The concern that I and my colleagues have written about in the past is that there does seem to be an ongoing incoherence to the way that Canada has developed its cybersecurity strategy.
I would note that, while there is a federal policy, it is somewhat out of date, and the instrumentalization of that policy has not seen the light of day, so if it exists, it's not public to date.