44th Parl. 1st Sess.
December 1, 2022 10:00AM
moved that Bill C-26, An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts, be read the second time and referred to a committee.
He said: Mr. Speaker, it is an honour to help kick off second reading debate of Bill C-26, an act respecting cybersecurity. I know this chamber has been anxiously awaiting the chance to advance discourse on this important legislation.
I will begin by saying that cybersecurity is national security. We need to make sure that our defences meet all of the challenges that are reflected today, and we need to make sure that both the public sector and the private sector are able to better protect themselves against malicious cyber-activity, including cyber-attacks. It is about defending Canada and the critical infrastructure we rely on, and we know that this will not be the last we hear of this issue.
What we decide now in the cybersecurity realm will help us form a launching pad for the way forward, because we know that our actions in the cybersphere are always a work in progress. We know that meeting the moment means that our actions must continually, effectively and safely provide a foundation for the way Canadians thrive in the 21st century.
Being online and connected is essential to all Canadians. Now, more than ever, Canadians rely on the Internet for their daily lives. It is about more than just conducting business and paying bills. It is also about staying in touch and connected with loved one from coast to coast to coast and indeed around the world. Our critical infrastructure is becoming increasingly interconnected, interdependent and integrated with cyber systems, particularly with the emergency of new technologies such as 5G, which will operate at significantly higher speeds and will provide greater versatility, capability and complexity than previous generations.
These technologies certainly create significant economic benefits and opportunities, but they also bring with them new security vulnerabilities that some may be tempted to prey on.
The COVID-19 pandemic showed how important it is for Canadians to have secure and reliable connectivity. The government is determined to boost security for Canada's cyberfuture.
We also know about the inherent threats to our safety and security. Cyber-threats remain a significant national and economic security issue that can threaten that safety. The Canadian centre for cybersecurity's “National Cyber Threat Assessment 2023-2024” found this:
State-sponsored and financially motivated cyber threat activity is increasingly likely to affect Canadians....
Cybercriminals exploit critical infrastructure because downtime can be harmful to their industrial processes and the customers they serve. State-sponsored actors target critical infrastructure to collect information through espionage, to pre-position in case of future hostilities, and as a form of power projection and intimidation.
These activities will not cease. Malicious actors could take advantage of increased connectivity to trigger malicious events that could also potentially have severe effects on our public safety and national security.
Large corporations and critical infrastructure providers are targeted by actors probing for vulnerabilities and opportunities for penetration, theft and ransomware attacks.
Like its allies, Canada has made efforts to address these vulnerabilities and to ensure the security of Canadians and Canadian businesses.
Canada has long recognized the importance of securing our cyber systems. In 2013, Canada established a collaborative risk mitigation framework, the Communications Security Establishment's security review program. This program has helped to mitigate risks stemming from designated equipment and services under consideration for use in Canadian 3G, 4G and LTE telecommunications networks.
Furthermore, consultations with Canadians in 2016 informed the 2018 national cybersecurity strategy. This strategy established a framework to guide the Government of Canada in helping to protect citizens and businesses from cyber-threats and to take advantage of the economic opportunities afforded by digital technology.
In 2019, the government paid $144.9 million to develop a framework for the protection of critical cyber systems.
In 2021, the government completed its interdepartmental review of 5G telecommunications security. The findings included a recommendation to work with the industry on moving forward with the current risk mitigation framework for the products and services intended for Canadian telecommunications networks.
All this work done over many years to address these known problems and to improve Canada's cybersecurity posture, including with 5G technology, brings us to the bill before us today.
The objectives of Bill C-26 are twofold. One, it proposes to amend the Telecommunications Act to add security, expressly as a policy objective. This would bring the telecommunications sector in line with other critical infrastructure sectors.
The changes to the legislation would authorize the Governor in Council and the Minister of Innovation, Science and Industry to establish and implement, after consulting with the stakeholders, the policy statement entitled “Securing Canada’s Telecommunications System”, which I announced on May19, 2022, together with my colleague, the Minister of Innovation, Science and Industry.
