Philip Stupak, ISC2 Senior Director of Advocacy, urges Canadian lawmakers to act decisively on Bill C-8 to safeguard critical infrastructure and build a skilled cybersecurity workforce.
Philip Stupak, ISC2 Senior Director of Advocacy, recently delivered a compelling testimony in support of Canadian Bill C-8, An Act respecting cyber security, amending the Telecommunications Act and making consequential amendments to other Acts. Stupak emphasized the urgency of building proactive cyber readiness and ongoing resilience during a time in which profound cyber threats transcend borders and traditional defense deterrents.
As the former Assistant National Cyber Director at The White House, Stupak knows the importance of cyber defense and staying ahead of emerging and ever-changing threats, stating that “The boundary between the digital and physical worlds can be breached with real-world consequences.” As he emphasized, however, “Our adversaries are not invincible.” “With foresight, coordination and policy action, we can and must defend ourselves. Bill C-8 is an essential step in ensuring those defenses are in place before they are needed.”
Crucial Facets of the House of Commons of Canada Bill C-8
Stupak’s testimony framed Bill C-8 as a critical step toward developing national cybersecurity resilience. Part 1 of the bill includes amendments to the Telecommunications Act to mitigate supply chain and third-party risks. These measures, he argued, are essential to securing the telecommunications sector as the backbone of every other critical infrastructure. Stupak noted that, “Vulnerabilities in telecommunications are vulnerabilities everywhere.”
Equally important is Part 2 of Bill C-8: a call to create the Critical Cyber Systems Protection Act—an Act respecting the protection of critical cyber systems in the federally regulated sector. This Act establishes minimum cybersecurity baselines across Canada’s most vital sectors. Stupak urged lawmakers to consider expanding the bill’s scope to include federally regulated water systems. He also encouraged “the federal government to work with provincial, territorial, and municipal partners to ensure that critical infrastructure under their jurisdictions received the same level of cyber protections envisioned by Bill C-8.”
Building a Skilled Cybersecurity Workforce
Legislation alone is not enough. Stupak stressed the importance of building a qualified workforce to implement and sustain the cybersecurity protections mapped out in Bill C-8. “Every day, ISC2 is training and certifying the government and critical infrastructure professionals who will be needed to implement Bill C-8. We cannot afford to assume that threats to the Canadian way of life are distant or hypothetical. They're real. They are present, and they demand decisive action.”
According to ISC2 research, 90% of cybersecurity professionals surveyed have one or more skills gaps on their cybersecurity teams. Almost 60% of respondents agree that skills gaps have significantly impacted their ability to secure the organization. Additionally, 58% state that it puts their organizations at a significant risk. Globally, the top technical skills that hiring managers seek are cloud computing security, security engineering, and risk assessment, analysis and management.
It is incumbent upon organizations, legislators and advocates such as ISC2 to work together to ensure the right skills are represented across the cybersecurity workforce. 83% of Canadian organizations use skills tests for entry- and junior-level cybersecurity applicants, according to the ISC2 2025 Cybersecurity Hiring Trends Report.
Stupak concluded his testimony with a clear message: “Responsibility for defending against these threats rests in part with this committee.” He added, “Bill C-8 represents a thoughtful, measured and necessary step toward that defense.”
Check out Philip Stupak’s full testimony in this video.
