44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, it is quite clear that legislative gaps exist. Many of my remarks were focused on detailing the threat landscape out there.
The good people who work at CSIS, CSE and Public Safety Canada are dedicated professionals who treat this threat very seriously. Every day they go to work, they are determined to keep Canadians safe. The problem lies in the fact that so much of our critical infrastructure, those systems that our society relies on every single day, lies in the private realm. We want to ensure that the government is there as a partner to help them beef up their cyber systems so that, if any one of them is attacked, we can pool resources, address the threat and also learn from it to prevent ones in the future.
There is a need there, but again the crux of my comments is that we have a good idea in this bill. There is a need. It is just the details and specifics that need to be hammered out.
171 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, this is a very relevant question. Is it the right time for a bill like this? I would like to give a very brief answer: Yes, it is absolutely the right time for this. Is it the right bill yet? No, it is a good starting point. That is how we can look at this bill. I am happy to vote in favour of this bill, to get it to committee. I am hopeful, from the comments I have heard from members of the Bloc and the NDP, that they are eager to give this bill a robust study and make the necessary amendments that will address the cybersecurity requirements in our country to keep critical infrastructure and our citizens safe, but also to respect the privacy of Canadians. Those are equally important elements. I am looking forward to the study on this bill.
146 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I am proud to rise in the House today to speak to this important legislation on behalf of the good people of Barrie—Springwater—Oro-Medonte. I am pleased to see Bill C-26 come forward in the House. Improving the resiliency of our critical infrastructure is of the utmost importance to our national security and the everyday safety of Canadians.
This legislation consists of two separate parts. The first portion, among other things, would give the Governor in Council powers to order telecommunications providers to secure their systems against threats and to remove malicious actors from our telecommunications infrastructure. The second portion would create the critical cyber systems protection act, which would establish a cybersecurity compliance framework for federally regulated critical infrastructure operators. This would specifically regulate the sectors of finance, telecommunications, energy and transportation.
I believe that in principle, this legislation appears promising. I think we can all agree that we need a robust cybersecurity framework in Canada. However, it is worth noting that under the current government, we have done the least to bolster our resilience to cyber-attacks compared to all other Five Eyes partners. We lag behind our western allies in national security, and as such, Canada has failed to secure our critical infrastructure against complex and ever-evolving cyber-threats in the modern world. Therefore, before I get into the specific merits and deficiencies of this legislation, I want to speak about the emerging threats to our critical infrastructure and the pressing need to protect our national security.
Threats to our critical infrastructure are real and imminent. In fact, Caroline Xavier, chief of the Communications Security Establishment, or CSE, recently testified before the public safety and national security committee and stated, “cybercrime is the most prevalent and most pervasive threat to Canadians and Canadian businesses.” She also noted, “Critical infrastructure operators and large enterprises are some of the most lucrative targets.”
While there are several forms of cyber-attacks that our critical infrastructure operators are vulnerable to, the Canadian Centre for Cyber Security has noted in its most recent annual national cyber-threat assessment that ransomware is the most disruptive form of cybercrime facing Canadians and that critical infrastructure operators are more likely to pay ransoms to cybercriminals to avoid disruption. For example, in 2018, cybercriminals deployed a malicious software and successfully held the city hall of a municipal government in Ontario hostage, which resulted in that government paying $35,000 to the hackers to avoid disruption. However, this is not always an effective strategy. A survey of Canadian businesses found that only 42% of organizations that paid ransoms to cybercriminals had their data completely restored.
In 2021, the CSE stated that it was informed of 304 ransomware incidents against Canadian victims, with over half of them in critical infrastructure. However, it acknowledged that cyber-incidents are significantly under-reported, and the true number of victims is much higher.
The enormous economic toll that these cyber-breaches have on Canadian companies is worth noting. According to IBM, in 2022, the average cost of a data breach, which includes but is not limited to ransomware, to Canadian firms was $7 million. There is currently no framework to ensure that companies report when they are victims of these attacks. I will acknowledge that the legislation before us takes steps to address this pervasive issue that Canadians are facing; however, it is certainly an overdue effort.
