Evidence of meeting #16 for Industry, Science and Technology in the 43rd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was fraud.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Jean-François Fortin  Executive Director, Enforcement, Autorité des marchés financiers
Byron Holland  President and Chief Executive Officer, Canadian Internet Registration Authority
Scott Jones  Head, Canadian Centre for Cyber Security, Communications Security Establishment
Simon Marchand  Certified Fraud Examiner and Certified Administrator, Biometrics and Security, Nuance Communications
Commissioner Eric Slinn  Assistant Commissioner, Federal Policing Criminal Operations, Royal Canadian Mounted Police
Albert Chang  Corporate Counsel, Canadian Internet Registration Authority
Guy Paul Larocque  Acting Inspector, Canadian Anti-Fraud Centre, Royal Canadian Mounted Police

3 p.m.

Liberal

The Chair Liberal Sherry Romanado

Good afternoon, everyone. I now call this meeting to order.

Welcome to meeting number 16 of the House of Commons Standing Committee on Industry, Science and Technology. Pursuant to the order of reference of Saturday, April 11, the committee is meeting for the purpose of receiving evidence concerning matters related to the government's response to the COVID-19 pandemic.

Today's meeting is taking place by video conference, and the proceedings will be made available via the House of Commons website.

As a reminder to the members and the witnesses, before speaking, please wait until I recognize you by name. When you are ready to speak, please unmute your microphone, and then return it to mute when you are finished. Please speak slowly and clearly so that the translators can do their work, and please make sure your questions and comments are through the chair.

As is my normal practice, I will hold up the yellow card when you have 30 seconds left in your intervention, and the red card when your time for questions has expired.

I will now welcome our witnesses.

From the Autorité des marchés financiers, we have Jean-François Fortin, executive director of enforcement, as well as Christian Desjardins, director of assessment and inquiry.

From the Canadian Internet Registration Authority, we have Mr. Byron Holland, president and chief executive officer; Mr. Dave Chiswell, vice-president of product development; and Mr. Albert Chang, corporate counsel.

From the Communications Security Establishment, we have Mr. Scott Jones, head of the Canadian Centre for Cyber Security.

From Nuance Communications, we have Mr. Simon Marchand, certified fraud examiner and certified administrator, biometrics and security.

As well, from the Royal Canadian Mounted Police, we have Mr. Eric Slinn, assistant commissioner, federal policing criminal operations; and

Guy Paul Larocque, acting officer in charge of the Canadian Anti-Fraud Centre.

Each witness will present for five minutes, followed by our rounds of questions.

We will start today with the Autorité des marchés financiers. You have five minutes.

3 p.m.

Jean-François Fortin Executive Director, Enforcement, Autorité des marchés financiers

Thank you, Madam Chair.

As you mentioned, I am the executive director responsible for enforcement, and with me is my colleague Christian Desjardins, director of assessment and inquiry.

The Autorité des marchés financiers, or AMF for short, is the regulating body for financial markets in Quebec, and its mission is to regulate the financial sector.

The AMF proactively monitors issues and challenges related to financial fraud at all times. That monitoring takes many forms and is carried out by a number of teams within the AMF. Those efforts are complemented by the AMF's active involvement in Quebec, Canadian and international committees.

We have multi-sector teams working together to ensure market oversight, cybersurveillance and vigilant monitoring. We also invest heavily in major awareness campaigns and strategic partnerships.

Since March 16, the AMF has been in telework mode. We were able to quickly set up the teams needed to keep enforcement and awareness work going remotely. With a few exceptions, all employees are fully operational from home. We've had to ease up on activities such as in-person interviews and testimony, but it hasn't affected operations. Information-gathering and analysis work, as well as video-conference interviews are carrying on.

During the COVID-19 pandemic, the AMF has stepped up its web surveillance. It also sits on an investment fraud task force that brings together all of Canada's securities regulators to share information on illegal activities identified in connection with COVID-19.

In addition, the AMF is on a task force established by the North American Securities Administrators Association, which represents securities regulators in Canada and the United States. The purpose of the task force is to coordinate the communication of potential investment fraud stemming from COVID-19, coordinate related investigations and make the public aware of potential risks.

