House of Commons Hansard #139 of the 44th Parliament, 1st Session. (The original version is on Parliament's site.) The word of the day was cybersecurity.

Topics

National Council for Reconciliation ActGovernment Orders

3:25 p.m.

Liberal

The Speaker Liberal Anthony Rota

Do we have unanimous consent of the House?

National Council for Reconciliation ActGovernment Orders

3:25 p.m.

Some hon. members

Agreed.

National Council for Reconciliation ActGovernment Orders

3:25 p.m.

Liberal

The Speaker Liberal Anthony Rota

I wish to inform the House that because of the deferred recorded division, Government Orders will be extended by 12 minutes.

We now have the Thursday question.

Business of the HouseGovernment Orders

3:25 p.m.

Conservative

Andrew Scheer Conservative Regina—Qu'Appelle, SK

Mr. Speaker, I shudder to think what would happen if the Thursday question was not asked.

I have taken the advice the Speaker has given me and the government House leader over the past couple of weeks, so I have a more focused Thursday question. I wonder if the government House leader can inform the House as to the business of the House for this week and next week?

While I am on my feet, I was wondering if the House would give me unanimous consent to table in the chamber the list of firearms used for hunting, because there seems to be some confusion on the government side as to which firearms it would actually be banning in its new amendment to Bill C-21.

Business of the HouseGovernment Orders

3:25 p.m.

Liberal

The Speaker Liberal Anthony Rota

We will separate that. The hon. member can bring this up right after the Thursday question.

In the meantime, I will ask the government House leader to respond to the question.

Business of the HouseGovernment Orders

3:25 p.m.

Ajax Ontario

Liberal

Mark Holland LiberalLeader of the Government in the House of Commons

Mr. Speaker, we will need to wait for the unanimous consent motion to see what will happen. I will wait for that. There is good news for the member opposite in that he has the opportunity, at committee of course, to review those guns and make any suggestions his members would like. I am sure, as a long-serving member, he would be aware of that opportunity, but I just remind him of that.

The Speaker will be pleased to know we will continue with debate at second reading of Bill C-26, an act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other acts. Tomorrow we will begin debate at second reading of Bill C-23, the historic places of Canada act.

On Monday, we will begin debate at report stage and third reading on Bill C-32, the fall economic statement implementation act, 2022. Thursday will be the final allotted day of the current supply period. For the rest of the week, priority should be given to Bill C-32.

I would also like to indicate that on Tuesday there will be a statement by the minister on the commemoration of the Polytechnique massacre.

Business of the HouseGovernment Orders

3:30 p.m.

Conservative

Andrew Scheer Conservative Regina—Qu'Appelle, SK

Mr. Speaker, I am rising on a point of order.

Hope springs eternal, and maybe while the government House leader was answering my question, he reflected on the benefit of all members having this information right now, because oftentimes the answers to questions indicate some confusion on the government side as to the hunting rifles that would be banned in the bill.

Do I have unanimous consent—

Business of the HouseGovernment Orders

3:30 p.m.

Liberal

The Speaker Liberal Anthony Rota

This is not the debate we are going to.

The House resumed consideration of the motion that Bill C-26, An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts, be read the second time and referred to a committee.

Telecommunications ActGovernment Orders

December 1st, 2022 / 3:30 p.m.

Conservative

Ziad Aboultaif Conservative Edmonton Manning, AB

Mr. Speaker, we live in a world where every person is increasingly concerned with cybersecurity. So much of our lives is stored on our personal devices, protected by passwords and multi-factor authentication in the hopes of keeping our most private information secure.

Corporations are increasingly at risk. It seems as if every day we hear a new report of companies’ computer systems being hacked and their data held for ransom by thieves who have managed digital anonymity. Law enforcement officials say many such cybercrimes go unreported, with companies paying quietly and privately so as to avoid publicity.

Our public institutions are not immune either. Hospitals have had their computer systems attacked by intruders, putting patients' lives at risk. Emergency services have been attacked, as have the parliamentary computer systems.

Cyber-threats remain a national security and economic issue that threatens the safety and security of Canadians. Government and industry alike have highlighted the need for regulation in cybersecurity. There has been a lot of talk, but not much else.

Currently the Canadian government does not have a legal mechanism to compel action to address cyber-threats or vulnerabilities in the telecommunications sector, yet cybersecurity has become one of the primary issues each person and institution has to address. I am pleased that the government has introduced this legislation to allow us in the House to examine the cybersecurity concerns and needs of our nation.

Bill C-26 would amend the Telecommunications Act as well as other related acts. The intention would be to amend the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything that is necessary to secure the Canadian telecommunications system.

I do not think there is anyone in the House, indeed in the country, who would disagree with the objective. As I have already pointed out, there is a problem with cybersecurity in our society, and government has an important role to play in protecting Canadian individuals and institutions. Some may wonder about giving such power to the Governor in Council and the Minister of Industry, but there are rules for the judicial review of those orders and applications. This is not a granting of absolute power, but of limited power subject to the checks and balances needed in a democracy.

The bill would also enact the critical cyber systems protection act to provide a framework for the protection of the cyber systems of services and systems vital to national security or public safety. This, among other things, would authorize the Governor in Council to designate any service or system as a vital service or vital system. It would require designated operators to establish and implement cybersecurity programs, mitigate supply chain and third party risks, report cybersecurity incidents and comply with cybersecurity directions.

One would think that such cybersecurity measures should be common sense and not need to be mandated by government. Is it right to compel private corporations and organizations to use their own resources to invest in cybersecurity? It would seem to me that well-run businesses would put cybersecurity first. Not every aspect of a business generates income, and smart business managers and owners know that. As the cliché goes, they have to spend money to make money.

Implementing cybersecurity measures comes with a cost. There is no doubt about that. It would seem to me, though, that the cost would be considerably less than the cost of dealing with criminals holding their data for ransom after they have invaded their computer system and locked them out of it.

Cybersecurity makes common sense for business. However, given that implementing cybersecurity measures comes with a financial cost with no corresponding revenue, do we really want to rely on those who might put short-term profits first, or does it make more sense in this case for government to step in to save some business owners from themselves?

As someone who has spent most of his life working as a businessman, I am reluctant to suggest that business owners need to be saved from themselves, but as a Canadian I know that sometimes such action is necessary.

We have only to look at the history of one of Canada's most successful companies: Nortel. It is a company that might still exist if those running it had taken cybersecurity more seriously. With more than 94,000 employees worldwide, Nortel was a high-tech leader until its headquarters were bugged, its computer systems breached and its intellectual property stolen. Now it is just a memory. We will never know for sure, but perhaps if cybersecurity had been a higher priority at Nortel, it would still be providing jobs, products and services for Canadian people. If anyone ever asks why we would take cybersecurity seriously, the one-word answer is “Nortel”.

Though I am a little uneasy that this bill would almost certainly increase regulations and red tape, maybe there are ways that some of the excessive paperwork that seems to be beloved by the Liberals can be made reasonable. Certainly there is a need to ensure a level playing field of regulatory burdens for small and medium-sized businesses and organizations. If there is not, then I can see companies being forced into bankruptcy by the cost of implementing government-mandated cybersecurity procedures. I know that is not the government's intention, but as we have seen in the past, sometimes not all the impacts of government rule-making are foreseen. The Minister of Industry especially needs to ensure that the rules are workable and provide protection against attacks by criminals and malicious states.

Indeed, it is perhaps malicious states that we should be concerned about the most. The interconnectedness of computer systems and their use in controlling and maintaining our infrastructures mean we are increasingly vulnerable to a devastating attack. An enemy that could seize control of our electricity grid or our banking system could bring our nation to its knees without firing a shot. The nature of warfare has changed, and as a result we must change our defences.

Canada's national security requires being prepared for the security warfare threats that we face. The government has been slow to address cyber-threats and has seen a number of serious incidents occur, with no substantive legislative response for seven years. I am pleased that the government has finally chosen to act, and I am hopeful that we in the House can help improve this legislation. Cybersecurity is of paramount importance in the modern world. Canada cannot neglect it.

Telecommunications ActGovernment Orders

3:40 p.m.

Bloc

Martin Champoux Bloc Drummond, QC

Madam Speaker, I want to congratulate my colleague on his speech.

Cybersecurity is essential, and it is also a race against time because hackers are becoming better and better organized. They are fast, equipped, cunning and, on top of that, dishonest. That gives them an advantage over us presumably honest people.

The government has been slow to act, legislate and get aggressive with cybersecurity.

Does my colleague think that there is still time to take the lead in this race, or are we going to continue to fall behind international hacker organizations?