We saw the damage a cyber-attack of this magnitude can cause in May 2021, when a U.S. energy company was subject to a ransomware attack carried out by a Russian-based criminal group that successfully extorted roughly $4.3 million in coin-based currency. As members may remember, this attack disrupted the largest fuel line in the U.S. for five days and led to President Biden calling a national state of emergency. In 2021, at the U.S. Senate committee on homeland security, the CEO of that company testified that he had no emergency preparedness plan in place that specifically mentioned “ransom or action to ransom”. This incident underscores the fact that we as a country must enhance preparedness and improve the resiliency of our critical infrastructure in order to avoid similar incidents.
Therefore, I am pleased to see this proposed legislation come forward. However, it is worth noting that this is the first substantive legislative response to this issue during the government’s tenure, despite a steady increase in cyber-threats over the years.
The entirety of our federally regulated critical infrastructure is connected to the Internet in some way, and it is extremely important to prevent malicious actors from setting up on our infrastructure and attacking it. Previously, there has been no mechanism for the government to formally remove a company from our telecommunications networks.
The clearest example of the need for this mechanism would be the controversy surrounding Huawei, a company that was part of the design of our 5G networks despite glaring national security concerns related to its activities and relationship to the Communist Party in Beijing. It is a significant move that this company will be kicked off our servers, but it is a delayed one. We know that under China's national intelligence law, the CCP has the authority to instruct any company to hand over information to support, assist and co-operate with state intelligence work. Accordingly, we ought to be cautious and avoid contracting with companies that could potentially compromise the security of our critical infrastructure.
It is certainly positive that Canada will be able to kick malicious actors such as Huawei off our networks. However, many have noted that we lessened our credibility among the Five Eyes nations due to our delayed response to this issue. Indeed, the United States lobbied Canada for years to exclude Huawei from our 5G mobile networks and warned that it would reconsider intelligence sharing with any countries that use Huawei equipment.
In some respects, this legislation is a positive step toward establishing a baseline standard of care for organizations whose functions are integral to our critical infrastructure. As I have previously mentioned, incidents of cyber-attacks often go unreported or under-reported. This legislation's mandatory reporting mechanism, which specifies that a designated operator must immediately report an incident to the CSE and the appropriate regulator, is a welcome step toward addressing this issue. However, the act does not prescribe any timeline or give any other information as to how “immediately” should be interpreted by an operator.
As I have just laid out, there are aspects of this legislation that my Conservative colleagues and I fully support. However, I have concerns with several elements of the bill.
First and foremost, there is a complete lack of oversight over the sweeping new powers afforded to the cabinet ministers, regulators and government agencies mentioned in this legislation. Alongside a lack of oversight, there is little information on the breadth of what the government might order a telecommunications operator to do.
It is evident that this bill draws on much of Australia's legislative model, which was first introduced in 2018 and eventually amended. However, we did not follow suit in terms of the oversight measures Australia included in its critical infrastructure protection act. Notably, Australia introduced political accountability mechanisms alongside its legislation, including a requirement for regular reporting, an independent review and the production of a written report. The Conservatives would like to see annual reporting from the minister on what actions have been taken and a public disclosure of the orders that the government is making under these newly afforded powers.
In terms of concerns from the public, we have heard from a number of organizations that are concerned that elements of this legislation undermine the privacy rights of Canadians. In September of last year, several privacy rights organizations signed an open letter to the Minister of Public Safety, which laid out their concerns with Bill C-26. For example, they were concerned about the sweeping new powers this legislation would give to the government over access to the personal data of Canadians and the data of companies. They noted that Bill C-26 “may enable the government to obtain identifiable and de-identified personal information and subsequently distribute it to domestic, and perhaps foreign, organizations.”
I think we can all agree that while enacting measures to improve the resilience of our critical infrastructure is of the utmost importance, civil liberties and privacy must be fully respected when drafting those measures. On the other hand, we have heard from stakeholders who are concerned about the regulatory burden this legislation may have on businesses, especially small and medium enterprises.
Many stakeholders have noted that the high costs and business impacts of a cyber-incident already incentivize companies to ensure rigorous cybersecurity protocols. Recent statistics released by Statistics Canada found that in 2021, Canadian businesses spent over $10 billion on cybersecurity, a 41% increase compared to 2019. Many stakeholders have noted that the proposed penalties related to this act, which reach up to $15 million and five years of jail time, are touted as being intended to promote compliance rather than to punish. However, I think we can all agree that a $15-million fine would indeed be unduly punitive on a small business that may be subject to this act. Therefore, we must ensure that fines and compliance costs are distributed evenly so as not to stifle competition and endanger the viability of small and medium enterprises in our critical infrastructure sectors.