As we announced at the time, the intent is to prohibit the use of products and services by two high-risk suppliers and their affiliates. This would allow the government, when necessary, to prohibit Canadian telecommunications service providers from using products or services from high-risk suppliers, meaning these risks would not be passed on to users. It would allow the government to take security-related measures, much like other federal regulators do in their respective critical infrastructure sectors.
The second part of Bill C-26 introduces the new critical cyber systems protection act, or CCSPA. This new act would require designated operators in the federally regulated sectors of finance, telecommunications, energy and transportation to protect their critical cyber systems. To this end, designated operators would be obligated to establish a cybersecurity program, mitigate supply chain third party services or product risks, report cybersecurity incidents to the cyber centre and, finally, implement cybersecurity directions.
It would include the ability to take action on other vulnerabilities, such as human error or storms that can cause a risk of outages to these critical services. Once implemented, it would support organizations' abilities to prevent and recover from a wide range of malicious cyber-activities, including cyber-attacks, electronic espionage and ransomware.
The rollout of 5G technology in Canada is well under way. This technology will allow Canadians to move more data faster. It will bring benefits for Canadians and our economy, but with these benefits comes increased risk. Canada's updated framework, established in part 1, aligns with actions taken by our Five Eyes partners, particularly in the United Kingdom. I will add that I recently met with our counterparts in Washington, D.C., not too long ago.
It would allow Canada to take action against threats to the security of our telecommunications sector if necessary. Legislative measures would provide the government with a clear and explicit legal authority to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers, such as Huawei and ZTE, if required and after consultation.
Once these amendments receive royal assent, the government will be in a position to apply these new order-making powers to the Telecommunications Act.
The CCSPA established in part 2 is also consistent with critical infrastructure cybersecurity legislation established by our Five Eyes partners and would provide a consistent cross-sectoral approach to cybersecurity for Canadian critical infrastructure.
Designated operators would be required to protect their critical cyber systems through the establishment of a cybersecurity program and to mitigate any cybersecurity risks associated with supply chain or third party products and services.
Cyber-incidents involve a certain threshold that would be required to be reported, and legislation would give the government a new tool to compel action, if necessary, in response to cybersecurity threats or vulnerabilities. Both parts 1 and 2 of Bill C-26 are required to ensure the cybersecurity of Canada's federally regulated critical infrastructure and, in turn, protect Canadians and Canadian businesses.
Overall, Bill C-26 demonstrates the government's commitment to increasing the cybersecurity baseline across Canada and to help ensure the national security and public safety of all Canadians.
Cybersecurity is also essential in the context of our economic recovery after the COVID‑19 pandemic. In our increasingly connected world, we must implement the measures required to guarantee the security of our data and ensure that data is not exploited by actors, state-sponsored or not, who constantly seek to exploit our systems.
Recovery from cybersecurity incidents is both costly and time-consuming. Accordingly, when it comes to improving cybersecurity, the interests of government and private industry are aligned. Nevertheless, an administrative monetary penalty scheme and offence provisions would be established within both parts of the bill to promote compliance with orders and regulations, where necessary.
All of the actions I highlighted today form a key part of our ongoing commitment to invest in cybersecurity, including to protect Canadians from cybercrime and to help defend critical private sector systems. Like our allies, Canada has been working to address these vulnerabilities to keep Canadians and Canadian businesses safe. However, we have to be sure that we are ready for the threats that lie on the landscape.
For example, unlike laws governing other critical infrastructure sectors, the Telecommunications Act does not include any official legislative authority to advance the security of Canada's telecommunications system. Despite the existence of multiple programs and platforms enabling public and private collaboration in the telecommunications sector, participation is voluntary.
In addition, across Canada's highly interconnected and interdependent critical infrastructure sectors, there are varying levels of cybersecurity preparedness and no requirement to share information on cyber-incidents currently. Moreover, the government has no legal mechanism to compel action to protect these systems at this time. These are important gaps that the legislation introduced today seeks to address. That is why the government is establishing a strong and modern cybersecurity framework to keep pace with the evolving threats in our environment.
