SoVote

Decentralized Democracy

House Hansard - 172

44th Parl. 1st Sess.
March 23, 2023 10:00AM
Context: House Hansard - 172 - Mar/23/23
Hon. John McKay
  • Mar/23/23 4:13:46 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, that is two impossible questions in a row, and I congratulate the member for them. The first was whether cyberwarfare should be declared an act of war. To my mind, an attack is an attack. If someone is running cars off the road, or interfering with pipelines or hospitals, they are putting people's lives at risk and sometimes even killing them. That does strike me as an act of war. The second issue, and the member was probably there when I raised that question with one of our witnesses, was our levels of classification for information. The question I put to one of the witnesses was as follows: I have been in on some of the security briefings, and I am sitting there wondering whether I read it two weeks ago in The Globe and Mail. We seem to have a very high threshold of classifications, and maybe this could be an opportunity to reduce that threshold.
160 words
  • Hear!
  • Rabble!
  • star_border
Ms. Elizabeth May (Saanich—Gulf Islands, GP)
  • Mar/23/23 4:14:58 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, this is an area where I appreciate the member's expertise in identifying where the actors are that attack our cybersecurity. Does the member think, from what he knows, that there is any level of response from the Canadian government that would not always be playing catch-up with cybercriminals who are ahead of us?
57 words
  • Hear!
  • Rabble!
  • star_border
Hon. John McKay
  • Mar/23/23 4:15:22 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, the brief answer is no. I think we will always be playing catch-up. In this case, things are moving so quickly.
24 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Williams (Bay of Quinte, CPC)
  • Mar/23/23 4:15:40 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, these are the words spoken yesterday by President Xi of China to Vladimir Putin as they departed company in Moscow: “Change that hasn’t happened in 100 years is coming and we are driving this change together.” Their meeting, which took place under the shadow of Russia's onslaught in Ukraine, was one that the experts stated was a meeting to build Russia's and China's alignment against the U.S. and the west, “and a world order more suited to their more autocratic agendas”. Before us is a very serious bill at a very serious time, and it also would work in coordination with a lot of other serious bills we have on the floor right now. Bill C-34 is on the Investment Act, which looks closely at what investments are security minded and good for Canada. Bill C-27 would enact the consumer privacy act and look at the protection of Canadians' privacy. We have stated all along that privacy for Canadians needs to be a fundamental human right. The bill on interoperability and the right to repair look at different ways in which we are dealing with our IP and technology in Canada. Today at the science and research committee, we continued the study of IP commercialization, ensuring we can develop technology and hold technology in Canada. We lose a significant amount of our IP to the Americans, to other nations and to foreign entities. We talk about the world order and what is happening in the world. Albert Einstein famously said that he was not sure what weapons would be used in World War III, but that the weapons of World War IV would be sticks and stones. The weapons being used right now are joysticks and software. We should make no mistake that, at this moment, we are already at war. We are not only talking about Ukraine. The member previous spoke about some of the attacks that are happening from a centre of cyber-attacks in Ukraine. Cyber-attacks are happening across the world, and they are happening right now in Canada. There has been a lot of different alarming statistics on cyber-attacks and malware attacks in Canada. We know the Canada Revenue Agency was attacked in August 2020, impacting nearly 13,000 Canadians, who were victims of that. There was also a hospital in Newfoundland in October 2020 where cybersecurity hackers stole personal information from health care employees and patients in all four health regions. That affected 2,500 people. Black & McDonald, a major defence and security company and contractor, was hit with ransomware just two weeks ago. That is our security being hit by the very thing it is trying to protect us from. Global Affairs Canada was attacked in January 2022 right around the time Russia engaged in the illegal invasion of Ukraine. It was reported that it may have been Russian or Russian state-sponsored actions responsible for the cyber-attack on Global Affairs. Most famously, there was a ransomware attack on critical infrastructure in the United States back in May 2021 where pipeline infrastructure was attacked. President Biden, who will be here tomorrow, issued at that time a state of emergency, and 17 states also issued states of emergency. It was very serious, which shows the capabilities of some of those cyber-threat actors. With ransomware, there are companies that attack companies and then demand a ransom or money before they return those computers or the networks back to the owners. It is now worth $20 billion. That is how much money ransomware is costing businesses. Back in 2016, it was only $5 billion. The technology is rapidly advancing, and it is a war. It is a war that is affecting Canadians at this very moment, and it is something we have to be very serious and realistic about looking at what cybersecurity is, what it means and what we have to do as Canadians and as