SoVote

The Assistant Deputy Speaker (Mrs. Alexandra Mendès)

Dec/1/22 3:49:31 p.m.
Watch

The hon. member for Battle River—Crowfoot is rising on a point of order.

15 words

Dec/1/22 3:49:35 p.m.
Watch
Re: Bill C-26

Madam Speaker, as was pointed out by the parliamentary secretary to the government House leader yesterday, the use of the Prime Minister's name is not an accepted practice of this place.

32 words

All Topics

The Assistant Deputy Speaker (Mrs. Alexandra Mendès)

Dec/1/22 3:49:47 p.m.
Watch

The hon. member is correct. We do not use the names of current members of Parliament.

16 words

Mr. Ryan Turnbull

Dec/1/22 3:49:54 p.m.
Watch
Re: Bill C-26

Madam Speaker, as part of the mandate bestowed upon him by the Prime Minister, the Minister of Public Safety is seized with the opportunity and challenge of developing a renewed cybersecurity strategy. We need to make sure we articulate Canada’s long-term plan to protect our national security and economy, deter cyber-threat actors, and promote norms-based international behaviour in cyberspace. The Government of Canada is working to enhance the cybersecurity of the country’s critical infrastructure. The work to identify cyber-threats and vulnerabilities, and to respond to cyber-incidents, is around the clock and ongoing. Unfortunately, we have seen that malicious actors continue to attempt to take advantage of the current environment to exploit certain sectors. I would like to use one example that is relevant for my riding and the region I come from. My riding is the riding of Whitby, and Durham District School Board is the public school board in our area. On Friday, November 25, just very recently, there was a cyber-incident at the Durham District School Board. It resulted in online classes being cancelled. They were forced to postpone scheduled literacy tests. They have had phone lines down and email service down. They even do not have access to emergency contacts, and they are trying to limit this incident so it does not impact payroll for the over 14,000 Durham District School Board employees. There are 75,000 students who go to school across our region. They have notified police of the attack. Their investigation is said to be very complex and time consuming, and they will be assessing the privacy impacts, but we can just imagine how this has impacted students and employees at Durham District School Board. This is a really serious topic. I think we all need to give it the weight it deserves, and this legislation is trying to ensure we do our utmost to protect against these cyber-threats in the future. However, we are not starting from scratch to tackle these threats. Since 2018, the Government of Canada has invested a total of approximately $4.8 billion in cybersecurity. Through the national cybersecurity strategy, the Government of Canada would be taking decisive action to strengthen Canada’s defence, preparedness and enforcement against cyber-threats. The strategy was paired with the largest investment in cybersecurity ever made by the Government of Canada, totalling close to $800 million in the 2018 and 2019 federal budgets. In the 2021 budget, the government allocated an additional $791 million to improve and defend cyber-networks, enhance data collection and protect taxpayer information, and in the 2022 budget, another $852.9 million was committed to enhance the Communications Security Establishment and its ability to conduct cyber-operations, make critical government systems more resilient, and prevent and respond to cyber-incidents on critical infrastructure. Under the strategy, two flagship organizations were established. One is the Canadian centre for cybersecurity, otherwise known as the cyber centre, under CSE, and the other is the national cybercrime coordination centre under the RCMP. The cyber centre is a single, unified team of government cybersecurity technical experts. The centre is the definitive source of unique technical advice, guidance, services, messaging and support on cybersecurity operational matters for government, critical infrastructure owners and operators, the private sector, and the Canadian public. The NC3 coordinates Canadian police operations against cybercriminals and established a national mechanism for Canadians and businesses to report cybercrime to police. In the example I mentioned in my riding of the Durham District School Board, it would report the cybercrime to the local police, and that would go up through NC3 as well. Public Safety Canada’s Canadian cybersecurity tool also helps owners and operators of Canada’s critical infrastructure to evaluate their cyber-maturity against established benchmarks and by peer comparison. It offers concrete guidance on how they can become more cyber-resilient. Public Safety Canada also coordinates and delivers cyber-based exercises for the critical infrastructure community to test and develop capabilities to respond to and recover from malicious cyber-activities. More broadly, the department, as the federal lead on cybersecurity policy, promotes communication and collaboration to raise awareness of cyber-threats and risks, including with our international partners. Public Safety Canada works closely with the Communications Security Establishment’s Canadian centre for cybersecurity to enhance the resilience of critical infrastructure in Canada. The cyber centre, in addition to providing public advisories, shares valuable cyber-threat information with Canadian critical infrastructure owners and operators. Today I am very proud to say that we can begin to debate a new piece of legislation to further strengthen what we have built as a government. Today we are debating Bill C-26 for the second reading, and this legislation's objective is twofold. The first part proposes to make amendments to the Telecommunications Act, which include adding security as a policy objective, adding implementation authorities and bringing the telecommunications sector in line with other critical infrastructure sectors. This would allow the government, when necessary, to mandate any action necessary to secure Canada’s telecommunications system, including its 5G networks. This would include authority to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers. The second part introduces the critical cyber systems protection act, or CCSPA. This new act would require designated operators in the federally regulated sectors of finance, telecommunications, energy and transportation to take specific actions to protect their critical cyber-systems, and it would support organizations' ability to prevent and recover from a wide range of malicious cyber-activities, including malicious electronic espionage and ransomware.

