Evidence of meeting #92 for Public Safety and National Security in the 44th Parliament, 1st Session. (The original version is on Parliament’s site.) The winning word was cybersecurity.
A recording is available from Parliament.
5:10 p.m.
Conservative
5:10 p.m.
Conservative
Larry Brock Conservative Brantford—Brant, ON
I heard all kinds of backroom chat between Ms. O'Connell, Mr. Bittle and their team. If we want to talk about dirty laundry, let's get it all out on the table.
5:10 p.m.
Conservative
The Vice-Chair Conservative Doug Shipley
Thank you. I'm not sure that's a point of order.
Go ahead, Ms. O'Connell.
5:10 p.m.
Liberal
5:10 p.m.
Conservative
The Vice-Chair Conservative Doug Shipley
Folks, I'm going to speak up here.
Everybody's complaining about not having enough time. We are wasting more time on points of order.
5:10 p.m.
Liberal
Ron McKinnon Liberal Coquitlam—Port Coquitlam, BC
I understand. However, points of order need to be done.
5:10 p.m.
Conservative
The Vice-Chair Conservative Doug Shipley
I have the floor right now, Mr. McKinnon. The chair is speaking right now. I'll address you in a moment.
5:10 p.m.
Conservative
The Vice-Chair Conservative Doug Shipley
Thank you.
Folks, if we do want to wrap this up.... We have the time stalled right now.
Ms. O'Connell, you have just over a minute left.
We will proceed with Mr. McKinnon, who has a point of order.
Go ahead.
5:10 p.m.
Liberal
Ron McKinnon Liberal Coquitlam—Port Coquitlam, BC
I was just wondering which of our four Conservative colleagues are members of this committee and which are substitutes.
I would ask for clarification as to whether people who are not members of this committee can move points of order.
5:10 p.m.
Conservative
The Vice-Chair Conservative Doug Shipley
Right now, the clerk has informed me that Mr. Lloyd, Mr. Motz and Mr. Brock are in this committee today.
Go ahead, Ms. O'Connell.
5:10 p.m.
Liberal
Jennifer O'Connell Liberal Pickering—Uxbridge, ON
Thank you, Mr. Chair.
Once again, the Conservatives talk tough on crime. Mr. Brock can raise whatever supposed conversation he claims to have heard, because I guarantee it didn't exist, but I heard him talk about not even knowing what committee he was coming in to filibuster or what issues it was on.
It's been demonstrated very clearly that the Conservatives had time to ask questions and didn't bother.
I'll move to the witnesses on Bill C-26.
Mr. Shipley, you talked about the importance of this legislation. You raised examples of a natural gas pipeline that was hacked and what that does for critical infrastructure, including workers who might work in the energy industry. What happens if Canada is not prepared for a cyber-attack in our energy industry?
5:10 p.m.
Chief Executive Officer, Beauceron Security
We got lucky with this last attack. That's everything I have been told publicly. We only know about this attack because an American soldier leaked it. Otherwise, the Canadian public wouldn't know about it—
5:10 p.m.
Conservative
The Vice-Chair Conservative Doug Shipley
Mr. Shipley, I'll have to ask you to wrap this up quickly, please. I said I was going to keep it tight to two minutes.
Go ahead.
5:10 p.m.
Chief Executive Officer, Beauceron Security
I do want to get to something that was raised about cars.
Modern cars right now are software. The reason they're being stolen so easily is that they're easily hackable. If you want to talk about something that should keep you awake at night, it's the fact that Elon Musk at Tesla does over-the-air updates and every single Tesla in this country could get bricked. There's not a law on the books holding them accountable in this country, either for the cybersecurity of it to prevent theft or, more broadly, to prevent the actual cause of a major accident.
We need to move.
5:10 p.m.
Conservative
The Vice-Chair Conservative Doug Shipley
Thank you, Mr. Shipley.
I hate to cut people off, but we are very tight on time.
Ms. Michaud, you have two minutes, please.
5:10 p.m.
Bloc
Kristina Michaud Bloc Avignon—La Mitis—Matane—Matapédia, QC
Thank you, Mr. Chair.
Ms. Bahr‑Gedalia, you spoke earlier about introducing a 72‑hour deadline to give companies time to report an incident to the government.
In the current version of Bill C‑26, it says that incidents must be reported as soon as they occur. You believe that the deadline you are proposing could give businesses a boost. I also think that 72 hours would be a good time frame, particularly to manage the additional paperwork that this bill will create.
As a chamber of commerce representative, you surely talk to companies and must know their opinion on this bill. What are you hearing from them?
What are the arguments behind the proposal to give them a little more time?
5:15 p.m.
Senior Director, Digital Economy, Technology and Innovation, Canadian Chamber of Commerce
Thank you for the question.
First of all, when an attack happens, you need time to figure out the nature and scope of the attack. That can't happen immediately. That 72 hours that the members were looking at is actually from the time you become aware of it.
It is based on recommendations by the United States, in their Cyber Incident Reporting for Critical Infrastructure Act, or CIRCIA, which is from 2022. It has been in practice. We like to learn from those who have actually applied best practices.
I hope this answers your question.
5:15 p.m.
Bloc
Kristina Michaud Bloc Avignon—La Mitis—Matane—Matapédia, QC
Yes, thank you very much.
Mr. Shipley, earlier you gave the example of Australia. IBM Canada also talked about international standards.
Can you give us an example of a cybersecurity law that has been passed by a country that we should read? In my opinion, everyone agrees that Canada is lagging behind a bit when it comes to cybersecurity.
5:15 p.m.
Conservative
The Vice-Chair Conservative Doug Shipley
Ms. Michaud, you've had your two minutes. I'm sorry.
Perhaps the witnesses could supply that answer in writing or contact Ms. Michaud after.
Mr. Julian, you have two minutes.
5:15 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
I'm going to go back to Ms. Michaud's question about countries that have adopted models. What models should we be looking at?
My second question is for Mr. Traoré and concerns the protection of the confidential information of merchants. How important is it that the bill protect that information?
5:15 p.m.
Government and Regulatory Affairs Executive, IBM Canada
This is extremely important in a number of respects.
Socio‑economic considerations come to mind. We know the importance of data; we know its value. This is obviously data that needs to be protected. We do not want them to end up in the hands of people who are not authorized to have access to them.
It is indeed something that we support, as a company and as an entity of Canada. It's very important.
5:15 p.m.
NDP
Peter Julian NDP New Westminster—Burnaby, BC
Thank you very much.
I'll start with Ms. Proctor.
What are the best countries in terms of the models we should be looking to?
5:15 p.m.
CyberSecurity Service Line Executive, IBM Canada
There are a number of countries that we can emulate based on some of their responses to various activities, being mindful that cyber is a global issue. While there are jurisdictions within individual countries, many of the corporations that are headquartered and operate out of Canada certainly are multinational, so I think it's great to be looking at additional countries. I would encourage you to start with all of our Five Eyes allies.