Who is responsible? It's unclear. That was part of my testimony. We need to clarify roles and responsibilities, and that clarity doesn't exist right now. We don't have a unity of effort.
When it comes to Bill C-26, it's an important start. We are late to the game when it comes to mandatory reporting on cyber-incidents in critical infrastructure, so we welcome that initiative. However, it's limited to four sectors.
The reality is that there's a lot of policy action happening right now. The critical infrastructure strategy is being renewed. It was drafted in 2009. Cyber isn't even mentioned. Then we have the national cyber security strategy and Bill C-26. All of these need to be united.