Canada’s Minister of Public Safety, Marco Mendicino, has announced further steps to strengthen Canada’s cybersecurity with the introduction of Bill C-26, An Act Respecting Cyber Security (ARCS). This proposed legislation is intended to protect Canadians and bolster cybersecurity across the financial, telecommunications, energy, and transportation sectors.
The proposed legislation seeks to amend the Telecommunications Act to add security as a policy objective, bringing telecommunications in line with other critical sectors. This will provide the Canadian government with the legal authority to mandate any necessary action to secure the country’s telecommunications system. This includes prohibiting Canadian companies from using products and services from high-risk suppliers. In May, Ottawa announced that Chinese tech vendors Huawei Technologies and ZTE will be banned from supplying hardware to Canada’s next-generation 5G mobile networks.
The new, proposed legislation introduces the Critical Cyber Systems Protection Act (CCSPA) which lays a foundation for securing Canada’s critical infrastructure. It aims to help organizations better prepare, prevent, and respond to cyber incidents. The legislation could also serve as a model for provinces, territories, and municipalities to help secure their critical infrastructure in collaboration with the federal government.
If passed, the legislation would compel companies in the finance, telecommunications, energy and transportation sectors to report cyberattacks and either boost their cyber systems or face expensive penalties. Non-compliance could result in convictions and regulators would have the authority to conduct audits.
“In the 21st century, cybersecurity is national security – and this new legislation will ensure that Canada’s defenses meet the moment,” Mendicino said. “Most importantly, it will help both the public and private sectors better protect themselves against cyberattacks. This bill is one part of our robust strategy to defend Canada and the crucial infrastructure that Canadians rely on.”
Since 2018, the Government of Canada has invested approximately $4.8 billion in cybersecurity. Budget 2019 provided $144.9 million to introduce a new critical cyber systems framework to protect Canada’s federally regulated critical infrastructure in the finance, telecommunications, energy, and transport sectors.
It is not yet clear exactly which entities would fall under the proposed legislation, but rail companies and telecommunications providers have been mentioned as likely subjects.