2006 issue [current-page:url:args:value:2]


American College of Radiology - Radiological Preparedness Guide

(November 2006) This primer is intended to serve as a quick reference in the event of a radiation disaster. It summarizes information on preparing for a radiation emergency, handling contaminated persons, dose assessment and radiation exposure health effects. It also includes information on radiological findings related to agents of biological and chemical terrorism because radiologists may be involved in the diagnosis of conditions associated with such exposures. References are listed to develop more in-depth knowledge.This primer is intended to serve as a quick reference in the event of a radiation disaster. It summarizes information on preparing for a radiation emergency, handling contaminated persons, dose assessment and radiation exposure health effects. It also includes information on radiological findings related to agents of biological and chemical terrorism because radiologists may be involved in the diagnosis of conditions associated with such exposures. References are listed to develop more in-depth knowledge.



UK: Borders, Immigration and Identity Action Plan


(December 2006) This report uses the National Identity Scheme to strengthen borders of the United Kingdom and enforce compliance within the UK.



Homeland Security in the Digital Age
© 2015 FrontLine Defence (Vol #, No #)

Cyber crime is an asymmetrical threat that requires defenders to have the right tools and a greater ability to collaborate across traditional boundaries.

Traditionally, a nation under attack defends itself at defined perimeters of land, sea and sky. Now, the growth of digital technology has pushed homeland defence beyond these boundaries into the virtual plane where the Internet is a continuously morphing front.

Financial services, energy, transportation, emergency services, food production and health care industries all rely on computers and digital information exchange, as do governments. All are susceptible to hackers, viruses and worms that can cripple computer networks, and expose critical data to misappropriation.

Last year, a security breach at a payment processing company enabled a hacker to defraud at least 264,000 Visa and MasterCard account holders, according to evidence gathered in the case to date. Foreign intelligence agencies and organized crime have hacked Canadian targets such as the Prime Minister’s Office, the departments of Foreign Affairs and National Defence, and the central bank, “mining” information deemed to be of value.

Such high-profile attacks against government and corporate networks have proliferated over the past few years. The growing incidence of malware and online fraud indicates that organized crime syndicates and terrorist cells are using the pervasiveness and anonymity of the Web to wage war against specific targets. Furthermore, international money laundering investigations have uncovered links between radical power agendas and illicit income from cyber crime, which the FBI estimates has cost the global economy about US$400 billion in 2004.

Lines between criminal and terrorist groups operating on the Internet are blurring. Criminal elements are not only using technology to their advantage, they are also forming illicit partnerships and ­sharing information. This puts legitimate society in the uncomfortable position of having its own tools used against itself. Public and private organizations are therefore natural allies against a shared enemy that seeks to corrupt the digital infrastructure vital to our global economy.

Public-Private Partnerships
Partnerships are one of the five “Ps” of the holistic security approach that has become essential to fend off asymmetrical attacks on the digital front. Working in tandem with the other four elements – policies, processes, people and products – partnerships have proved crucial to achieving an end-to-end security solution that helps ensure networks are continually protected. Together, the five “Ps” form a security framework where the whole is not only greater than the sum of its parts, but each part must be approached as a whole as well.

Policy sets a solid security foundation in place, and defines responsibilities and expectations. Processes are measures that assist in implementing policies, such as compliance inspections or vulnerability assessments. The people aspect involves education and training, so individuals within businesses and government understand their roles and responsibilities regarding computer security.

Products deliver security safeguards through built-in or added features such as firewalls and user authentication. Partnerships – either with vendors, consultants or peers – enable people to share experiences and develop standards based on what works.

With public-private partnerships to encourage best practices, the other steps toward manageable security include:

  • Identify elements that are crucial to the business of the organization;
  • Identify network security threats;
  • Select comprehensive safeguards to address these threats;
  • Measure deployed safeguards to ensure their effectiveness;
  • Encourage information sharing, and facilitate security best practices; and
  • Advise all when there is a breach and/or a remedy.

Government Collaboration
In addition to partnering with the private sector, all levels of government should work together to address homeland security solutions. Traditionally, such collaboration has been hampered by red tape and internal policies that limit the sharing of information on a “need-to-know” basis.

However, the growing number of terrorist attacks proves that malicious users are routinely co-opting technology to share information. Events such as the London bombings and 9/11 are precursors to command and control attacks that blend cyber terrorism with physical terrorism to simultaneously disrupt critical economic infrastructure. Governments must become equally or, preferably, more technologically adept than cyber criminals in order to safeguard against such attacks.

Many governments are now working to become more efficient and effective in addressing threats to national security, economic strength, and public safety through cooperative projects and information sharing. Effective collaboration is focused on computer incident response, attack mitigation, and citizen outreach.

For example, the Canadian federal government is taking steps to protect the country’s critical infrastructure by establishing the Canadian Cyber Incident Response Centre (CCIRC) in Ottawa, as a focal point for dealing with cyber security threats. The agency has been given a ­central role in security operations, with a focus on information exchange between with the private sector and other levels of government. This includes sharing ­operational information, such as incident reports and summaries from various ­jurisdictions defining the types of threats they are seeing, and information about possible new threats on the horizon.

Crisis Response Tools
Technology is evolving to support this essential sharing of information. In the context of holistic security, the “products” element of the equation helps to strengthen the “partnership” and “people” elements by providing the necessary tools for crisis mitigation and response. Web services security, the virtualization of data storage, and federated identity management, which recognizes single users across multiple shared networks, are some of the technologies underpinning government collaboration.

Partnering with companies in the technology sector is helping Defence Research and Development Canada (DRDC) develop innovative products that support Canada’s military personnel and national defence operations. In its most recent annual report, the agency put the value of collaboration with industry at $40.1 million dollars for the fiscal year in 2003-2004.

Among other things, DRDC is developing a computer program in conjunction with Concordia University to calculate the Radar Cross Section (RCS) of Canadian Forces platforms. The ability to model a ship’s RCS can be used to minimize its signature, either at the design stage or by applying patches of radar absorbent material to hot-spot areas that are prone to reflection. This research will ultimately provide Canadian ships with greater protection from detection by unfriendly forces.

Communications technologies, such as voice-over-IP, and video-enabled mobile computing devices, are also becoming valuable rapid response tools during crises. Police ­officers and firefighters can use these capabilities for instant access to information, or to remotely view the scene of a crime or disaster.

Web services are enabling collaboration across wide geographic areas to help restore order in the aftermath of a disaster. For example, Info-Share – a Sri Lankan non-profit organization that uses technology for conflict transformation and virtual negotiations – has created an online repository of information and virtual ­volunteers as a locus for coordinating humanitarian and logistical efforts following the 2004 Asian tsunami.

In the digital era, security is a constant battle that requires both diligence by organizations and collaboration across multiple government and business stakeholders. With a comprehensive security strategy in place, strengthened by solid partnerships and access to the right tools, society will be better prepared to meet attacks that threaten homeland defences on the virtual front.

John Weigelt is the National Technology Officer for Microsoft Canada. John is responsible for advocating the technical needs of local government, education and academic agencies to key Microsoft stake­holders at a regional and corporate level.
© FrontLine Security 2006



Editor's Corner
Your National Security Voice
© 2006 FrontLine Security (Vol 1, No 1)

I am very pleased to launch FRONTLINE SECURITY in the wake of the change in our national Government. One of the elements that we believe was called for in this change is a clearer and more knowledgeable debate of broader national security issues and their impact on our well-being and democratic society. Our magazine has been designed to offer such a national voice to this debate in a more security-conscious Canadian society. Just as Julian Fantino says of Emergency Preparedness in his interview in this issue, our own magazine is also “a work in progress.”

We trust that the present National Security Policy will evolve into a more concrete National Security Strategy and, in several of our articles in this issue, we propose, quite clearly, key and pertinent realms where better results can and should be obtained from our investments in national security.

These are examples of the type and tone of issues that we intend be debated in this magazine. For government practitioners at all levels, for industry and for policy and academic centres across the country, it is important to us, and, we trust, to you, that FRONTLINE SECURITY become for Canada the premier forum for the debate of current policy, techniques, innovations and concepts in all national realms of security likely to affect the safety of our fellow citizens.

It is our intent, for this and all ­editions of FRONTLINE SECURITY, to reach the most senior personnel in government, industry and services, and the public safety, security and enforcement agencies, such as: municipal and provincial governments; Police, Fire and Ambulance Services; federal departments and agencies (such as Public Safety; RCMP; Coast Guard; CSE; DND; Canada Border Security; Transport Canada; Health Canada; DFO; etc.); senior industry executives; and Members of Parliament and the Senate.

Our aim is to encourage among our readers serious discussion that, of itself, will help and influence those charged with the security and the public safety of our citizens to keep abreast of risks, innovations, shortcomings and solutions.

For each issue we will have regular department reports on one or more of the following: Emergency Management, Communications, First Responders, BioSecurity, Medical, Mass Transit, Resource Preparedness, Border Security, Cyber Security, and Economic Security.

We also seek and encourage contributions, advertising and comment in all realms of security – from broad policy to the “real today” solutions.

Here are the issues that we have ­targeted for the coming two years. The list, though long, is by no means exhaustive and new ideas are not only welcome but avidly sought.

Global Issues & Policy Development
Root causes and management of threat risks • impacts of technology and/or globalization • environmental issues relating to biological weapons, WMD, health crises • global impacts, implications and issues of national policies • Emergency Management • municipal, provincial and national security structures and alliances • risk analysis, mitigation and business continuity • security coordination between departments, across jurisdictions, and with allies.

Safety & Security: Threats and Responses
Natural disasters, environmental emergencies • timely intelligence sharing • implications of new capabilities, weapons, and tactics • rogue states • instability: civil strife and the breakdown of ­organized government • biometrics • emergency response systems and resources.

Security & Enforcement
Border issues • capabilities: personnel, organization; equipment; and weapons • policy and doctrine • strategy and tactics • missions, operations and exercises • equipment and technology • relationships between missions and capabilities • trends, challenges, regulations & developments • management, cooperation & interoperability between organizations & jurisdictions.

Public Health & Safety
Global health, defence and safety challenges • health crises and response issues relating to WMD, biological weapons and pandemics • biotechnology for health & safety • HR management in a pandemic.

Critical Infrastructure
Logistics, transportation and delivery relating to emergency response • business resilience and continuity • cooperation between organizations and jurisdictions • emergency ­preparedness for mass transit systems • security for critical utilities • business case for security preparedness.

Leadership, Management & Teamwork
Interviews & profiles of innovative ‘frontline’ leaders • trends and approaches in leadership and management; increasing use of teamwork; management methods and initiatives • leadership and management of safety and security organizations which are increasingly knowledge-based.

Mission critical interoperability • emergency communication technologies • cooperation between first responders • radio frequency ID and innovative warning systems.

Cyber Security
Strategies for applying information technology • examples of IM/IT applications in safety & security • safety, security and enforcement as leading users of technology • management of corporate information (critical database and electronic document management) • IT security and electronic operations • use of the Internet • methods, improvements, impact • R&D • S&T • knowledge management as a means of managing and improving security.

Learning, Training & Competencies
Large scale multi-disciplinary simulations and exercises • leadership and skills development • training programs &innovations • training and learning as an investment • innovative approaches: rotational assignments, peer learning, action research, learning networks, joint education/training programs • cooperative, joint, and multinational training • ­collating and sharing lessons learned.

Finance, Economic Security and Accountability
Financial management and budget issues • program integrity • procurement procedures, practices, and reform • measurement and tracking systems; enterprise secure resource planning • liability and brand protection • performance management • accountability and reporting to parliament and the public.

Human Resources
Crisis response • motivation and morale • recruitment & retention • analysis & mgmt • diversity • physical and mental health.

First Responders
Emergency response challenges & solutions • equipment and technique sharing • technology • cooperation & interoperability • training and multi-level exercises.

FRONTLINE SECURITY hopes that you will enjoy this first edition. We are open for business and look forward to your contributions. Together, may we face all threats realistically and do our share to make our part of the world less threatening to all citizens.

If you have questions, comments or suggestions, please address them to me at caddy@frontline-canada.com  

Clive Addy, Executive Editor
© FrontLine Security 2006



Editor's Corner
Our National Security Investment
© 2006 FrontLine Security (Vol 1, No 2)

Over four and a half years have passed since 9/11, over two since the creation of Canada’s Department of Public Safety and Emergency Preparedness, over two from the Madrid train bombings, and nearly one since the London subway attacks. Spurred into action by these horrific events, over $9.5 billion was announced by the past government in our first National Security Policy, aimed at improving the overall security of Canadians.

Just prior to Canada’s recent federal ­election, then Minister of Transportation, Mr. Lapierre and Deputy Prime Minister, Mrs. Anne McLellan announced additional steps, including funding of $110 million, for an Immediate Action Plan (IAP) to enhance the security of Canada’s passenger rail and public ­transit systems. This proposed new investment may not have seemed a ­significant amount, but in fairness, it was a respectable start to protect this obviously very vulnerable element of our open and urban society.

Much consultation took place to determine what was called a “targeted, risk-management approach” to arrive at the five components of the announced “Action Plan”:

  • Creating a new passenger rail and public transit security contribution program called RideSecure, focused on commuter rail, subway and major transit systems.
  • Enhancing Transport Canada’s ability to provide security expertise and specialized technology assessments and to coordinate development and sharing of best practices with its partners in rail and public transit security.
  • Allowing domestic ferry security enhancements to be eligible for funding under Transport Canada’s Marine Security Contribution Program.
  • Conducting mass transit emergency preparedness exercises to be led by then Public Safety and Emergency Preparedness Canada in collaboration with key jurisdictional stakeholders.
  • Creating a new a new Mass Transit Task Force on intelligence, policing and response.

What is not clear at this point, is where and if the money allocated to the IAP will be spent and, more pertinently, what position Ministers Day (Public Safety) and Cannon (Transport) and the new government are taking in this ­matter.

Then Minister McLellan stressed at the time, the challenges of intelligence-sharing and the need for a “unified whole that is focused on Canadian safety, security, and the government’s preparedness in times of emergency.” She also underlined the very real difficulties of intelligence sharing. This challenge exists not only at the federal inter-departmental level. The Minister said then that the job is incomplete until “everybody in … government has got the message that they don’t get to keep their intelligence to themselves... they must share it through integrated threat assessments that are sent out across the land. We still have some way to go there”.

This free flow of vital information is also lacking at the municipal leadership and first responder level. For example, much information (some say: “most information”) does not reach the very people who need and can actually do something with it. Recent security challenges such as dangerous cargo handling, apprehending dangerous criminals, reacting to dangerous weather patterns, energy black-outs, and the handling of potential pandemics offer many examples where information is not reaching those who can use it in time to increase security and decrease worry.

If an effective level of overall national security and emergency preparedness relying on timely information exchange is to be achieved, the Government must rid itself of its overly restrictive “need to know” criterion. It must be replaced, I submit, with an attitude that deems to inform the greatest number as quickly as possible without impeding success or causing panic: a “should inform all” ­criterion.

The normal tendency to focus on perfecting the information sharing “process” within departmental silos must be seriously curbed and a culture developed that supports and encourages a broader information exchange at the base between responders from a variety of contributors, partners and departments. Here true progress could be measured and the investment in security really could pay visible dividends in saved lives.

On 22 November 2005, in her report on Matters of Special Significance, the Auditor General of Canada specifically addressed this in the context of security, when she said: “I encourage parliamentarians and the government to pay more attention to the management and accountability of initiatives that cut across organizational boundaries. Current practices tend to reinforce a narrow silo approach, rather than a broader corporate view of government responsibilities.”

Moving away from the federal responsibilities, we note that response to 95% of emergencies, be they to terrorist, man-made or natural disasters, occurs at the first responder/municipal level. It is there that leadership, efficiency and compassion must be shown first and foremost, for any real “progress” to be perceived. Mayor Giuliani of New York was the leader whom all others supported on 9/11. Who will be “front and centre” in Toronto, Montreal, Vancouver or Halifax when a crisis occurs?  How should he or she be supported to succeed?

Is it not reasonable to assume that it is at this level that the hardest work and greatest investment should first be undertaken? Federal assistance at that level includes such promising measures as the Joint Emergency Preparedness Program (JEPP), Heavy Urban Search and Rescue (HUSAR), and the Chemical, Biological, Radiological and Nuclear (CBRN) protection programs. However, even these are judged to be too burdened by tortoise-like bureaucracy, and approved grants are often deemed subject to dubious risk and cost analyses.

The private sector is also very much at the sharp end when it comes to critical infrastructure. Documenting what real “progress” has been made in securing the cooperation of, and reassuring, the various commercial sectors, such as energy or light rail, would serve as a meaningful measurement. How much more secure is our infrastructure since the past government expressed concern in its November 2004 Position Paper on a Critical Infra­structure Strategy? What is the view of the present government?

Security and emergency preparedness are complex issues but, if we continue to dedicate resources to bloating silos rather than helping at the sharp end, it will be years before one can honestly say: “we have made progress, Canadians are more secure” rather than repeating the tired mantra: “we have invested X dollars in this new process that (will/may/should) produce better results in Y (months/years) …details to follow…”

For progress to be real and visible, our people at the borders have to be given the tools to identify and arrest the next Ressam, no matter in what direction he or she is traveling; our municipalities need the resources to practice and feel confident that they can handle major natural disasters, man-made crises, terrorist acts and public health challenges (change to emergencies?); and our privately-owned critical infrastructure companies need to know that they are effectively and legally fulfilling their security obligations. That is the kind of action and confidence that will signal real progress.

Most major security and emergency practitioners recognize these realities and point out that training and exercises constitute the vital bond that provides the cohesion and effectiveness when an emergency occurs. As the former minister said: “Training and exercises [are] key to being prepared to deal with emergencies of any kind…That means your first responders, almost all of whom are at the local government level, have to be well trained and well equipped.” So let’s do it!

Many questions remain for Canadians and their new government. For instance:

  • On what, exactly, has the over $9 billion in federal money been spent?
  • How much security has it bought?
  • How do we measure and sustain any security improvements in which we have invested
  • How, for instance, does the need to “enhance Transport Canada leadership, expertise and coordination” in surface transport security at a cost of $19 million constitute a better security investment than a decision to add that amount or a major part of it to the $80 million that would be used to actually enhance passenger rail security measures based on risk assessments?
  • What is the status of the promised “Transportation Security Strategy”?
  • How do these fit into the Canada/ US/ Mexico agreement on “Security and Prosperity Partnership of North America” recently discussed at the highest leadership level?

Canadian taxpayers are contributing an extraordinarily large amount of money at all levels to the improvement of their security and emergency preparedness. They hope that governments and other agencies responsible for planning and executing whatever measures are put in place are indeed focusing on making “progress.” It would thus behoove governments at all levels to produce and provide regular “progress” reports to the public. After all, national security and emergency prepared­ness measures are being designed at our expense and for our benefit. Show us how!  

Clive Addy, Executive Editor
© FrontLine Security 2006



Editor's Corner
... What War on Terror?
© 2006 FrontLine Security (Vol 1, No 3)

In this fickle Canada of six-month business plans and two-year governments influenced by the latest polls or stock-market prices, and where “second quarter results” are used as an indication of long term profitability, and “reality” TV is ­distracting us from the dangerously true reality, are we ready for a necessary, ­difficult and prolonged commitment to... anything? Is there the pragmatic ­realization that we are now at war… really?

Are we still so anti-Bush and anti-American as to naively believe that it is their fault that Al Qaeda, Hezbollah and other radical terrorists continue to ­conduct suicide bombings and other indiscriminate terrorist acts around the world? Do we really think that, by being passive and hypercritical of the U.S., we will be immune to similar acts of ­violence? I could list the incidents before and since September 11, 2001, but many Canadians would still believe we are safe, and that our closest neighbour, our most important trading partner, and the most powerful democratic nation in ­history has “brought this all upon itself.” Utter balderdash! Irresponsible and un­informed thinking!

Prime Minister Tony Blair of the UK stated earlier this year, with regards to the present struggle in the world, “it is not just about security but about values and modernity – whether to be at ease with it or enraged by it. There is a need to win the battle of values. This is more than a struggle against those who hate us, but with those who question motives – and whether values are applied selectively. There is a need for a global alliance in support of those values. Terror won’t be defeated until it is acknowledged that it has deep roots, and that it assumes that democracy is a Western concept being forced on an unwilling Islam. Iraq and Afghanistan are struggling to be free of oppression, ­stagnation and servitude. Muslims need to clearly say that democracy is as much their right as ours – so that people of different cultures and faiths can live together. To support such shifts requires an active foreign policy. It is not always easy working with U.S. – but anti-American feeling is madness when set against long term interests of the world we want. The danger with [the] U.S. is that they might chose to ­disengage.”

There are still some in the USA with a strong penchant towards the Monroe Doctrine that would see the U.S. isolate itself. This would be tragic, as it was in WW2 when it delayed American involve­ment at a time when their support was vital. Their involvement is still as vital in this war, as I suggest is ours.

Remember that following 9/11 we, along with all other members of NATO, unanimously applied Article 5 for the first time in its history, and agreed “that an armed attack against one was considered an attack against all.” All agreed to ­exercise of the right of collective self-defence, recognized by Article 5 of the Charter of the United Nations. All NATO nations recognized the Taliban government in Afghanistan as an aggressor for its harbouring and support of Al Qaeda, the terrorists who downed the Twin Towers. Were we at war then… did we know it? Was it made clear, or was the truth a little inconvenient at the time? What kind of war is it?

As J.R. Dunn wrote in March 2006, “What happened on 9/11 was not an earthquake, over and done quickly, but a long, slow and complete reshuffling of the tectonic plates that comprise human civilization; something comparable to the deaths of empires and the passing of eras. Such events are not over in a day, or a year, or a decade. They take their time. And when it ends at last, the world will be a different place, in ways that we now have no way of knowing. But the part we have played in it will, in some shape or form, match our position when it’s all over, American or European or Arab, Muslim or Christian or Secular.”

We are still amid early days, roughly the days of Midway and Guadalcanal and El Alamein in a previous great struggle. “Not the beginning of the end,” as Churchill put it, “but the end of the beginning.”

This “reshuffling” is taking place at all levels. From the way operations are conducted against an enemy who uses the suicide bomb at the tactical level and destroys his own citizens to discredit authority and impose a medieval regimen on his people that violates the basic UN Human Rights Charter, to the grand ­strategy level of countering the radical extremist aim of world dominance. What would result from weapons of mass destruction and major energy resources in the hands of such people? What causes people to do these things? Is it not in our interest to counter this threat to our very values and prosperity? In a recent workshop (Dissuading, Deterring, Defeating and De-legitimizing the Suicide Bomber Threat) conducted at the U.S. Central Command, it is interesting to note the ­following conclusions submitted to the Commander, General Abizaid:

“Suicide terrorism is a relatively new tactic, but Islamists believe it has proven to be a highly successful tool for pressuring the United States. Pointing to the fallout from the 1983 U.S. Marine barracks bombing in Beirut, the 1993 Battle of Mogadishu, and the 2004 Madrid bombings, the terrorists see what they believe is a pattern of U.S. and allied withdrawal from conflict as a result of unacceptably high casualties and the domestic outrage they prompt. Suicide terrorists believe that the level of casualties produced by suicide attacks and the high profile such attacks are afforded in the local and international media will eventually trigger a U.S. withdrawal from the Middle East. Remaining firm, not retreating militarily, avoiding major policy shifts in response to suicide attacks, and empowering Islamic moderates with the tools they need to get their case persuasively across, therefore, is the only way to demonstrate that suicide terrorism will not achieve the goals desired by the Islamists.”

Contrary to the “shock and awe” and “quick in and extraction strategy” of others in recent times, this very realistic deduction was also contained in the report:

“In the aftermath of Operation Enduring Freedom, it has become apparent that the United States needs to think more carefully, as well, about “stability operations” and “nation-building tasks,” both of which many military planners have viewed as diversions from their primary missions… including the building of schools, providing electricity, clean water, and sewage systems, and fostering local business development, employment, and infrastructure improvements, (that) could be initiated and broadened, and used to reduce the terrorists’ appeal.”

Have Canadians been affected? Indeed they have. To understand our government’s stand on terrorism, one can read the August 1, 2006 testimony of the Honourable Peter McKay, Minister of Foreign Affairs, speaking before the Parliamentary Committee on the crisis in Lebanon, where 13,052 of a possible 40,000 were evacuated:

“The people of Lebanon must not be held hostage to the actions of extremists from an organization that many nations have designated a terrorist group. Hezbollah and those who support it must recognize the desire of everyone in Lebanon to lead normal and secure lives” … “Let me be clear. It’s not our intention to shift the blame from the extremists who caused this violence and [those] who want it to continue. Hezbollah – listed in this country as a terrorist organization, a terrorist army – which is the party that started this crisis, has a minimum obligation to now cease its actions, its assaults on Israeli positions, and return those soldiers. Everyone agrees there has to be an end to the bloodshed and the carnage in Lebanon. It appears there is no one who wants this to continue, with the exception of the terrorists. They initiated the violence and they oppose peace in principle.”

Yet on 15 August, masses celebrated in Syria and Iran the UN cease-fire as a Hezbollah victory, just as they cheered the downing of the Twin Towers and drummed up death threats over cartoons.

Are we officially at war against terrorism? Though Canadians and their government are loath to admit such a depressing reality, reticence will not make the situation any less real or pressing. Though all would wish to see the situation in the Middle East resolved by negotiation and robust oversight, one must realize that this does not account for the actions of terrorists elsewhere in Indonesia, India, Chechnya, Somalia again, Europe, and even in Canada.

Democracies of the world are at war against fundamentalist terrorism. Formal recognition of this fact will make it easier to obtain support from Canadians for the protection of our people, values and interests. It will be a long war and will require commitment and support from all democratic states of the world. Our children need this commitment as much as health care for their future well-being. It is important to know who we are fighting against, yet it is more critical to know what we are defending, and how.

I welcome the Minister of Foreign Affairs to voice the opinion of our gov­ernment regarding this “war” in our next edition of FrontLine Security.

Clive Addy, Executive Editor FrontLine Security magazine
© FrontLine Security 2006



Editor's Corner
Borders and Biometrics
© 2006 FrontLine Security (Vol 1, No 4)

The theme of this issue is very pertinent as it follows on the heels of recent ­pronouncements by Prime Minister Harper in Vancouver this summer and by U.S. President Bush in September. As part of the Western Hemisphere Travel Initiative, there is need for a great and mutual effort on all sides to ensure the free and expeditious flow of legitimate persons and goods between our two countries. This implies a mutual trust in agreed identification systems for these persons and goods. Secondly, in this time of the “new security reality,” there is the duty of both countries to ensure that proper screening systems exist, to the mutual satisfaction of each, to thwart the passage of illegal persons and goods between our two countries.

What of this historic “longest undefended border in the world” that we both shared, idealistically, for so long? Well, as has been made clear by 9-11 on one side, and the serendipitous but very fortuitous capture of Canadian refugee-terrorist Ressam on the Washington State border six years ago… “the times they have-a-changed.”

Regrettable though this is to many, we are certainly not alone. On 10 November a declaration by usually silent Dame Eliza Manningham-Buller, the Director General of the Security Service, MI5, in the UK made us shockingly aware of this again. She admitted to “dozens of plots to kill people and damage the British economy, with 200 networks and over 1,600 individuals currently under investigation.” Most of these are “home-grown.” Indeed our own Director of CSIS, Mr. James Judd addressed a parallel security concern of organized crime in late October. He noted that “the editor of the publication Foreign Policy authored a book on contemporary international organized crime, noting that some estimated that this activity was now generating revenues equal to 10% of global GDP. In addition, he went on to highlight the corrosive effect that the corruption associated with this phenomenon was having on public institutions, to the point of criminalizing whole governments in some countries.” On the other hand, the Director also stated that: “National borders are only peripherally relevant to the vast majority of threats we deal with now, or to the risks to Canadians, at home or outside Canada.”

On reflection then, we are very much in this “new security reality,” where we must let neither the terrorist nor criminal jeopardize our security and prosperity, nor should they cause us to compromise our values. For a sovereign Canada, so reliant on exportation and immigration for its wealth, securing its border becomes an important security imperative – but how important, and to whom?

We lead off this issue with an excellent examination by Tanya Miller of the RCMP’s participation and collaboration with US and Canadian agencies particularly the operation of the revitalized Integrated Border Enforcement Teams. We follow this with a presentation by the Canadian Border Service Agency on where and how they see us adapting to this security challenge. We are also privileged to have a spokesman for the frontline agents of this agency, Mr. Ron Moran, who gives us the Customs and Excise Union (CEUDA) memberships’ perception of the way ahead. Both deal with the major change from a largely customs, revenue and immigration agency to a modern law enforcement agency along our borders, at our 1065 ports of entry and the many unguarded miles in between.

It is unrealistic to contemplate a solid continuous physical wall, hoping to deny the flow to unauthorized persons and goods. The expense for such an enterprise would indeed be foolhardy and crippling, let alone useless. It would also cause unnecessary delays and procedures for those people and goods that are legitimately entitled passage. Enter technology and its shiny new child: biometrics.

There are biometrics that will confirm the identity and bona fides of legitimate persons and goods, such as NEXUS and CANPASS. There are also biometrics that will “look-out” and identify known potential criminals and terrorists from biometric, data-based and real-time watch lists and photos, and other technical detection means for destructive and illegal materials. All will help to deny them both passage. Sounds simple… but is it? Sounds acceptable… but is it? Sounds necessary… but is it?

To do this the government must team with industry, particularly the technological and biometric industry in our view, and this attitude needs much more work. We are not alone to see the need for improved dialogue, as the comments by Harold Bottoms attest.

We will let you reflect on this and the technology that surrounds it. Technology scares some and we have articles by both Catherine Johnston and Jim Robbins on the Security/Privacy debate surrounding Information Technology that provide fresh optics on the reality and challenges of both.

Transport Canada has just announced additional anti-terrorist funding for major city transit systems as well as a biometric finger-print and iris scan identification system to allow authorized employee access to sensitive airport areas across Canada. Both of these are welcome and long overdue. Natural Resources Canada also deserves kudos for addressing the potential security threats posed by terrorist and others to offshore oil and gas platforms that were the subject of concern by Navy Captain Peter Avis in an earlier edition of FrontLine Security (issue 2/06).

There is much going on in industry to support these challenges. The RCMP’s NIII system allows disparate police information systems across the country to speak to one another; the work with CIC to conduct a six-month biometrics field trial of approximately 15,000 fingerprints and facial images from field trial participants around the world is indeed a precursor of things to come. Of greater importance will be efforts in Canada to coordinate with our U.S. neighbours as they implement the Secure Border Initiative (SBI) and the potential industrial and security benefits (to us) in the next several years.

The article by Jack Smith gives us an interesting glimpse into the security crystal ball to 2015 that our National Scientific Advisor has set up to ensure that an intelligent analysis process of evolving threats is performed.

We round off with a story of opportunities as Judy Bradt provides truly interesting guidance on U.S. contracting potential for Canadian Industry.

To conclude our first year, we have given the last word to Scott Newark. We hope that we served our purpose well and look forward to 2007.

We regret that we were unable to get the requested interview with Minister Peter McKay following our last issue on the War on Terror. Suffice it to say, that it drew a lot of comment. We hope to have an opportunity for our early edition next year, but suggest a continuing need for government’s clarity about Canada’s overall role… its role as a reliable middle power ally in the War on terror, particularly in Afghanistan. Have a good read and keep the letters coming.

Clive Addy, Executive Editor
© FrontLine Security 2006



Interview: Julian Fantino
Ontario's Commissioner of Emergency Management
© 2006 FrontLine Security (Vol 1, No 1)

Almost one year after his appointment as Commissioner of Emergency Manage­ment for the Province of Ontario, Clive Addy, FrontLine Security’s Executive Editor, interviewed Julian Fantino about his thoughts on Security and Emergency Management.

Julian Fantino, the second Commissioner of Emergency Management in Ontario, formerly held posts as Police Chief of London, York Region, and also Toronto. His present mandate makes him "responsible for providing leadership to all facets of the government's emergency management programs, including the provision of expert advice and guidance to the Premier and Cabinet on policy, procedures and legislation for provincial emergencies and other crises."

Approaching one year in this post, how do you view this mandate and what do you see as your recent achievements and next challenges?

After 36 years in law enforcement in Ontario, I must say that I found the transition relatively easy. The position requires that one do the right and not necessarily the most popular thing, and that the serious task of Emergency Manage­ment be approached in a disciplined way. Both of these traits were paramount in my previous career experience. I was very pleased to recognize the fine work of those who came before me and to seek out the challenges of today and tomorrow in emergency preparedness.

Like most informed citizens, I was struck by the globalization of security hazards, be they pandemic, climate or terrorist generated. I recognized that this global involvement would demand greater and broader partnerships and a more rapid and more capable Emergency Management Organization to respond to the growing size and variety of these challenges. For instance, as we watched what was happening with Hurricane Katrina, the Premier and I felt that we should be helping. We did so by partnering with the Canadian Red Cross and sending some 67 needed specialists in support of the local Red Cross and other agencies. We need more depth in our capacity that we can attain through more sophisticated partnerships. I feel that we are well oriented to doing this. We conducted a 60-day review shortly after my arrival, focusing on lessons learned in other operations, and evaluating our methods of operation.

Ontario is ready but, as I tell everyone, “Emergency Preparedness is never finished… it is always a work in progress” and we must rise to this challenge.

How do you view the role of municipal leaders and first responders in an emergency, having come from there?

As we discussed, I see an increasing requirement for the protection of all ­citizens in Canada from the increasing threats. Having been grounded in the reality of the SARS crisis, and the 2003 power outage, and seen the effects of the London bombing and Hurricane Katrina, I am more aware than ever that we are also responsible citizens of the world. In Ontario, with 40% of the Canadian population and the greater part of Canada’s economic engine located here, I know there is a tremendous responsibility to ensure that we are ready for the unpredictable. Having said this, I am fully aware that most, if not all, emergencies begin at the local level, and it is that level that must be supported first, because it is that level of leadership to whom citizens will turn first for help. Consequently, all partners should focus on supporting these leaders and first responders.

