Thank you for that.
We know the Russian government has close allyship and coordination with several criminal organizations. It has partnered with these criminal organizations to do its dirty work. Often, this has very real consequences around the world, including here in Canada.
We have heard from witnesses that the federal government and businesses under federal jurisdiction have some pretty top-level security—our national banks, and so on. The concern is for subnational organizations and governments: our provincial health care systems, the cybersecurity of our big cities, and even major businesses.
First, how are you tackling that problem?
Second, we've had some witnesses call for mandatory incident reporting. Sometimes, businesses are loath to report they were held hostage by ransomware. They find it's just easier to pay off the person and not report it. There can also be a threat of further damage if they do, in fact, report it to the authorities.
What steps are you taking with regard to those two questions?