Public Safety Committee on Jan. 30th, 2019

What is your answer to those who say that we lag behind other countries and that we are dragging our feet? You heard Mr. Leuprecht's presentation; he is a professor at the Royal Military College of Canada and he was very clear on this topic. He is not the only one, because experts from everywhere seem to be saying that this is quite obvious.

As I was saying, from a technical point of view, it is difficult for us to decide. We must depend on people like you to make a decision that is critical for Canada. Do you have enough information today? In September, you said that you were able to ensure the protection of Canadians. Is that still the case today, on January 30, 2019?

So, for the moment, we still don't know if Canada can trust Huawei.

Let's leave that company aside for now and move on to the financial sector, and the banks. Mr. Leuprecht also provided interesting information concerning financial transactions, which can now come from anywhere, since the Internet is global.

According to the CRTC, it's impossible to broadcast Canadian content abroad. When you go to the United States or elsewhere, you cannot listen to TVA, for instance, because that network is not accessible. So, there are certain barriers that exist regarding communications. Why do those barriers not also exist for the banks? Do you know? Do you know why from a technical point of view it is possible to have barriers for one activity but not for another? I don't know if it falls within your mandate to answer that.

Professor Leuprecht just told us that the Internet is an open space, but when we travel, we can't watch Canadian TV, so why can't we block communication between banks or whatever?

You have a minute and a half.

In conclusion, I'd like to talk about China. Things are very sensitive at this time. We know that in diplomacy we have to be cautious, but from the point of view of national security, it is a fact that China often has malicious objectives involving various countries, including Canada.

Do you consider China to be a potential threat to Canada's security?

Fine, but do you think that Canada should be frightened of China?

Thank you.

Thank you, Mr. Paul-Hus.

Mr. Dubé, you have seven minutes, please.

Thank you, Mr. Chair.

Mr. Jones and Mr. Belzile, thank you for being here.

Ms. Damoff asked you some questions on the banks' policy with regard to reporting breaches or problematic situations. For my part, I want to follow up on the questions I asked the representatives of the RCMP on Monday.

Things were not clear. An update of the law now requires that businesses report information leaks to the Privacy Commissioner. Those representatives told us that the new police centre—I too have forgotten the names and the acronyms—does not have the same obligation, and they are trying to work with those organizations. Is there a duplication of efforts? If a bank reports a suspicious or worrying incident to you, do you also report it to the police, so that they can do work of their own?

Fine.

I know it can be difficult to make statements on hypothetical situations. Suppose an enterprise reports a suspicious situation to you, but does not report it to the police for some reason, be it public relations, financial consequences or other things. If there is enough evidence to have you suspect that a criminal act was committed, do you inform the police about the case so that can begin an official investigation?

Fine.

You mentioned the report on cyber threats which was tabled. In your presentation, you said the following:However, we assess that at this time it is very unlikely that state-sponsored cyber threat actors would intentionally seek to disrupt Canadian critical infrastructure.

Is the threat unlikely only in the financial sector or is that also the case for all critical infrastructure sectors?

The other piece I just want to touch on is related to the announcement today on elections. I know that here we're studying the financial sector, but there's another issue I'm wondering about. In the announcement that was made, CSIS seems to be taking the lead with CSE, using its assistance mandate to provide support from that perspective. CSIS is engaged in threat reduction, which is certainly a debate that has been had and that we will continue to have, but not necessarily at this time. Given that we're studying the financial sector, I'm just wondering....

An election is a specific event in time. Time varies, certainly, as we all know. That being said, is there a trend there? Is there a precedent being set for CSIS taking the lead on engaging with actors that might pose a cybersecurity threat, or is this just a one-off for that specific event? For example, if there is a concerted effort in the financial sector—which our study is about—or in any other sector, is this something that's going to be recurring, or is this, again, related to elections specifically?

Just really quickly, with the 15 seconds I have left, would that structure and who's taking the lead look different if Bill C-59 receives royal assent today?