Another step we have taken is establishing a market monitoring strategy to better target potential market manipulation and insider trading. Accordingly, we've been keeping a closer eye on pharmaceutical companies that falsely advertise vaccines or quick fixes, for instance.

We've also made a dedicated effort and tailored monitoring activities to detect potential insider trading in connection with the extended deadline for financial reporting granted by regulators in response to the pandemic. The extension for filing market-related information heightens the risk of insider trading, with executives, professionals, advisers and others having access to non-public sensitive information for a longer period.

That's it for the market oversight and enforcement piece.

Now I'll turn to public outreach and education, an area where we've been extremely proactive. The AMF has sought to raise public awareness by posting COVID-19-related fraud prevention alerts on its website, and stepping up the number of fraud prevention posts on Facebook and other social media sites.

We've sent letters to Quebec's leading seniors associations and consumer groups to remind them that our support services are still available and to encourage them to report scams and other problems they encounter.

Lastly, we've issued multiple investor warnings, which are posted on social media sites and often passed on by our partners.

I'd also like to highlight an important initiative. Back in March, after noticing the number of COVID-19-related scams, we started investing in a large-scale awareness campaign that ran from April 6 to May 5 on television and online including on social media sites.

I want to underscore the number of education initiatives we undertook using TV, social media and other means to reach seniors and vulnerable populations.

The AMF is one of Canada's financial regulators, and we constantly work with all regulators in Canada, as well as international regulators.

Thank you.

3:05 p.m.

Liberal

The Chair Liberal Sherry Romanado

Thank you very much, Mr. Fortin.

Our next witness is the Canadian Internet Registration Authority.

Mr. Holland, you have five minutes.

3:05 p.m.

Byron Holland President and Chief Executive Officer, Canadian Internet Registration Authority

Thank you very much, Madam Chair and honourable members of the committee.

Most people know the Canadian Internet Registration Authority, or CIRA, as the operator of the .ca registry. Our primary mission is the operation of a safe, stable and secure .ca domain space.

CIRA is recognized as a global leader in the domain name industry. In fact, many other countries leverage our infrastructure, services and knowledge for their own domain name registries. Our technology is considered best in class among our peers. In short, CIRA is fully equipped to navigate the COVID-19 crisis. We are confident in our ability to protect the integrity of .ca.

To date, we have tracked just over 2,000 .ca domain names with COVID-19-related keywords. For context, since January we have registered over 200,000 .ca domain names. This is aligned with what we are seeing from our peers in Europe and around the world, where COVID-19-related domains make up less than 1% of registrations so far this year. However, it’s also important to note that many of these domains are perfectly legitimate, and even positive, such as conquercovid19.ca, a campaign to support first responders.

We scrutinize all COVID-19-related domains carefully to ensure that they comply with our rules, particularly Canadian presence requirements, and to ensure that all domains stay Canadian. We are also working with our global domain name community, including organizations like the Council of European National Top-Level Domain Registries, to ensure that we are aligned with the best practices of our peers around the world.

However, it is not within CIRA's mandate to review or authenticate the content of .ca websites, nor would such authentication be effective, as the Internet, and related threats, is global. While .ca domain names are bound by Canadian law, thousands of other threats come from outside our borders. There are well-established existing tools and processes in place to deal with fraud online and cyber-attacks. If Canadians come across any domain they suspect of being used fraudulently or maliciously, they should contact the Canadian Anti-Fraud Centre or the Canadian Centre for Cyber Security. We work closely with both of those organizations.

When it comes to fraud on the Internet, it is important to remember that hackers love a crisis. While technical solutions form an important barrier to online fraud and cyber-threats, the biggest attack vector is human frailty. Cyber-thieves exploit anxiety, uncertainty and fear to prey on Canadians when they are at their most vulnerable. Unfortunately, the current COVID-19 pandemic provides fertile ground for these criminals.

In this environment, we launched CIRA Canadian Shield. This is a free security and privacy solution for individual Canadians and their families. Working with our partner, the Canadian Centre for Cyber Security, we are already protecting more than 50,000 Canadians with Canadian Shield as they work, learn, teach and socialize while at home during the pandemic. Canadian Shield reflects CIRA's commitment to build a trusted Internet for Canadians. We look forward to the opportunity to protect every Canadian with this free service.

