Parliamentary Committee Notes: Opening Remarks for the Minister
Good afternoon.
Mr. Chair, honourable Senators, thank you for inviting me to discuss Bill C-26, An Act respecting cyber security.
Cyber threats have grown more complex, sophisticated, and are being undertaken by state and non-state actors alike.
Bill C-26, will protect Canadians and bolster cybersecurity across the federally regulated financial, telecommunications, energy and transportation sectors.
The Communications Security Establishment, or CSE, has said cybercrime is now the most prevalent and pervasive threat to Canadians and Canadian businesses.
The CSE's Canadian Centre for Cybersecurity has warned us of the many risks, with ransomware at the top of the list.
We've already seen the damage that such a cyber-attack can cause, when a U.S. energy company was the target of a ransomware attack in May 2021. A Russian criminal group extorted $4.3 million after they disrupted the largest fuel line in the U.S. This incident was so significant that it led to President Biden calling a national state of emergency.
Over the past two years, we have seen a notable increase in these types of cyberattacks in Canada.
Last year, CSE said a cyber actor “had the potential to cause physical damage” to a piece of critical infrastructure in Canada. Fortunately no Canadian infrastructure suffered physical damage. But as the CSE Cyber Centre said, “make no mistake, the threat is real”.
In June of last year, the Calgary Herald reported that Canadian energy company Suncor was the victim of a serious cyber incident that disrupted debit and credit transactions at Petro-Canada gas stations across the country.
Last March, the city of Hamilton was the latest victim of a ransomware attack that disrupted many of its online services.
These examples are just a few of the recent attacks that make it clear that Canada must act urgently.
The bill will allow the government to take security measures in response to cyber threats or vulnerabilities that threaten our national security.
Additionally, the act will increase information sharing between industry and government by requiring designated critical infrastructure operators to report cybersecurity incidents to the CSE's Cyber Centre, and industry regulators.
By mandating the sharing of this essential information, we will improve the government's awareness of the cyber-threat landscape across the country. When the government has a clearer picture of the threat facing critical infrastructure providers we can warn other operators of potential threats and vulnerabilities. C-26 will make one organization's detection another's prevention.
Further, designated operators of vital services and systems would be obligated to implement cyber security programs, mitigate supply-chain and third-party risks, and comply with cyber security directions.
the House Standing Committee on Public Safety and National Security also made a number of notable amendments as it relates to reasonableness, oversight, and privacy protection.
The Committee amended the bill to;
Add a reasonableness standard for the issuing of Ministerial Orders and Cyber Security Directions;
Implement robust review provisions to ensure that the National Security and Intelligence Committee of Parliamentarians, and the National Security and Intelligence Review Agency have the ability to review the government's orders and directions, and;
Reference explicitly The Privacy Act and the government's obligation to act in accordance to it.
Dear colleagues, this is historic legislation. It was adopted by unanimous consent in the other house.
More than ever, secure and reliable connectivity is a necessity for our daily lives and for our collective security.
This bill is consistent with legislation established by our Five Eyes partners. It will protect Canadians, the businesses and the cyber systems they depend on today and in the future.
Thank you.
- Date modified: