Debates of Dec. 1st, 2022

Madam Speaker, this bill gives the government of the day boundless opportunities to abuse our privacy and to issue secret orders.

One can only imagine what would have happened during the lockdowns with secret orders going forth. For even a peaceful demonstration coming to Parliament Hill, imagine the types of punishments, accusations and jail time, not just freezing bank accounts and taking money from lawful people.

Madam Speaker, it is an honour to enter into debate in this place, especially when it comes to issues that are so very pressing in relation to national security and some of the challenges that our nation is facing. I would suggest the whole discussion around cybersecurity is especially relevant, because we are seeing highlighted, each and every day, a drip of new information related to foreign interference in our elections.

It highlights how important the conversation around cybersecurity is. It is often through computer and technological means that these malicious, foreign state actors will attack Canadian infrastructure. It is particularly relevant that I rise to debate Bill C-26, relating to the Liberals' recently introduced bill on cybersecurity, and I would like to highlight a couple of things.

The first thing is about seven years of inaction. I find it interesting, after seven years, how it was heard at the ethics committee from a whole host of experts in the field, including on cybersecurity and a whole range of issues, that the government is missing in action. It is not just about the government's inaction, but it is missing in action when it comes to some of the key issues surrounding things like cybersecurity. It has the direct consequence of creating uncertainty in terms of the technological space in the high-tech sector, which has massive opportunities.

We hear the Ottawa area referred to as silicon valley north. We have the Waterloo sector that has a significant investment in the high-tech sector. In my home province of Alberta, there is tremendous opportunity that has been brought forward through innovation, specifically in the Calgary area where we are seeing massive advancements in technology, but there is uncertainty.

Over the last seven years, the government has not taken action when it should have been providing clear direction so that industry and capital could prosper in our country. That is on the investment and economic side, but likewise, on the trust in government institutions side, we have seen an erosion of trust, such as the years-long delay on the decision regarding Huawei.

I and many Canadians, including experts in the field, as well as many within our Five Eyes security partners, were baffled about the government's delay on taking clear and decisive action against Huawei. Even though our Five Eyes, a group of countries that shares intelligence and has a strong intelligence working relationship, sees how inaction eroded the trust that these other nations had in Canada's ability to respond to cyber-concerns and threats. There is the fact that a company, a state-owned enterprise, has clear connections to a malicious foreign actor.

That delay led to incredible uncertainty in the markets and incredible costs taken on by private enterprise that simply did not have direction. Imagine all the telecoms that may have purchased significant assets of Huawei infrastructure because the government refused to provide them direction. There were years and years of inaction.

I will speak specifically about how important it is to understand the question around Canadian institutions. I would hope that members of the House take seriously the reports tabled in this place, such as from the public safety committee, which in the second session of the last Parliament I had the honour of sitting on. There is a whole host of studies that have been done related to this.

Then there are the CSIS reports tabled in this place containing some astounding revelations about foreign state actors and their incursions and attempts to erode trust in Canadian institutions. Specifically, there was a CSE report for 2021, which I believe is the most recent one tabled, that talks about three to five billion malicious incursions in our federal institutions a day via cyber-means. That is an astounding number and does not include the incursions that would be hacks against individuals or corporations. That is simply federal government institutions. That is three to five billion a day.

There are NSICOP reports as well. The RCMP, military intelligence and a whole host of agencies are hard at work on many of these things. It highlights how absolutely important cybersecurity is.

I find it interesting, because over the last seven years the Liberals have talked tough about many things but have delivered action on very few. Huawei is a great example. Cybersecurity is another. We see a host of other concerns that would veer off the topic of this discussion, so I will make sure that I keep directly focused on Bill C-26 today. The Liberal government is very good at announcing things, but the follow-through often leaves much to be desired.

We see Bill C-26 before us today. There is no question that action is needed. I am thankful we have the opportunity to be able to debate the substance of this bill in this place. I know the hard work that will be done, certainly by Conservatives though I cannot speak for the other parties, at committee to attempt to fix some of the concerns that have been highlighted, and certainly have been highlighted by a number of my colleagues.

The reality is Canadians, more and more, depend on technology. We saw examples, when there are issues with that technology, of the massive economic implications and disruptions that take place across our country. We saw that with the Rogers outage that took place in July. Most Canadians would not have realized that the debit card system, one of the foundational elements of our financial system, was dependent upon the Rogers network. For a number of days, having disruptions in that space had significant economic implications. It just speaks to one of the many ways Canadians depend on technology.

We saw an example in the United States, so not directly in Canada, when the Colonial Pipeline faced a ransomware attack. A major energy pipeline on the eastern seaboard of the United States was shut down through a cyber ransomware attack. It caused massive disruptions.

Another Canadian example that has been reported in talking to some in the sector was Bombardier recreational products. The Quebec company is under a cyber-lockdown because of hostile actions. There are numerous other examples, whether in the federal government or in the provinces, where this has been faced.

There are a number of concerns related to what needs to take place in this bill to ensure that we get it right. It needs to align with the actions that have taken place in our Five Eyes allies. We need to ensure that the civil liberties question is clearly answered.

We have seen the government not take concern over the rights of Canadians to see their rights protected, their freedom of speech, whether that is Bill C-11. I know other parties support this backdoor censorship bill, but these are significant concerns. Canadians have a right to question whether or not there would be a civil liberties impact, to make sure there would not be opportunity for backdoor surveillance, and to ensure there would be appropriate safeguards in place and not give too much power to politicians and bureaucrats as to what the actions of government would be.

As was stated by one stakeholder in writing about this, the lack of guardrails to constrain abuse is very concerning. In Bill C-26, there is vague language. Whenever there is vague language in legislation, it leaves it open to interpretation. We have seen how, in the Emergencies Act discussion and debate, the government created its own definition of some of the things that I would suggest were fairly clearly defined in legislation. We have to make sure it is airtight.

Massive power would be given to the Minister of Industry in relation to many of the measures contained in this bill.

I look forward to taking questions. It is absolutely key we get this right, so Canadians can in fact be protected and have confidence in their cybersecurity regime.

Madam Speaker, I heard the member talk about Huawei quite a bit. I could not help but reflect on the fact that the former contender to the current leader of the Conservative Party was actually on the legal team to support Huawei through its initiative to try to get onto the 5G network in Canada. I cannot help but wonder why on earth, if the Conservatives are so against Huawei and treat this threat so seriously, the Conservative Party of Canada would green-light—

The hon. member may know it is not the business of the House to deal with leadership issues of the different parties. I understand what the hon. member is trying to say, but try to keep it to the legislation.

Madam Speaker, Jean Charest was a lawyer for Huawei. The member brought up Huawei. Jean Charest is a well-known Conservative who ran in the leadership. Why would they have allowed Jean Charest to run in the leadership had that been the case?

Madam Speaker, I will suggest this has direct relevance to the debate at hand. It has direct relevance because the victor of that race was not the individual the member referred to, but rather the member for Carleton, who I was proud to support and who will be so pleased to ensure we, as a majority Conservative government after a future election, have the opportunity to get things right and get this country back on track.

Madam Speaker, I cannot hold up my cellphone, but what is absolutely key to the whole conversation we are having is the fact that all of us in this place carry an incredibly powerful computing device that only a few years ago would have been something we would not have seen even in the most futuristic sci-fi novels and movies. The space in which we are discussing cybersecurity has evolved so rapidly.

Specifically to the question the member asked regarding privacy, it is a very important one. It is one that, as a member of the Standing Committee on Access to Information, Privacy and Ethics, we need to make sure the legislation we have in this country, including privacy legislation both on the application of government and the privacy of all Canadians in terms of corporations and that whole space, reflects the modern realities. In many cases, decades old legislation needs to be updated to reflect the realities of today.

Madam Speaker, when we talk about the updated realities of today, persons with disabilities rely heavily on these technologies and this access. If I think about persons with disabilities who rely on technologies for everyday barrier reduction interactions in their lives, how can their rights to access be protected?

Madam Speaker, the right to access is absolutely key. We have seen some incredible technological advancements that have helped those who face disabilities in a wide variety of things. Outside of the context of what Bill C-26 directly addresses in terms of cybersecurity, there is a particular connection, because if we do not have things like secure networks, if we do not ensure that our telecoms have consistent and stable networks that we can trust as a country, then access becomes a real issue. Malicious foreign-state actors could take advantage of that, which would disadvantage all Canadians, but specifically those who depend on technology to mitigate things like disabilities.

Order. It is my duty, pursuant to Standing Order 38, to inform the House that the questions to be raised tonight at the time of adjournment are as follows: the hon. member for Bow River, Taxation; the hon. member for South Okanagan—West Kootenay, Post-Secondary Education.

Madam Speaker, I will be sharing my time with the fantastic member for Lac-Saint-Louis.

It is with great pleasure that I rise to discuss Bill C-26, an act respecting cybersecurity. I will address elements in the legislation that deal with securing Canada's telecommunications system.

As Canadians rely more and more on digital communications, it is critical that our telecommunications system be secure. Let me assure this House and in listening to the debate today I think we all agree that the issue of cybersecurity is of utmost importance. The Government of Canada takes the security of this system seriously, which is why we conducted a review of 5G technology and the associated security and economic considerations.

It is clear that 5G technology holds lots of promise for Canadians for advanced telemedicine, connected and autonomous vehicles, smart cities, cleaner energy, precision agriculture, smart mining, and a lot more. Our security review also made clear that 5G technology will introduce new security concerns that malicious actors could exploit. Hostile actors have long sought and will continue to seek to exploit vulnerabilities in our telecommunications system.

CSIS, the Canadian Security and Intelligence Service, acknowledged this in its most recent publicly available annual report. The report states:

Canada remains a target for malicious cyber-enabled espionage, sabotage, foreign influence, and terrorism related activities, which pose significant threats to Canada's national security, its interests and its economic stability.

The report states that “[c]yber actors conduct malicious activities to advance their political, economic, military, security, and ideological interests. They seek to compromise government and private sector computer systems by manipulating their users or exploiting security vulnerabilities”.

The CSIS report also highlighted the increasing cyber-threat that ransomware poses. The Communications Security Establishment has similarly raised concerns about threats like ransomware in recent public threat assessments. We have seen how such attacks by criminal actors threaten to publish a victim's data or block access to it unless a ransom is paid. However, it is not just cybercriminals doing this. CSIS warned that state actors are increasingly using these tactics, often through proxies, to advance their objectives and evade attribution.

To be sure, Canadians, industry and government have, to this point, worked hard to defend our telecom system, but we must always be on the alert, always guarding against the next attacks. This has become more important as people now are often working remotely from home office environments.

5G technology is adding to these challenges. In 5G systems, sensitive functions will become increasingly decentralized in order to boost speeds when required.

Cell towers are a familiar sight in our communities and along our highways. The 5G networks will add many smaller access points to increase speeds. As well, the number of devices that the 5G network will connect will also grow exponentially.

Given the greater interconnectedness and interdependence of 5G networks, a breach in this environment could have a more significant impact on the safety of Canadians than with older technology. Bad actors could have more of an impact on our critical infrastructure than before.

The security review we conducted found that in order for Canada to reap the benefits of 5G, the government needs to be properly equipped to promote the security of the telecommunications system. We need to be able to adapt to the changing technological and threat environment. For these reasons, we are proposing amendments to the Telecommunications Act. The amendments will ensure that the security of our telecommunications system remains an overriding objective.

This bill will expand the list of objectives set out in section 7 of the Telecommunications Act. It will add the words “to promote the security of the Canadian telecommunications system”.

It is important for those words to be in the act.

It means government will be able to exercise its powers under the legislation for the purposes of securing Canada's telecommunications system.

The amendments also include authorities to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers in 5G and 4G networks if deemed necessary and after consultation with telecommunications service providers and other stakeholders.

It would also give the government the authority to require telecommunications service providers to take any other actions to promote the security of the telecom networks upon which all critical infrastructure sectors depend.

We have listened to our security experts; we have listened to Canadians; we have listened to our allies and we are following the right path. We will ensure that our networks and our economy are kept secure. A safe and secure cyberspace is important for Canada's competitiveness, economic stability and long-term prosperity.

It is clear that the telecommunications infrastructure has become increasingly essential. It must be secure and it must be resilient. Telecommunications presents an economic opportunity, one that grows our economy and creates jobs. The amendments to the Telecommunications Act accompany the proposed critical cyber systems protection act. This bill will improve the ability of designated organizations to prepare, prevent, respond to and recover from all types of cyber-incidents, including ransomware. It will designate telecommunications as a vital service. Together, this legislative package will strengthen our ability to defend the telecommunications and other critical sectors, such as finance, energy and transportation, that Canadians rely on every single day.

The legislation before us today fits within the Government of Canada's telecommunications reliability agenda. Under this agenda we intend to promote robust networks and systems, strengthen accountability and coordinate planning and preparedness.

Canadians depend on telecommunications services in all aspects of their lives, and the security and reliability of our networks has never been more crucial. These services are fundamental to the safety, prosperity and well-being of Canadians.

We will work tirelessly to keep Canadians safe and able to communicate securely. This legislation is an important tool to enable us to do that. I look forward to working with members in this House to getting this right and making sure that our telecommunications system is as strong as it can be.

Madam Speaker, in earnest, the government has had significant failures when it comes to procurement. I would point to shipbuilding, where we are years behind. It has also had significant failures with respect to IT. I point to the Phoenix pay system.

Given these failures, what has the government learned, and how can the Canadian public believe the government will be able to deliver on this legislation?

Madam Speaker, I had the opportunity to sit on the defence committee during my first mandate, and I had the opportunity to work closely with the then minister of national defence on “Strong, Secure, Engaged”. We are going to be reviewing “Strong, Secure, Engaged” in terms of our defence spending, including what we are going to be doing on procurement.

A lot of things have changed in the last seven years in terms of defence, like what is happening across the way in terms of Ukraine and Russia, cyber and how significantly things have changed. We absolutely need to invest in cyber and make sure we get our defence procurement projects completed.

Madam Speaker, I thank my colleague for her speech.

There are people from the Fédération des communautés francophones et acadienne du Canada on the Hill today. They met with the Minister of Official Languages. The House is working on Bill C-13 because we know that the French language is declining in Quebec and Canada, so efforts to promote French must be made.

My colleague represents a riding in which 80% of the population speaks French as their mother tongue. She just delivered a speech that was about 80% in English. Does that not make her a bit uncomfortable? Does she not think that a clearer message could be sent here in the House?

Her government could also send a clearer message by giving speeches more openly in French.

The hon. member's question is a little off topic.

I will nevertheless give the hon. member for Longueuil—Charles-LeMoyne a chance to respond.

Madam Speaker, if the member wants to ask a question about the subject matter of the bill we are debating, I would be pleased to answer.

With respect to language, I speak both official languages and am very proud to do so.

Madam Speaker, the question of Canada's ability to deal with our situation in an increasingly unstable world raises serious questions about priorities. For example, we are years behind on the frigates that are supposed to be brought forward by the navy. The cost overruns are staggering, yet we have just seen in Ukraine that the Russian flagship, Admiral Makarov, was taken out by drones.

Do we need to completely reassess our thinking? This is the 21st century. We are investing, often, in 20th-century solutions in a world of warfare, cyberterrorism and cyber-power that is completely transforming the nature of warfare and democracy's ability to defend itself.

Does my colleague think we need to do a larger rethink across the board in terms of our strategies and our ability to defend ourselves?

Madam Speaker, I want to thank the member for that question, because that is one area of our domain awareness that we have not focused on a lot. When we think about the air force, army or navy, we usually talk about those three domains, but we do not talk a lot about cyber. We know that is the fourth domain that we need to focus on.

In terms of our NORAD modernization, I know cyber is top of mind in working with our Five Eyes partners and other partners. We need that modernization to take place so we can make sure this fourth element of our national defence is also included.

Madam Speaker, I know the member for Longueuil—Charles-LeMoyne has heard some of the debate today, not just from other MPs but from civil society organizations that have raised concerns with respect to secrecy as it relates to addressing cybersecurity.

I am curious to hear her reflections on potential improvements she thinks could be made to the bill in order to better balance the need to improve cybersecurity while holding on to accountability and transparency.

Madam Speaker, unfortunately I do not sit on the public safety committee, so I will not be the person debating it when it eventually gets to committee, but obviously there are opportunities for improvement in any piece of legislation. I look forward to seeing the recommendations that might come from our colleagues in the House when it gets to committee.

Madam Speaker, it is an honour for me to rise at second reading stage of Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts.

When we consider the opportunities and challenges before us in this area, we see that the theme of collaboration underpins all that we do. Take, for example, the prevalence of cybercrime in an increasingly online world, improving cyber-defence posture in an unstable global environment, deep thinking about what the future holds in a world where innovation and change are exponential, a critical look at whether our policies and laws are up to the task, and the protection of content and intellectual property as data becomes one of the world's most precious resources.

In Canada, being online and connected is essential. Now more than ever, Canadians rely on the Internet for their daily lives. It is about more than just conducting business and paying bills. It is also about staying connected with loved ones across the country and around the world. We should be able to do all these activities safely and securely.

I would like to offer a few words about what we are doing here in Canada to get that balance right. I would like to reinforce the importance of our commitment to protecting the cyber systems that underpin our critical infrastructure.

The emergence of new technologies such as 5G is one clear reason we need to redouble our efforts. Think about our increased reliance on technology in light of the COVID-19 pandemic. Think about international tensions amidst Russia's unprovoked and unjustified invasion of Ukraine, with threats ranging from supply chain disruptions to state and non-state malicious cyber-activity.

Through all of these remarkable events, the government has been working tirelessly to keep Canadians safe. We recognize that, now more than ever before, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security. It underpins the delivery of critical services, such as energy production, financial transactions, safe transportation and emergency communications.

