We can talk about the responsibility for regulation.
My preference is not to overly regulate. Once again going to small and medium-sized businesses, do they have the resources to respond to regulation? It is potentially more of a supportive environment, communication environment. Whether you're a small or large organization, or a home owner with a network in your house, which we all have, there are immeasurable resources out there, from Public Safety Canada, RCMP and others, to help us secure our systems. For a small business, those can be very useful.
On closing the gaps, quite frankly, the gaps can be closed, but you need to understand them. You need to understand the gaps, the impacts of those gaps, and you need to understand who wants to do you harm.
I'll give you an example. If you look at the financial sector versus the agricultural sector, there may be different threat actors going after each one of those. The disruptive actors who just want to create disruption will go after anybody. You need to identify your gaps and you need to close them.
The bad news there is that the world is changing around you. The environment is changing around you as you're doing all of these things. If I assess a system today, or a system of systems, and I'm down a two-year road to close those gaps, which is not unreasonable, what other gaps are presenting themselves during that period of time, and how can I be relevant and move the program forward at all times?