SoVote

Decentralized Democracy

House Hansard - 139

44th Parl. 1st Sess.
December 1, 2022 10:00AM
Context: House Hansard - 139 - Dec/1/22
Mr. Kevin Lamoureux (Parliamentary Secretary to the Leader of the Government in the House of Commons, Lib.)
  • Dec/1/22 3:42:09 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, within the legislation there is consideration given to how financial penalties would empower the minister to take strong action to ensure that providers are keeping up with what they need to keep up with. My question to the member is this. Would he agree that when we take a look at the issue of cyber-attacks, they are not something unique to Canada? It is happening around the world. We are working with allied countries and others. This is one part. It does not stop here. There is a need to continue, as we have for the last number of years, investing tens of millions of dollars and putting people to the task of protecting us against cyber-threats. Could the member just provide his thoughts in terms of the broader picture of cyber-threats?
137 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ziad Aboultaif
  • Dec/1/22 3:43:10 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I will answer the end of the question and go back to the beginning of what the hon. member asked. We are still not there in terms of assessing our preparedness and our cybersecurity position. I do not know if we have enough understanding of those challenges, what our position is and how prepared we are. That is a very important task for the government. As far as financial penalties on businesses, I mentioned in my speech that such things could put some businesses into bankruptcy, because they would not be able to afford the services that would provide the protection needed for them not to end up in such a disastrous situation. Therefore, a balance is needed, and this has to be done by working together with the industry. If we are truly prepared, the financial penalties should be less, because the government should have done more in the last seven years, or even the years before that, in terms of looking to the future. It all remains in the hands of the government that is putting this bill forward. We hope to get some answers.
189 words
  • Hear!
  • Rabble!
  • star_border
Ms. Heather McPherson (Edmonton Strathcona, NDP)
  • Dec/1/22 3:44:26 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, that was a very interesting intervention. I am not a specialist in cybersecurity, so I am finding this debate very informative. I guess one of the questions I have is about how we balance the need for cybersecurity with the need for transparency. That is really what the big question is for this. How do we make it effective but also adhere to the Canadian values of transparency, human rights and whatnot? I wonder if the member has anything to say about the fact—
87 words
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Alexandra Mendès)
  • Dec/1/22 3:44:54 p.m.
  • Watch
I have an hon. member with a point of order, and I think I know what the hon. member is going to say. The hon. member asking the question does not have her headset, and we do not allow members to speak without a headset. That is on me, with my apologies. I will have to interrupt the hon. member right now and give the hon. member for Timmins—James Bay a very short question, please.
77 words
  • Hear!
  • Rabble!
  • star_border
Mr. Charlie Angus (Timmins—James Bay, NDP)
  • Dec/1/22 3:45:21 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, cyber-threats are not new. In 2011, Canada's two main financial centres in government, Finance and the Treasury Board, were pushed off-line for days by hacks from Chinese operators, yet the Harper government did nothing about that. It did not want to talk about it because it was busy selling off sections of the oil sands and Nexen to Chinese state-owned operators and then signing a free trade deal with China, the deal that would allow it to take on Canada outside of the court system. I find it kind of special that the Conservatives are suddenly concerned about cybercrime now, when they did nothing to take on China's state threats to Canada under Harper.
121 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ziad Aboultaif
  • Dec/1/22 3:46:03 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, the NDP member always wants to politicize things. This is a very serious issue, and there is not one party that is more serious about this than others. I wish he had stayed within the non-partisan notion of this bill. Let us talk about facts. Let us talk about logic and stop the attacks.
57 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Turnbull (Whitby, Lib.)