Telecommunications ActGovernment Orders

3:40 p.m.

Conservative

Ziad Aboultaif Conservative Edmonton Manning, AB

Madam Speaker, I mentioned at the end of my speech that the government was very late in putting forward such a bill. It is a very tough question to answer as to whether or not we can catch up. We know the existing wars and challenges and future wars are mostly around cybersecurity. It will be important in this motion of the House, with this bill, to assess how prepared Canada is for facing future threats.

Telecommunications ActGovernment Orders

3:40 p.m.

Winnipeg North Manitoba

Liberal

Kevin Lamoureux LiberalParliamentary Secretary to the Leader of the Government in the House of Commons

Madam Speaker, within the legislation there is consideration given to how financial penalties would empower the minister to take strong action to ensure that providers are keeping up with what they need to keep up with.

My question to the member is this. Would he agree that when we take a look at the issue of cyber-attacks, they are not something unique to Canada? It is happening around the world. We are working with allied countries and others. This is one part. It does not stop here. There is a need to continue, as we have for the last number of years, investing tens of millions of dollars and putting people to the task of protecting us against cyber-threats.

Could the member just provide his thoughts in terms of the broader picture of cyber-threats?

Telecommunications ActGovernment Orders

3:40 p.m.

Conservative

Ziad Aboultaif Conservative Edmonton Manning, AB

Madam Speaker, I will answer the end of the question and go back to the beginning of what the hon. member asked.

We are still not there in terms of assessing our preparedness and our cybersecurity position. I do not know if we have enough understanding of those challenges, what our position is and how prepared we are. That is a very important task for the government.

As far as financial penalties on businesses, I mentioned in my speech that such things could put some businesses into bankruptcy, because they would not be able to afford the services that would provide the protection needed for them not to end up in such a disastrous situation.

Therefore, a balance is needed, and this has to be done by working together with the industry. If we are truly prepared, the financial penalties should be less, because the government should have done more in the last seven years, or even the years before that, in terms of looking to the future.

It all remains in the hands of the government that is putting this bill forward. We hope to get some answers.

Telecommunications ActGovernment Orders

3:40 p.m.

NDP

Heather McPherson NDP Edmonton Strathcona, AB

Madam Speaker, that was a very interesting intervention. I am not a specialist in cybersecurity, so I am finding this debate very informative.

I guess one of the questions I have is about how we balance the need for cybersecurity with the need for transparency. That is really what the big question is for this. How do we make it effective but also adhere to the Canadian values of transparency, human rights and whatnot?

I wonder if the member has anything to say about the fact—

Telecommunications ActGovernment Orders

3:40 p.m.

Liberal

The Assistant Deputy Speaker (Mrs. Alexandra Mendès) Liberal Alexandra Mendes

I have an hon. member with a point of order, and I think I know what the hon. member is going to say. The hon. member asking the question does not have her headset, and we do not allow members to speak without a headset. That is on me, with my apologies.

I will have to interrupt the hon. member right now and give the hon. member for Timmins—James Bay a very short question, please.

Telecommunications ActGovernment Orders

3:45 p.m.

NDP

Charlie Angus NDP Timmins—James Bay, ON

Madam Speaker, cyber-threats are not new. In 2011, Canada's two main financial centres in government, Finance and the Treasury Board, were pushed off-line for days by hacks from Chinese operators, yet the Harper government did nothing about that. It did not want to talk about it because it was busy selling off sections of the oil sands and Nexen to Chinese state-owned operators and then signing a free trade deal with China, the deal that would allow it to take on Canada outside of the court system.

I find it kind of special that the Conservatives are suddenly concerned about cybercrime now, when they did nothing to take on China's state threats to Canada under Harper.

Telecommunications ActGovernment Orders

3:45 p.m.

Conservative

Ziad Aboultaif Conservative Edmonton Manning, AB

Madam Speaker, the NDP member always wants to politicize things. This is a very serious issue, and there is not one party that is more serious about this than others. I wish he had stayed within the non-partisan notion of this bill. Let us talk about facts. Let us talk about logic and stop the attacks.

Telecommunications ActGovernment Orders

3:45 p.m.

Liberal

Ryan Turnbull Liberal Whitby, ON

Madam Speaker, before I begin, I will just say that I will be splitting my time with the member for Kingston and the Islands.

