Thank you, Mr. Chair and members of the committee, for the invitation to appear today and discuss Bill C-26, an act respecting cybersecurity and amending the Telecommunications Act.
My name is Sami Khoury and I am the head of the Canadian Centre for Cyber Security—also known as the cyber centre—at the Communications Security Establishment.
As you know, the world is becoming increasingly interconnected and our reliance on technology continues to grow. However, this dependence exposes us to new risks and threats, particularly in the realm of cybersecurity and critical infrastructure. It also requires us to adopt new tools to strengthen our cyber-defences and respond to emerging cyber-threats.
We take these threats and the rise in state-sponsored attacks seriously, which is why we are committed to defending the Government of Canada and keeping its systems secure from cyber threats.
I'll begin today by providing an overview of the cyber centre and CSE's mandate to this committee.
The cyber centre, part of CSE, is Canada's technical authority for cybersecurity and information assurance. It's also responsible for serving as a unified source of expert advice. In its operational capacity, the cyber centre shares cyber-alerts and threat assessments across the GC to ensure that our information systems remain secure, responsive and well defended.
The Canadian Centre for Cyber Security uses autonomous sensors to detect malicious cyber activity on government networks, systems and cloud infrastructure.
These sensors allow the cyber centre to detect cyber-threats. Our classified knowledge of threat actor behaviour allows us to defend against and block these threats.
CSE also has a foreign signals intelligence mandate and conducts cyber-operations to support Canada's national security objectives. This allows us to provide intelligence on foreign cyber-threats, including the activities and intentions of state and non-state actors, which is used to defend Canada.
Together, the foreign intelligence branch and the Canadian Centre for Cyber Security work hand in glove to detect and prevent cyber attacks on government networks, critical infrastructure and other Canadian organizations.
I'd like to highlight a few of the key changes included in Bill C-26.
To continue to adapt to the ever-evolving threat environment, Bill C-26 is a critical next step that provides the government with new tools and authorities to better bolster defences, improve security across critical federally regulated industry sectors, and protect Canadians and Canada's critical infrastructure from cyber-threats.
This legislation would also establish a regulatory framework to strengthen cybersecurity for services and systems that are vital to national security and public safety and give the government a new authority to issue cybersecurity directives to respond to emerging cyber-threats.
At the Canadian Centre for Cyber Security, the legislation will facilitate the sharing of information, as necessary, to protect critical infrastructure and investigate reported incidents and provide mitigation advice.
It would also allow regulators to request advice, guidance or services from the CSE by providing information about the designated operator's cybersecurity program and mitigation of risk from the supply chain or use of third party products and services.
We are aware of the privacy concerns raised by some stakeholder groups about the reporting obligation of cybersecurity incidents to the CSE. The CSE and its cyber centre have an important responsibility to protect Canadians' privacy and personal information, and we take it very seriously.
Moving forward, we are hopeful to see the continued progress of Bill C-26 in Parliament.
Members of the committee, I can assure you that as the cyber-threat landscape in Canada continues to evolve, the CSE and the cyber centre remain dedicated to ensuring that the necessary protections are in place to support critical infrastructure and work closely with our partners.
We encourage Canadians to consult cyber.gc.ca for up-to-date advice and guidance related to cyber threats or if they wish to receive more tailored cyber threat information.
We also encourage victims to report a cyber-incident to the cyber centre through our online portal at cyber.gc.ca, so that we can help share threat-related information with our partners to help keep Canada and Canadians safe online.
Thank you for the opportunity to contribute to this important discussion. I'm looking forward to answering any additional questions you may have.