The federal government introduced in November for first reading Bill C78 called the Emergency Management Act, which has “died on the books.” Your own government passed its Emergency Management Statute Law Amendment Act on 15 December that allows, for instance, such measures as: restricting travel or order evacuations; establishing facilities for the care, welfare, safety and shelter of people; closing any place, public or private; establishing distribution centres; and fixing prices for necessary goods. Do you consider this detailed guidance necessary, sufficient and why? And, to your knowledge, do other jurisdictions have similar legislation?

In fact, Ontario is just catching up. This legislation, called Bill C56, which outlines the Premier’s, the Minister’s and, of course, my powers and responsibilities, is a very balanced piece of legislation. With these powers go very stringent accountability and Human Rights concerns. There are serious checks and balances that allow, on the one hand, the Premier to act at a time when there is no time to meet and consult or call a committee to deliberate, and it also obliges us to account early before Cabinet and Parliament for the measures imposed. For instance, I am obliged to account for such measures that I take within 2 days. You must recognize also that this legislation protects our employees working in good faith under trying emergency conditions.

In past emergencies, much was done without such legislation and, generally, the civic-mindedness of most was such as to get the job done. We realized, however, that when legislative authority was sought, even for the Premier in past instances let alone the local fire or police responders, no such authority existed.

Other Canadian jurisdictions have similar legislation and I am well aware that the state of New York, for instance, has a Director of Public Safety who reports to Governor Pataki and performs similar functions to mine under similar conditions. At times of crisis, the greater good will often trump individual concerns as indicated in some of the potential powers, but, I reiterate… it is very balanced legislation giving necessary powers with ­formal and pressing public accountability. It is well that we have it.

Many can recall images of the leadership of Mayor Giuliani of New York during the 9/11 disaster. On 14 December 2005, the Premier announced new legislation to strengthen the City of Toronto by providing the autonomy to make more of its own decisions. How do you see your role in Emergency Planning and Response for the City of Toronto?

There is absolutely no doubt that the elected mayor is the leader of his municipality at all times. We have 444 municipalities in Ontario, and all must comply with our Emergency legislation as well as other acts, such as the Nuclear Act, as applicable. It is my job to monitor that they do, and that they get the support needed to do so, be it federal or provincial. This way, we stand a better chance of being ready at all levels, from Toronto to the smaller rural municipalities. In the event of an emergency, we are obviously engaged but this is the sole purview and responsibility of the municipal leader, as long as the emergency remains local.

Mr. Fantino watches during an exercise.

My coordinating function, and that of the Emergency Management Organiza­tion, in support of the municipalities, involves several aspects. For instance applications for and allocations of Joint Emergency Planning Program (JEPP) and other federal funds from key programs are sought and coordinated by the EMO. We now also benefit from top-line CBRN equipment through federal funding – at least in Toronto, Ottawa and Windsor. These are, of course, available to others and can be coordinated through the partnerships we discussed earlier. An example is the recent major fire in Cobourg, where the local Fire Chief called upon and received support from 13 other fire departments including the resources of the Fire Marshall and a foam truck from the military out of Trenton. We are not here to finance all local municipalities’ perceived needs to comply with our provincial legislation. This is a municipal responsibility and leadership at that level must rely primarily on its tax base for funds, as it must for other responsibilities such as fire and policing.

When, however, an emergency is declared under the new legislation to be a “Provincial Emergency” the dynamics change and the Premier and Cabinet take overall leadership responsibility. Under such circumstances I view my position and my EMO as overall coordinators for the Premier of Ontario.

What of Exercises? How do you view your role and that of EMO in this matter?

I meet regularly with colleagues at the federal department of Public Safety and Emergency Preparedness Canada (PSEPC), and our views are similar on this matter. We realize that exercising is a vital function of preparedness and is a shared responsibility. I believe that all levels recognize that initial response to an emergency is always “local.” These local authorities must have plans, as do we, and that these must be exercised. If they are not exercised and updated, they rapidly become useless. This is what I mean by a “work in progress.” Plans must be constantly amended and practiced.

The need for exercise has a very human and critical dimension. It is too late to exchange calling cards at the 11th hour on the site of a disaster. These relations and partnerships should be established and maintained before an emergency to eliminate, as best one can, any inter-jurisdictional or personality friction and deal most effectively with saving Canadians.

Working together breeds an understanding for one another, and the example that I use is what occurred during the London Subway Bombing aftermath. Though it was the desire of authorities to get the subway running as soon as possible, through exercises they had determined that it was the police who would make the decision when to resume service on these lines after such a bombing. They did so because they knew the importance of treating the location as a crime scene and allowing the forensic examination that was needed. By doing so, the speed of arrest of the culprits was greatly accelerated and the chances of conviction greatly increased.

There has been much criticism from municipal levels that federal funding that has been announced does not seem cohesively related to any known “plan” or strategy, and that municipalities have seen very little money. What are your thoughts on priority of the investment of federal funds for the security of Canadians?

I will start by repeating that every emergency begins at the local level. For this reason, the priority should be to have the resources in place locally and the personnel well-trained and equipped, safe and confident, that they can handle what they must, and that they will be supported. I believe that this reality is often missed at the higher levels when it comes to resources.

There is a need for an awakening in Ottawa on this matter. Federal responsibilities are often neglected and get picked up at the municipal and provincial levels. A case in point… out on Lake Ontario is an international border. As I mentioned to Senator Kenny Chair of the Senate Committee on National Security several months ago, this border is not patrolled by federal agencies but by the Toronto, Peel, Durham and Niagara police boats, and therefore the municipal taxpayers carry the financial burden. I believe now there is one Fisheries vessel with an RCMP member aboard now and then.

Essentially, the municipal level is the front line of defense against terror in these regions and our presence reduces fear or panic among our citizens, which is the real goal of terror. Fear on either side can cost our economy greatly once the word gets out globally, as it did with SARS and the more recent Seven Oaks’ Legionnaires Disease outbreak. From a national perspective, this local impact could prove devastating nationally. I do believe federal resources could be more effectively focused.

You mentioned training and thinking strategically in emergencies, Can you expand your thoughts on this?

I can indeed. Let me start with thinking strategically. I want to relate that during the blackout in 2003, we had two problems. One was to assist the citizens and various city agencies circulate in an orderly manner on the main thoroughfares of Toronto by day. On the other hand, we knew that, come darkness, the bad guys would be out to capitalize on this emergency. We abandoned the major thoroughfares to our other partners by night and controlled the lanes and alleyways. As a result of thinking strategically, and with our partners’ understanding and cooperation, we were very successful. Similarly, we can learn from others’ experiences, good and bad. We must plug in to other partners – local, inter-provincial, national and even international – in order to do so. We must not limit our learning.  

This brings me to the training part of the question. I think that the realm of Emergency Management will become a profession of its own in the coming years. Already, York University and Centennial College are offering courses and limited specialties in this domain. I believe this is a good direction to be moving in. This field will both offer very satisfying careers and greatly improve the quality of our national preparedness. I consider this a necessary evolution beyond the various skill courses now offered to first responders and to government employees at the Emergency Preparedness College. The latter remain important, but, strategically, so is the broadening of an Emergency Management profession.

Any closing thoughts, Commissioner?

Yes indeed. This Emergency Preparedness is a great challenge. We should never stop preparing. It represents a critical investment in public safety, no less or more important than other government investments. The hazards, however, are becoming more threatening. Individual citizens must take on their share of preparedness by making themselves less vulnerable, relying less on bank machines in case of emergencies and think of having access to spare resources of, heat, water, medicines and food to survive. I continue to communicate widely at home and abroad with schools and counterparts in all domains on these issues. It broadens the horizon in the “Big Picture” window that I see for a safer country to which all Canadians are entitled. As I said, it is a “work in progress.”

Clive Addy is Chair of the National Security Group and FrontLine Security’s Executive Editor.
© FrontLine Security 2006



Interview: Dr David Butler-Jones
The Chief Public Health Officer of Canada
© 2006 FrontLine Security (Vol 1, No 2)

Dr. David Butler-Jones has presided over Canadian and North American professional associations, and participates in international professional work sessions and has worked in many parts of Canada. As Canada’s Chief Public Health Officer, he heads the newly created Public Health Agency of Canada, providing leadership on the government’s efforts to protect the health and safety of all Canadians. After 18 months in this position, FrontLine Security had the opportunity to interview him about his responsibilities with the new Public Health Agency.

Dr. Butler-Jones, having read through much of your web site, I get a glimpse of just how very important your Agency is to the health of all Canadians. After 18 months at the helm, can you share with our readers what you see as your main and secondary priorities and the challenges that you face in meeting these?

As you know, the federal government stated in their National Security Policy that the first role of government is to ensure the safety and security of its citizens. In that context the Public Health Agency and my role as its Chief Public Health Officer is to ensure the health safety and security of Canadians.

In these first years, my first priority has been getting the Agency credibly established. Such issues as getting its voice heard, ensuring that it has a visibly useful and effective leadership role, and establishing the Public Health Network across the country have been my principal focus. Internally, we have had to establish the processes and structures to allow us to manage the myriad of information necessary for us to perform our dual role of prevention and preparedness.

Externally, we have hit the ground running and have been reasonably effective in communicating pertinent information quickly and accurately across the country. I am personally amazed at the level of visibility we have garnered in such a short time. With this visibility have come some very real expectations that we must be geared to satisfy. Most public health activities are carried out by the provinces and territories at the local level.  We work closely with them to help ensure a well connected and supported system of public health.  

My second priority would be a focus on improving our national capabilities in Emergency Public Health preparedness, be it resources and mechanisms for mounting the health response to a national pandemic, or support for a specific regional or national Public Health crisis caused by a flood or other natural disaster.

Maintaining a sterile environment is critical in medical research.

My third priority is to improve our chronic disease prevention across Canada. There is a lot of work, research and advocacy required, and possible, to reduce the causes, frequency and acuteness of chronic diseases such as cancer, diabetes, lung and heart conditions in the Canadian population. It is a primary responsibility of the Agency to use all means to encourage Canadians to do this. It should not only be about adding a year or two to our general life-expectancy but geared rather to ensuring a better quality of life, and reducing the number of years of disability or ill health. We must remember that, in a crisis such as a major influenza outbreak, it is the chronically ill who will be our first and greatest victims. To accomplish all of these, we retain focus on the six elements of Public Health. And we do this in concert with the provinces and territories, other departments, the non-governmental and private sectors alike:

  1. Public Health Assessment – understanding what makes people healthy or not, and what to do about it;
  2. Maintain surveillance on patterns of diseases of significance such as bird flu, chronic diseases as risk factors, influenza or even mumps as we have seen just recently. We must watch these at home and abroad so they can be addressed before they become an insurmountable problem. In this day and age we must not be surprised. For example, in our first few months, the Agency relaunched the Global Public Health Intelligence Network (GPHIN) which is a secure, Internet-based “early warning” system that gathers preliminary reports of ­public health significance in seven ­languages on a real-time, 24/7 basis.
  3. Encourage the prevention of disease and injury.
  4. Engage Canadians in Health Promotion by creating more health supportive policies, programs and environments so that “healthier choices can be easier choices,” such as the importance of not smoking, of washing heads, eating well and staying active.
  5. Health Protection, which is the majority of Provincial and Territorial work and other jurisdictions, is shared with Health Canada and the Canadian Food Inspection Agency and involves maintaining ­standards and a focus on safer water, environments, and food and sewage treatment.
  6. Emergency Health Preparedness and Response. This involves having human and material resources in place and the barrier free flow of information ­necessary to cater to major medical emergencies and large scale Public Health challenges throughout Canada. It also involves having a capacity to help internationally, as we did in the Tsunami relief effort and Hurricane Katrina.

This is indeed a major challenge. What initiatives in the Public Health Agency will Canadians view as milestones in making them safer?

There have been many that are obvious, such as the information available on our Web Site (www.phac-aspc.gc.ca), but there are others that are less obvious but no less important.

The first has been the establishment or revitalization of the Public Health Network, a joint federal, provincial and territorial body that oversees public health in the country and reports to the conference of Deputy Ministers of Health.  It includes joining, through regular information exchange, policy development research, specialist expertise, labs, universities, hospitals and public health institutions at the federal, provincial, municipal and local levels. This allows public health practitioners and different jurisdictions to help   break down the obvious structural barriers, in order to gain access to and deal more quickly and effectively at all levels with their respective challenges.

Modern cell culture methods are being researched, however, influenza vaccines are still created the traditional way. Fertilized chicken eggs are injected with seed strains of the particular flu virus. The virus is injected into the egg white and the tiny hole is resealed. The virus then infects the lungs of the developing chicken embryo, and the resulting antibodies will multiply enough to be harvested within several days.

We also have implemented a revised and more effective Quarantine Act to cater to updated threats in a more global environment. In October 2005, at their annual conference, Federal, Provincial and Terri­torial Ministers of Health approved the Integrated Pan-Canadian Healthy Living Strategy, dedicated to reducing chronic illness levels in Canada and a new Pandemic Plan that has incorporated much that we have learned from our own experiences since SARS as well as lessons learned internationally. We also constantly update the measures, as our plan must always be ­current if it is to prove effective.

I would also mention the work of the Conference of Deputy Ministers of Health, the Conference of Health Ministers, and the provinces and territories that meets to coordinate and direct work on the overall health system in Canada, and Public Health issues that might impede routine coordination at each level. I was particularly pleased at the development and approval of the Health Goals for Canada and at the collaborative work in learning from SARS and how to respond better in dealing with emerging infectious diseases.

Canadians should be aware that we are one of the few vaccine producing countries capable of catering to long term influenza pandemics and that we already have substantial anti-viral inventory for such events in our collective Provincial, Territorial and Federal stockpiles. The Agency also maintains the National Emergency Stockpile System that contains everything that you would expect to find in a hospital, from beds and blankets and a supply of pharma­ceuticals and other emergency supplies.

That leads to the obvious next question, and that is, how ready are we to face a potential pandemic?

This is a very current concern and the ­federal government has put up an inter­departmental web site to deal specifically with this (www.influenza.gc.ca). It deals with travel advisories, flu shots and all details that Canadian citizens should know about the flu.

We also have new Pandemic Influenza Plan at the federal level that forms the carcass of a body of plans that are then produced regionally. We of course have our Centre for Emergency Preparedness and Response linked to other federal and provincial agencies as well as in live contact with our own and international agencies such as the WHO and CDC in the United States. Visit www.phac-aspc.gc.ca/influenza/avian_e.html

I think, at this time, it is important that I reiterate our role, which I consider vital in any pandemic. As you are well aware, during SARS in Toronto, besides the tragic loss of life, the country lost a great amount of economic benefit due to the reduced tourism. The fear-factor brought about by the disease highlighted the essential need for accurate information. One of my roles as Chief Public Health Officer will be to lend reasoned analysis and relevant advice to such events.

In my role as the senior Canadian medical professional for the government of Canada, I must explain to Canadians what is occurring, or about to occur, based on evidence, explain what can be done to improve the situation, show them that we are doing it, and explain what they can do as well. Hence, my focus is on the six elements of Public Health that I mentioned earlier.

There are some ironies that do occur when you know the facts. For instance, during SARS, Toronto was one of the safest cities from infectious ­diseases as everyone became very aware of personal hygiene and took measures to avoid others if they were ill. However, it it important to remember that 2,000 to 8,000 Canadians die every year due to influenza in one form or another, especially among the chronically ill. So many of these deaths could be reduced significantly through vaccination, proper hygiene such as hand washing, avoiding others when you are ill, and the reduction of chronic illness in the population. Washing hands regularly is a simple and very effective way to reduce many infectious diseases.  

As to the H5N1 Asian virus, or bird flu, at this time it is a serious disease in birds and has rarely caused human casualties. It is being very closely monitored internationally. Most commonly, influenza pandemics occur when a bird virus combines with a human virus, creating a new human virus to which we have no immunity. This is what might occur with the H5N1 Asian virus, though it could be another virus as well – we need to be vigilant for all possibilities. This is why so much attention is being paid to its working and understanding, to finding a ­vaccine or prophylactic. We don’t know when for sure this strain will arrive in birds, nor do we know when the next human pandemic will be. But expect we will see H5N1 Asian strain here in birds perhaps as early as this fall. This does not mean a human pandemic, because nature is unpredictable. But our preparations will assist us in dealing with a pandemic influenza or other emerging diseases, as well as bioterrorism or natural disasters.  

We at the Public Health Agency recognize the threat, share resources and information at all levels, and I believe we are well prepared to respond. We also remain ever alert. On the other hand, there is a civic and personal responsibility that must be taken by all individuals and levels of government to mitigate the risks. We cannot do this alone.

As a closing question, what international involvement and coordination is going on with the U.S., UN, WHO and others?

Our relationships with the World Health Organization and with other national public health ­organizations are excellent. Canada receives much from and contributes greatly to both. All are part of our sharing of expertise, talent and best practices in a broader Public Health Network, as are many other international agencies and governments. We are also very much attuned to the fact that our public health assistance to others overseas will reduce potential threats to the health of Canadians in this more globally connected world. Therefore, we train laboratory workers from other countries at our facilities here in Canada. We also deploy portable labs to South East Asia and elsewhere, in cooperation with CIDA and Foreign Affairs. These lab deployments have helped to identify and control outbreaks of strains of hemorrhagic fever (Marburg) in Angola, Bird Flu in Vietnam, and other viruses that might have posed a future threat to Canada, but just as importantly, we have helped these less well-equipped nations to resolve serious public health concerns of their own.

Clive Addy is a retired Major-General, Chair of the National Security Group and Executive Editor of FrontLine Security magazine. He can be reached at caddy@frontline-canada.com
© FrontLine Security 2006



Terrorists Own the Timeline
© 2006 FrontLine Security (Vol 1, No 3)

It’s up to us to disrupt it
There have already been two widely-publicized arrests of Canadians for plots contravening the Anti-Terrorist Act here in Canada, for some, it’s hard to imagine. The most recent, “the Brampton 18,” involved a sophisticated plan aimed at the sensational destruction of key infrastructure in Toronto and the hostage-taking of Members of Parliament. It is equally difficult to imagine that the global battlespace now includes such potential ­horrors as a “homegrown” plot in Britain designed to out-strip the 9/11 attacks with bold new tactics. But these recent and serious news stories have a something special in ­common – they were all foiled by sophisticated, collaborative intelligence work and dogged, law-enforcement action spurred on by new legislation to proactively neutralize the terrorist threats before they had the opportunity to wreak havoc.

A New Battlespace
Since the struggle against strategic terrorism does not focus on sovereign states in particular, the modern battlespace becomes local and federal, domestic and international, sensational and common place. We know that, like guerilla warriors, terrorists own the timeline – it’s up to the rest of us to disrupt that timeline. Since the battlespace is informational and ephemeral, information superiority will be the most effective means of neutralizing the threat. Brains, not brawn. It must be noted however that brawn is necessary as an expeditionary defence function to take the fight to the enemy in foreign lands and to react decisively with force in the forum of Canadian security once they are located – the two are linked in the context of strategic terrorism. However, the emphasis in the new battlespace must necessarily be placed on finding the ­elusive terrorist cells and understanding their plan before they execute it.

Strategic Terrorism
It is important to describe why the terrorism that Al Qaeda represents is new and different. Terrorists have “changed the battlespace” – by coming from nowhere, striking at civilians, using civilian means of transportation as weapons – but in a strategic, military way, they have also altered the way nations think about domestic security. Bruce Berkowitz, an American expert on intelligence and terrorism, points out that strategic terrorism aims at information superiority, in both its “soft” (an alluring ideological message to recruit and motivate foot soldiers) and “hard” (secure global communications for logistics, financial support, and command and control) forms.

Furthermore, as Canadian academic Janice Stein has written, Al Qaeda constantly evolves, and has shown “a surprising willingness to adapt its mission. This capacity for change has consistently made the group more appealing to recruits, attracted new and unexpected allies, and – most worrisome from a Western perspective – made it harder to detect and destroy.”

The Director of the Centre for Intelligence and Security Studies at Carleton University, Martin Rudner, in his article Protecting North America’s Energy Infrastructure Against Terrorism, brings our attention to the terrorists’ focus on the interruption of the world’s crude oil supply as a main piece of a seven-stage, twenty-year grand strategy of the modern jihadist movement. Clearly, the radical jihadist threat is both imaginative, highly organized and long-term – a threat to be considered with profound respect.

How can we Combat Strategic Terrorism?
Although existing documentation still often exudes the pre-9/11 tone of reaction and consequence management, there have been marked improvements in intelligence and law enforcement cooperation as well as some legislative measures to allow action before events occur. Nevertheless, there is a continuing need for more effort. We have seen that the ­terrorist timeline is vulnerable – their plots can be disrupted and stopped. We need a Culture of Prevention in government to allow our nation, in concert with its allies, to establish information superiority over the terrorist networks. This will allow for preparation, heightened readiness, and defence before an attack – as well as dealing with the effects of violence after the attack.

The Culture of Prevention that is being proposed here takes form inside our nation’s public and private institutions. It is more than consequence management; it’s more than planning how to react when an attack is taking place or just about to take place. This is about pro-activity. This is about stopping the attack from happening. It can be argued that Canada has moved carefully and slowly in the right direction since 9/11.

Even with recent improvements, the nature of information to be shared, the purpose of its initial collection, and the circumstances and context in which it will be shared can cause a high level of legal risk under the present legal framework – particularly in the realms of law enforcement and prosecution. To adopt a Culture of Prevention it will be necessary to anchor the proposed framework of information sharing and interoperability on the pillars of a National Security Strategy such that the public safety and security ­network corresponds to the foundation of common, agreed-upon strategy. In this way, government, and indeed private citizens, will be able to share information that connects the dots to uncover terrorist activity within and without the country.

The Right Path
Recent successes in preventive security are evidence that we are moving along the right path. The alleged terrorist plot in Toronto that was uncovered on 2 June, 2006 is the most recent, and perhaps best, example of the “Culture of Prevention” at work in Canada. As Angela Gendron (Senior Fellow, Norman Paterson School of International Affairs) explains, in the July, 2006 RUSI Newsbrief, reports:

“The fact that the Canadian security authorities were successful in preventing the attacks was undoubtedly due to … a continuing multinational investigation of suspected terrorist cells in at least seven countries…. Investigations into the cyber-links between alleged militant jihadis are continuing. It is also likely that the Canadian success was dependent on well-placed sources and close co-operation with members of the Muslim community.”

The spectacular, British airline suicide-bombing plot that police thwarted on 10 August, 2006 is further evidence that ­prevention is the most effective approach to this new and insidious threat. Paul Koring reports in the Globe and Mail of 11 August, “Yesterday’s arrests seem to have resulted from successful intelligence that detected the conspirators, either by infiltrating the cell or intercepting communications or financial transfers.”

The Culture of Prevention
While deployed operations with human intelligence and military forces in concert with our allies are necessary to diminish the genesis of jihadist terrorists, and “soft power” solutions are important in the long term to create cultural bridges between Western and Muslim societies, the most pressing need for countries like Canada is to deal with the “homegrown” game. This entails the bolstering of national security in terms of legislation and policy which enables government departments, allies, and private industry to collaborate in stopping terrorists from realizing their goals.

We can do better to combat the terrorist threat to Canada and our allies. In the medium term, national capability in prevention is essential to maintain information superiority in the new battlespace. Canada has come a long way – we have achieved our first major success using the Culture of Prevention against the “Brampton 18.” The priority now is to continue efforts to strengthen our ability to share information both vertically and ­horizontally in government and with the private sector. Furthermore, the complex issue of interoperability must be pursued to ensure that information passes in a timely fashion to the right partners. Finally, the Culture of Prevention needs to be promoted further in government to ensure that all sectors are focused on pro-active efforts to connect the dots which uncover threatening plans and actions.

If we are lucky, the Toronto arrests may cause Canadians to realize that the target of militant jihadis is not just aimed at the United States, but at Western ­civilization and all of its values. Canada, too, is a target and needs to build its preventative capacity to fully integrate with the international effort to overcome the threat of radical jihadist terrorism.

Peter Avis is Director General, Requirements, on the Strategic Joint Staff at the Department of National Defence.
© FrontLine Security 2006



Ron Moran
Border Security from the Frontlines
© 2006 FrontLine Security (Vol 1, No 4)

In 2004, the Martin government formed the Canada Border Services Agency (CBSA) by moving parts of the former Customs and Revenue Agency and parts of Immigration into this entity as a Separate Operating Agency under Public Safety and Emergency Preparedness Canada. In August 2006 in Vancouver, Prime Minister Harper reiterated his government’s commitment to reinforce the security along our border with the United States, and in recent months both U.S. President Bush and Ambassador Wilkins have reinforced their country’s intent to enact border security measures, such as the Western Hemisphere Travel Initiative, by July 2009 at the latest.

In light of these massive changes, FrontLine’s Executive Editor, Clive Addy, took the microphone to Ron Moran to find out how Customs and Immigration employees on the frontlines are adjusting to these major changes and how they see themselves operating in this new reality.

You have been at the Union head office before, during and after 9-11. As the representative of these employees, you have first hand knowledge of their opinions of the changes that have occurred and of their expectations. How do you and your members view these changes?

You mean the creation of CBSA, of course. We consider the creation of CBSA a work in progress, but one which was essential. We applauded then Prime Minister Paul Martin for having created it on the same day he and his new government got sworn in. As you know, we got members from Customs and from Immigration consolidated into this focused separate Operating Agency.

More importantly, we are moving from an organization focused largely on taxes and immigration to one oriented more towards security and law enforcement. This transition is by no means complete, but we feel that being under a department with the RCMP, CSIS and Corrections is the right place. However, we believe that Agency management has not yet hoisted this major shift into its policies, as much as we feel is necessary. We are preparing a position paper to this effect, and we intend to present it to the Minister in the coming days or weeks.

At times, issues are treated by the Agency with a certain nonchalance, which appears, to us, to be incompatible with our new role as a law enforcement, and security agency of government. For instance, until pressured into doing so, the Agency wasn’t keeping track of statistics on “port-runners” (people who go through border points without stopping). Following a study by an outside risk analysis firm, these have been estimated at between 600 to 800 a year, and, though the Agency acknowledges the lesser amount, it has not deemed this important enough to allocate resources to either count these accurately or deter them. They consider this an acceptable risk. We do not.

How would you and your members like to see this “whole border” operate on the Canadian side?

CBSA Officer uses a Fibre Scope (camera-type equipment) to check for the presence of contraband in a vehicle.

I am glad you asked, as there are many opinions on this. In fact, I will be briefing Minister Day on this very topic in the next days. I have voiced my opinions ­frequently to the Senate Committee, the media and others; much of this will not come as a surprise.

First, I believe that it will prove more effective and economical if we focus the resources in personnel and infrastructure of the present CBSA on this new law enforcement and security role as soon as possible and relegate our former tax collector focus to a secondary duty. It is obviously a new reality for us. In the U.S. it is definitely how they view this. The U.S. Ambassador reinforced this today, suggesting that his country wants what we all want: prosperity and security. President Bush himself has said that you can’t have trade and tourism without security; they are not mutually exclusive.

There is not much realism in dreaming about a return to a wonderfully undefended, porous and laissez-faire border. Our $1.7 billion in daily mutual commerce would suffer tremendously.

Think of what would happen to this trade if the Ressam incident of the year 2000 would occur now in this post 9-11 world? The border would slam shut! We have to effectively control and patrol our border and demonstrate this to our neighbour. BSE and softwood lumber would be nothing compared to what would happen in this case.

Passenger is greeting by a CBSA officer.

Therefore, and in our own interest, we must show that we are in fact doing much more to secure our border and its points of entry.

Second, we must do this efficiently with absolute minimal disturbance to the legitimate passage of people and goods. There are many innovations in the mill and anything that speeds up legitimate travel across borders is welcome. While we still have some issues to resolve with initiatives such as NEXUS or CANPASS, these are nevertheless welcome as are other initiatives and measures being developed within the Security and Prosperity Partnership such as the Western Hemisphere Travel Initiative.

Much of this relies on technology of all types, but I would want all to know that technology does not replace people, it makes them more effective. I say this because many do not recognize the scope and porous nature of our very long border and the increase in criminal activity, both ways, that is going on. We must have the capability to deter, respond and protect along our Canadian side.

Ten years ago, I would have laughed at people who suggested that our major concern would be with organized crime but that is now a cold hard fact. The flow of top grade marijuana south from Canada and the flow of weapons and other drugs north from the U.S. are major industries controlled on both sides by organized crime who often share common routes and facilities… and the amounts involved are enormous. As a small example; the recent seizure of 250 pounds of marijuana near Cornwall, at $4,000/lb, is a routine thing but it gives you the scope of the challenge.

CBSA officer verifying international parcel mail.

We also need a pursuit and arrest capability on our border. Response from local municipal or federal police hours after the incident is certainly not acceptable.

Some think that this can be done by other agencies or forces…the RCMP for example… but I believe that this task is sufficiently important as to require the professional focus of a singular federal agency such as CBSA. I certainly believe that we must work together, as we do with the sharing of information through IBETS with the Mounties, CSIS and our American friends, but the law enforcement and security along our border requires a constant professional focus that we can bring to the table.

This brings us to he question of arming your guards. What is the CEUDA position in respect of this issue – one that is still being debated behind doors in parliamentary committees?

CEUDA has stated for over two decades that this is a health and safety issue and that customs agents – in fact all frontline border services personnel that deal with the public and risk getting involved with armed criminals – should be armed for their protection and that of others. In that recent risk analysis study I mentioned, there was a revealing parallel made by the consultant who stated that none of the police that were interviewed would approach a car pulled over in this day and age without an acceptable means for close protection, which is normally a pistol. We feel we need the same.

Canine Units assist in detecting banned substances.

There are all sorts of scary scenarios being dispensed to limit this. Some think that each border post will end up like Dodge City in the Wild West.

I have great respect for the professionalism of our people. In addition, as you know, the RCMP will assist us by establishing the standard, and by training the trainers. I remind people that when we got air bags in our cars there wasn’t a wild rush of folks crashing their cars to see if they work. Don’t expect similar horror scenarios to materialize on our borders.

 Most police will serve their whole career and never use their weapon, and there is no reason to assume this won’t be the case at the border, although the recent independent research of our border clearly showed that guards had been threatened and shot at, as had their buildings, by port runners and others.

And not unrelated to this issue of course is the fact that Mr. Harper has agreed to double up manning at the various ports. Bottom line… we need to be armed and trained to use these weapons safely and we will, with the assistance of the RCMP. We are still lobbying to have the implementation period reduced from its suggested ten years, but arming will be done.

Lab technician examines print characteristics of a cigar box label to verify authenticity.

What are CEUDA’s thoughts and positions regarding the adequacy of technology and information getting to the guard at the border, in a form and at a time that would be useful?

Well, in this day and age, I believe it is shameful to spend so many dollars on acquiring intelligence while being unable in so many ways of getting it to those who can really use it, as you say, “in a form that is useful and timely.”

Here are some of the sad facts at this time. For what we call “look-out” for known criminals and terrorists we have some 83 posts that do not have the needed computers to get on the network to access such vital information. Second, the various security firewalls and authentications necessitate about a half hour to log on get what you need to search for. Much of the available information is literal and therefore not readily useable and we are not given as much information as we should, from what is said to be available. There seems to be a real fright on behalf of intelligence agencies to give us what they have that could prove useful. There appears to be, in other cases, a concerted effort by some to limit all information – for whatever reasons.

It seems strange that, in this day when someone in the desert can reach his stockbroker from his lap-top on his camel, that we make the sharing of law enforcement information so difficult for those that need it. This has to change. I know it will.

This can be resolved by biometrics and I see this being the key mechanism for “look-out” five years from now, when we will wonder what we did when we did not have this reader that can pick a criminal out of a crowd getting off of a bus without even one agent being visible to scare him or her off.

Do you have any last comments?

In fact I do. I spend a lot of time on behalf of our members lobbying MP’s and applying pressure to be recognized as a legitimate and interested stakeholder in management discussions on where we are going in CBSA. I am not instinctively sought out for consultation.

I truly believe that this is due, in large measure, because management has not adapted as well as the frontline members have to the great change from tax agency to law enforcement. I also strongly believe that there is a corollary need for management to have people with law enforcement expertise sitting across the table from us when we discuss these issues. This is key to addressing the mind-set problems.

Thank you very much Mr. Moran for your candour and collaboration. I wish you and your CEUDA members well with this difficult, necessary and urgent transformation.

Clive Addy is the Executive Editor at FrontLine Security.
© FrontLine Security 2006



Government Must Have a Clear End-state Vision
© 2006 FrontLine Security (Vol 1, No 1)

When Securing an Open Society: Canada’s National Security Policy was promulgated in April 2004, the authors billed it as a “strategic framework and action plan.” It is not a national security strategy. In fact, it would seem that the Canadian government did not feel an urgent need for a national security strategy. Rather, they often seemed to leave this sort of thinking to the U.S. government in the context of North American security strategy.

Nevertheless, the National Security Policy (NSP) directed the federal interdepartmental community to develop a number of formal strategies pertaining to the “key strategic areas” which underpinned the chapters of the NSP. This resulted in a Critical Infrastructure Protection Strategy, a National Cyber-security Strategy, and a National Immunization Strategy. More­over, the NSP has prompted the perceived need for an overarching Transportation Security Strategy that is currently being formulated.

So the Canadian government is beginning to develop national-level strategy. This is very encouraging. It is important at this juncture to step back and examine what strategy really means in the context of modern, integrated government activity.

