A new law introduced yesterday would require Canadian businesses in charge of critical infrastructure to report any cyberattacks or incidents they experience to the federal government.
The proposed legislation, Bill C-26, was introduced by the Minister of Public Safety Marco Mendicino. Also called An Act Respecting Cyber Security (ARCS), the bill is meant to “protect Canadians and bolster cyber security across the financial, telecommunications, energy, and transportation sectors,” a government release said.
One of the main aims of ARCS is the introduction of the Critical Cyber Systems Protection Act (CCSPA), which establishes a regulatory framework for cybersecurity for services and systems “vital to national security and public safety.” CCSPA addresses gaps in the federal government’s ability to safeguard critical infrastructure and their systems, by allowing it to do the following:
Bill C-26 also looks to amend the Telecommunications Act, adding security as a policy objective and bringing telecommunications in line with Canada’s other critical infrastructure sectors. This provides the federal government with the legal authority to issue mandates to secure telecoms – including prohibiting Canadian companies from using products or services from “high-risk” suppliers.
Reuters reported that while the proposed bill did not identify any “high-risk” suppliers, Canada last month banned the use of 5G equipment made by the Chinese companies Huawei and ZTE.
“In the 21st century, cyber security is national security – and this new legislation will ensure that Canada’s defences meet the moment. Most importantly, it will help both the public and private sectors better protect themselves against cyberattacks,” said Mendicino in a statement. “This bill is one part of our robust strategy to defend Canada and the crucial infrastructure that Canadians rely on.”