In short, the legislation would form the foundation for securing Canada's critical infrastructure against fast-evolving cyber-threats while spurring growth and innovation to support our economy. Cyber systems are understandably complex and increasingly interdependent with other critical infrastructure. This means the consequences of security breaches are far-reaching. It is also the reason that a consistent, cross-sectoral approach to cybersecurity is built into this legislation.
Bill C-21, which we have tabled and are now debating, would protect Canadians and the cyber systems they depend on well into the future. Significantly, this legislation can serve as a model for provinces, territories and municipalities to help secure critical infrastructure outside of federal jurisdiction. It is an essential addition to Canada's already robust arsenal, which is there to protect us and our economy against cyber-threats. It would allow us to continue taking even stronger action against threats to the security of our telecommunications sector and ensure Canada remains secure, competitive and connected.
I encourage all members to join me in supporting this landmark cybersecurity legislation, Bill C-26, today.
1839 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I would like to thank my colleague for her very important question.
The goal of Bill C-21 is to build a bridge, a collaborative effort between the government, critical infrastructure sectors and the private sector. We developed an approach that includes excellent lines of communication in order to effectively identify the cyber-threats to critical infrastructure that might jeopardize national security and the economy.
In answer to my colleague’s question, we will work with all federal regulators to create a system to protect all critical infrastructure sectors against all cyber-threats.
96 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, with all due respect for my colleague, I would like to point out that the government is always vigilant when it comes to any type of threat, including cyber-threats.
For example, in 2018, we created the national cyber security strategy. That is what I was talking about in my speech. The pillars of this strategy, which is used to respond to all risks, include resilient security systems, an innovative cyber ecosystem and Canadian leadership here and around the world.
We have taken concrete action to protect against the risks posed by certain actors that are not aligned with Canadian interests. We are now prepared to take the next step by introducing this bill to better protect our critical infrastructure. This excellent and effective measure will be implemented in collaboration with all federal regulators and the private sector.
140 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I look forward to collaborating with the hon. member and other parliamentarians on the debate of this important bill, including at committee stage. Without question, whenever the government takes decisive action to meet the threats posed in the realm of cybersecurity, there does need to be corresponding transparency and an articulation of the reasons we are taking that action.
He is quite right to underline that there would be new authorities contained in this bill. However, those new authorities we would propose to create are in direct response to the gaps that currently exist, as I outlined in my speech. We need to do both in lockstep: address the gaps posed on the landscape of national security in the context of cybersecurity but also be transparent about that.
I point out that there are independent bodies, for example NSICOP and NSIRA, so that where the government is taking steps that implicate national security, there can be accountability. This is the way we can achieve both objectives. It would ensure the confidence of all Canadians that this is an appropriate measure to seize the opportunities there, as well as to manage the risks manifested in our landscape.
198 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, this question allows me to highlight how Canada is co-operating with like-minded democracies around the world, both in the context of the Five Eyes relationship as well as the G7. I had a chance to meet with both counterparts very recently, one in Washington, D.C., and then, about two weeks ago, in Germany. It is without doubt that all the democracies within these multilateral forums are thinking very hard about how to manage threats in cyber, including ransomware, including the spread of disinformation and including the efforts of hostile actors to engage in cyber-espionage and the like.
The way we are advancing that collaboration is through information and intelligence sharing as much as possible, so that we can push back against efforts to attack our economies and to attack Canadian interests, etc.
Even as we present Bill C-26 for debate, to take decisive action here at home domestically by addressing the current gaps within our cyber-realm, we are also collaborating very robustly with partners around the world who are like-minded in managing these threats.
183 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I embrace the urgency of my hon. colleague's question. I also want to thank him for the legislative title correction. Obviously, I am managing a number of priorities, as he well knows.
There is no dispute that we need to advance this debate and to do so thoughtfully and deliberately and urgently. As he will know, we took very decisive action against the risks posed by Huawei and ZTE as they relate to 5G, 4G and 3G networks, and we are going to continue to be vigilant about them.
If he shares that sense of urgency in moving forward, he really ought to study the bill along with his colleagues in the Conservative Party and support it.
