44th Parl. 1st Sess.
March 6, 2023 11:00AM
Madam Speaker, it is always an honour to rise in the House, especially when I can talk about safety and security.
I always try to enhance safety and security for Canadians at home and abroad, for our corporations that are major contributors to our economic base, and of course, for government institutions. Today, discussing cybersecurity in Canada is an opportunity to enhance our country's ability to protect us from cyber-threats.
Security is a significant concern for all Canadians. Lately, with the rise in organized crime and gang offences to the tune of a 92% increase in gang crime, I have to wonder when the government will be led by evidence, or in other words, provide evidence-based action. It is extremely important for our country to have cybersecurity to protect itself from threats, and I welcome Bill C-26. However, I am apprehensive about how successful this bill may be since accountability is a question that the opposition brings up every day in this House.
Bill C-26 is basically divided into two parts. The first part aims to amend the Telecommunications Act to promote the security of the Canadian telecommunications system. It aims to do this by adding security as a policy objective to bring the telecommunications sector into line with other infrastructure sectors.
By amending the Telecommunications Act to secure Canada's telecommunications systems and prohibit the use of products and services provided by specific telecommunications service providers, the amendment would enforce the ban on Huawei Technologies and ZTE from Canada's 5G infrastructure, as well as the removal and termination of related 4G equipment by 2027. Of concern is the time it took the government to react to enforce the ban on Huawei.
The second part aims to enact the critical cyber systems protection act, the CCSPA, which is designed to protect critical cybersecurity and systems that are vital to national security or public safety or are delivered or operated within the legislative authority of Parliament. The purpose of the CCSPA is to ensure the identification and effective management of any cybersecurity risks, including risks associated with supply chains and using third party products and services; protect critical cyber systems from being compromised; ensure the proper detection of cybersecurity incidents; and minimize the impacts of any cybersecurity incidents on our critical cyber systems.
The effects of this bill will be far-reaching, and there are some points to consider: The government would have the power to review, receive, assess and even intervene in cyber-compliance and operational situations within critical industries in Canada. There would also be mandatory cybersecurity programs for critical industries, as well as the enforcement of regulations through regulatory and law enforcement with potential financial penalties.
Under both provisions, the Governor in Council and the Minister of Industry would be afforded additional powers.
If any cybersecurity risks associated with the operator's supply chain or its use of third party products and services are identified, the operator must take reasonable steps to mitigate these risks. While the bill does not indicate what steps would be required from the operators, such steps may be prescribed by the regulations during a committee review.
The act also addresses cybersecurity incidents; a cybersecurity incident is defined as an:
incident, including an act, omission or circumstance, that interferes or may interfere with
(a) the continuity or security of a vital service or vital system; or
(b) the confidentiality, integrity or availability of the critical cyber system
touching upon these vital services. It does not indicate what would constitute interference under the act.
In the event of a cybersecurity incident, a designated operator must immediately report the incident to the CSE and the appropriate regulator. At present, the act does not prescribe any timeline or indicate how “immediately” should be interpreted. Again, there is an opportunity to address this at committee.
There are some concerns with Bill C-26 as it is presently drafted. What the government might order a telecommunications provider to do is not clearly identified. Moreover, the secrecy and confidentiality provisions of the telecommunications providers to establish law and regulations are not clearly defined.
As has been brought up today, potential exists for information sharing with other federal governments and international partners, but it is just not defined. Costs associated with compliance with reforms may endanger the viability of small providers. Drafting language needs to be in the full contours of legislation, and that could be discussed at committee as well. In addition, there should be recognition that privacy or other charter-protected rights exist as a counterbalance to proposed security requirements, which will ensure that the government is accountable.
Some recommendations, or ones derived from them, should not be taken up, such as that the government should create legislation requiring the public and telecommunication providers to simply trust that the government knows what it is doing. Of course, this is a challenge. Telecommunications networks and the government must enact legislation to ensure its activities support Canada's democratic values and norms of transparency and accountability.
If the government is truly focused on security for Canadians, should we not be reviewing our gang and organized crime evidence? Our present policies have failed. Should we not look at the safety and security of our bail reform in an effort to prevent innocent Canadians from becoming victims?
Bill C-26 is a step in protecting Canada from cybersecurity threats. What is the review process to ensure compliance and effectiveness, as well as that goals are met?
In terms of bail reform, even though the evidence clearly shows that Bill C-75 has failed, we see that the NDP-Liberal government is not interested in reviewing bail reform. Cybersecurity is important to our country's security; so are victims of crime after their safety and security has been violated.
I am concerned that the government is struggling with evidence-based information to review Bill C-26, as it has with Bill C-75 and Bill C-5. These bills are not supported by evidence. In fact, offenders and criminals have a higher priority than victims do. My concern is as follows: If Bill C-26 requires amendments and review, will the government follow up? It is so important to be flexible and to be able to address changes, especially in a cybersecurity world, which changes so rapidly.
Bill C-26 proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security. Therefore, although late out of the gate, Bill C-26 is a start. However, since this bill proposes compliance measures intended to protect cybersecurity in sectors that are deemed vital to Canadian security, I would like to see individuals, corporations, and most importantly, the government held accountable. There should also be measures to ensure that the objectives of the bill are met and that there is a proper review process.
As I have stated, government accountability has not been a priority. For the proposed bill to succeed, there have to be processes for review and for updating the critical cyber systems protection act.
The failure of Bill C-75 on bail reform is clear with recent violent acts by murderers and individuals who should never have been out on bail. Today we are debating Bill C-26, and I would hope that there are lessons learned from our failure to review Bill C-75. In addition, we can learn from the failure of Bill C-5, as gang violence and organized crime rates are up 92%. Surely the government will open a door for review and making required changes to Bill C-26 on cybersecurity.
I am thankful for the time to speak on the responsibilities related to cybersecurity.
1289 words
All Topics
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I want to thank the hon. member for his speech today and for his many years in law enforcement. He certainly knows a lot about this file. Throughout the member's speech, the number one word he used, and we can check Hansard, was “accountability”, and also the frustration with the Liberal government on a lot of the bills that have been passed.
How does he feel on this particular bill on accountability?
77 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I am just going to read an excerpt from the bill, because it really encapsulates the answer to the member's question. It states the bill would authorize the Governor in Council, which is cabinet, “to designate any service or system as a vital service or vital system”. It would also authorize the Governor in Council “to establish classes of operators in respect of a vital service or vital system”. It also “provides for the exchange of information between relevant parties”.
We cannot currently do that. Our security and law enforcement agencies cannot transfer information without a judicial warrant. Why would we allow the government and cabinet to do that?
118 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