Finally, we face a problem related to definitions and the scope of this bill. Various terms are not defined, including what constitutes a cyber-incident, and it is not immediately clear how the government will determine who is subject to this legislation. I look forward to receiving an explanation from the government to demystify some of the vague language found within it.
To conclude, a threat to our critical infrastructure is a threat to our national security. I think all parties agree that the government must take strong and immediate action against cyber-attacks. We support this bill in principle, but we believe that it needs to be amended significantly to ensure greater transparency and accountability from the government and future governments. I look forward to studying and amending this bill at the public safety committee with my colleagues across all parties.
1744 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I thank my colleague for his speech. In January, I requested a meeting with the Université de Sherbrooke, which has a research chair in cybercrime. I learned a lot about how behind the times Canada is.
This bill is good, but it comes at a time when we are at greater risk than ever before. The federal government does not seem to be taking cybercrime seriously, yet many European countries have other models and have made headway against cybercrime. How can we address the fact that we need to catch up?
We have to act faster to protect ourselves from cyber-attacks. There is also the whole issue of Hydro-Québec and the fact that those are interprovincial lines. How are the authorities going to be able to manage all that given the agreements and the importance of respecting Quebec's and the provinces' jurisdiction over certain types of critical infrastructure?
It is high time this critical infrastructure was included in a bill to protect it. I would like to hear my colleague's thoughts on that.
182 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, it is a pleasure to rise on behalf of the good people of Central Okanagan—Similkameen—Nicola.
I welcome this debate because essentially what the government has put forward in the bill is two words: “Trust us”. We should trust the government and give it all these powers for the Telecommunications Act, expanding it drastically. We should trust the government when it comes to designating cybersecurity systems as being of such importance that a whole host of new rules should be put upon them. That is what the government is asking us to do.
This is the same government that took years to answer the question of whether we will allow Huawei in our 5G infrastructure. It is a question that has infuriated our allies because they expect Canada to be a trustworthy party in the Five Eyes' intelligence and sharing. It has also infuriated the companies themselves, as many had hoped to utilize the technology. Now, I was against the use of Huawei, but these enterprises are in a competitive venture and will take any particular opportunity to compete and try to lower their prices. However, this government wasted years for that infrastructure to be procured. I believe this also infuriated many Canadians who wanted a simple yes or no on Huawei.
I think the government went through three public safety ministers who said that an answer was coming. Finally, it said no, answering Conservative calls for “no way to Huawei”. However, now it has put forward a bill that would essentially give the power to the government. For example, the government would be able to bring forward an order that could not be reviewed by Parliament. In fact, the Statutory Instruments Act is being exempted from both the telecommunications component in Bill C-26 and the new cybersecurity part, the critical cyber systems protection act.
I am the co-chair of the Standing Joint Committee for the Scrutiny of Regulations, which is a committee tasked by the House and the other place to ensure that when the government creates an order or regulation, it does not exceed the authority granted to it by Parliament. We are able to make sure that when a department or ministry is charged with a delegated authority that it does so justly, and in light of the legislation, that it does not, ultra vires, exceed it.
However, in the legislation before us, the government is effectively saying that it gets to place secret orders that cannot be reviewed by Parliament. Now, members may say that they can go to a justice to be able to have a case heard in court. Again, who can be designated under this proposed bill is an open question. Someone could go in front of a justice, but guess what, Madam Speaker? The government reserves the right to actually make its accusations in a closed-door fashion where a person or company does not have to be there to defend themselves against the evidence that is brought to the court. There, a person or company may be subject to an order that is so secret that it cannot even be said within a closed hearing with an independent judge.
Now, some may say, “Well, so what? It is for national security.” However, we actually do not know. There are so many different organizations that can make powers here. Everyone from the responsible minister to the appropriate regulator, the minister of foreign affairs, the minister of national defence, the chief of the defence staff, the chief or an employee of the Communications Security Establishment, the director or an employee of the Canadian Security Intelligence Service or any other person or entity that is prescribed in the regulations can exert power.
“Trust us”, says the government. The government wants us to give it this power, and it will choose who can use it on whom; Parliament will never know anything about it. Even if a person or company protests, they will not be able to hear the evidence in court as to why they must comply.
