Mr. Speaker, I rise today to speak to Bill C-26, an act about cybersecurity. In the 21st century, cybersecurity is national security, and it is our responsibility to protect Canadians from growing cyber-threats. We have to take the necessary steps to protect Canadians and our telecommunications infrastructure. Canadians must have confidence in the integrity, authenticity and security of the products and services they use every day.

This bill reflects the values of Canadians and is in line with our closest allies, including our Five Eyes partners. That is why we are investing in cybersecurity, ensuring respect for the privacy of Canadians and supporting responsible innovation. We will continue to protect Canadians from cyber-threats in an increasingly digital world. As said in our international cybersecurity overview, a free, open and secure cyberspace is critical to Canada’s economy, social activity, democracy and national security.

Canada faces cybersecurity risks from both state and non-state actors. Protecting Canada’s and Canadians’ cyber-infrastructure from malicious actors is a serious challenge and a never-ending task. Canada works with allies and partners to improve cybersecurity at home and to counter threats from abroad. This includes identifying cyber-threats or vulnerabilities and developing capabilities to respond to a range of cyber-incidents.

A few years back, we put forward the national cybersecurity strategy, a vision for security and prosperity in the digital age. As mentioned there, virtually everything Canadians do is touched by technology in some way. We are heavily interconnected and networked, a fact that not only enhances our quality of life but also creates vulnerabilities. From commercial supply chains to the critical infrastructure that underpins our economy and our society, the risks in the cyberworld have multiplied, accelerated and grown increasingly malicious.

Major corporations, industries and our international allies and partners are engaged in the global cyber-challenge, but many others are not and that represents a significant risk. The strategy's core goals were reflected in budget 2018, where $500 million was invested in cybersecurity. Part of the funding was for the new Canadian Centre for Cyber Security, which is Canada’s technical authority on cybersecurity. It is part of the Communications Security Establishment, and it is the single, unified source of expert advice, guidance, services and support on cybersecurity for Canadians and Canadian organizations.

It regularly publishes the “National Cyber Threat Assessment”, and I would like to quote from their latest one for 2023-24. It states:

Canadians use the Internet for financial transactions, to connect with friends and family, attend medical appointments and work. As Canadians spend more time and do more on the Internet, the opportunities grow for cyber threat activity to impact their daily lives. There’s been a rise in the amount of personal, business and financial data available online, making it a target for cyber threat actors. This trend towards connecting important systems to the Internet increases the threat of service disruption from cyber threat activity. Meanwhile, nation states and cybercriminals are continuing to develop their cyber capabilities. State-sponsored and financially motivated cyber threat activity is increasingly likely to affect Canadians.

In the latest assessment, they chose to focus on five cyber-threat narratives that they judge are the most dynamic and impactful.

First, ransomware is a persistent threat to Canadian organizations. Cybercrime continues to be the cyber-threat activity most likely to affect Canadians and Canadian organizations. Due to its impact on an organization’s ability to function, ransomware is almost certainly the most disruptive form of cybercrime facing Canadians. Cybercriminals deploying ransomware have evolved in a growing and sophisticated cybercrime ecosystem and will continue to adapt to maximize profits.

Second, critical infrastructure is increasingly at risk from cyber-threat activity. Cybercriminals exploit critical infrastructure because downtime can be harmful to industrial processes and the customers they serve. State-sponsored actors target critical infrastructure to collect information through espionage, to pre-position themselves in case of future hostilities and as a form of power projection and intimidation.

Third, state-sponsored cyber-threat activity is impacting Canadians. State-sponsored cyber-threat activity against Canada is a constant, ongoing threat that is often a subset of larger, global campaigns undertaken by these states. State actors can target diaspora populations and activists in Canada, Canadian organizations and their intellectual property for espionage, and even Canadian individuals and organizations for financial gain.

Fourth, cyber-threat actors are attempting to influence Canadians, degrading trust in online spaces. Cyber-threat actors' use of misinformation, disinformation and malinformation, collectively referred to as MDM, has evolved over the past two years. Machine learning-enabled technologies are making fake content easier to manufacture and harder to detect. Further, nation-states are increasingly willing and able to use MDM to advance their geopolitical interests.

Fifth, disruptive technologies bring new opportunities and new threats. Digital assets, such as cryptocurrencies and decentralized finance, are both targets and tools for cyber-threat actors to enable malicious cyber-threat activity. Machine learning has become commonplace in consumer services and data analysis, but cyber-threat actors can deceive and exploit this technology. Quantum computing has the potential to threaten our current systems of maintaining trust and confidentiality online. Encrypted information stolen by threat actors today can be held and decrypted when quantum computers become available.

Simply put, cyber-threats pose a growing risk to all Canadians and institutions. We are confronting this threat head-on. Our government regularly engages with domestic and international cybersecurity partners to protect Canada’s critical infrastructure and the systems that underpin essential services. We are working closely with critical infrastructure stakeholders and partners to ensure that they are better prepared to face cyber-based threats.

Our cybersecurity framework continues to detect, deter and disrupt state and non-state actors attempting to take advantage of the Canadian cyber-landscape. Our government is, and will always be, ready to respond to any malicious cyber-acts that threaten Canadian interests.

To conclude, the purpose of this act is to help protect critical cyber systems in order to support the continuity and security of vital services and vital systems by ensuring that, first, any cybersecurity risks with respect to critical cyber systems are identified and managed; second, critical cyber systems are protected from being compromised; third, any cybersecurity incidents affecting, or having the potential to affect, critical cyber systems are detected; and finally, the impacts of cybersecurity incidents affecting critical cyber systems are minimized.