Public Safety committee  Not yet. It's something that we've been talking about—how do we share that?

Public Safety committee  We're always looking to provide advice and guidance in terms of just helping to raise the bar initially so that it's more secure. When you're looking at infrastructure, regardless of ownership, if it's Canadian infrastructure, in Canada, we would treat it as Canadian in terms of our work with them.

Public Safety committee  We're designated as part of the Investment Canada Act process. We provide advice to, in this case, the Minister of Public Safety, who then works with the Minister of Innovation, Science and Economic Development. In terms of the Canadian companies, though, we're also looking to see how we can increase their resiliency so that they're able to defend against these types of cyber-activities.

Public Safety committee  Part of it, I think, is actually having these conversations and talking about it. It's the fact that it's now in the consciousness. It's something that we can now talk about and, as consumers of information, we can start to become connoisseurs, consumers of information who are a little more judgmental, who are not just believing what we're seeing in social media.

Public Safety committee  On the social media regulation piece, I'm probably not the right person. I haven't really assessed that. On the small and medium enterprise piece, part of it is that we have to raise the general resiliency bar. I think it's unreasonable to expect them to be able to launch a cyber-defence initiative like, for example, the one we run for the Government of Canada.

Public Safety committee  That really goes to the general caretaker convention status but also to working with Elections Canada. This is something that we are talking to them about, because at the end of the day the nightmare scenario for a public servant would be to ever do anything that would interfere in the election.

Public Safety committee  That's something that we are talking about with Elections Canada, to make sure we respect that, and also for the Commissioner of Canada Elections, to make sure that we respect the independence. That might be the better route. That is something we're discussing right now in terms of how we're going to approach this.

Public Safety committee  We're working through the scenarios now.

Public Safety committee  We've been working collaboratively with Elections Canada since before the last election in 2015 in terms of augmenting cybersecurity and starting to discuss these issues. I think we're working through this as we also figure out how to engage with political parties if we find something.

Public Safety committee  I think it's important, as we look at our telecommunications networks, that we take the approach that we really want to look at this as an entire system and defend against all forms of cyber-risk. We look at it really from a few different viewpoints. Number one would be how we make sure that we're increasing the resilience across, regardless of where the product comes from.

Public Safety committee  We talk about it. We make the decision is in the best interests of Canadian security. We look at the holistic piece. We want to make sure that Canada has secure, resilient networks that are able to operate in a way that provides confidence for our networks. At the same time, we realize that there are the tools that are needed for intelligence gathering and that there are the techniques that are required.

Public Safety committee  The analogy extends to a point. Then, I think, the issue really is that if we're talking about something that's a systemic vulnerability, then we default to defence, but protecting Canada through the foreign intelligence side of things is something that we obviously care deeply about.

Public Safety committee  Right now, with the environment we have, patching is one of the key aspects of improving our cybersecurity. Companies are releasing patches. The model in the industry is “release fast and patch what doesn't work”. The same goes for security elements as well. As they discover new things and new ways of compromising systems, vendors put out software updates.

Public Safety committee  I think the key thing is that defensive cyber-operations are proposed in Bill C-59. It's a tool we can use to respond against any malicious cyber-activity. There are a number of elements. The first one is the permission to undertake that activity. It's up to the Minister of National Defence, with consultation of the Minister of Foreign Affairs, to ensure that if there are any foreign relations aspects, they are taken into account.

Public Safety committee  The expertise is an area in which we have to do two things. In the short term we have to look outside of the traditional fields of computer science and engineering. There are other skills to be brought to bear here. There are skills that are very close to the cybersecurity analytic capabilities.