44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, one of the things I have heard in talking to universities and different groups is that one of the faults of this piece of legislation is that they have to share this information with the government when they have been attacked, but it is a one-way street. When they see an attack happen, they share it with the government, but there is no information given to other businesses to help them protect against attacks similar to that in nature.
Could the member talk about why it is important and what it means to companies when they are attacked and how it can hurt not only their bottom line? Indigo, for instance, would be a good example of what happens when there is a cybersecurity attack.
128 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, that was a great speech from my colleague. I think we would like to see him go on and on, because he has done such a great job.
It has been interesting to be here in the House today, as we listen to the different members from parties talk about the legislation and how important it is. I think there is recognition from all parties within this House that the bill will go to committee and that the committee will have some serious work in front of it, to take a bill that is kind of so-so and put some teeth into it, and make it into something that will work for all Canadians.
I am going to focus mainly on the critical infrastructure part of the legislation. It is so important that we get this right and make sure we have our critical infrastructure protected going forward and make sure we have the tools to keep it protected.
There is a war going on in Europe right now, in Ukraine. We saw that when Putin attacked Ukraine, one of the first things he did was attack certain facilities through cyber-attacks. Ukraine did not have proper protections in place and did not have the tools in place. All of a sudden Putin was able to turn the power off and do things to destabilize local governments. This allowed him to take advantage of the scenario, to move in, take advantage of the territories and conquer those territories. That is just one example of many around the world where cyber-attacks have been used ahead of brutal land attacks. We can see this being used in other ways to influence Canadian politics, or politics around the world, just by how they go about conducting that type of cyber-attack.
It would be really interesting, but it would not be interesting, as I do not ever want to see it, where all of a sudden the natural gas pipelines shut down in the middle of 40-below weather in Saskatchewan. That would be a huge hit to people in Saskatchewan. That would be a hit to our economy. It would be very serious to our seniors and people living without any other means of heating. All of a sudden we could have a cyber-attack, and the gas line would be off, and furnaces would not be working for 12 hours, 18 hours or 24 hours. Our houses would freeze up and our water pipes would break. These are the types of things that could happen with a cyber-attack.
What if our power grid were under attack? What would that mean to Ontario and Toronto, for getting people to and from work? What would it mean to our electric cars, if all of a sudden we did not have any ability to charge them or get them from A to B? What would that mean for people in hospitals, where the hospitals would need a generator to run the emergency services? If someone was getting surgery or was in an accident, they might not get the medical treatment that is required.
These are reasons we need to make sure we are doing everything we can to protect ourselves from cyber-attacks. These are some very simple reasons.
The committee is going to have some very interesting things to do to deal with the legislation. I think that is a good thing. I think we have identified here today some of the flaws in the piece of legislation: some of the oversight flaws, some of the flaws in regard to the sharing of information and why they are important to be addressed as we go forward.
We can look at, for example, the sharing of information. I was at the University of New Brunswick in 2017, and they said one of the issues they had with cybersecurity attacks was that somebody might be attacked, but might not share the information on what the attack was and how it happened for fear of liability. For example, in such a situation, if a hospital was attacked, it may not necessarily want to share that information with anybody else for fear of liability, if all of a sudden the records of patients had been confiscated by somebody part of the attack.
In the legislation before us, if we get it right, they should be able to share that information. They should be able to share it with a variety of different critical infrastructure facilities to make sure they put the appropriate patches into their software so that same person who attacked that hospital cannot attack another hospital, attack the electrical grid or use malware, or whatever means they used to attack that hospital, and so it does not happen anywhere else.
That would be a good thing. We have to make sure the legislation can reflect that and allow that information to flow between different parties, so we can keep protecting ourselves in a fluid situation. I think that is something we will see in the legislation, if it is done properly.
We know oversight is very important. Canadians have to trust that the oversight bodies and the people who are putting in these regulations and monitoring these regulations have accountability and that they are accountable back to Parliament. It cannot be just to the minister. We have seen situations in the past with the current government where accountability goes to the minister, and Parliament never really finds out what actually went on and what goes on, and Canadians are in the dark.
We can look at SNC-Lavalin. There is a classic example where we did not see all the details of what was going on in a situation. We can look at what was announced today, how the government is going to leave the investigation into Chinese election interference to NSICOP. That is something the Chinese would do. They would create a committee and say they were going to investigate themselves in their own committee and then make sure it is never public. That sounds rather Chinese to me, but that is happening here in Canada, and Canadians do not accept that. That is why it is very important that there be public oversight and that there be the ability to make sure these bodies and the government are acting in a fair and responsible way.
Some of the civil liberties groups have said that there are some serious concerns with this legislation. They should be brought in front of the committee and listened to, and then the committee should try to figure out how to address those concerns, to make a better piece of legislation.
We have seen the Liberal government react and react and react, in so many situations. To me, this looks like another example where it is reacting. It is basically just doing lip service and then it will throw it to the committee to do the work. This should have been done a long time ago. For eight years, we have been vulnerable. What could have happened in those eight years could have been life-changing for a lot of Canadians, because of the lack of forethought or good policy out of the Liberal government.
If we think about it, it is a talking point that the Liberals have done here. They have put some stuff together and thrown it into the House to say they are working on cybersecurity, but it is half done. The committee is now going to have to do the rest of the job, to actually finish it and hopefully get a good piece of legislation.
That is in question, because we do have a Liberal-NDP government here. They tend to side with each other all the time. Will they side together here, or will they actually take a step back and say, yes, we have to do what is right for Canadians and address the issues that have been raised by different associations and different groups? Are they going to look at what they can do to make this a better piece of legislation, or are they going to stick to their partisan angles and dig in their heels? If they do that, the people who really lose out are Canadians. They are the people who will be impacted by a cyber-attack, because we did not put the proper safeguards in place.
We should not think that this will not have an impact on our economy. A good example we have just seen is the cyber-attack on Indigo last week. Its computer systems are down as we speak. It is telling customers they cannot buy books online. They actually have to go to a storefront to buy their books because of a cyber-attack, a ransomware attack.
We have seen, over and over again, different schools and universities facing these types of attacks. They need to know that the government is there and is going to be there to help them. They need to know that the people who are doing these attacks will be identified and somehow dealt with, if possible. We understand that a lot of these attacks happen from Russia or North Korea, outside of our territory, but when they happen from within Canada, we want to make sure that the people who are doing these types of things are properly dealt with. We want to make sure that this does not happen again. We want to make sure we learn from the experience so it cannot happen again.
There are lots of things in this legislation that can be really good if it is dealt with properly, but it has to go to committee. I think Conservatives have been very clear. We want to see this go to committee. I just hope the committee members are able to actually do the work that is required to take a piece of legislation that is mediocre at best and make it into something that will work for all Canadians.
1676 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
