Public Safety Committee on April 18th, 2023

Thank you, Mr. McGuinty, and thank you all for all your work over these many years to work to keep us safe.

We'll start now with our first round of questions. We'll start with Mr. Shipley for six minutes, please.

Thank you, Chair, and thank you to the members for being here today and for sharing your time.

I'd like to start off by directing my first question to Mr. McGuinty, and if he has to pass it along, that's fine.

Mr. McGuinty, at the beginning of March, the Prime Minister's Office asked the Clerk of the Privy Council and the Minister of Intergovernmental Affairs to bring forward a plan to implement the five years of outstanding recommendations from your committee.

Given that it is now mid April, are you aware of any outstanding recommendations having been implemented since that announcement?

The committee received, I believe maybe a week ago or less, a document that is an attempt to update Canadians on recommendations to counter foreign interference in Canada's democratic institutions. I believe the assignment given to the clerk and to Minister LeBlanc by the Prime Minister was to speak directly to recommendations not only from NSICOP but also from other authors who had evaluated the protocol process. I think the assignment was to let Canadians know how far the government has come in implementing our recommendations and its recommendations.

We're encouraged with what we've seen, but we would encourage this committee to call the government again to perhaps provide more detail on how it is moving forward.

Thank you for that. It's a nice segue to my next question.

I was a little shocked to find out that the government has only responded to one report in the five years of NSICOP's existence. Do you think a set time period in which the government must respond to your report should be implemented?

It's an issue that's live among the committee members. Trying to ensure that the work that's done...it's very difficult, to be candid with colleagues. It's difficult and it takes a long time to arrive at these recommendations. We don't arrive at them lightly. The deliberations are long and extensive. There are some folks at this table who, I think, sat on our committee and understand what we speak about here.

We are hopeful that the government will now pay close attention, perhaps closer attention, to some of the recommendations, like what we put forward here today on cyber.

Again, I would encourage this committee to ask the government to come forward and to explain to what extent it has implemented the recommendations to bring more federal organizations inside the cybersecurity perimeter.

Thank you for that. Maybe I'll delve into that a little further.

We are all, obviously, sitting on committees, and it's great work that your committee is doing. We all work hard in these committees. Sometimes I wonder about these reports and what happens to them. Do they just go and sit on a shelf somewhere?

From what I mentioned in my last question, is your committee sometimes feeling that perhaps it's just not being acted on enough?

There may be some times when we're looking for more immediate take-up. Sometimes it's difficult to point to the effects of the work. For example, the new architecture of review in Canada has compelled many organizations that are now subject to review to actually buttress and create new units inside their departments, such as the Department of National Defence. Prior to the existence of NSICOP and NSIRA, the Department of National Defence didn't really have a formal mechanism to respond to external review and now it does. That's encouraging.

The new architecture of review is pulling the government forward as a whole. There are some things we can point to directly. For example, the government did announce in the budget the creation of a foreign interference coordinator role at Public Safety—which is also in its recent report that I pointed to a minute ago entitled “Countering an Evolving Threat”. We've seen that some of the recommendations from NSICOP ended up directly in mandate letters for ministers, like DND and Public Safety. We've seen the public safety minister act directly on a CBSA review recommendation and implement direct change.

We're always looking for more take-up and more traction, because the purpose of the committee, why we're here, is to improve the situation for Canadians.

Thank you for that.

Mr. McGuinty, you touched on something in your opening remarks, namely, that we will soon be implementing or starting a five-year review of NSICOP.

I know this might be a little premature, but just to get our minds centred around some things, are there any major themes you would see for changes that we should be looking towards and implementing from that review?

Thank you, Mr. Shipley.

I'm out of time, so thank you, all of you, for the work you do and for being here today.

We will go now to Mr. Noormohamed.

Go ahead, please, sir. You have six minutes.

Thank you, Mr. Chair.

Thanks to all of you for your appearance here and being with us today.

I'd like to dig a bit into the importance of this committee.

Mr. McGuinty, you, your team and your colleagues have done a remarkable job of making sure that the work your committee does has been in the main non-partisan, with a tremendous amount of collaboration, and with what I hope are recommendations that all of us take seriously.

One of the concerns I've had over the course of the last few weeks particularly has been the attempt to politicize the nature of the work you do. I want to quote a specific comment that was made by the Leader of the Opposition in which he says, “NSICOP has been used in the past...and is being used here...to avoid accountability. It takes place in secret and is controlled by Justin Trudeau.”

I think it's important for Canadians to hear first-hand from you, as the chair, (a) whether or not that is true, (b) how you believe the role of NSICOP should be seen and, most importantly, how Canadians should view the committee and the important work your committee does.

Perhaps, Senator Lankin, you might also like to weigh in on this.

The committee scrupulously avoids partisanship. I think the highest compliment that's been paid to the committee since we began is that a number of folks who have appeared before us have often said that if you were to close your eyes and listen to the conversation at the table, you actually wouldn't know from which political persuasion the commentary is coming.

We built what I think we like to refer to as “a nobility of purpose” around the work. We think there are some issues that transcend partisanship, that transcend any one government, and national security and intelligence is one of those issues.

