I will with pleasure, Mr. Chair—with a lot of pleasure.
Thank you, Mr. Chair.
Thank you, colleagues, for inviting me to speak about Bill C‑26, which pertains to cyber security.
I am pleased to be here with my colleague François Philippe Champagne and the other officials kindly named by the Chair.
Our critical infrastructure is becoming increasingly interconnected, interdependent and integrated with cyber systems. Canada's critical infrastructure plays a vital role in the delivery of essential services and the necessities of daily life. In order to safeguard our economic and national security, we need to take a more complete picture of the cybersecurity threats facing Canadians. We believe that Bill C-26 would be an important step in accomplishing that task.
This proposed legislation will protect Canadians and bolster cybersecurity across the federally regulated financial, telecommunications, energy and transportation sectors. These sectors are all critical contributors to both Canada's economy and the security of Canadians. Because of their vitality, they are also, obviously, attractive targets for malicious cyber-enabled activity, such as espionage, data and intellectual property theft, and of course sabotage itself.
These concerns are not just hypothetical. Recently the Canadian Centre for Cyber Security joined Five Eyes' operational partners in warning that People's Republic of China state-sponsored cyber-actors are seeking to pre-position themselves for disruptive or destructive cyber-attacks against the United States' critical infrastructure in the event of a major crisis or conflict with our neighbour to the south.
Cyber incidents are happening in our critical infrastructure sectors on almost a daily basis. In January 2023, CBC News reported that a territorial and Crown corporation, and the sole energy distributor in Nunavut, fell victim to a cyber-attack. In June of last year, the Calgary Herald reported that Canadian energy company Suncor suffered a serious cyber incident that shut down debit and credit processing at Petro-Canada gas stations across the country. We all remember the cyber incidents that paralyzed the Newfoundland and Labrador health care system in 2021.
Bill C-26 would help to defend our critical infrastructure and the essential services that Canadians and Canadian businesses rely on every day. This new act would increase collaboration and information sharing between industry and government and would require designated operators to report cybersecurity incidents to the Communications Security Establishment, which, as colleagues know, is an agency within the Department of National Defence.
By improving the government's awareness of the cyber-threat landscape in these critical, federally regulated sectors, we can warn operators of potential threats and vulnerabilities so they can take action to protect their systems and to protect Canadians as well.
However, the government can’t do it alone. That’s why we’re committed to working closely with our industry partners, through the formal regulatory process, to create a clear, consistent and harmonized regulatory regime across all provinces and territories.
We must and we will work alongside our allies, in particular the United States, to make sure that our interconnected critical infrastructure is protected.
This legislation is consistent with the cybersecurity approaches of our allies, and we have been engaging with international partners to identify opportunities for further collaboration. As recently as Tuesday of this week I participated in a Five Eyes ministerial call, during which Secretary Mayorkas, the U.S. Homeland Security secretary, raised many of the issues we're going to talk about this morning.
We found that stakeholders broadly support the intent of the bill and agree that we must work together to protect our critical infrastructure from cyber threats. However, some expressed concerns about certain aspects of the bill. We have, of course, listened carefully to the points raised by our colleagues in the House of Commons and others concerning transparency, accountability and the protection of Canadians’ privacy.
Fundamentally, this bill will help protect the privacy of Canadians’ personal information. Canada’s critical infrastructure systems, while secure, are not impenetrable. By requiring Canada’s critical infrastructure operators to maintain high levels of cyber security, we are also reducing the likelihood of personal data breaches on their systems.
I look forward to working with you, Mr. Chair, and Committee members, on all these issues. Of course, if the Committee deems it necessary, we are prepared to consider amendments that could strengthen the bill. In addition, we look forward to working with you to ensure that this bill is passed and that Canada remains a safe, competitive and connected country in a more secure environment.
Thank you.
I look forward to hearing what my colleague Mr. Champagne has to say—which is why I’m here this morning—and to answering questions from Committee members.