The Canadian government has proposed a bill that would force companies to establish or enhance their cybersecurity defences. If not—face expensive fines. In a press release, Marco Mendicino, Minister of Public Safety, introduced Bill C-26, An Act Respecting Cyber Security (ARCS).
As a result, the law would affect the financial, telecommunications, energy, and transportation sectors.
Added security in the Telecommunications sector
Meanwhile, the Telecommunications Act gets an update, most noticeable in the government’s ability to levy expensive penalties for violations. In addition, the government could take any necessary action, including stopping Canadian companies from using products and services from high-risk suppliers.
Furthermore, this legislation introduces the Critical Cyber Systems Protection Act. This act intends to help organizations better prepare, prevent, and respond to cyber incidents.
“In the 21st century, cyber security is national security,” says Mendicino, citing recent Ransomware attacks on major hospitals and large factories.
“This new legislation will ensure that Canada’s defences meet the moment.”
Act Respecting Cyber Security gets new powers
The bill would give the government the power to run audits to ensure the private sector complies. Non-compliance could result in administrative penalties of up to $15 million.
With Ransomware the top threat for businesses, 2022 is a year of astronomical numbers of attacks. Attacks won’t be solely in sectors once the favourite of hackers. These favourites include electrical grids, gas and oil systems, and life-saving hospital equipment. More, including supply chains and low-level operators with connections to higher up the chain.
According to the Honourable Mendicino, cyber incidents above a certain threshold require accountability. “The government will compel companies to respond to cyber threats to protect their customers and employees.”