It was a unique opportunity for Senator Lankin and me, in particular, who have been there since the beginning, to stand up the organization. It was like flying a fighter jet as we were building one. But the purpose of the committee really should transcend my chairmanship, our membership, the senior secretariat staff. It's an important mechanism for the future to allow for a full airing of classified information among colleagues from both Houses to treat these very important issues.

We all respect and understand that what goes on in the other arena, called the House of Commons or the Senate, is natural and is going to occur. The push and pull, the cut and thrust of that, is democracy, but when it comes to access to classified information and the treatment and the handling of that information, and the quiet, non-partisan opportunity to deliberate as colleagues, on behalf of 39 million Canadians, we think this is a really important structure for Canada, going forward, no matter who is in government, no matter who holds the seat as prime minister or minister, no matter what configuration the committee has.

There are comments sometimes about the role of the Prime Minister or of the government in the work of the committee that are, I would say, considerably off the mark. In the nine, 10 and soon 11 reviews that we have conducted, the Prime Minister of Canada has never instructed this committee to do anything. In fact, the only time we consult with the Prime Minister of Canada on our work is when we're presenting our reviews when the product is finished. The Prime Minister has an obligation to instruct the committee to redact, but on very, very transparent grounds.

The team that is here with us today—not just the members, but our senior secretariat folks—is extremely agile when it comes to entering into a discussion with officials in the government to say, let's talk more about that proposed redaction. We always tend towards being more transparent rather than less. We think that's important for Canadians to understand.

The debate that's going on now in the House, the Senate and in society is an important one; it's a really important one, but it's also a teachable moment for a lot of Canadians. For example, what is classified information? Why is classified information classified, and when can it be shared and when can it not be shared, and why isn't it being shared? Canadians get that. They can fully understand that.

We're trying to do our part in helping them understand that, and I'm sure Senator Lankin has much to add to that.

Thank you, Senator.

Thank you, Mr. Noormohamed.

I will now give the floor to Ms. Michaud for six minutes.

Thank you, Mr. Chair.

Mr. McGuinty, thank you very much to you and your team for coming here today. Thank you as well for the work that you do.

Before diving deeper into the annual report and the reviews you have carried out, I have a question. You mentioned that starting now, instead of publishing the summaries of your reviews in the annual report, you will publish them in special reports. I could not tell whether there was a reason for that decision. If there was, could you please explain it?

We have to submit a report to Parliament every year. At first, we combined all reviews, like this one on cyber-attacks. As you can see, it's quite lengthy. We decided that, instead of presenting everything together in the annual report, we should conduct the reviews one at a time and submit them individually. That way, we have more time to work together. It is also easier for Parliament, the Prime Minister, and senior officials to receive the reviews and follow up on them.

That is the reason why we chose to separate the reviews. Before, in a single annual report, there might have been three reviews all at once. We made this decision to better manage our work. It was easier for us to operate this way.

Thank you. This approach might also enable people to look into each detail of the reviews. Otherwise, when everything is lumped together, it's time-consuming to read and difficult to keep track of all the information.

As you probably know, our committee has studied Canada's posture in relation to Russia. In particular, we looked into the issue of cybersecurity, to determine if Canada was prepared to respond to threats of this kind. I take it that your committee has also looked at this matter in depth.

You say the government adopted a horizontal framework to protect itself against cyber-attacks. When we questioned witnesses who appeared before the committee, what we gathered was that non-government organizations are not always required to rely on the government or the various government services that are there to help them deal with threats or cyber-attacks. While it's understandable, I was nevertheless surprised to see that some government organizations did not possess exactly the same resources and tools, or if they do have them, they don't necessarily want to use them.

Can you tell us more about that and come back to the recommendations you made to the government?

It is an architecture problem. The Financial Administration Act of Canada gives deputy ministers and the CEOs of Crown corporations the authority to decide if whether or not they will be part of the cyber‑defence program provided by the federal government. We believe that this is a significant weakness.

We're only as strong as our weakest link.

Our cyber‑defence system is well regarded nationally and internationally; it's a very solid system. However, if a cyber‑attack is launched on a department, agency or Crown corporation that is not protected by our defence system, that could be used as a gateway into the entire governmental system.

That's the reason we are recommending that the federal government amend The Financial Administration Act in order to require that all organizations and Crown corporations be protected by the system provided by Shared Services Canada and the Communications Security Establisment.

Has the government answered in the affirmative? Actually, has it answered at all? I don't remember if there was an answer.

We are still awaiting a definitive answer, but we do encourage your committee to go ahead and communicate with the government, in this case that would be Treasury Board, to ask how things stand.

As you explained, departments and agencies that have chosen the cyber‑defence system could be indirectly infiltrated through others that haven't made that choice and have become the targets of a cyber‑attack. That's why it's so important to use the system.

Do you have any other recommendations that you would like to make today or is there anything else you'd like to highlight from your cybersecurity review?

We know that cyber‑attacks are a sign of the times. There are more and more of them. Just last week, there were all sorts of reports in the media. The websites of the Prime Minister, Hydro‑Québec and many other organizations were hit by cyber‑attacks. I am guessing that recommendations will be made and that the system is unfortunately not quite 100% bulletproof right now.