Federal government may make reporting cyberattacks mandatory: Mendicino - Action News
Home WebMail Monday, November 11, 2024, 01:37 AM | Calgary | -0.5°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Politics

Federal government may make reporting cyberattacks mandatory: Mendicino

The federal government is looking at making it mandatory for Canadian businesses and organizations to report cyberattacks, says Public Safety Minister Marco Mendicino.

Minister warns of increased risk of cyberattacks from Russia

Public Safety Minister Marco Mendicino addresses a news conference on Feb. 15, 2022 in Ottawa. (Adrian Wyld/The Canadian Press)

The federal government is looking at making it mandatory for Canadian businesses and organizations to report cyberattacks,Public Safety Minister Marco Mendicino said Thursday.

"It's an option that we're considering very carefully," Mendicino told members of the public safety and national security committee.

Mendicino warned MPson the committee that the current international situation has increased the threat of cyberattacks on Canadian businesses, organizations and different levels of government.

"I cannot emphasize enoughhow important it is that in the current geopolitical environment ...we are very much on high alert for potential attacks from hostile state actors, like Russia," he said.

The minister said those attacks"could manifest through cyberattacks, through ransomware, which look to identify potentially valuable targets to Canadian interests, like critical infrastructure, but equallyto subnational targets, different orders of government and other sectors of the economy."

Mendicino said that since thegovernment created the Canadian Centre for Cyber Security, it has been sharingcyber threat information with owners and operators of Canadian critical infrastructure. The federal government alsohascreated a special unit within the RCMP to coordinate police operations against cyber criminals.

Mendicinowas questioned by NDPMP Alistair MacGregoras the committee continued its hearings onCanada's security posture in relation to Russia.

MacGregor said the committee has heard from some witnesses who have called for mandatory incident reporting.

"Sometimes businesses are loath to report that they have been held hostage by ransomware," MacGregor told Mendicino. "They find it's easier to pay off the person, not report it. Also, there can be a threat for further damages if they do in fact report to the authorities.

"If we don't really know the full scope of the problem, if some businesses are keeping this in-house, what steps are your government taking to maybebring in a mandatory reporting requirement...?"

The threat is rising, says government agency

The Centre for Cyber Security has issued a number of bulletins warning Canadians of the potential for cyberattacks by Russian state-backed actors who may try to assault critical infrastructure, such as electricity systems.

In its National Threat Assessment 2020 report, which laid out its predictions for the next two years, the centre said the number of bad actors isrising and they're getting more sophisticated. It warned of a potential increase across Canada incybercrime, ransomware attacks and commercial espionage particularly against Canadian businesses, academic institutions and governments that may have proprietary information.

"Canadian organizations of all sizes, such as small and medium-sized enterprises, municipalities, universities and critical infrastructure providers, face a growing number of cyber threats," the centre wrote in its report.

"These organizations control a range of assets that are of interest to cyber threat actors, including intellectual property, financial information and payment systems, data about customers, partners and suppliers and industrial plants and machinery."

Ransomware payments getting larger, report says

The value of ransomware payments is also on the rise, the centre warned.

"Ransomware researchers estimate that the average ransom demand increased by 33 per centsince Q4 2019 to approximately $148,700 CAD in Q1 2020 due to the impact of targeted ransomware operations," said the report. "At the more extreme end of the spectrum are multi-million dollar ransom events, which have become increasingly common."

Groups like the Canadian Federation of Independent Business (CFIB) say the government should focus on providing information and improvingpolice services instead ofmaking reporting mandatory.

"Businesses can already report cyberattacks," said Jasmin Gunette, vice-president of national affairs for the CFIB.

"Forcing them to do it will not result in fewer attacks it will mean more work and red tape for businesses. Some of them don't want to report cyberattacks, fearing their additional consequences."

Add some good to your morning and evening.

Your weekly guide to what you need to know about federal politics and the minority Liberal government. Get the latest news and sharp analysis delivered to your inbox every Sunday morning.

...

The next issue of Minority Report will soon be in your inbox.

Discover all CBC newsletters in theSubscription Centre.opens new window

This site is protected by reCAPTCHA and the Google Privacy Policy and Google Terms of Service apply.