Certainly, it's not only Conservatives who don't have confidence in those Liberals, but also an increasing number of Canadians who don't have confidence in the Liberals' ability to manage the country. I hear that on a regular basis. Again, if that member wants to be serious, I'm happy to have that conversation.
When it comes to Bill C-26, I'm glad to have the opportunity, after that member's push towards talking in circles, to get back to the matter at hand.
I have an article from the business law section of the American Bar Association that I think bears particular relevance to the conversation we are having. Chair, if you would indulge me, I believe it has context that is important to the discussions we are having. In particular, I find it interesting—and I'll jump into this article in a moment—how this provides important context.
The way the Liberals wrote the legislation does provide a great deal of latitude. There are two separate bills before Parliament, and certainly, they're taking great liberties when it comes to the assumption that things will pass, especially in a minority Parliament. That issue aside, the way the legislation was written, in particular, speaks to the larger conversation and especially to how it's different committees that study different aspects of these bills.
With Bill C-26, there was certainly some concern brought forward. I am a regular member of the ethics committee. There are some challenges in relation to this, and Mr. Strahl, in some of his interventions, referenced this. There are some specific noteworthy impacts. When it comes to the critical infrastructure being addressed in the context of Bill C-33, and the way the Liberals have taken liberty in writing the bill, which has a wide swath of expectations through to another bill, it certainly creates that context as to why this is so relevant.
This article that I will be referencing, Chair, and that I look forward to making part of this discussion, talks about the critical cyber systems protection act. It goes as follows:
The CCSPA introduces a new cybersecurity compliance regime for designated operators of critical cyber systems related to vital services and systems (“Designated Operators”). A critical cyber system is defined as a cyber system that, if its confidentiality, integrity, or availability were compromised, could affect the continuity or security of a vital service or system. Currently, the list of vital services and systems is comprised of the Canadian telecommunications system, the banking systems, and other federally regulated industries, such as energy and transportation. However, the Governor-in-Council may add new vital services and systems, and such Designated Operators will be governed by the CCSPA.
I would just take a brief pause there. I think the introductory paragraph of this article, which I am entering into the conversation, speaks to that direct relevance to the larger conversation related to Bill C-33.
The article goes on to say:
Under the CCSPA, Designated Operators must:
establish a cybersecurity program (details of which are more fully provided in the CCSPA and its regulations) within ninety days of an order being made by the Governor-in-Council;
implement and maintain a cybersecurity program, as well as annually review it;
mitigate cybersecurity threats arising from their supply chains, or products and services offered by third parties;
share their cybersecurity programs and notify appropriate regulators (namely, the Superintendent of Financial Institutions, the Minister of Industry, the Bank of Canada, the Canadian Nuclear Safety Commission, the Canadian Energy Regulator, and the Minister of Transportation) (the “Appropriate Regulators”) of material changes related to the business of Designated Operators and their cybersecurity programs—