Bill C-8

Madam Speaker, the private sector in general is ready to protect itself, especially on the cybersecurity front, otherwise it cannot really do business in this world. The government, on the other side, is not ready. It has been dragging its feet since the last Parliament by killing Bill C-26.

Will the hon. member be honest and tell Canadians why the government killed Bill C-26?

Madam Speaker, Bill C-26 was killed because of the Conservatives' irresponsibility last fall. That is the reason Canadians do not have it.

Let me extend a hand of co-operation to the Conservative Party. At the end of the day, we can all reflect about what came out of the last election. The Government of Canada cannot pass legislation unless it gets the opposition's co-operation. The opposition knows that. If every member of the Conservative caucus is put up to speak to every piece of legislation, we will not be able to pass legislation. That is why Conservative voters need to also be listened to. Everyone wants more co-operation. It is time that we are less political and more at work putting Canadian interests ahead of partisan interests. That is what Canadians of all political stripes want.

Madam Speaker, I want to reflect on something the member said about the last Parliament, which is that we engaged in some sort of frivolous activities. I hope he will reflect on that, because I do not think any hon. member would suggest that it is frivolous for the House to defend its historic privileges to demand any information it requires to make its decisions. I hope he will reflect on that.

The member spoke a lot about, in his comments, the problems that Canadians face with respect to cybersecurity. I would agree with him on many of them. However, he did not speak very much about the substance of the bill, so let me bring everyone back to the substance of the bill, and specifically the proposed subsection 15.1 (1) and 15 (2) orders, which would provide the minister or the Governor in Council sweeping powers to address what it calls “manipulation, disruption”, or anything.

I would hope the hon. member could help to assure me that those powers would not be used to crush dissent that it views as manipulation in the system.

Madam Speaker, I can assure him that will not be the case.

In terms of what took place last November and December, I would highly recommend to the member that he read the Hansard. He will find that the Conservative Party in particular was a destructive force on the floor of the House of Commons for going all out at preventing—

Resuming debate, the hon. deputy House leader.

Madam Speaker, I rise to speak in support of Bill C-8, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts.

This legislation is a necessary, measured step to protect systems that Canadians rely on every single day. This bill would help critical infrastructure operators better prepare, prevent and respond to cyber-incidents. It would do what responsible governments must do: It would set clear, enforceable standards for operators in the most critical sectors; it would enable rapid, targeted interventions when threats emerge; and it would ensure that Canada is aligned with international partners that are facing precisely the same challenges. In this era, it is very important that we pass this piece of legislation.

Let me talk about two big things the bill would do. First, it would modernize the Telecommunications Act so that our security agencies and responsible ministers can issue targeted, time-limited directions to defend our networks against serious and evolving threats. Second, it would enact the critical cyber systems protection act, the CCSPA, which would set baseline, legally binding cybersecurity duties for designated operators in federally regulated critical sectors. This would mean cyber-risk management programs, timely incident reporting and accountability up and down the supply chain. Those are not “nice to haves” anymore; they are the basic hygiene that we need for running a critical service in 2025.

Colleagues will recall earlier efforts under Bill C-26. With Bill C-8, our government has brought back a refined, clearer and in some places improved framework because the threat landscape did not pause when Parliament did. Several independent analyses confirm that Bill C-8 substantially revives the Bill C-26 approach while correcting drafting issues and clarifying process where needed, and that is prudent governance.

Why does this matter? For Canada, cyber-risk is now an economic risk, a jobs risk and a public safety risk. A successful attack can freeze payrolls, disable hospitals, shut down pipelines or even take down our 911 lines.

Across London, manufacturers, research labs at Western University, students at Fanshawe College, local clinics and small businesses on our main streets all depend on secure networks. The southwestern Ontario supply chain and the supply chain across Canada, which include major investments in EVs, batteries and advanced manufacturing, cannot function with brittle digital infrastructure. When a single compromised supplier can ripple through an entire regional economy, cyber-resilience becomes a competitiveness strategy.

Essentially, what Bill C-8 would require under the CCSPA is that designated operators, such as those in banking and financial services, telecommunications, energy and transportation, must establish and maintain a cybersecurity program proportional to their risks, report cyber-incidents quickly and consistently, manage third party and supply chain vulnerabilities, and comply with enforceable directions in extraordinary circumstances. There are administrative monetary penalties for non-compliance because rules without consequences are just suggestions. We cannot afford to bring just suggestions forward.

On the telecom side, Bill C-8 would modernize the tool kit so that government can act surgically when credible threats emerge in our networks. These powers are not a blanket. They are tied to concrete risks and are subject to review. In today's environment, speed matters. A 72-hour delay can be the difference between a contained incident and a national outage.

Some civil society groups and legal scholars have raised important concerns about privacy, transparency and due process, especially around how directions are issued and reviewed and how information flows between government and private operators. I want to take the opportunity to acknowledge those concerns, which are clearly on the floor of this House. Some of our colleagues have mentioned them in this debate.

The goal of Bill C-8 is to protect Canadians, not to weaken their rights. As this bill advances to committee, I look forward to seeing the conversations that colleagues from across the aisle will have and the suggestions they will be putting forward. As we did before on Bill C-26, I think we will be able to achieve a consensus on what this bill is going to look like. Essentially, the goal is to protect Canadians.

I also have some thoughts on some of the things we could look at. Number one is that we could look at tightened transparency around reporting, including public statistics on the use of cybersecurity directions wherever national security considerations allow. We can also look at strengthened due process, making judicial review avenues practical and timely, and clarify data handling and retention so information shared for cybersecurity is not used for unrelated purposes and that it is protected with robust safeguards.

