The new Canadian cybersecurity legislation introduces significant amendments to the Telecommunications Act and establishes the Critical Cyber Systems Protection Act. The legislation aims to bolster the security of Canada’s telecommunications infrastructure by adding a new objective focused on safeguarding the system. It grants the Governor in Council and the Minister of Industry the authority to direct telecommunications service providers on actions necessary for system security, including compliance with new orders and regulations, and establishes penalties for non-compliance.
The legislation also introduces an administrative monetary penalty scheme and rules for judicial review to enforce compliance with security directives. Additionally, it amends the Canada Evidence Act to align with these new provisions, ensuring consistency across legal frameworks.
The Critical Cyber Systems Protection Act outlines a framework for protecting vital services and systems crucial to national security and public safety. It allows the Governor in Council to designate services and systems as vital, mandates the establishment of cybersecurity programs for operators of these vital systems, and requires them to mitigate risks, report incidents, and adhere to cybersecurity directions.
This new act also facilitates the exchange of information among relevant parties and enforces obligations with consequences for non-compliance. Overall, the legislation represents a comprehensive effort to enhance cybersecurity and protect critical infrastructure within Canada.
Reference:
