Canada hardening cyber defenses in private industry


Canadian businesses operating in critical infrastructure sectors would be required to report cyberattacks to the federal government and would have to fortify their cyber systems under a new law introduced June 14, 2022.

The legislation identifies finance, telecommunications, energy and transportation sectors as being vital to national security and public safety but stops short of naming any companies.

“There was a lot of thought given into identifying which sectors are vital to national security and public safety,” Public Safety Minister Marco Mendicino told reporters, adding that operators of critical infrastructure would be identified after consulting the sectors.

The legislation also would give Liberal Prime Minister Justin Trudeau’s government broader powers to secure the country’s telecommunications systems against cyber security threats.

“This new legislation … will help both the public and private sectors better protect themselves against cyberattacks,” Mendicino said.

Faster networks like 5G have helped Canada’s critical infrastructure sectors to become more interconnected and integrated, but they are also more vulnerable to newer forms of cyber threats, the government said.

Hacking incidents are on the rise, but they remain underreported because companies are not required under current laws to disclose cyberattacks when they happen, a senior official said.

Bill C-26, which has not yet been debated or passed, would also bar telecommunications companies from using the products and services of high-risk suppliers, according to a statement from the government.

The statement did not name any companies, but Canada last month banned the use of 5G gear made by China’s Huawei Technologies Co. Ltd. and ZTE Corp. to protect national security, joining Australia, New Zealand, the United Kingdom and United States, which have already banned the equipment.