Mr. Chair and members of the committee, my name is Byron Holland. I am the president and chief executive officer of the Canadian Internet Registration Authority, or CIRA. Thank you for the invitation to share our views and recommendations on Bill C-26.
CIRA is a private, not-for-profit organization best known for operating the “.ca” registry, with 3.4 million .ca domain names under management. CIRA's core mandate is a safe, stable and secure operation of the .ca domain and the global network that ensures that it's available no matter where in the world you are. We also have a broader mission to promote a trusted Internet, which we work toward by providing high-quality registry, domain name system and cybersecurity services, and by investing in the Internet community in Canada.
CIRA participates in numerous fora to promote the security and resilience of the Internet. Recently, this has included ISED's Canadian forum for digital infrastructure resilience and the CRTC interconnection steering committee. We are also long-time participants in global Internet governance. This includes extensive engagement with the Internet Corporation for Assigned Names and Numbers, or ICANN, the global overseer and coordinator of the domain name system that ensures that your web browser can reach websites like Canada.ca. We also contribute to the Internet Engineering Task Force, or IETF, where the technical standards that underpin the Internet are developed.
CIRA also provides cybersecurity services to help Canadians stay safe online. They include Canadian Shield, our free cybersecurity service that protects an estimated four million Canadians from online threats; DNS Firewall, our enterprise-level DNS protection used by more than a thousand Canadian organizations, including numerous critical cyber systems; and Anycast DNS, our global infrastructure that increases the performance and resilience of top-level domains like .ca, and helps mitigate malicious activity such as distributed denial of service attacks from foreign actors. Moreover, CIRA collaborates with several institutions to keep these services up to date, including the Canadian Centre for Cyber Security and the Canadian Centre for Child Protection.
CIRA strongly supports the government's objective to raise the baseline level of cybersecurity across critical infrastructure through Bill C-26.
We offer three recommendations to part 2 of Bill C-26, also known as the critical cyber systems protection act, or CCSPA, to better balance the bill's cybersecurity objectives with well-established best practices and oversight, information sharing and transparency.
First, to promote more effective oversight, the issuance of cybersecurity directions under the CCSPA should be subject to section 3 of the Statutory Instruments Act. This would ensure that cybersecurity directions are examined by the Clerk of the Privy Council in consultation with the deputy minister of justice.
Second, to increase confidence in the proposed information sharing enabled by the CCSPA, conditions on the use of information should be strengthened. Currently, Bill C-26 does not explicitly limit how government entities can use information collected under certain sections. For example, CIRA believes it would not be appropriate for the CSE to use data collected under section 15 of the CCSPA for purposes other than its cybersecurity and information assurance mandate.
Third, to promote transparency, the CCSPA should be amended so that information on cybersecurity directions is reported to Parliament on an annual basis. This would include information on the number of cybersecurity directions issued and revoked, as well as the number of designated operators impacted.
We have provided specific legislative wording for each of our recommendations in our written submission.
In conclusion, CIRA recognizes the need for some level of secrecy and timeliness in matters of national security and public safety. However, secrecy and expedience must be counterbalanced by the addition of provisions in Bill C-26 that would enhance Canadians' trust and confidence in the proposed legislation.
Thank you.