  • Dec/1/22 3:46:33 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, before I begin, I will just say that I will be splitting my time with the member for Kingston and the Islands. It is an honour to rise today in the House to debate the second reading of Bill C-26, an act respecting cybersecurity. To me, cybersecurity is essential, and it certainly relates directly to our national security. When we consider the challenges and opportunities we face in this field, the theme of collaboration underpins and needs to underpin all that we do. The prevalence of cybercrime in an increasingly online world, improving cyber-defence posture in an unstable global environment, deep thinking about what the future holds in a world where innovation and change are exponential, a critical look at whether our policies and laws are up to the task, and the protection of content and intellectual property as data becomes one of the world's most precious resources: These are just some of the reflections that we have to have when considering this bill. In Canada, being online and connected is essential. Now, more than ever, Canadians rely on the Internet for their daily lives. It is about more than just conducting business and paying bills. It is also about staying connected with loved ones across the country and around the world. We should be able to do all these activities safely and securely. I would like to offer a few words about what we are doing here in Canada to get that balance right, and I would like to reinforce the importance of our commitment to protecting the cyber systems that underpin our critical infrastructure. We can take the emergence of new technologies, such as 5G, as one clear reason we need to redouble our efforts. We think about our increased reliance on technology in light of the COVID-19 pandemic. We think about international tensions amidst Russia’s unprovoked and unjustified ongoing invasion of Ukraine, with threats ranging from supply chain disruptions to state and non-state malicious cyber-activity. Through all of these remarkable events, the government has been working tirelessly to keep Canadians safe. We recognize that, now more than ever, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security. It underpins the delivery of critical services, such as energy production, financial transactions, safe transportation and emergency communications. As part of his mandate, bestowed by Prime Minister Trudeau, the Minister of Public Safety is seized with the opportunity and challenge of developing a renewed national—
424 words
All Topics
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Alexandra Mendès)
  • Dec/1/22 3:49:31 p.m.
  • Watch
The hon. member for Battle River—Crowfoot is rising on a point of order.
15 words
  • Hear!
  • Rabble!
  • star_border
Mr. Damien Kurek
  • Dec/1/22 3:49:35 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, as was pointed out by the parliamentary secretary to the government House leader yesterday, the use of the Prime Minister's name is not an accepted practice of this place.
32 words
All Topics
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Alexandra Mendès)
  • Dec/1/22 3:49:47 p.m.
  • Watch
The hon. member is correct. We do not use the names of current members of Parliament.
16 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Turnbull
  • Dec/1/22 3:49:54 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, as part of the mandate bestowed upon him by the Prime Minister, the Minister of Public Safety is seized with the opportunity and challenge of developing a renewed cybersecurity strategy. We need to make sure we articulate Canada’s long-term plan to protect our national security and economy, deter cyber-threat actors, and promote norms-based international behaviour in cyberspace. The Government of Canada is working to enhance the cybersecurity of the country’s critical infrastructure. The work to identify cyber-threats and vulnerabilities, and to respond to cyber-incidents, is around the clock and ongoing. Unfortunately, we have seen that malicious actors continue to attempt to take advantage of the current environment to exploit certain sectors. I would like to use one example that is relevant for my riding and the region I come from. My riding is the riding of Whitby, and Durham District School Board is the public school board in our area. On Friday, November 25, just very recently, there was a cyber-incident at the Durham District School Board. It resulted in online classes being cancelled. They were forced to postpone scheduled literacy tests. They have had phone lines down and email service down. They even do not have access to emergency contacts, and they are trying to limit this incident so it does not impact payroll for the over 14,000 Durham District School Board employees. There are 75,000 students who go to school across our region. They have notified police of the attack. Their investigation is said to be very complex and time consuming, and they will be assessing the privacy impacts, but we can just imagine how this has impacted students and employees at Durham District School Board. This is a really serious topic. I think we all need to give it the weight it deserves, and this legislation is trying to ensure we do our utmost to protect against these cyber-threats in the future. However, we are not starting from scratch to tackle these threats. Since 2018, the Government of Canada has invested a total of approximately $4.8 billion in cybersecurity. Through the national cybersecurity strategy, the Government of Canada would be taking decisive action to strengthen Canada’s