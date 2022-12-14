The Trudeau government’s Bill C-26, which will “regulate private critical cyber systems under federal oversight and stipulate severe penalties in case of non-compliance,” could end up penalizing instead of protecting private businesses, says a new study from the independent think tank the Montreal Economic Institute.
The bill was in second reading as of Dec. 6.
According to an official summary from the federal government, Bill C-26 “amends the Telecommunications Act to add the promotion of the security of the Canadian telecommunications system as an objective of the Canadian telecommunications policy and to authorize the Governor in Council and the Minister of Industry to direct telecommunications service providers to do anything, or refrain from doing anything, that is necessary to secure the Canadian telecommunications system” and “establishes an administrative monetary penalty scheme to promote compliance with orders and regulations.”
The MEI report says that while it is important to make sure computer data is safe, “instead of protecting the cybersecurity systems of private companies, the approach adopted risks bureaucratizing and penalizing them.
“The field of digital security moves quickly, which is not the federal government’s reputation,” says Célia Pinto Moreira, public policy analyst at the MEI and author of the study. “The addition of extra bureaucratic steps will have the effect of stretching out the time between the detection of a computer breach and the sealing of that breach.”
The report adds that “if Bill C-26 is adopted, companies in sectors like banking and telecommunications will have to submit a plan to their respective federal regulatory bodies before being able to make any changes to their digital security infrastructure. In a field like cybersecurity, where attacks happen quickly and are constantly changing form, the addition of an administrative step will slow down the implementation of corrective measures, keeping Canadian companies’ key computer systems vulnerable longer.”
Pinto Moreira pointed out that Canadian companies “invested $9.7 billion in digital security last year—a 41 percent increase since 2019.
“The amounts invested in digital security by Canadian companies clearly show that they are taking this issue seriously,” says Ms. Pinto Moreira. “The federal government would be better off allocating its limited resources to protecting us from malicious state actors rather than micromanaging our companies.”
The full report can be seen at www.iedm.org.
