Mandatory reporting of cyberattacks expected in the security bill to be presented today

Businesses and other private sector organizations will be required to report incidents of ransomware and other cyberattacks to the government under a federal bill to be introduced today.

The legislation is intended to build on the Liberal government’s efforts to protect critical infrastructure following last month’s announcement that Chinese providers Huawei Technologies and ZTE will be excluded from Canada’s next-generation mobile networks.

At the time, Public Security Minister Marco Mendicino said the Liberals would present legislation that would go further, taking additional measures to protect infrastructure in the telecommunications, finance, energy and transportation sectors.

He said it would establish a framework to better protect systems vital to national security and give the government a new tool to respond to emerging dangers in cyberspace.

Attacks on businesses, universities, and even hospitals by cybercriminals who hijack data for ransom have become alarmingly common.

Some selected organizations have preferred to pay the required fee to try to make the problem go away quietly, making it difficult for officials to get a full picture of the phenomenon.

Mendicino told a recent House of Commons committee meeting that the government was seeking to make it compulsory to report such attacks.

Ottawa banned Huawei and ZTE last month

Anticipated measures also include amendments to the Telecommunications Law that would allow the government to prohibit the use of equipment and services from designated providers when necessary.

The federal policy outlined in May prohibits the use of new 5G equipment and managed services from Huawei and ZTE. Existing 5G equipment or services must be retired or canceled by June 28, 2024.

Any use of new 4G equipment and managed services from the two companies will also be prohibited, and existing equipment will be retired by December 31, 2027.

Attacks on businesses, universities, and even hospitals by cybercriminals who hijack data for ransom have become alarmingly common. (Pablo Lizard/Shutterstock)

The government plans other measures that would create a holistic telecommunications security framework, aligning with the approach taken by allies and partners.

Last year, the UK passed a law imposing stricter requirements on telecommunications providers to defend their networks from threats that could lead to a failure or the theft of important data.

In March, the UK launched a public consultation on draft regulations outlining the specific steps suppliers should take to meet their legal obligations, along with a draft code of practice on regulatory compliance.

The Canadian government plans to increase its planned legislative measures by building on the existing Security Review Program, run by the Communications Security Establishment, the electronic spy service, in partnership with Canadian telecommunications service providers.

The program is designed to exclude specific equipment from sensitive areas of Canadian networks and ensure mandatory testing of equipment before it is used on less vulnerable systems.

The government intends to expand the program to consider the risks of all key vendors and apply its efforts more broadly to help the industry improve cybersecurity.

Related Articles

Leave a Reply

Your email address will not be published.

Back to top button