Granted, I believe that, within Canada's interests, we should have the ability to work with providers around concerns, but I have great reservations on this. This bill says, “Trust us.” The government says this repeatedly. When we ask questions about foreign interference or share concerns about Huawei, the answer is, “Trust us.” This is not a respectful way to do it.
Let me tell everyone about a respectful way to do these things. Having brought forward a bill, it would perhaps be respectful to bring it to the committee stage first. There is a process where a committee can have hearings on potential legislation before it comes to this place for second reading. This offers the committee the flexibility to begin hearings and mould whether those powers are going to be broadly met in this House. In a minority setting, that would have been ideal.
However, that is the past; the government has brought forward this bill and we are at second reading. What would have been even better is to look at the example of Australia, which decided to hold a number of different inquiries over a period of years. I know the government is very sore around the subject of inquiries these days, but these commissions were set up and asked what information government should have, as well as how and with what kinds of regulations data should be regulated by government. Essentially, it took the approach that someone's personal data is their own, and they should be able to direct it.
Over a series of commissions, some with 800-page reports, they decided on a process for making changes. They would focus on privacy, deciding what the government could keep and could not keep, and they went through that legislative process. Then they said they were going to regulate industry by industry. We should notice that the proposed critical cyber systems protection act casts such a wide net that it could be anything from pipelines to sewage water treatment plants or air transit systems.
We do not know because the government just says to trust it. However, I know, and I am sure others know as well from experience, that every industry uses different technology. Therefore, a one-size-fits-all, big, bossy government, as the member for Carleton would probably call it, does not have the touchpoints or the understanding. All we know is that these orders can be placed on any industry at any time and that those orders will never be looked at by Parliament. To me, the government is asking for too much.
Again going to the Australian model, Australia said it was going to start with data privacy rights in telecommunications, energy systems and banking. It picked the industry that it was going to focus on and made sure it got it right before putting forward the new rules that allowed for a steady process. Instead of a holus-bolus process where everything gets thrown into Bill C-26 with the government telling Canadians, members of Parliament and members of the other place to just trust it, we could have had smart legislation that would be reviewed at committee. Hearings could be held, and we could find out what is reasonable for each industry and what is not. From a privacy standpoint, we could also ask what the government means when it designates someone under this act. Does it mean a person or a company? What are their rights and responsibilities? Unfortunately, this is all on the government side; it decides, saying, “Trust us.”
My colleagues and I will be seeing this bill go to committee. However, I have to protest in this place that this is not the way to make our systems better and provide more trust in our institutions. “Trust us” is not an argument, and the government should know better by now.
1342 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I commend my Conservative colleague for his speech.
We have heard concerns about the fact that legislating in this manner and governing essential cybersecurity infrastructure could have an impact on the freedom of expression of Quebeckers and Canadians.
I would like to ask my colleague whether he believes it is possible to implement such legislation so that we can regulate and govern essential cybersecurity infrastructure as needed while protecting freedom of expression. I would like to hear his thoughts on that.
83 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, governments are made of people, and people make mistakes. After talking to many of our allies and seeing what our other Five Eyes partners in the United States, Great Britain, New Zealand and Australia have done, the government probably heard the feedback that it was a black eye that it took so long for Huawei to be banned from Canada's 5G infrastructure. This is now perhaps an overreaction to try to make up for that.
Let me say this. In this place, in this country, we want laws that are just, fair, and most of all, practicable. Unfortunately, this is a one-size-fits-all, big, bossy government that asks us to trust it because it knows the shots and will take them as it sees them. It has not done well in the past, and I believe that this overshoot is to respond to that lack of credibility with respect to Huawei. However, two wrongs do not make a right.
164 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, that was a great speech from my colleague. I think we would like to see him go on and on, because he has done such a great job.
It has been interesting to be here in the House today, as we listen to the different members from parties talk about the legislation and how important it is. I think there is recognition from all parties within this House that the bill will go to committee and that the committee will have some serious work in front of it, to take a bill that is kind of so-so and put some teeth into it, and make it into something that will work for all Canadians.
I am going to focus mainly on the critical infrastructure part of the legislation. It is so important that we get this right and make sure we have our critical infrastructure protected going forward and make sure we have the tools to keep it protected.