CIRA is helping to protect Canadian hospitals, schools, universities and municipalities through our enterprise cybersecurity service DNS Firewall. It has an install base of more than 1.1 million users, which includes students, teachers, doctors, municipal workers and first responders across Canada.

3:10 p.m.

Liberal

The Chair Liberal Sherry Romanado

Excuse me one moment, Mr. Holland. I believe we have a point of order.

May 20th, 2020 / 3:10 p.m.

Bloc

Sébastien Lemire Bloc Abitibi—Témiscamingue, QC

Madam Chair, the interpreters flagged some sort of whistling noise two or three minutes ago. The interpretation isn't coming through because of the poor sound quality. It would be unfortunate if the francophones weren't able to hear what Mr. Holland had to say.

3:10 p.m.

Liberal

The Chair Liberal Sherry Romanado

Very well.

Thank you, Mr. Lemire. We'll see what we can do.

We'll go to the next witness, just to see if we can fix Mr. Holland's microphone so that we can go back to him for his testimony.

With that, we will move to the Communications Security Establishment. Mr. Jones, you have five minutes.

3:15 p.m.

Scott Jones Head, Canadian Centre for Cyber Security, Communications Security Establishment

Good afternoon, Madam Chair and committee members. Thank you for the invitation to appear today, from my dining room, to discuss pandemic-related cyber-fraud.

I am Scott Jones and I am the head of the Canadian Centre for Cyber Security at the Communications Security Establishment. CSE is one of Canada's key intelligence agencies and the country's lead technical authority for cybersecurity. Launched in October 2018, the cyber centre is a relatively new organization, but one with a rich history and over 70 years of cybersecurity experience, having previously functioned under CSE's long-standing IT security mandate. The cyber centre is a unified source of expert advice, guidance, services and support on cybersecurity operational matters, providing Canadian citizens and businesses with a clear and trusted place to turn to for cybersecurity advice.

Specifically, the cyber centre focuses on five main areas. We first inform Canada and Canadians about cybersecurity matters. Second, we protect Canadians' cybersecurity interests through targeted advice, guidance, hands-on assistance and strong collaborative partnerships. Third, we develop and share specialized cyber-defence technologies and tools, resulting in better cybersecurity for all Canadians. Fourth, we defend cyber systems, including government systems, by deploying sophisticated cyber-defence solutions. Fifth, we act as the operational leader and government spokesperson during cybersecurity events.

That point brings me to the specific topic of today's discussion, to speak to you about cybersecurity when it comes to COVID-19. As we noted in the national cyber-threat assessment in 2018, the biggest threat facing Canadians online is cybercrime. I would like to provide the committee with an update on the work that the cyber centre is doing to protect Canadians from cyber-fraud occurring before, during and after the pandemic.

During these uncertain times, cyber-threat actors are attempting to take advantage of Canadians' heightened levels of concern and fears around COVID-19. Many Canadians are naturally feeling fearful and stressed, and those emotional responses can be exploited online. We've seen an increase in reports of malicious actors using COVID-19 in phishing campaigns and malware scams.

COVID has presented cybercriminals and fraudsters with an effective lure to encourage victims to visit fake sites, open email attachments and click on text messaging links. These websites, emails and links frequently impersonate health organizations and can pretend to be from the Government of Canada, among others. They are trying to spread malware and scam Canadians out of their money or private data.

The cyber centre has assessed that the COVID-19 pandemic presents an elevated level of risk to the cybersecurity of Canadian health organizations involved in the national response to the pandemic. I want to reassure you that CSE and the cyber centre are working hard to mitigate these threats and protect Canadians.

I am pleased to share with you the steps we're taking to protect the Government of Canada, systems of importance, and all Canadians from cyber-fraud during these times. We continue to leverage all aspects of our mandate to ensure that Canada is protected against threats and that the Government of Canada has access to information that can help inform decisions on our approach to COVID-19. The cyber centre is working tirelessly to continuously raise public awareness of cyber-threats to Canadian health organizations by proactively issuing cyber-threat alerts and providing tailored advice and guidance to Canadian health organizations, government partners and industry stakeholders.

