SoVote

Decentralized Democracy

House Hansard - 172

44th Parl. 1st Sess.
March 23, 2023 10:00AM
Context: House Hansard - 172 - Mar/23/23
Mr. Yves Perron (Berthier—Maskinongé, BQ)
  • Mar/23/23 11:00:17 a.m.
  • Watch
Madam Speaker, I will bring the debate back to budget requests. The earlier exchanges were not very respectful. I would like my colleague to speak about the agriculture sector and agri-food processing. Agricultural groups informed the government that they were expecting significant support to deal with inflation, especially newer businesses. Next-generation businesses currently have very high debt levels. They need some liquidity. Does my colleague agree that those sectors need support? Has he supported the creation of such measures within his party? We have to help the next generation. We also need an innovation program to improve agri-food processing, which is affected by a significant and very serious delay in infrastructure investment. We must not wait for it to be more profitable for a multinational to demolish a building and put up a new one because we do not know where the new one will be built. It is important that the government provide assistance for that. I would like to hear my colleague's reaction to that.
171 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Kevin Lamoureux
  • Mar/23/23 11:01:22 a.m.
  • Watch
Madam Speaker, our agricultural industries throughout the country are of critical importance. When the member talks about infrastructure, there is no government that has invested more in infrastructure, at least in the last 50, 60 or 70 years, than this government has over the last five, six or seven years. In agriculture, of course it is important. We have to be careful when we talk about interest rates or inflation. Let us do a fair comparison. Take a look at what is happening in the United States. Take a look at what is happening in the G20 countries. To say that interest rates in Canada are going up and that we are not comfortable with the inflation rate in Canada, yes, the government is aware of that. We are taking action. In relative comparison to other jurisdictions, we are doing well, but that is still not good enough. That is the reason why someone such as myself, being from the Prairies, looks at agriculture and the diversity of agriculture. I am very proud of how the pork industry, for example, has grown. I will add comments as—
188 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Mark Gerretsen (Parliamentary Secretary to the Leader of the Government in the House of Commons (Senate), Lib.)
  • Mar/23/23 11:29:41 a.m.
  • Watch
Madam Speaker, the member briefly touched on the electrical grid, the greening of that grid and the great success Quebec had seen around this. A number of recommendations in this report specifically talk about incentivizing electric vehicles and the infrastructure for electric vehicles. I think it is widely known that Quebec has led the way in providing that infrastructure for electric vehicles. Could the member speak to the incredible of success of Quebec in that area and how the rest of the country could benefit from the lessons that Quebec has learned?
92 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Gabriel Ste-Marie
  • Mar/23/23 11:30:25 a.m.
  • Watch
Madam Speaker, a significant portion of the Standing Committee on Finance's report, and the demands of the Bloc Québécois, deals with the electrification of transportation. One of the key components of transport electrification is the construction of charging station infrastructure so that drivers can charge their vehicles in various locations. That is well under way in Quebec and in British Columbia too, if I am not mistaken, where it is going well. Obviously, to make electric vehicles appealing, we first need to require dealers and manufacturers to have models available at the dealership, which is not always the case, even in Quebec. We are asking Ottawa to introduce legislation in that regard and also to build a network of fast charging stations. A car that has a range of 400 kilometres, or 250 kilometres in winter, has to be able to charge in different locations. The hon. members for Berthier—Maskinongé and Drummond can attest to that.
166 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Pat Kelly (Calgary Rocky Ridge, CPC)
  • Mar/23/23 1:29:25 p.m.