There is a war going on in Europe right now, in Ukraine. We saw that when Putin attacked Ukraine, one of the first things he did was attack certain facilities through cyber-attacks. Ukraine did not have proper protections in place and did not have the tools in place. All of a sudden Putin was able to turn the power off and do things to destabilize local governments. This allowed him to take advantage of the scenario, to move in, take advantage of the territories and conquer those territories. That is just one example of many around the world where cyber-attacks have been used ahead of brutal land attacks. We can see this being used in other ways to influence Canadian politics, or politics around the world, just by how they go about conducting that type of cyber-attack.
It would be really interesting, but it would not be interesting, as I do not ever want to see it, where all of a sudden the natural gas pipelines shut down in the middle of 40-below weather in Saskatchewan. That would be a huge hit to people in Saskatchewan. That would be a hit to our economy. It would be very serious to our seniors and people living without any other means of heating. All of a sudden we could have a cyber-attack, and the gas line would be off, and furnaces would not be working for 12 hours, 18 hours or 24 hours. Our houses would freeze up and our water pipes would break. These are the types of things that could happen with a cyber-attack.
What if our power grid were under attack? What would that mean to Ontario and Toronto, for getting people to and from work? What would it mean to our electric cars, if all of a sudden we did not have any ability to charge them or get them from A to B? What would that mean for people in hospitals, where the hospitals would need a generator to run the emergency services? If someone was getting surgery or was in an accident, they might not get the medical treatment that is required.
These are reasons we need to make sure we are doing everything we can to protect ourselves from cyber-attacks. These are some very simple reasons.
The committee is going to have some very interesting things to do to deal with the legislation. I think that is a good thing. I think we have identified here today some of the flaws in the piece of legislation: some of the oversight flaws, some of the flaws in regard to the sharing of information and why they are important to be addressed as we go forward.
We can look at, for example, the sharing of information. I was at the University of New Brunswick in 2017, and they said one of the issues they had with cybersecurity attacks was that somebody might be attacked, but might not share the information on what the attack was and how it happened for fear of liability. For example, in such a situation, if a hospital was attacked, it may not necessarily want to share that information with anybody else for fear of liability, if all of a sudden the records of patients had been confiscated by somebody part of the attack.
In the legislation before us, if we get it right, they should be able to share that information. They should be able to share it with a variety of different critical infrastructure facilities to make sure they put the appropriate patches into their software so that same person who attacked that hospital cannot attack another hospital, attack the electrical grid or use malware, or whatever means they used to attack that hospital, and so it does not happen anywhere else.
That would be a good thing. We have to make sure the legislation can reflect that and allow that information to flow between different parties, so we can keep protecting ourselves in a fluid situation. I think that is something we will see in the legislation, if it is done properly.
We know oversight is very important. Canadians have to trust that the oversight bodies and the people who are putting in these regulations and monitoring these regulations have accountability and that they are accountable back to Parliament. It cannot be just to the minister. We have seen situations in the past with the current government where accountability goes to the minister, and Parliament never really finds out what actually went on and what goes on, and Canadians are in the dark.
We can look at SNC-Lavalin. There is a classic example where we did not see all the details of what was going on in a situation. We can look at what was announced today, how the government is going to leave the investigation into Chinese election interference to NSICOP. That is something the Chinese would do. They would create a committee and say they were going to investigate themselves in their own committee and then make sure it is never public. That sounds rather Chinese to me, but that is happening here in Canada, and Canadians do not accept that. That is why it is very important that there be public oversight and that there be the ability to make sure these bodies and the government are acting in a fair and responsible way.
Some of the civil liberties groups have said that there are some serious concerns with this legislation. They should be brought in front of the committee and listened to, and then the committee should try to figure out how to address those concerns, to make a better piece of legislation.
We have seen the Liberal government react and react and react, in so many situations. To me, this looks like another example where it is reacting. It is basically just doing lip service and then it will throw it to the committee to do the work. This should have been done a long time ago. For eight years, we have been vulnerable. What could have happened in those eight years could have been life-changing for a lot of Canadians, because of the lack of forethought or good policy out of the Liberal government.
If we think about it, it is a talking point that the Liberals have done here. They have put some stuff together and thrown it into the House to say they are working on cybersecurity, but it is half done. The committee is now going to have to do the rest of the job, to actually finish it and hopefully get a good piece of legislation.