In addition to our advice and guidance for Canadian organizations, we continue to enhance the Get Cyber Safe campaign to help all Canadians take action to help themselves be safe online. In coordination with industry partners and the international network of cybersecurity organizations, the cyber centre is contributing to the removal of fraudulent sites and other materials used to lure Canadians, including sites impersonating the Government of Canada.

To support programs of importance to the government, we have also continued to monitor and protect important Government of Canada programs against cyber-threats, including the Canada emergency response benefit web application. [Technical difficulty—Editor]

3:15 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

My audio cut out, Madam Chair.

3:15 p.m.

Liberal

The Chair Liberal Sherry Romanado

Unfortunately, I think the witness's Internet has frozen.

3:15 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

He must be in Ottawa.

3:15 p.m.

NDP

Brian Masse NDP Windsor West, ON

It will be good in 2030.

3:15 p.m.

Bloc

Sébastien Lemire Bloc Abitibi—Témiscamingue, QC

Mr. Masse, do I detect a bit of irony in your voice?

3:15 p.m.

Liberal

The Chair Liberal Sherry Romanado

Mr. Jones, are you still with us?

We seem to have lost Mr. Jones, so we will move on to the next witness. We will come back to Mr. Jones as soon as we're able to reconnect him.

Our next witness is Nuance Communications.

Mr. Marchand, you have five minutes.

3:20 p.m.

Simon Marchand Certified Fraud Examiner and Certified Administrator, Biometrics and Security, Nuance Communications

Members of the committee, good afternoon and thank you for having me today.

My name is Simon Marchand, and I am the chief fraud prevention officer at Nuance Communications Canada. Nuance is an American company with a strong presence in Montreal. It develops technologies that rely on artificial intelligence and voice biometrics for use in fraud prevention, among other things. My specific role is to apply those voice biometric technologies to identity theft prevention. Nuance's products are widely deployed throughout Canada, with most of the big banks and telecommunications carriers using its biometric-based technologies. Nuance also has an extensive international clientele, including major U.S. banks and most of the world's big companies. We develop solutions for law enforcement agencies and government service providers, as well, to help them gather evidence and identify citizens.

I am here today to share with you some of our observations. In my capacity, I'm obviously abreast of all the major scams around the world. I'd like to tell you what we've seen in relation to the COVID-19 pandemic and flag some of the risks that need to be addressed, to help ensure Canada's legislation is equipped to deal with fraud-related issues that may be imminent.

I'll start with some of the internal risks. In response to the COVID-19 pandemic, companies quickly reorganized their operations to accommodate telework. I'm not here to praise or criticize telework, but I will say that it poses real risks, especially in connection with customer service. All customer service representatives who usually work in call centres are now working from home, in an unsupervised environment. Despite having few tools, they now have access to sensitive information about consumers, ranging from information about their assets to information that someone could use to impersonate someone else.

The current socio-economic reality will no doubt put pressure on many households. When it comes to internal fraud, we know that pressure and opportunity are the two basic factors that drive an employee to go against their employer's interests and commit fraud, including stealing information belonging to the organization. Let us not forget that some organizations collect highly sensitive information about Canadians.

These changes in how work is organized raise the possibility of information being stolen and eventually posted on the dark web. That will definitely serve identity thieves well.

Other witnesses have talked about phishing scams, a problem that's already well documented. Sophisticated criminals have adapted to the pandemic and are using COVID-19 as a cover to trick people into providing their information. Some areas have seen a 600% increase in the number of phishing scams involving COVID-19; attachments, links to websites and other methods are being used to lure victims.

Fraudsters will be able to get their hands on vast amounts of consumer information, which they won't use in the next few weeks. Rather, they'll wait six to 18 months before opening up accounts, taking out financial products and acquiring products from telecommunications carriers.

Since banks and telecommunications carriers are federally regulated, lawmakers need to be aware of these risks. Much of the focus is on the company's responsibility to protect the data entrusted to it. I think, though, the focus should be on accountability and the responsibility companies have in relation to the information they use to deliver services. When a bank's system is hacked and client information is stolen, it calls into question the bank's responsibility, which is protecting that information. No one asks about what will happen to the information once it's collected. There's a huge accountability gap.

