Ottawa Revives Critical-Infrastructure Cybersecurity Bill

pexels-kovyrina-3656756

by

Adam Bishop
in , ,

Canadian businesses across telecom, banking, transportation and energy sectors are about to face new, mandatory cybersecurity rules.

Mandatory Cybersecurity Programs and Incident Reporting

  • All “critical” industries must implement formal cybersecurity programs.
  • You’ll be required to report significant breaches or incidents to the Canadian Centre for Cyber Security.
  • New government powers let regulators audit your security posture and issue binding orders.

Enforceable Ban on Huawei and ZTE Equipment

  • The bill amends the Telecommunications Act to enforce Ottawa’s ban on Chinese-owned Huawei and ZTE gear.
  • Innovation, Science and Economic Development Canada can compel telecoms to remove banned equipment and levy up to $10 million in penalties for non-compliance.
  • As of December 2024, only Telus still uses Huawei in its 5G network—and both Telus and Bell run Huawei hardware on their 4G systems.

What Prompted the Push?

  • A joint cyber-threat bulletin from Canada’s Cyber Security Centre and the U.S. FBI warned that the PRC-linked “Salt Typhoon” hacking group likely compromised a Canadian telecom earlier this year.
  • Experts call the legislation “long overdue,” highlighting that critical-infrastructure cyberattacks are as much a national-security issue as land, sea and air threats.

Key Dates and Next Steps

  • Bill C-8 sailed through its early readings in a shortened parliamentary session—expect royal assent before the summer break.
  • Once law, deadlines for removing prohibited equipment will be firmly in place (originally June 2024 for 5G gear and December 2027 for 4G).
  • Even if you’re outside telecom, take note: the spirit of this legislation will trickle down into supply-chain requirements across all critical sectors.

Action Items for Canadian Businesses

  1. Audit Your Infrastructure – Map out where and how you rely on third-party hardware or cloud services.
  2. Strengthen Incident-Response Plans – Update reporting protocols to align with federal requirements.
  3. Engage Legal & Compliance – Review contracts and supplier-management clauses for enforceability under the new law.
  4. Invest in Training – Ensure your IT and risk teams understand new powers granted to regulators.
  5. Stay Informed – Subscribe to CSE bulletins and industry-association updates for evolving guidance.

Protecting digital supply chains is no longer optional—it’s a competitive advantage and a matter of national resilience. By treating Bill C-8 as a catalyst for stronger security, you’ll not only comply with the law but also gain trust with partners, customers and regulators.

Original article courtesy of TheGlobeAndMail.com

Enhance Your Business Security with Expert Cybersecurity Solutions. Click here to learn more and download shawcsIT’s free services overview catalogue.