A bill currently tabled in Ottawa would allow the federal government to compel companies in Canadian industries, including the financial, energy, telecommunications, and transportation industries, to either bolster their cyber security efforts or face expensive penalties.
There is no question that cyberattacks have exploded in recent years. This legislation is a response to this increase. If passed, the Act Respecting Cyber Security would give the Canadian federal government more control over how private businesses in key industries respond to potential attacks.
The legislation may “direct any designated operator or class of operators to comply with any measure set out in the direction for the purpose of protecting a critical cyber system.” However, the public may never know because the bill also “prohibits disclosure or allowing information about an attack to be disclosed.”
The Canadian Public Safety Minister, Marco Mendocino, defended this provision as a way to protect national security and trade secrets.
Operators Must Report Attacks
The bill mandates that operators in key regulated and federally-funded industries must report cyber incidents to the government’s Cyber Centre. They would also be legally mandated to establish cyber security programs that can detect and respond to serious incidents to protect critical systems.
While officials continue to create a list of companies that would be covered by this new bill, they have mentioned companies like rail companies and telecommunications company Bell and Rogers as likely subjects.
The bill, if passed, gives the government regulators more control over how private companies respond to potential attacks and the ability to audit companies to ensure compliance. Companies that are not in compliance could face serious penalties of up to $1 million for individuals and up to $15 million for others. They also risk summary convictions or indictments for non-compliance.
Federal officials report that “cyberattacks in Canada are grossly underreported, often because their targets want to protect their reputations or avoid legal and insurance consequences.” Officials say that this bill is meant to protect against large-scale cyberattacks on essential infrastructure – like the ransomware attack on the Colonial Pipeline in the U.S. which halted operations for days.
In conjunction with the bill, the Communications Security Establishment (CSE), Canada’s cyber intelligence agency announced it will expand its Security Review Program to apply to Canada’s telecommunications networks. The CSE said it will expand the program to include the development of mitigation strategies for equipment if a cyber security gap is identified.
hubTGI is a Canadian-owned Managed Services provider that offers Print Services, Workflow Solutions, Managed IT, Cybersecurity Solutions, Cloud Services and VoIP to help their customers control costs, secure their data and make their people more productive.
For the latest industry trends and technology insights visit hubTGI’s Resources page.