate findings from the NESL to ensure practitioners are aligned with national security priorities.

We are on the right track. Our partnerships with government, industry and academia are clearly guiding us in the right direction.

Questions to Consider

Where exactly has the $67.3M in funding allocated in 2019 been invested? Have we seen measurable improvements in national security?  Why has it taken 5+ years to develop one list?

How will the upcoming Critical Infrastructure List align with existing CIP frameworks (such as Canada’s National Risk Profile & Bill C-26)?

Could Distributed Ledger Technology (DLT) offer a viable framework for secure, real-time data sharing between OGDs and CI stakeholders?

How do we ensure that research and development in sensitive technologies are protected while still fostering innovation and economic growth?

What’s Next?

With the STL now published and the remaining NESL lists forthcoming, NC-CIPSeR will be actively tracking these developments and integrating them into our research, policy recommendations, and training efforts.

We encourage researchers, policymakers, and industry leaders to engage in this discussion. How do you see the NESL shaping Canada’s approach to critical infrastructure protection, security and resilience? What opportunities and challenges does it present?

Let’s start the conversation. Reach out to collaborate!

Check out our LinkedIN post on this topic.Canada’s New Sensitive Technology List & Its Critical Infrastructure Implications

#CriticalInfrastructure #NationalSecurity #SensitiveTechnology #CyberResilience #EconomicSecurity #ThreatIntelligence #NC_CIPSeR

Image is a screenshot from the website: https://www.canada.ca/en/services/defence/nationalsecurity/sensitive-technology-list.html