At the end of the day, this bill would address those gaps and potential vulnerabilities so that we can manage the risks and, at the same time, leverage the innovative opportunities that lie in wait when it comes to technology.
160 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
- Dec/1/22 2:20:53 p.m.
- Watch
Mr. Speaker, I want to reassure my colleague and the entire House that Bill C‑21 does not target hunters or gun owners. Bill C‑21 targets assault-style weapons like the ones that were used in Nova Scotia, Quebec City and Ontario. They caused a lot of deaths. That is exactly why we need to work together to protect all Canadians with policies that make sense.
69 words
- Hear!
- Rabble!
- add
- star_border
- share
- Dec/1/22 2:22:09 p.m.
- Watch
Mr. Speaker, I assure my colleague that we are going to work with the members of the Standing Committee on Public Safety with regard to this amendment, but, more important, our goal here is to target those assault-style rifles, those AR-15 style guns, which have been used in far too many casualties in Portapique, in Quebec and in Ontario, where most recently we saw two frontline police officers gunned down.
I do not know how anyone can look the families of the victims in the eye and say that we cannot do everything that is necessary to take these guns off our streets. These AR-15's have no place on our streets.
115 words
- Hear!
- Rabble!
- add
- star_border
- share
- Dec/1/22 2:23:30 p.m.
- Watch
Mr. Speaker, my hon. colleague from the Conservative Party can continue to spread disinformation, but I will tell members very clearly that on this side of the House we are targeting those AR-15 style guns that have been used in mass casualties. This is part of a broader plan, a plan that will actually eradicate gun violence.
He talks about supporting CBSA. This government put $138 million into the CBSA to stop illegal smuggling. What did the Conservatives do? They voted against that. That is wrong. They should support frontline law enforcement so we can stop illegal smuggling of guns at our borders.
104 words
- Hear!
- Rabble!
- add
- star_border
- share
- Dec/1/22 2:27:39 p.m.
- Watch
Mr. Speaker, our government takes all allegations of threats of foreign interference very seriously. That is why we established two panels to review all allegations. The panels confirmed the integrity of the 2019 and 2021 elections.
We will continue to provide all the tools that the national security community needs to protect our democratic institutions.
55 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
- Dec/1/22 2:28:55 p.m.
- Watch
Mr. Speaker, my colleague knows that we created an independent, non-partisan panel to examine all allegations of foreign interference and that the panel confirmed that the 2019 and 2021 elections were free, fair and just. That is why we will continue to protect our democratic institutions.
47 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
- Dec/1/22 2:47:04 p.m.
- Watch
Mr. Speaker, I completely agree with my colleague. We have a lot of respect for hunters.
However, the bill and all of the policies that have been introduced by the government target the criminal element and the assault-style weapons that have been used in tragedies across Canada.
That is why we need to reverse the position of the Conservatives, who still want to make assault-style weapons legal. That is wrong.
72 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I thank my colleague for the question. I agree with her. Hunting is not only a fine tradition, it is also an activity at the heart of many communities.
That is why the guns commonly used for hunting will still be allowed. We will make sure of it.
Bill C‑21 is about making our communities safer. Our government has been clear: Guns designed for war have no place in our communities.
75 words
- Hear!
- Rabble!
- add
- star_border
- share
- Dec/1/22 2:51:45 p.m.
- Watch
Mr. Speaker, I agree with my colleague that we need to take allegations of foreign interference very seriously. That is why we created independent, non-partisan panels to shine a light on the allegations of foreign interference, both of which confirmed that the elections in 2019 and 2021 were free and fair.
We will continue to shine a light on the tools, on the investments, that we are putting in our national security community to protect all our democratic institutions, including elections.
82 words
- Hear!
- Rabble!
- add
- star_border
- share
- Dec/1/22 2:55:58 p.m.
- Watch
Mr. Speaker, on this side of the House, we have put in place a number of measures to increase transparency about threats of foreign interference. For example, we have the National Security and Intelligence Committee of Parliamentarians and the National Security and Intelligence Review Agency, independent bodies that have issued two reports confirming that the 2019 and 2021 elections were free and fair. We will improve transparency because it is a value that protects our democratic institutions.
77 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
