Madam Speaker, these are the words spoken yesterday by President Xi of China to Vladimir Putin as they departed company in Moscow: “Change that hasn’t happened in 100 years is coming and we are driving this change together.” Their meeting, which took place under the shadow of Russia's onslaught in Ukraine, was one that the experts stated was a meeting to build Russia's and China's alignment against the U.S. and the west, “and a world order more suited to their more autocratic agendas”.
Before us is a very serious bill at a very serious time, and it also would work in coordination with a lot of other serious bills we have on the floor right now. Bill C-34 is on the Investment Act, which looks closely at what investments are security minded and good for Canada. Bill C-27 would enact the consumer privacy act and look at the protection of Canadians' privacy. We have stated all along that privacy for Canadians needs to be a fundamental human right. The bill on interoperability and the right to repair look at different ways in which we are dealing with our IP and technology in Canada.
Today at the science and research committee, we continued the study of IP commercialization, ensuring we can develop technology and hold technology in Canada. We lose a significant amount of our IP to the Americans, to other nations and to foreign entities.
We talk about the world order and what is happening in the world. Albert Einstein famously said that he was not sure what weapons would be used in World War III, but that the weapons of World War IV would be sticks and stones. The weapons being used right now are joysticks and software. We should make no mistake that, at this moment, we are already at war. We are not only talking about Ukraine. The member previous spoke about some of the attacks that are happening from a centre of cyber-attacks in Ukraine.
Cyber-attacks are happening across the world, and they are happening right now in Canada. There has been a lot of different alarming statistics on cyber-attacks and malware attacks in Canada. We know the Canada Revenue Agency was attacked in August 2020, impacting nearly 13,000 Canadians, who were victims of that. There was also a hospital in Newfoundland in October 2020 where cybersecurity hackers stole personal information from health care employees and patients in all four health regions. That affected 2,500 people.
Black & McDonald, a major defence and security company and contractor, was hit with ransomware just two weeks ago. That is our security being hit by the very thing it is trying to protect us from. Global Affairs Canada was attacked in January 2022 right around the time Russia engaged in the illegal invasion of Ukraine. It was reported that it may have been Russian or Russian state-sponsored actions responsible for the cyber-attack on Global Affairs.
Most famously, there was a ransomware attack on critical infrastructure in the United States back in May 2021 where pipeline infrastructure was attacked. President Biden, who will be here tomorrow, issued at that time a state of emergency, and 17 states also issued states of emergency. It was very serious, which shows the capabilities of some of those cyber-threat actors. With ransomware, there are companies that attack companies and then demand a ransom or money before they return those computers or the networks back to the owners. It is now worth $20 billion. That is how much money ransomware is costing businesses. Back in 2016, it was only $5 billion.
The technology is rapidly advancing, and it is a war. It is a war that is affecting Canadians at this very moment, and it is something we have to be very serious and realistic about looking at what cybersecurity is, what it means and what we have to do as Canadians and as a Canadian government to combat attacks.
We know that the bill is something we support. We, of course, support the bill. Cybersecurity is very important, and as the member noted earlier, we have to make it right. We do not have time for a flawed bill or to race something through. Because of the advancements and because of the need to be very serious and realistic about cybersecurity, let us make sure we get the bill to committee and make sure then that we look at certain amendments that would get it right.
The question at this very moment is whether the government is taking this seriously enough. Despite a ban on Huawei announced by the government in May 2022, this week it was ascertained by the member for Dauphin—Swan River—Neepawa, as we were talking about IP commercialization in the science and research committee, that UBC is still working with Huawei after May 2022.
The minister assured us that Huawei was banned, that Huawei was done. Of course, there were reports months ago of a crackdown on IP being stolen and shared from Canadian universities. It has already been projected that 2023 will be the worst year for ransomware, for cybersecurity and, of course, for IP leaving Canada.
We have to take this seriously, and I know that members across the way have talked about it. Of course, this bill does that, but we need to be serious. We need to talk about cybersecurity, which means being realistic and bold in how we counter, and how we aid the west in winning, the war over cybersecurity.
There are amendments to the bill that we would like to see. Number one is to ensure that we protect and safeguard our national security and infrastructure. I know a member talked earlier about the different silos that exist. Probably the most important function is to ensure that silos in the government dealing with cybersecurity are talking to one another. The Americans deal with their cybersecurity concerns through the National Security Agency, the Department of Homeland Security, the Federal Bureau of Investigation and the Department of Defense. They all work alongside each other to enhance the cybersecurity establishment that was developed in 2018.
Similarly, Canada has the Communications Security Establishment, part of which is the Canadian Centre for Cyber Security, but as a member noted previously, is it talking to NSICOP and CSE? Are we making sure we are talking to the different departments? We know that the government is pretty large and unwieldy. We have to make sure that these departments are working together.
We also have to make sure we are looking after our businesses, as 40% of Canadian SMEs do not have any cybersecurity protection. It is going to be very costly for those businesses to implement that. As a business owner, I know the single biggest cost when it comes to cybersecurity is actually insurance. Insurance premiums just for cybersecurity attacks are going up and up. Every year they have increased by 20% to 30%. Of course, that is aligned with the $20 billion we are seeing from malware and ransomware across the world and the increase in cyber-attacks.
We have to make sure that we help our businesses, so perhaps we need to look at tax credits. One thing we can do is ensure that we share best practices and that businesses get support from the federal government to enhance their cybersecurity.
Another concern we have is how much power the minister will get, as the minister is supposed to get all the power. We have seen this with other bills. We have seen this in bills on the right to repair and interoperability. We have seen it in Bill C-27. Perhaps it is better to look at an ombudsman. We have talked about the Governor in Council and orders in council, but we want to hear from the security experts at committee to ascertain who exactly should be making these decisions instead of bringing them back to one minister. This bill right now could fit under the INDU committee and the industry minister, but it is going to the public safety committee, so already we have two different departments managing this bill. Why does one minister have to handle it? Why can it not be a broader process to ensure that we are seeing some congruence?
Privacy is something we talked about quite a bit. We will be debating Bill C-27 in the House tomorrow, and I certainly feel that privacy needs to be a fundamental human right. Part of this bill has different groups and organizations concerned about how we are protecting Canadians' right to privacy. When they lose their privacy, who is responsible for that? There will be a lot of different witnesses coming to committee. When we look at cybersecurity, we have to ensure we are protecting Canadians' fundamental right to privacy and ensure we are doing all we can so that if their privacy is breached, Canadians can find some relief.
We have talked about Bill C-27 and a tribunal, and maybe giving more powers to the Privacy Commissioner, who should have more power to look at whether we should go after criminals or organizations for breaches. We also have to look at the law and at what we are doing to go after criminals who are engaging in cyberwarfare and who continue to be a threat to Canadians.
Russia and China are very concerning right now, and there are a lot of different reasons for that. Russia is growing increasingly reliant on China as both an import market and an exporter of electronics. Both leaders are building a closer energy partnership on oil, gas, coal, electricity and nuclear energy. They are going to build the Power of Siberia 2 pipeline through the territory of Mongolia. This is important because Taiwan is coming up—