Strategy Defined
The U.S. government has done very valuable work in progressing the theory of modern strategy. The U.S. Army War College is an excellent place to start when grappling with the ideas involved in grand or national-level strategy in the post-modern era. In his paper Towards a Theory of Strategy, Richard Yarger breaks down this high-falutin’ term into simple building blocks for the use of aspiring strategists. According to Yarger, “Strategy is the employment of the instruments (elements) of power (political/diplomatic, economic, military, and informational) to achieve the political objectives of the state in cooperation or in competition with other actors pursuing their own objectives.”

He goes on to say that the term strategy is often misapplied in that there is a general tendency to use it as a term to describe a plan, concept, course of action, or “idea” of a direction in which to move forward. Strategy is none of these things. “Strategy is fundamentally a choice; it reflects a preference for a future state or condition.” It founds itself on a vision of the end state to be achieved. It is comprehensive, proactive, hierarchical, provides direction, and reflects a political purpose based on national interests:

Interests are desired end states such as survival, economic well-being, and enduring national values. The national elements of power are the resources used to promote or advance national interests. Strategy is the pursuit, protection, or advancement of these interests through the application of the instruments of power.

If all of this sounds too military in nature, Brian Jenkins, of RAND Corporation in the U.S., gave a somewhat more functional (and perhaps bureaucratic) definition of strategy at Transport Canada’s Workshop for the Transporta­tion Security Strategy in April 2005:
Strategy is the art of managing how to allocate finite government resources according to national interests.

Jenkins explained the importance of strategy by insisting that it sets priorities and, in so doing, sets a continual engagement of government towards allocation of resources. Long-term procurement plans are thus linked to strategy in this definition.

In the context of Canadian strategy development, national-level strategy that lies below the strategic framework provided by the NSP must, first and foremost, be comprehensive. In order to allocate finite government resources wisely, the Canadian government must have a clear vision of a preferred end-state based on national interests. Moreover, a balance between the oft-competing requirements of the national instruments of power should be sought before determining national objectives.

Policy Development Prisms
The pillars of society in Canada (which correspond roughly to the current main Cabinet Committees) represent our instruments of power: Social, Economic, Environmental, Security, International, and Defence. When developing national strategy, the competing visions of these pillars must be debated and reconciled in order to achieve a unified basis for clear strategic direction.

An example of strategy development can demonstrate the value of this approach.

Before the promulgation of the NSP, government departments in Canada developed security policy in the absence of unified strategic direction. Conse­quently, the government functions that evolved during the Cold War years – organizational stovepipes – formed the foundation for security policy development. Departments formed a culture of departmentally-mandated prisms from which they viewed the world. The advent of globalization (particularly global health and weather concerns) and strategic terrorism has caused a re-evaluation of how government departments should interact. This is the modern starting point for the NSP’s integrated government.

A fine example of post-9/11 policy development is found in the transportation sector under maritime security. A gaping vulnerability gap in Canada’s maritime security sector was perceived after 9/11. To address this, an Interdepart­mental Marine Security Working Group (IMSWG) was formed under the Minister of Transport to cope with policy development in that sector. After several months of culture comparison and debate, the IMSWG set to work – in integrated-government fashion – to analyze the maritime environment in the context of strategic terrorism. Although this group was working through a transportation security prism, they were able to achieve comprehensive policy development at the strategic level. The hallmark of their success was a risk-management matrix that compares maritime security activities to circles of vulnerability. The four key activities are domain awareness, collaboration, safeguarding, and responsiveness. When one superimposes the activities across all the geographic circles of vulnerability, it is evident that security requirements are increasingly information-based the farther one is from one’s own country; however, the requirements tend to become more physical and response-oriented as one draws near home.

This risk-management matrix has served the maritime security community well through the passage of several Memoranda to Cabinet that sought resources to improve maritime security by carrying out key activities across the circles of vulnerability. Its conclusions reach into the strategic sphere, prioritizing national activity as: security of the maritime perimeter; security of internal waters and infrastructure, and security of the arctic waterways.

However, based on the understanding of strategic development described in the paragraphs above, this excellent policy development is not strategy. While the conclusions are valid and extremely valuable, and the process is comprehensive inside the maritime transportation prism, this policy lacks the national strategy perspective which requires the reconciliation of competing visions of the pillars of Canadian society.

Developing National Strategy
To continue our example of national ­maritime security strategy development, let us consider the policy-writers’ challenge for a Transportation Security Strategy for Canada. To achieve national-level strategy in the maritime security sector of transportation, the product of earlier policy development must now be the source of interaction and debate with the communities that represent the other pillars of society. For the existing maritime policy to approximate strategy, a matrix of the six pillars of society must be ­superimposed over the existing matrix of risk-management from the maritime transportation policy. Only through such comprehensiveness, based on thorough knowledge of the overarching strategic environment, will strategy be formulated.

Let us test this idea for an indication of strategic value. It is not beyond imagining that a future political idea would seek to direct national resources towards securing the Northwest Passage for Canadian sovereignty control (indeed both major parties have recently dabbled here). Given the lengthening season for navigational passage due to climate change, this is a strategic consideration that will continue to present itself.

The interdepartmental nature of IMSWG would cause some debate at the departmental official level – but not debate with a comprehensive view (or the power) to reconcile issues at the strategic level. The various issues that exist in each strategic pillar of society would have to be considered in relation to those from other pillars and all weighed against the vision of national interest.

It is possible that holders of the Economic perspective would support ­sovereignty control in the Northwest Passage. From a regional and fiscal stand-point, this could complement the government’s economic strategic outlook for the north. However, the Environmental perspective may have serious problems with potential for pollution, depletion of fish and wildlife stocks, as well as destabilization of the fragile arctic natural balance.

The Social perspective would have to weigh the effects on native communities and culture according to their strategic outlook. Defence and Security would have concerns about resources and manpower and would likely endorse accurate geographic information as integral to planning, policy formulation and administration for a long-term management ­strategy. And finally, an in-depth analysis from the International diplomatic perspective would be crucial to understand the impacts of Law of the Sea and international treaties that exist. Canada is currently facing six actual or potential international disputes over various aspects of control of its Arctic region where such a process would be useful.

It may well be that the first stage of such a strategy would be to influence international legislation in such a way as to set the conditions for the security initiative over the long term. The key here is that strategic development that splices these perspectives together would ideally come from a permanent government body deliberating at top levels of the public service. These officials would engage, debate and resolve these broad-scoped considerations. Academia and the private sector should play a part in these deliberations as a rule.

A Dutch Example
An example of this sort of strategic machinery can be found in the form of a collaborative experiment in the Netherlands. The complexity of access and usage of the Netherlands North Sea has generated an impressive strategic governance and management structure that interlocks international, national, and regional debate and policy development. Many issues such as boundaries, fishing quotas, and shipping routes are determined by international organizations and are beyond the Dutch government’s control. However, over the last 25 years, a strategically wide-scoped institution named IDON (International Deliberations over North Sea Governance) has debated, coordinated, and formulated policies, directives, and legislation between ministries at the national level. It is this sort of organization that houses the national expertise requisite for composing national strategy and legislation. When juggling conflicting strategic and political issues such as environment, economy, security, defence, and society, and there is a requirement for a maritime focus, the Dutch government is well served by a body that can achieve an integrated system of cooperative governance.

The Netherlands has succeeded in this collaborative effort at the strategic level by ensuring an organization of great breadth, that is not a cabinet committee, has the tools to find compromise in national policy-making, and has the linkages to assert Dutch strategic interests in wider forums. Free from the rigours of Cabinet time constraints, this permanent committee combines decision-makers from across all departments to debate maritime-related laws and policies in a decidedly complex environment in which political issues of the six pillars of society overlap. For 25 years this group has ensured that a unified and prepared Dutch voice is heard in national, European Community, and international forums. The ongoing success in winning Dutch interpretations of water boundaries and traffic routing is an indicator of this committee’s value.

By employing the elements of national power and splicing their perspectives together into a unified whole which achieves the rational allocation of finite government resources according to national interests, the Dutch have succeeded in creating a truly strategic body to formulate their maritime security strategy. A Canadian version of IDON would ensure a unified Canadian voice to work on governance issues between nations, particularly in the changing Arctic region of Canada.

The promulgation of the National Security Policy has caused the development of national-level strategy across the various sectors of the Canadian federal government. The ongoing formulation of the Transportation Security Strategy is an example. To achieve the comprehensive perspective required for strategic thought, the traditional prisms or stovepipes of bureaucratic government must be broken down by the institution of permanent, high-level, interdepartmental strategic think-tanks that set government priorities in such a way as to ensure continual engagement of government in the allocation of resources over the long term. The Netherlands’ strategic institution called IDON is a fine example that may fit the Canadian requirement.

 At the heart of the matter is the necessity to open up our singular focus on departmental concerns and embrace the multi-pillar perspective from which strategy is necessarily formed. As we create these multi-perspective deliberation groups, we must ensure that academic specialists and professionals from the private sector are invited to participate. Only through weighing and balancing national interests vis a vis the pillars of society will Canada’s strategic staffs be able to optimize policy development and create useful and lasting national strategy to assist our politicians in guiding Canada’s way forward in a complex post-modern world.

Peter Avis is Director General, Requirements on the brand new Strategic Joint Staff at the Department of National Defence.
© FrontLine Security 2006



RCMP Emergency Preparedness
© 2006 FrontLine Security (Vol 1, No 2)

The RCMP is one of many key organizations taking potential health threats seriously, and as such, has been working closely with federal, provincial, territorial and municipal health, government and emergency partners.

The RCMP, Canada’s national police service and part of the portfolio of the Public Safety and Emergency Preparedness Canada, is one of many key organizations taking potential threats to health seriously. As such, it has been working closely with federal, provincial, territorial and municipal health, government and emergency partners. The RCMP’s unique status as a federal, provincial, municipal and international policing body makes it a very important piece of the pandemic planning and response process in Canada.

Over the past few months the RCMP has ramped up its national, regional and divisional emergency operations planning along with business continuity efforts to ensure the organization is prepared in the event of an influenza pandemic.

“The RCMP operates in a very dynamic environment, and as such, planning, preparedness and applying the appropriate response is crucial to ensuring public safety and security, especially during a crisis situation such as a pandemic. The planning is very comprehensive and ongoing to prepare for the predicted influenza pandemic,” explains Brian Porrior, Officer in Charge of RCMP Emergency Management.

RCMP business continuity planning (BCP) is an initiative under the Departmental Security Officer. Taking an all hazards approach, the RCMP’s overall BCP is to continue to provide critical services to both internal and external clients by using procedures and mechanisms for prevention, response, continuity and recovery prior to, during and after crisis situations. The following are some of the key business continuity elements of pandemic planning:

  • a work force resilience plan aimed at providing support services to RCMP employees and their families to ensure as many employees are at work as possible;
  • a communication plan to educate employees and their families to help protect themselves, to work in a safe manner and to convey key messages about the RCMP’s role and planned response;
  • a health plan to address various protocols that will help ensure a healthy work environment; and
  • an ethics framework to provide extra guidance to RCMP employees in a crisis-driven and demanding environment.

In addition to its overall emergency management mandate, the RCMP established the Critical Incident Preparedness and Response Initiative (CIPAR) in the Fall of 2005. The purpose of CIPAR is to review all aspects of the RCMP’s readiness to respond to emergencies. “As a progressive organization, the RCMP recognized the need to initiate CIPAR,” says Assistant Commissioner John Neily, Officer in Charge of the RCMP Critical Incident Preparedness and Response Initiative. “Just as 2001 reinforced the need to advance national security measures, the tragic events that happened at the tail-end of 2004 and over the course of 2005 underlined the importance of reviewing and enhancing emergency management and response measures.”

In the event of an influenza pandemic, the organization would contribute to the Government of Canada’s response by providing assistance and support to public health authorities in the containment of the pandemic by:

  • enforcing control measures;
  • maintaining order;
  • providing protective security;
  • ensuring public safety; and
  • assisting other emergency service providers as required.

The RCMP is committed to these emergency response duties during a pandemic and will address the highest priority areas to help maintain public safety and security during such a crisis. “What this means is that we would take a risk management approach, where our first priority would be to provide assistance to public health agencies/professionals to contain the pandemic. Minimizing societal disruption would be a secondary priority during a pandemic outbreak,” states Neily. He noted these two priorities would take precedence over any task deemed as a low priority.

That being said, an important consideration is the RCMP’s multi-faceted mandate. Working closely with key domestic and international governments, the law enforcement, community and other partners, the RCMP provides assistance in maintaining and protecting public safety; preserving the peace; enforcing the law; and maintaining border integrity and national security.

Business continuity protocols will ensure that even through a crisis event such as a pandemic, the RCMP will be able, in a priority-based capacity, to continue to provide its policing services to the provinces and territories as well as serving more than 200 municipalities and 192 Aboriginal communities across Canada.

No emergency planning process can be fully comprehensive without an effective communication plan for internal and external awareness, and for conveying important information about emergency and business continuity planning. Providing RCMP employees with timely, consistent, trusted and accurate information is critical to the communication process, helps to ensure employees are well informed, and in turn have key information that they could share with their families and their communities. Effective communication on all fronts helps to develop a clear understanding of the impact of an emergency.

The resilience of employees during a time of crisis is critical to providing and maintaining assistance and support to Canadians and the RCMP’s partners. Senior management recognizes that RCMP employees are committed to respond to the call of duty during an emergency and must be well-informed about any such threats. In saying this however, the RCMP realizes that every emergency brings uncertainty, and it is difficult to prepare employees for everything that might occur and to anticipate how long a crisis could last.

Training and preparing its employees to handle crisis/emergency situations, such as pandemics, and to quickly mobilize its personnel when required is another priority for the RCMP. Through its continued commitment to maintain public safety and security, the RCMP ensures that its employees are properly equipped with the tools and aids necessary to handle sensitive and difficult situations such as pandemics. As part of its common practice, the RCMP is researching and developing the necessary standards and protocols to guide our organization through a pandemic.

“The RCMP is a unique organization in that it provides policing services at all levels – federal, municipal, provincial and territorial and international. And for this reason we take an integrated approach in all that we do,” says Neily. “Emergency management and business continuity planning for crisis events such as pandemics are done in concert with key internal and external partners with the safety of employees and the public in mind.”

Jeni Sandeman is an Acting Team Leader in Strategic Communications, Public Affairs and Communication Services Directorate at RCMP Headquarters in Ottawa.
© FrontLine Security 2006



Industry: An Essential Contributor to Security
© 2006 FrontLine Security (Vol 1, No 3)

There is no more important role for government than the security of its homeland and the safety of its citizens.

While government is ultimately accountable for a nation’s safety, it is by no means exclusively responsible for it. The private sector shares this responsibility and must be an integral contributor to the government’s national security framework for the ­following three reasons:

  • Business is flexible and has proven problem-solving capacity. The pace at which destructive elements in the world are devising new and ever more daring and sophisticated methods to disrupt and unsettle western societies requires the nimble and innovative private ­sector to engage fully in support of Canada’s long-term security interests;
  • Business is motivated by self-interest. The devastating economic and employment consequences that would be triggered through a terrorist-related disruption to North American transportation and port systems, critical infrastructure, food, health, energy, financial or telecommunications networks suggests that the business community has a vested interest to be fully engaged in security-related problem solving;
  • Business opportunities abound in a world looking for risk mitigation tools against non-traditional, non-state related threats. The magnitude of current-day security challenges, be they related to detection, surveillance, intelligence, communications, data fusing, biometrics, improvised explosive devices or CBRN mitigation, offer unprecedented opportunities for business solutions.

Continuing terrorist attempts, like the one leading to the recent airline-related arrests in the U.K., vividly remind us of the determination of those intent on wreaking havoc on western societies. Canada is not immune from these threats and must remain both vigilant and prepared. As an industrialized country, we have the inherent capacity and duty to contribute to international stability and greater North American security as it relates to external and homegrown threats or natural disasters.

Is the federal government fully utilizing the skills, innovation and resources embedded in the private sector to address Canada’s security priorities? CADSI members see little evidence of this. Significant investments have been made through Public Safety (PSEPC) and Canada’s various security agencies, but little program money has found its way into the private sector.

To date, the government has not articulated the capabilities it needs from Canada’s defence and security industrial base. If it did so, there would be a place for homegrown technologies, equipment and services that target long-term strategic Canadian interests related to its maritime environment and northern sovereignty objectives, its urban communities, shared border with the United States, its rich energy resources and the global telecommunications and financial networks that connect us.

The Canadian Association of Defence and Security Industries (CADSI) encourages the government to engage the private ­sector as a key partner in safeguarding national security and economic prosperity. This may require policy changes and a cultural shift within the federal government to reduce the private sector’s costs of doing business with the public sector and increase its potential rate of return.

In the past, government-sponsored and -run science, research and development institutions were the prime generators of new technologies and equipment designed to respond to military and security objectives. Today, however, greater private sector leadership and a more collaborative relationship between the private and public sectors is critical to ­keep pace with rapidly evolving threats. To strengthen business involvement with government in security-related problem solving and risk mitigation, CADSI calls on the government to:

  • adopt procurement practices based on best value not on the lowest cost compliant bidder. If your disease can be cured through surgery and the doctor tells you it will cost $10,000 for the operation, you are not likely to ask him what you can get for $5,000! Federal policies and practices for the procurement of national security-related ­technologies, equipment or services should be no different;
  • create a venture capital fund, managed by the private sector and perhaps financed in part from defence procurement offset obligations, that will help Canadian-based technologies companies to bring innovative security-related technologies to market;
  • establish a “buy and try” program within Canada’s security agencies that will allow federal security professionals to test new equipment and technologies, relevant to their missions, in operational settings;
  • encourage greater private sector R&D in strategic defence and security technologies and include security-related companies as eligible applicants in a restructured Technology Partnerships Canada program;
  • articulate the strategic capabilities it would expect to secure from Canada’s industrial base to meet long-term defence and national security priorities.

Ongoing terrorist attempts confirm that we no longer live in a ‘business-as-usual’ world. Both industry and government have a shared responsibility to address global and North American threats on a real time basis. This will not happen without new thinking in Ottawa that ­elevates the role of business to that of a collaborative partner to government on national security issues.

The social and economic consequences of inaction on these challenges by both government and business will be felt – instantly and dramatically – by all Canadians at the moment our national security is compromised.

Tim Page is the President of CADSI (Canadian Association of Defence and Security Industries).
© FrontLine Security 2006



Border Services
Today and Tomorrow
© 2006 FrontLine Security (Vol 1, No 4)

The Canada Border Services Agency (CBSA) processes about 97 million people and a constant flow of goods worth billions of dollars each year — the value of cross-border trade with the United States alone averages $1.9 billion a day. It is a massive responsibility. The task is made all the more challenging by the current post-9/11 environment, fraught as it is with the threat of terrorism and other criminal activities.

Primary Inspection Line for vehicles crossing the border.

The juggling act of balancing security and trade at Canada’s borders requires a combination of vigilance, flexibility and innovation. It also demands sound strategies, state-of-the art technology and ­science, and a skilled and dedicated ­workforce.

Since its creation, the CBSA has based border management on three fundamental strategies. It collects advance information on who and what are coming across the border. The Agency then transforms that information into intelligence using sophisticated, world-class automated risk-analysis systems.

Finally, the CBSA expedites border clearance for low-risk people and goods with pre-approval programs such as FAST and NEXUS. All of the CBSA’s programs and activities are directly connected to these three basic strategies.

“More and more, border management operates in a global environment, where our work starts well before the physical border,” says CBSA President, Alain Jolicoeur.

Collecting Advance Information
Collecting information about cargos and people before they reach Canada’s borders is highly effective in identifying and intercepting high-risk goods and people. Through the Advance Commercial Information (ACI) program, air and marine transporters are required to transmit advance information about their ­shipments. This program provides CBSA officers with electronic pre-arrival cargo information so that they are equipped with the right information at the right time to identify health, safety and security threats related to commercial goods before they arrive in Canada.

In an effort to strengthen Canada’s security while taking into consideration the time constraints of trade, the ACI ­program will extend to the highway and rail modes of transportation.

The people side of the advance information equation is the Advance Passenger Information/Passenger Name Record (API/PNR) program. Through this program, the CBSA gathers information from airlines about passengers on their way to Canada. API/PNR is critical in identifying high-risk travellers before they arrive in Canada.

Transforming information into intelligence
To turn information into intelligence, the CBSA relies on skilled employees at home and abroad and on sophisticated systems based on science and technology. The Agency’s risk-assessment systems receive information provided by advance information programs and analyze it to identify high-risk goods and people.

Traveller uses the CANPASS Air / NEXUS Air automated kiosk.

For example, the CBSA’s National Risk Assessment Centre is a 24/7 operation with state-of-the-art technology and risk-management tools that acts as a central facilitator for the fast flow of information on high-risk travellers and goods before they arrive at the border.

Pre-approval programs
These programs benefit trade and travel by providing members with streamlined border clearance processes. Canada and the United States have developed joint pre-approval programs for people and goods crossing either country’s borders.

For example, FAST offers pre-authorized importers, carriers and commercial drivers expedited clearance for eligible goods through dedicated FAST lanes. There is also a similar program for travellers: NEXUS simplifies border crossings for pre-approved travellers entering both countries. NEXUS Air and Marine projects have been successfully tested and over 150,000 people are currently taking advantage of these programs.

Documents can be examined using a Video Spectral Comparator (VSC), coupled with video-conferencing technology. This system transmits document details from a field office to a lab.

Technological advances
Technology plays a critical role in all aspects of border security.

For example, in Canada, NEXUS Air uses innovative iris recognition biometric technology. In the blink of an eye, the sophisticated iris recognition tool can read 266 different characteristics. A traveller steps up to a small kiosk outfitted with standard video equipment. In 20 seconds or less, the tool reads all of the distinctive characteristics.

“We use technology to the maximum extent possible in keeping our borders secure,” says Mike Feniak, the director of the design and development aspects of the CBSA’s trusted traveller programs. “Iris recognition technology is the leading edge. We’re constantly exploring – we’re actually moving from single to dual iris ID, for instance – and use various technologies at the border.”

Canada leads the way in this type of biometric technology, which is currently used primarily in certain programs aimed at expediting cross-border passage for pre-approved travellers. The objective here is not only to simplify entry into Canada for lower-risk travellers, but also to free up more time to direct attention toward those who pose a higher or unknown risk.

Narcotics detection equipment - the ION Scan.

“We are increasing our use of evidence- and science-based solutions that will lead to improved border security and greater economic prosperity. We continue to make significant advancements in our use of sophisticated and automated risk-assessment systems, radiation-detection and other state-of-the art equipment, IT systems and infrastructure that will further modernize border management,” says Mr. Jolicoeur.

Partnerships and Information Sharing
The new security reality also means that border agencies, including the CBSA, must work with a variety of domestic and international partners. The Smart Border Declaration signed by Canada and the United States in 2001 and the subsequent 2005 Security and Prosperity Partnership of North America between Canada, the United States and Mexico are among the key partnerships that will shape the future of border protection.

The CBSA is also very active on the international scene, working closely with the World Customs Organization in developing principles and standards to develop and implement international security and facilitation programs.

Smart Border
The fact of the matter is that the future of border protection will rely on three key strategies and a vision.

“We are constantly investing in building a smarter, more secure and trade-­efficient border that relies on advance information, technology and risk management. We will continue to capitalize on science and technology, to share best practices, to develop joint programs and to work smarter than ever before,” says Mr. Jolicoeur. “We are getting closer to realizing our vision of a smart border and a smart organization.”  

Cara Prest and Derek Mellon are with the Canada Border Services Agency.
© FrontLine Security 2006



Canada Needs a Counter-Terror Strategy Now
© 2006 FrontLine Security (Vol 1, No 1)

In the aftermath of this past summer’s July 7th Al Qaeda terrorist attacks in London, Canada must move rapidly to adopt an integrated counter-terrorism strategy before it is too late.

Canada has a National Security Policy, we have Anti-Terrorism legislation, and we have a government-wide counter-terrorism plan. What we do not have is a clear, all-encompassing and well-understood strategy to fight terrorism. Without such a grand strategy, Canada will remain dangerously slow to react to the threat and acts of global terrorism, encouraging terrorists to attack.

Like most G8 countries, Canada responded with sympathy for the victims of the September 11, 2001 attacks on Washington and New York. It then joined fellow NATO members under US coalition indirect action in Afghanistan focused upon the terrorists themselves in the aftermath of the attack.

The Canadian government moved forward with a ­number of counter-terrorism priorities including: the dispatch of special operations and conventional forces to Afghanistan; improved technical systems at entry points and border crossings; stricter legislation and travel regulations; and, importantly, some monies to accomplish these tasks.

Canada’s Anti-Terrorism Act, Bill C-36, was the centre-piece of the government’s legislative framework to counter-terror. Bill C-36 created measures to deter, disable, identify, and prosecute those engaged in or supporting terrorist activities. Canada’s National Security Policy, entitled Securing an Open Society, defines three key Canadian national security interests: protecting Canada and the safety and security of Canadians at home and abroad; ensuring that Canada is not a base for threats to our allies; and contributing to international security.

Within these broad objectives for Canada’s national security, government departments and agencies have attempted to produce a cohesive approach to counter the increasing threat of terrorism. Indeed, the RCMP, Military, CSIS, and the Department of Foreign Affairs each have their own anti-terror strategies.

But our government has yet to set out the grand national strategic vision needed for a modern democracy confronting this scourge of the 21st Century. Canada’s counter-terrorism efforts will never achieve their intended results without a comprehensive strategy to focus its national response.

Clausewitz wrote in On War that: “Strategy is the use of the engagement for the purposes of the war.” Wars, campaigns, battles, and emergencies are only won when a strategy is effectively prosecuted in the face of an enemy.

Luckily, there is much to learn from Britain’s approach after years of counter-terror operations against the IRA, Europe’s other Cold War-era terror groups, and now Al Qaeda. The United Kingdom developed an integrated national strategy for counter-terrorism based upon decades of experience. It is called the “four Ps”: Prevention, Pursuit, Protection, and Preparation.

  • Prevention is a long-term campaign aimed at preventing the radicalization, at home and abroad, of future generations of terrorists regardless of motivation.
  • Pursuit is a shorter termed campaign using law enforcement agencies, the courts and intelligence services to pursue and prosecute terrorists and their supporters at home and abroad and to try and disrupt and break apart all terrorist organizations.
  • Protection and Preparation is the campaign driven by the need to mitigate the effects of the threat and attack, through strengthening and protecting ­critical infrastructure, displaying through exercises the readiness to respond, to reassure citizens, and to deter potential terrorists.

All four integrated campaigns are dependent upon: the exploitation of sound and timely intelligence gathered in advance of attack; the rapid communication of information to the public and first responders; international cooperation; and lastly, national will. Such a strategy will not completely end the terrorist threat, but it will set the basis for effective counter-­terrorism measures and improve the state’s ability to recover in the aftermath of any attack. It allows citizens to go about their daily lives with a comfort level that put Britons back on the mass transit system within days of the deadly July 2005 attacks.

Canada recognized the virtue of the Preventative approach both at home and abroad through the Department of Public Safety’s cross-cultural round table on security and by directing the Departments of Foreign Affairs and International Trade to address the issues of democratization, development and human rights around the globe. The hope is that these measures will change the climate where radical views flourish and lead to terrorist acts. Other government departments have also been encouraged to engage in ‘out-reach’ activities with communities that have been disenfranchised.

In the area of Pursuit, Canada has been less assertive. In this area, the Canadian government has great strides to make before it can hope to execute an effective campaign. Though our laws have been strengthened in the face of the terror threat, the RCMP, intelligence services and military are viewed by experts and the average Canadian citizen as being under-strength, under-equipped, and under-funded. Canada has very limited ability at present to gather intelligence abroad in a forceful manner.

Canada is reportedly 1000 RCMP officers short. The military by any measure requires at least another 5000 regular troops. Canada Border Services Officers are unarmed (also mentioned in Scott Newark’s article elsewhere in this issue) and their crossing inspection points are not all linked to a central computerized information system. Canada’s intelligence apparatus is still ramping up and reorienting to the “human intelligence”-directed requirements of today.

As to Protection and Preparation, we are a long way from achieving a “comfort level.” Five years after September 11, 2001, few buildings even in the nation’s capital have protective barriers, and key sites remain vulnerable and unguarded. Port facilities are without a dedicated Ports Police and remain a matter of concern as highlighted by several Senate reports. Mass transit also remains vulnerable. In fact, there are few detailed plans for the protection of mass transit or even key government facilities. Detailed plans, when they do exist, tend to be local and there have been few exercises to test their effectiveness.

The federal government’s unfocused approach to the blackout that affected both the United States and Ontario in 2003 remains a matter of scrutiny and criticism. It might be argued that Canada has reached out with other nations to engage in liaison and cooperative international measures to fight terrorism, but we are still being asked by our allies to do more. Do we intend to?

Does our “national will” to do so exist? This is very serious in the face of another upheaval in the federal government, the February dispatch of more Canadian troops to Southern Afghanistan, and the reality of potential added casualties.

Canada needs an integrated counter-terrorism strategy before it becomes ­terrorism’s most inviting target. On March 7, 2005 testimony before the Senate Special Committee on the Anti-­terrorism Act, Jim Judd, Director of the Canadian Security Intelligence Service (CSIS) warned that terrorism had become a “global movement,” that it had developed a permanency in the strategic environment, and that it posed a “very real threat” to Canadian security. He said that terrorist supporters and the terrorists themselves had a global presence that spanned cultures, political systems and socio-economic backgrounds. Terrorist groups, he said, were composed of both highly educated elites and more humble foot soldiers, and that adherents are recruited in Canada.

The threat to Canada and Canadians is real. That is why Canada must adopt an integrated strategy to counter terror based upon Prevention, Pursuit, Protection and Preparation. It is only when you attempt to implement a strategy that you find the ‘gaps’ in your plans. Better we find them than suffer from terrorists doing so.

Professor Joe Varner is the chairman of the National Security Committee of the Federa­tion of Military and United Services Institutes of Canada. Currently, he is serving as Senior Advisor on national security matters to the Deputy Chairman of The Senate Standing Committee on National Security and Defence and the Leader of the Opposition in the Senate of Canada. He also teaches courses in homeland security and intelligence studies at American Military University.
© FrontLine Security 2006



Managing Victims
© 2006 FrontLine Security (Vol 1, No 2)

The scene: Just before 11:30 a.m. on Feb. 17, 2006, Mother Nature wreaks havoc with snow, rain, wind, and a flash freeze just east of Ottawa, near the town of Embrun. Driving conditions are terrible, but Highway 417 is busy, as usual. Suddenly, fierce winds create whiteout conditions and vehicles start crashing into each other, with some cars getting stuck under tractor-trailers. Half an hour later, after driving through the storm and the traffic jam caused by the accident, Jean Hamel arrives on-site with his paramedical crew. All he can see through the blizzard is wreckage: 38 vehicles are piled up along 500 meters of highway. Working conditions are difficult, because winds are still storming, creating frequent whiteouts.

The greatest challenge, recalls Hamel, a paramedic in Ottawa for 19 years, and one of the supervisors at the tragic Highway 417 pileup, was management of all the different people on-site.

Because the accident occurred just outside Ottawa’s territory, the victims were under the jurisdiction of Prescott and Russell Counties ambulance services. Overwhelmed, they called Ottawa and Leeds Grenville emergency medical services (EMS) for assistance. Because of the scale of the emergency, the three different teams were sent in response to the requests.

Coordinating between the different teams and other responders, such as firefighters and police, the paramedics monitored victims that were getting colder by the minute (temperatures had dropped to –15˚C at noon) while providing care to the most critically-injured.

They also had to make sure nobody was still caught in a car, or had been expulsed and was lying in the ditch. Making sure that all victims were found was challenging in the severe weather conditions, but paramedics know how to work well  under pressure. “It comes down to basics and training,”  says Hamel.

The Highway 417 car crash was not the only accident in the Ottawa area that day, and EMS dispatchers had to make sure that area hospitals could accept every patient. Ambulance sirens wailed around the city, and emergency and trauma centres were filling up. Police reported about 40 traffic accidents between 11:30 a.m. and 1:45 p.m. that day.

From the Embrun pileup, 34 accident victims with minor or (miraculously) no injuries were transported by bus to the nearby Limoges Fire Hall, while the 10 critically-injured were transported to different Ottawa hospitals. “Considering the conditions, it all went very smoothly,” says Hamel.

Although Ottawa’s weather can be exceptionally harsh during the winter, pileups are not a routine call for the city’s 326 frontline paramedics.

Like any other paramedic across the country, day-to-day duties include responding to 9-1-1 calls, providing first aid care to patients, and transporting them to hospitals. They will also give, for example, insulin to a diabetic in crisis, and provide support to mentally-ill patients.

“Canada is right up there with the best-trained paramedics,” says Ian Turner, a Palliser Health Region EMS supervisor in Medicine Hat, Alberta. In March, proving their the Palliser EMS finished in the top five at the 2005 JEMS Games in Baltimore, Maryland, an international competition sponsored by the Journal of Emergency Medical Services. The New York City fire department took first place, ­followed by Sussex County EMS of Georgetown, Delaware; the Regional EMS Authority of Reno, Nevada; and London Ambulance Service (England).

Photo: J.P. Trottier, Ottawa Paramedic Service © City of Ottawa

Health and paramedic services in Canada fall under provincial jurisdiction, so the training and practices may differ from province to province. However variations between the different systems is not as great as one may think, according to Turner. At the moment, each province has its own accreditation protocols, but there exists a voluntary national paramedic accreditation from the Canadian Medical Association. “The move is towards more and more people getting national accreditation,” says Turner, explaining that national accreditation brings more consistency in the techniques students learn, and makes it easier for paramedics to work in other provinces.

