Parliamentary Committee Notes: Media Lines – Introduction of the Act Respecting Cyber Security

Description

On June 14, 2022, the Government of Canada will introduce Bill C-26, An Act Respecting Cyber Security (ARCS). The legislative package seeks to amend the Telecommunications Act and enact the Critical Cyber Systems Protection Act.

This announcement is expected to generate national and international media coverage, stakeholder reactions, as well as media calls to Public Safety Canada (PS), Innovation, Science and Economic Development Canada (ISED), the Communications Security Establishment (through its Canadian Centre for Cyber Security) and other partner agencies.

The key messages below address likely questions from media that would fall under PS's mandate.

Key Messages:

• Canada's critical infrastructure is becoming increasingly interconnected, interdependent, and integrated with cyber systems, particularly with the emergence of new technologies such as 5G.
• That is why the Government of Canada is taking important steps to further protect Canada's critical infrastructure systems with the introduction of An Act Respecting Cyber Security.
• The proposed legislation amends the Telecommunications Act to add security as a policy objective, bringing telecommunications in line with other critical sectors; and, introduces the Critical Cyber Systems Protection Act (CCSPA) to create a regulatory framework requiring designated operators in the finance, telecommunications, energy, and transportation sectors to protect their critical cyber systems.
• An Act Respecting Cyber Security is part of the Government's commitment to increasing the cyber security baseline across Canada, and helps ensure the national security and public safety of Canadians by:
  • adding “security” as a policy objective for the Telecommunications Act;
  • creating regulation specific to cyber security;
  • providing the legislative authority to direct action in response to cyber threats; and
  • supporting increased cyber threat information sharing.
• In particular, changes to the Telecommunications Act will provide the Government with a clear and explicit legal authority to mandate any action necessary to secure Canada's telecommunications system. This includes authority to prohibit Canadian telecommunications service providers from using products and services from high-risk suppliers. The accompanying CCSPA will form the foundation for securing Canada's critical infrastructure against evolving cyber threats. The legislation will improve and support organizations' abilities to prepare, prevent, respond to, and recover from all types of cyber incidents, including ransomware.
• More secure and resilient critical infrastructure will ensure the safety and well-being of Canadians, while spurring growth and innovation, which are key drivers for a healthy economy.

Critical Cyber Systems Protection Act (CCSPA)

• Cyber threats are evolving, increasing in frequency and becoming more sophisticated with more damaging consequences for Canada's economy, national security and public safety.
• The CCSPA is intended to be the foundation for securing Canada's critical infrastructure against evolving cyber threats, including ransomware.
• The legislative framework would apply to federally regulated services and systems in the finance, energy, telecommunications, and transport sectors with the flexibility to be applied to other federally regulated sectors.
• The proposed legislation requires designated owners and operators of the systems and services to maintain a baseline level of cyber security.
• The legislation will also require incident reporting to the Government, which will create a more thorough understanding of the threats and vulnerabilities that exist in the Canadian cyber ecosystem.
• Finally, it provides a clear and explicit legal mechanism to compel organizations to take action to address a cyber security threat or a vulnerability
• Critical infrastructure is increasingly interconnected and cyber threats and threat actors are not bound by borders or jurisdictions. The CCSPA may be used as a model for other jurisdictions (provinces, territories and municipalities) so that they may implement similar frameworks to protect critical infrastructure within their own jurisdictions.
• Provisions of the Act will be rolled out gradually, and consultation between government and industry stakeholders will begin shortly to minimize potential impact on affected industries.

Amendments to the Telecommunications Act

• The Government takes the security of Canada's telecommunications system very seriously and will continue to promote the security of Canadian networks, while championing emerging technologies, such as 5G.
• The Government's May 19 statement on telecommunications security makes it clear that Canada considers Huawei and ZTE high-risk suppliers. The amendments to the Telecommunications Act under ARCSprovides the Government with a legislative tool to prohibit the use products and services from high-risk suppliers.
• The proposed legislative amendments align with actions taken by Canada's Five Eyes partners and will allow Canada to take strong action against threats to the security of our telecommunications sector.
• Canada has been able to successfully mitigate cyber security risks in 3G, 4G, and LTE networks through a collaborative risk mitigation framework, CSE's Security Review Program. The program will continue and evolve to mitigate security risks in 5G networks.
• Once legislative measures come into force, Canada will have an even more robust set of tools at its disposal.
• Canada fully recognizes the complex nature of the threat posed by a range of malicious actors who seek to use 5G systems to undermine Canadian and allied safety, security, defence, and economic interests.

Date modified:

2024-06-04