Failure to report cyberattacks could result in sanctions for key companies under the new law

Key companies in the banking and telecommunications industries would be among those needed to bolster cybersecurity and report digital attacks, or possibly face sanctions, according to a federal bill introduced on Tuesday.

The law seeks to flesh out the Liberal government’s efforts to protect critical infrastructure following last month’s announcement that Chinese vendors Huawei Technologies and ZTE will be banned from Canada’s next-generation mobile networks.

The recently introduced bill goes further, taking additional steps to protect the infrastructure of the telecommunications, finance, energy and transportation sectors. It could be applied to everything from piping and power systems to banking and rail networks.

Ottawa wants to provide industry leaders, particularly those vital to national security operations, with the resources they need to safeguard their sectors and the Canadian public at large, said Public Safety Minister Marco Mendicino.

“I think it’s very important to emphasize that as we incorporate and integrate new technologies into our economy, we also have to be very sober with the national security landscape,” Mendicino told a news conference.

“It’s about taking advantage of the economic opportunity and protecting Canadians as well.”

The overall goal is to establish a framework to better protect vital systems for national security and provide the government with new tools to respond to emerging dangers in cyberspace.

From cyber espionage to ransomware, threats to cyber-activity Canadians are greater than ever, according to the government.

The specific companies and organizations in each federally regulated sector that are subject to the legislation will be determined through future consultations.

The bill proposes to give regulators the ability to enforce various measures through audit powers and fines, and would allow for criminal sanctions in cases of non-compliance.

Attacks by cybercriminals who hold data hostage in exchange for a ransom have become alarmingly common.

Some targeted organizations have preferred to pay the required fee to try to make the problem go away smoothly, making it difficult for officials to have a complete picture of the phenomenon.

Under the bill, a designated company must immediately report a cybersecurity incident that includes any of its critical systems at the Communications Security Center, the leading federal cyber defense agency.

Federal officials say the consultations will help determine the threshold for mandatory reporting of such incidents.

Through the changes to the Telecommunications Act, the bill would give the government legal authority to order any action needed to protect Canada’s telecommunications systems.

This would include banning Canadian companies from using the products and services of high-risk providers.

“We all recognize here in Canada that our telecommunications infrastructure is among the most important and critical infrastructure in our country,” said Innovation Minister François-Philippe Champagne.

Canada’s critical infrastructure is increasingly interconnected, interdependent and integrated with cybersystems, especially with the emergence of new technologies such as 5G that will increase the threat and introduce new vulnerabilities, the government says.

Ottawa has serious concerns about Huawei and ZTE suppliers, suggesting that they may be forced to comply with Beijing’s instructions to compromise Canada’s national security.

The federal policy outlined in May bans the use of new 5G equipment and managed services from Huawei and ZTE. Existing 5G equipment or services must be removed or terminated by June 28, 2024.

The use of new 4G equipment and managed services by both companies will also be banned, and existing equipment will be withdrawn before December 31, 2027.

This report from The Canadian Press was first published on June 14, 2022.

Leave a Comment

Your email address will not be published. Required fields are marked *