944 words

All Topics

Mr. Denis Trudel (Longueuil—Saint-Hubert, BQ)

Dec/1/22 3:57:17 p.m.
Watch
Re: Bill C-26

Madam Speaker, I am not a cybersecurity expert either. A few weeks ago, I attended a demonstration in Montreal with 10,000 people to support the people who are fighting for their freedom in Iran, which, as we know, is not a democratic state. I have also strongly supported people from the Uighur community, who I have met with many times here in Ottawa. We know that they are facing genocide in China. The small white square that I am wearing is a sign of support for people who, at this time, are rising up against the health measures in China, as well as the people in Russia who are protesting against the war in Ukraine. I want to know if there are concrete measures in Bill C‑26 that would prevent Iran, China and Russia from carrying out cyber-attacks on social networks and, for example, hacking my account and interfering in my life as an MP? I would like my colleague to clarify that.

167 words

All Topics

Mr. Ryan Turnbull

Dec/1/22 3:58:14 p.m.
Watch
Re: Bill C-26

Madam Speaker, I share the member opposite's ethical concerns with other state-sponsored actors, disinformation and ensuring that our cyber-infrastructure and our lives as MPs are also protected from the attacks and incidents that are too often affecting some of our institutions and even us, as individuals. This bill really looks to strengthen the work the government has been doing year over year to invest in protections against cyber-attacks in our critical infrastructure and to ensure that we are enhancing those tools and investments, and leveraging them to the best degree possible to protect against the kinds of threats the member opposite identified.

106 words

All Topics

Mr. Damien Kurek (Battle River—Crowfoot, CPC)

Dec/1/22 3:59:05 p.m.
Watch
Re: Bill C-26

Madam Speaker, cybersecurity cannot be underestimated in its importance, especially in the world in which we live. One of the concerns that has been highlighted to me, as I listened to security experts surrounding this issue, is how far behind Canada is in taking action on cybersecurity, whether that be the decision regarding Huawei, or how Canada lags behind its Five Eyes partners. Taking action is essential in ensuring that we are on the same playing field. I am wondering if the member from the government would be willing to expand as to why, after years of being in government, this is only now being debated in the House of Commons.

111 words

Mr. Ryan Turnbull

Dec/1/22 3:59:49 p.m.
Watch
Re: Bill C-26

Madam Speaker, I am not really sure how we get these types of critical remarks coming from the opposite side of the House given that in my speech I gave very tangible examples of two agencies that have been set up and some pretty significant investments that have been made since 2018. The $4.8 billion for cybersecurity is no small amount. We are making investments and setting up the systems and tools. I have been briefed, as a member of the procedure and House affairs committee, on our House of Commons cyber-infrastructure and cybersecurity. Although those briefings were in camera, I know full well that very strong and resilient systems have been set up to identify and neutralize threats ahead of time to ensure our critical infrastructure in the House of Commons is protected. I think that extends right across Canada with the work that our government has been doing.

152 words

Ms. Heather McPherson (Edmonton Strathcona, NDP)

Dec/1/22 4:01:01 p.m.
Watch
Re: Bill C-26

Madam Speaker, I want to take a moment to apologize to the interpreters for when I completely forgot my headset previously. I am not feeling my best, and I am obviously not on my game. I want to thank my colleague for his intervention today. It was very interesting. I agree with my colleagues from the Conservative Party that we are very late to the game, but I think it is vital that we get it right. It is just so important that we do that balance. One of the concerns we are hearing from the stakeholders we have spoken to is that this bill has orders that will be exempt from the Statutory Instruments Act. Therefore, it would be unable to be reviewed under scrutiny at the regulations committee. Could the member speak to why the government made that decision?