It is an honour to rise today in the House to debate the second reading of Bill C-26, an act respecting cybersecurity. To me, cybersecurity is essential, and it certainly relates directly to our national security.

When we consider the challenges and opportunities we face in this field, the theme of collaboration underpins and needs to underpin all that we do.

The prevalence of cybercrime in an increasingly online world, improving cyber-defence posture in an unstable global environment, deep thinking about what the future holds in a world where innovation and change are exponential, a critical look at whether our policies and laws are up to the task, and the protection of content and intellectual property as data becomes one of the world's most precious resources: These are just some of the reflections that we have to have when considering this bill.

In Canada, being online and connected is essential. Now, more than ever, Canadians rely on the Internet for their daily lives. It is about more than just conducting business and paying bills. It is also about staying connected with loved ones across the country and around the world. We should be able to do all these activities safely and securely.

I would like to offer a few words about what we are doing here in Canada to get that balance right, and I would like to reinforce the importance of our commitment to protecting the cyber systems that underpin our critical infrastructure.

We can take the emergence of new technologies, such as 5G, as one clear reason we need to redouble our efforts. We think about our increased reliance on technology in light of the COVID-19 pandemic. We think about international tensions amidst Russia’s unprovoked and unjustified ongoing invasion of Ukraine, with threats ranging from supply chain disruptions to state and non-state malicious cyber-activity.

Through all of these remarkable events, the government has been working tirelessly to keep Canadians safe. We recognize that, now more than ever, secure and reliable connectivity is a necessity for our daily lives and our collective safety and security. It underpins the delivery of critical services, such as energy production, financial transactions, safe transportation and emergency communications.

As part of his mandate, bestowed by Prime Minister Trudeau, the Minister of Public Safety is seized with the opportunity and challenge of developing a renewed national—

Telecommunications ActGovernment Orders

3:45 p.m.

Liberal

The Assistant Deputy Speaker (Mrs. Alexandra Mendès) Liberal Alexandra Mendes

The hon. member for Battle River—Crowfoot is rising on a point of order.

Telecommunications ActGovernment Orders

3:45 p.m.

Conservative

Damien Kurek Conservative Battle River—Crowfoot, AB

Madam Speaker, as was pointed out by the parliamentary secretary to the government House leader yesterday, the use of the Prime Minister's name is not an accepted practice of this place.

Telecommunications ActGovernment Orders

3:45 p.m.

Liberal

The Assistant Deputy Speaker (Mrs. Alexandra Mendès) Liberal Alexandra Mendes

The hon. member is correct. We do not use the names of current members of Parliament.

Telecommunications ActGovernment Orders

3:45 p.m.

Liberal

Ryan Turnbull Liberal Whitby, ON

Madam Speaker, as part of the mandate bestowed upon him by the Prime Minister, the Minister of Public Safety is seized with the opportunity and challenge of developing a renewed cybersecurity strategy. We need to make sure we articulate Canada’s long-term plan to protect our national security and economy, deter cyber-threat actors, and promote norms-based international behaviour in cyberspace.

The Government of Canada is working to enhance the cybersecurity of the country’s critical infrastructure. The work to identify cyber-threats and vulnerabilities, and to respond to cyber-incidents, is around the clock and ongoing. Unfortunately, we have seen that malicious actors continue to attempt to take advantage of the current environment to exploit certain sectors. I would like to use one example that is relevant for my riding and the region I come from.

My riding is the riding of Whitby, and Durham District School Board is the public school board in our area. On Friday, November 25, just very recently, there was a cyber-incident at the Durham District School Board. It resulted in online classes being cancelled. They were forced to postpone scheduled literacy tests. They have had phone lines down and email service down. They even do not have access to emergency contacts, and they are trying to limit this incident so it does not impact payroll for the over 14,000 Durham District School Board employees. There are 75,000 students who go to school across our region.

They have notified police of the attack. Their investigation is said to be very complex and time consuming, and they will be assessing the privacy impacts, but we can just imagine how this has impacted students and employees at Durham District School Board.

This is a really serious topic. I think we all need to give it the weight it deserves, and this legislation is trying to ensure we do our utmost to protect against these cyber-threats in the future.

