By Denis Carmel
OTTAWA – The federal government today introduced Bill C-26, An Act Respecting Cyber Security (ARCS), which proposes amendments to the Telecommunications Act.
On May 19, when François-Philippe Champagne, the minister of Innovation, Science and Industry, made the announcement that the Canadian government intended to prohibit the inclusion of Huawei and ZTE products and services in Canada’s telecommunications systems, he mentioned legislative changes were coming.
“We intend to introduce amendments to the Telecommunications Act (TA) to ensure that promoting the security and protection of our telecommunications system is an overriding objective of Canada’s telecommunications policy,” the policy statement issued at the time read.
So, a month later his counterpart Marco Mendicino, the minister of Public Safety, acted. The new Act includes a new objective, which “would be added to promote the security of the Canadian telecommunications system, enabling the Minister of Industry and the Canadian Radio-television and Telecommunications Commission (CRTC) to consider this objective when exercising their respective powers under the TA,” according to an overview of the proposed changes.
The Industry minister will be given new powers to issue Cyber Security Directions (CSDs) to force operators to “mitigate supply chain and third-party service or product risks; report cyber security incidents to the Communications Security Establishment (through its Canadian Centre for Cyber Security (Cyber Centre); and implement CSDs,” a backgrounder explains.
The new regulatory regime will apply to operators in the finance, telecommunications, energy and transportation sectors to protect their critical cyber systems.
“For example, this would enable the Minister of Industry to take urgent action to address malicious network behaviour or traffic flows (e.g., redirection, hijacking of internet routes, denial of service using high-volumes of network traffic),” the government’s overview says.
“The Government of Canada will always protect the safety and security of Canadians and will take any actions necessary to safeguard our telecommunications infrastructure. The changes announced today will support the long-term security of Canada’s networks while ensuring Canadians can continue to benefit from high-quality and secure telecom services,” said Champagne, in a statement in a press release today.
This legislation will impose on the operators an obligation to beef up their networks and make them report on how they implement measures to secure their networks and give the minister the power to force them to do it.
Update, June 15: Cartt.ca reached out to several organizations for reactions to the new bill. Most responded to say they are opting not to comment on it yet, with several indicating they are still studying the bill.
A spokesperson from SaskTel told Cartt.ca that while they are in the process of conducting a thorough review to determine how it might affect their operations, “SaskTel takes the safety and security of all aspects of our business and operations extremely seriously and we are firmly committed to evolving our practices and safeguards to protect from all types of threats, both current and emerging.”
Geoff White, executive director and general counsel of the Competitive Network Operators of Canada told Cartt.ca they are “very pleased to see the Government of Canada giving telecommunications policy, legislation and regulation much more attention, and are particularly encouraged by the proposed 2022 Champagne Policy Direction.
“When it comes to cybersecurity, we share the same goals, and will look forward to continuing to work with the Government on reforms, and will want to make sure new security measures do not unduly impair smaller competitors relative to the incumbents,” he said.
