New cybersecurity bill to require mandatory reporting of ransomware, other attacks | Q107 Toronto
New cybersecurity bill to require mandatory reporting of ransomware, other attacks
Jim Bronskill The Canadian Press
Share on Facebook
Share on Twitter
Share on Email
June 14, 2022 7:18 am
As we spend more time online and on social media, keeping our profiles and information safe has become challenging—especially with a huge rise in different types of hacking and phishing attacks. It's prompted some cyber security experts to remind people to be more cautious about what they're sharing online and who they trust. As Sharmeen Somani shows us, it's a lesson one woman learned the hard way.
Businesses and other private-sector organizations would be required to report ransomware incidents and other cyberattacks to the government under a federal bill to be tabled today.
The legislation is intended to flesh out Liberal government efforts to protect critical infrastructure following last month’s announcement that Chinese vendors Huawei Technologies and ZTE will be banned from Canada’s next-generation mobile networks.
Read more:
Canada on ‘high alert’ for cyberattacks from Russia, others: minister
At the time, Public Safety Minister Marco Mendicino said the Liberals would table legislation that goes further, taking additional steps to protect infrastructure in the telecommunications, finance, energy and transport sectors.
He said it would establish a framework to better shield systems vital to national security and give the government a new tool to respond to emerging dangers in cyberspace.
Attacks on companies, universities and even hospitals by cybercriminals who hold data hostage in return for a ransom have become alarmingly common.
Some targeted organizations have preferred to pay the fee demanded to try to make the problem go away quietly, making it difficult for officials to get a full picture of the phenomenon.
Mendicino signalled at a recent House of Commons committee meeting that the government was looking at making it obligatory to report such attacks.
Read more:
Canada wants G7 nations to have a quick-reaction cybersecurity team after Ukraine attack
The anticipated measures also include amendments to the Telecommunications Act that would allow the government to prohibit the use of equipment and services from designated suppliers where necessary.
The federal policy outlined in May forbids the use of new 5G equipment and managed services from Huawei and ZTE. Existing 5G gear or services must be removed or terminated by June 28, 2024.
Any use of new 4G equipment and managed services from the two companies will also be prohibited, with existing gear to be pulled out by Dec. 31, 2027.
The government plans other measures that would create a holistic telecommunications security framework, aligning with the approach taken by allies and partners.
Last year, the United Kingdom passed legislation imposing stronger requirements on telecommunications providers to defend their networks from threats that could lead to a failure or the theft of important data.
In March, the U.K. opened a public consultation on draft regulations that outline the specific measures providers would need to take to fulfil their legal obligations, along with a draft code of practice on complying with the regulations.
Jim Bronskill The Canadian Press
Share on Facebook
Share on Twitter
Share on Email
June 14, 2022 7:18 am
As we spend more time online and on social media, keeping our profiles and information safe has become challenging—especially with a huge rise in different types of hacking and phishing attacks. It's prompted some cyber security experts to remind people to be more cautious about what they're sharing online and who they trust. As Sharmeen Somani shows us, it's a lesson one woman learned the hard way.
Businesses and other private-sector organizations would be required to report ransomware incidents and other cyberattacks to the government under a federal bill to be tabled today.
The legislation is intended to flesh out Liberal government efforts to protect critical infrastructure following last month’s announcement that Chinese vendors Huawei Technologies and ZTE will be banned from Canada’s next-generation mobile networks.
Read more:
Canada on ‘high alert’ for cyberattacks from Russia, others: minister
At the time, Public Safety Minister Marco Mendicino said the Liberals would table legislation that goes further, taking additional steps to protect infrastructure in the telecommunications, finance, energy and transport sectors.
He said it would establish a framework to better shield systems vital to national security and give the government a new tool to respond to emerging dangers in cyberspace.
Attacks on companies, universities and even hospitals by cybercriminals who hold data hostage in return for a ransom have become alarmingly common.
Some targeted organizations have preferred to pay the fee demanded to try to make the problem go away quietly, making it difficult for officials to get a full picture of the phenomenon.
Mendicino signalled at a recent House of Commons committee meeting that the government was looking at making it obligatory to report such attacks.
Read more:
Canada wants G7 nations to have a quick-reaction cybersecurity team after Ukraine attack
The anticipated measures also include amendments to the Telecommunications Act that would allow the government to prohibit the use of equipment and services from designated suppliers where necessary.
The federal policy outlined in May forbids the use of new 5G equipment and managed services from Huawei and ZTE. Existing 5G gear or services must be removed or terminated by June 28, 2024.
Any use of new 4G equipment and managed services from the two companies will also be prohibited, with existing gear to be pulled out by Dec. 31, 2027.
The government plans other measures that would create a holistic telecommunications security framework, aligning with the approach taken by allies and partners.
Last year, the United Kingdom passed legislation imposing stronger requirements on telecommunications providers to defend their networks from threats that could lead to a failure or the theft of important data.
In March, the U.K. opened a public consultation on draft regulations that outline the specific measures providers would need to take to fulfil their legal obligations, along with a draft code of practice on complying with the regulations.