I would be happy to answer any questions you have on the subject.

3:25 p.m.

Liberal

The Chair Liberal Sherry Romanado

Thank you, Mr. Marchand.

We will go back to Mr. Jones, who has been able to reconnect with us.

Mr. Jones, you had about a minute left in your testimony. I'm not quite sure where you cut out, but we'll let you take the floor again.

3:25 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

I've been alerted to where I was. Thank you. I'm sorry about that. Technology affects us all.

In coordination with our industry partners and the international work of cybersecurity organizations, we have contributed to removing of fraudulent sites, and I talked about the protection of the CERB, the Canadian emergency response benefit.

Cyber-attackers are now looking to exploit teleworking connections because so many people are now working outside of their organization's traditional IT security perimeters. In response, the cyber centre has partnered with the Canadian Internet Registration Authority, or CIRA as you've heard, to create and launch CIRA's Canadian Shield. This is a free DNS firewall service that will provide online privacy and security to Canadians. CIRA has shown tremendous leadership in giving Canadians an option to better protect themselves online, and I thank them for their partnership.

To further protect Canadians, the next important step we've taken is informing Canadians about cybersecurity matters. Through targeted advice and guidance, the cyber centre is helping to protect Canadians' cybersecurity interests. We shared cybersecurity tips on video teleconferencing tools and telework to help inform and educate Canadians about how to stay safe online, particularly while many of us are working from home.

The cyber centre has created a collection of advice and guidance products, many of which are now more relevant than ever. I encourage Canadians to visit our website to learn more about our specific guidelines and best practices that can be applied to protect yourself from cyber threats.

Finally, it is important to note that the Government of Canada has a strong and valuable relationship with our international cyber partners. We regularly share information, which has a significant impact on protecting our respective countries' safety and security. CSE and the cyber centre are working to address cyber threats facing Canadians during these times; however, cybersecurity is everyone's responsibility and will take all of our expertise to protect Canada and Canadians.

Thank you again for the opportunity to appear before you today, and thank you for your patience with technology. I am pleased to answer any questions you may have.

3:25 p.m.

Liberal

The Chair Liberal Sherry Romanado

Thank you so much, Mr. Jones. Thank you for being able to get back on this call.

We'll go next to the RCMP, and then back to Mr. Holland.

With that, I turn the mike over to the RCMP. You have five minutes.

3:25 p.m.

Assistant Commissioner Eric Slinn Assistant Commissioner, Federal Policing Criminal Operations, Royal Canadian Mounted Police

Good afternoon.

Thank you, Madam Chair.

It is a pleasure to appear before this committee as part of its study on the Canadian response to the COVID-19 pandemic.

Appearing with me today is Sergeant Guy Paul Larocque, who has a leading role in managing the Canadian Anti-Fraud Centre, or CAFC.

As part of our mandate to protect Canada’s economic integrity, financial crime, including fraud, has long been a federal policing priority for the RCMP. In the face of the COVID-19 pandemic, our work with public and private partners in Canada and around the world in combatting and preventing fraud have only become more important. This shared responsibility speaks to the trust Canadians place in the RCMP to keep them safe and provide an effective and timely response to the COVID-19 pandemic.

As the measures to contain the crisis continue, the strain on Canadians and the institutions that serve the country will only deepen. Criminals will seek to exploit vulnerabilities in the system, as well as in Canadians themselves, as we have unfortunately witnessed. We must be diligent in combatting attempts to victimize the most vulnerable by those who prey on Canadians' fears and uncertainty around the pandemic. To be clear, criminals are actively exploiting fear, uncertainty and doubt around the COVID-19 pandemic. We know this because the CAFC has seen a dramatic increase in reporting on fraud from January to April when compared with the same period last year.

Since March 2020, we have seen almost 1,000 complaints of fraud related to COVID-19. Most of these are phishing attempts, where criminals will seek to gain personal information through emails or text messages pretending to be linked to Canada emergency response benefit claims, or attempts to install malware on victims’ devices. However, the biggest monetary losses stem from the fraudulent sale of goods related to COVID-19, such as masks, testing equipment or miracle cures.

