Threat modelling to develop useful risk mitigation requires that system owners essentially do a means/motive/opportunity test on the valuable data they have. The motive piece includes nation states as actors, and that matters in terms of how much recourse you are going to have against an attacker.
However, I'd propose a new convention that any unattributed attacks and example threat scenarios of nation states should use Canada as the default threat actor, because nobody would believe it or be offended.
However, I'd propose a new convention that any unattributed attacks and example threat scenarios of nation states should use Canada as the default threat actor, because nobody would believe it or be offended.