  • Watch
  • Re: Bill C-26 
Mr. Speaker, it is a pleasure to rise and join the debate this morning in the House of Commons. I will be sharing my time with the member for Fort McMurray—Cold Lake. Bill C-26 is a bill that addresses an important and growing topic. Cybersecurity is very important, very timely. I am glad that, in calling this bill today, the government sees this as a priority. I struggle with trying to figure out the priorities of the government from time to time. There were other bills it had declared as absolute must-pass bills before Christmas that it is not calling. However, it is good to be talking about this instead of Bill C-21, Bill C-11 or some of the other bills that the Liberals have lots of problems with on their own benches. Cybersecurity is something that affects all Canadians. It is, no doubt, an exceptionally important issue that the government needs to address. Cybersecurity, as the previous speaker said, is national security. It is critical to the safety and security of all of our infrastructure. It underpins every aspect of our lives. We have seen how infrastructure can be vulnerable to cyber-attacks. Throughout the world, we have seen how energy infrastructure is vulnerable, like cyber-attacks that affect the ability to operate pipelines. We have seen how cyber-attacks can jeopardize the functioning of an electrical grid. At the local level, we have experienced how weather events that bring down power infrastructure can devastate a community and can actually endanger people's health and safety. One can only imagine what a nationwide or pervasive cyber-attack that managed to cripple a national electrical grid would do to people's ability to live their lives in safety and comfort. Cyberwarfare is emerging as a critical component of every country's national defence system, both offensively and defensively. The battlefield success of any military force has always depended on communication. We know now just how dependent military forces are on the security of their cyber-communication. We see this unfolding in Ukraine, resulting from the horrific, criminal invasion of that country by Putin. We see the vital role that communication plays with respect to the ability of a country to defend itself from a foreign adversary, in terms of cybersecurity. I might point out that there is a study on this going on at the national defence committee. We have heard expert testimony about how important cybersecurity is to the Canadian Armed Forces. We look forward to getting that report eventually put together and tabled, with recommendations to the government here in the House of Commons in Canada. We know that critical sectors of the Canadian economy and our public services are highly vulnerable to cyber-attack. Organized crime and foreign governments do target information contained within health care systems and within our financial system. The potential for a ransom attack, large and small, is a threat to Canadians. Imagine a hostile regime or a criminal enterprise hacking a public health care system and holding an entire province or an entire country hostage with the threat to destroy or leak or hopelessly corrupt the health data of millions of citizens. Sadly, criminal organizations and hostile governments seek to do this and are busy creating the technology to enable them to do exactly this. The Standing Committee on Access to Information, Privacy and Ethics conducted three different studies while I was chair of that committee that were tied to cybersecurity in various ways. We talked about and learned about the important ways in which cybersecurity and privacy protection intersect and sometimes conflict. We saw how this government contracted with the company Clearview AI, a company whose business is to scrape billions of images from the Internet, identify these images and sell the identified images back to governments and, in the case of Canada, to the RCMP. We heard chilling testimony at that committee about the capabilities of sophisticated investigative tools, spyware, used by hostile regimes and by organized crime but also by our own government, which used sophisticated investigative tools to access Canadians' cellphones without their knowledge or consent. In Canada, this was limited. It was surprising to learn that this happened, but it happened under judicial warrant and in limited situations by the RCMP. However, the RCMP did not notify or consult the Privacy Commissioner, which is required under Treasury Board rules. This conflict between protecting Canadians by enforcing our laws and protecting Canadians' privacy is difficult for governments, and when government institutions like the RCMP disregard Treasury Board edicts or ignore the Privacy Commissioner or the Privacy Act, especially when they set aside or ignore a ruling from the Privacy Commissioner, it is quite concerning. This bill is important. It is worthy of support, unlike the government's somewhat related bill, Bill C-27, the so-called digital charter. However, this bill, make no mistake, has significant new powers for the government. It amends the Telecommunications Act to give extraordinary powers to the minister over industry. It is part of a pattern we are seeing with this government, where it introduces bills that grant significant powers to the minister and to the bureaucrats who will ultimately create regulations. Parliament is really not going to see this fleshed out unless there is significant work done at committee to improve transparency around this bill and to add more clarity around what this bill would actually do and how these powers will be granted. There have been many concerns raised in the business community about how this bill may chase investment, jobs and capital from Canada. The prospect of extraordinary fines, without this bill being fleshed out very well, creates enormous liability for companies, which may choose not to invest in Canada, not fully understanding the ramifications of this bill. There is always the capture. We have seen this time and time again with the government. It seems to write up a bill for maybe three or four big companies or industries, only a small number of players in Canada, and yet the bill will capture other enterprises, small businesses that do not have armies of lobbyists to engage the government and get regulations that will give them loopholes, or lawyers to litigate a conflict that may arise as a result of it. I am always concerned about the small businesses and the way they may be captured, either deliberately or not, by a bill like this. I will conclude by saying that I support the objective. I agree with the concern that the bill tries to address. I am very concerned about a number of areas that are ambiguous within the bill. I hope that it is studied vigorously at committee and that strong recommendations are brought back from committee and incorporated into whatever the bill might finally look like when it comes back for third reading.
1152 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mrs. Laila Goodridge (Fort McMurray—Cold Lake, CPC)
  • Mar/23/23 1:45:11 p.m.
