Canada wants companies to report cyberattacks, hacking incidents
Reprints
(Reuters) — Canadian businesses operating in critical infrastructure sectors would be required to report cyberattacks to the federal government and would have to fortify their cyber systems under a new law introduced on Tuesday.
The legislation identifies finance, telecommunications, energy and transportation sectors as being vital to national security and public safety, but stops short of naming any companies.
“There was a lot of thought given into identifying which sectors are vital to national security and public safety,” Public Safety Minister Marco Mendicino told reporters, adding that operators of critical infrastructure would be identified after consulting the sectors.
The new legislation would also give Liberal Prime Minister Justin Trudeau’s government broader powers to secure the country’s telecommunications systems against cybersecurity threats.
“This new legislation ... will help both the public and private sectors better protect themselves against cyberattacks,” Mr. Mendicino said.
Faster networks like 5G have helped Canada’s critical infrastructure sectors to become more interconnected and integrated, but they are also more vulnerable to newer forms of cyber threats, the government said.
Hacking incidents are on the rise, but they remain under-reported because companies are not required under current laws to disclose cyberattacks when they happen, a senior official said.
Bill C-26, which has not yet been debated or passed, would also bar telecom companies from using the products and services of high-risk suppliers, according to a statement from the government.
The statement did not name any companies, but Canada last month banned the use of 5G gear made by China’s Huawei Technologies Co. Ltd. and ZTE Corp. to protect national security, joining the United States, Britain, Australia and New Zealand, which have already banned the equipment.
