The federal government has introduced a new bill it says will protect critical Canadian industries from cyberattacks and hacking, following Ottawa’s announcement last month that it would ban Chinese telecom companies Huawei and ZTE from the country’s 5G and 4G networks.
Public Safety Minister Marco Mendicino presented Bill C-26 to the House of Commons on June 14, saying it aims to protect vital sectors from cyber threats, including the finance, energy, transportation, and telecommunications industries.
“Ransomware attacks, espionage, cyber-attacks, foreign interference, the conduct of hostile state actors and their proxies are all part of the national security landscape,” Mendicino said in a press conference.
“This legislation will protect Canadian cybersecurity by strengthening the partnerships between the government and the telecommunications sector, federal regulators, enhance supports for sectors of the economy that are vital to national security and public safety, and offer new tools to protect Canadians in cybersecurity.”
The bill, dubbed An Act Respecting Cyber Security, seeks to amend the Telecommunications Act to add the security of Canada’s telecommunications system as a policy objective.
It would give the government the legal authority to direct telecoms to enhance their systems against cyberattacks and cyber espionage, and to mandate any necessary action to secure the country’s telecommunications system. It also sets up an administrative monetary penalty to increase telecom companies’ compliance with the regulations.
The proposed legislation comes after Mendicino announced last month that the federal government will ban Chinese telecom giants Huawei and ZTE from the country’s 4G and 5G networks. Canadian companies that use equipment from these Chinese companies will be required to remove equipment already installed.
During the June 14 press conference, Industry Minister François-Philippe Champagne said the bill would provide the legal authority for the government to ban those Chinese companies from 4G and 5G networks, as well as fend off future threats.
“This [bill] goes way beyond Huawei and ZTE because we want to have legislation that will cover the future,” he said.
Champagne told reporters that the ban on Huawei and ZTE equipment would not cover smartphones or other devices.
“What we’re targeting is the critical infrastructures, the network, it’s not the phones or other type of equipment that the companies may decide to sell in Canada,” Champagne said.
The Canadian Centre for Cyber Security said in its 2020 National Cyber Threat Assessment that devices such as smartphones and personal computers are vulnerable to espionage activities such as unauthorized data collection.
The second part of Bill C-26 seeks to enact the Critical Cyber Systems Protection Act that aims to create a regulatory body that would require businesses in the four key sectors to report cyber and ransomware attacks to the government.
When asked why the mandatory reporting regime imposed on the designated industries does not include a public oversight mechanism for Canadians to see what data has been collected, Mendicino defended his bill by pointing to “a wide variety of mechanisms that exist beyond this legislation” that allows oversight of “anything that overlaps with national security.”
He didn’t respond directly when pressed on the bill’s lack of transparency, and said that the legislation aims to “support Canadians as they integrate new technologies in 5G and cyberspace into their lives.”
He also said that certain provisions in his bill would allow the government to protect the affected industries’ trade secrets, competitive information, and other sensitive information.