The main difference between the provinces remains in who provides the service on a day-to-day basis. In Alberta and Ontario for example, municipalities determine its level of EMS, while in Quebec and British Columbia, paramedic services are under the jurisdiction of regional health agencies. New Brunswick announced last April that its EMS service would be amalgamated and run by the province. However, depending on the scope and scale of any emergency, provinces can decide to take over control of the service, as British Columbia did during the 2003 firestorm.

Fires devastated over 250 square kilometres in the Okanagan Valley, forcing the evacuation of thousands of people in August and September 2003. The geographic size and the terrain were the main challenges to rescuers during that crisis, says Glenn Braithwaite, one of the directors of operations in Penticton, B.C.

During the fires, paramedics from every corner of the province were sent to southern central British Columbia, but their main duty was to provide rehydration and rehabilitation to the firefighters after working long and difficult hours. Few civilian rescues were required, as the region had been successfully evacuated.

In October 2003, B.C. Premier Gordon Campbell appointed an independent team to review the overall response to the firestorm. During the hearings, the team listened to concerns about management of the crisis.

Criticisms ranged from “too many bosses” to “no one running the ship,” and from “lack of coordination” to “jurisdictions and responsibilities were confusing.” These complaints were primarily evident in the early days of the disaster, according to the 2003 Firestorm Provincial Review.

The province should have been ­prepared for such an emergency. British Columbia already had an all-hazard emergency operations system, dubbed the British Columbia Emergency Response Management System, or BCERMS.

BCERMS is a B.C. variation of the Incident Command System (ICS), a tool developed in the United States in the 1970s in response to major wildfires in southern California. It standardized, among other things, communication services and action plans from the different first responder agencies throughout California, and later, the United States.

In Canada, ICS is used during mass emergencies by some provinces, such as Alberta and Ontario. But the 2003 B.C. firestorm review team found that, despite British Columbia’s adoption of BCERMS, the system was not taught and applied equally across the province.

The review team recommended ICS and BCERMS training for every B.C. emergency responder, including paramedics, with the expectation that this would result in better communication and effort coordination.

A number of paramedic teams had already received the training prior to the firestorm, says Braithwaite, “but it’s been reinforced within our organization” since the review.

Natural hazards creating mass emergencies happen every so often, and preparation to those incidents is, most of the time, a combination of learning from past experiences and performing one or two simulation exercises a year.

But getting ready to face an infectious viral threat, such as the avian flu, is a real challenge, according to Lauréanne Collin, media relations officer at the Agence de la santé et des services sociaux de Montréal, Montreal’s regional health agency.

“It’s difficult to create a pandemic simulation,” she says, explaining that Montreal and Quebec City medical teams participated in a mass anti-flu vaccination exercise last year, and evaluations were made during the campaign.

With a metropolitan area of more than 3.5 million people living in about 4,000 square kilometres, Montreal could be one of the hardest-hit Canadian cities in the event of an outbreak.

To mitigate the effects of such a crisis, Montreal is planning to open first aid ­centres that will act as a complementary space to the local community service ­centres and trauma centres. One of the responsibilities of these first aid centres will be to sort patients, determining the level of seriousness of each case, thus helping to reduce overload problems by having only the most severe cases transported to the trauma centres.

In the event of a pandemic, however, the role and responsibilities of paramedics in the Quebec system could be enlarged. In its Pandemic Influenza Plan – Health Mission, published last March, the Quebec Ministry of Health and Social Services concluded that the EMS would “play a crucial role during a pandemic,” but acknowledged that they would be put “under pressure due to personnel shortages.” This new Plan will be implemented in partnership with the 18 health agencies in Quebec.

In addition to responding to distress calls, the Plan will require EMS responders to play a greater role in transporting patients to and from hospitals and first aid centres. When answering a call, paramedics will also be responsible for identifying where patients should be transported, whether it is to a hospital, a first aid centre, or if they should stay at home. Local and regional dispatch centres will continue to handle 9-1-1 calls, but “special procedures, such as the setting up of a provincial centre to regulate inter-establishment transfers” will help manage large-scale crises.

The vital requirement to keep lines of communication open – both between themselves and with the public has been taken into consideration in Quebec’s Plan. Accordingly, government, regional, and local authorities and partners will continually exchange information through a coordination unit, which, in turn, will “prepare a communications action plan designed to ensure the greatest consistency possible and to mobilize all authorities and partners toward a common goal.”

In a pandemic crisis or any other case of mass emergencies, communications between the different services and the responders themselves is the key, emphasizes Ottawa paramedic Hamel. “You have to be able to work together.”

As the Highway 417 pileup, with its rescue mission under freezing whiteout conditions so graphically highlights, every paramedic, firefighter, and police officer has a mission-critical need to be ­connected and stay connected to every responder from every agency involved in any given crisis, big or small.

André Fecteau is a freelance writer based in Ottawa.
© FrontLine Security 2006



Combatting the Global Reach of Terrorism
© 2006 FrontLine Security (Vol 1, No 3)

Chief among their conclusions ought to be that this threat has global reach and is alive and well – and that there is no silver bullet counter measure that will prevent the next attack. Both assessments have profound meaning for how our state and local public safety agencies are organizing and preparing their people for this new age of security.

As law enforcement and public safety officials continue to assimilate the lessons learned from the recent disruption of a terrorist threat to commercial aviation, their assessments will impact the direction of threat.

Immediately on the heels of Scotland Yard’s announcement came the now-familiar blitz of conjecture regarding whether or not this particular plot had ties to Al Qaeda Central (AQC). Or, perhaps, like last year’s attacks on London’s transit system, this cell was of the homegrown variety. While such discourse is enlightening, it is essential that state/provincial and local ­leaders come to the sobering understanding that, regardless of the organizational nature of such cells, the Islamic ­fascist monster has global reach.

There are no more walls that protect smaller cities or remote towns. Consider this partial list of U.S. locales in which ­terrorist activities have been disrupted in recent years: Lackawanna NY, Bly OR, Lodi CA, Torrance CA, Iredell County NC, Miami FL, Toledo OH and Syracuse NY. Some of these places were infected with a homegrown threat and some with the tentacles of international terrorist organizations. Canada is also beginning to experience incidents of terrorist activity, such as the recent Toronto area arrests. It is a safe bet that there truly is no jurisdiction or democratic country that can rest easy, free from the specter of Muslim terrorists.

Nor can state/provincial and local gov­ernments rely exclusively on the Federal government to protect us from such threats. Federal governments are working hard, but state and locals have a unique role to play in our national/homeland security framework, and must be part of the solution. Among other attributes, these governments bring numbers, local knowledge, and community contacts. Additionally, they will invariably be the first to respond when catastrophe strikes – it is therefore of fundamental interest for them to become prevention oriented in order to mitigate the cost and trauma associated with such response.

Prevention begins with a careful analysis of worldwide events and an application of this knowledge to the local operating environment.

This latest cell was sophisticated in its organization and tactical planning. Its planned method of attack indicates an intimate knowledge of airline security measures, as well as bomb-making sophis­ti­cation. It appears that operational security and counter-surveillance were integrated into its planning. It was also a learning organization, continuing plans previously formulated by Ramzi Yousef & company in the 1990’s. Law enforcement and public safety officers must be equally sophisticated in their knowledge and ability to identify such activities.

It has been reported, for example, that one of the perpetrators in London was a Western convert to Islam. There are reports that he had shunned Western clothing conventions. It would not be at all surprising if this was also accompanied by a shunning of past family and friends in favor of a new found religious zeal. This would follow a pattern set by American Taliban Johnny Walker Lindh and Belgian female suicide bomber Muriel Degauque. Such radical behavioral changes in converts warrants further scrutiny.

On the other hand, as in last summer’s bombing in London, many of the neighbors of this latest group had not noticed signs of radical behavior. To the contrary, these individuals carefully concealed their violent intentions. Not all Islamic fascists outwardly embrace the physical manifestations of their ­radical ideas. Nor do they all fit into an easily identifiable physical profile, as is often suggested.

Random measures Effective
Despite the steady drumbeat of demand to adopt physical profiling policies, the benefit of such approaches is limited and certainly not worth the battle it would take to adopt them. A behavioral profiling scheme, such as the one that the Transportation Security Administration recently rolled out, is much more effective, while avoiding the political pitfalls that would surely come with a racial or ethnic profiling scheme. Under a behavioral profiling approach, security personnel are trained to observe and confront behaviors that are out of place in the environment being secured. It is out of place, for example, for a young man to wear heavy clothing into the Miami airport. Observing such behavior warrants further investigation.

But this is only one of many tools that must be applied in a redundant and robust security posture. For example, random measures, such as the ones NYPD has put in place in New York’s subway system, are another tool that is useful. While random measures are inconvenient and cause citizen complaints, they are effective in countering a learning adversary. In this latest case, the terrorists planned to use explosive materials they knew would pass through the security system. They also planned to use common items such as shaving cream cans and liquid containers to conceal the explosive concoctions. In other words, predictability, which would necessarily follow a racial or ethnic profiling scheme, would only serve the sophisticated terrorist in the long run.

Certainly profiling will continue to be a point which is debated vigorously. The broader issue is that our first preventers and public safety agencies need to learn and adapt to the threat. An increasing number of agencies, across both Canada and the United States, are demonstrating a growing capability to do so. Our Federal governments should encourage, foster and, where necessary, mandate such ­prevention oriented activities.

Tim Connors is the Director of the Center for Policing Terrorism at the Manhattan Institute, a New York City think tank.
© FrontLine Security 2006



2015: Facing the Security Challenges of Tomorrow, Today
© 2006 FrontLine Security (Vol 1, No 4)

A year ago, the Science and Technology Foresight Directorate of the Office of the National Science Advisor (ONSA) was asked to assist the new Public Security Technical Program (PSTP), a joint security technology initiative of Public Safety and Emergency Preparedness Canada (PSEPC) and Defence Research & Development Canada (DRDC).

The ONSA was asked to provide advice within the PSTP on a futures-oriented Public Security Science and Technology (PSST) agenda that could be aligned with the U.S. Department of Homeland Security (DHS) as part of the Security and Prosperity Partnership of North America. It would also provide focus to the capabilities and skill areas that a new DRDC Centre for Security Science might need to have to face the anticipated national security – all hazards challenges of the next decade.

We have been developing a foresight expertise through a series of collaborative projects aimed at emerging and frontier technology domains that will be relevant to national policy development in the next decade and beyond. These projects have involved several partners, mostly from inside the federal government, and have addressed subjects such as future fuels, bio-health innovation, geo-strategic systems, and animal health and infectious disease.

Foresight is a process that relies upon a set of tools that encourages experts to extend their knowledge and vision through environmental scanning, technology roadmaps, scenarios and expert panels asking: what if, and what prospective impacts?

Since we cannot predict the future, the approach is based upon contingent examination of several types of potential “future-shaping” factors, forces and their S&T linkages. The intent is neither to be prescriptive, nor to identify a single forecast, but to create multiple, plausible ­alternatives that will represent a range of situations for which we may have to be prepared in a rapidly changing world where S&T is usually a key driver.

When approached by DRDC-PSEPC in November 2005, our response was to create a network of security stakeholders and future S&T thinkers to reflect upon key issues and questions outlined here.

Protective Futures Workshop
The workshop was organized in March 2006 at DRDC Shirley’s Bay Ottawa to generate foresight that would feed into “Vision 2015” for the Systems Integration, Standards and Analysis (SISA) mission area of the PSTP – a joint initiative of PSEPC and DRDC with the U.S. Department of Homeland Security.

“Vision 2015” defines possible future challenges to public safety and national security in the 2015 timeframe, targets national capabilities for meeting those projected challenges, and provides opportunities available to science and technology for obtaining the identified capabilities.

This includes ‘all-hazards preparedness’ for the future security of Canada’s borders, the flow of people and goods across these borders, and for secure trans-border critical infrastructure, as called for by the “Smart Border Declaration” and the “Security and Prosperity Partnership of North America.”

PSTP seeks to ensure:

  • Robust public safety and security policies;
  • A capable and responsive national emergency management system;
  • National surveillance and intelligence gathering-analysis that supports rapid intervention;
  • Rapid identification of critical infrastructure vulnerabilities; and
  • National capabilities that ensure the safe, secure and efficient flow of people, goods and services across borders.

Scanning and Risks – Key Answers to Hard Questions
Q1. What sort of world could we expect to see in terms of both major global and North American societal and technological trends and potential discontinuities?

Q2. What are the likely risks generally related to borders, infrastructure, and public security and safety that will characterize 2015?

Workshop participants were provided with a “strategic environmental scan” based upon a wealth of expert information from national and international S&T specialists, security and intelligence focused professionals, and futures-technology and foreign-affairs generalists.

The discussion focused both on projected and plausible terror threats (divided opinions about probability and impacts) and on topics such as peak oil and transition to more sustainable fuels by 2015. No consensus was achieved, but evident trends became obvious in respect of more renewable and natural gas-unconventional hydrocarbon fuels from gas hydrates and other new sources, and on the growth of production and trade involving leading technologies by China and India.

Many felt that while the changes would be very significant for technology development, (quantum, cyber, nano, bio-info and convergent systems advances), trade would still be led and essentially determined by US-EU consumption patterns and the US primary trading partners at least until 2015.

Central to the “all-hazards” and broad view of national security is that relative security must be found at all levels of society – from personal safety to societal freedom from arbitrary violence and rights infringements by the state. Many also indicated that new S&T innovations can be used to increase capabilities for both protection and enhanced threats – for example, the internet and its easily available “how to” guides, or: should quantum computing become available before 2020, the first nation to acquire this capability will have an intelligence advantage. Nano-technology and its convergence with bio and info technologies may have both positive and negative implications.

Many of the most severe potential threats – such as deployment of weapons of mass destruction, intentional environmental or bio-food system terrorism were not seen as high probability for Canada although they might be used against the U.S. with strong secondary impacts on Canada.

The Workshop concluded that the complexity of the security environment is likely to continue to increase with advances in S&T – since many of these raise issues of ethical choice about surveillance, and consent.

Clearly, the threat from global terrorism remains significant in the estimation of this group of foresight participants, but certainly not the only big challenge when a broad security definition is included.

From the perspective of many of the participants, terrorism represents a shock type of event – very high impact, but uncertain probability, and likely quite dependent on the depth and duration of Canada’s global military commitments.

Comments on Potential Public Security Threats, Risks and Vulnerabilities

  • Canada becomes fully technologically reliant on another country (e.g. USA) with a loss of independent capacity for risk readiness and detection
  • Limited international collaboration – weakened intelligence, second rate technology and insufficient preparations to enable adaptive response capacities by national and responder level authorities to bio-terrorism or weapons of mass destruction.
  • Physical separation/geography does not protect us anymore in an asymmetric, digital warfare, global environment
  • Government infrastructure may be more vulnerable than the private sector with fewer direct stewards, and outdated technologies
  • Environmental refugees could seek Canada
  • Global language could change from English
  • Global warming leads to ‘inevitable ­surprise’ as diseases spread to newly warmed zones enabling rampant spread
  • Lack of ‘surge capacity’– from public authorities being ill equipped or not well organized and managed for threat management and mitigation
  • Over-harvesting of renewable resources could create dislocations of higher magnitude than in nations with less resource dependency
  • Urgent need for an Arctic strategy (opening of North-West Passage) as melting opens the possibility of year round sea lanes
  • Permafrost melts – making settlements unviable that have had ensured sovereignty from 1867– to present
  • Interoperability of command and control in an all-hazards environment – little experience and few rehearsals to enable efficiencies and standardize response protocols
  • Availability of weapons (information) on the internet – growing much faster than our ability to intercede maybe even track and analyze
  • Human performance enhancement – an important new area of security towards which we have devoted almost no resources
  • Mobilized moral outrage - tipping point reached by disenfranchised youth – a potential consequence of multiculturalism gone awry if economic opportunities become closed, particularly to those prone to extremist influences, now accessible on the internet

The Workshop’s proceedings themselves are expected to be of immediate interest to PSEPC and a number of their partners in the public-safety and national-security community.

The next step will be to assess how to use the proceedings to drive discussions of national security challenges to provide input into the capabilities needed to meet these challenges, and which strategic S&T investments in the Defence R&D Canada Centre for Security Science could help Canada acquire those capabilities.

For 2006-07, a second round of foresight events, focused on a deeper scanning and aligned work in cyber security, food security and nano-bio-nano systems technology convergence is being discussed for the 2007 time period.

Jack Smith is the Director of Science & Technology Foresight at the Office of the National Science Advisor, Industry Canada.
© FrontLine Security 2006



Changing Attitudes at the Borders
© 2006 FrontLine Security (Vol 1, No 1)

As someone who’s been involved in changing laws for a decade or more, I can safely state from experience that changing attitudes is usually more difficult than changing laws. This less than profound thought occurred to me during a recent cross-country tour and security analysis of Canadian air, marine and land Points of Entry. I was in Halifax talking with an earnest young Border Services Officer (formerly called a “Customs Officer”) about how, as a member of the Marine Enforcement Unit, they dealt with ships anchored off shore that had been targeted for investigation. “Wait till they dock or they send a ship to get us” he replied. He saw my puzzled look and explained, “we don’t have a boat sir.”

The Canadian Border Services Agency’s (CBSA) Marine Enforcement Unit, responsible for all of Nova Scotia and our busiest Atlantic seaport, doesn’t have a boat. It also has to get special permission to proceed to the port of Sydney to search a ship because getting a team out there takes extra time which costs money. Somehow, I get the feeling the bad guys have figured that out as well. I’m also going to guess that I’m not the first person to point out to the CBSA that the Halifax Marine Enforcement Unit should have uhhhh… you know… a boat.

The fact that they don’t, that commercial truck inspection and clearance at the Windsor Port of Entry is run on an honour system, and that CBSA runs a Border Management Plan (BMP) which defines success by meeting quotas for searches and not interdictions (which aren’t even recorded as part of the BMP), are serious signs that enforcement is not the attitudinal priority it should be at CBSA. Other examples of this include policies that order officers not to pursue persons deliberately running the port, and policies that permit threatening or armed and dangerous persons to enter Canada unobstructed (other than a phone call to a distant police service while they watch disappearing tail lights).

Given CBSA’s historical Canada Customs background of tax collection and ‘welcoming’ visitors to Canada, the existence of such an attitude is not surprising. What is surprising, and frankly dangerous, is that it continues to linger despite a clear and compelling evolution of duties and focus at our borders and Ports of Entry. The very creation of the CBSA within a newly established Public Security Ministry signaled the change of focus to security and enforcement, but, strangely, that hasn’t seemed to materialize completely in CBSA operations or, more accurately, those responsible for directing CBSA operations.

For nearly a decade, the Criminal Intelligence Services Canada (CISC) has been warning about the growth of organized criminal activity focused at Canada’s Ports of Entry and border crossings. In fact, it is now recognized as being significant enough to merit a special category within CISC’s Annual Report. The 9/11 attacks brought the importance of border security and perimeter security to previously unimagined levels. At the same time, industries and organizations involved in cross border and maritime cargo container trade made clear that economic prosperity was directly linked to the facilitation of the movement of goods. Security and trade, we were told, have to be complimentary not contradictory.

A joint venture between the Marine Centre of Expertise in Halifax and the Contraband Detection Section at CBSA headquarters in Ottawa, the Remote Operated Vehicle (ROV) is a lightweight, easily deployable, remotely operated vehicle. It allows the examination of the exterior portion below the water line, by transmitting images to a monitor. (Photo: CBSA)

In large measure, the political component of the Canadian government responded. By December 2001, based on joint commitments to enhanced security that targeted high risk subjects while facilitating low risk movement, Canada had entered into a 30-Point Smart Border Accord with the United States. The accord clearly accepted the concept of perimeter security. In 2004, Canada released its first ever National Security Policy, followed by a Critical Infra­struc­ture Protection Strategy, both of which acknowledge that what happens (and what doesn’t) at Canada’s Ports of Entry will have a profound impact on our public security and prosperity. In 2005, Canada, the United States, and later Mexico signed a Security Prosperity Partnership that embraces the importance of security and enforcement at Ports of Entry. CBSA’s Mandate and Mission Statement reflect that, officially at least, the tax collection culture of Customs Canada was to be replaced by a culture of inspection, interdiction and enforcement. Achieving this change of attitude appears to be a mission not yet accomplished for those in charge of directing CBSA operations.

So what needs to be done? I’d suggest the following.

  1. Complete the conversion of CBSA into a law enforcement agency by internal re-organization and remodeling. Law enforcement agencies don’t have Presidents, companies do, and while the CBSA must be well run, it is simply no longer a business operation.
  2. Provide front line personnel with appropriate law enforcement tools and resources to do what Canadians expect of them. This means side-arms; proper lookout systems using face recognition biometrics; radios that work; boats; facilities that hamper, not encourage, port running; and comprehensive and integrated data bases. It also means putting an end to the dangerous absurdity of work alone sites or saving a few bucks by using inadequately trained students for critical operational tasks.
  3. Establish an armed, mobile Border Patrol to cover the vast territory between Canada’s Ports of Entry, integrating the Canadian Coast Guard and the CBSA for the same purpose. We don’t need more stand alone entities. Maritime and land border patrols should be part of the enforcement agency.
  4. Use these security enhancements to take the next steps in low risk trade facilitation by establishing pre-border reverse inspection sites, deploying the low risk, expedited clearance FAST and NEXUS systems instead of passports for Canadians and Americans, and converting security clearance at a maritime Port of Entry into expedited clearance at an inland Canada-US border crossing.

In this security-heightened world in which we live, “more” is not automatically “better” security. Intelligence-based security and enforcement can actually facilitate cross border and maritime cargo container trade but only if it is done with a clear acceptance that inspection, interdiction and enforcement are Job One at the border and Ports of Entry, and everything else is secondary. The place to start at CBSA is in changing attitudes.   

Scott Newark is currently providing policy and operational advice to Canada’s new Minister of Public Safety and Emergency Preparedness.
© FrontLine Security 2006



Scientific Illiteracy Impairs Canada's Pandemic Plans
© 2006 FrontLine Security (Vol 1, No 2)

Beware of an alarming illiteracy in Canada! This problem is evident among health officials tasked with protecting the public. It appears that they have not read, or possibly not understood, the science – we know they have disregarded it. Their lack of understanding is egregious. They also have not called upon the cadre of professionals who are well versed in the science and art of protecting people from disease, particularly airborne disease.

As indicated in the November 2005 submission of the International Occupa­tional Hygiene Association (IOHA) to the World Health Organization (WHO):

To most effectively protect the public at large from a virulent and transmissible strain of avian influenza that (by general consensus) is likely to develop in the near future, it is necessary to minimize the exposure of two “front line” worker groups (FLWs) who are at greatest risk – poultry workers, who are in direct contact with the immediate source, and health care workers (HCWs), who will be the first to encounter the ill (and contagious) members of the public. Once these FLWs become infected, they (in addition to personally experiencing the direct consequences, and society thereby losing their valuable services at the outset) will transmit the disease further.

As the world moves inexorably closer to an influenza pandemic, with the potential for it to be the most societally-devastating event in this century, our Pandemic Preparation Plans continue to be based on myth and baseless hopes.

Pandemic Plans should and can be effective, they must make use of available science and technology, and can be maintained at lower cost than is currently envisaged. To do this, our public health officials must update their education rapidly and, especially in view of the time constraints, seek immediate help from the occupational hygiene community.

The response from Ontario’s Chief Medical Officer of Health, to this author’s suggestion that its Plan constitutes criminal negligence on the part of its Health Minister, was to indicate that PIDAC (the Provincial Infectious Diseases Advisory Committee) had “endorsed the recommendation... [including] the use of a surgical mask... as appropriate.”

Unfortunately, no one in PIDAC is qualified in occupational hygiene, nor more specifically, in the critical aspects of aerosol science and respiratory protection.

There was no response received from the Chief MOH to a follow-up communiqué emphasizing that “a fundamental requirement in a scientific review is the ability to rely only on primary references,” providing some specific examples, and including an offer of assistance.

When it comes to diseases such as Influenza, the basic tenets one would expect to see accepted, based on decades of scientific and professional work, are:

  • an expelled or exhaled aerosol is largely of respirable size, or rapidly becomes so as a result of the evaporation of water in any droplets;
  • this aerosol can remain suspended in air for a long time, and can travel considerable distances;
  • surgical and procedure masks are inappropriate for use as respiratory protective devices (RPDs); and,
  • air purifying respirators must have an air-tight seal between the device and the skin of the face if they are to provide the anticipated degree of protection.

However, and to the contrary, the accepted dogma in Infection Control is:

  • exhaled droplets are large, and travel in air no more than 3 feet (1m); and
  • a surgical mask provides protection.

PIDAC drew upon the Canadian Pandemic Influenza Plan (CPIP), which introduced this erroneous dogma into national Pandemic Plans.

Personnel involved in the production of the CPIP have similar backgrounds to those that participated in PIDAC’s work; as the saying goes – if you keep doing what you’ve been doing, you’ll keep getting what you’ve been getting.

Infection Control was, for many years, a concept not given its due support - why bother to prevent a disease, when there’s a cure? Consequently, the Infection Control community has indeed “circled the wagons,” they (seemingly) do not want science confusing matters further.

In anticipation of a disease of major proportions, and in preparation of our corresponding defence, it is more than appropriate to consider modes of transmission. We must understand “exposure” in order to prevent it most effectively.

There has long been argument of whether influenza is transmitted through the air. In the internationally respected medical journal, The Lancet, one finds this statement: “It seems to be without doubt to be carried through the air.” That was in 1897. Over the years, some have disagreed; however, the weight of evidence clearly indicates that influenza is transmissible (and contagious) through the air.

Many authorities have “got it” – for example, the U.S. Centers for Disease Control and Prevention wrote of influenza in October 2005: “Airborne spread is the predominant form of transmission.”

On the other hand, Canada’s national preparation plan continues to act on the belief that airborne transmission is “contro­versial,” and has based its plan on that premise. The matter is not controversial among those with expertise in airborne disease.

The Plans’ sections on “prevention” consider agents such as vaccines and anti-virals as the first line of defence – never mind that these are going to be unavailable or unreliable – they don’t start to take effect until the virus is within the body.

In security terms, that’s like considering a “perimeter defence” consisting of checking ID at the food line of the dining hall – it may actually catch some of the “bad guys,” but it’s hardly primary prevention.

Can we rely on primary prevention to prevent a pandemic? No. But, we have a choice as to how many millions become ill, may well die and, the concomitant degree of societal disruption. Such measures protect not just from pandemic ‘flu, but also from other novel pathogens, the newly-resistant strains of “old” bacteria that could formerly be treated with antibiotics, and from diseases re-emerging due to a relaxation of preventive measures such as vaccination.

What is in these various Plans? They include the basic premise that around every infective person, at a distance of 3 feet (1m), there is some kind of shield through which infectious organisms cannot pass. Call it the ‘Magineit Line’ – even more nebulous than the Maginot Line on France’s eastern border – considered by some as exemplary of a situation where authorities came to believe their own propaganda: that the mere existence of the Line rendered them impervious to invasion.

To highlight how broadly accepted this faulty presumption is, Ottawa’s Interagency Influenza Pandemic Plan considers front-line workers to be only those who “would be within one metre of influenza patients.”

Does exposure decrease with increasing distance from the source? Typically, yes. Is there a “barrier,” or any other quantum leap in exposure, at 3 feet? No.

A 1996 editorial in the New England Journal of Medicine attributed the so-called “Three-Foot Barrier” notion to J.A. Glover. Anyone who reads the original (1920) reference will recognize not only that the concept of such a “barrier” is ludicrous but, from Glover’s government report, that there is no basis for devising one. However, he did devote considerable attention to “dangerously deficient ventilation,” which, notably, has been disregarded in today’s health care environment.

The basic principles of occupational hygiene stipulate control at source. If you find yourself in a hospital (whether as staff, patient or visitor), note the visible ventilation system components. In the Emergency Department for instance, consider the relative placement of:

  1. air supply and exhaust; and
  2. triage staff and incoming patients.

Air should be supplied to the area usually occupied by staff, drawn through the area usually occupied by the patient(s), then exhausted. This minimizes the likelihood and extent of patient bio-effluents impinging on staff. Ventilation is often “backwards” with the system directing bio-effluents from the patient towards the staff.

And, we wonder why existing occupational and nosocomial infection rates are high? Pandemic Flu will prove much less forgiving in this situation.

What else is in the Plans? The Health Care Worker’s proverbial “new clothes.” Many plans call for the use of “masks,” such as surgical masks. There are many scientific and technical reasons why this is negligent advice. For those under federal jurisdiction, though, it’s simple: the Occupational Safety and Health (OSH) regulations stipulate that an RPD must be listed in the “NIOSH Certified Equipment List.” “Masks” are not.

When it comes to respiratory protection, some jurisdictions have “got it right,” British Columbia, for example – the “other” province to experience the SARS problem.

During SARS, British Columbia stipulated that surgical masks do not provide adequate protection, and that a filtration capacity at the NIOSH N95 level is the minimum acceptable. On the international front, France also stipulates and regulates to the same standard (including, of course, the EU equivalent).

“The next outbreak, however, may be even more insidious than SARS. Canada may have to deal with a deadly airborne virus, or a virus transmitted via droplets but with such a long incubation period that quarantine would be worthless. Will we be ready?” asked Dr. Naylor, Chair of the National Advisory Committee on SARS and Public Health (October 2003, Learning from SARS – Renewal of Public Health in Canada.)

Not unless our Pandemic Plans are soon changed.

The good news might be that the Public Health Agency of Canada has called for a “consensus” meeting on Influenza Prevention (in Toronto on June 15 and 16). Of course, consensus depends on whom you ask. In this case, a provincial nursing organization has been rejected because this is a “technical scientific meeting where all participants are bringing in-depth experience and knowledge on the use of masks to protect health care workers. We are inviting specific national organizations… [this meeting] will bring together key authorities in infection control and prevention and occupational health and hygiene from across the country and abroad.”

Is this an acceptable approach? It would be – if it were true.

Health Canada offers this definition of Occupational Hygiene: the art and science dedicated to the anticipation, recognition, evaluation, communication, and control of environmental hazards or stressors in, or arising from the workplace that may result in injury, illness, or impaired well-being of workers and/or members of the community.    

The Canadian Registration Board of Occupational Hygienists (CRBOH) is the national organization of accredited professional hygienists and represents Canadian practitioners of the discipline at international forums. Like the nurses, its interest in participating was rebuffed because it had not been invited.

Ironically, a member of the CRBOH (and, as the designate of the International Association representing its 20,000-plus professional hygienists in 20-plus member nations) was one of some 15 invited non-WHO technical experts participating in the WHO Pandemic RR&C Geneva meeting in March.

The President of the Treasury Board (responsible for the administration of ­federal OSH laws) writes, on behalf of our Prime Minister: “Accountability is the foundation on which Canada’s system of responsible government rests. It is key to assuring Parliament and Canadians that the Government of Canada is using public resources efficiently and effectively, and that it answers for its actions.”

What can you do to encourage and ensure the immediate and ongoing accountability of our public health officials in view of these serious challenges to our preparedness and to your health?

It’s not too late... is it?

Ugis Bickis, MEng, PhD, CIH, ROH is a Principal of Phoenix OHC, Inc., on (adjunct) faculty of Queen’s University at Kingston and the Royal Military College of Canada, and is CRBOH’s representative to IOHA.
© FrontLine Security 2006



Linkages of Terror
© 2006 FrontLine Security (Vol 1, No 3)

Canada and her European allies had best beware of the Lebanon-based ­terrorist group Hezbollah as UN negotiations to halt Iran’s military nuclear program continue in stalemate, and tensions rise with Israel and the U.S.

On July 11, the eve of the kidnapping of two Israeli soldiers that sparked the recent conflict, Ali Larijani, the head of Iran’s National Security Council, threatened European Union negotiators that Iran would harm Western interests if its nuclear program was referred back to the UN Security Council.

The following day, as fighting broke out, Larijani met with representatives of Hezbollah and Hamas, whose members staged a similar attack three weeks earlier on Israeli troops. Iran has clearly demonstrated that it is prepared to use Hezbollah, with its wide reach, to fight proxy a war with Israel, and perhaps the West.

Iranian Influence
Iranian influence within Hezbollah is significant and undeniable. They share a common bond – they have both been influenced by the Islamic Revolution that overthrew the Shah of Iran – and Hezbollah wants to create a Shia-dominated state in Lebanon under Islamic law. Like Iran, Hezbollah is anti-West and anti-Israel and has called openly for the destruction of the Jewish state.

In their hatred of Israel, Iran and Hezbollah share a common ally in the Baathist dictatorship of Syria. In fact, Syria is the conduit through which Iran ships weaponry to Hezbollah. Hezbollah heavily protested Syria’s forced retreat from Lebanon in the last year. It was through Syrian intelligence, its troops and Hezbollah, that Syria allegedly controlled Lebanon and its government.

Hezbollah was first established in 1982 (only three years after the Iranian Revolution) to fight the Israeli occupation of Lebanon. The group is believed responsible for the mass casualty suicide attacks that destroyed the U.S. Embassy and U.S. Marine Barracks in Beirut in 1983 (killing 200 people), and the U.S. Embassy Annex in Beirut in 1984. In 1985 it reportedly carried out the hijacking of TWA 847. It is also believed to have been responsible for kidnapping several Western hostages in Lebanon during the 1980s. In Argentina, Hezbollah is thought to have been behind the 1992 destruction of the Israeli Embassy, resulting in the deaths of 29 people, and later, the 1994 bombing of a Jewish Com­munity Centre, killing 95.

Hezbollah’s head of overseas operations, Imad Mughniyeh, reportedly floats back and forth between Tehran and Syria. In March 1984, Mughniyeh kidnapped the CIA’s Beirut station chief, William Buckley. The kidnapping triggered what later became known as ‘Irangate,’ when the Americans tried to exchange Buckley and others with arms for Iran. The attempt ended in the death of Buckley and in a political fiasco that embarrassed the Reagan administration.

