Security Bill C-26: Commencing The Next Generation of Canadian Telecommunication Security Regulations June 28, 2022July 5, 2022 The Canadian Government has recently begun their efforts to obtain authorization to regulate security practices among telecommunication and other industries such as finance, transportation, and energy. Bill C-26, “an act respecting cybersecurity”, was tabled on June 14, 2022, and introduces the Critical Cyber Systems Protection Act (CCSPA) to supplement Canadian telecommunication security regulations. So far, this bill has only completed its first reading in the House of Commons, and must pass through the rest of the legislative process to constitute law. It looks favorable that the bill will soon make this transition to become a law. If it does it will authorize the Canadian Government to take the steps they deem necessary to ensure a high quality of security in these “vital” services. Before we discuss the implications of these new telecommunication security regulations to be introduced, it is important to make a certain clarification. The focus of this discussion shouldn’t entirely be on whether or not Bill C-26 will become law, but rather that the Canadian Government is taking initiative to implement new legislature in the, previously unregulated, telecommunications industry. This new regulatory movement is unprecedented in the history of Canadian cybersecurity, and so the enactment of Bill C-26, or any other bill of this nature, would be the inception of a new generation of Canadian telecommunication security regulations. There are a variety of implications of this bill. If passed the Canadian Government would exhibit the authority to implement a variety of regulatory standards in the previously listed industries, including telecommunication. This entails that a specific service or product may be deemed prohibited if it constitutes a security vulnerability. The Canadian Government would also possess the ability to perform audits to ensure these standards are being met. Further information regarding these standards has yet to be released. Corporations would be incentivized to comply considering failure to do so would result in administrative monetary penalties of up to $15 million CAD. Additionally under this new bill, any incident, where an act threatens the integrity of, or interferes with, telecommunication security, or operations, must be reported immediately to the Communications Security Establishment (CSE). This is said to be warranted by the Canadian Government considering many attacks were often going unreported, as corporations preferred to dismiss the incidents quietly. Recently there has been an increasing amount of cyber attacks. The magnitude of these attacks as a whole hasn’t been understood in its entirety by the Canadian Government because of this disconnect with corporations. Mandatory reporting protocol is said to mend this problem, as the Canadian Government will possess the data required to view the full picture, and can respond accordingly. Now, regardless of how well a corporation is able to respond to a cyber attack, it will no longer be optional as to whether or not they choose to disclose the incident. These Canadian telecommunication security regulations are an effort to maintain control over the country’s vital services in order to mitigate threats. Now, more than ever, it is important for customers to understand how familiar their telecommunication service providers are with modern cybersecurity. It is in the customers best interest to seek a provider who is proven to excel, and has experience, in the field of security, even before these mandates are implemented. Failure to choose a reputable, or reliable, telecommunications provider can result in harsh repercussions. These repercussions may take the form of disciplinary actions by the government for negligence, or exploitation by a cyber criminal. Telecom Metric offers a secure, cloud based, VoIP service. We are experienced specialists in Canadian telecommunication security. Here are some of our security and support offerings which make us a top telecommunication provider, and which separate us from the rest: Other Related Topics: Choosing a Secure VoIP Provider VoIP Security: Are You at Risk of a Cyber Attack? What Canadian Businesses Need to Know About their Data