defence, preparedness and enforcement against cyber-threats. The strategy was paired with the largest investment in cybersecurity ever made by the Government of Canada, totalling close to $800 million in the 2018 and 2019 federal budgets. In the 2021 budget, the government allocated an additional $791 million to improve and defend cyber-networks, enhance data collection and protect taxpayer information, and in the 2022 budget, another $852.9 million was committed to enhance the Communications Security Establishment and its ability to conduct cyber-operations, make critical government systems more resilient, and prevent and respond to cyber-incidents on critical infrastructure. Under the strategy, two flagship organizations were established. One is the Canadian centre for cybersecurity, otherwise known as the cyber centre, under CSE, and the other is the national cybercrime coordination centre under the RCMP. The cyber centre is a single, unified team of government cybersecurity technical experts. The centre is the definitive source of unique technical advice, guidance, services, messaging and support on cybersecurity operational matters for government, critical infrastructure owners and operators, the private sector, and the Canadian public. The NC3 coordinates Canadian police operations against cybercriminals and established a national mechanism for Canadians and businesses to report cybercrime to police. In the example I mentioned in my riding of the Durham District School Board, it would report the cybercrime to the local police, and that would go up through NC3 as well. Public Safety Canada’s Canadian cybersecurity tool also helps owners and operators of Canada’s critical infrastructure to evaluate their cyber-maturity against established benchmarks and by peer comparison. It offers concrete guidance on how they can become more cyber-resilient. Public Safety Canada also coordinates and delivers cyber-based exercises for the critical infrastructure community to test and develop capabilities to respond to and recover from malicious cyber-activities. More broadly, the department, as the federal lead on cybersecurity policy, promotes communication and collaboration to raise awareness of cyber-threats and risks, including with our international partners. Public Safety Canada works closely with the Communications Security Establishment’s Canadian centre for cybersecurity to enhance the resilience of critical infrastructure in Canada. The cyber centre, in addition to providing public advisories, shares valuable cyber-threat information with Canadian critical infrastructure owners and operators. Today I am very proud to say that we can begin to debate a new piece of legislation to further strengthen what we have built as a government. Today we are debating Bill C-26 for the second reading, and this legislation's objective is twofold. The first part proposes to make amendments to the Telecommunications Act, which include adding security as a policy objective, adding implementation authorities and bringing the telecommunications sector in line with other critical infrastructure sectors. This would allow the government, when necessary, to mandate any action necessary to secure Canada’s telecommunications system, including its 5G networks. This would include authority to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers. The second part introduces the critical cyber systems protection act, or CCSPA. This new act would require designated operators in the federally regulated sectors of finance, telecommunications, energy and transportation to take specific actions to protect their critical cyber-systems, and it would support organizations' ability to prevent and recover from a wide range of malicious cyber-activities, including malicious electronic espionage and ransomware.
944 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Denis Trudel (Longueuil—Saint-Hubert, BQ)
  • Dec/1/22 3:57:17 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I am not a cybersecurity expert either. A few weeks ago, I attended a demonstration in Montreal with 10,000 people to support the people who are fighting for their freedom in Iran, which, as we know, is not a democratic state. I have also strongly supported people from the Uighur community, who I have met with many times here in Ottawa. We know that they are facing genocide in China. The small white square that I am wearing is a sign of support for people who, at this time, are rising up against the health measures in China, as well as the people in Russia who are protesting against the war in Ukraine. I want to know if there are concrete measures in Bill C‑26 that would prevent Iran, China and Russia from carrying out cyber-attacks on social networks and, for example, hacking my account and interfering in my life as an MP? I would like my colleague to clarify that.
167 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Turnbull
  • Dec/1/22 3:58:14 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I share the member opposite's ethical concerns with other state-sponsored actors, disinformation and ensuring that our cyber-infrastructure and our lives as MPs are also protected from the attacks and incidents that are too often affecting some of our institutions and even us, as individuals. This bill really looks to strengthen the work the government has been doing year over year to invest in protections against cyber-attacks in our critical infrastructure and to ensure that we are enhancing those tools and investments, and leveraging them to the best degree possible to protect against the kinds of threats the member opposite identified.