Mughniyeh visited Syria in January 2006, alongside President Ahmadinejad of Iran, for a summit with Syrian President Bashir Assad. Israeli reports suggested that he visited Syria and possibly Lebanon just prior to the ambush and kidnapping of the two Israeli soldiers that sparked the recent Israeli incursion into Lebanon.

Getting into Politics
Hezbollah (like another Iranian client, Hamas) has begun to branch out into a mainstream political party, electing 14 members to the Lebanese Parliament in 2005, making it the fifth largest voting block in the government. In fact the Hezbollah Amal alliance took all 23 seats in Southern Lebanon for 27.3% of all seats in the election. Hezbollah also provides aide to its local civilian population, similar to Hamas. But, since 1982, it is believed to have carried out some 200 attacks, killing an estimated 800 people. Today Hezbollah is estimated to have more than 100,000 supporters and 2000 trained terrorist militia members, and is believed to operate cells in Europe, Africa, South and North America.

Funding, Training & Arms
As documented in many sources, and spelled out in some detail in the 2005 Country Reports on Terrorism of the U.S. Department of State, under Chapter 8, Iran has been the primary provider of funding, training and arms to Hezbollah. Iran provided Hezbollah with some 500 medium range (75km) Fajr-3 and Fajr-5 rockets and, along with Syria, some 12-13000 short range Katyushas rockets. Russian-made anti-tank mines and AT-5 Spandrel anti-tank missiles, recently manufactured in Iran under Russian license, found their way onto the battlefields of Southern Lebanon this July and August. Hezbollah has routinely sent its members to Iran and the Bekaa Valley for military training.

Iranian Revolutionary Guards are alleged to have carried out the C-802 anti-ship cruise missile attack on an Israeli naval vessel off the coast of Lebanon, killing four sailors.

It is believed that Iranian-manufactured 200km range Zalzal-2 rockets were transferred to Lebanon for Hezbollah use. Iran also provided Hezbollah with a Mersad-1 unmanned aerial vehicle that conducted two reconnaissance flights of northern Israel in the last two years and could have provided targeting intelligence.

The German national daily newspaper, Die Welt, reported that Iran released Osama bin Laden’s son, Saad bin Laden, from house arrest and sent him to the Syrian-Lebanese border. According to the London-based Arabic daily, al-Sharq al-Awsat, the Iranian Revolutionary Guard set up a emergency committee in Damascus to re-arm Hezbollah during the cease-fire. Iran also reportedly constructed the bunkers that protected Hezbollah leaders and their command infrastructure. All of this, as Canada was part of UNIFIL and assisting in the “monitoring of the disarmament of Hezbollah” for over 20 years?

Syria, Iran’s ally and client-state, provided Hezbollah with the Syrian-made 220mm rocket, recently used against Israeli towns as they came off the assembly line, in direct competition to the Syrian Army which was trying to integrate the powerful rockets into its own inventory. Syria also reportedly provided intelligence to Hezbollah for their targeting of Israeli strategic facilities in and around Haifa. Iran and Syria are also believed to be providing weapons, funds and training for Muqtada al-Sadr’s Iraqi Shi’ite militia in Iraq that is a mirror image of Hezbollah.

Canadian Response
In 2002, under great pressure from the then Opposition Conservative Party, the Government of Canada added Hezbollah to its list of terrorist groups. In 2004, Naji Antoine Abi Khalil, a Canadian, was charged by the FBI with attempting to provide material support to a terrorist organization, based on his participation in a scheme to ship goggles, infrared aiming devices, and other night-vision equipment to Hezbollah. The group has been linked to the illegal cigarette smuggling business in the American Northwest. Hezbollah has an almost global reach that has intertwined itself with criminal enterprises.

Thus, it is not without cause that the current Canadian government has soundly rejected the concept of taking Hezbollah off the list of banned terrorist entities.

Threats and Ambitions
By the end of the fighting this summer, it was hard to separate Hezbollah activities from those of Iranian Revolu­tionary Guard troops. It became clear to observers that Hezbollah was operating as an arm of the Iranian government. There is little doubt that Iran was frustrated over its military nuclear program and that Hezbollah provided a tool for lashing out.

Iranian Revolutionary Guards and Iranian-backed militias have been used by Iranian officials to threaten United States-backed coalitions in both Iraq and in Afghanistan, where Canada has a considerable military presence, in the event of an American strike on Iran’s nuclear facilities. Not surprisingly, shortly after fighting commenced on July 12th, Hezbollah cells operating in the United States were allegedly placed on alert to prepare for attacks in the continental United States.

Is Hezbollah credible among citizens of the Middle East? Note this indicator from a recent report in the Washington Post by Saad Eddin Ibrahim, professor of political sociology at the American University in Cairo: “According to the preliminary results of a recent public opinion survey of 1,700 Egyptians by the Cairo-based Ibn Khaldun Center, Hezbollah’s action garnered 75% approval, and Nasrallah led a list of 30 regional public figures ranked by perceived importance. He appears on 82% of responses, followed by Iranian President Mahmoud Ahmadinejad (73%), Khaled Meshal of Hamas (60%), Osama bin Laden (52%) and Mohammed Mahdi Akef of Egypt’s Muslim Brotherhood (45%).”

In conclusion, there is little doubt that, in the event of a showdown with the West over its nuclear ambitions, one tool of the Iranian government will be to threaten terror attacks on Western capitals and, with Canada playing an active role at the United Nations, Hezbollah presents a clear and present danger to Canadian interests at home and abroad. Do we have the means and resolve to recognize and meet this threat? Time will tell.  

Professor Joe Varner is the Chairman of the National Security Committee of the Federa­tion of Military and United Services Institutes of Canada. He is also the Academic Program Manager for Homeland Security and Emergency and Disaster Management at the American Military University.
© FrontLine Security 2006



Border Integrity
© 2006 FrontLine Security (Vol 1, No 4)

The length and geography of Canada’s shared border with the United States presents security challenges. To meet those challenges, the Royal Canadian Mounted Police’s Border Integrity Program tackles cross-border crime by taking an international and ­integrated approach in their investigations.

Canadian and American law enforcement agencies from all levels operating near the shared border, work together daily to target organized crime and other national security threats.

The following contains excerpts from an interview with the Director General of the RCMP’s Border Integrity Program – Chief Superintendent Mike Cabana, and Assistant Chief to the U.S. Border Patrol, Bruce Cooke, who has been based at RCMP headquarters in Ottawa for the past four years.

What is the RCMP’s Border Integrity Program?

C/Supt. Cabana: Following 9/11, everyone’s attention was drawn to the border as it became the subject of worldwide ­discussion. Every country began focusing on the integrity of their borders.

The RCMP looked at its programs and recognized the need to regroup a number of them under one umbrella to improve coordination and effectiveness.

The RCMP’s Border Integrity Program encompasses units that investigate cross-border criminality and threats to Canada’s national security along the shared land border and at major air and marine entry points.

There are many challenges in securing Canada’s border with the United States, including its length (approximately 8,900 kilometres) and its many remote/isolated border points. How is the border integrity program addressing those challenges?

C/Supt. Cabana: If you look at the border and you look at its geography, a great deal of it also involves shared inland waterways and coastlines. We’re addressing the land, air and marine border challenges by leveraging resources with both domestic and U.S. agencies and through a number of joint initiatives. No single agency has enough resources to address the integrity and the security of the border in isolation.


Criminal organizations are very good at adapting because they don’t have red tape to go through. By sharing information and leveraging resources with law enforcement on both sides of the border, we’re getting very good at anticipating where criminals are going so we can set a direct course to target them.

I think one of the most effective post 9/11 initiatives at the moment is the Integrated Border Enforcement Teams (IBETs). There are 23 teams situated in strategic locations along border regions. The IBETs assess available intelligence to identify high-risk areas along the border.

IBETs are also linked to local, provincial and state police, Combined Forces Special Enforcement Units (CFSEUs), Integrated National Security Enforcement Teams (INSETS); National Port Enforce­ment Teams (NPETS) and all of the ­border security and national security investigative teams. That’s what allows us to secure the border.        

The five core IBET agencies are: the Royal Canadian Mounted Police (RCMP), Canada Border Service Agency (CBSA), U.S. Immigration and Customs Enforce­ment (ICE), US Customs Border Protection/ Border Patrol (CBP/BP) and the U.S. Coast Guard (USCG).

What are some of the myths concerning border security?

C/Supt. Cabana: One of the biggest myths is that border security only means patrolling the border. It goes beyond that. IBETs focus on building partnerships, gathering intelligence and investigating. They are intelligence-driven.

The St. Lawrence Seaway is one route used by criminals to smuggle contraband both ways across the Canada/U.S. border.

Rather than driving along the border hoping to come upon something, IBETs leverage the resources of the other ­agencies, analyze the information, and then identify where the vulnerabilities and the hot spots are.

The border is literally a line that separates two sovereign countries. But if we only focus on that line it’ll give us a myopic view of the realities. Criminal organizations are not on either side of that line meeting and talking, plotting their next move. We have to focus on criminal organizations operating inland, as well as at the border. The border is one point in a long continuum.

We hear a lot about intelligence-led policing. What is it?

C/Supt. Cabana: Intelligence-led means setting operational priorities based on knowledge of the environment and risk assessments. It isn’t new to law enforcement, but with recent major events – 9/11 being one of them – we’re becoming ­better at streamlining our intelligence, allowing for a more robust and effective intelligence sharing mechanism. Agencies no longer look at their intelligence in ­isolation, and that leads to a clearer ­understanding of risks, vulnerabilities. Conse­quently, decisions and investigative priorities are made in consultation with all stakeholder agencies.

As Assistant Chief to the U.S. Border Patrol, what are your thoughts on the strong focus on ‘intelligence-led’ policing in securing the border?

Asst. Chief U.S. Border Patrol, Bruce Cooke: It is absolutely the right way to go. Both Canada and the United States have finite resources when it comes to law enforcement on our shared border. If we each go off on our own and do our own thing without coordinating and without sharing intelligence, no one benefits... with the exception of the bad guy.

Criminal organizations out there have been hiding in the weeds, but when we share information and identify the threats, we part the weeds and expose them. No single law enforcement agency has all of the information; they all have a piece of the information. We need to pull all of those people and pieces of information together to find out what the big picture is, identify the target and go after them.

How do provincial and municipal police forces contribute to border security?

C/Supt Cabana: They are key. If we look at the philosophy behind what I call the “layered approach” it means we can’t focus on one area, we have to focus on a continuum. If we are talking about leveraging the intelligence of all agencies to get a clearer picture of the missing piece of the puzzle, this is where it is crucial to have municipal and provincial agencies participate.

Police often conduct training exercises on the shared waters to target smuggling networks.

Do communities also have a role to play in securing the border?

C/Supt. Cabana: Very much so. No one agency has all of the resources to lock down the border and make sure absolutely nothing can get through. The public can be our eyes and ears. They know what is usual and what isn’t.

Increasingly, employees from other law enforcement agencies are working alongside RCMP members (sharing offices in some instances). Is this something we’re likely to see more of in the future?

C/Supt. Cabana: I think so. It shows the level of integration that we’ve been able to attain. We not only have representatives from U.S. agencies but provincial and municipal partners too. The RCMP also has staff working in the United States and we have members seconded to municipal and provincial agencies. Integration is a two way street.

If we take the Border Integrity program as an example, we have a national coordinating committee which has representation from U.S. partners such as the U.S. Border Patrol, Alcohol, Tobacco and Firearms and U.S. Immigration and Customs Enforcement. They work in our offices with our members and are part of setting the direction for that program.

When people sit together in the same office it benefits coordination, information sharing and greatly reduces the red tape. Some of the questions that used to take more time to resolve, can now be resolved quickly through conversation.

From an American perspective, why was it important to have the U.S. Border Patrol be part of the RCMP Border Integrity program?

Asst. Chief U.S. Border Patrol, Bruce Cooke: The greater exposure we have to each other’s processes and decision making, the better we’ll be able to combat terrorism, organized crime and offenses happening on our shared border. People living in our respective countries expect us to be watching and controlling the border because both of our populations want to be safe.

The more we work together face to face, the better we’ll understand why we are doing things and how we arrived at that decision. The best way to do that is to literally sit in the same office. Law enforcement cannot operate effectively if policy development is done in a vacuum.

You have attended law enforcement conferences and workshops on border security around the world. How is Canada perceived when it comes to our efforts to secure the border?

C/Supt. Cabana: Whenever I attend an international conference or speak at one, there is recognition that some of the things that Canada and its partners have put in place are best practices.

In fact, there are similar IBET-type arrangements being implemented all around the world. Our Mexican law enforcement partners came up and talked to us about all of our border initiatives. They were also interested in our integrated marine projects and plan to pursue some of them with the United States and other neighbouring countries. And on its southern border, the U.S. has implemented Border Enforcement Security Task Force (BEST) which closely mirrors the IBET’s approach.

How is marine security being addressed?

C/Supt. Cabana: The marine environment is more complicated because the border is fluid. It’s gained a great deal of importance. There are quite a few marine ­security developments since 9/11.

For example, we are involved in the Marine Security Operation Centres (MSOCs) on the east and west coasts which are led by the Department of National Defense (DND) and include a number of partner agencies. The newer central region MSOC is led by the RCMP and focuses on the Great Lakes and St. Lawrence Seaway. It also involves other federal partners as well, local and provincial police services.

These MSOCs contribute to what we call ‘domain awareness.’ In other words, what’s out there, what looks right, what doesn’t, and where the risks are. They are linked to other marine initiatives such as the Marine Security Enforcement Teams (MSETs) created in 2005. MSETs are marine patrols on coast guard vessels involving RCMP members as the enforcement component patrolling the Great Lakes and the St. Lawrence Seaway to protect the infrastructure and the waterways, and gather intelligence.

We have even looked further outside the proverbial box. A year ago we were involved in a pilot project called ‘Shiprider’ which took place in the shared waters around Detroit and Windsor. It was the first time this type of bi-national arrangement was ever tried in Canada.

For two-weeks, the RCMP and the U.S. Coast Guard worked side by side on each others’ vessels with special designation on each side of the border. They could participate in law enforcement interdiction as an integrated team anywhere on the Great Lakes, on either side of the international line.

How has the RCMP approach to border security impacted border operations?

C/Supt. Cabana: If we were to take stock of all of the major operational successes in the past six months, I would venture that 99 percent were integrated.

An example that comes to mind is Project Frozen Timber which was a major two-year drug smuggling operation. Again, the IBETS in the region targeted a network of smuggling organizations using aircraft to ferry tons of drugs across the border, marihuana to the U.S. and cocaine to Canada. That investigation involved pretty much every Canadian and American agency under the sun operating in that area, working together under the umbrella of IBET.

If you look at the successes, I think they speak for themselves.

Tanya Miller, has worked for the Border Integrity Program since 2005. Her clients include Marine and Ports, Customs and Excise, Immigration and Passport, Federal Enforcement and Integrated Border Enforcement Teams.

Photos: Roxanne Ouellette, RCMP
© FrontLine Security 2006



Public-Private Collaboration
Government can't do it alone
© 2006 FrontLine Security (Vol 1, No 1)

After 9/11, governments around the globe sprang to respond to the new threat. In Canada, the federal government implemented major structural changes and ­allocated billions of dollars to strengthen National Security and Public Safety. As well, recent natural catastrophes and ­public health scares have reminded us that terrorism is not the only danger we face. Although most governments have reacted energetically to these new challenges, the rest of society, including the business community, have for the most part, been sitting on the sidelines.

In an era in which war and catastrophe now comes to us instead of us to them, business, non-governmental organizations and individual citizens must all take an active part in national security. In Canada, private companies own and operate a very large portion of the critical infrastructure that provides our banking, our energy, our communications, our food and our water. Thus, the people who run these companies have a heavy responsibility for the security of our economy and our society. But governments must help them share this burden.

No one part of our infrastructure can function on its own for long. A dense web of interdependencies has evolved as our economy has become both more efficient and more complex. Take the food supply chain for example. It can be disrupted by a power blackout that shuts down refrigeration systems and computerized cash registers in supermarkets. Damage to a major oil refinery or pipeline can affect fuel supplies for vehicles deliver food to the retailer. A pandemic can put the people who run the food supply chain in bed, in hospital or at home looking after sick family members. A cyber attack can shut down the banking system and disable credit cards and cash machines leaving people unable to purchase the food.

In short, virtually everything is now dependent on everything else and much of the onus for maintaining this vast web of interdependencies falls upon the private sector. In a large scale emergency, governments, on their own, have no hope of providing safety and security to the ­citizens they were elected to protect.

How then can government work with the private sector to make our society less vulnerable? I suggest the following key guidelines for strengthening public-private sector collaboration:

Effectively Communicate Risk. Governments must be open and honest with the public in assessing risk. Worries about security of information, privacy, alarming the public and admitting that they can’t protect all the people all the time does make the job difficult. And yet experience in countries like Britain and Israel, long subject to terrorist attacks, shows that people are more robust and ready to accept risk than their leaders often assume. Discussing risks and threats with industry should be easier than communicating with the general public, but even here the process has a long way to go. The problem works both ways; governments are traditionally loath to share sensitive information with ‘outsiders’ and businesses are reluctant to reveal their vulnerabilities to government and competitors. Both sides must build trust and overcome these suspicions.

Share Information. Governments and agencies, such as CSIS and the RCMP, must be more willing to share information with ‘first responders’ who are expected to react to attacks or natural disasters. Security of sensitive information must be respected but the federal government has been very slow to develop ways of clearing key persons outside government to receive the information they need. Private sector companies must also have enough information to make sensible risk assessments on which to base their planning and allocate their resources. They need a degree of confidence in deciding on: ‘How much is enough?’ and ‘Are we unnecessarily spending more on security than our competitors?’

Develop Openness and Trust. Industry must be more forthcoming with government and with their suppliers, competitors and customers about their security challenges. Total openness is probably not realistic but companies can exchange ideas on common problems and best practices. Although some industry associations have made good progress in this area, information sharing within or across sectors, or with governments is not satisfactory. In the US, the process is arguably better developed. But even there it is far from complete. Informal “ISACs” (Information Sharing and Analysis Centers), have been established, often with government funding, within sectors including banking and finance, surface transportation, cyber and information technology, electricity, public health, gas and oil, etc. The ISACs exchange information among members and develop and share best practices to improve resilience and sustainability in times of emergency. However, because of the fear of government acquiring sensitive inside information, the Department of Homeland Security is largely excluded from the ISAC processes. In Canada, as well, industry is very concerned about the confidentiality of its proprietary information. An important step for government would be to amend the Access to Information Act to assure the private sector that any sensitive commercial information it receives can be properly safeguarded.

Provide Clear Governance Struc­tures. A well-understood and practised governance system for emergencies is still not in place within the federal government or between the federal, provincial and municipal governments. Each jurisdiction believes it understands its own mandate but there is a lack of coordinated planning for emergency scenarios. For this reason, companies are not confident that they understand the governance framework in which they will operate during an emergency. This uncertainty about who should be doing what and when, led to confusion and delays before, during and after Hurricane Katrina. The US government was ridiculed for its failures in the wake of Katrina, but Canadians should not be complacent that we would necessarily do better in such a large scale emergency. Ambiguities must be eliminated. This will take a lot of negotiation and compromise – and the time to start is now.

Work Toward Interoperability Standards. There is still a lack of interoperability in communications systems, data sharing and key equipment between federal agencies and between the federal, provincial and municipal governments. For this reason, large-scale operations in response to emergencies like radiological, biological or chemical attacks or natural disasters will be difficult and largely ad hoc. Aside from the RCMP, which has country-wide common systems, most Canadian police forces can’t communicate or easily share data with each other. Integrating reinforcements from other cities or provinces could prove slow and difficult. The federal government has been working on commonality issues but remains a long way from achieving true interoperability, even between government departments, let alone provinces, cities or the private sector. The federal government must take the lead in setting parameters and guidelines, and must ensure implementation by all levels of government and the private sector. Of course, industry wants guidelines not more regulations. It prefers voluntary standards but ultimately those standards must be correctly set and implemented.

Encourage Joint Research and Development. Keeping ahead of the terrorist with innovative technology is one of the keys to preventing and mitigating attacks. Clever technology can also help alleviate the worst effects of natural disasters. The Chemical, Biological, Radiological and Nuclear (CBRN) Research and Technology Initiative (CRTI), run on behalf of the federal government by Defence Research and Development Canada, is a model for public-private cooperation in this area. CRTI-funded projects are conducted jointly by government laboratories, private companies and universities. The program promotes the development of technology and standards for police forces, fire departments, medical teams and other first responders to CBRN attacks. The CRTI is a real success story but it’s limited to a relatively small number of projects each year. The government could use the CRTI model to expand and broaden collaboration across the full spectrum of the national security and public safety sector.

Reduce Legal Liability by Setting Agreed Standards. Liability for damages and harm to customers and persons affected by real or perceived security failures has become a major concern for both business and government. The former operators of the World Trade Center are currently the target of huge class action law suits that allege all kinds of security lapses prior to and on September 11th. Governments may also be legally liable if they can be shown to have fallen short in their planning, training or execution of emergency plans. In this area, government must take the lead to work with industry in developing standards of security and safety. Maintaining the standards should then limit the liability of companies and of governments. This arrangement should be codified in legislation and such laws would help persuade private companies that good security makes good business sense.

Practise, Practise, Practise. As the saying goes, an emergency is no time to be exchanging business cards. People at emergency measures organizations and in every other government department and agency with a role in emergency management must know one another long before a crisis arrives. Private sector operators of critical infrastructure and other sensitive businesses and industries must develop close relations with their government, police and other collaborators. The best vehicle for preparing for the worst is to plan and train together in realistic scenario-based exercises on a regular basis. This requires a real change of culture and here again governments must lead. Exercises can never fully simulate real situations. But they can identify weaknesses in governance structures, command and control, communications, interoperability, passage of information and gaps in procedures, plans and training. Properly run and frankly and openly debriefed, exercises develop confidence, trust and personal links between people who will have to work together in a real emergency.

Governments at all levels in Canada now recognize that protecting Canadians and the Canadian economy is not a job they can do alone. Since September 11th, considerable time, effort and money have gone into developing better understanding and collaboration between the public and private sectors. At the national level, Public Safety and Emergency Prepared­ness Canada, Transport Canada, Health Canada, Natural Resources Canada and the Department of National Defence are at the forefront of these efforts. Many industry associations and companies across the country also play an active role. So are non-governmental organizations like the Red Cross and the Conference Board of Canada which is promoting public-private sector dialogue and joint research through its conferences and its newly formed Centre for National Security.

We are still at the beginning of a long and complex process. Implementing these guidelines will require resources, dedication and good will from all sides over a long period of time. But, in the new and dangerous world we live in, the safety of Canadians and our economy is well worth the effort.  

Richard Cohen is President of RSC Strategic Connections. He has advised countries in Central and Eastern Europe, the Balkans and the former Soviet Union on developing national security policies. He has lectured widely and published numerous articles on national and international security matters.  He is working with the Conference Board of Canada to promote government-industry collaboration on national security and public safety issues.
© FrontLine Security 2006



U.S. Ambassador to Canada, David H. Wilkins
U.S./Canada Relations
© 2006 FrontLine Security (Vol 1, No 2)

8 May 2006 – A Trade Americas Security Exhibition, jointly organized by the U.S Commercial Service and the Conference Board of Canada, took place at the Chateau Laurier in Ottawa. Keynote speaker, David H. Wilkins, U.S. Ambassador to Canada, reminded us that the United States and Canada have “at long last” resolved the divisive softwood lumber issue, confirming his belief that this “speaks volumes about the strength of our relationship and the commitment on both sides of the border to resolve our differences.

“The resolution of this issue,” he continued, crediting the President and the Prime Minister, “is living proof that we have the strongest, most peaceful and productive friendship the world has ever known.”

FrontLine has compiled a summation of the Ambassador’s keynote remarks:

In March, I had the privilege of flying down to Mexico with Prime Minister Stephen Harper and your new Ambassador Michael Wilson for the security and prosperity meetings in Cancun with Presidents Bush and Fox of Mexico. It represented the first time our President met with Mr. Harper in his new role as a Prime Minister, and… the meetings… gave both leaders a chance to really get to know one another.

The Security and Prosperity Partner­ship (SPP) is about recognizing the global challenge starts in our own backyard. It’s about developing new avenues of cooperation that will make our countries safer and more secure, our businesses more competitive and our economies more resilient. It’s about making business regulations compatible so it’s easier and more efficient to conduct cross-border business, enhancing the competitiveness of North American firms and facilitating the flow of freed trade and commerce. It’s about enhanced cooperation on public health and safety protection-related matters. It’s about making sure that [we work] together to build the most efficient and secure border system in the world to ensure that we remain the economic powerhouse of the world.

This event today is one of many being planned by our U.S. Commercial Services to assist U.S and Canadian companies achieve these and other security and prosperity objectives outlined in the SPP.

The Cancun meetings identified many measures to improve border entries that we are prepared to act on. One of our own priorities is to promote the expansion of the NEXUS program so that one application is all you need for any means of transportation – be it air, land or sea. We also want to make sure that there is a strategic plan in place to reopen and normalize the borders in the wake of an emergency.

The spirit of friendship and cooperation I observed in Mexico symbolized the new tone we are now experiencing in the U.S.-Canada relationship. Call it a new effort or a new energy, a renewed commitment, however you describe it, there is definitely a positive momentum affecting our relationship.

The signs are everywhere. From the President to the Prime Minister… [including] high-profile visits to Ottawa of State Department, Congressional and White House officials who spent time here in Ottawa meeting with Canadian ministers and public officials talking about everything from terrorism to passports, [and from] avian flu to climate change.  

I can tell you, at the highest levels in Washington, U.S. leaders and officials are eager to come to Canada to meet with their counterparts. I believe we have now entered an era of cooperation where we are truly looking at problems as a shared responsibility.

This increased effort by [our] leaders to find common solutions can only mean good things for both of our countries. And while we agree on 98% of the issues, from time to time there are areas of disagreements that we have to work through.

As I travel throughout Canada, and talk to folks like you, I know nothing is more important these days to most Canadians, and many Americans, than the United States’ Passport Initiative (WHTI). We [must realize that we] cannot turn back the clock from 9-11, we must move forward and deal with this new law (that has been passed by Congress) requiring a passport or other secure ­equivalent document for cross-border travel by Dec 31, 2007.

The U.S Departments of State and Homeland Security are working on the Pass Card. No one in the U.S wants to impede trade or travel – it hurts both of us – this [problem] is not mutually exclusive. At this point, I must offer a friendly reminder for air and sea travelers – the passport requirement goes into effect this coming January.

I truly believe that once a unified ­system is in place – it will benefit us all and facilitate trade and travel – not impede it. And we will work it out because that’s what friends do. We resolve our differences. That is the very nature of the U.S.-Canada bond, and it’s why we remain so successful.

We’ve [already] resolved the one issue I think many folks thought we might never resolve: softwood lumber. We reached an agreement that both countries can be proud of, ending a longstanding dispute. Softwood lumber was a stumbling block that kept us from focusing on more important issues, because the U.S.-Canada relationship is, and has always been, so much bigger than a few isolated, though important, issues.

In the speech from the throne, Prime Minister Harper referred to the U.S. as Canada’s ‘best friend and largest trading partner.’ Every night, millions of American and Canadian families put food on their tables because of the vigorous trading of goods and services crossing our borders, more than $1.3 B each day!

We share 5,500 miles of border that touches 15 U.S. states, and for 39 U.S. states… Canada is the number one foreign trade partner. So it’s a two-way street.

Indeed, there is no relationship more important to my country than the one we enjoy with Canada.

I haven’t gone native on you. I am a proud American. But I have become Canada’s biggest fan, and I care passionately about this relationship.
It’s a relationship our President has made clear he’s also excited about. The President recently told Canada in a nationwide interview – and I quote – ‘I view the relationship with Canada as a very strong and important relationship for the United States of America. It’s a relationship that we should never take for granted.’

And there are no greater caretakers of this relationship than those of you in the business community. You are there every day building bridges between our two great nations – [you are] the real ambassadors: strengthening the ties that bind our two great nations out of the threads of mutual respect and trust; creating wealth and opportunity for citizens on both sides of the border; building bridges of understanding; and showing the world all the good that happens when two great independent nations empower, encourage and work together for peace and prosperity.

As long as I am privileged to serve my country in yours, I will work with you to strengthen this already strong relationship. Once again, I want to thank all of you for being here today and encourage you to attend the exhibition down the hall. This is the first time the U.S Commercial Service has invited Canadian companies to join them as exhibitors, and really shows what the SPP is all about.

Editor’s Note: Ambassador Wilkins plans to participate in September’s TechNet North Conference. Info: www.technetnorth.com
© FrontLine Security 2006




Public Warning Systems
© 2006 FrontLine Security (Vol 1, No 3)

Advances in the ability of scientists to predict severe weather disturbances and natural disasters will not protect the public if warnings don’t get out. That message was recently delivered by Dr. Ian Rutherford, executive director of the Canadian Meteor­ological and Oceano­graphic Society (CMOS), to Canada’s broadcast regulator. He recounted how newly acquired Doppler radars have doubled the technologically possible warning time for tornadoes since one touched down in Edmonton in 1987 when he was in charge of the Alberta city’s weather service. The ensuing inquiry into the disaster recommended the Doppler purchase. However, advances in predicting tornadoes, hurricanes, tsunamis and other natural disasters are not being matched by similar improvements in the public warning system.

CRTC Hearing on All-Channel Alerts
“That is a serious problem, because very often many of these warnings have a very short fuse. One can predict the occurrence of a tornado at a given spot, but only with a lead time of perhaps half an hour using the best available technology. So if you don’t get the warning out quickly, it’s useless,” Dr. Rutherford told the Canadian Radio-television and Telecommunications Commission (CRTC). “Warnings that could save lives if they were delivered promptly are delivered too late or not at all. Lives and property are being lost as a result.”

Dr. Rutherford made these comments at a CRTC hearing in May on the question of establishing a national All-Channel Alert (ACA) service that would see warnings of weather disturbances, natural disasters and other emergencies, including possible terrorist attacks, appear on crawl messages along the bottom of television screens.

He and other members of the emergency planning community warned the CRTC that Canada’s warning system was far behind other industrialized countries.

A national ACA has not been mandated in Canada, and as a result, warnings are piecemeal – and radio and TV stations respond too slowly. In contrast, cable operators and broadcasters are required by the U.S. broadcast regulator, the Federal Communications Com­mission (FCC), to participate in the country’s Emergency Alerting System (EAS), and must distribute presidential alerts but not all state or local alerts. A review of the alerts by the FCC in 2004 resulted in a recommendation that U.S. satellite TV distributors also be required to participate in the EAS.

“All the work that emergency responders have done in recent years in promoting preparedness and educating the public will be severely hampered without the initiation of a communications network which will trigger the public’s response,” James Ferguson, coordinator of the Salvation Army’s emergency disaster ­services, told the CRTC. “As you are well aware, other countries in the world are far ahead of [Canada] in this regard.”

Possible Progress
Disagreements among broadcasters and the cable industry over technology and costs have resulted in little progress to date in implementing an ACA, which the federal government has been pushing since the late 1990s. The CRTC hearings on the matter could change that.

The most popular proposal supported by the emergency planning community is from Pelmorex, the company that operates the specialty TV channels: The Weather Network and MétéoMédia. Pelmorex received over 700 applications from municipalities, emergency preparation organizations and other agencies supporting its ACA. But the the plan favoured by these groups – requiring participation by the broadcast community and funding through cable TV subscribers – draws the most opposition from within the broadcasting industry.

Pelmorex proposes to expand the weather warning system it currently ­operates on its weather and specialty TV channels to include warnings of all types. It wants the CRTC to mandate cable TV companies and satellite TV distributors Bell ExpressVu and Star Choice to carry its ACA system, which would be funded by an increase of $0.08 on each person’s monthly cable TV or satellite TV bill.

Regulations an Impediment to Progress?
However, the broadcast community doesn’t want to be forced to carry the Pelmorex system or to charge their TV subscribers for it. It is the second time that the CRTC has considered Pelmorex’s plan for an ACA. In 2001, the broadcaster’s proposal was rejected on the grounds that there was too much dissension in the broadcast community and the fee was too high. In 2001, Pelmorex wanted $0.13 per TV subscriber per month.

Pelmorex submitted a revised plan to the CRTC in November 2005 that included a lower rate (8 cents) and new applications enabling the ACA system to work on digital TV distribution systems as well as analog ones. When Pelmorex reapplied, the regulator opened the process up to anyone interested in providing the service. That’s when the Canadian Broad­casting Corp.(CBC) and Bell ExpressVu jumped into the fray. Both the CBC and ExpressVu have plans for an ACA system, but only over their own broadcast distribution networks. They’d allow other TV distributors to opt in, but they don’t want the CRTC to require it.

Cable operators, and telecommunications companies that have begun to offer TV services over high-speed phone lines, such as Telus, MTS Allstream and SaskTel, do not want to be forced by the CRTC to carry Pelmorex’s ACA. Cable giant Rogers argued that it doesn’t need Pelmorex’s proposed centralized database that ­collects alerts and distributes them to cable headends for relay to customers. “Our headends are, for the most part, connected by fibre and we can easily distribute any alerts to our own headends without the use of the Pelmorex system,” Rogers’ vice-president, Pamela Dinsmore, noted in written submissions to the broadcast regulator.

Voluntary Systems Don’t Work
These sentiments, repeated by Rogers officials during the CRTC hearing, were denounced by members of the emergency planning community, most of whom also point out that a mandatory ACA is needed to be effective.

