Obligation to report cyber attacks expected in today’s security bill

Businesses and other private organizations need to report ransomware incidents and other cyberattacks to the government under a federal bill filed today.

The law embodies the Liberal government’s efforts to protect critical infrastructure following last month’s announcement that Chinese vendors Huawei Technologies and ZTE will be banned from Canada’s next-generation mobile network. Is aimed at.

At that time, Minister of Public Security Marco Mendicino said the Liberal Party would enact more advanced legislation and take additional steps to protect infrastructure in the telecommunications, financial, energy and transportation sectors.

He said he would establish a framework to better protect systems essential to national security and provide governments with new tools to address new dangers in cyberspace.

Attacks on businesses, universities, and even hospitals by cybercriminals who take data hostage in return for ransom are surprisingly common.

Some target organizations prefer to pay the fees needed to quietly resolve the issue, making it difficult for authorities to get a complete picture of the phenomenon.

Mendicino signaled at a recent House of Commons committee meeting that the government was considering mandating reporting such attacks.

Expected measures also include amendments to the Telecommunications Act, which will allow the government to ban the use of equipment and services from designated suppliers as needed.

Federal policy outlined in May bans the use of new 5G equipment and managed services from Huawei and ZTE. Existing 5G gear or services must be removed or terminated by June 28, 2024.

The use of new 4G devices and managed services from both companies will also be banned, and existing devices will be removed by December 31, 2027.

The government is planning other measures to create an overall telecommunications security framework in line with the approaches adopted by allies and partners.

Last year, the United Kingdom passed a law that imposes strong requirements on telecommunications providers to protect networks from threats that could lead to critical data failure or theft.

In March, the United Kingdom launched a public consultation on a draft regulatory outline that outlines the specific steps providers need to take to fulfill their legal obligations, along with a draft code of conduct for regulatory compliance.

The Government of Canada plans to work with Canadian telecommunications service providers to strengthen planned legislative measures based on existing security review programs led by the Communications Security Agency (Electronic Spy Services). ..

This program is designed to exclude certain equipment from the sensitive areas of Canada’s network and guarantee essential gear testing before use in vulnerable systems.

The government plans to expand its program to consider risks from all major suppliers and apply its efforts more broadly to help the industry improve cybersecurity.

Jim Bron Skill

Canadian press


Posted on