a Canadian government to combat attacks. We know that the bill is something we support. We, of course, support the bill. Cybersecurity is very important, and as the member noted earlier, we have to make it right. We do not have time for a flawed bill or to race something through. Because of the advancements and because of the need to be very serious and realistic about cybersecurity, let us make sure we get the bill to committee and make sure then that we look at certain amendments that would get it right. The question at this very moment is whether the government is taking this seriously enough. Despite a ban on Huawei announced by the government in May 2022, this week it was ascertained by the member for Dauphin—Swan River—Neepawa, as we were talking about IP commercialization in the science and research committee, that UBC is still working with Huawei after May 2022. The minister assured us that Huawei was banned, that Huawei was done. Of course, there were reports months ago of a crackdown on IP being stolen and shared from Canadian universities. It has already been projected that 2023 will be the worst year for ransomware, for cybersecurity and, of course, for IP leaving Canada. We have to take this seriously, and I know that members across the way have talked about it. Of course, this bill does that, but we need to be serious. We need to talk about cybersecurity, which means being realistic and bold in how we counter, and how we aid the west in winning, the war over cybersecurity. There are amendments to the bill that we would like to see. Number one is to ensure that we protect and safeguard our national security and infrastructure. I know a member talked earlier about the different silos that exist. Probably the most important function is to ensure that silos in the government dealing with cybersecurity are talking to one another. The Americans deal with their cybersecurity concerns through the National Security Agency, the Department of Homeland Security, the Federal Bureau of Investigation and the Department of Defense. They all work alongside each other to enhance the cybersecurity establishment that was developed in 2018. Similarly, Canada has the Communications Security Establishment, part of which is the Canadian Centre for Cyber Security, but as a member noted previously, is it talking to NSICOP and CSE? Are we making sure we are talking to the different departments? We know that the government is pretty large and unwieldy. We have to make sure that these departments are working together. We also have to make sure we are looking after our businesses, as 40% of Canadian SMEs do not have any cybersecurity protection. It is going to be very costly for those businesses to implement that. As a business owner, I know the single biggest cost when it comes to cybersecurity is actually insurance. Insurance premiums just for cybersecurity attacks are going up and up. Every year they have increased by 20% to 30%. Of course, that is aligned with the $20 billion we are seeing from malware and ransomware across the world and the increase in cyber-attacks. We have to make sure that we help our businesses, so perhaps we need to look at tax credits. One thing we can do is ensure that we share best practices and that businesses get support from the federal government to enhance their cybersecurity. Another concern we have is how much power the minister will get, as the minister is supposed to get all the power. We have seen this with other bills. We have seen this in bills on the right to repair and interoperability. We have seen it in Bill C-27. Perhaps it is better to look at an ombudsman. We have talked about the Governor in Council and orders in council, but we want to hear from the security experts at committee to ascertain who exactly should be making these decisions instead of bringing them back to one minister. This bill right now could fit under the INDU committee and the industry minister, but it is going to the public safety committee, so already we have two different departments managing this bill. Why does one minister have to handle it? Why can it not be a broader process to ensure that we are seeing some congruence? Privacy is something we talked about quite a bit. We will be debating Bill C-27 in the House tomorrow, and I certainly feel that privacy needs to be a fundamental human right. Part of this bill has different groups and organizations concerned about how we are protecting Canadians' right to privacy. When they lose their privacy, who is responsible for that? There will be a lot of different witnesses coming to committee. When we look at cybersecurity, we have to ensure we are protecting Canadians' fundamental right to privacy and ensure we are doing all we can so that if their privacy is breached, Canadians can find some relief. We have talked about Bill C-27 and a tribunal, and maybe giving more powers to the Privacy Commissioner, who should have more power to look at whether we should go after criminals or organizations for breaches. We also have to look at the law and at what we are doing to go after criminals who are engaging in cyberwarfare and who continue to be a threat to Canadians. Russia and China are very concerning right now, and there are a lot of different reasons for that. Russia is growing increasingly reliant on China as both an import market and an exporter of electronics. Both leaders are building a closer energy partnership on oil, gas, coal, electricity and nuclear energy. They are going to build the Power of Siberia 2 pipeline through the territory of Mongolia. This is important because Taiwan is coming up—
1658 words
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Carol Hughes)
  • Mar/23/23 4:25:51 p.m.