“Listening to the gentleman from Rogers, I got the impression that this is fast, easy and cheap if just someone would make it easy for him from a regulatory standpoint. But it’s not fast, easy or cheap. There is a requirement to expend capital on the front end in order to create the connectivity between messages and systems,” said Ernest MacGillivray, director of the New Brunswick Emergency Measures Organization. He points out that the purely voluntary warning system that’s in place now hasn’t worked and probably never will. “As a matter of principle, those with the mandates – that is government and industry – and those with the means – and that is the owners of broadcast media – have an obligation to act, to warn the public at imminent risk by all means possible,” MacGillivray said. “Given our wealth as a nation, our advanced telecommunications and broadcast systems, it is reasonable to ask: ‘Why are we not doing so?’ We are not doing so because we do not require it.”

Response Gaps Need to be Closed
Julian Fantino, Ontario’s commissioner of Emergency Management, noted that alerting the public was so ­crucial in times of emergency that it shouldn’t be left up to cable TV operators and satellite TV distributors to opt-in. “The commission will know just how very vulnerable we are in today’s reality from potential threats from many sources, man-made, weather or, of course, natural circumstances, health issues and so forth, and the notion of leaving everything to emergency providers is very, very difficult indeed without the full awareness and involvement of the public in our collective efforts to keep everyone safe,” he said before the CRTC.

Quebec-based media company Quebecor Media doesn’t oppose the implementation of Pelmorex’s system, but it isn’t happy that the increased fee to subscribers would cost its Vidéotron cable subsidiary $1 million a year to implement with most of the cost of the ACA system servicing analog systems even though the cable operator is rapidly converting to digital technology. As a result, Pelmorex softened its call for mandatory carriage. It is prepared to go ahead with its ACA over the TV broadcast system if the CRTC mandates carriage only in digital, and makes analog carriage optional. Under this option, Pelmorex noted the cost would be lowered to 6 cents per TV subscriber per month. The trade-off, however, noted Pelmorex president and CEO, Pierre Morrissette, is that in the short-term fewer Canadians would have access to the alerts since not everyone is a digital TV subscriber.

Pelmorex noted that the rollout of the ACA system on a mandatory digital basis only would be in synch with the CRTC’s recently released digital TV migration ­policy. The CRTC has indicated that it expects the Canadian broadcasting system to have migrated entirely from analog to digital by the end of 2012. If its proposal gets the go-ahead, Pelmorex points out that even after approval, it will be close to a year before alerts could be launched on larger distribution systems, and nearer to the end of year-five before smaller distributors would be serviced. That timeframe corresponds to the commission’s estimate of when most TV distributors will approach full digitization.

But Canadian broadcasters have concerns of their own, and came out against all three ACA proposals. CanWest MediaWorks, CHUM Ltd., and ExpressVu’s sister company, CTV Inc. opposed having emergency alert messages inserted into their TV signals without their consent. They claim to be all “committed to participate in an emergency alert ­service developed by the government of Canada, in consultation with broadcasters and [cable and satellite TV distributors].” They want to work under Industry Canada’s CANALERT initiative rather than under either the Pelmorex, ExpressVu or CBC proposals. Alliance Atlantic Communi­ca­tions, which runs specialty channels such as Showcase and Home and Garden TV, and Astral Media, which operates The Movie Network and Musique Plus, made a similar argument. They told the CRTC that “the principle of signal control by a program undertaking is fundamental.” The two broadcasters also questioned the usefulness of running local or national alerts on specialty TV channels, which do not have 100% penetration.

Warnings aren’t “Property”
Those in emergency planning, however, don’t buy this line. “When I listen to comments from some of the other proponents that they object to carrying Pelmorex material on top of their broadcast, I think they are barking up the wrong tree,” said Dr. Rutherford. “These warnings are a public service. They are not the property of any one company whether it is a carrier or an originator. They belong to the public and they need to be carried to the public that needs to hear them.”

The alerts would be authorized and created by the appropriate organization, with Environment Canada, for example, in charge of issuing weather-related alerts that would be distributed to all TV stations in the affected areas of Canada.

The CRTC is currently examining all of the information presented during the May public hearing and a prior written comments phase. It is not expected to release its decision until late this year or even next year. It could give all three parties the go-ahead, one or none. But the big question is that if it does agree to any of the proposals: ‘Will the regulator make carriage of the ACA mandatory?’

Norma Reveler is an Ottawa-based writer.
© FrontLine Security 2006



Foundations for Success in First Responder Contracting
© 2006 FrontLine Security (Vol 1, No 4)

Follow the Money
Most first responder activities are carried out at the state and local government level, but the majority of funding for programs and equipment come from ­federal grants.

May 2006 - U.S. Army 1st Sgt Wally Keller, left, and Sgt Jason Horner, both of the 81st Civil Support Team, don personal protective equipment and inspect testing equipment prior to investigating a building for hazardous agents during a hazardous substance response exercise at the North Dakota Air National Guard. The North Dakota civil support team is training to react as fire responders to possible biological, chemical or radiological threats and events in their region. (U.S. Department of Defense Photo: Senior Master Sgt David H. Lipp)

The Department of Homeland Security’s web site publishes how much grant money each state has received. Five programs within the Homeland Security Grant Program (HSGP) disbursed a total of US$1.7 billion in 2006, based on population, risk assessment or a combination of the two. Pilot projects suggest clues to emerging priorities.

In over 30 of the largest metropolitan regions, multi-jurisdictional task forces plan on how to handle different aspects of security problems. Most vendors focus on a few regions in order to have a realistic shot at their best prospects: where grant money is designated for a high-priority problem that they can solve. They expect to market to several task force members rather than to just one or two officials, as may have happened in the past.

“I’m focusing in particular the next generation of interoperable communications,” says Robert LeGrande, Deputy Chief Technology Officer for the District of Columbia in the Washington DC Metropolitan Area. “Broadband wireless is clearly the platform of choice for emergency response and preparedness. Our focus in the National Capital Region is to have a device that can integrate voice, video, geographical information and other data, and be seamlessly interoperable among regional partners.

“These applications already exist. Interoperable voice, video and data open up the ability to get advance notice from remote sensors of chemical and biological agents, aggregating data that can provide advance notice about a hazardous release, and monitor the dispersant of harmful substances.”

Aug 2006 - A U.S. Army Soldier from the 85th WMD Civil Support Team is decontaminated by fellow Soldiers during earthquake-response exercise Operation Vigilant Guard in Ogden, Utah. (U.S. Army Photo: SPC Chris Gaardner)

Other emerging and sustained priorities nationwide include:

  • Situational awareness technology: for example, combining GIS, satellite imagery, mobile voice and transmissions, data fusion, population exposure to hazardous materials, so that the entire emergency management team can understand the impact of the incident, know what resources are available, and deploy the right resources to minimize damage, injury and casualties.        
  • Disaster recovery for critical applications: States with widely dispersed population are collaborating with major city governments to build regional disaster recovery systems of such applications as shared resources.
  • Continuity of operations planning is becoming mandatory in some jurisdictions. That may include teleworking, as jurisdictions considering policies and potential solutions that would enable continuity of operations even if ­pandemic protocols were to prevent employees from coming to the workplace.
  • Health and human services operations: governments are seeking integrated applications for benefits eligibility and administration, so people don’t have to run around to multiple offices – if the offices are still standing – for post-disaster assistance with schools, housing, business recovery, medical and drug benefits, and emergency funding.
  • Medical technologies and information networks: the avian flu virus has raised the priority of pandemic prediction and management systems.

Know Who Does What
Department of Homeland Security publishes three documents that define roles, responsibilities, and, ultimately, needs of first responders and emergency management in the United States:

  • The National Incident Management System (NIMS) defines the responsibilities of stakeholders at the local, state, county and national levels in specific types of emergencies.
  • The US National Response Plan provides the protocols for “If this happens, this is what we do...”, and describes how the US federal government coordinates with state, local, and tribal governments and the private sector in response to emergency and other disasters.
  • The National Preparedness Goal defines measurable readiness targets for 15 scenarios and 36 essential capabilities for types of response. Its task taxonomy suggests the priorities for emergency response investments nationwide.

What would the Red Cross and the US military need to respond to a large scale natural disaster? Because D&B Specialty Foods of Toronto knew the answer long before Hurricane Katrina hit, they were a supplier of choice for thousands of meals-ready-to-eat when storms ravaged the American southeast in 2005.

 Another idea: the National Guard Bureau does purchasing at the federal level; the National Guard Association of the United States (NGAUS) lobbies for funds to get the Guard the equipment it needs. Vendors should consider joining NGAUS if the Guard is among its prospects. They’ll gain a dedicated advocate: Hazell Booker, Director of Industry & Associa­tion Liaison with NGAUS, connects its members with the leadership. “Networking with the Guard is huge,” explains Booker, “the Adjutants General come to Washington three times a year. We know them all on a first-name basis.”

Come Ready to Solve Their Problems
“Give more thought to problem solving before you meet with us,” says Robert LeGrande. “These are complex problems that need a lot of thought. I need vendors to do more than listen to me for a few minutes and then try to bridge to a standard pitch that leaves me trying to fit my problems to your solutions.”

Minimal research online can get you many municipalities’ strategic plans. LeGrande alone has published over 30 articles and presentations on the Washington DC Metropolitan Region. “We’re all willing to listen to innovative ideas. If vendors know how their solution fits our problem, they should just call us. It’s easy to get a meeting with us as long as you’re patient with our schedules.”

Present a unique value proposition for your solution. Often, the winner ­doesn’t have the best technology... just the best business case. Al Gordon, CEO of National Strategies Inc. in Washington DC, agrees. A former New York State official, Gordon’s company now helps dozens of clients win state and local government contracts. “If you don’t make the case in the first meeting with a state or local government official about why they should do business with you, forget it. You must offer something tangible, a proof of concept or an analysis; some value for their time, some reason why they would want to build that relationship with you.”

Call at the right level. Most state agencies and large cities have a CIO or MIS Director. However, as their typical tenure is 18 to 36 months, it’s not realistic focus marketing efforts on the hope that he or she will make their solution a standard for all the agencies within the state.

Alternatively, an agency CIO or project manager often has the mandate to develop a solution, the budget authority to do the job, and because they can be in place for 10 years or more, the tenure to see it through. They also participate in cross-departmental task forces: for example, a state CIO for Health and Human Services is likely to know if that government is looking at telework or biohazard response or pandemic planning.

Pursue the right scale of opportunity. If your solution is going to be most advantageous to large jurisdictions, then plan on teaming with integrators. If you’re selling an application that can be deployed stand-alone by a small agency without an integrator, then that state or jurisdiction may be receptive to your proposal and may want to buy and install it themselves.

Connect within specialty associations. Let’s say you have a solution for integrated public communication that takes into account the special needs of the disabled and elderly. Every state has elderly and less-able citizens. Many large integrators participate in NASCIO, the National Association of State Chief Information Officers. However, the decision-makers might be easier to reach at:

  • The Association of Public-Safety Communications Officials; or
  • The International Association of Emergency Managers, which certifies all career-track emergency managers, but not police or firefighters or health officials; or
  • The Mid-Atlantic All-Hazards Forum, which attracts leaders in police, fire, and other first responders and emergency managers in seven mid-Atlantic states; or
  • The Emergency Preparedness and Response Conference for People with Disabilities, the Elderly, Pediatrics, and Animals.

Judy Bradt is Principal of Summit Insight, and author of the report Homeland Security Markets in the Northeast USA. For practical advice on partnership development as well as contacts and procedures for state govern­ment decision-making, download the report from www.summitinsight.com/publications.htm

Find out more:
International Association of Emergency Managers: www.iaem.com
National Guard – Adjutants General by State: www.ngaus.org/index.asp?bid=142
Dept of Homeland Security (Policy Documents): www.dhs.gov/xprepresp/publications/
© FrontLine Security 2006



Safety in Mass Transit
© 2006 FrontLine Security (Vol 1, No 1)

Recently, an abandoned suitcase was found adjacent to a Brooklyn subway station. It contained surveillance-style photos of NY monuments and, among them, pictures of various subway stations. Disturbingly, it has been revealed that a suspect in the 2004 Madrid bombings, Abdelhak Chergui, had maps of Montreal’s Metro and commuter rail systems in his possession when apprehended by the Spanish police. And last summer the horror can be summed up in the single word: London. Governments everywhere are confronting a security situation that analysts have been warning about for years.

Urban transit systems, by their very nature, are high priority targets for terrorists intent on inflicting mass casualties – undermining public confidence and spreading terror. The challenge is daunting because the critical nature of our infrastructure results not only from its function (moving large volumes of people quickly within our largest cities) but also from the fact that literally hundreds of thousands of people use it on a daily, “hurry up” basis, through multiple access points.

That reality was reinforced with the London attacks. Thereafter, private sector commuter urban rail operators in Canada took the initial lead in identifying what was required to enhance security in this vital infrastructure. This pressure resulted in a November 2005 announcement of a federal commitment of some $110M over three years for the nine major operators. This is a disappointingly inadequate amount in view of what is required.

Operators of these rail facilities recognize the stark reality that civil liability may result from injuries caused, or contributed to, by inadequate security measures. This point was brought home recently in a civil verdict, returned against the NY-NJ Port Authority by a New York jury, for damages suffered by persons injured in the 1993 attack on the World Trade Center. In light of this potential liability and funding shortfalls, operators need to find creative ways to achieve the best security enhancements possible.

One security enhancement, operator-controlled, resilient, emergency communication systems that reliably transmit vital passenger information, can also serve as an education and incident prevention tool.

Successful emergency management must include measures aimed at prevention, mitigation and recovery. Information systems are obviously central to all three of these requirements.

In Toronto's subway system, a new and readily available security and passenger information system, that delivers all of these features, has been installed and ­generates significant revenue for the ­operator. The system features:

Prevention – The sheer volumes of ­people using the TTC combined with its multiple access points and necessary expedited delivery of persons adds a significant challenge to preventing an emergency or attack. Many systems around the world are moving to deploy specialized cameras including face recognition biometrics for ‘lookout’ purposes. At least two of the London bombers were known to British authorities. Our post 9/11 world now features a collective photograph base of thousands of persons whose presence on a subway platform should cause an immediate reaction from security personnel. Although not perfect, this kind of system can provide a significant preventive asset and also an after-the-fact investigatory aid. By the strategic placement of monitors that display passenger information, they can also be used for image capture.

One feature that all new systems are embracing is the use of continual on-site passenger information and education to increase the vigilance of detecting a danger before it occurs. In this way, the large volume of people using the infrastructure actually becomes an effective surveillance system for its protection. Riders can be provided with information of activities or objects that merit attention with on-site contact information. Messages like “If you suspect it, report it” (London) and “If you see something, say something” (NYC) are simple and potentially powerful tools to reduce harm.

Mitigation – Getting relevant and timely information to the right people at the right time is another vital ­element in mitigating the impact of an emergency situation. The London subway attacks, and Ontario’s experiences with SARS and the power blackout, make that abundantly clear. Conversely, the escalating aftermath of Hurricane Katrina demonstrated what occurs when that basic principle is ignored. This implies that information monitors must be secure and subject to the control of the operating authority. In this scenario, persons can be kept away from dangerous sites (including, grimly, the too frequent example of the deliberate secondary attack against civilian ‘rescuers’ such as witnessed in Saudi Arabia, Israel, Moscow, Madrid and Iraq) and up-to-date information to ensure safe evacuation and alternate routing of individuals. Just as in prevention, the deployment of secure, strategically-placed (on the platforms and in cars) emergency visual communications systems, ultimately controlled by the operator are absolutely essential to effective security.

Recovery – Experience shows that timely, relevant and accurate information is a critical factor to both managing the immediate emergency and recovering public confidence thereafter. Having the capacity to manage and deliver on-site information in the fashion that such a ­network makes possible is a significant advantage in meeting this goal.

This is critical to the challenge of today’s economic and security realities. Governments need to identify partnerships to find such practical solutions to the security needs of the 21st century. No system will prevent all incidents, but some can go a long way to improving the safety of our citizens in our most public of spaces, urban transit.

Louis Gagnon is the Vice President of Business Development for ONESTOP Media Group. He can be reached at lgagnon@onestopmediagroup.com
© FrontLine Security 2006



Securing Air Travel
© 2006 FrontLine Security (Vol 1, No 2)

Protecting our passengers and employees with effective and efficient security measures is the highest priority for the aviation industry. However, since the tragic events of September 11, 2001, the airline industry has endured a continuous stream of stopgap security measures – many of these were rushed into effect with little or no industry input. What we are finding, is that a security system designed through hastened reaction to a crisis may not be the best long-term solution for the industry.

Four years after 9/11, security measures are still not effectively harmonized across borders, passengers still have long queues, and behind the scenes, the battle with bureaucracy continues.

Incompatible regulations cause needless duplication of inspections and a squandering of scarce security resources. Security does not have to be inconvenient to be effective – nor should the industry have to shoulder the burden of US$5.6 billion in annual security costs when security is a national responsibility.

Airlines are keen to work with governments, and the International Air Transport Association (IATA) is directly involved in a number of projects to represent the vision of the international airline community in ensuring high security levels. These projects involve the IATA Security Group (SEG) covering the airline industry and the Global Aviation Security Action Group (GASAG) which encompasses the entire aviation industry.

The IATA SEG, comprised of 10 heads of airline security, provides advice and guidance to the industry on security measures to ensure safe, secure and efficient air transport. Covering passenger, baggage and cargo security, plus other “aircraft security” issues, the group develops recommendations to combat acts of unlawful interference against civil aviation in general and the airline industry in particular.

GASAG, consisting of representatives from IATA, airlines, aircraft manufacturers, airports and flight crew, has also weighed in on these security measures. GASAG works with governments to ensure that security measures are effective, globally recognized and operationally manageable.

Through the SEG and the GASAG we are working to shape global policies on important aviation security issues such as:

• Sky Marshals/Flight Deck Doors
Unlawful interference should be prevented on the ground. However, where nations mandate the use of armed in-flight security personnel, they must have responsibility for funding (including travel), selection, training, ­control and tasking of such personnel.

The industry fully supports implementation of International Civil Aviation Organization (ICAO) standards regarding enhanced security flight deck door technology and related procedures. Speci­fi­cally, ICAO standards state that flight deck doors should be closed and locked at all times as far as practicable and, appropriate communication procedures between the flight deck and authorized personnel in the cabin must be established. In the longer term, taking into account all practical problems and cost effectiveness, the installation of a surveillance system to allow the flight crew to monitor the entrance to the cockpit is also advisable.

• Man Portable Air Defense Systems
Governments have the responsibility for protection of civil aircraft operating in or through its airspace. This includes protection against attack by MANPADS (Man Portable Air Defense Systems) on civil ­aircraft operating at vulnerable altitudes, particularly during the takeoff and landing phases at airports in that country.

All countries should have MANPADS threat response plans that include protocols for air traffic control/management and the assignment of resources to implement immediately when a credible threat has been identified. Further, all airports and airlines should be advised of the existence of a MANPADS threat and the counter measures initiated, so that they may take this risk into consideration in their operations including the viability of continued operations to and from a particular ­airport.

Although much emphasis is currently being placed on onboard technical countermeasure systems, they are but one ­possible counter measure available and, in the opinion of IATA, not feasible in most circumstances. Government and industry should consider other options such as technical and non-technical ground-based countermeasures and intensified anti-proliferation efforts employed in a layered defense against this threat. And under no circumstances should a country requiring such onboard systems for aircraft, allow installation of these systems on aircraft that are not on their register.

• Hold Baggage Screening
IATA has developed, with Airports Council International (ACI), an industry position on 100% hold baggage screening (HBS) systems. The aviation industry supported the implementation of 100% HBS in accordance with the ICAO deadline of 1 January 2006. The IATA/ACI position paper, as well as IATA efforts on facilitating implementation of global 100% HBS, resulted in only minor disruptions in a small number of countries.

IATA has also encouraged trials on biometric technologies to speed the flow of passengers through border and customs controls while enhancing aviation security. This will reduce the “hassle factor” which is discouraging many passengers from flying and could be a significant ­factor in reinstating public confidence in air travel.

• Cargo Security
IATA’s goal is to work with regulators to enhance cargo security measures, in a practical way, through stakeholder advisory mechanisms similar to those that have been established in the United States, Canada and the EU. Major government-led ­initiatives to enhance cargo and supply chain security, through the development of risk-based screening ­protocols and the promotion of regulated agent and known shipper/consignor ­systems, are underway in Europe, the United States, and Canada. This combines with an industry-led ­initiative in the Asia-Pacific region and a similar effort planned for Latin America in 2007. IATA is playing a key role toward ­providing industry input in all of these efforts.

The IATA is also working with other industry stakeholders to design the air cargo transportation and supply chain security system of the future. The goal is to simultaneously enhance security and facilitation of air cargo, to ensure that this critical element of global commerce (40% of the value of all goods moved by air) remains viable.

In the meantime, the IATA has worked with authorities in the U.S., EU and others to remove certain screening requirements that only served to impede the efficient movement of cargo without any practical security result.

• Passenger Facilitation
IATA has also participated in industry work to improve passenger flows through enhanced security screening at airports. Industry input in 2005 led to: a reduction in average security processing times (from 60 to 30 minutes at Los Angeles Bradley International Terminal); more efficient processing methods; increased customer service at immigration desks in Miami; and the effective implementation of a sterile terminal concept in Tegucigalpa.

• Security Management Systems
IATA is promoting the concept of Security Management Systems (SEMS), which borrows from the highly successful Safety Management Systems (SMS) which has assisted the industry in driving down the accident rate despite substantial increases in traffic. SEMS is an objective- and results-oriented approach that seeks to put in place proper structures and systems to ensure the delivery of high levels of security without the need to resort to overly prescriptive regulatory requirements that inhibit operational flexibility.

Over the past four years, regulatory efforts and the establishment of tighter and stricter aviation security measures (such as better screening, reconciling passengers and their checked baggage, and the “known shipper” programs for air cargo) have made travel and shipping more secure. But there has been a high cost to the industry and great inconvenience to passengers and shippers. The year 2006 should mark the beginning of a period where both industry and regulators find common ground and devise more practical, proactive and risk-based solutions to enhance aviation security.

Any security measures being considered for the airline industry must be based on the threat. History shows us that those developed and implemented as knee-jerk reactions to fear and political pressure are neither effective nor efficient. The world economy depends on air transport, and the IATA is working with both industry and world governments to ensure that long-term security solutions are developed to keep the aviation industry secure and robust.  

Kenneth Dunlap is the Director, Security North America, with the International Air Transport Association.
© FrontLine Security 2006



CBRN Response
© 2006 FrontLine Security (Vol 1, No 3)

When the FedEx driver reported what he was carrying when he became involved in a car accident, people paid attention. His March 2, 2005 shipment included samples of anthrax, tuberculosis, E. coli, influenza and salmonella – all deadly viruses.

Ottawa fire crews respond to a motor vehicle accident. This transport truck was carrying various content including chemicals, the damage required sampling and stabilization by fire crews. (Photo: Jean Lalonde)

The police quickly sealed off the area, turning it into a “hot zone,” and the hazmat team – fire fighters with an expertise in hazardous materials – were called in to decontaminate the area.

Transporting viruses is routine at FedEx, and protective measures are taken to limit risks. The viruses are packaged in bubble wrap, stuffed in hard plastic cylinders, and finally lined up in cardboard boxes. Still, no one can guarantee 100% safety.

The incident happened where there has been a hazmat team since 1980, but that is an unusual case. According to the U.S.-based International Association of Fire Fighters (IAFF), the largest fire fighters association in Canada representing all professional fire departments (except Prince Edward Island and Quebec), only 19% of IAFF affiliates have the training and proper equipment to respond to hazmat incidents.

According to their 2005 survey, 75% of fire fighters “lack the ability to respond safely and effectively to even the most basic hazardous materials incidents.” However, this doesn’t include terrorist-related chemical, biological, radiological, and nuclear (CBRN) attacks, because, although the elements involved are the same, a different approach is used, requiring the collaboration of every group of first responders.

In accidental incidents, fire fighters are the only responders called on site. But in the case of an intentional CBRN attack, a team composed of hazmat, forensic, explosives, and emergency medical service technicians team up in the hot zone.

The special training is given in Ottawa, at the Canadian Emergency Preparedness College, but five years after a federal commitment to national preparedness in cases of CBRN incidents, results fail to show, and many wonder what has happened to the millions of ­dollars that were allocated.

CBRN incidents landed on the Canadian hot burner in the wake of the Sept. 11, 2001 attacks and subsequent anthrax attacks in the United States. Anthrax-contaminated mail was sent to several U.S. media outlets and the Senate, resulting in the deaths of five people from Connecticut, Florida, New York City, and Washington, D.C.

Ottawa, Ontario HazMat team, wearing orange "Proximity Suits," prepares to enter a building following reaction of various mixed chemicals and the resulting gases. (Photo: Jean Lalonde)

Then Prime Minister Jean Chrétien acknowledged the crucial role of first responders in CBRN incidents, and he allocated $513 million over five years to improve national preparedness for potential CBRN emergencies. According to his plan, first responders were to be trained at a cost of $59 million over five years, while $10 million was set aside over two years to purchase proper equipment such as suits and detectors. Another $20 million was reserved over five years to develop heavy urban search and rescue facilities.

That was prior to the creation of the department of Public Safety and Emergency Preparedness Canada (PSEPC) in 2003. Therefore, the money was divided between Health Canada, Transport Canada, the RCMP, and the Canadian Forces to develop CBRN response capabilities.

In 2001, several departments and agencies were responsible for responding to CBRN incidents, depending on their nature. For example, biological, radiological or nuclear emergencies fell under Health Canada’s mandate, while Transport Canada was acting on transportation accidents involving chemical, biological and nuclear agents.

The now defunct Office of Critical Infrastructure Protection and Emergency Preparedness was responsible of natural disasters, and the Canadian Food Inspection Agency took care of food-related incidents. Terrorist acts were directed to the also defunct Solicitor General’s office. Today, all these are the sole responsibility of Public Safety and Emergency Preparedness Canada. The first wave of first responders were trained by the Canadian Emergency Preparedness College in March 2003.

The training is divided into four levels: awareness/basic/intermediate/advanced. Awareness training is designed for people to recognize CBRN threats, such as public transit or building operator staff.

First responders and 9-1-1 operators receive basic training, while the upper levels are designed for advanced first responders working in higher risk areas, like hazmat or explosives technicians.

As of March 2006, a total of about 1,900 Canadian first responders have been trained by the College, at a cost of $33 million. Half of them are fire fighters.

But to some people, it’s too little for too much.

In April 2005, Auditor General Sheila Fraser looked at the situation in national preparedness to emergencies and questioned the small number of first responders that had been trained by the College.

She also raised concerns about the intermediate and advanced courses that were not meeting the targeted level of response capacity, and that neither refresher training, nor the training of new first responders was provided.

The International Association of Fire Fighters criticizes the high costs of the program. According to Jim Lee, assistant to the general president in Canada, the IAFF provides similar training in the United States, which has a capacity to train 1,600 fire fighters for $500,000 per year. That equates to $2.5 million over five years, compared to the $59 million set aside by Ottawa.

Ottawa HazMat team undergoes decontamination following operations at a Gatineau, Quebec retail outlet where some patrons required medical attention after being in contact with an unknown substance. (Photo: Jean Lalonde)

Lee says he is worried that the College hasn’t trained more people. “Millions of Canadians remain at risk for sure,” he says.

However, the U.S. training is specifically designed for fire fighters, and in Canada, CBRN threats are also dealt with by police and emergency medical services staff. There would be a knowledge gap.

Financial matters are not the only point in question. Who should receive what level of training is not clearly defined at PSEPC. “I don’t see a definite federal plan for intermediate and advanced training,” says Linley Biblow, a Calgary disaster services officer who helped to design the Canadian program. Besides requesting hazmat, forensic, explosive and advanced emergency medical services technicians to receive the highest training, it remains vague on what cities or areas are targeted. “It’s not tight at all,” he says.

There’s an obvious requirement for major urban centres, but not every fire department should go that far, according to Biblow. He says even Quebec City shouldn’t need intermediate or advanced CBRN training, although it is Canada’s seventh-largest metropolitan area, after Calgary and Edmonton.

The question of who should receive intermediate or advanced training depends on several factors, according to Philip McLinton, spokesperson at PSEPC. “It’s in function of the assessed CBRN threat,” he says. Once a risk is determined, the provinces and territories decide what level of response they need to protect the population. Then a demand is made to the College.

For example, risks were identified in some regions of British Columbia, Alberta, and Ontario. Each province determined the number of first responders they felt should be trained (and at what level), to effectively respond to these risks. This was communicated to the College, and 45 people each from British Columbia and Alberta, as well as 90 first responders from Ontario will be trained at the intermediate level in the 2006-2007 fiscal year.

So far, 202 first responders from all provinces and territories (except Prince Edward Island, Newfoundland and Labrador, the Northwest Territories, and Nunavut) received intermediate training in Ottawa.

Advanced training, provided at CFB Suffield in Alberta, was given to 103 first responders from British Columbia, Alberta, Ontario, Quebec, New Brunswick, and Nova Scotia.

Assessing the needs for the awareness and basic levels doesn’t follow this process, as it is less specialized. Since May 2006, targeted people can receive the training from their home, via the Internet.

Some Winnipeg Fire Paramedic Service staff took the basic CBRN training in Ottawa in September 2005. “It’s an excellent course,” says hazmat program coordinator John Moehring. He agrees that Winnipeg may not be in Al Qaeda’s plans, but “every [fire] department should receive basic training,” he states. Winnipeg’s goal is to train its 850 fire fighters to CBRN basic level. In addition, some hazmat staff will receive intermediate level training in September 2006, because he believes “every regional centre should know more than the basics.”

While CBRN training is important, a large number of fire departments in Canada still lack substantial training, according to Sean Tracey, Canadian regional manager at the National Fire Protection Association. For example, some fire services in smaller communities don’t have the knowledge to effectively respond to vehicle accidents, he says. “They’re still lacking the basics.”

He says these fire departments, often volunteer-staffed, should receive basic training before going through CBRN training. After that, terrorist-related training could be considered, he says.

In a country where everything rotates around Montreal, Toronto and Vancouver, Canadians tend to forget that there are smaller communities with a high risk of CBRN attacks. Bécancour, Que., with a population of just over 10,000, located halfway between Montreal and Quebec City on the St. Lawrence River, has a single-reactor nuclear power plant.

And let’s not forget Winnipeg. This major city is home to the world-class Canadian Centre for Human and Animal Health, a laboratory where a core of 50 deadly viruses are manipulated and cultivated daily – and the destination of the FedEx shipment that was caught in the accident that shut down the centre of the city.

André Fecteau is a freelance writer based in Ottawa.
© FrontLine Security 2006



Comparing Canada/U.S. Involvement with Industry
© 2006 FrontLine Security (Vol 1, No 4)

Few would argue that 9/11 changed the world in fundamental ways. The impact in Canada was almost as profound as in the U.S. and the response by governments here and south of here was laudable – lots of scurrying round with new anti-terrorism committees, intergovernmental talks, and cross ­border treaties.

The governmental good will has not translated well into concrete action on the part of the Canadian Government department in charge of our collective safety and security – Public Safety and Emergency Preparedness Canada (PSEPC). But no one is to blame because even for our Big Brother institution, the Department of Homeland Security (DHS), the road to effective and efficient domestic security has been, and con­tinues to be, a long, arduous, bureau­cratic journey of amalgamations and restructurings.

Having recently returned to Ottawa from a year-long assignment in Washington, D.C., I have noted that the U.S. is far ahead of Canada in openly engaging a vital resource in the pursuit of national safety and security – Industry. Industry plays a much more important role in the development of U.S. resiliency to catastrophic events than Canada. While one can argue that the awarding of industry contracts within DHS is fraught with its own procurement process challenges, mostly related to slippages and cancellations, at least there is activity.

If you look today in Merx (could be any day, likely), the Canadian Govern­ment’s exclusive pipeline to industrial contractors, there is a single listed procurement by PSEPC. And, this listing is simply a notification that a critically important series of infrastructure interdependency exercises to test our nation’s resiliency to disasters has been withdrawn and will be replaced by a much reduced program both in terms of ­geographical scope and dollars available to the winning bidder (should the revised procurement ever be re-issued).

By contrast, the DHS currently has hundreds open and active procure­ments for the U.S. industrial base to compete. This picture presents quite a contrast, even given normal order-of-magnitude comparisons between Canada and the U.S.

Perhaps the answer to the discrepancy lies in the budget differentials? In the U.S., DHS has a current budget of between $45 and $50 billion annually. This is the total budget that covers operating and capital spending requirements, including funding the establishment of Federally Funded Research and Development Centers (FFRDC). These tend to be large, very specialized facilities for specific Homeland Security projects such as testing labs for biological threats. In Canada, the annual budget for national security is, according to the 2006 figures, $1.4 billion, spread over two years.

So far, very little of even this paltry amount is flowing to Canadian industry – especially technology-based industry – to assist in the challenge of domestic security. Very recently, Garda renewed its contract with the Canadian Air Transport Security Authority (CATSA) to provide security screening personnel at the nation’s airports. Smarter money would have spent the annual $100 million that goes to Garda on technology solutions that could replace the human, and flawed screening function in passenger terminals.

Accessibility Lacking
For the Canadian high tech industry, which should be providing PSEPC with integrated solutions for national security, it is imperative that PSEPC make its leadership available to industry leaders to provide guidance and internal R&D direction that will result in the development of world-class products and systems for domestic security. In the U.S., access to DHS leaders by industry players is just part of the dance. Whether it be “Industry Days” sponsored by DHS, organized association briefings, or the traditional sales call methodology, the program and portfolio managers within DHS are constantly in view of the contractors. They use these interactions to provide feedback on upcoming procurements as well as to get new ideas on homeland security solutions that are then turned into competitive procurements.

