- Member of Parliament
- Liberal
- Scarborough—Guildwood
- Ontario
- Voting Attendance: 62%
- Expenses Last Quarter: $111,926.23
- Government Page
- Jun/21/23 4:47:35 p.m.
- Watch
Mr. Speaker, I have the honour to present, in both official languages, the fifth report of the Standing Committee on National Defence, entitled “The Cyber Defence of Canada”.
Pursuant to Standing Order 109, the committee requests that the government table a comprehensive response to this report.
I want to commend all members who had such a co-operative and hard-working attitude toward the development of this report.
70 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, the hon. member seems to be concerned about the enforcement powers in this legislation. However, without those enforcement powers, it would be kind of a useless piece of legislation.
If I am sending an email to him to go over there, somehow or another, his entity may be the weak link. If, in fact, he is concerned about his piece of the infrastructure, the problem is: How would he propose changing that without some sort of significant power on the government's part to make sure that his piece of the cyber-infrastructure is not the weak link in the entire system?
104 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I would be interested in the hon. member's thoughts on how we protect rights without going down the rights rabbit hole that leads to paralysis with respect to a space that is going so fast that very few of us can actually comprehend how fast it is moving.
51 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, I pretty well agree with everything the member said. However, what I am concerned about is that partisanship is a debilitating exercise around here and this is serious business.
Does the member have any thoughts as to how to innoculate this bill, in particular, from the partisanship that may inevitably follow it? Then we can deal with this as serious legislators and serve all of our public.
69 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, the brief answer is no. I think we will always be playing catch-up. In this case, things are moving so quickly.
24 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, that is two impossible questions in a row, and I congratulate the member for them.
The first was whether cyberwarfare should be declared an act of war. To my mind, an attack is an attack. If someone is running cars off the road, or interfering with pipelines or hospitals, they are putting people's lives at risk and sometimes even killing them. That does strike me as an act of war.
The second issue, and the member was probably there when I raised that question with one of our witnesses, was our levels of classification for information. The question I put to one of the witnesses was as follows: I have been in on some of the security briefings, and I am sitting there wondering whether I read it two weeks ago in The Globe and Mail. We seem to have a very high threshold of classifications, and maybe this could be an opportunity to reduce that threshold.
160 words
- Hear!
- Rabble!
- add
- star_border
- share
Madam Speaker, that was an excellent question. I wish I had written it myself, but apparently someone, or something, else already had.
Prior to question period, I was sitting with my colleague from Scarborough—Rouge Park. He wrote a speech for me, through ChatGPT, on my modern slavery bill. We just sat there, and after he had fed in a few words, an entire speech was spit out. Yet again, we have another challenge for us as legislators.
I sometimes think that we are so far behind that we do not even know how far behind we are. Cheney said that we do not even know what we do not know. Bill C-26 is an opportunity to bring ourselves into the game.
124 words
- Hear!
- Rabble!
- add
- star_border
- share
Mr. Speaker, in some respects, Bill C-26 is quite complicated, but it is also quite simple. It aspires to have the risks of cybersecurity systems identified, managed and addressed so we are at much less risk because of our cyber system.
In the last while, I have had the good fortune to be the chair of the public safety committee in the previous Parliament, and I am now the chair of the defence committee. As such, I have listened to literally hours of testimony from people who are quite well informed on this subject matter. My advice to colleagues here is this: It behooves us all to be quite humble and approach this subject with some humility because it is extremely complex.
The first area of complexity is with respect to the definitions.
For instance, cybersecurity is defined as “the protection of digital information, as well as the integrity of the infrastructure housing and transmitting digital information”. Cyber-threat is defined as “an activity intended to compromise the security of an information system”.
Cyber-defence, according to NATO, is defensive actions in the cyber domain. Cyberwarfare generally means damaging or disrupting another nation-state's computers. Cyber-attacks “exploit vulnerabilities in computer systems and networks of computer data”.
Therefore, with respect to the definitions, we can appreciate the complexity of inserting yet another bill and minister into this process.
Let me offer some suggested questions for the members who would be asked to sit on the committee to look at this bill if it passes out of the House. I do recommend that the bill pass out of the House and, if it does, that the committee charged with its review take the appropriate amount of time to inform itself on the complexities of this particular space.
The first question I would ask is this: Who is doing the coordination? There are a number of silos involved here. We have heard testimony after testimony about various entities operating in various silos.
For instance, the Department of Defence has its silo, which is to defend the military infrastructure. It also has some capability to launch cyber-attacks, but it is a silo.
Then there is the public safety silo, which is a very big silo, because it relies on the CSE, CSIS and the RCMP, and has the largest responsibility for the protection of civilian infrastructure.
While the CSE does not have the ability to launch cyber-attacks domestically, it has the ability to launch a cyber-attack in international cyberspace. It is a curious contradiction, and I would encourage members to ask potential witnesses to explain that contradiction, because the more this space expands, the more the distinctions between foreign attacks and domestic attacks become blurred.
The bill would charge the Minister of Innovation, Science and Industry with some responsibility with respect to cybersecurity.
I would ask my colleagues to ask questions about how these three entities, public safety, defence and now the Minister of Innovation, Science and Industry, are going to coordinate so that the silos are operating in a coordinated fashion and sharing information with each other so that Canada presents the best possible posture for the defence of our networks. Again, I offer that as a suggestion of a question to be asked. We cannot afford the luxury of one silo knowing something that the other silo does not know, and this is becoming a very significant issue.
CSIS, for instance, deals in information and intelligence. The RCMP deals in evidence. Most of the information that is coming through all of the cyber-infrastructure would never reach the level of evidence, whether the civil or criminal standard of evidence. This is largely information, largely intelligence, and sometimes it is extremely murky. Again, I am offering that as a question for members to ask of those who come before the committee as proponents of the bill.
The other area I would suggest is to question is how this particular bill would deal with the attributions of an attack. To add to all of the complications I have already put on the floor of the House, there is also a myriad of attackers. There are pure state attackers, hybrid state criminal attackers and flat-out criminals.
For the state attackers, one can basically name the big four: China, Russia, North Korea and Iran. However, there are themes and variations within that. Russia, for instance, frequently uses its rather extensive criminal network to act on behalf of the state. It basically funds itself by with proceeds of its criminal activities, and the Russians do not care. If one is going to cripple a hospital network or a pipeline or any infrastructure on can name, then they do not care whether it happens by pure criminal activity or hybrid activity or state activity. It is all an exercise in disruption and making things difficult for Canadians in particular. We see daily examples of this in Ukraine, where the Russians have used cyber-attacks to really make the lives of Ukrainians vulnerable and also miserable.
The next question I would ask, and if this is not enough, I have plenty more, is on the alphabet soup of various actors. We have NSICOP, CSE, CSIS and the RCMP. I do not know what the acronym for this bill will be, but I am sure that somebody will think of it. How does this particular initiative, which, as I say, is a worthy initiative to be supported here, fit into the overall architecture?
Finally, CAF and the defence department are now doing a review of our defence posture, our defence policy. Cyber is an ever-increasing part of our security environment and, again, I would be asking the question of how Bill C-26 and all of its various actors fit into that defence review.
978 words
- Hear!
- Rabble!
- add
- star_border
- share
- menumenu
- notificationsnotifications
- home
- mailmail
- searchsearch
