MPs call for national security reports and support for businesses to defend against cyber attacks
The MPs want someone in government to gather those recommendations and create an annual priority list, as is done in Washington.
A committee of MPs is calling on the federal government to issue an overarching annual national-security threat assessment and provide more information on how to prevent cyber attacks, particularly from Russia.
“Concern about Russia is heightened because it has shown a willingness to cross internationally recognized red lines,” reads a report from the House of Commons committee on public safety.
The report, tabled in Parliament last week, argues that the various agencies and committees handing national security issues operate in silos, and a patchwork of reports come from different sources.
The MPs want someone in government to gather those recommendations and create an annual priority list, as is done in Washington. They say this should start with a review of the various “cyber roles, responsibilities, and structures that exist across the federal government” in order to “maximize coherence, co-ordination, and timely action.”
The committee heard about malware and cyber attacks originating from Russia that have affected Canadian firms, such as the NotPetya attack in 2017 and the 2020 SolarWinds Orion hack, which Global Affairs Canada said compromised more than a hundred Canadian entities.
The MPs feel Canada could do more to prevent these attacks on government agencies as well as private companies, in part by compelling mandatory reporting.
They noted there are few obligations for firms to report cybersecurity incidents that don’t involve a data leak. Last October, the then-head of the Communications Security Establishment, Caroline Xavier, testified that “many organizations don’t report it” when they get hacked.
Witnesses also said that critical infrastructure operators have lax rules compared with European and American counterparts. They also said some fields like port operators lack clear reporting timelines on preventive cybersecurity measures.
The committee wants the CSE to better inform smaller businesses about how to prevent cyber attacks and to provide tax breaks for companies to better protect their data.
Witnesses noted that hackers tend to focus on larger targets, but smaller firms lack protection.
The non-profit Canadian Cyber Threat Exchange reported in May 2022 that 44 per cent of small- and medium-sized enterprises that are members of the organization lacked “any form of cyber-defence” and 60 per cent of these smaller firms had no insurance for cyber attacks.
Print this page