  • Watch
I am sorry, but the hon. member's time is up. I am sure he will be able to add more during questions and comments. Questions and comments, the hon. member for Scarborough—Guildwood
35 words
  • Hear!
  • Rabble!
  • star_border
Hon. John McKay (Scarborough—Guildwood, Lib.)
  • Mar/23/23 4:26:03 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I pretty well agree with everything the member said. However, what I am concerned about is that partisanship is a debilitating exercise around here and this is serious business. Does the member have any thoughts as to how to innoculate this bill, in particular, from the partisanship that may inevitably follow it? Then we can deal with this as serious legislators and serve all of our public.
69 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Williams
  • Mar/23/23 4:26:44 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, as I have heard, members from across this side of the House are in agreement with the bill and think that cybersecurity is needed. I think the difference is that on our side, we just want to make sure that we slow down a bit, get the bill right and are realistic and bold about what the Canadian government needs to do to ensure we tackle cybersecurity. I think we can come together at committee. I have heard from many Conservative speakers, and we all agree that we should bring the bill to committee. However, let us bring in the best witnesses to ensure we get it right so that in the end we are leading the world, not catching up.
123 words
  • Hear!
  • Rabble!
  • star_border
Mr. Luc Desilets (Rivière-des-Mille-Îles, BQ)
  • Mar/23/23 4:27:34 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, like all members of the House, I believe, experts are concerned about Chinese equipment in our critical infrastructure, especially telecommunications infrastructure. Should the Liberal government not be very concerned about the presence of Liberal MPs in its own ranks who are a threat to national security in their own way?
52 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Williams
  • Mar/23/23 4:28:00 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, absolutely. We are seriously concerned in an ever-evolving world about national security, cybersecurity, infrastructure and investment security, protecting Canadian interests in IP and making sure we have fair, open and honest inquiries. If there are breaches and interference in our democracy, they should be tackled openly and honestly. We are certainly asking for that every day, and when it comes to the bill before us, it is no different. We are at war with joysticks and software that threaten our infrastructure and the very livelihoods of Canadians and Canadian businesses. Let us get this right. Let us work together openly and honestly and make sure that we pass a good bill that protects Canadians.
117 words
  • Hear!
  • Rabble!
  • star_border
Ms. Lori Idlout (Nunavut, NDP)
  • Mar/23/23 4:28:48 p.m.
  • Watch
  • Re: Bill C-26 
Uqaqtittiji, I am glad the member mentioned the same concerns that we in the NDP have about the overly broad powers being proposed for the minister. Could he share with us whether he thinks some options, which the NDP might propose, to fix some of those concerns could possibly include parliamentary oversight, some kind of review mechanism and an independent review body as a fix to the overly broad powers being proposed for the minister.
75 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Williams
  • Mar/23/23 4:29:27 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, yes, there has to be a lot of different options, and not just in this bill. There are a lot of bills that suggest to give broad powers to one minister, which makes no sense. I do not know how the minister has time to deal with that. Certainly we are open to a lot of suggestions and some suggestions sound good, like an ombudsman. There have been suggestions of tribunals to make sure we have broad bodies that can oversee this so we do not just give power to one minister. One hundred per cent we support that.
101 words
  • Hear!
  • Rabble!
  • star_border
Mr. Philip Lawrence (Northumberland—Peterborough South, CPC)
  • Mar/23/23 4:30:12 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, the member talked a bit about silos and the inability for governments to sometimes work in them. I know he has a great background in innovation and business. Maybe he could expand a bit more on the importance of collaboration with respect to cybersecurity and in business in general.
51 words
  • Hear!
  • Rabble!
  • star_border
Mr. Ryan Williams
  • Mar/23/23 4:30:33 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, collaboration from government agencies is key, but those who are really going to solve this, which is the same in the U.S., are Canadian businesses, inventors and entrepreneurs who can develop software and technology for cybersecurity that can be world-leading, help Canada, help Canadians and help the world in combatting this awful thing.
57 words
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Carol Hughes)
  • Mar/23/23 4:30:59 p.m.
  • Watch
Order. It is my duty pursuant to Standing Order 38 to inform the House that the questions to be raised tonight at the time of adjournment are as follows: the hon. member for South Okanagan—West Kootenay, Climate Change; the hon. member for Victoria, Climate Change; the hon. member for Spadina—Fort York, Democratic Institutions.