However, we are not starting from scratch to tackle these threats. Since 2018, the Government of Canada has invested a total of approximately $4.8 billion in cybersecurity. Through the national cybersecurity strategy, the Government of Canada would be taking decisive action to strengthen Canada’s defence, preparedness and enforcement against cyber-threats. The strategy was paired with the largest investment in cybersecurity ever made by the Government of Canada, totalling close to $800 million in the 2018 and 2019 federal budgets.

In the 2021 budget, the government allocated an additional $791 million to improve and defend cyber-networks, enhance data collection and protect taxpayer information, and in the 2022 budget, another $852.9 million was committed to enhance the Communications Security Establishment and its ability to conduct cyber-operations, make critical government systems more resilient, and prevent and respond to cyber-incidents on critical infrastructure.

Under the strategy, two flagship organizations were established. One is the Canadian centre for cybersecurity, otherwise known as the cyber centre, under CSE, and the other is the national cybercrime coordination centre under the RCMP.

The cyber centre is a single, unified team of government cybersecurity technical experts. The centre is the definitive source of unique technical advice, guidance, services, messaging and support on cybersecurity operational matters for government, critical infrastructure owners and operators, the private sector, and the Canadian public.

The NC3 coordinates Canadian police operations against cybercriminals and established a national mechanism for Canadians and businesses to report cybercrime to police. In the example I mentioned in my riding of the Durham District School Board, it would report the cybercrime to the local police, and that would go up through NC3 as well.

Public Safety Canada’s Canadian cybersecurity tool also helps owners and operators of Canada’s critical infrastructure to evaluate their cyber-maturity against established benchmarks and by peer comparison. It offers concrete guidance on how they can become more cyber-resilient.

Public Safety Canada also coordinates and delivers cyber-based exercises for the critical infrastructure community to test and develop capabilities to respond to and recover from malicious cyber-activities. More broadly, the department, as the federal lead on cybersecurity policy, promotes communication and collaboration to raise awareness of cyber-threats and risks, including with our international partners. Public Safety Canada works closely with the Communications Security Establishment’s Canadian centre for cybersecurity to enhance the resilience of critical infrastructure in Canada. The cyber centre, in addition to providing public advisories, shares valuable cyber-threat information with Canadian critical infrastructure owners and operators.

Today I am very proud to say that we can begin to debate a new piece of legislation to further strengthen what we have built as a government. Today we are debating Bill C-26 for the second reading, and this legislation's objective is twofold.

The first part proposes to make amendments to the Telecommunications Act, which include adding security as a policy objective, adding implementation authorities and bringing the telecommunications sector in line with other critical infrastructure sectors. This would allow the government, when necessary, to mandate any action necessary to secure Canada’s telecommunications system, including its 5G networks. This would include authority to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers.

The second part introduces the critical cyber systems protection act, or CCSPA. This new act would require designated operators in the federally regulated sectors of finance, telecommunications, energy and transportation to take specific actions to protect their critical cyber-systems, and it would support organizations' ability to prevent and recover from a wide range of malicious cyber-activities, including malicious electronic espionage and ransomware.

Telecommunications ActGovernment Orders

3:55 p.m.

Bloc

Denis Trudel Bloc Longueuil—Saint-Hubert, QC

Madam Speaker, I am not a cybersecurity expert either.

A few weeks ago, I attended a demonstration in Montreal with 10,000 people to support the people who are fighting for their freedom in Iran, which, as we know, is not a democratic state. I have also strongly supported people from the Uighur community, who I have met with many times here in Ottawa. We know that they are facing genocide in China. The small white square that I am wearing is a sign of support for people who, at this time, are rising up against the health measures in China, as well as the people in Russia who are protesting against the war in Ukraine.

I want to know if there are concrete measures in Bill C‑26 that would prevent Iran, China and Russia from carrying out cyber-attacks on social networks and, for example, hacking my account and interfering in my life as an MP? I would like my colleague to clarify that.

Telecommunications ActGovernment Orders

3:55 p.m.

Liberal

Ryan Turnbull Liberal Whitby, ON

Madam Speaker, I share the member opposite's ethical concerns with other state-sponsored actors, disinformation and ensuring that our cyber-infrastructure and our lives as MPs are also protected from the attacks and incidents that are too often affecting some of our institutions and even us, as individuals.

This bill really looks to strengthen the work the government has been doing year over year to invest in protections against cyber-attacks in our critical infrastructure and to ensure that we are enhancing those tools and investments, and leveraging them to the best degree possible to protect against the kinds of threats the member opposite identified.