Parliamentary Committee Notes: Cyber and Critical Infrastructure

Commitments:

• Introduce legislation to safeguard Canada’s critical infrastructure, critical cyber systems & telecommunications systems (5G)
• Advance the National Cyber Security Action Plan
• Develop and implement a renewed National Cyber Security Strategy

Overarching message on progress and priorities:

• The Government of Canada recognizes the accelerated pace at which cyber threats are evolving requires a much more comprehensive and agile response from all levels of government and industry. To address this changing threat landscape, the Government has prioritized three initiatives and has made significant progress on each of them.
• In June of 2022, the Government announced further steps to strengthen Canada’s cyber security with the introduction of Bill C-26, An Act Respecting Cyber Security, which would create a regulatory regime for cyber security in federally-regulated critical infrastructure sectors in Canada. This legislation is currently being studied by the Parliamentary Standing Committee on Public Safety and National Security and our Government is looking forward to that work in committee in order to advance this important bill that will further protect Canadians.
• The 2018 National Cyber Security Strategy and its associated 2019-2024 Action Plan have made Canada more resilient against malicious cyber actors. Since 2018, important steps have been taken to defend Canada against cyber threats and malicious actors, and to further develop Canada’s cyber security posture. That said, the threat landscape is ever evolving, and as such the Government of Canada is in the process of developing a new National Cyber Security Strategy. A strategy that will articulate Canada's long-term approach to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.

Proposed Response:

Bill C-26

• Currently, the Government has few legislative tools to regulate cyber security across Canada’s critical infrastructure.
• Budget 2019 earmarked $145 million to strengthen the cyber security of Canada’s critical infrastructure and introduce a new critical cyber systems framework.
• The accelerated pace at which cyber threats are evolving requires a much more comprehensive and agile response from all levels of government and industry.
• We must meet this moment and protect ourselves, and the critical infrastructure and services Canadians rely on every day.
• Colleagues, that is why in June of 2022 Government announced further steps to strengthen Canada’s cyber security with the introduction of Bill C-26, An Act Respecting Cyber Security.
• This important legislation is now being studied by the Standing Committee on Public Safety and National Security.
• Bill C-26 will protect Canadians, increase collaboration and information sharing between government and industry, and bolster cyber security across the federally regulated finance, telecommunications, energy, and transportation sectors.
• Importantly, this landmark legislation will ensure a consistent cross-sectoral approach to cyber security in response to the growing interdependency of our connected digital systems

National Cyber Security Action Plan

• In June 2018, the Government of Canada released the National Cyber Security Strategy. The Strategy outlined Canada's vision for security and prosperity in the digital age, and outlined the following three goals in response to evolving threats, emerging opportunities, and the need for collaborative action:
  • Secure and Resilient Systems
  • Innovative and Adaptive Cyber Ecosystem
  • Effective Leadership, Governance and Collaboration
• Under the Strategy's supporting 5-Year Action Plan, from 2019-2024, 14 horizontal initiatives were led by eight federal organizations and three agencies^{Footnote 1}.
• Budget 2018 funded $507.7M over five years, and $108.8M ongoing for the National Cyber Security Strategy and it’s initiatives, which represented an incremental first step to achieving the vision of the Strategy.
• Key achievements included the establishment of two flagship organizations under the Strategy: the Canadian Centre for Cyber Security under the Communications Security Establishment and the National Cybercrime Coordination Centre, a National Police Service under the stewardship of the Royal Canadian Mounted Police.
• In June 2022, Public Safety Canada published the results of a Mid-Term Review of the 2018 Strategy to evaluate its performance, identify opportunities for refinement and chart a path for the future.
• Overall, the Review found milestones are being met and results are being achieved. It also found the Strategy is benefiting Canada and Canadians, and the Strategy's strategic federal investments have established a solid foundation for the Government of Canada to build upon.
• The milestones for the implementation of the initiatives listed in the National Cyber Security Action Plan will reach completion in 2024, marking the end of its five year cycle.
• It is therefore an opportune time for the Government of Canada to make the next set of necessary investments for inclusion in a new NCSS.

Renewal of the National Cyber Security Strategy

• In December 2021, the Prime Minister asked my predecessor to develop a new National Cyber Security Strategy.
• Public Safety Canada is leading this work, in collaboration with the federal cyber security community. The new Strategy will articulate Canada's long-term approach to protect our national security and economy, deter cyber threat actors, and promote norms-based international behavior in cyberspace.
• The development of the new NCSS is framed in the context of Canadians increasingly embracing digital technology, particularly since the COVID-19 pandemic. As Canadians increasingly live, work, and communicate online, the opportunities grow for cyber threat activity to disrupt their daily lives, all in the broader setting of a host of increased international tensions.
• During 2022 and 2023, Public Safety Canada hosted public consultations and held targeted engagement sessions with representatives from industry, other levels of government, academia, and Indigenous groups to inform the new Strategy.
• The feedback we have heard through engagement and consultation is envisioned to feature prominently in the development of Canada’s new National Cyber Security Strategy, which will be released in due course.

Date modified:

2024-08-07