That is in question, because we do have a Liberal-NDP government here. They tend to side with each other all the time. Will they side together here, or will they actually take a step back and say, yes, we have to do what is right for Canadians and address the issues that have been raised by different associations and different groups? Are they going to look at what they can do to make this a better piece of legislation, or are they going to stick to their partisan angles and dig in their heels? If they do that, the people who really lose out are Canadians. They are the people who will be impacted by a cyber-attack, because we did not put the proper safeguards in place.
We should not think that this will not have an impact on our economy. A good example we have just seen is the cyber-attack on Indigo last week. Its computer systems are down as we speak. It is telling customers they cannot buy books online. They actually have to go to a storefront to buy their books because of a cyber-attack, a ransomware attack.
We have seen, over and over again, different schools and universities facing these types of attacks. They need to know that the government is there and is going to be there to help them. They need to know that the people who are doing these attacks will be identified and somehow dealt with, if possible. We understand that a lot of these attacks happen from Russia or North Korea, outside of our territory, but when they happen from within Canada, we want to make sure that the people who are doing these types of things are properly dealt with. We want to make sure that this does not happen again. We want to make sure we learn from the experience so it cannot happen again.
There are lots of things in this legislation that can be really good if it is dealt with properly, but it has to go to committee. I think Conservatives have been very clear. We want to see this go to committee. I just hope the committee members are able to actually do the work that is required to take a piece of legislation that is mediocre at best and make it into something that will work for all Canadians.
1676 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I really appreciate the debate and the questions my colleague posed.
I think most Canadians back home watching this are wondering what the technical nuances are of everything we are discussing with respect to this legislation. We have even had some members of Parliament stand up here and say that they do not feel properly equipped to have this conversation.
I think one thing that everybody back home can relate to is seeing something on the news stating that the credit card information of a million people has been stolen or the data of some businesses that might have their personal information is now being held hostage in a ransomware attack. That is why this is a very important debate. I will be speaking about this a bit later.
I think the bill is missing the component of protecting the personal information of Canadians. Can my colleague tell us his thoughts on the bill in this regard? My speech will focus on the advances in technology and network infrastructure, as well as the rapid pace of technological development. With this bill, would we actually be able to keep up with the threats we are facing?
197 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, I appreciate the fact that we have the ability to have this debate in the House of Commons today. It has been lively, and I have enjoyed it, but I am going to remind Canadians, who might be watching at home, and my colleagues who are here, just how rapidly technology has advanced in the course of our lifetimes.
One of the last jobs that I did prior to becoming a member of Parliament here in the chamber was as a tenured faculty member at Red Deer College in Red Deer, Alberta, where I was a member of the computer systems technology department. I taught computing systems to students there for a number of years. It was a great job with brilliant minds of the young people who had come to that college.
I learned all about computing when I was an adult. I did not have the privilege of growing up inside a computer. Those of us in the room who are old enough to know, back in the mid-1990s, an old IBM 386DX used to cost hundreds, if not thousands of dollars, for computing power that right now would not even match an outdated, obsolete iPhone.
I would remind the people watching what the significance of this debate is and why the legislation we are discussing, and hopefully sending to committee, is so important.
If we go back to the 1960s, the development of ARPANET is where the foundations of the Internet started. The transmission rate of data at ARPANET, which was a military defence network, and as I said, the founder of the Internet, was 56 kilobytes per second. Now, in 2022, we are at 5U, which is 100 megabits per second. This is an absolutely astounding rate of growth in the ability to move information from point A to point B.
The growth since 1983 is based on Nielsen's Law on bandwidth. Basically, every year we increase the capacity to send information over a network by 50%, which is an exponential number that keeps going up. It is not 50% of where we started from. It is 50% from now. If we could do compound interest in the financial system that would give us a 50% compound interest return, we would be doing quite well. However, this is how fast the network processing, or the bandwidth, is growing in the world.
If we take a look at Moore's law, when it comes to the ability of microchip processing, transistors on a microchip double every two years, which is what they said back in the mid-1960s. In 1970, there were just over 1,000 transistors on a microchip. Now, there are 50 billion transistors on a single microchip. That is an insane amount of computational power, and coupled with the bandwidth that I just talked about, leaves us in a situation where parliamentarians and politicians need to be cognizant of the scale of the capacity of what we are talking about.
Let us go back to the early 1990s and a computer at that point in time. We measure computational power in things like FLOPS, or floating point operations per second, and MIPS, or million instructions per second. A computer back in the early 1990s could do under 1,000 calculations per second. Today, we are well over a billion computations per second, and that is floating point operations, which are more complicated than even just the millions of instructions per second. We can just take a look at that efficiency.