106 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. Damien Kurek (Battle River—Crowfoot, CPC)
  • Dec/1/22 3:59:05 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, cybersecurity cannot be underestimated in its importance, especially in the world in which we live. One of the concerns that has been highlighted to me, as I listened to security experts surrounding this issue, is how far behind Canada is in taking action on cybersecurity, whether that be the decision regarding Huawei, or how Canada lags behind its Five Eyes partners. Taking action is essential in ensuring that we are on the same playing field. I am wondering if the member from the government would be willing to expand as to why, after years of being in government, this is only now being debated in the House of Commons.
111 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Turnbull
  • Dec/1/22 3:59:49 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I am not really sure how we get these types of critical remarks coming from the opposite side of the House given that in my speech I gave very tangible examples of two agencies that have been set up and some pretty significant investments that have been made since 2018. The $4.8 billion for cybersecurity is no small amount. We are making investments and setting up the systems and tools. I have been briefed, as a member of the procedure and House affairs committee, on our House of Commons cyber-infrastructure and cybersecurity. Although those briefings were in camera, I know full well that very strong and resilient systems have been set up to identify and neutralize threats ahead of time to ensure our critical infrastructure in the House of Commons is protected. I think that extends right across Canada with the work that our government has been doing.
152 words
  • Hear!
  • Rabble!
  • star_border
Ms. Heather McPherson (Edmonton Strathcona, NDP)
  • Dec/1/22 4:01:01 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I want to take a moment to apologize to the interpreters for when I completely forgot my headset previously. I am not feeling my best, and I am obviously not on my game. I want to thank my colleague for his intervention today. It was very interesting. I agree with my colleagues from the Conservative Party that we are very late to the game, but I think it is vital that we get it right. It is just so important that we do that balance. One of the concerns we are hearing from the stakeholders we have spoken to is that this bill has orders that will be exempt from the Statutory Instruments Act. Therefore, it would be unable to be reviewed under scrutiny at the regulations committee. Could the member speak to why the government made that decision?
141 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Turnbull
  • Dec/1/22 4:01:47 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, as I am not sure of the specific details the member opposite is referring to in her question, I would have to say, in good faith, that I will get back to her on that after doing a bit more research on why that decision was made. What I can tell her is that the key provisions in this act really do further the overall objectives of protecting our critical infrastructure. It specifically adds to the Telecommunications Act the objective of the “promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to”—
106 words
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Alexandra Mendès)
  • Dec/1/22 4:02:33 p.m.
  • Watch
I must interrupt the hon. member. We are way over time. Resuming debate, the hon. parliamentary secretary to the government House leader, Senate, has the floor.
26 words
  • Hear!
  • Rabble!
  • star_border
Mr. Mark Gerretsen (Parliamentary Secretary to the Leader of the Government in the House of Commons (Senate), Lib.)
