Bill C-8

Mr. Speaker, I rise today to speak to the vital importance of Bill C-8, an act respecting cybersecurity.

ln our current digital age and threat landscape, the protection of our mission-critical infrastructure is not just a technical requirement but a matter of national security, public safety and sovereignty. Bill C-8 is built on two essential pillars, part 1, which amends the Telecommunications Act to make security a primary policy objective, and part 2, which enacts the critical cyber systems protection act. This legislation is designed to safeguard the digital systems that underpin our most vital services, from banking and clearing systems to interprovincial pipelines and nuclear energy facilities.

As a member of the public safety and national security committee, I can say that this legislation was studied extensively. As someone with a technical background, I already understood many of the challenges cybersecurity experts and companies face, but I paid extra attention, asked the hard questions and made sure that every concern was thoroughly examined. Even after I presented the technical facts opposing the Conservatives' technically zero and very dangerous amendments, they themselves verified the correctness of what I said with experts during the committee study. I am confident that Bill C-8 is robust, practical and fully equipped to protect Canada's most critical digital infrastructure from the sophisticated threats of today and tomorrow.

Let me be clear. The bill reflects the government's commitment to public safety and keeping our telecommunications secure. Unfortunately, during our study it became alarmingly clear that the Conservatives are attempting to dismantle and obstruct this critical piece of legislation through a series of loophole amendments that would leave Canada's digital borders wide open to exploitation. lnstead of supporting the regulatory processes outlined in this legislation, Conservatives attempted to introduce additional steps to slow down our ability to react and be in line with our Five Eyes partners.

Cyberwarfare does not happen on a schedule that respects the time of security experts or federal courts. If a cybercriminal or threat actor establishes a foothold into our systems and performs a lateral movement through our telecommunications network in real time, judicial authorization could take up to six or even 18 months, as we repeatedly heard from the experts. The government must be able to act and respond swiftly. Requiring a judicial sign-off for every technical directive would cause major delays that would allow cybercriminals to face less resistance and achieve their objectives to further damage our critical systems.

We must be incredibly careful not to blind our defences and readiness with technicalities. Perhaps the most technically dangerous proposal from the Conservatives was the attempt to exclude the content of intelligence from our security oversight. While this may sound like a privacy protection to the uninitiated, it is actually a technical trap. ln cybersecurity, the distinction between content and signal intelligence is often blurred. For example, a highly critical signal intelligence, such as an attack indicator that points to a detection of a malware beacon or a computer worm, can be embedded directly within what a lawyer might call content. By excluding this, the Conservatives would legally forbid our experts from regulating the very data streams used to carry out high-level system disruptions.

We must also be wary of creating what I call a silent breach loophole in our national defences. During the committee stage, the Conservatives tried to narrow incident reporting so that companies would be required to report only events that have or may have an adverse material impact. This is reactive, not proactive. This is 20th-century thinking that ignores the technical realities of modern warfare.

Effective cyber-defence and resilience rely on seeing the near misses, small probes and minor incidents that are often the only early warning signs of a massive, coordinated cyber-scheme, which can lead to a much more evolved and even advanced cyber-attack. If we allow companies to stay silent until the damage is already material and measurable, we lose our ability to provide a collective defence and warn the rest of the country about a spreading threat. We cannot afford to wait until a critical system has already been compromised before our security agencies are allowed to see the smoke.

We must be blunt about how certain proposals from the Conservatives during the committee study would cripple enforcement and accountability under this act. At committee, the Conservatives sought to make this bill legally unenforceable by proposing that individuals should be fined only if they knowingly break security rules. This is a massive technical loophole, because, by requiring the government to prove wilful intent, we could no longer hold executives accountable for gross negligence or sloppy security practices that leave Canadian data exposed to hostile actors.

Additionally, they proposed prohibiting the government from identifying the individuals who provide information about security risks. While protecting whistle-blowers is important, this creates a procedural fairness trap. If a company is fined based on evidence from a source that the government is legally barred from naming, a judge will almost certainly strike down that fine, because the company cannot verify the credibility of the evidence against them.

While we oppose these dangerous loopholes, our government has proposed constructive safeguards to ensure that Bill C-8 respects the rights and privacy of Canadians, unlike the misinformation spread by the Conservatives. We have introduced amendments to explicitly prohibit the decoding of encrypted private communications. This provides legal certainty that the critical cyber systems protection act is about protecting infrastructure, not spying on the private lives of Canadians. We are ensuring that solicitor-client privilege and professional secrecy are never affected, giving companies the peace of mind to be fully transparent with security agencies without fear of losing legal protections.

Instead of surrendering our sovereignty to outside standards bodies, as the Conservatives proposed, we are ensuring that the government can seek consistency with international best practices while keeping the final word on Canada's security right here in this House.

In conclusion, Bill C-8 is about collective defence. It is about ensuring that when a bank, a power grid or a telecom provider is attacked, our whole country can see it, stop it and learn from it. We cannot afford to have a bill filled with the holes and technical blind spots proposed by the Conservatives. This part is absolutely critical, and I hope the Conservatives are paying very close attention, because the stakes here could not be higher.

Canada's critical infrastructure faces a sophisticated threat landscape, not only from individual cybercriminals but with state-sponsored actors moving beyond espionage to pre-position for potential cyber-sabotage according to the Canadian Centre for Cyber Security's “National Cyber Threat Assessment in 2025-2026”. The report emphasizes that alongside these threats, ransomware remains the primary cybercrime threat making proactive readiness and resilience essential to national security.