  • Watch
  • Re: Bill C-26 
Mr. Speaker, it is wonderful to have an opportunity to speak to Bill C-26, an act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other acts. I think this is such an important topic, and it is something we need to be very aware of, especially in this increasingly digital era. We are seeing more and more attacks on cybersecurity happening here in Canada and around the world. I support the overall concept of the bill, and I want to see it go to committee so that we can have further study, as well as some amendments to alleviate some of the concerns that I, some of my colleagues and different stakeholders have brought forward. However, I have some questions I want to pose and put forward in the hope that the minister will have a plan to address some of them. One big question I have is that the bill is pretty vague when it comes to the definition of “critical infrastructure”. Coming from northern Alberta, critical infrastructure can look very different from what it would look like in a larger centre in an area further south. One of the things I immediately thought of was whether a pipeline would count as critical infrastructure. Frankly, in northern Alberta, at the very minimum, pipelines not only export our oil but also bring up gasoline and natural gas, which are the ways we heat our homes. Most homes, at least in the Fort McMurray area, are heated with natural gas. In the wintertime, specifically and especially, if somehow a natural gas pipeline were to be the target of a cybersecurity threat, that could actually have devastating consequences and cause thousands of people to freeze. I think this is the kind of question we have as to what exactly critical infrastructure is. One of the other big pieces is that critical infrastructure seems to be defined in terms of what small and medium-sized businesses and not necessarily different government actors have. Different layers of government have different pieces of infrastructure that could also be attacked by cybersecurity threats. I think of provincial governments. Some of the big pieces for cybersecurity threats would probably be in hospitals, but it could go far beyond just a hospital, depending on the community. In the case of a specific emergency, like a fire, flood or some other natural disaster, the definition of critical infrastructure might be very different. While I understand the idea of keeping it broad, a hacker or bad actor could specifically target an area in the case of an emergency or natural disaster because they know we are already in a weaker state. I think it is important to have some pieces in place so there can actually be plans to ensure that is not going to happen. That is something the legislation needs to define, and I would urge us to define it and specifically include pipelines as part of critical infrastructure. This is especially the case because we have gone into this space where so much is digitized. There is digitization in just about every aspect of our world, so it becomes a question of actually having to define some of these pieces. We cannot just leave this all up to regulation. I think some baselines need to be set out in this piece of legislation in order to make sure we are actually talking about the same things. In this way, we can plan for future pieces of infrastructure we do not currently know are important and part of this plan. While the legislation would give absolutely broad and sweeping powers to government, it does not seem to have any safeguards in place. I think the lack of safeguards is very concerning. I think back to the floods that were experienced in southern Alberta in 2012. Through the process of those floods, for a number of reasons that were not necessarily well defined, the RCMP decided to go into High River and seize guns. The RCMP made a decision not to seize guns in Calgary or other communities, but in High River, it decided to go in and seize guns. This is a piece where we need to be very careful and make sure we have some safeguards in place. Then, in the case where there is government overreach in trying to prevent a security threat, there is recourse available that is defined in the legislation. It should not be left to regulation, where it could be changed at the whim of a minister. This is so important. Another big, important piece that is scary to me is the fact that the government has all this work in place to make sure that small and medium-sized businesses, and other businesses, have security plans, which they must send to the government. However, what work is the government doing specifically to ensure that it is prevented from being part of a security threat? How many times has the federal government been hacked? In recent memory, it has been hacked a number of different times in different ways. This may be our email system or the House of Commons intranet. Some of these pieces are very much at risk. Is it a smart idea, from a security standpoint, to have everything housed in one place? What kinds of safeguards would we have such that information is not accessible should that aspect of the government be hacked? In turn, we want to make sure hackers do not find out all of our security plans so they can get around them or mess with things they identify as unprotected. That is one of the interesting pieces. The bill also stipulates that businesses are to share with government but not that the government has to share with businesses. While I understand part of why the government would do that, I think having a two-way dialogue when it comes to this information is going to be important. We should be trying to work towards best practices whenever possible. An organization in one part of the country might be doing something that is innovative and substantially safer for all Canadians that prevents security threats compared with another part. Such information should be shared, not just held by government, so we can build on best practices in case there is an emergency at some point. The other big question I have with respect to this bill is: What has the government done to work with municipalities, provinces and first nations governments to ensure that this is going to respond to their cybersecurity threats and cybersecurity needs? This is a piece where I do not want to let perfect be the enemy of good. Quite frankly, we are not going to know what the next big threat is; however, we need to make sure we are protected and must try to apply as many best practices as possible so that we do not open ourselves up to unintended risks. This is about making sure we are taking care of all the little links in the chain. We can have a very robust system and an amazing plan in place, but if we have one weak link, it counts for nothing. That is why we need to send the bill to committee now. We need to have some very robust conversations with security experts from around this country and the world to make sure we do not have any weak links in the chain. All it will take is one weak link for this entire pyramid to collapse. It will crumble apart. This is something that, as Canadians, we all need to be prepared for and ready to address, as well as having meaningful and robust conversations around it. With that, I am thankful for this opportunity.