More specifically, DHS will, from time to time, issue Broad Area Announce­ments (BAA) that are designed to elicit industry feedback on what capabilities are extant in the commercial world that would be useful to the Government. On the basis of the BAA results, the DHS prepares a full and open RFP. Companies in the U.S. are also encouraged to submit unsolicited proposals and “white papers” that reflect leading edge thinking in ­industry. These often result in full blown procurements.

Again, in contrast, the Canadian national security authorities within PSEPC and its agencies do not encourage communication with industry players. In fact, at least in the previous Federal Govern­ment (and no evidence exists to suggest things have changed much), “there is no mechanism for taking in unsolicited proposals from industry.” This statement was made in a letter to me by the former Deputy Minister of PSEPC. Also, in one of the key PSEPC agencies, a Crown Corporation, while the President was referring industry members to the V.P. in charge of technical innovation, that V.P. level executive made it very clear to everyone who attempts to set up a capabilities briefing meeting that she would NOT meet with industry representatives.

And don’t think that because you have reached a senior level in your organization that this will make any difference …. it won’t!

The clever marketer will always find ways around the senior bureaucrat’s screening process. So, a peek at upcoming conferences and symposia where the country’s national security status and plans are being discussed should provide an opportunity for the persistent business development executive to tag a government speaker around the coffee run right? Wrong! At a recent AFCEA defence and security conference in Ottawa, a new avoidance technique was demonstrated. If senior government officials don’t show up for the event, they don’t have to be bothered by those pesky industry folks. So, instead of showing up at the allotted keynote time – or sending a departmental sub – word came that the ADM was “on French” and therefore unable to make the awaited ­address to the information-­hungry crowd of industrialists.

Sometimes, even when they show up at meetings, they do so without the necessary knowledge. I recently sat in a meeting with a director general from Canada’s security department and tried to understand where, in this official’s section, there could be room for industry to get involved and contribute to the cause of emergency preparedness for Canada. As it turned out, this particular official did not know what budget was available for protecting Canada’s critical infrastructure assets from natural or man-made threat.

Fire All Guns
So what, then, is the answer? How is it possible for an industry player to have a dialogue with the safety and security managers in our national government so that the requirements for solutions to our national safety and security interests are defined by the best minds in both the private and the public sector? To say that the input from industry must not influence a decision involving public funding indicates an incredibly naïve and dangerously ineffective attitude of arrogance on the part of some members of government.

A new dialogue and development directive is needed for PSEPC. In my view, major cultural changes are necessary among the top civil “servants” at PSEPC. The leaders in that department must recognize that Canadian Industry is part of the solution team – not an impediment to our National Security and Prosperity challenge. For this to work, we must increase open dialogue, minimize surprise and eliminate paranoia.

Canadians expect no less – so let’s step back, grab a new sheet of paper, and get it done ‘right’ now.  

Major (Ret.) Harold Bottoms is an Ottawa-based consultant.
© FrontLine Security 2006



Are Canada's Offshore Platforms at Risk?
© 2006 FrontLine Security (Vol 1, No 2)

Canadians have been forced to learn a great deal about National Security in the four years since 9/11. However, it is only since the London bombings in 2005, and the 2006 wartime deaths of a Canadian diplomat and Canadian soldiers by the al Qaeda-affiliated Taliban in Afghanistan, that we have collectively (and reluctantly) ventured into the macabre risk-management equation of security against global militant Jihadist terrorism.

As we study the security landscape of western nations, it is apparent that energy is a vital resource that drives the ­eco­nomic engine of modern society, with oil and gas heading the list of key sources. Petroleum-based energy is so important that the United States, the world’s thirstiest energy consumer, is altering legislation this year to allow drilling for oil and ­natural gas in areas of the outer continental shelf that have been protected until now.

The vulnerability of oil production fields, port storage facilities, and pipelines, as well as offshore drilling platforms, can be viewed as a weakness in our inter-connected critical energy infrastructure systems that allow the free flow of petroleum to energy-hungry nations.

Let us examine the potential threat to Canadian offshore platforms and the security approach taken in Canada with a view to assessing the adequacy of present security measures concerning offshore platforms.

Global Jihadist Terrorism – Threat to Energy Infrastructure
In late 2004, al-Qaeda openly proclaimed a strategy of harming Western economies by disrupting oil supplies and causing prices to soar. Intelligence expert, Martin Rudner, Director, Centre Intelligence & Security Studies at Carleton University, in his upcoming article Protecting North America’s Energy Infrastructure Against Terrorism, focuses our attention on the interruption of the world’s crude oil supply as a main piece of a seven-stage, twenty-year grand strategy of the modern jihadist movement. If the terrorist “movement” follows this grand strategy, all energy infrastructure in western countries, particularly oil energy infrastructure, will be at risk. As we have already seen in Iraq, where the first stage of aggressive terrorist insurgency has taken place against the oil industry, this assault includes attacks on oil pipelines, trunk lines, refineries, oil wells, and offshore oil platforms.

It is not just Iraq that is feeling the threat to energy infrastructure. A recent maritime threat assessment from the Australian government stated that al-Qaeda and its associated groups, Abu Sayyaf in the Philippines and Jemaah Islamiah in Indonesia, have a capacity to conduct significant terrorist attacks, including against maritime interests.

Alexey Muraviev, an Australian security expert, has concluded that terrorists have the operational capabilities to mount an attack at sea. He notes that these capabilities could be directed against a variety of targets including coastal and offshore infrastructure – specifically offshore oil platforms.

These findings, and other assessments by Australian intelligence agencies, convinced the Australian government, in 2005, to invest significant resources that are focused on the security of offshore oil and gas platforms. This series of linked initiatives resulted in an integrated approach. Energy is deemed so important to Australian economic well-being, and the threat is perceived as direct enough to provoke major national expenditures to mitigate risk against the threat of terrorist attacks on these facilities.

In a more global perspective, it should be noted that President Vladimir Putin will make energy security the theme for the G-8 Meeting in St. Petersburg. After concerns over Saudi Arabia, Iraq and Iran, experts are starting to focus on Nigeria, a country that pumps over 2 million barrels of oil a day and has recently experienced rebel militant attacks against offshore oil rigs in the Gulf of Guinea. As Harlan Ullman of the Washington Times states, “with a population of about 130 million, half of whom are Muslim, and a tragic history of civil war, inter-communal violence and endemic corruption, it would be foolish to think that jihadists somewhere do not have an eye on Nigeria.”

The case can be made that the lonely offshore platform is perhaps one of the easiest infrastructure targets of all. There are thousands of oil platforms around the world; the U.S. alone operates over 4000 along its coastlines. While they form a technical network, from a security perspective these lone targets are simultaneously vulnerable to attack from above and below. Controlled access to the platforms has been often found lax or non-existent. Thus, a well-placed explosive on a supply boat or ocean tug which carries supplies to the oil rig, or a guided missile from any sort of passing vessel or aircraft could instantly produce a huge fire, loss of life, technical destruction, environmental ­hazard, and economic losses that could cause market upheaval.

Harbours providing port storage facilities are also at risk of being targeted for attacks.

Gaps in protection against threats to offshore energy infrastructure represent important vulnerabilities in a nation’s security fabric. In the Critical Energy Infrastructure Protection Vulnerability Matrix that Dr. Rudner presents, the indicators of threat and vulnerability emphasize the relatively high level of terrorism risk accorded to offshore platforms and other key energy infrastructure.

In this matrix, the criticality of an attack on offshore platforms is assessed as High. This means that the results of such an attack would significantly impact a country’s well-being. Moreover, as Dr. Rudner points out, the criticality of energy infrastructure extends far beyond purely economic concerns. “The consequential effects of a terror attack on North American energy infrastructure would likely reverberate on public confidence in the ability of government to protect core national interests, and on neighbouring countries’ willingness to depend on partners for national security generally, and for energy sourcing in particular.”

In the context of criticality for Canada, the worst case scenario would be the destabilization of the sustainability of North American energy integration. Therefore, high risk due to ongoing vulnerability could have the effect of convincing other friendly governments, especially the United States, to tighten controls on cross-border movements of goods such as oil, and to seek more dependable sources elsewhere. Inaction, in the case of improve­ments to security to critical energy infrastructure – including offshore oil platforms – is an irresponsible gamble indeed.

Offshore Energy Industry
Canada’s total oil production was 3.1 million barrels per day in 2004, making it the seventh-largest oil producer in the world. Canada sends over 99% of its crude oil exports, and some 56% of its natural gas production to the United States. It is important to note that American and Canadian natural gas and oil grids have become closely interconnected, with Canadian natural gas supplying an increasing share of the total U.S. demand.

From the economic perspective, Newfoundland has undergone tremendous growth in its provincial economy due to developments in the offshore oil industry. There are considerable, proven offshore oil reserves that are primarily found in the Jeanne d’Arc Basin, east of St John’s Harbour. The three oilfields in this basin are the Hibernia field, the Terra Nova field, and the recently opened White Rose field. The coast of British Columbia also contains significant reserves; however, due to a federal ban on offshore oil activities, there has been no production to date.

Natural gas deposits can also be found on the Atlantic Coast. The Scotian Basin, off the coast of Nova Scotia, for example, is the center of production, with the Sable Island Offshore Energy Project at its heart. Offshore oil operators in Newfoundland predict they could also produce sizable natural gas volumes from their reserves. Moreover, the Mackenzie Delta boasts a sizeable arctic frontier natural gas deposit. It is predicted that offshore platforms will blossom there within the next ten years.

Offshore Platform Security
Though the oil and natural gas industry is thriving and represents a significant percentage of the nation’s GDP, legislation for operating offshore platforms has not been updated since the late 1980’s – at either the federal or provincial levels. Felix Kwamena of Natural Resources Canada (NRCan) concedes that the focus of the federal legislation and the accords with Newfoundland and Nova Scotia were written for a different era, focusing primarily on safety and the environment – with no mention of security from the terrorist threat that now exists. Furthermore, neither the National Security Policy nor the existing Position Paper on Critical Infrastructure Protection Strategy mention offshore platforms as a particular concern.

There is, of course, the recently-­promulgated International Shipping and Port Security (ISPS) Code that brings a standard security and risk-management formula to the maritime communities around the globe. Also, there has been some good work from DND in the standing up of the Maritime Section of Joint Task Force Two (JTF2), which falls under the command of the new Special Opera­tions Forces Com­mand (CANSOFCOM). Part of this highly-trained special forces group works on the water, practicing anti-terrorist tactics on merchant ships, port facilities, and offshore platforms. While there has been some coordination between authorities over employment of this capability, there are challenges of distance, pre-placement of equipment, and frequency of training in the various venues of their mandate.

While the National Security Policy and the Position Paper on Critical Infrastructure Protection Strategy mention energy security as a concern, jurisdiction over the energy industry is a shared responsibility between different levels of government and between the public and private sectors. Security, law enforcement, defence, administration, regulatory authority, and emergency preparedness are similarly spread across various departments and agencies. As a result, not unlike other infrastructure challenges, the road to change is a difficult one that will take top-down direction to coordinate (and much practice to prove effective).

It should be noted, however, that NRCan has been collaborating with other federal departments, the provinces, and private industry to update legislation concerning offshore platforms. The problem here is that, try as they may, NRCan cannot move the file forward to Cabinet. The linkages of this proposed legislation to several existing Acts, including the Public Safety Act and the Marine Transportation Act, and to current Public Health initiatives, have caused delays and distanced the issue from the priority flow of items that compete for Cabinet review. Unless the situational awareness of federal decision-makers is raised, the legislation to secure offshore platforms could languish for several more years.

As Dr. Rudner states, “offshore production platforms may be vulnerable to assault from sea or air…. Alas, gaps in protection represent vulnerabilities to determined terrorists.” Canada’s oil and natural gas platforms are isolated and have no security forces on-site. Further­more, military or law enforcement assistance is far-away and not regularly exercised. Most importantly, legislation and policy at both federal and provincial levels is out of date and does not lay complete ground rules for the protection of offshore platforms which should include such measures as: the prevention and mitigation of terrorist attacks; crew training for reaction to attacks or natural emergencies; a rapid-reaction, on-site response capability against attacks; and the organization for recovery from an attack in the energy network across the relevant coast.

This issue calls out for debate. Other like-minded countries with offshore platforms have created separate national strategies based on the protection and security of these precious assets. Even if threat assessments reveal that the actual threat to Canadian offshore platforms is low, it would seem to be in the national interest to have the debate and take steps to knowingly insure this important and growing portion of our economy from a possible future threat.

Finally, a follow-on document to the “security framework” provided in the National Security Policy could be undertaken to give Canada its first true national security strategy. Perhaps to be entitled the “Canadian National Security Strategy” (to differentiate it from the American National Security Strategy), this document would embrace a strategic approach across the pillars of society and would highlight, among other things, critical energy infrastructure protection as a significant concern.

Peter Avis is Director General, Requirements on the new Strategic Joint Staff at the Department of National Defence.
© FrontLine Security 2006



From Response to Prevention
© 2006 FrontLine Security (Vol 1, No 3)

In the fall of 2001, Canada’s federal government took steps to enhance preparedness through new programs and funding aimed specifically at countering terrorism.  In its budget of December 12, 2001, the government committed $7.7 billion to bolster defences against terrorism which could have devastating affects on national security, the economy and collective psyche.  Of this funding, $170 million was given to the federal S&T community to address Chemical, Biological, Radiological, Nuclear (CBRN) hazards or weapons of mass destruction (WMD). The strategic intent of the S&T investment is to ensure as complete coverage as possible of all phases of emergency preparedness, response, mitigation and recovery, and removing any gaps in our nation’s response capability.

June 2006 - CFB Suffield, Counter Terrorism Technology Centre - Fire-fighters on CBRN exercise perform decontamination procedures in the decon tent. (Photo: Ted Ostrowski. DND)

Decision-making is always influenced by current events, and the choice of where to direct 2001 funding was no different. At the time, the collective sense of the S&T and response communities, the government and the population was that it was important to be able to respond to, and mitigate the affects of CBRN attacks. The initial and logical S&T approach was to apply existing expertise and knowledge into applications related to this “new” area of counter-terrorism. These were found mostly in the areas of response and mitigation.

S&T Approach to CBRN
The government then created the CBRN Research and Technology Initiative (CRTI) to use S&T to deal with such terrorist hazards. Launched in May 2002 as a collaborative horizontal initiative of 14 science or national security based departments and other agencies, its mandate was to “strengthen Canada’s preparedness for, prevention of and response to a CBRN terrorist attack through science and technology.” CRTI was based on four fundamental and unique premises, it was to be: 1) based on scientific risk assessment, 2) led by federal laboratories, 3) organized in laboratory clusters, and 4) subject to competitive project funding.  

Scientific Risk Assessment
The initiative was based on a consolidated risk assessment, where scientific and intelligence communities collaborated on the assessment of threat scenarios, technical feasibility, potential health, economic and psychosocial impacts, and threat. Through this process, the community determined the areas where S&T could make the greatest contributions. Nine areas were identified as categories for S&T investment:

  • Laboratory cluster management and operations;
  • Collective command, control, communications, coordination and information (C4I) capa­bil­ities for CBRN planning and response;
  • Equipping and training First Responders;
  • Prevention, surveillance and alert capabilities;
  • Immediate reaction and near-term consequence management capabilities;
  • Longer-Term consequence mgmt capabilities;
  • Criminal investigation capabilities;
  • S&T dimensions of risk assessment; and
  • Public confidence and psycho-social factors.

Led by Federal Laboratories
The country’s CBRN expertise traditionally resided in federal government laboratories. But until 2001, most labs did not have mandates to deal with terrorist use of their respective hazards. The CRTI community recognized that the best way to ramp up this expertise would be to apply the existing knowledge to new threat areas. This was a necessary shift in S&T federal government leadership, which previously focused primarily on policy, with the bulk of the research contracted to established industrial and academic sectors. In the new model, federal government laboratories would actively engage in the S&T developments.

Laboratory Clusters
Laboratory clusters were created as hybrid “communities of practice” to bring federal government experts together to create new domains of expertise in CBRN counter-­terrorism S&T. Initially grouped into the hazard areas of Chemical, Biological, and Radiological/Nuclear, a fourth Cluster was added in 2005 – the Forensics Cluster. As communities, the individual and “pan” clusters were tasked with determining how they could increase Canada’s S&T preparedness and support to the operational and policy communities. They were assigned the additional collective responsibility of selecting technologies to upgrade the response level of federal laboratories.

Competitive Project Funding
Of the original budget for the CRTI, $160 million was designated for project funding. Projects were selected through a com­peti­tive process on the basis of their relevance, investment criteria, innovativeness and the required expertise on the project team.

 There were four types of ­projects: Research & Tech­nology Development (RD); Tech­nology Acceler­ation (TA); Technology Dem­onstra­tion (TD); and Technology Acqui­sition (AT).

RD projects focused on filling S&T gaps and creating new knowledge; they required at least two federal government partners to ensure cross-fertilization of ideas. TA projects injected funding into technology that was close to market readiness, to get it into operational usage; these required at least one federal and an industrial partner. TD projects were similar to TA projects, except that they would leave behind their technology for an operational partner (such as an airport authority, or police). AT projects were selected by the Laboratory Clusters and were intended to combat laboratory rust-out.

The Emergency Response Spectrum
The challenge for developing a comprehensive S&T strategy is to identify and link hazards, targets and key processes to enable prevention, preparedness, and response. This Cycle shows the cyclical nature of any emergency, whether an accident, a natural disaster or an act of terrorism.

Adopting this PSEPC model allows for a more commonly coordinated approach where many elements of emergency management can be identified and applied for best mutual effect. Assuming the starting point is in “Mitigation and Response,” one can assign response requirements, indicated by arrows, to each phase of the response cycle.

The need to assess and reduce vulnerabilities and develop policies, procedures, standards and training for responders is part of readiness measures. As the cycle moves from readiness to response, emphasis moves to event detection, ­characteriza­tion, and consequence management. When events originate from a terrorist or criminal act, forensics and criminal investigation requirements increase.

The cyclical process fosters a learning approach where lessons are incorporated into future planning, miti­gation actions, and response procedures. While S&T itself contributes to each of these elements, an “R&D program” would be found principally in the Mitigation quadrant of the Public Security Framework cycle to reduce vulner­a­bility and enable response throughout the cycle.

3 to 5 Point Continuum
As in the PSEPC model, above, the traditional response spectrum is usually described as a three to five point continuum. Typical components are: prevention, preparedness, response, recovery and mitigation. PSEPC has defined the ­following phases for emergency management planning:

  • Prevention / Mitigation
  • Preparedness
  • Response
  • Recovery

The U.S. Department of Homeland Security’s National Incident Management System (NIMS) follows a similar pattern.

This model is very useful in emergency management planning, and illustrates how the components are interactive and interdependent within the cycle. It does not, however, suffice when analyzing the role that S&T has in mitigating or eliminating the impact of a terrorist event in each of the potential stages. An ­alternate view to this traditional circle, the Event Horizon, indicates opportunities for S&T to intervene.

The –3 TO +3 Event Horizon
When looking at the course of a potential terrorist event, there is a continuum in time during which proactive or reactive response may be required. Mitigation, preparation, and prevention can play roles in every stage of this model. What makes it different is the focus on people skills and contributions.

l–3 Community Knowledge
Preparation at this stage consists of activities that gather all available knowledge and experience to anticipate and understand the threat, its components and mechanisms for prevention or mitigation. It involves education and participation of the wider community, such as in community policing and public health and well-being. Examples of S&T which might contribute at this stage could include: all-risk assessments, including CBRN weapons, or human factors research to determine terrorist motivating factors.

l–2 Enforcement and Inspection
The next phase is proactive. It involves taking steps to stop an event from occurring and to protect either life or infrastructure from being effected from a future incident. Examples of S&T in this area could involve: vaccine development, detection of agents before they have been deployed, early identification of threats during routine food supply inspections.

This phase also requires a more focused awareness of WMD threats by government employees whose daily tasks include enforcement, inspection, and investigation. This type of awareness program could also be directed towards health professionals.

Examples of this type of program would be intern/recruit/cadet/entry level training for emergency responders in all professions.

l–1 Focused Intelligence
This stage includes applying skills or activities just prior to a planned terrorist event which could prevent or reduce the impact of the attack. Activities require an alert mechanism and the specialized knowledge to base appropriate decision-making and actions. Surveillance and detection S&T would be used to identify the presence of weapons before they are launched or able to reach the intended ­targets. The well directed use of S&T can also assist in detecting CBRNE (Chemical, Biological, Radiolo­gical, Nuclear and Explosives) materials in the possession of potential terrorists, where the materials have not yet been converted to weapon form.

l0 Incident
“Ground Zero” signifies the terrorist event as it is occurring. This could involve the first transmission of a bio-terrorist incident, the explosion of a radiological dispersal device (dirty bomb), or the release of a chemical agent in an enclosed space. S&T at this stage would address very precise requirements such as shutting down ventilation systems. In order to be of use at this stage, systems must be fully automated to be triggered at sub-second speeds.

l+1 On Scene Response
Immediately after a terrorist attack, the first responders will most likely be non-specialized personnel without training in CBRN response. They would probably consist of regular fire, police and ambulance staff. They could also be veterinarians, food inspectors, or front-line hospital staff. It might not suspect or know how to identify the weapons or effects without receiving a pre-warning. Mitigating the effects in this phase might involve S&T decision support tools or animal health tools. Detection tools implemented at this stage, such as radiation dose rate monitoring, would have to be low cost to allow for broad government distribution (all levels) and integrated into equipment already being used by the functional groups.

l+2 Specialized Response and Recovery
By +2 on the Horizon, it will have become obvious that the situation is of a CBRN nature and requires specialized assistance. Specialized responders will be called in, initially at the local level and then at provincial and federal levels. Very specialized equipment and therapies will be required to respond to unfolding events. In this stage, recovery operations are initiated to protect and secure lives and infrastructure. S&T could contribute by developing specialized protective personal equipment or prophylaxis for CBRN agents. The collection of forensic evidence could start here, as some types of evidence will be time-dependent. Examples of useful S&T would be multi-hazard evidence ­col­lec­tion containers with scalable sizing.

l+3 Recovery and Remediation
In the final stage, recovery continues but shifts to remediation which is to return the subject of the attack to pre-attack status, or as near as possible. S&T in this area would focus on decontamination and restoration of facilities or the mitigation of economic effects.

CRTI Projects Compared to the Event Horizon
The CRTI projects in the RD, TA, and TD categories were assessed according to the –3 to +3 event horizon. The analysis clearly showed that most projects focused on the latter portion of the event horizon, particularly in the Specialized Response and Recovery phase (+2). The Recovery and Remediation phase (+3), and the On-Scene Response phase(+1) followed respectively. The Event phase received no concentration of projects at all, being very difficult to address. The three pre-event phases received less attention than the post-event phases even though it was shown that some S&T projects prepared for a later phase could also contribute to the Preparation phase (–3).

Results showed that most efforts were in specialized response and recovery, which provides people in those groups with much clearer and more precise targets for investment than were known in 2001.

The majority of investment has been in response to gaps which affect after-the-fact capability and preparedness. It is now time to examine and adjust the focus of the S&T community to support more directly the efforts that will reduce the risk of a WMD terrorist incident occurring. These areas of vulnerability must be exploited by intelligence agents and investigators to foil the plans and arrest and convict the perpetrators.

S&T can play a role in the detection of attempts by potential terrorists to acquire skills. The S&T community can make significant and meaningful contributions by supporting and leading projects targeted towards the detection of WMD materials. S&T can also impact risk ­reductions by contributing to a public and government awareness campaign.

Sheldon Dickie a is Forensic Portfolio Manager with the CRTI Secretariat. He is on secondment from the RCMP.

Cam Boulet is a Chief Scientist with DRDC, based in Ottawa.

Susan McIntyre is a Knowledge Manager at the CRTI Secretariat.

Contributions from: S. Friesen, A. Goudreau, T. Sykes, N. Yanofsky, H. Spencer and Gen(ret’d) Clive Addy.
© FrontLine Security 2006



Privacy & Security
© 2006 FrontLine Security (Vol 1, No 4)

In a world plagued by terrorism, identity fraud, hackers and other security risks, there is a question of whether we need to give up our privacy to gain security. Canadians should refuse to enter this debate, because this is the wrong question if we seek to find a balance between our right to privacy, need for personal ­security and desire to conduct business electronically.

We routinely make decisions about our privacy and security, usually subconsciously. Over the past fifty years, Canadians have made choices that led to the installation of locks and deadbolts on our doors, as well as security systems for our homes and cars. We fingerprint our children. We buy and use firewalls and virus protection for our computers. Many of us worry about buying on the Internet. Canadians are rightfully cautious. This caution prompts us to keep personal information private, but now we must view privacy in a new light, because of the new risks we face.

My information is private, but if I don’t know and trust you, I wonder what you are hiding. Are you simply trying to keep similar personal information private or are you hiding a secret that could hurt me? How could anyone sit next to a stranger on a plane without asking that question these days?

So, personal privacy must be viewed in context. It is also important to accept that privacy is not an “all or nothing” condition. For example, we want to keep our financial information private, but we expect credit card companies to tell us where, when and how much money we charge. We would not likely pay a bill that simply provided a total amount for a month. Security also ranges from low to high, depending on many factors. When we accept that both privacy and security cover a span, we can accept that a balance between them can be reached. Even then, the balance will differ depending on the risk to be mitigated.

The New Risks and Necessary Changes
In this world there are still small communities where our face, handshake and word are all we need. Unfortunately, most of us don’t live in them. Today, we live, work and shop in a global community where we may question the identity of anyone we don’t personally know. We are more aware of and concerned about the rapidly growing threat of identity fraud and the vulnerabilities of the cards we carry in our wallets and databases holding our personal information.

In the past we focused on proving whom we were and what we were entitled to do, using passports, drivers licenses and other forms of card identification as proof of our identity. We didn’t worry about anyone impersonating us, but now it is too easy and profitable for people to steal or defraud our identities and pretend to be us. In fact, this is the fastest growing consumer crime of the decade and costing us as Canadians as well as our governments and corporations, so balancing privacy and security is a concern for all of us. Also, although many Canadians are experienced enough to ignore phishing and pharming emails, where fraudsters attempt to steal personal information to commit identity fraud, how much time every day does it cost each employee to deal with these emails? This is an increasingly expensive overhead. When someone does have their identity stolen, many of the steps they must take to repair the damage, are done in business hours. This too impacts an employer and ultimately consumers.

Governments suffer the same problems, as well as financial losses when government benefits are defrauded through identity fraud. The problem causes not only financial losses, but also a loss of reputation and goodwill for companies and political embarrassment for governments, as Canadians ask why more isn’t done to protect them. Disclosure laws, such as those in California, require organizations to notify their customers when there has been a breach of personal data. In a growing number of cases, employees, contractors or other third party service providers are involved, leading us to understand that we must not only protect data from external hackers, but also provide our own staff with identification that both controls their access and privileges to data and helps prove them innocent when a breach occurs.

In spite of these risks, we want to take advantage of global business and information opportunities. That means you must be able to properly identify yourself in order to travel, bank, shop and work. The same is true of the companies and governments doing business at the other end of the network connection. All parties see significant advantages to ­conducting transactions online, but that requires consumers to trust systems with varying degrees of their personal information. To do that, our ID must be counterfeit and tamper resistant and we must start to insist on ID where it wasn’t required in the past. We must also use ID that is capable of taking personal information off the face of cards and keeping it private and secured. Take a look at all the personal data on your driver’s license. An identity thief could make good use of it. We must also ensure that anyone presenting ID is the legitimate owner of it. Just having physical possession won’t be good enough.

Where it was once enough to control an employee’s access to buildings and offices, employers now need to look at corporate data with the same concerns.

The concept of controlling who may access data and what they can do with it is not new. That was always the case with mainframe computers. Not everyone with the right to use a specific mainframe application could access other programs. For example, if you were an inventory control clerk, you wouldn’t be able to get into the payroll system. If you were the payroll clerk, you would be restricted to certain functions and changing your own salary likely wasn’t one of them. When we went from mainframes to PCs many of these controls were lost. With today’s networked world and the value of data, it is time to re-introduce them.

Another risk is that of terrorists using false or stolen identities to attack our infrastructures. We must ensure that these people do not hide behind “privacy” to camouflage themselves. Again, we need to find a balance.

Technology, Policies and Procedures
Mitigating these and other risks and the desire to pursue opportunities has led many corporations to use advanced card technologies to provide secure and convenient physical and logical access. The same technologies are being used today to provide privacy enhancing ID. These mature technologies help find the balance we seek, as well as provide new convenience for Canadians.

There are two advanced card technologies in use in Canada. The first are smart, or chip cards. These use computer chips that sit on credit card-sized pieces of plastic and are being used throughout the world to provide new levels of security. They are highly counterfeit and tamper resistant and much of their strength comes from the fact that the computer can play an active role in enforcing security and privacy rules.

They can also carry biometrics, such as iris, face and fingerprint identifiers. These can be compared against the person offering the card to ensure that the ID does belong to the presenter. Where privacy is a requirement, the match is done on a one-to-one basis between the card and the person, not between the person and a database with multiple records. This additional security can help reduce identity theft.

The same is true of the second technology, optical or laser cards. Although they do not have a computer chip, they use a “write once – read many” technology capable of keeping an audit trail. These cards have a large data capacity and can carry multiple biometrics in addition to other data.

Both are capable of employing digital certificates. These are card technology platforms that support applications. Hybrid cards are available with both smart and optical interfaces. Privacy Impact Assessment and Design tools are available for applications using both these platforms from www.actcda.com.

Many governments throughout the world are turning to these technologies to provide security for applications that will combat fraud and identity theft, while delivering far more privacy protection for the identification we carry in our wallets.

Financial institutions throughout Canada are also moving our credit and debit applications to chip platforms to enhance security.

We have to look to technology to protect us, but in doing so we must maintain our ongoing rights to protection of privacy. As technology is employed we have the right and the obligation, to ensure that the new technologies do not expose us to new risks. We must educate ourselves on the ways in which new technologies can be used for privacy protection and ensure that we have sufficient information to understand the risks, opportunities, benefits and technologies associated with new programs.

Furthermore we must always be aware of public and corporate policies and be ever vigilant that they are equally committed to preserving our privacy and security. It is important to recognize that technology is only a tool. Whether it is employed for good or bad purposes is determined by someone’s policies, procedures and intent. Focusing on technology in isolation will serve none of us well.

The principles of privacy do not change to any great degree but new technologies enter the market place with great speed. Unfortunately, the risks that we face from those who would do us harm grow with each passing year.

If we continue to ask questions and debate issues such as “privacy versus security or technology” we will be our own worst enemies. We cannot divert our attention from the real issues of risk. The question and the debate should be on how well and how soon we will use all the tools at hand, including technology, to protect our privacy and our identity. Only when we demand a balance between security and privacy will we start to protect ourselves.

Catherine Johnston is the President and CEO of the Advanced Card Technology Association of Canada. She is also Chairman, International Smart Card Associations Network (ISCAN)

ACT Canada, the Advanced Card Technology Association, provides a neutral forum for stakeholders to learn, share information and pursue their goals. Domestic and international members benefit from access to information, networking and market analysis. A non-profit association founded in 1989, ACT Canada is internationally recognized as a reliable source of information on advanced cards and the Canadian marketplace. For more information please visit www.actcda.com
© FrontLine Security 2006



Counter Terrorism Technology Center
© 2006 FrontLine Security (Vol 1, No 1)

While the risk of a Chemical, Biological, Radiological, Nuclear (CBRN) attack is small, the consequences of such an attack are enormous: the public’s perception of personal security, and the enormous costs associated with detection, identification, treatment of affected persons and cleanup ensures that this risk must be mitigated by preparation. Timely and reliable identification of suspect areas and materials is also essential to minimize risks of exposure, costs of cleanup and threat to public security.

US marine ChemBio Incident Response Force troops await personal decontamination after completing live chemical agent training at CTTC Suffield. (Photo: Ted Ostrowski, DND)

The Counter Terrorism Technology Centre (CTTC) is the latest iteration of a continuing tradition at Suffield to provide Science and Technology support to the Canadian Forces (CF) and the wider Public Safety community. Taking the knowledge accrued in research activities since 1941, the lab began its outreach activities at the 1976 olympics preparing the Canadian Forces for a potential CBRN attack in Montreal. From that time on, live chemical agent training has been a key part of preparing the CF and other international military partners for the threat of CBRN weapons.

Just prior to the events of 9/11, senior management at Defence Research and Development Canada – Suffield recognized the need for a stand alone section to answer all of the short term operational requirements related to CBRN events. The CTTC concept was approved and funded in the December 2001 federal budget with a mandate to provide:

  1. Training to prepare the First responder community to deal with CBRN threats;
  2. Test and Evaluation of technologies to detect, protect and deal with these threats;
  3. Forensics and scientific expert support; and
  4. Field support capabilities to eliminate old chemical agent dump sites.

The initial focus of the CTTC has been on training first responders for a biological or chemical incident, and developing guidelines on how to deal with those events. The training builds upon existing skills and provides guidance in the detection, identification, handling and decontamination of threat agents in a controlled field setting. The training is designed to test individual units tactics, techniques and procedures in an environment that is as close as possible to a real incident. To that end a wide variety of field scenarios are available ranging from clandestine labs to caves and a subway platform.

All trainees progress through a series of lab based exercises using Live nerve and mustard agents, Biological simulants and radiological isotopes. They also have opportunities for seminars with scientists currently involved in the research programme. Students will then participate in trade specific scenarios to hone their individual skills prior to participating in a number of exercises as a member of the incident response team.

This unique and flexible approach to training at the advanced level has attracted the top teams in this discipline from across the world including the US Marines, US Army, Australian Army, as well as Australian, UK and American civilian specialist teams. The success of this programme is now moving to a whole new level as the expertise gained in training these groups is being pushed out to South East Asia and other countries as part of a Foreign Affairs Canada counter terrorism initiative. In addition to this civilian training programme, the Canadian government made a commitment to its NATO partners to provide Live agent training to the NATO CBRN battalion. This annual commitment has resulted in almost 1000 troops being trained from over 8 nations.

