Thank you, Madam Chair and members of the committee. My name is Todd Warnell. I am chief information security officer at Bruce Power, Canada's only private sector nuclear operator. Since 2001, Bruce Power has delivered about one-third of Ontario's electricity, and it produces life-saving medical isotopes used around the world to fight cancer.
I appreciate the opportunity to participate in your review of Bill C-8. Today I will focus on why it is imperative to proceed with this legislation, particularly part 2, the critical cyber systems protection act.
Canada's critical infrastructure is facing unprecedented cyber-threats that put the safety, reliability and daily lives of Canadians at risk. Bill C-8 is a pivotal first step to strengthening our collective resilience and securing essential services. This legislation is more than policy; it is a commitment to protect the backbone of our economy and national security in a rapidly evolving global threat landscape.
Within Canada's nuclear industry, we have demonstrated that through collaboration with government, regulators, industry, academia and individual Canadians, we can successfully establish and regulate cyber systems that are crucial to the safe and reliable operation of critical services.
Bill C-8 aims to secure essential systems, encourage proactive risk management and enable responsible government intervention in cases of significant cyber-threat.
The critical cyber systems protection act will introduce a broad framework from which all critical sectors, in collaboration with government and the regulators, can develop and implement risk-informed and performance-based regulations to enhance the reliability and resilience of critical services.
Recent publicly released information about Canadian and allied intelligence agencies has made it very clear that nation states and cybercriminal organizations are actively pre-positioning within critical infrastructure in Canada and beyond. These threat actors are preparing for disruptive and potentially destructive actions targeting essential services that Canadians rely upon daily. The Canadian centre for cybersecurity, as well as allied agencies such as the United Kingdom's national cybersecurity centre have issued stark public warnings about the increasing sophistication and persistence of these threats. The urgency to act is underscored by real-world incidents and ongoing campaigns that demonstrate both the capability and intent of adversaries to disrupt or damage critical infrastructure.
I will review a few key points on the benefits of moving forward on Bill C-8.
Number one is strengthening national security and safety. Bill C-8 is crucial for protecting national security by requiring private and public organizations within critical infrastructure to adopt robust cybersecurity practices. As cyber-threats evolve and become more sophisticated, securing critical infrastructure and services is paramount to national security and public safety.
Number two is enhanced risk management. By enforcing mandatory risk management practices, the bill would help organizations move away from a reactive posture to a proactive approach that minimizes risks before they escalate into actual incidents.
Number three is government authority in high-risk scenarios. Bill C-8 would give government the authority to act swiftly during severe threats to critical infrastructure, protecting essential services and public trust. To further strengthen the effectiveness of the approach, it would be beneficial for Bill C-8 to provide greater clarity and distinction between the role of the Canadian Centre for Cyber Security as the technical authority and the responsibilities of sector regulators. Clear separation of these roles will help ensure coordinated, efficient and expert-led responses to cyber-threats across Canada's critical infrastructure sectors.
Number four is alignment with our global allies. Our allies are implementing or have already implemented similar cybersecurity laws. Bill C-8 would allow Canada to align with international partners and make it easier for Canadian companies to operate globally within secure frameworks.
Last is economic security. Cyber-attacks on critical sectors have far-reaching economic implications. By ensuring that key industries and services are protected, Canada would also safeguard its economic stability, helping to prevent cascading consequences that could arise from disrupted services and infrastructure.
In conclusion, Bill C-8 is a well-intentioned and urgently needed step to address the pressing issue of cybersecurity in Canada and in Canada's critical infrastructure sectors. The threat environment has dramatically evolved, and the threats are no longer theoretical. Action is required now to protect Canadians and our allies.
Thank you for the opportunity to address the committee. I look forward to your questions.