1305 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Ryan Williams (Bay of Quinte, CPC)
  • Mar/23/23 4:15:40 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, these are the words spoken yesterday by President Xi of China to Vladimir Putin as they departed company in Moscow: “Change that hasn’t happened in 100 years is coming and we are driving this change together.” Their meeting, which took place under the shadow of Russia's onslaught in Ukraine, was one that the experts stated was a meeting to build Russia's and China's alignment against the U.S. and the west, “and a world order more suited to their more autocratic agendas”. Before us is a very serious bill at a very serious time, and it also would work in coordination with a lot of other serious bills we have on the floor right now. Bill C-34 is on the Investment Act, which looks closely at what investments are security minded and good for Canada. Bill C-27 would enact the consumer privacy act and look at the protection of Canadians' privacy. We have stated all along that privacy for Canadians needs to be a fundamental human right. The bill on interoperability and the right to repair look at different ways in which we are dealing with our IP and technology in Canada. Today at the science and research committee, we continued the study of IP commercialization, ensuring we can develop technology and hold technology in Canada. We lose a significant amount of our IP to the Americans, to other nations and to foreign entities. We talk about the world order and what is happening in the world. Albert Einstein famously said that he was not sure what weapons would be used in World War III, but that the weapons of World War IV would be sticks and stones. The weapons being used right now are joysticks and software. We should make no mistake that, at this moment, we are already at war. We are not only talking about Ukraine. The member previous spoke about some of the attacks that are happening from a centre of cyber-attacks in Ukraine. Cyber-attacks are happening across the world, and they are happening right now in Canada. There has been a lot of different alarming statistics on cyber-attacks and malware attacks in Canada. We know the Canada Revenue Agency was attacked in August 2020, impacting nearly 13,000 Canadians, who were victims of that. There was also a hospital in Newfoundland in October 2020 where cybersecurity hackers stole personal information from health care employees and patients in all four health regions. That affected 2,500 people. Black & McDonald, a major defence and security company and contractor, was hit with ransomware just two weeks ago. That is our security being hit by the very thing it is trying to protect us from. Global Affairs Canada was attacked in January 2022 right around the time Russia engaged in the illegal invasion of Ukraine. It was reported that it may have been Russian or Russian state-sponsored actions responsible for the cyber-attack on Global Affairs. Most famously, there was a ransomware attack on critical infrastructure in the United States back in May 2021 where pipeline infrastructure was attacked. President Biden, who will be here tomorrow, issued at that time a state of emergency, and 17 states also issued states of emergency. It was very serious, which shows the capabilities of some of those cyber-threat actors. With ransomware, there are companies that attack companies and then demand a ransom or money before they return those computers or the networks back to the owners. It is now worth $20 billion. That is how much money ransomware is costing businesses. Back in 2016, it was only $5 billion. The technology is rapidly advancing, and it is a war. It is a war that is affecting Canadians at this very moment, and it is something we have to be very serious and realistic about looking at what cybersecurity is, what it means and what we have to do as Canadians and as a Canadian government to combat attacks. We know that the bill is something we support. We, of course, support the bill. Cybersecurity is very important, and as the member noted earlier, we have to make it right. We do not have time for a flawed bill or to race something through. Because of the advancements and because of the need to be very serious and realistic about cybersecurity, let us make sure we get the bill to committee and make sure then that we look at certain amendments that would get it right. The question at this very moment is whether the government is taking this seriously enough. Despite a ban on Huawei announced by the government in May 2022, this week it was ascertained by the member for Dauphin—Swan River—Neepawa, as we were talking about IP commercialization in the science and research committee, that UBC is still working with Huawei after May 2022. The minister assured us that Huawei was banned, that Huawei was done. Of course, there were reports months ago of a crackdown on IP being stolen and shared from Canadian universities. It has already been projected that 2023 will be the worst year for ransomware, for cybersecurity and, of course, for IP leaving Canada. We have to take this seriously, and I know that members across the way have talked about it. Of course, this bill does that, but we need to be serious. We need to talk about cybersecurity, which means being realistic and bold in how we counter, and how we aid the west in winning, the war over cybersecurity. There are amendments to the bill that we would like to see. Number one is to ensure that we protect and safeguard our national security and infrastructure. I know a member talked earlier about the different silos that exist. Probably the most important function is to ensure that silos in the government dealing with cybersecurity are talking to one another. The Americans deal with their cybersecurity concerns through the National Security Agency, the Department of Homeland Security, the Federal Bureau of Investigation and the Department of Defense. They all work alongside each other to enhance the cybersecurity establishment that was developed in 2018. Similarly, Canada has the Communications Security Establishment, part of which is the Canadian Centre for Cyber Security, but as a member noted previously, is it talking to NSICOP and CSE? Are we making sure we are talking to the different departments? We know that the government is pretty large and unwieldy. We have to make sure that these departments are working together. We also have to make sure we are looking after our businesses, as 40% of Canadian SMEs do not have any cybersecurity protection. It is going to be very costly