If you’ve been following the cybersecurity headlines lately, you know it’s rough out there. At CIRA, we provide cybersecurity services to over 1,000 organizations, and see first-hand, every single day, the wide range of threats that Canadians are up against. We are at an inflection point.
This is why CIRA believes that Bill C-26, An Act Respecting Cyber Security is an important and necessary step to help protect the networks that Canadians depend on in every aspect of their lives.
Bill C-26, particularly Part II, the Critical Cyber Systems Protection Act (CCSPA), aims to raise the baseline level of cybersecurity of critical cyber systems in the federally regulated private sector. As a not-for-profit organization whose mission is to build a trusted internet for all Canadians, this aim is something we can get behind.
While we’re best known for the operation of the .CA domain, our cybersecurity services such as CIRA DNS Firewall and our free Canadian Shield service protect millions of Canadians from threats to their privacy, scams and harmful phishing and malware.
As a DNS and cybersecurity services operator we want the CCSPA to be the best it can be. We have studied the bill closely and developed three constructive recommendations that will help strengthen the legislation and promote trust amongst internet users.
In policy discussions, protections around information-sharing and security are often positioned at odds with one another. But we know that they can work in tandem if you strike the right balance. As well, there are reasonable concerns with any security legislation that the need for secrecy can lead to an abuse of power. At CIRA, we recognize these concerns and are confident that tailored, specific oversight measures can help enhance public trust and confidence in the Bill.
We believe that the CCSPA can be strengthened by:
- Adding an additional oversight mechanism to the process of issuing cybersecurity directions;
- Making sure that information sharing is limited to cybersecurity and information-assurance purposes only; and,
- Publishing annual transparency reports so that Canadians know how the Act is being used by the government to order companies to protect them.
As a cybersecurity services provider, we understand the need for speed and a certain level of secrecy when addressing threats to networks. But we also believe that the three recommendations above offer parliamentarians a reasonable and balanced means to improve trust in government, and, by extension, the internet.
Recent high-profile cyber attacks underscore the need for a new national approach. In CIRA’s view, Bill C-26’s objective to increase the baseline level of security across critical cyber systems is a welcome step for the cybersecurity ecosystem in Canada.
The legislative process—in particular the Bill’s upcoming study at committee—offers an excellent opportunity to bring the cybersecurity community together with critical cyber system operators and parliamentarians, ensuring that C-26 is the most effective Bill it can be.
CIRA looks forward to engaging with the government to continue building a trusted internet for Canadians. We’ll have more to share on improving Bill C-26 soon.