When we talk about going back to original computers, we talk about the Harvard Mark II, which I think weighed 23 tonnes. Now, with today's technology, the demand of energy per unit of processing or unit of computing power has actually been cut in half every 18 months, which means that every 18 months, the amount of energy and power that it took to do the same job is now half of what it was. This is allowing for massive growth. We see things springing up all the time. We have Bitcoin mining operations using massive amounts of electricity. Can members imagine if we tried to use that much electricity using older computers? It would have been absolutely astounding.
On storage, I am not talking about memory in the computer, and I already talked about the microchip storage. However, when I was teaching at Red Deer College, we got these hard drives that came in so that we could play around with a hard drive. Now, I am mostly a software guy. I was a programmer and database administrator, but I had to learn a little bit about the hardware.
We had a 420-gigabyte hard drive. It might have been a megabyte, but I think it was a gigabyte, but oh my goodness. I remember we had 20-gigabyte hard drives. Who can remember when they were excited about having a 20-gigabyte hard drive?
In the 1950s, if we go back to early computing, the cost to store one terabyte of data, using that technology and working backwards on the cost of a unit of storage and the evolution of computing, it would have cost over $100 trillion. Today, for less than $100, people can go to a computer store and buy a hard drive or a disk for their computer that contains well over a terabyte of data.
Why is this history lesson so important? It is because we are moving into an age of artificial intelligence. Some of my colleagues have expanded upon the importance of artificial intelligence in their speeches earlier. I listened with great anticipation to what they said.
What does the requirement for computational power and bandwidth require for artificial intelligence? Today's computers, looking at artificial intelligence, are actually using something called petaFLOPS, that is 10 to the 15th, a quadrillion floating point operations per second. That computational power exists in our networks that are out there that are now hooked up with 5G networks that can operate at 100 megabits per second.
The amount of technology and the availability of technology and the ability of that technology in today's standards are absolutely amazing. In fact, because of these advances in technology, we now have some pretty amazing facts. A television today, a software game, any of our intelligence toys, anything that requires computing is 35% lower in cost relative to income than it was just 20 years ago. Meanwhile, college tuition, education and so on have gone up over 150% in the same time frame. That tells us the vast amount of research and technology that has been put in place on the development of this technology.
That is why it is so important. Artificial intelligence is a conversation that we should be having in this House, and cybersecurity is certainly a part of that. Everybody knows, we are watching the news, and we see some great potential uses. That is the thing; everything that is designed to make our lives better, more efficient and more productive could also be used for evil.
I am not accusing anybody of using it for evil. That is not the point I am making. However, everything we want to use for good, somebody else could use with malicious intent.
I will just give a couple of examples. We have had the conversation today about the amount of personal information that has been lost, hacked and held hostage through various cyber-attacks. We know that the People's Liberation Army in China has tens of thousands of people working, just in their cyber-attack divisions alone. Just to keep in mind, for the people who are watching at home, Canada's entire military hovers between 60,000 and 70,000 people. The People's Liberation Army, just in their cyber-intelligence division alone, would have more people than the entire Canadian Armed Forces across all three of our divisions.
These are the folks, coupled with our security establishment, who need to have the tools to defend us, our networks, our infrastructure and all the critical things that we do. We are talking about hospitals, electricity grids and all these things. Imagine something as simple as a driverless or autonomous vehicle. An autonomous vehicle can now drive itself, and the reason it can do it is because we have that 5G technology, and we have the cameras and the ability for that car to make intelligent, informed decisions at the calculation rate, because of the advances in computers that I just talked about. Imagine what somebody with malicious intent could do with an autonomous car, if they wanted to.
That is why we have to get the cybersecurity question right in this debate. If we leave our systems vulnerable, if we leave ourselves open to the possibility, and we are never going to be perfect, and for everything we do, somebody with malicious intent could find a workaround for it, so we have to keep it up to speed.
With all the facts I just talked about, the doubling of technology and computing power and the halving of electricity requirements, we need to be very clear. This is the one piece of advice that I will offer to my friends across the way in the government, because this is too important not to be working together on this. The technology is growing and developing at such a rapid pace that I really do hope that we and the government have the ability to put in some clauses to review this, because it is just so important that we get this right and constantly review our cyber defences and cybersecurity in this country.
1618 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