for those businesses to implement that. As a business owner, I know the single biggest cost when it comes to cybersecurity is actually insurance. Insurance premiums just for cybersecurity attacks are going up and up. Every year they have increased by 20% to 30%. Of course, that is aligned with the $20 billion we are seeing from malware and ransomware across the world and the increase in cyber-attacks. We have to make sure that we help our businesses, so perhaps we need to look at tax credits. One thing we can do is ensure that we share best practices and that businesses get support from the federal government to enhance their cybersecurity. Another concern we have is how much power the minister will get, as the minister is supposed to get all the power. We have seen this with other bills. We have seen this in bills on the right to repair and interoperability. We have seen it in Bill C-27. Perhaps it is better to look at an ombudsman. We have talked about the Governor in Council and orders in council, but we want to hear from the security experts at committee to ascertain who exactly should be making these decisions instead of bringing them back to one minister. This bill right now could fit under the INDU committee and the industry minister, but it is going to the public safety committee, so already we have two different departments managing this bill. Why does one minister have to handle it? Why can it not be a broader process to ensure that we are seeing some congruence? Privacy is something we talked about quite a bit. We will be debating Bill C-27 in the House tomorrow, and I certainly feel that privacy needs to be a fundamental human right. Part of this bill has different groups and organizations concerned about how we are protecting Canadians' right to privacy. When they lose their privacy, who is responsible for that? There will be a lot of different witnesses coming to committee. When we look at cybersecurity, we have to ensure we are protecting Canadians' fundamental right to privacy and ensure we are doing all we can so that if their privacy is breached, Canadians can find some relief. We have talked about Bill C-27 and a tribunal, and maybe giving more powers to the Privacy Commissioner, who should have more power to look at whether we should go after criminals or organizations for breaches. We also have to look at the law and at what we are doing to go after criminals who are engaging in cyberwarfare and who continue to be a threat to Canadians. Russia and China are very concerning right now, and there are a lot of different reasons for that. Russia is growing increasingly reliant on China as both an import market and an exporter of electronics. Both leaders are building a closer energy partnership on oil, gas, coal, electricity and nuclear energy. They are going to build the Power of Siberia 2 pipeline through the territory of Mongolia. This is important because Taiwan is coming up—
1658 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Luc Desilets (Rivière-des-Mille-Îles, BQ)
  • Mar/23/23 4:27:34 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, like all members of the House, I believe, experts are concerned about Chinese equipment in our critical infrastructure, especially telecommunications infrastructure. Should the Liberal government not be very concerned about the presence of Liberal MPs in its own ranks who are a threat to national security in their own way?
52 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Ryan Williams
  • Mar/23/23 4:28:00 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, absolutely. We are seriously concerned in an ever-evolving world about national security, cybersecurity, infrastructure and investment security, protecting Canadian interests in IP and making sure we have fair, open and honest inquiries. If there are breaches and interference in our democracy, they should be tackled openly and honestly. We are certainly asking for that every day, and when it comes to the bill before us, it is no different. We are at war with joysticks and software that threaten our infrastructure and the very livelihoods of Canadians and Canadian businesses. Let us get this right. Let us work together openly and honestly and make sure that we pass a good bill that protects Canadians.
117 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Larry Maguire (Brandon—Souris, CPC)
  • Mar/23/23 4:48:11 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, as I rise to speak today, all of us in this place are acutely aware of the deeply concerning realities of foreign interference in Canada’s affairs. The Government of Canada cannot afford to ignore this troubling trend. While there are many angles from which we must consider how best to protect our national interests, as we examine the content of Bill C-26 we are focused primarily on matters related to cybersecurity. There is no question that Canada’s critical infrastructure must be protected from cyber-threats. In our modern world, computer systems are integral to the provision of health care, powering our homes and businesses, upholding our financial systems and so much more. While these incredible tools of our time may not be visible to the naked eye, they are tremendously powerful and we cannot afford for these systems to be compromised. The consequences from a criminal's or a foreign adversary’s disruption of medical services in our hospitals or of our electrical grid would be incredibly dangerous and potentially deadly. In its 2021 “Special Report on the Government of Canada’s Framework and Activities to Defend its Systems and Networks from Cyber Attack”, the National Security and Intelligence Committee of Parliamentarians concisely listed what is at stake when cyber-threats arise: things like the personal information of Canadians; proprietary information, intellectual property and research of Canadian businesses and researchers; government policies and policy-making; security and intelligence information and operations; and the integrity of government systems, to name a few. I was grateful to hear the Minister of Public Safety, when introducing this bill, say that cybersecurity is national security. It is a simple statement, but it is true. If we truly recognize cybersecurity as an essential element of our national security, we are more likely to give it the attention it deserves. Bill C-26 is not perfect, as has been stated here, and we must ensure we protect the privacy of Canadians, nor will it be a cure-all for every cybersecurity weakness. However, I am fully behind updating our cybersecurity legislation. I hope