This April, against a backdrop of Canadian and Ukrainian flags, Prime Minister Justin Trudeau stood on stage at Toronto’s Royal York hotel alongside Ukrainian Prime Minister Denys Shmyhal. Mr. Trudeau reiterated Canada\u2019s support for Ukraine and told reporters about a new military aid package designed to help Kyiv fend off Russia’s illegal invasion.<\/p>\n
In the weeks that followed, pro-Russian hackers retaliated the way they often do<\/a> against governments that support Ukraine, with a rash<\/a> of distributed denial of service attacks that aim to overwhelm high-profile websites and knock them offline.<\/p>\n Pro-Russian groups went on to claim responsibility for a string of incidents affecting major targets including a natural gas pipeline<\/a>, the Prime Minister\u2019s Office<\/a> and Hydro-Quebec.<\/a> Their message? They have the power to disrupt Canada\u2019s networks and they\u2019re not afraid to use it.<\/p>\n In August, the Canadian Centre for Cyber Security and RCMP issued a report<\/a> warning that cyber criminals operating from \u201ccybercrime safe havens\u201d like Russia will \u201calmost certainly\u201d continue to target critical infrastructure in Canada.<\/p>\n With geopolitical tensions and cybercrime on the rise, these attacks underscore the need for Canada\u2019s cyber defences to step up in the face of a constantly evolving threat landscape.<\/p>\n Bill C-26, the federal government\u2019s draft legislation to improve cybersecurity across federally-regulated cyber systems critical to Canadian society \u2013 the ones that support the energy, finance, telecommunications, and transportation sectors \u2013 is our next best chance to have a national conversation about what\u2019s needed to create strong, coordinated cyber defences.<\/p>\n The good news is that, so far, these acts have failed to significantly disrupt the lives of Canadians. But, more serious and debilitating cyber attacks are a matter of when \u2500 not if.<\/p>\n Tomorrow, pro-Russian groups or other adversaries could show their true powers and shut down the operations of a power company, a water supplier, a large hospital. Such attacks, if successful, could harm or even threaten<\/a> the lives of Canadians.<\/p>\n Despite our best efforts, Canada is stuck in a game of whack-a-mole. We\u2019ve got the tools, but we need the coordination. Cybersecurity is a team sport, not solely the responsibility of any single stakeholder\u2014government, the private sector, technical operators, civil society and Canadian citizens\u2014but of all of them.<\/p>\n That\u2019s why we need to get on with Bill C-26<\/a>, which would raise the baseline level of cybersecurity across the federally-regulated cyber systems Canadians rely on most.<\/p>\n Among other requirements, the bill would have designated operators in the energy, finance, telecommunications, and transportation sectors create cybersecurity programs and report incidents. These measures are vital to keep pace with the changing threat environment and innovation in technology and will enhance Canada\u2019s national security and public safety.<\/p>\n Ensuring that these operators secure their networks is of utmost importance. A forthcoming survey commissioned by CIRA suggests that only 44 per cent of surveyed organizations that experience a cyber incident report it to customers whose data are compromised\u2014despite an existing requirement<\/a> to do so. That so few organizations report on cyber incidents demonstrates that we, as a country, need to do better.<\/p>\n