Evidence of meeting #152 for Public Safety and National Security in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was cybersecurity.
A video is available from Parliament.
4:05 p.m.
Assistant General Counsel, Canadian Bankers Association
No, it would be the same standard. Banks take their obligations seriously regardless of the type of entity involved.
4:05 p.m.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
Fine.
Some witnesses told us that in certain countries the disclosure of cyber-attacks is mandatory. Are banks here required to disclose cyber-attacks on their systems to the Government of Canada?
4:05 p.m.
Liberal
The Chair Liberal John McKay
Excuse me, Pierre. We lost translation for about 10 seconds there.
Could you go back and start again, please? Thank you.
4:05 p.m.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
Fine, I'll repeat my question.
Several witnesses mentioned that in some countries banks have to disclose cyber-attacks. Is that the case in Canada? Does the Royal Bank, for instance, have to inform the government within a prescribed time?
4:05 p.m.
Assistant General Counsel, Canadian Bankers Association
Yes, it would. Banks, like any other organization that's governed under PIPEDA, the federal privacy legislation, are obligated in the event of a breach of their security safeguards to notify the Office of the Privacy Commissioner and any impacted individuals.
4:05 p.m.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
Are the banks reluctant? If, for instance, the Bank of Montreal is subject to an attack, this could affect its reputation. Do you think they are reluctant, or is disclosure automatic, without being called into question?
4:05 p.m.
Assistant General Counsel, Canadian Bankers Association
They are not wary of disclosing the fact that they've been attacked. It's a statutory obligation. In addition to that, because of the trust that the customers have placed in the bank, they want to make sure their customers are aware in the rare circumstance that there's been a cyber-attack.
4:05 p.m.
Director, Payments and Cybersecurity, Canadian Bankers Association
May I add that OSFI also requires banks to report?
4:05 p.m.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
I would now like us to talk about individuals.
4:05 p.m.
Liberal
The Chair Liberal John McKay
We have a problem with translation, and I had better stop the clock or Pierre will get upset.
I'm told that the interpreters' booth has technical problems and that, absent translation, we'll be obliged to suspend, regrettably. It's Pierre's fault that this whole thing has fallen apart.
4:05 p.m.
A voice
I hope you haven't been hacked.
4:05 p.m.
Voices
Oh, oh!
4:10 p.m.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
I won't complain about the official language. I'll ask my question in English as well.
4:10 p.m.
Liberal
The Chair Liberal John McKay
In order for me to proceed, I must have the unanimous consent of the committee to proceed in one official language.
4:10 p.m.
Some hon. members
No.
4:20 p.m.
Liberal
The Chair Liberal John McKay
Ladies and gentlemen, apparently we've fixed whatever difficulties we had.
We got started about 10 or 15 minutes late and we lost another five minutes with that exercise. This is inevitably going to bump us into our next panel. My thought is that we simply add 15 minutes on to this panel and start the other panel later. Is that acceptable? I believe we still have a vote here, so we're essentially not going anywhere anyways. This might work out.
Are you fine with that, Mr. Motz?
4:20 p.m.
Conservative
Glen Motz Conservative Medicine Hat—Cardston—Warner, AB
I thought you were buying me supper in-between, so I was a little concerned about that.
4:20 p.m.
Some hon. members
Oh, oh!
4:20 p.m.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
Thank you, Mr. Chair.
In the brief presented by the Canadian Bankers Association, which you tabled earlier, you spoke about the security of Canada's essential infrastructures: “The banking industry counts on other critical infrastructure sectors such as telecommunications and energy to deliver financial services for Canadians”. This leads me to my next question, which is about critical infrastructures abroad, such as in the United States, Europe or elsewhere in the world.
Do you collaborate and hold discussions with the financial sector representatives of other countries to find out about appropriate techniques, and which entities are responsible for cyber-attacks against their systems?
4:20 p.m.
Director, Payments and Cybersecurity, Canadian Bankers Association
Yes, our banks are involved in certain different international groups, one in particular in the U.S. called FS-ISAC, an information-sharing hub created in the U.S. but with a global reach. Our banks are certainly involved in that, as much as we share in Canada, as well.
4:20 p.m.
Conservative
Pierre Paul-Hus Conservative Charlesbourg—Haute-Saint-Charles, QC
Recently, the Americans expressed concerns regarding the infrastructure of telecommunications companies. Do you discuss issues that could arise from the integration of the 5G network in Canada with your American partners?