the Liberal government is open to improving the bill at committee stage, and I will offer my support to get it to committee. The objective of this bill is solid: to equip government to quickly respond to cyber-threats. As any expert in the field would tell us, rapid response is critical when a serious attack is under way. However, there are key issues that remain with the bill as it is presented to us today. Make no mistake, this legislation would give the government the ability to insert itself into the operations of companies, and therefore their customers. As Christopher Parsons of the University of Toronto wrote in a critical analysis of the bill, “There is no recognition of privacy or other Charter-protected rights as a counter-balance to proposed security requirements, nor are appropriate accountability or transparency requirements imposed on the government.” As with any new power that a government gives itself, there must be extensive checks and balances. There must be transparency. Most of all, there must be oversight. What this legislation does not do is provide those much-needed guardrails. We need the safety oversight. Giving a minister the power to order a private company “to do anything, or refrain from doing anything”, particularly when it comes to the private information of its customers, is deeply problematic. While I understand that how the minister can wield this new power might be spelled out in future regulations, I believe it must be clearly outlined in the legislation, rather than leaving it up to cabinet to decide at a future date. We must also have a fulsome airing of what information the government could collect from companies and their customers. Almost every aspect of our lives is interwoven with digital information. From banking to how we do business and how we communicate, numerous companies have that information on each of us. Therefore, the question that remains is this. If we grant the government access to information from companies, even for the most altruistic reasons or for national security reasons, who is overseeing those government agencies? I can assure members that the government will not be giving new powers to members of Parliament or parliamentary committees to undertake that role. We can look no further than the stonewalling Parliament is receiving on foreign interference in our democracy now. It is absolutely imperative that oversight and guardrails be built into this legislation, and I implore my colleagues on the parliamentary committee that would be tasked with this legislation to do just that. The fact is that the government has trouble protecting its own sensitive information from cyber-threats. Many examples of cyber-attacks against the government have already been cited during this debate. There was the attack against the Canada Revenue Agency in August 2020, which resulted in 13,000 victimized Canadians. Global Affairs was attacked in January 2022. Canada Post has filed several breach reports after cyber-incidents, according to records from the Privacy Commissioner. If the government is unable to protect itself from cyber-threats, how can it be expected to protect the sensitive cybersecurity plans of private companies? The Liberal government would do well to lead by example before it can truly ask private companies to beef up their own cybersecurity practices. The weaknesses of the government’s own cybersecurity have been flagged over and over again. In September 2020, the National Security and Intelligence Committee of Parliamentarians announced its review of the government’s framework and activities to defend its systems and networks from cyber-attack. The review resulted in a number of findings, which deserve mention. First, the committee found that cyber-threats to government systems and networks “are a significant risk to national security and the continuity of government operations.” It also noted that nation-states “are the most sophisticated threat actors”, although the threats do not come from nation-states alone. Second, the committee found that while the government has implemented a framework to defend itself from cyber-attacks, “[t]he strength of this framework is weakened by the inconsistent application of security-related responsibilities and the inconsistent use of cyber defence services.” In plain language, the report found that not all federal organizations receive cyber-defence protection. The committee review identified that, while Shared Services Canada provides some cyber-defence services to 160 of 169 federal organizations, only 43 of those organizations actually receive the full complement of its services. Given these findings, the committee recommended that the government “continue to strengthen its framework for defending government networks from cyber attack” and apply and extend cyber-defence policies and practices equally across government. At the time, the Liberal government agreed with the recommendations that were put forward. While this was an important step toward acknowledging the issue, taking action is another thing entirely. Just days ago, a Globe and Mail headline read, “Ottawa makes little progress shoring up Crown corporations' cybersecurity”. The report noted that this is despite 18 months passing since the National Security and Intelligence Committee of Parliamentarians raised concerns about the possibility that Crown corporations, which are still not subject to the government’s cyber-defence policies, could inadvertently serve as gateways into the federal government’s well-protected systems. The public safety minister did not mention the NSICOP report and recommendations when introducing this bill, but I hope that the work of this committee, made up of parliamentarians from across party lines, can be helpful in enhancing the government’s own cybersecurity defences. As NSICOP has underscored, “The data of organizations not protected by the government cyber defence framework is at significant risk. Moreover, unprotected organizations potentially act as a weak link in the government's defences by maintaining electronic connectivity to organizations within the cyber defence framework, creating risks for the government as a whole.” In closing, the government is aware of these risks, but it has been slow to rectify the issue. While Bill C-26 covers another angle of this discussion, it does not address the problem of the government's own house. As I said already, cybersecurity laws need to be updated here in Canada. Bill C-26
1405 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mrs. Jenica Atwin
  • Mar/23/23 5:04:36 p.m.
