The Justin Trudeau government filed a bill on Tuesday to better protect the public from cyberattacks by requiring companies using Canadian networks and infrastructure to report incidents where they are the target.
Bill C-26, introduced in the House by Public Safety Minister Marco Mendicino, provides for this requirement, but senior officials indicated in a technical briefing that the scope of this requirement has not been clarified according to regulation.
The C-26 and the regulatory changes that will pave the way for it will, after the conclusion of industry consultations, clarify when a report should be made.
It is the responsibility of any designated operator to promptly report any cybersecurity incident regarding one of its critical systems to the Communications Security Establishment, in accordance with regulations, to allow the Center to use its attributions.can we read the bill.
Senior officials who provide information to journalists have already specified the list designated operators as well as threshold achievable for each disclosure obligation is among the details to be fixed by the regulation.
The goal is the ratification of the C-26 next fall and the implementation of a regulatory regime within six months.
Government officials said federally controlled businesses in four key sectors would be evaluated for potential coverage: telecommunications, transportation, banking systems and interprovincial energy networks.
Bill C-26 also responded to the announcement last month that Chinese providers Huawei Technologies and ZTE would be banned from Canada’s next-generation mobile networks.
The piece of legislation provides that the government may impose a ban or removal of the right of suppliers to use Canadian networks and facilities.
The provisions also specify that supply chains must be protected from threats and cyberattacks.
Moreover, the piece of legislation stipulates that the Minister of Industry, François-Philippe Champage, will have the power to appoint any person as an inspector, for the purpose of verifying compliance or preventing non -compliance with any provision of this Act or its regulations.
Financial penalties are provided for non-compliance with final law C-26 and the ordinances that may result therefrom.
The piece of legislation, if passed, would amend the provisions of the Telecommunications Act and Evidence Act, in addition to creating a new law, the Critical Cyber Systems Protection Act.
Ministers Mendicino and Champagne will provide more details at a press briefing scheduled for Tuesday afternoon.
The Canadian Press
Source: Radio-Canada
