In a bill that will go through federal deputies next fall, the federal government aims to force companies in sectors essential to the security’s state, to adopt a cybersecurity plan and to declare when they face attacks.
304 cybersecurity incidents were recorded last year by Ottawa. However, this number is probably underestimated since companies are not required to declare them. The Canadian government wants to change the situation. In a recent bill, it aims to force certain companies under federal responsibility to set up an effective security system that aims to protect themselves against hacker attacks.
For Jean-Christophe Boucher, assistant professor at the School of Public Policy at the University of Calgary, interviewed by Le Devoir, the government must take responsibility for security and no longer let the industry self-regulate. “Even companies that manage critical infrastructure in Canada, such as pipelines or power grids, do not invest enough in cybersecurity and do not necessarily disclose the attacks they are victims of,” he said.
Modalities to be defined
How far will this law extend and to whom? It still has to be defined. The new obligations will be ruled after consulting the regulators of these four sectors defined as essential to the security of the nation. This bill doesn’t plan that the general public and customers will be informed of those attacks. MPs will consider the bill next fall.