57 words
  • Hear!
  • Rabble!
  • star_border
Mr. Joël Lightbound (Louis-Hébert, Lib.)
  • Mar/23/23 4:31:25 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, unless I misunderstood, the Bloc Québécois member whose riding escapes me suggested in his question that there are government MPs who may pose a threat to national security. That is a bit of a stretch from the allegations that have been made. It is unacceptable to suggest that members may pose a threat to national security. I would ask the member to either clarify his comments or apologize. If I misunderstood, then I apologize, but that is indeed what the member said in his question during the previous debate.
95 words
All Topics
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Carol Hughes)
  • Mar/23/23 4:32:06 p.m.
  • Watch
I am sorry, but I did not hear the member's specific remarks. We will check the Hansard and come back with a response if required.
26 words
  • Hear!
  • Rabble!
  • star_border
Mr. Peter Fonseca (Mississauga East—Cooksville, Lib.)
  • Mar/23/23 4:32:25 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, let me start off with the point you were just talking about, because in the 21st century, cybersecurity is national security. It behooves us all as parliamentarians to work as hard as we can to protect our businesses, consumers and institutions from cyber-threats. That is why I am so grateful and delighted to be here today in the House to speak to the second reading debate of Bill C-26, which concerns the important topic of cybersecurity. Cybersecurity is a matter of great concern to my constituents of all ages. I firmly believe both the public and private sectors need to be able to protect themselves against malicious cyber-activity, including cyber-attacks. As parliamentarians, it is our duty to establish a framework for secure critical infrastructure that we can all rely on. The past few decades have seen remarkable advancements in computer and Internet technology. Online connectivity has become an integral part of the lives of Canadians and people around the world. The COVID-19 pandemic has shown us how we rely on so much on the Internet for everything we do, from education to conducting business and staying in touch with loved ones. With more and more people depending on the Internet, including young children and seniors, our most vulnerable, it is crucial to ensure that we have a secure and reliable cyber-connectivity. Our government is committed to improving cybersecurity to safeguard our country's future in cyberspace. However, as technology and cyber systems continue to evolve, our infrastructure is becoming more interconnected and interdependent. This brings new security vulnerabilities. For instance, personal interactions like banking and credit card transactions are now mainly conducted online, making cybersecurity even more important. According to the Cybersecurity and Infrastructure Security Agency, ransomware attacks were among the most significant cybersecurity threats in recent years. Cybercriminals continue to use sophisticated tactics to gain access to critical systems, steal sensitive data and extort money from victims. In addition to ransomware attacks, other common cybersecurity threats include phishing attacks, malware, insider threats and distributed denial of service attacks. I know members have all received emails or phone calls with these types of threats. We do not know where they are coming from, but they are trying to crack our system and do criminal activity. As more organizations adopt cloud computing, like we do here, Internet of Things devices and artificial intelligence, these technologies are also becoming significant targets for these cybercriminals. Cybersecurity threats can have severe consequences for individuals, businesses, all levels of government. These include financial losses, which we have heard are in the billions, reputational damage, legal liabilities and even physical harm. We have read and heard the stories of those who have taken their lives because of these harmful attacks. It is crucial to take proactive steps to prevent and mitigate cybersecurity risks. Bill C-26 is a landmark legislation that would amend the Telecommunications Act and other consequential acts to enhance cybersecurity. The bill proposes to add more security as an express policy objective of the telecommunications sector, bringing it in line with other critical infrastructure sectors. The key objectives of the bill are twofold. First, in part 1, the bill proposes to amend the Telecommunications Act to add security expressly as a policy objective. This amendment aims to align the telecommunications sector with other critical infrastructure sectors. The changes we are bringing about through this legislation would authorize the Governor in Council and the Minister of Innovation, Science and Industry, after consultation with stakeholders, to establish and implement the policy statement “Securing Canada's Telecommunications System”, which the minister announced in May of 2022. The primary objective is to prevent the use of products and services by high-risk suppliers and their affiliates. This would enable the Canadian government, when necessary, to restrict telecommunications service providers' utilization of products or services from high-risk suppliers. With such restrictions, consumers would not be exposed to potential security risks. This approach would allow the government to take security measures similar to