I would say we have a long way to go in deciding what we want to do about critical infrastructure. Let's put it that way.
We're waiting for a critical infrastructure strategy, which has been under study by the federal government. You will have seen a reference to Bill C-26, which refers to critical infrastructure. We have a list of critical infrastructure that dates back to 2009. In other words, it hasn't been updated since that time, which is the last time we had a critical infrastructure strategy.
The starting point is going to have to be to decide what we mean by “critical infrastructure”. Once we've done that—that will be an important but not an easy step—then we can think about regulating the terms under which critical infrastructure functions and what we expect of them in terms of, particularly, cybersecurity strategies.
There's some of that under way, obviously informally. Some aspects of critical infrastructure have done a terrific job in terms of ensuring they have very high levels of cybersecurity. The major banks are probably a key example of that. Across the board, the system is very diverse.