Transport Committee on March 24th, 2022

It's very difficult to rate from one to 10. I wouldn't be able to do that. What I will say is that they are engaged; they're competent; we know they're working on it.

We're not a regulator, so I don't know exactly how they're mitigating their risks. What I do know is that they tend to clearly understand the advice and guidance and they are engaged in terms of working with us. That's probably all I can say about that.

I can start, Mr. Chair.

We work on a voluntary basis. We certainly encourage all Canadian entities to report immediately to us. We're here to help and we're very happy to hear of them.

In terms of what has happened in the U.S., we're definitely going to be working with our colleagues and counterparts in the U.S. to learn how it's working there and then basically educate ourselves in terms of their experience.

I'd probably turn that over as more of a policy question.

Mr. Chair, maybe just to quickly go back to the previous question on whether certain sectors are prepared, further to my colleague's comments, this is top of mind for industry associations, such as the Canadian Forum for Digital Infrastructure Resilience, as well as Electricity Canada, formerly the Canadian Electricity Association. We have a lot of engagement with different industry association groups.

With respect to greater diligence and the proposal or the initiative you mentioned from the U.S., I would flag that budget 2019 did provide some funding to support new legislation aimed at protecting Canada's critical cyber-systems in four sectors: finance, telecommunications, energy and transport. This is something that continues to be developed by key departments and agencies around town. Certainly I would say that this is a top-of-mind issue both for our industry partners but also in terms of some continued policy work that we develop in-house to the federal government.

I would be happy to answer the member's question, Mr. Chair.

I thank the member for the question.

In fact, we are constantly exchanging information and listening to what is going on and what could jeopardize our presence and border fluidity because of its importance to the economy and to the security of Canada.

To answer your question directly, I don't have any information at the moment that demonstrates that, but it goes without saying that as a result of the sanctions that have been imposed, we are making sure that those cargoes, which are targeted, don't cross the border.

In terms of security, we have radiation detection portals in our seaports to make sure that containers coming in from overseas are checked for radiation and chemicals that might be in them.

We are always on guard, but I have no information at the moment that there are efforts to block the infrastructure.

Mr. Chair, I wouldn't mind chiming in, if you'll indulge me.

Looking back at the example of the recent blockades in February, I would preface this by saying that I also have no intel further to Mr. Vinette's response, but I think another area worth examining is the effects of misinformation and disinformation, which can cascade across social media platforms and be used to incite certain responses, shall we say, that have negative and disruptive consequences on Canadian critical infrastructure, notably in the context of transportation critical infrastructure.

Misinformation and disinformation is something that can have very strong destabilizing effects from a critical infrastructure stability and reliability perspective, but also in terms of social cohesion. That's something as well that I would like to flag to the committee.

Thank you for the question.

In fact, the CBSA works in partnership with Transport Canada, which is responsible for regulating security at airports, at our seaports, and elsewhere.

We always work very closely with Transport Canada to make sure that whenever there are threats or information comes to one of the partners, it's shared and then assessed to see if a response is required. In the maritime units, which monitor our coasts and are integrated teams of CBSA, RCMP, Coast Guard and our military colleagues, we work together to have an overview of what is happening in the maritime domain at all times. This is an example of our efforts to ensure the security of our ports of entry when there are ship movements. We deploy a similar effort on the airport side as well.

Thank you.

From a CSE perspective, we have [Technical difficulty—Editor] in defensive cyber-operations that we have both legislation and the capability to perform.

Ninety per cent of cyber incidents go unreported.

Furthermore, as I mentioned, there are no mandatory requirements for critical infrastructure operators or private sector entities to report cyber incidents.

You put your finger on a critical issue. The Canadian government and many entities simply do not have full visibility on the scale of the threat or the persistent nature of the threat. That is one of the key issues, and that is one of the reasons why President Biden moved to require mandatory cyber incident reporting for critical infrastructure.