Addressing this urgent threat, Bill C-8 is critical to mandate robust security standards and incident reporting across federally regulated sectors, moving beyond voluntary compliance to safeguard national security.

I urge all members to reject these attempts to create an anonymous, delayed and unenforceable security regime. Let us finally pass a bill that is fast, technical and robust enough to protect Canada from the sophisticated threats of today and tomorrow. I would also urge my Conservative colleagues to listen to the technical experts, those who work on the front lines of cybersecurity, who understand these risks, who explained them during the long hours of committee study, and who have expressed clear support for Bill C-8.

Canada cannot afford delays, loopholes or half measures when it comes to defending our critical infrastructure and our country. The evidence is clear, and the experts have spoken. It is time to act and support this bill for Canadians and our protection.

Mr. Speaker, as a fellow engineer, I know the member knows a lot. She is very intelligent.

Certainly this bill addresses a lot of the tools that are needed to combat cybersecurity, and we see that those threats exist. There have been a number of breaches in the government. There are some actual hardware solutions that will be needed as well.

Could the member elaborate on what she thinks the gap is and how the government would fill it?

Mr. Speaker, I appreciate my colleague and her comments. I really enjoy talking to her when it comes to technical issues too.

In this bill, we are already addressing cyber-attacks and protection against cyber-attacks, and that also includes hardware protection. That has been studied in the committee. I will be happy to share all the details with my colleague later on, but they can be found in the transcripts of the committee studies.

Mr. Speaker, I would like to start by congratulating my colleague. I enjoyed debating Bill C‑8 with her at the Standing Committee on Public Safety and National Security. I really appreciated the questions she asked the witnesses and experts with a view to improving Bill C‑8 based on their testimony.

Can she honestly state that all members debated Bill C‑8 rigorously and professionally and that they all contributed to making it a better bill by debating it and working on it in committee?

Mr. Speaker, I really enjoyed my time studying Bill C-8 at the committee stage with my colleague from the Bloc. She had tremendous input into this study. We also adopted amendments from the Bloc and the NDP for points where they saw that the bill could be improved. All these amendments have been implemented, and I really appreciate their input in this study. The bill has been studied in depth, and the experts were very useful and helpful in helping us understand it.

Mr. Speaker, I would like to thank my colleague for her remarks and acknowledge her expertise and work on cybersecurity issues. Cybersecurity is a matter of national security, and our government has a responsibility to protect Canadians from all the growing cyber-threats. With Bill C-8, we are taking concrete steps to protect our telecommunications infrastructure and other critical sectors.

I would like to ask my colleague to explain why it is so important to pass this bill at this time.

Mr. Speaker, the reason we have to pass a bill that protects Canada and Canadians is that we are at a critical point, and we have to work together as legislators. Our first and primary job is to protect Canada. Cybersecurity in this era is a must. It is the number one protection for our borders. Not only do we have borders with our neighbours, but we also have borders in cyberlife as well, so we need to make sure it is protected and that our critical infrastructure is not being attacked by those criminals, so we can protect our country. I can extend this example to nuclear power, traffic lights and our banking system. Imagine waking up one day to a critical mess that is not an American movie scenario.

Mr. Speaker, with regard to Bill C-8, concerns for privacy and also keeping freedom of expression, which Canadians desire, what safeguards are in place to prevent Liberal government overreach with Bill C-8?

Mr. Speaker, my colleague also has a technical background, and we enjoy talking about IT infrastructure at different times. I will be very clear that Bill C-8 already has provisions in place that would prohibit the government from overreach when it comes to the privacy of Canadians. This is in the bill already. The bill is about the infrastructure of our country. It is only about the protection of our critical infrastructure and has nothing to do with overreach into people's privacy. There are also provisions and prohibitions that would prevent the government from ordering the decoding of encrypted private communications.

Mr. Speaker, this bill ensures that, going forward, our telecommunications infrastructure and other critical sectors, such as energy and finance, will be required to work together to incorporate national security into their objectives. This bill will help critical infrastructure operators better prepare for, prevent and respond to cyber-incidents.

Does my colleague share that view?

Mr. Speaker, the hon. Parliamentary Secretary to the Minister of Public Safety also works with us at the SECU committee.

This bill is about the telecommunications sector. It is about the energy, financial and transportation sectors. It is about our critical infrastructure. As Canadians and as legislators, our primary duty is to protect our country and to protect our people, Canadians.

The bill has nothing to do with freedom of speech. The government would have no reach into people's privacy. We will continue to make sure that the government is working for the protection of its systems and Canadians.

Mr. Speaker, there has been some misinformation put out about this bill, and I think the member can help clear it up. People have said that this would give the minister overreach to be able to shut down an individual's Internet account. The bill is really not about that. It is about infrastructure.

Can the member comment on that?

Mr. Speaker, there is a lot of misinformation about that. The minister would not have the power over individuals, but over telecom companies. The minister would have the power to shut down a telecommunication infrastructure company, if needed, if there were to be a cyber-attack, before it could spread to other critical infrastructure.

Mr. Speaker, I think it is important to recognize that cybersecurity continues to be a growing concern, not only here in Canada but also around the world. When we think of it in terms of Canada and the impact that it could have on our communities, if we do not modernize or have proper legislation such as this, the consequences could be very severe. I think it is important that we bring forward this legislation.

I was intrigued by my colleague's remarks and just wanted to see if there was anything else she would add in regard to the importance of having such legislation to protect the security of Canadians.