With regard to chip technology and devices containing chip technology imported from foreign countries, specifically those with which Canada is not allied: (a) what safeguards, if any, are currently in place to ensure that such technology is safe and does not contain any elements, such as remote code execution elements, which could be detrimental to Canada at some point in the future; (b) what is the government doing, if anything, to address the discovered vulnerability in the Microchip Advanced Software Framework which exposes devices to the risk of remote code execution; (c) in addition to the vulnerability in (b), what other vulnerabilities has the government identified related to these chips and their connectivity to the internet; (d) for each vulnerability in (c), what action, if any, has the government taken to address the vulnerability; (e) what measures does the government have in place to address risks, including firmware updates or remote patches, that could introduce new vulnerabilities after deployment; (f) does the government conduct regular penetration testing of imported devices before approving their use in public infrastructure, and, if so, who has been tasked with overseeing such testing; and (g) does the government mandate compliance with international cybersecurity standards or frameworks when procuring or deploying such devices, and, if not, why not?
In the House of Commons on December 11th, 2024. See this statement in context.