  • Watch
  • Re: Bill C-26 
Madam Speaker, not only would Bill C-26 introduce the new critical cyber systems protection act, or CCSPA, to legally compel designated operators to protect their cyber systems, but it would also amend the Telecommunications Act to enshrine security as a policy objective and bring the sector in line with other critical infrastructure sectors. Being online and connected is essential to all Canadians. Now more than ever, Canadians rely on the Internet for their daily lives, but it is about more than just conducting business and paying bills. It is also about staying in touch and connected with loved ones from coast to coast to coast and, indeed, around the world. That is also why the Government of Canada is connecting 98% of Canadians to high-speed Internet by 2026 and 100% of Canadians by 2030. Our critical infrastructure is becoming increasingly interconnected, interdependent and integrated with cyber systems, particularly with the emergence of new technologies such as 5G, which will operate at significantly higher speeds and will provide greater versatility, capability and complexity than previous generations. These technologies certainly create significant economic benefits and opportunities, but they also bring with them new security vulnerabilities that some may be tempted to prey on. At this time, I want to bring the perspective of my constituents in the riding of Fredericton to this important debate today. Fredericton is home to the Canadian Institute for Cybersecurity at the University of New Brunswick, with a focus on disruptive technology and groundbreaking research. The institute provides hands-on support for community and industry partners as they face emerging threats, with company-specific, cross-disciplinary research. Led by Dr. Ali Ghorbani, Canada's research chair in cybersecurity, the institute generates datasets to help thwart malicious cyber-attacks and works in tandem with the National Research Council of Canada in an innovative hub model that will lead to discoveries and advancements in cybersecurity, including publications, patents and the commercialization of technology, as well as provide training opportunities for graduate students and post-doctoral fellows. Innovative cybersecurity research is conducted with a focus on Internet security, artificial intelligence, human-computer interaction and natural-language processing. I was honoured to welcome many ministers to my riding and to connect them with researchers and leaders in the industry to showcase how my community distinguishes itself in this sector. Fredericton is at the forefront of this new age and the challenges it presents, and I could not be more proud. Even if there is enormous potential for Canadian digital innovation and expertise in cybersecurity, and I am witnessing it every day at home, we also need to face the fact that cyber-threats are growing in sophistication and magnitude. In 2021, close to 200,000 businesses across the country were affected by cybersecurity incidents, and this number continues to grow. Each of those businesses is not merely a business. It is comprises hard-working owners and employees, with families to feed and bills to pay. It is all the more maddening that many of these businesses must spend precious amounts of time and money preventing or fighting back against these incidents, many of which involve stealing money or demanding ransoms. Canadian businesses have spent billions of dollars over the last years to detect and prevent cybersecurity incidents and, consequently, they have been experiencing downtime and a loss in revenue. Cybercrime is costly, and those who are bearing the brunt of it are Canadian businesses. We also know that at all levels of government, we have not been immune from these kinds of attacks, even, horribly, hospitals. Earlier this year, the Toronto SickKids hospital was targeted by a ransomware attack affecting its operations. Closer to home, in Atlantic Canada, a ransomware group was behind the 2021 cyber-attack that paralyzed the Newfoundland and Labrador health care system. Beyond the monetary implications, attacks like these have the real-life potential of impacting the health and safety of the ones we love, and we must do everything in our power as legislators to put in place effective safeguards. The effects on Canadians demonstrate beyond a doubt why we need to strengthen Canada's cybersecurity systems. As lawmakers, the least we can do is ensure that Canada and its institutions and businesses can continue to thrive in the digital economy and that our banks and telecommunications providers can continue to provide Canadians with reliable services. Bill C-26 would modernize existing legislation to add security to the nine other policy objectives in the act, bringing telecommunications in line with other critical sectors. The bill would also add new authorities to the Telecommunications Act, which would enable the government to take action to promote the security of the Canadian telecommunications system. As mentioned, in recent years, Canada's cybersecurity status has been tested by a variety of threat campaigns targeting critical infrastructure, businesses and individuals. The increase in digitization has led to the weaponization of digital tools and processes. This results in the disruption of critical systems and causes a lack of confidence in physical, psychological and economic well-being. I am proud of all the work that has been done to secure Canada's critical telecommunications infrastructure, but I do not want us to lose sight of the work still to be done. The advent of the COVID-19 pandemic was a catalyst for bolstering national and international cyber-defence practices, requiring improved policies, guidance and cyber-intel. Furthermore, given what is happening in Ukraine with the Russian invasion, we know that there are still military threats in the 21st