Canada wants companies to report cyber attacks and hacking incidents
OTTAWA (Reuters) - Canadian businesses operating in critical infrastructure sectors would be required to report cyber attacks to the federal government and would have to fortify their cyber systems under a new law introduced on Tuesday.
The legislation identifies finance, telecommunications, energy and transportation sectors as being vital to national security and public safety, but stops short of naming any companies.
"There was a lot of thought given into identifying which sectors are vital to national security and public safety," Public Safety Minister Marco Mendicino told reporters, adding that operators of critical infrastructure would be identified after consulting the sectors.
The new legislation would also give Liberal Prime Minister Justin Trudeau's government broader powers to secure the country's telecommunications systems against cyber security threats.
"This new legislation ... will help both the public and private sectors better protect themselves against cyberattacks," Mendicino said.
Faster networks like 5G have helped Canada's critical infrastructure sectors to become more interconnected and integrated, but they are also more vulnerable to newer forms of cyber threats, the government said.
Hacking incidents are on the rise, but they remain under-reported because companies are not required under current laws to disclose cyber attacks when they happen, a senior official said.
Bill C-26, which has not yet been debated or passed, would also bar telecom companies from using the products and services of high-risk suppliers, according to a statement from the government.
The statement did not name any companies, but Canada last month banned the use of 5G gear made by China's Huawei Technologies Co Ltd and ZTE Corp to protect national security, joining the United States, Britain, Australia and New Zealand, which have already banned the equipment.
(Reporting by Ismail Shakil and Julie Gordon in Ottawa; Editing by Lisa Shumaker)