The Canadian government’s proposed Bill C-26, the Critical Cyber Systems Protection Act (CCSPA), is under discussion, with experts emphasizing its urgent need to bolster cybersecurity among critical infrastructure providers. However, the bill’s progress has been hindered by parliamentary delays and debates on unrelated topics.
David Shipley, CEO of Beauceron Security, highlighted that Canada lags behind its allies in protecting critical infrastructure firms. He suggested several refinements to the bill, including allowing companies to raise a “due diligence” defence, removing personal liability for employees, directors, and officers, ensuring regulators enforcing the CCSPA have the necessary cybersecurity skills, and limiting the amount of sensitive data regulators can collect.
The proposed law, which would amend the Telecommunications Act and apply to other critical infrastructure providers, aims to create a cybersecurity compliance regime for designated federally regulated firms. This includes an immediate reporting requirement for cyber incidents to the Canadian Security Establishment (CSE). The ongoing discussions underscore the importance of robust cybersecurity measures in protecting national infrastructure.
In conclusion, the proposed Bill C-26, the Critical Cyber Systems Protection Act (CCSPA), is a crucial step towards strengthening Canada’s cybersecurity infrastructure. Despite facing parliamentary delays, the bill’s importance is underscored by the urgent need for robust cybersecurity measures. The suggestions for refining the bill, such as allowing a “due diligence” defence and ensuring skilled regulators, further highlight the need for a comprehensive approach. The bill aims to create a compliance regime for federally regulated firms, emphasizing the importance of immediate reporting of cyber incidents. This ongoing effort underscores the critical role of cybersecurity in safeguarding national infrastructure.