  • Dec/1/22 4:02:41 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I thank the member for Whitby for sharing his time with me. It is very important that we talk about such an important piece of legislation that has been brought forward, Bill C-26. The reality is that the changes in technology are happening so incredibly quickly. At times, it seems a daunting task to keep up with them and to make sure that we are always ahead of those actors out there, whether state or non-state, who are trying to engage in activities that could seriously cripple our economy or other aspects of society in Canada. It seems as though it was just yesterday that we did not have the Internet. I remember vividly when I signed up for my first Internet connection, a dial-up connection, and having access to the Internet. That was when I was a computer engineering student at a local college in Kingston back in 1995 or 1996. Downloading something as simple as a single image sometimes would take two or three minutes to get the full image on the screen. Mr. Philip Lawrence: What did you download? Mr. Mark Gerretsen: Madam Speaker, it was not an image of the member opposite who is asking. The point here is that things are evolving so quickly, and we have come so far in such a short period of time in terms of our ability to utilize, perfect and, for lack of a better term, exploit everything that the Internet has to offer. We have seen it change commerce. We have seen it change how we engage with each other. We have seen it change just about every aspect of our lives. Unfortunately, with that comes new opportunity for people to try to affect what we do in our day-to-day lives. They are trying new forms of fraud, theft, harassment, intimidation and influencing elections, which are all nefarious manners in which people are trying to now utilize the Internet. Of course, cybersecurity is a huge part of any government operation now, and every government should be seized with doing everything it can to secure it, because when we think about it, everything is connected. There could be a cyber-attack on a utility company, on a functioning parliament, a democracy. There could be an attack on just about every aspect of our lives, and it is critical that we have legislation in place to ensure that we can properly safeguard those things. I have heard individuals in the House, and in the last two questions, one from the Conservatives and one from the NDP, suggesting that this is taking way too long and that we are behind other countries. I would caution members on that and suggest that it is not entirely accurate. For example, the United Kingdom has a very similar bill to this one that is being studied right now by its members of Parliament, a Conservative government, I might add. They are going through the exact same process as we are now. I think it is always easy to say, and it is one of the things we hear quite a bit from opposition parties, why is this taking so long? I have my own opinion on why things take so long in this House, but the reality is that I do not believe we are significantly trailing behind other countries. Yes, some countries have done more than us. I am not going to disagree with that, but I disagree that we are significantly behind. I will come back to the United Kingdom where a Conservative government has introduced a very similar piece of legislation to what we have. This brings me to the legislation that we are debating today. This bill has two primary parts to it. The first part would amend the Telecommunications Act to add the objective of the promotion of cybersecurity of the Canadian telecommunications system to Canadian telecommunications policy. It also authorizes the Governor in Council and the Minister of Industry to direct telecommunications service providers to secure the Canadian telecommunications system. I think that is incredibly important. In this process, we have to remember that a huge part of what we need to do is work with private partners and the various telecommunications services that are out there. We need, from a policy or government perspective, to put in place some of the things that they need to do. The reality is that in a competitive business environment where various different telecommunications companies are fighting to be more competitive and more efficient to maximize profit, which we all appreciate is important in the capitalist environment we live in, we have to respect the fact that in order to ensure that some of these safeguards are in place, we are going to need to make sure that the legislation is there to make sure companies are doing what they need to be doing to create those safeguards. Otherwise, it might not happen to the degree it needs to because of the nature of the competitive environment they are in. The other aspect of this bill is that it enacts the critical cyber systems protection act to provide a framework for the protection of critical cyber systems that are vital to national security and public safety. Of course, this is key because this is what everything else is built on in terms of our national security and the systems that we have. We need to make sure we can properly safeguard those. In that regard, it authorizes the Governor in Council to designate any service or system as a vital service or vital system. Just think about that. When I was in college studying computer engineering and I went to get my first dial-up connection, who would have thought that a mere 25 years later we would be talking about designating some of these services as being vital to national security or public safety? The reality is that is where we are now. As we rely so heavily on these systems, we rely so heavily on ensuring that we have the systems in place that we do in order to protect our security as it relates to cyber-threats. I appreciate the opportunity to talk about this very important piece of legislation. I get the sense it is being widely supported in the House. I hope we can move this along so we can get to the next steps, continue to move forward and get what we need into place in order to properly protect our cyber systems from a security perspective.
1099 words
All Topics
  • Hear!
  • Rabble!
  • star_border
Mr. René Villemure (Trois-Rivières, BQ)
  • Dec/1/22 4:10:56 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I thank my colleague from Kingston and the Islands for his speech, which was informative as always. However, I would like to know how this bill will enhance public trust in the Internet. What mechanism in Bill C‑26 will help guarantee public trust?
47 words
All Topics
  • Hear!
  • Rabble!
  • star_border