141 words

Mr. Ryan Turnbull

Dec/1/22 4:01:47 p.m.
Watch
Re: Bill C-26

Madam Speaker, as I am not sure of the specific details the member opposite is referring to in her question, I would have to say, in good faith, that I will get back to her on that after doing a bit more research on why that decision was made. What I can tell her is that the key provisions in this act really do further the overall objectives of protecting our critical infrastructure. It specifically adds to the Telecommunications Act the objective of the “promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to”—

106 words

The Assistant Deputy Speaker (Mrs. Alexandra Mendès)

Dec/1/22 4:02:33 p.m.
Watch

I must interrupt the hon. member. We are way over time. Resuming debate, the hon. parliamentary secretary to the government House leader, Senate, has the floor.

26 words

Secretary

Mr. Mark Gerretsen (Parliamentary Secretary to the Leader of the Government in the House of Commons (Senate), Lib.)

Dec/1/22 4:02:41 p.m.
Watch
Re: Bill C-26

Madam Speaker, I thank the member for Whitby for sharing his time with me. It is very important that we talk about such an important piece of legislation that has been brought forward, Bill C-26. The reality is that the changes in technology are happening so incredibly quickly. At times, it seems a daunting task to keep up with them and to make sure that we are always ahead of those actors out there, whether state or non-state, who are trying to engage in activities that could seriously cripple our economy or other aspects of society in Canada. It seems as though it was just yesterday that we did not have the Internet. I remember vividly when I signed up for my first Internet connection, a dial-up connection, and having access to the Internet. That was when I was a computer engineering student at a local college in Kingston back in 1995 or 1996. Downloading something as simple as a single image sometimes would take two or three minutes to get the full image on the screen. Mr. Philip Lawrence: What did you download? Mr. Mark Gerretsen: Madam Speaker, it was not an image of the member opposite who is asking. The point here is that things are evolving so quickly, and we have come so far in such a short period of time in terms of our ability to utilize, perfect and, for lack of a better term, exploit everything that the Internet has to offer. We have seen it change commerce. We have seen it change how we engage with each other. We have seen it change just about every aspect of our lives. Unfortunately, with that comes new opportunity for people to try to affect what we do in our day-to-day lives. They are trying new forms of fraud, theft, harassment, intimidation and influencing elections, which are all nefarious manners in which people are trying to now utilize the Internet. Of course, cybersecurity is a huge part of any government operation now, and every government should be seized with doing everything it can to secure it, because when we think about it, everything is connected. There could be a cyber-attack on a utility company, on a functioning parliament, a democracy. There could be an attack on just about every aspect of our lives, and it is critical that we have legislation in place to ensure that we can properly safeguard those things. I have heard individuals in the House, and in the last two questions, one from the Conservatives and one from the NDP, suggesting that this is taking way too long and that we are behind other countries. I would caution members on that and suggest that it is not entirely accurate. For example, the United Kingdom has a very similar bill to this one that is being studied right now by its members of Parliament, a Conservative government, I might add. They are going through the exact same process as we are now. I think it is always easy to say, and it is one of the things we hear quite a bit from opposition parties, why is this taking so long? I have my own opinion on why things take so long in this House, but the reality is that I do not believe we are significantly trailing behind other countries. Yes, some countries have done more than us. I am not going to disagree with that, but I disagree that we are significantly behind. I will come back to the United Kingdom where a Conservative government has introduced a very similar piece of legislation to what we have. This brings me to the legislation that we are debating today. This bill has two primary parts to it. The first part would amend the Telecommunications Act to add the objective of the promotion of cybersecurity of the Canadian telecommunications system to Canadian telecommunications policy. It also authorizes the Governor in Council and the Minister of Industry to direct telecommunications service providers to secure the Canadian telecommunications system. I think that is incredibly important. In this process, we have to remember that a huge part of what we need to do is work with private partners and the various telecommunications services that are out there. We need, from a policy or government perspective, to put in place some of the things that they need to do. The reality is that in a competitive business environment where various different telecommunications companies are fighting to be more competitive and more efficient to maximize profit, which we all appreciate is important in the capitalist environment we live in, we have to respect the fact that in order to ensure that some of these safeguards are in place, we are going to need to make sure that the legislation is there to make sure companies are doing what they need to be doing to create those safeguards. Otherwise, it might not happen to the degree it needs to because of the nature of the competitive environment they are in. The other aspect of this bill is that it enacts the critical cyber systems protection act to provide a framework for the protection of critical cyber systems that are vital to national security and public safety. Of course, this is key because this is what everything else is built on in terms of our national security and the systems that we have. We need to make sure we can properly safeguard those. In that regard, it authorizes the Governor in Council to designate any service or system as a vital service or vital system. Just think about that. When I was in college studying computer engineering and I went to get my first dial-up connection, who would have thought that a mere 25 years later we would be talking about designating some of these services as being vital to national security or public safety? The reality is that is where we are now. As we rely so heavily on these systems, we rely so heavily on ensuring that we have the systems in place that we do in order to protect our security as it relates to cyber-threats. I appreciate the opportunity to talk about this very important piece of legislation. I get the sense it is being widely supported in the House. I hope we can move this along so we can get to the next steps, continue to move forward and get what we need into place in order to properly protect our cyber systems from a security perspective.