century. However, we are also dealing with the emergence of new technologies that pose non-military threats. With rising geopolitical tensions, government-driven hostile cyber-operations are more prevalent now than ever, posing an increased threat level to Canada's national security, economic prosperity and public safety. In the 21st century, cybersecurity is national security, and it is our government's responsibility to protect Canadians from growing cyber-threats. That is exactly why we have developed Bill C-26. It contains a multitude of important measures to protect Canadians and Canadian businesses. It is a carefully designed, multipronged approach. Part 2 of this act would enact the critical cyber systems protection act to provide a framework for the protection of the critical cyber systems that are vital to national security and public safety. It also authorizes the Governor in Council to designate any service or system as a vital service or vital system, and requires designated operators to establish and implement cybersecurity programs, mitigate supply chain and third party risks, report cybersecurity incidents and comply with cybersecurity directions. Introducing the new critical cyber systems protection act would strengthen baseline cybersecurity and provide a framework for the government to respond to emerging cyber-threats. It is essential that we keep pace with the rapidly evolving cyber-environment by ensuring we have a robust, legislative framework in place. In short, Bill C-26 is essential to helping keep Canadians and their data safe. In a world as connected as ours, we cannot take that for granted. Once again, cybersecurity is national security. I am looking forward to this bill being sent to committee, and I encourage all members to join me in supporting Bill C-26 in subsequent readings.
1213 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Hon. John McKay (Scarborough—Guildwood, Lib.)
  • Mar/23/23 5:55:34 p.m.
  • Watch
  • Re: Bill C-26 
Mr. Speaker, the hon. member seems to be concerned about the enforcement powers in this legislation. However, without those enforcement powers, it would be kind of a useless piece of legislation. If I am sending an email to him to go over there, somehow or another, his entity may be the weak link. If, in fact, he is concerned about his piece of the infrastructure, the problem is: How would he propose changing that without some sort of significant power on the government's part to make sure that his piece of the cyber-infrastructure is not the weak link in the entire system?
104 words
  • Hear!
  • Rabble!
  • star_border
Context: House Hansard - 172 - Mar/23/23
Mr. Mark Gerretsen (Parliamentary Secretary to the Leader of the Government in the House of Commons (Senate), Lib.)
  • Mar/23/23 7:09:32 p.m.
  • Watch
Mr. Speaker, I will start by saying that Canadians know that climate change is one of the most pressing challenges facing our country and, indeed, the world. We continue to see the devastating effects in communities across the country as we endure fires, floods and severe storms at an increasing rate, as the member mentioned. It is essential that we do all that we can to anticipate and mitigate disasters related to climate change; limit damage to persons, property and livelihoods; reduce cleanup costs; and get affected communities back on their feet more quickly. The Government of Canada continues to work with our provincial, territorial and indigenous partners to make communities more disaster resilient. The $9.2-billion green infrastructure stream of the Government of Canada's investing in Canada infrastructure program is providing support for climate change mitigation, adaptation, resilience, disaster mitigation, and environmental protection. The Canada community-building fund provides permanent indexed funding to provinces and territories, which can, in turn, direct this funding to municipalities to support local infrastructure priorities. The five-year, $1.5-billion green and inclusive community buildings program will help to construct more community buildings and improve existing ones, while making them more energy efficient and resilient. In 2018, the Government of Canada launched the disaster mitigation and adaptation fund, which remains a key federal program for resilient infrastructure with a total program envelope of over $3.8 billion. The fund has, to date, committed $2.29 billion toward 81 infrastructure projects that directly help communities, such as the member's community, to better prepare for and withstand the potential effects of natural disasters, prevent infrastructure failures and protect Canadians. Recently, the Government of Canada introduced the country's first national adaptation strategy through the collaborative process with provinces and territories, indigenous partners and private sector, non-governmental organizations, adaptation experts, and youth. This landmark strategy establishes an overarching division and principles for climate resilience to set our transformational goals, objectives and targets, all which will guide the actions of the government, the private sector, civil society and individuals in Canada. The historic, whole-of-society approach to climate adaptation includes $1.6 billion in new federal funding to help protect communities across the country and introduces 84 specific measures to address the effects of climate change. The national strategy provides a framework for resilient infrastructure needs, such as roads, bridges and waste-water treatment. The result will be healthier communities, enhanced biodiversity, nature conservation and a more climate-resilient economy. It will complement the adaptation work and strategies of provincial, territorial and indigenous partners. We will continue to advance our shared priorities as we work with partners to build a climate-resilient country.
451 words
  • Hear!
  • Rabble!
  • star_border