As part of his mandate, bestowed by the Prime Minister, the Minister of Public Safety is seized with the opportunity and the challenge of developing a renewed national cybersecurity strategy. We need to make sure we articulate Canada's long-term plan to protect our national security and economy, deter cyber-threat actors, and promote norms-based international behaviour in cyberspace.

The Government of Canada is working to enhance the cybersecurity of the country's critical infrastructure. The work to identify cyber-threats and vulnerabilities, and to respond to cyber-incidents, is ongoing. Unfortunately, we have seen that malicious actors continue to attempt to take advantage of the current environment to exploit certain sectors.

However, we are not starting from scratch in our fight against this threat. Since 2018, the Government of Canada has invested a total of approximately $2.6 billion in cybersecurity. Through the national cyber security strategy, the Government of Canada is taking decisive action to strengthen Canada's defence, preparedness and enforcement against cyber-threats.

The strategy was paired with the largest investment in cybersecurity ever made by the Government of Canada, totalling nearly $800 million in the 2018 and 2019 federal budgets. In the 2021 budget, the government allocated an additional $791 million to improve and defend cyber-networks, enhance data collection and protect taxpayer information.

In the 2022 budget, another $852.9 million was committed to enhance the Communications Security Establishment, or CSE, and its ability to conduct cyber-operations, make critical government systems more resilient, and prevent and respond to cyber-incidents on critical infrastructure.

Under the strategy, two flagship organizations were established. One is the Canadian Centre for Cyber Security, under CSE, and the other is the National Cybercrime Coordination Centre, or NC3, under the RCMP.

The Canadian Centre for Cyber Security is a single, unified team of government cybersecurity technical experts. The centre is the definitive source of technical advice, guidance, services, messaging and support on cybersecurity operational matters for government, critical infrastructure owners and operators, the private sector and the Canadian public.

The NC3 coordinates Canadian police operations against cybercriminals and established a national mechanism for Canadians and businesses to report cybercrime to police.

Public Safety Canada's Canadian cybersecurity tool also helps owners and operators of Canada's critical infrastructure to evaluate their cyber-maturity against established benchmarks and by peer comparison. It offers concrete guidance on how they can become more cyber-resilient.

Public Safety Canada also coordinates and delivers cybersecurity exercises for the critical infrastructure community to test and develop capabilities to respond to and recover from malicious cyber-activities. More broadly, the department, as the federal lead on cybersecurity policy, promotes communication and collaboration to raise awareness of cyber-threats and risks, including with our international partners.

Public Safety Canada works closely with CSE's Canadian Centre for Cyber Security to enhance the resilience of critical infrastructure in Canada. The Canadian Centre for Cyber Security shares valuable cyber-threat information with Canadian critical infrastructure owners and operators, in addition to providing public advisories.

Today, I am very proud to say that we can start debating a new bill to further strengthen what we have built. Today we are starting the debate on Bill C‑26, an act respecting cyber security. The objective of this bill is twofold.

First, it would amend the Telecommunications Act to add security as a policy objective, bringing the telecommunications sector in line with other critical infrastructure sectors. This would allow the government, if necessary, to mandate any action necessary to secure Canada's telecommunications system, including its 5G networks. This includes authority to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers.

Second, it introduces the new critical cyber systems protection act. This new act will require designated operators in the federally regulated sectors of finance, telecommunications, energy and transportation to take specific actions to protect their critical cyber systems, and it will also support organizations' ability to prevent and recover from a wide range of malicious cyber-activities, including electronic espionage and ransomware. Cyber-incidents involving a certain threshold will be required to be reported.

The bill will also give the government a new tool allowing it to take action in response to threats and vulnerabilities with respect to—

Order. The hon. member's time has expired.

The hon. member for Drummond.

Madam Speaker, I want to congratulate my colleague from Lac-Saint-Louis on his speech. He obviously has an excellent grasp of the file.

I put this question to another colleague earlier, after a speech, and it is something that really concerns me. I am asking it again because I do not know if the member was here earlier.

We cannot begin to imagine how organized hackers are. They have such a big head start that it will be hard to catch up to them, even if we invest all the energy and knowledge we can in our systems to protect ourselves against cyber-attacks. We have seen companies like Desjardins and Bombardier fall victim to these hackers, who demand endless ransoms. How many other companies have fallen victim to these attacks without us even hearing about it?

My question is this. Has Canada been too slow to act? It took Canada a long time to decide Huawei's fate, for example. Does the fact that the government seems to have dragged its feet before finally tabling a cybersecurity plan that appears to have some teeth not mean that we will always be one step behind those countries and organizations that are attacking the computer systems of businesses and governments around the world?