Canada to penalise critical infrastructure companies with weak cyber defences

The Canadian federal government has tabled a bill that will make reporting cyber attacks mandatory for businesses operating in the critical infrastructure sectors.

The legislation identifies finance, telecommunications, energy and transportation sectors as being vital to national security and public safety but stops short of naming any companies.

According to a statement from the Canadian government, Bill C-26, which has not yet been debated or passed, also aims to bar telecom companies from using the products and services of high-risk suppliers.

Canadian Public Safety Minister Marco Mendicino added that operators of critical infrastructure would be identified after consulting the sectors.

"This new legislation ... will help both the public and private sectors better protect themselves against cyber attacks," Mendicino told Reuters.

In a statement, a senior official of the Canadian government further explained that hacking incidents are on the rise, but they remain under-reported because companies are not required under current laws to disclose cyber attacks when they happen.

"Faster networks like 5G have helped Canada's critical infrastructure sectors to become more interconnected and integrated, but they are also more vulnerable to newer forms of cyber threats," the senior Canadian government official stated.

The new legislation would also give Liberal Prime Minister Justin Trudeau's government broader powers to secure the country's telecommunications systems against cyber security threats.

The statement did not name any companies, but Canada last month banned the use of 5G gear made by China's Huawei Technologies Co Ltd and ZTE Corp to protect national security, joining the United States, Britain, Australia and New Zealand, which have already banned the equipment.