those of other federal regulators in their respective critical infrastructure sectors. The second part of Bill C-26 pertains to the introduction of the critical cyber systems protection act, or CCSPA, which mandates designated operators in federally regulated sectors such as finance, telecommunications, energy and transportation to undertake specific measures to safeguard their critical cyber systems. It would include the ability to take action on other vulnerabilities, such as human error or storms causing a risk of outages to these critical services. In addition, the act would facilitate organizations' capacity to prevent and bounce back from various forms of malevolent cyber-activities like electronic espionage and ransomware. Notably, cyber-incidents that surpass a certain threshold will necessitate mandatory reporting. Both parts 1 and 2 of Bill C-26 are required to ensure the cybersecurity of Canada's federally regulated critical infrastructure, and in turn, protect Canadians and Canadian businesses. The need to intensify our efforts is apparent because of the advent of new technologies we are hearing about like 5G. The COVID-19 pandemic has highlighted our growing dependence on technology. In addition, in my riding of Mississauga East—Cooksville, there is a growing concern about Russia's unwarranted and unjustified invasion of Ukraine, which has resulted in international tensions and a range of potential threats. Such threats include supply chain disruptions and cyber-attacks from state and non-state actors. We are not starting from scratch in our fight against this threat, though. Our government is always vigilant when it comes to any type of threat, including cyber-threats. Our government has made several investments in cybersecurity in recent years to improve the country's cyber-resilience and protect Canadians' data and privacy. For example, in 2018, we created the national cybersecurity strategy. This was based on the consultations that we initiated with Canadians in 2016. Our government adopted this strategy to establish a framework aimed at protecting citizens and businesses from cyber-threats while leveraging the economic benefits of digital technology. Cyber-incidents involve a certain threshold at which reporting would be required. This legislation would give the government a new tool to compel action, if necessary, in response to cybersecurity threats or vulnerabilities. Canada is working alongside other democratic nations around the globe, both in the context of our Five Eyes relationship and in the G7 alliance. These multilateral forums are intensely focused on devising strategies to counter a range of cyber-threats, such as ransomware attacks; the dissemination of false information, which we have seen too often; and attempts by malicious actors to engage in cyber-espionage. To facilitate this collaboration, we are emphasizing the importance of sharing information and intelligence, thereby breaking down those silos. This would enable us to more effectively combat efforts made to destabilize our economies and undermine Canadian interests. While we are currently engaged in a debate regarding Bill C-26, we are also taking proactive measures to address the current gaps in our domestic cybersecurity landscape, while simultaneously partnering with like-minded nations to confront these challenges in a comprehensive manner. We have listened to Canadians, our security experts and our allies, and we are following the right path. We will ensure that our networks and our economy are kept secure. A safe and secure cyberspace is important for Canadian competitiveness, economic stability and long-term prosperity. Bill C-26 aims to enhance designated organizations' preparedness, prevention, response and recovery abilities—
1248 words
  • Hear!
  • Rabble!
  • star_border
The Assistant Deputy Speaker (Mrs. Carol Hughes)
  • Mar/23/23 4:42:34 p.m.
  • Watch
I am sorry. The hon. member's time is up. Questions and comments, the hon. member for Northumberland—Peterborough South.
21 words
  • Hear!
  • Rabble!
  • star_border
Mr. Philip Lawrence (Northumberland—Peterborough South, CPC)
  • Mar/23/23 4:42:47 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I very much enjoy working on the finance committee with the member and enjoyed his thoughtful remarks. I hope my question hits the other Liberals' concerns about partisanship, as this is substantive criticism and not partisanship. We have heard concerns from both the NDP and from the Conservative Party that the bill would provide a broad swath of powers to the minister. Is the government open to delineating some of those powers so it gives additional assurances to us and to the other opposition parties?
87 words
  • Hear!
  • Rabble!
  • star_border
Mr. Peter Fonseca
  • Mar/23/23 4:43:22 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, I very much enjoy working with the hon. member on our finance committee. The member always looks for pragmatic solutions. For our cybersecurity to work, we have to work right across party lines. We have to work across all levels of government, with all our institutions, the private sector and the public sector. That is the only way that we are going to implement a system that really has an effect and is able to combat these cybercriminals we find and what we are being bombarded with. They are always trying to stay one step ahead, and the only way for us to combat that is to work together.
111 words
  • Hear!
  • Rabble!
  • star_border