While we've seen a large number of COVID-19-related fraud reports, criminals continue to use traditional scams and frauds to exploit Canadians. These frauds take a terrible toll on Canadians. For example, estimates of fraud against seniors last year were over $700 million. These types of fraud have grown during the pandemic as these heartless criminal groups continue to target human and institutional vulnerabilities. Finally, organized crime groups are attempting to defraud the government and undermine efforts to get financial aid into the hands of those who are genuinely in need of aid. The escalation of fraud activity related to COVID-19, as well as traditional fraud, really shows the ability of criminal groups to adapt to and exploit these circumstances for personal gain.

In direct response to the frauds committed in relation to COVID-19, the RCMP have enhanced intelligence enforcement efforts toward this illegal activity as we recognize, more than ever, that at all levels of policing the RCMP have a significant role to play. To coordinate the RCMP response, in March we began running a program specific to COVID-19-related fraud. Coordination efforts are under way at national headquarters, while intelligence analysis and statistical gathering, as well as outreach, are done by the CAFC. Disruption and enforcement are conducted by members in the divisions, who also have the responsibility of liaising with the police of jurisdiction to further coordinate responses at the local level.

In recognition of the shared responsibility between public and private agencies to combat fraud, the RCMP are working collaboratively with key partners and stakeholders, domestically and internationally, to exchange intelligence and coordinate enforcement efforts as they relate to the pandemic. While the initial focus was on online frauds, this has quickly expanded to cover all fraud and criminality with a nexus to COVID-19 to better ensure public safety.

A crucial component in the fight against fraud is prevention, as these fraudsters and their operations are so pervasive, insidious and profitable that relying on enforcement alone is like pulling weeds. As my grandmother often relayed, an ounce of prevention is worth a pound of cure. Continually enhancing public awareness is a vital tool in the prevention strategy that must continue. As you may recall from our last appearance before the committee, the RCMP have operated the CAFC in partnership with the Competition Bureau of Canada and the Ontario Provincial Police since 2005. This centre has been a leader in prevention initiatives, including being extremely active on a variety of media platforms to communicate with Canadians.

As well as operating the CAFC, the RCMP maintain a federal policing prevention and engagement unit. This unit plays a key role in coordinating meetings with multiple police agencies, Government of Canada agencies, private sector vendors and financial institutions from across Canada.

With that, I will cease. I could probably go on, but there are other people who want to talk.

I look forward to your questions.

Thank you very much.

3:30 p.m.

Liberal

The Chair Liberal Sherry Romanado

Thank you very much, Mr. Slinn.

With this, we'll move back to Mr. Holland.

I'll ask him if he could start over with his testimony and speak closer to the microphone, because there is a whistling sound in the background.

3:30 p.m.

President and Chief Executive Officer, Canadian Internet Registration Authority

Byron Holland

I have changed my mike and headset. Hopefully, that will be better.

Madam Chair, thank you for the opportunity to present yet again. I will start at the beginning, as you've asked, to make sure that the folks who were not able to hear can.

My name is Byron Holland. I'm the president and CEO of the Canadian Internet Registration Authority. Our primary mission is the operation of a safe, stable and secure .ca domain name registry.

We are recognized as a global leader in our space. In fact, many other countries leverage our infrastructure, services and knowledge for their own domain name registries. Our technology is considered best in class among our peers. In short, CIRA is fully equipped to navigate the COVID-19 crisis. We are confident in our ability to protect the integrity of .ca.

To date, we have tracked just over 2,000 .ca domain names with COVID-19-related keywords. For context, we've added more than 200,000 .ca domain names since the beginning of the year. This is aligned with what we are seeing from our peers around the world where COVID-19-related domains make up less than 1% of total registrations. However, it is also important to note that many of these domains are perfectly legitimate, and even positive, such as conquercovid.ca, a campaign to support first responders.

We scrutinize all COVID-19-related domain names carefully to make sure that they comply with our rules, particularly our Canadian presence requirements. We are also working with our global domain name community, including organizations such as the Council of European National Top-Level Domain Registries, to ensure that we are aligned with best global practices.