I do not sit on the committee, but I do know we have colleagues on it from across the aisle who are going to have robust conversations on how to strengthen the bill as we did in the past. We voted for Bill C-26. It is now back in the House, refined and reframed for all our colleagues to discuss and to propose measures they want to see within the spirit of wanting to protect cybersecurity for all Canadians.

I think these are reasonable and constructive asks that would make for good dialogue and would strengthen the bill. I am sure there will be more suggestions that I look forward to reading from my colleagues. I am sure they will support and pass the bill in a very timely manner, because if we are having a conversation about a cybersecurity bill in 2025, we need to pass it. I think we understand that the bill is not coming forward as a nice-to-have conversation; it is really critical.

Not every critical service is a national giant. Many are medium-sized providers or municipal utilities that keep water flowing and transit moving. For these operators, the question is often capacity. Having the people, the tools and the processes that meet modern standards is really important. I support complementary measures alongside Bill C-8: practical guidance, shared services, threat intel programs that actually reach the front lines, and funding that helps smaller providers implement the basics, such as asset inventories, multi-factor authentication, network segmentation, backup discipline and tabletop exercises.

Standards without support risk becoming paper compliance. What we should be trying to do with our approach is to enable real resilience for Canadians. We also need to be honest about where the real attack surface is today: suppliers, managed service providers, and software dependencies. Bill C-8's supply chain provisions are a step forward, but we must continue to keep pushing for secure-by-design practices. The objective is learning and early warning, not blame-shifting.

I hope that colleagues at committee will have the time to ensure that timelines will also allow the time to consult, that thresholds and formats are clear, and that we streamline duplication with sectoral regulators where possible.

Critical services in indigenous and rural communities face unique constraints.

I do not think I will be able to finish my speech, but I want to say that the legislation is really important for all Canadians. I am happy to speak to and support the bill. I look forward, for all our colleagues who have been speaking to the bill today, to their actually helping us bring it to committee so we can bring amendments that are necessary and we can pass the bill as quickly as possible. They voted for it in the last Parliament under Bill C-26. It is back now, and it is really important we pass it as quickly as possible.

Madam Speaker, I would like to inform my colleague opposite that I was not in the last Parliament. I would have had a lot to say about the legislation if I had been.

The members on the other side and the deputy government House leader say they want the bill to go to committee so it can be made better. The bill already went to committee. Multiple experts from the Canadian Civil Liberties Association, the Canadian Constitution Foundation, Ligue des droits et libertés, OpenMedia and the Privacy & Access Council of Canada were there. They gave their comments. They wrote an open letter, in which they said the legislation “lacks guardrails to constrain abuse”, that its “secrecy undermines accountability and due process” and that it “lacks justification”. It would not do what it says it would do.

If the Liberals want the bill to be made better in committee but it has already been there and they had all summer to improve it, why did they not effect the amendments the experts from civil society organizations asked for?

Madam Speaker, I appreciate the fact that the member was not in Parliament in the last session and does not remember that, after a long filibuster and grandstanding from the Conservatives, the Conservatives ended up voting for it. They sent it to the Senate. For very small amendments, the Senate sent it back to the House. We are able to introduce the legislation again under Bill C-8. The member opposite did not have the opportunity to be here, so he does not know there is a lot of hypocrisy when his colleagues grandstand and say they are not going to support it, and then they vote for it. Maybe he wants to have some conversations with his colleagues about that.

Madam Speaker, we in the Bloc Québécois already raised our concerns earlier regarding respect for provincial jurisdictions. That is a crucial point. Another important point is the protection of civil liberties.

I was reading the testimony of the Privacy Commissioner who spoke at length when we were studying Bill C-26 about the risks of confidential and personal information unintentionally ending up in the hands of the government as a result of the bill's implementation.

My question for my colleague is this. To what extent will the Liberals take these concerns into account to ensure that information obtained for a legitimate purpose is not used by other federal government departments and agencies?

Madam Speaker, my colleague was asked the same question earlier, and I will give the same answer. We have already consulted the provinces, and we will continue to consult them.

If my colleague wants to propose amendments, then he understand how important it is to send the bill to committee as soon as possible so that we can discuss it.

Madam Speaker, NSICOP did a study of this, before my time on it. Specifically, it had a number of findings. One of them was that there is inconsistency in the Treasury Board and Shared Services Canada with respect to cyber-defence across all government and federal departments and agencies, including Crown corporations.

Can the deputy House leader confirm that Bill C-8, or that the government writ large, would provide the necessary resources to all these Crown corporations and smaller departments and agencies to uphold these policies, and would Bill C-8 direct every single one of these departments to make sure the processes and tools are in place to protect our government networks right across the country?

Madam Speaker, I think I talked about that in my speech, that we want to be able to provide operators the tools they need to be able to secure the networks for Canadians. I talked about the importance, especially in 2025, of making sure we do this in a timely manner.

Perhaps the member can talk to his colleagues about why they want to grandstand in this debate when we are just asking that the bill go to committee so that we can talk about it more. The members can add amendments as necessary, and then we can move along. If this is really important to Canadians, and I am sure the member opposite heard this at the doors, and I am sure this is really important to him as well, why can we not send this to committee to be—

Questions and comments, the hon. parliamentary secretary.

Madam Speaker, I was not a member of Parliament when this bill was debated before, but I am here now. It is 2025, and this issue is of the utmost importance for our economy and our country. I would like to ask my colleague to talk about how urgent it is that we begin studying this bill in committee.