Thank you, Mr. Chair.
Thank you, Ministers, for being with us this morning.
First, I want to talk to you about an article published in La Presse entitled “Quand Ottawa veut jouer au gérant d’estrade”. The article appeared in 2022, shortly after you tabled Bill C‑26. The bill was tabled some time ago—over eighteen months. One wonders if cyber security is indeed a priority for the Canadian government.
The article was written by Ms. Célia Pinto Moreira, a public policy analyst at the Montreal Economic Institute.
She begins her article as follows: “Imagine a referee at a Habs game approaching a player to explain how to shoot the puck into the net. He’d likely lose his job: it’s neither among his duties nor his field of expertise.”
She goes on to say that this is what Ottawa is doing with Bill C‑26. She says, “Instead of minding its own business, the federal government wants to interfere in the implementation of companies’ digital security plans.”
She adds, “In digital security, things move at breakneck speed. When a company discovers a flaw in its system, it knows full well that it has every incentive to fix it quickly; otherwise it exposes itself to significant legal, reputational and financial risks […]”
She goes on to say that the federal government is slow or inefficient, citing the passport saga.
We remember that saga. It’s been a while. Other examples include Phoenix, Canada Life, the border. I think the government has been slow and inefficient in those situations.
All in all, it seems likely that Canadian companies are currently well prepared. They already have to deal with cyber security incidents. It’s said that in 2021, Canadian companies invested over $10 billion to prepare for this type of breach. So they’re already doing the work.
In practical terms, what will Bill C‑26 change for Canadian companies?