However, it's important to note that it is not within CIRA's mandate to review or authenticate the content of .ca websites, nor would such authentication be effective, as the Internet and related threats are truly global. While .ca domains are bound by Canadian law, there are thousands of other threats that come in from outside our borders. There are well-established existing tools and processes in place to deal with online fraud and cyber-attacks. If Canadians come across any domain names that they suspect are being used fraudulently or maliciously, they can contact the Canadian Anti-Fraud Centre or as we've heard, the Canadian Centre for Cyber Security. We work closely with both organizations.

When it comes to fraud on the Internet, it's important to remember that hackers love a good crisis. While technical solutions form an important barrier to online fraud, the biggest attack vector is human frailty, which cyber-thieves exploit. Unfortunately, the current pandemic has provided these criminals with an atmosphere of heightened anxiety in which to operate and has simultaneously forced most Canadians to work, learn, teach and socialize from their home networks and personal devices, most of which are not equipped with enterprise-grade security.

It is in this environment that we've launched CIRA Canadian Shield, a free security and privacy solution for all Canadians and their families. We've done this, as you heard, in partnership with the Canadian Centre for Cyber Security. We currently protect more than 50,000 Canadians, with a growing user base. Canadian Shield reflects CIRA's commitment to build a trusted Internet for Canadians, and we look forward to providing the opportunity to protect every Canadian with this free service.

We also help protect Canada's hospitals, schools, universities and municipalities through our enterprise cybersecurity service, CIRA's DNS Firewall. We have more than 1.1 million users, who include students, teachers, doctors, municipal workers and first responders across Canada. We are providing this service free of charge to all Canadian health care facilities and small businesses until September, hopefully when this crisis will be starting to recede.

Finally, the most important factor in protecting Canadians from fraud on the Internet is knowledge. Much like how your parents taught you to look both ways when crossing the street, Canadians need street smarts on the Internet to be able to identify fraud, fake news, misinformation and scams. The best way to do that is through awareness and education.

At CIRA, we have partnered with Beauceron Security, a great New Brunswick success story, to launch CIRA cybersecurity awareness training, a platform that provides education, benchmarking and ongoing testing to ensure employees have the most up-to-date cybersecurity street smarts. We have also launched a free cybersecurity course, Cybersecurity for Remote Workers, to help the thousands of Canadians now working from home to keep themselves and their organizations safe from cyber threats.

Everything I've mentioned so far represents elements of Canada's leadership, innovation and expertise in the area of cybersecurity. However, as Canada and the world enter an era when the Internet is proving to be the lifeboat for the global economy, we believe Canada must do more to be a global leader in cybersecurity. We would encourage the Government of Canada to dedicate more funding to cybersecurity research, solutions and platforms to protect Canadians and ensure the security of our digital economy. Only through investment can we ensure Canadians have the education, tools and platforms to protect themselves and their businesses from online fraud and malware.

There is no silver bullet. The threat landscape is constantly evolving, and our cybersecurity awareness and technology must keep pace. At CIRA, we're eager to help any way we can.

Thank you for your time.

3:40 p.m.

Liberal

The Chair Liberal Sherry Romanado

Thank you very much, Mr. Holland.

With that, we will move into our rounds of questions. In our first round, the questions are for six minutes and our first MP is MP Motz.

Welcome to INDU. You have the floor for six minutes.

3:40 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

Thank you very much, Madam Chair.

Witnesses, thank you for your great introduction to this topic today.

I'm going to focus primarily in this round on Mr. Jones and the Communications Security Establishment.

If I heard you correctly in your opening remarks, as you advise on cyber-related attacks and frauds, you have been advising the government on foreign attacks and areas of cyber-related concerns throughout this COVID pandemic.

3:40 p.m.

Head, Canadian Centre for Cyber Security, Communications Security Establishment

Scott Jones

Yes, that is correct, absolutely. We continue to advise on all aspects, although the majority of activity we have seen is related to cybercrime.

3:40 p.m.

Conservative

Glen Motz Conservative Medicine Hat—Cardston—Warner, AB

When there is a cyber intrusion, do you know off the top whether it's fraud related, cyber espionage, corporate espionage, a random attack or another purpose?