1099 words

All Topics

Mr. René Villemure (Trois-Rivières, BQ)

Dec/1/22 4:10:56 p.m.
Watch
Re: Bill C-26

Madam Speaker, I thank my colleague from Kingston and the Islands for his speech, which was informative as always. However, I would like to know how this bill will enhance public trust in the Internet. What mechanism in Bill C‑26 will help guarantee public trust?

47 words

All Topics

Mr. Mark Gerretsen

Dec/1/22 4:11:18 p.m.
Watch
Re: Bill C-26

Madam Speaker, as I said in my speech, one of the things the bill does is it specifically directs what the various telecommunications providers need to do in order to maintain that security. That is what we do from a policy perspective. We establish what those requirements are that are required of the telecommunications systems in order to ensure that security is there. What we will see coming out of this is that the telecommunications systems, in a unified fashion, will promote these particular policies and safeguards that will be put through those directives.

94 words

All Topics

Mr. Charlie Angus (Timmins—James Bay, NDP)

Dec/1/22 4:12:07 p.m.
Watch
Re: Bill C-26

Madam Speaker, one of the things that has become very clear, particularly since the Russian invasion of Ukraine, is how destabilized our world is and how many bad actors are out there at the state level trying to undermine democracy. My concern is about the ability of the federal government to withstand cyber-attacks. Earlier today, I talked about 2011 when actors out of China were able to shut down finance and the Treasury Board for days on end with relentless attacks. With the amount of financial information for Canadians that is in those departments, that is very serious. We know that in the immigration department, which has turned into an absolute nightmare for anybody trying to navigate it, the system is breaking down. Staff in the department cannot access information files because the system is not up to speed. This will require a major investment to protect people, but also to deal with dark forces, whether they are Russians, the Chinese or any other non-state actor. Has the government put in a credible plan to ensure we get our federal systems up to speed to be able to withstand hackers?

192 words

All Topics

Mr. Mark Gerretsen

Dec/1/22 4:13:27 p.m.
Watch

Madam Speaker, this is the basic fundamental principle to having our full and complete autonomy over our nation. We need to ensure that these systems are secure—

28 words

The Assistant Deputy Speaker (Mrs. Alexandra Mendès)

Dec/1/22 4:13:44 p.m.
Watch

Order. The hon. member's microphone is causing an audio problem that is interfering with the interpreter's audio.

19 words

Mr. Mark Gerretsen

Dec/1/22 4:13:57 p.m.
Watch
Re: Bill C-26

I apologize, Madam Speaker. It is not my first day. I should not have let that happen. I apologize to the interpretation staff, through you. Getting back to what I was saying, in order to maintain that autonomy which we must have as a country, we need to make sure that the proper investments are in place to do that. The member indicated there would need to be a major investment. My own personal perspective is that we should spare no expense to ensure that security is absolutely robust. Will there be penetrations or will there be times when it might be challenging to maintain that? Yes, but we learn from those. With regard to his example from 2011, I believe we learned from that and we made our systems even better as a result.

135 words

All Topics

Mr. Philip Lawrence (Northumberland—Peterborough South, CPC)

Dec/1/22 4:15:00 p.m.
Watch
Re: Bill C-26

Madam Speaker, I can attest that this is not the gentleman's first day. It seems like I have spent a year staring into his eyes here. In the legislation, there is a fair bit of gray area with respect to definitions. Will the government be releasing additional information on such undefined terms as “cyber- incidents”?

58 words

All Topics

Mr. Mark Gerretsen

Dec/1/22 4:15:20 p.m.
Watch
Re: Bill C-26

Madam Speaker, I am flattered to hear that the member has been staring into my eyes for a year. In all seriousness, the member asks a good question. I do not have the answer to that. I am certainly not in a position to be able to provide to him what the government would release later. When the government tables a bill or releases information to Parliament, it does so in a fashion that allows every member of Parliament access to that at the same time. The member's access to that would be no different from mine.

98 words

All Topics

SoVote

House Hansard - 139