I'm sorry that Aaron can't take that question. I'll try to answer for both of us to the best of my ability.
I think the suggestion that Mr. Shull made about tax incentives is certainly one way forward. Regulation, at least of what we might determine to be critical data infrastructure and communications, is another. Bill C-26 may have an interesting impact in that regard, depending on what Parliament does with it. It's certainly worthy of study.
I think the conclusion that we've come to, which CSE has also spoken to, is that, while there are pretty high levels of cybersecurity capabilities, awareness and implementation on the part of the major private sector actors in Canada, including the financial sector and other aspects of critical infrastructure, the real problem is with small and medium-sized enterprises. They have neither the resources nor, perhaps, even the understanding of the degree to which they are vulnerable to cyber-attacks
I think the small and medium enterprises are the area of focus, as well as figuring out ways to help them up their game in cybersecurity in ways that are affordable and understandable to them. That is the challenge.