Test and Evaluation (T&E)
Suffield is a unique facility in its size (2700 sq km), unrestricted airspace, and long history of safe handling of highly toxic and hazardous materials. DRDC Suffield is the only location in Canada permitted to handle chemical warfare agents and has historically accommodated T&E requests if they fall near the scope of their R&D mandate. This work often requires researchers to evaluate products developed in-house against commercial competitors, potentially exposing DRDC to charges of impropriety and bias. The solution to this capability/credibility gap was to create an impartial, independent, fully accredited T&E organization, the CTTC. This arrangement would permit sharing unique facilities and personnel skills while still maintaining the integrity of the R&D program.

Equipment designed for detection, protection, operation and neutralization within zones suspected of CBR contamination is extremely specialized and has a limited market. As such, there are few established or recognized industry standards for CBR testing and evaluation. The CTTC draws on the proven capabilities of DRDC Suffield to test commercially available equipment, products in development and existing or proposed protocols, provides consistent, reliable evaluation and make recommendations for improvements and procurements.  

The CTTC facilitates access by security agencies to the highly specialized expertise and technologies for unambiguous threat identification available at DRDC Suffield. The Forensics lab is composed of a unique Biosafety level 3 facility for handling samples from an incident that require traditional law enforcement forensics but must first be cleared of any CBR evidence and contamination.  This unique lab is part of the CDC Atlanta’s Lab Response Network and in conjunction with the resources found in the main lab, can offer the widest spectrum of sample analysis techniques.

Toronto Chemical, Biological, Radiological and Nuclear (CBRN) response team practices patient decontamination after a mass casualty exercise. (Photo: Ted Ostrowski, DND)

CBR hazards require highly specialized handling for safe cleanup. Government regulations mandate that sites previously used for the storage and destruction of Chemical weapons stocks be brought up to current environmental standards. The CTTC marshals the proven capabilities over dozens of clean up operations in the last 30 years to ensure site remediation and decontamination of these complicated high risk sites are completed safely. The same skills that allow scientists and technicians to operate safely in the “Hot Zone” also provides them a unique edge in this environment. In the coming years the CTTC will be leading the final remediation of several sites remaining at Suffield as well as provide subject matter expertise for other potential sites across Canada as part of the Warfare agent destruction programme.

The Future
While the CTTC is new and rapidly growing section at DRDC Suffield there remains room for additional growth. The Suffield Centre for Operations in Urban Terrain (SCOUT) is the next horizon for the CTTC. This concept will see the section take advantage of the explosives and robotic vehicles expertise residing in the Lab to provide a test bed for Urban operations concepts in a fully instrumented, multi-hazard facility. This facility will provide high level concept development opportunities for Canada and its NATO partners as well as the domestic First Responder community.

Major Rodger Sloan is the Director of the Counter Terrorism Technology Centre (CTTC).

PHOTOS: Defence R&D Canada - Suffield
© FrontLine Security 2006



Corporate Security is between the Pneumatic Chair and the keyboard.
© 2006 FrontLine Security (Vol 1, No 2)

You don’t need to be reminded that the bulk of security-related incidents that you face are sitting in your own office chairs. Although between the years the 2001-2004 CSI-FBI Computer Crime & Security Survey noted that “unauthorized use of computer systems” was on the decline with regard to financial losses, the same survey has now noted an increase in 2005.  Insider abuses of Net accesses were attributed at 56%, up from 53% the previous year. In attributable loss, the overall numbers showed a decrease in 2005 to $130 million from 141 million, but $130 million is a very significant figure! A tremendous number of security issues fall into this area, and it stands to reason that you should have more control.

While respondents of the survey all noted in favour of security awareness, the material did not gauge exactly how many were actually conducting an awareness program.

Your organization’s Acceptable Use Policy is not enough! You may force personnel to read it, and even have an acknowledge button for them to click on the corporate intranet, but they’ll rarely remember or adhere to the content. Why? Because you cannot measure its success. Also, it is safe to say you cannot change an adult’s personal habits with an electronic document.

Of course appropriate policies remains the supporting tenet of any awareness program, but if you really want to mitigate the numbers noted above, you will have to demonstrate ­additional leadership on  the inside of your organization. In the end, you’ll need less Acetaminophen.

Agreat deal of effort goes into protecting the perimeter; at least it should. Hardening firewalls, intrusion detection sensors, servers and protecting other sensitive assets are key. You should consider your personnel resources as an extension of that perimeter. After all, they are the weakest link in the infrastructure; the most susceptible to security issues and basic human instincts. Without the proper tools in place (policy, procedures, awareness, education) they are ill-prepared to be an extension of a proper security program.

Some of the goals of your Security Awareness Program should be to:

  • Put information security and its importance in the forefront of your staff’s mind.
  • Spread your organization’s information security policy and awareness throughout corporate ranks.
  • Get management on the same page as the security department and the staff with executive targeted components.
  • Build security awareness into the technical and development teams.
  • Think differently. Create a paradigm shift in the way your organization’s staff views its business process and how it should be protected.
  • Make Security Awareness enjoyable for everyone. Get significant ‘buy-in’ from the entire corporate target audience.
  • Target the three major groups within your organization: Management, Technical Staff, and all other workers and business partners.
  • Build Cyber Security, Physical Security and People Security into a coherent approach where the goal is to teach behavioural and environmental awareness according to company goals and policies.

So, what’s in it for you? You’ll ask this question at some point. Why would you spend the money on an IT Security Training program? Let’s put it in language you’ll appreciate. Like the marketing adage “you’ve got to spend money to make money,” there is a distinct Return On Investment from your security spending as well.

While Security ROI can be a contentious issue in and of itself, here’s a top five ROI list, or a “What’s in it for me list” that I developed with some input from a good friend and fellow security guru, Winn Schwartau (www.interpactinc.com):

  • Increased security and audit compliance. This means lower auditor fees and lower insurance rates. Target the CXO’s;
  • Lower development costs and application deployment costs when building ­security in from the beginning. Target the Techs and Execs;
  • Less security snafus (viruses, worms, etc.) when staff is trained to detect and report security events: Target entire staff;
  • More home security tips protect family from ID theft etc. Bring good habits to work, and safeguard network from remote threats. Target entire staff.
  • Less downtime, fewer investigations, more network resiliency, create human firewalls and human IDS.

Measure Success
When developing policies and processes around an IT Security training program, it is equally important to measure its ­success.  Note the following tips:

  • Announce your awareness program from a high management level.
  • Ensure existing security policies and procedures are current, complete, and have been announced to all staff.
  • Lead by example. For instance, a new user is more likely to choose secure passwords if the initial password assigned to him is strong and unique like ‘yT56Bc3c’ rather than something weak and common like ‘welcome’.
  • Demonstrate management’s continuing commitment through follow-up procedures such as:
    • routine desk checks
    • before and after awareness measurement quizzes
    • checking for poor network passwords.
  • Illustrate the importance of secure practices by making regular announcements of actual external security breaches that happened due to poor security awareness.
  • Consider including security awareness as part of the formal evaluation process.
  • Consider implementing a security improvement suggestion program to further demonstrate management’s commitment.

Like any area of improvement, and given how stretched our resources are, the earlier you demonstrate leadership in the area of security training, the sooner you will realize a return and see some relief.

Like so many other issues that crop up in an organization, for the most part the bulk of security issues can be handled at the lowest possible levels. Not unlike a harassment complaint, which can be often resolved with some minimal mediation between the affected parties, so too can security events by communicating with your personnel.

We are continuously inundated with statistics reminding us that the highest numbers of security-related incidents come from inside the organization. You take your personnel resources for granted; they are all loyal and trustworthy, otherwise you would not have hired them in the first place. However, you still find yourself dealing with issues of inappropriate use, malfeasance, etc. The exposure of these types of incidents can certainly be more damaging than that of a distributed denial of service. You can react appropriately to the latter and it is considered to be a normal risk when conducting ­business on the Internet. The former, however, can cause irreparable damage to reputation, market share and shareholder perceptions that can result in staggering losses.

All of these headaches, for want of a formal policy and guidance for employees that demonstrates leadership, responsibilities and accountability for actions. Sounds like a much easier pill to swallow.

After all, it’s all about managing risk. You have countless more employees than you do firewalls, so it is important to implement the appropriate security program as you would a firewall, and maintain it as you would the firewall rule sets.

Don’t wait for the “teeth” from legislation to catch up to you. Demonstrating some due diligence and leadership can help reduce the number of internal incidents you will have to respond to, while at the same time increasing the base of security-minded personnel who will mentor new generations of employees.

© FrontLine Security 2006



Halton Region's Operation Flu-Phix
© 2006 FrontLine Security (Vol 1, No 3)

Halton Region takes a “no stone left unturned approach” to planning for emergencies. With a population expected to exceed 439,000 by 2007, Halton is a socially and economically dynamic community located in south western Ontario. Its landscape is an integration of rural and urban interests, ­supported by agriculture and industry. From an emergency preparedness ­perspective, there are many challenges – severe weather, spills, and transportation accidents to name a few. The challenge of a lifetime, however, will be a pandemic influenza.

Halton's table-top emergency exercise included Halton's Chief Administrative Officer, Brent Marshall (left), and Commissioner and Medical Officer of Health, Dr. Robert Nosal.

Halton Region’s pandemic influenza planning activities have been substantive over the past four years, since long before the issue hit mainstream media. These efforts have been anything but insular as the responsibility to ensure the health, social and economic welfare of the community must be shared. For any emergency program to be effective, consultation with response stakeholders is critical.   

Late last year, officials in Halton conducted an assessment of the community’s planning efforts through a comprehensive, full-scale tabletop emergency exercise. Operation “Flu-Phix”, the first exercise of its kind in Canada, engaged more than 225 participants in an assessment of response capabilities to address the ­warning, impact and recovery phases of a pandemic influenza emergency.  

“True resilience – our ability to cope – starts with building strong connections between those who will ultimately be responsible for managing any disaster that may occur,” says Halton’s Chief Administrative Officer Brent Marshall. “Our long-standing relationships are what will see us through, whether it’s pandemic influenza or any other type of disaster in our community. Exercises, like Operation Flu-Phix, validate the time and effort spent identifying our vulnerabilities, building upon existing experiences and resources, and establishing a collective strategy for responding to disasters.”

The exercise was not positioned as a static event that would provide a formula or simple solution to a pandemic influenza emergency. Rather, it was a forum to identify any gaps in Halton’s pandemic influenza management capabilities. Clearly defined objectives were communicated in advance to the exercise participants:

  • Stakeholder Relations: To examine the interface between Local Municipal, Regional, Provincial, volunteer and private sector organizations in the conduct of crisis and consequence management activities.  
  • Public Information and Media Relations: To discuss processes to provide timely, relevant and coordinated information and instructions to the community.  
  • Medical Monitoring / Surveillance: To review the capabilities of local medical infrastructure (hospitals, physicians, paramedics, public health) to recognize, identify, monitor and respond to pandemic influenza.
  • Training and Education: To allow the participants to gain a better understanding of their roles and responsibilities and the relationships between various stakeholder emergency response plans.  

The scope and size of Flu-Phix presented several challenges. Inclusive stakeholder engagement was critical to ensure the exercise was practical and meaningful. To achieve this, 35 public, private and volunteer sector organizations were represented, and participants were grouped in sector ­specific areas according to their jurisdictions of responsibility.

The exercise scenario was presented in three modules, each increasing in intensity. As the exercise began, each sector reviewed the first module that presented a scenario outlining the warning phase of a pandemic. The participants worked through a series of questions meant to highlight response and management priorities and identify issues that required resolution. At the end of the discussion each sector took three minutes to report the results of their discussions to the other participants. Those involved gained an understanding of each other’s priorities and issues as they listened to the sector specific reports. The process was repeated for the second and third exercise modules that presented the impact and recovery phases of a pandemic respectively. Throughout the exercise, participants were encouraged to approach other sectors to gather any necessary information to resolve immediate concerns.

Local media interest in Operation Flu-Phix was significant and CPAC, Canada’s Parliamentary Channel, filmed part of the day for a documentary being produced regarding pandemic influenza. CPAC was particularly interested in the extensive stakeholder consultation involved in developing Halton’s response strategy over the past several years.  

The Flu-Phix exercise allowed participating organizations to assess their own pandemic preparedness, while interacting with other community stakeholders. Feedback from the participants indicated they felt the exercise was very valuable and achieved its stated objectives:

  • 80% responded that the exercise identified key gaps in responsibilities for management of a pandemic emergency;
  • 84% responded that the exercise clarified roles and responsibilities; and
  • 82% responded that the exercise increased knowledge about sharing resources and assets.

A number of key recommendations were developed as a result of the exercise that will assist Halton and its partners as they move forward with sustaining and ­augmenting their pandemic influenza ­preparedness.

Among these recommendations is the need to establish processes that will ensure ready access to the materials required to provide essential services to the Region. Other recommendations speak to the importance of coordinated communications among stakeholders.

The exercise validated the need for the ongoing support of senior decision-makers and business leaders to sustain the pandemic influenza planning and preparedness process, coordinate efforts and share information with community partner organizations, and continue to pursue workable solutions to issues that may impact the collective response.

Regardless of the scale, scope or subject, the Halton experience demonstrates that four specific elements must be in place for a successful emergency planning exercise:

  • Identifying in advance those who may benefit from participating in such an exercise;
  • Accounting for the varying degrees of exercise exposure and experience of the participants;
  • Having the full commitment of key stakeholders and senior-level decision makers to actively participate in an open, meaningful and candid fashion; and
  • Developing a comprehensive communications strategy to fully inform, engage, update, and follow-up with stakeholders and the community at large.

“Mock emergency exercises enable us to test the emergency plans, policies and procedures for responding to emergency situations and Halton’s experience in conducting exercises is extensive,” says Brent Marshall. “Operation Flu-Phix took six months to plan, but it confirmed that a table top exercise like this is a very worthwhile endeavour.

“A great deal can be achieved with ­little more cost than the time and energy of dedicated people who recognize the value of established relationships in responding to disasters.”

Kathryn Karcz, M.P.A., is Halton Region’s Senior Emergency Management Advisor.
© FrontLine Security 2006



Identity Management
© 2006 FrontLine Security (Vol 1, No 4)

In Malcom Gladwell’s book of the same name, “Tipping Point” is defined as “the magic moment when an idea, trend or social behaviour crosses a threshold, tips and spreads like wildfire.” It has also become a metaphor to describe the spread of a disease or the acceptance of a new technology.

This article is about connecting the dots between a number of recent events related to the Common Criteria (see sidebar), security and privacy, and the North American Security and Prosperity Partnership program. It’s also about the potential for government, industry and other stakeholders to collaborate to achieve common goals. Identity Manage­ment is seen as the thread that connects the dots and may lead to a “Tipping Point.”

Two Steps Forward and One Step Back for Security
The Information Technology (IT) security community has witnessed a series of events beginning with the spread of the Morris worm to the more virulent strains of viruses and worms that threaten zero-day attacks.

The Fear, Uncertainty and Doubt (FUD) caused by these cyber threats has contributed to the general awareness of the problem. However, none of these ­isolated events or obvious trends has resulted in a serious change in the way that we approach IT security.

The series of Government Accounting Office reports that gave failing grades to U.S. government organizations and similar Auditor-General Reports about Canadian government departments and agencies attest to the fact that governments haven’t yet experienced that “magic moment” that compels them to make substantive improvements in IT security. Similarly, the regulatory and compliance hammers that have been waving around for a number of years have done ­little to change the fundamental and evolutionary way which industry addresses IT security concerns.

Security issues in the IT community have evolved from the bottom up… from system administrator to the boardroom. However, there has been no “Tipping Point” yet in IT security for either government or industry in North America.

In September 2006, the U.S. government National Information Assurance Partnership (NIAP), the organization responsible for the U.S. Common Criteria scheme, announced that they no longer had the resources to evaluate all the products that could contribute to security of their IT infrastructure.

Their focus would be to serve the more traditional customers of the U.S. national defence, security and intelligence communities that had a demand for the higher ­assurance products.

This security community has been, and continues to be, focused on national security issues. However, the reliance on products that have this security “Good Housekeeping Seal of Approval” has now extended to the owners and operators of every critical infrastructure, and every business large and small that relies on the internet for its success. Moreover, the Common Criteria also includes special provisions to deal with many of the very specific requirements of the privacy community. It follows therefore, in America, that someone should have the mandate to ensure that there is a capability and capacity to evaluate these products.

 While the implications of the NIAP announcement are disturbing to many stakeholders on several levels, the reaction so far has come only from those vendors, and consumers who have been directly involved in the benefits of this program. However, the impact of these issues affects a much broader audience than that of the CC program. Thus, these issues should be examined in the context of national programs and the broader ­concerns of government, industry and ­private citize



Protecting our Enforcers

© 2006 FrontLine Security (Vol 1, No 1)

Ensuring the personal protection of enforcement officers is a complex task. Take the need for body armour for example. Canadian soldiers on the streets Kandahar, as they attempt to bring stability to the region and win the hearts and minds of the local populace, or enforcement officers in Canada, as they sprint after armed insurgents, require protection that is lightweight and yet protects against high-energy projectiles. Some might think that light-weight strength requirements are mutually exclusive, but Canada’s scientific community has dedicated years of work to this challenge of improving personal protection options for military and police.

Throughout history, personal protection has evolved to meet increasing threats and differing operational needs. From the crude protection designs using thick layers of animal hides for protection against blunt impacts, to the metal armour of mounted knights protecting them from sharp implements, this evolution continued, until the advent of firearms in the 15th century rendered all previous personal protection ineffective. Although several types of personal body armour were developed and fielded over the next few hundred years, most were only partially effective, intended to protect the wearer from fragments, and incapable of addressing the evolving high velocity pistol and rifle projectiles.

It wasn’t until the 1970’s, with the invention of Kevlar® (an aramid fibre belonging to the nylon family), that true ballistic protection was available in the form of soft or flexible body armour. Not long after, the advent of high hardness and armour piercing projectiles led to the need for improved protection known as hard armour.

Today, protective armour is classified as soft or hard. Soft armour describes the common fabric-based vests worn by police officers, meant typically to protect against lower energy and soft projectiles. Hard armour is commonly used in conjunction with a soft armour vest and is designed to protect against high energy projectiles that may contain hard or piercing-type cores.

Of course, there are several competing factors affecting the design of optimum armour, not the least of which is matching the level of protection to the anticipated threats. These threats can be broadly classified as fragments and projectiles, where fragments take on many shapes and impact velocities.

Projectiles can be classified as soft or ball rounds and as hard or armour piercing, with the kinetic energy (1/2mv2) being a good measure of the aggressiveness of the projectile.

Soft projectiles are lead-filled and deform significantly on impact. Soft or fabric-type protective armour and laminated composite panels can address these projectiles at moderate impact energies. On the other hand, very high-energy soft projectiles, or hard projectiles incorporating hard cores of steel or tungsten carbide, are designed to penetrate such protection. In particular, the high-velocity, large-caliber, and hard-core projectile is considered one of the most aggressive projectiles to challenge personal body armour composition and design.

As the opening examples indicate, personal body armour is designed to protect the human body from ballistic impacts while being as light as possible for comfort and operational mobility. Although it is possible to protect against most projectiles encountered by Peacekeepers and First Responders, mobility requirements focus on lightweight systems and protection of the ­critical areas of head and torso. This trade-off is very important since key ­thorax protection requires hard or plate-type armour, incorporating advanced ballistic materials and different forms of ceramic. This need is becoming greater as larger caliber, armour-piercing projectiles are becoming a more common challenge and thus formed the focus of a multi-year development project aimed at improving armour performance and reducing weight.

Samples of various high energy, piercing-type ­projectiles ­too ­commonly faced by law enforcement officers. For reference, the two projectiles on the left require ‘hard armour’ while the two on the right can be stopped by soft armour.

Let us look at where we are now in this developmental project. Protection from high-energy piercing type projectiles, such as those shown above, requires hard or plate-type armour, which includes a ceramic facing (below) to disrupt the projectile, and a laminated composite backing to stop or catch the debris. This laminated composite backing is made from the same ballistic materials as soft armour, but is laminated with a polymeric matrix material to increase the panel ­stiffness and reduce overall deformation during impact.

The most obvious goal in personal protection is to prevent projectile penetration. The performance of body armour is typically rated using the National Institute of Justice (NIJ) standard, which sets ­limits on the penetration resistance of the armour, and is relative to the measured velocity at which 50% of the projectiles are expected to penetrate the armour. Importantly, even if penetration is prevented, the dynamic deformation of the armour during impact must be maintained at acceptable levels to protect the vital organs in the thorax from trauma.

Significant deformation can lead to blunt thoracic trauma, also known as Behind Armour Blunt Trauma (BABT). Although this is still under investigation in the armour community, past experience of auto crash and blast trauma has shown a significant correlation of trauma levels to deformation rate. For body armour, the dynamic deformation is limited to 44 mm, as measured in a standard clay backing.

Conventional two layer hybrid armour system

Conventional hybrid (hard plate) armour has been used effectively in its current form for many years; however, when addressing high-energy armour piercing projectiles, the weight of conventional armour plate designs is prohibitive.

Conventional Hybrid Armour – the ceramic fractures and disrupts the projectile, while the composite backing stops the resulting debris.

This dilemma led to a three-year project to develop personal protection for a 12.7mm amour-piercing projectile (7.75 kJ energy). Testing began at the component level. Several ballistic ceramic materials including alumina, silicon carbide and boron carbide were investigated using depth of penetration testing to evaluate ceramic impact performance. Upon initial impact, a shock wave is created in the ceramic (see DOP testing, above). A fracture front (damage) follows this initial wave, and the pulverized ceramic material is then ejected. A similar process occurs in the armour-piercing projectile, where an appropriate design will completely fracture the projectile core allowing the composite backing material to ‘catch’ the debris.

Parallel studies involving modeling and optimizing composite backings were also undertaken. The composite backing is intended to catch the ceramic and projectile debris while avoiding penetration and minimizing dynamic deformation. This role can vary greatly depending on properties of the particular fiber, matrix and processing conditions as well as the effectiveness of the ceramic. BABT can also be reduced through the addition of special energy-absorbing foam materials, also known as anti-trauma layers.

Although the individual components are important, the components of the armour system must be designed to work together, and in balance, to minimize weight. Using a conventional design, it was found that it was easy to stop the high-energy armour piercing projectile, but very challenging to stop it well. That is, conventional designs could meet the penetration requirements within acceptable weight levels, but unfortunately, dynamic deformations were significant for the high-energy projectile, and thus required a new approach.

Impact of 9 mm on a composite panel, showing the typical mushroom shape of a soft projectile.

An innovative solution using advanced materials and integration concepts led to a significant reduction in armour weight (as much as 40% compared to conventional solutions) while providing protection from these high energy projectiles. The enhanced system performance was developed through extensive modeling, component testing, and armour system testing.

This new system has allowed us to meet our objectives in providing protection against high-energy projectiles while achieving acceptable levels of dynamic deformation. Future efforts are focused on optimizing this system for combat-caliber, lower-energy projectiles.

What might seem, to some, to be a simple and age-old problem, the optimum protection of the soldier and first responder while allowing them to do their work effectively, continues to challenge the ­scientist and the science of today, but it is a task very much worth pursuing, and improvements are on the way.

Dr. Duane Cronin is an Assistant Professor in the Department of Mechanical Engineering at the University of Waterloo, Ontario. He specializes in Impact Biomechanics with interests in numerical modeling and high rate characterization of materials to understand trauma to the human body and develop Personal Protective Equipment. Dr. Cronin participated in the NATO Task Group on Behind Armour Blunt Trauma and has been investigating improved protective armour through the support of the Ontario Centres of Excellence. More information can be found at his website: www.me.uwaterloo.ca/~dscronin/
© FrontLine Security 2006




Unconcerned and Unprepared
© 2006 FrontLine Security (Vol 1, No 2)

Greg Pellegrino, Global Managing Director, Public Sector, at Deloitte Research, in a Study entitled: “Prospering in the Secure Economy” explains the new secure economy, and the opportunity for enhancing business value by responding through investment in responsible approaches to security.

In so doing, Pellegrino discusses many ‘drivers’ for responding in this way, but cautions that “if the business case for greater security is simply about compliance, the effort ultimately will fall short.” He mentions many other drivers including cost reduction, revenue enhancement, better risk management, brand protection and the preserving of market share.

In the legal sense, I see a distinct parallel between these ‘security’ business drivers and those driving good Emergency Management and Business Preparedness.

Legal issues and liabilities, are often largely ignored, and this exposes any business’ resources to risk.

Why are Directors and Senior Officers considered liable when there is a security breach, emergency or disaster, and how can they defend themselves? The simple answer is that legal issues are all about: (1) negligence and (2) due diligence.

Negligence is a failure to do what a reasonably careful and reasonably prudent person would do in a given circumstance. The relation is such as to produce a risk of foreseeable harm to a stakeholder. The law thus implies a duty of care, and negligence occurs when the deemed prudent degree of care is not met. And there are ramifications if a Senior Officer is found to be negligent.

Directors and Senior Officers can be like the proverbial ostrich that hides its head in the sand, or they can be proactive. Remember: Inaction is a decision, and inaction can be considered negligence! Directors and Senior Managers are legally responsible for both their actions AND their inactions. They have a duty to all stakeholders to keep their business secure and operating!

Every business is exposed to risks and those risks can take many forms which can constitute an unpredictable and challenging continuum: inconveniences (traffic delays), disruptions (local fire, flood), disasters (earthquakes, SARS, West Nile Virus, earthquake, terrorist attacks), catastrophes (9/11, Tsunami and Katrina).

Any of these risks affect the ability of that business to continue operating – limiting or eliminating access to its critical data, capabilities, applications and facilities, and other critical resources.

Failure to visualize, analyze, predict, manage and mitigate those risks is negligence, and may also result in legal exposure and liability.

Business has a duty and obligation to all of its stakeholders: employees, shareholders, investors, regulators, customers and suppliers, to name a few. Employees will sue if they are endangered while on the job or if they lose employment because the business fails to continue after an emergency. Existing or potential investors may lose confidence and cut funding or may choose to invest in a company that is more responsible. Regulators may lay charges for non-compliance with a wide range of legislation.

Whether it be Sarbanes-Oxley legislation in United States or similar Canadian securities legislation and regulations, many businesses fail to realize that today’s laws deal with more than just financial disclosure, auditor and director independence, and audit committee controls. These legislations also provide for the reporting of the status of internal controls. This relates directly to information security and technology controls ensuring that records and data are available, retained, and retrievable. There are also issues of business preparedness and continuity related to the underlying IT infrastructure, and physical and network security. Penalties for non-compliance include financial penalties and/or jail terms.

Consider also the Canadian workplace health and safety legislation. This legislation requires appropriate due diligence. This implies that appropriate policies are in place to ensure that risks to employees in the workplace are foreseen, managed, and mitigated. Such risks would include disasters, emergencies and avian flu pandemics. Recent amendments to the Canadian Criminal Code, C-45, have taken these obligations even further. As a result of the Westray Mining Disaster (In 1992 Plymouth, Nova Scotia when a methane gas explosion killed 26 miners), there are now criminal provisions dealing with criminal negligence in the workplace. The liability reaches down from senior management, to supervisors, and even to union officials. To quote the Honourable Martin Cauchon, former Minister of Justice and Attorney General of Canada: “We have taken a major step toward ensuring employers will be held responsible for criminally negligent acts in the workplace,” said Minister Cauchon. “This legislation sends a strong message that all employees deserve such vital protection under the law.”

The legislation makes organizations criminally liable:

  • as a result of the actions of senior officers who oversee day-to-day operations but who may not be directors or executives;
  • when officers with executive or operational authority intentionally commit, or direct employees to commit, crimes to benefit the organization;
  • when officers with executive or operational authority become aware of offences being committed by other employees but do not take action to stop them; and
  • when the actions of those with authority and other employees, taken as a whole, demonstrate a lack of care that constitutes criminal negligence.

As a result of the SARS epidemic, nurses who contracted the disease have launched lawsuits against the Ontario Government and hospitals for negligence on the grounds that a first wave of SARS should have alerted officials to prepare for a second wave.

In the future, I have little doubt that litigation lawyers will be seeking to establish further bases for legal liability in this area, based on negligent failure to anticipate and prepare for reasonably anticipatable risks.

In addition to the legal liabilities, businesses may make more of an effort to find alternate supply sources for services and materials if they feel their existing provider is unreliable or irresponsible. Businesses want to know that their supply chain has Security Risk Management and Business Preparedness Plans in place and will form relationships with other companies that have these plans in place.

There are more recent lessons to be learned from Katrina: preparedness from the personal level right up to the federal government level was grossly inadequate for an expected hurricane event. Death and destruction will result in lawsuits. On the other hand, the oil refineries in the Gulf were far-better prepared, anticipated the risk and managed it. As a result, their losses were minimized and they were able to carry on business quickly (albeit at lower capacities).

How then, does a business defend against a charge of negligence? The answer is: Due Diligence. This simply means doing what the ‘reasonable man’ would do, and doing it for all the stakeholders. It’s about good corporate governance, best practices and industry standards!

With regard to C-45, the legislation imposes a legal duty on all those who direct work, including employers, to take reasonable measures to protect employee and public safety. Wanton or reckless disregard of this duty causing death or bodily harm will result in a charge of criminal negligence.

How does a corporation exercise due diligence? There is no justifiable defence in claiming that you weren’t expecting some disruption or disaster. Today’s world is such that we know these events will occur, we just don’t know how or when. For that reason, Directors must be proactive. One indispensable element of “due diligence” is to have good Security Risk Management and Business Prepared­ness plans in place.  We can be like the Ostrich and simply hope things will work out, or be like Noah and take steps to ensure survival. Noah had warning of the flood: he planned for it, and implemented the plan. Business leaders must emulate Noah, and not procrastinate.


  1. Understand that senior officers are liable;
  2. Be prepared, have a plan, and practice it;
  3. Practice due diligence;
  4. Assess, manage and mitigate the risks.

Remember: you can’t eliminate risk, but you must at least manage it. Worry a bit now, or worry a lot later!

Jay N. Rosenblatt is a Partner at the Hamilton-based law firm, Simpson Wigle LLP. He is also a member of the Board of Directors for the Canadian Centre for Emergency Planning: www.ccep.ca. He can be reached at rosenblattj@simpsonwigle.com
© FrontLine Security 2006



Shared Responsibility
© 2006 FrontLine Security (Vol 1, No 3)

Emergency management is a shared responsibility among all levels of government and all stakeholders. The likelihood of major incidents and the potential consequences are increasing as population density increases, the infrastructure ages, and society’s dependence on technology, information and just-in-time supply chain management grows. This dynamic management environment is becoming more uncertain as people begin to understand that they can no longer rely on historic control models.

Municipalities are in the front lines of all disasters, and all disasters are essentially local. Therefore, it is reasonable to keep asking if municipalities have sufficient resources and capacity to manage major incidents and sustain effective emergency management programs. More importantly, is the investment of resources by all levels of government, and others, producing the kind of emergency management system that Canadians expect and need, now and in the future?

A predominant assumption is that the people in the government organizations that are entrusted with managing this capability are change-weary, and that society needs to find a strategy that realizes profound improvements in capacity and resilience by making manageable changes.

Mind the Gap
There is a performance and capability gap, and there is a risk that this gap will increase unless sustainable adjustments are made to the system and emergency management process. The existing habits, management practices and distribution of power are limits to success. Making incremental changes is easy. Establishing a shared vision, sustaining the results, and managing the unintended consequences and risks are more challenging. The critical interventions and success factors are leadership, commitment and innovation at all levels of government.

System Levers
In a dynamic and uncertain world, historic tools like static policies, standards, compliance regimes, audits and inward-focused plans are not good enough. Alternatives to a reliance on top-down (or bottom-up), push-pull and/or hierarchical control models are needed.

Decision makers are missing key pieces of the puzzle, including performance metrics and integrated risk information. The problem is compounded at the local level that has fewer resources, and limited depth, process maturity and flexibility. Throwing capital money at problems and imposing new capabilities on municipalities, without ensuring ­sustainment of those capabilities as part of a larger system, jeopardizes the capabilities and puts unrealistic pressure on organizations that have limited capacity to absorb these responsibilities.

Balance Resources & Responsibility
A Federation of Canadian Municipalities (FCM) study found that, “Most municipalities had high levels of property taxation and thus found it difficult to enlarge municipal budgets for prevention activities;” and “because of extremely tight municipal budgets, only modest increases in resources were allocated to emergency preparedness activities, at the expense of other municipal services…”

Existing funding models, like the Federal Joint Emergency Preparedness Program (JEPP), do not address local authority needs. In fact, providing capital funds to procure new equipment without providing sustainment resources only exacerbates the problem at the local level. This fragmented approach is especially problematic for emerging special capabilities including Chemical, Biological, Radiolo­gical, Nuclear and Explosives (CBRNE), and Urban Search and Rescue (USAR).

Empower People
Effective emergency management depends on people. Dedicated people are working at all levels of government, but do they have the right tools to complete the job? Larger municipalities are an incredible resource. They understand the public health, safety, security, social and economic environment. They have diverse experience and intimate knowledge of the local infrastructure, industry capabilities, cultures and volunteer community. However, the system is inherently unstable due to complex funding, planning and resource management processes, limited depth and breadth in local emergency management offices, and their vulnerability to absenteeism and staff turnover.

Even a slight shift of resources from the Federal and Provincial levels (which now receive 92% of every tax dollar) to the local level would have a dramatic impact – assuming that local politicians and management protect these resources, and emergency managers have appropriate authority and flexibility to complement their responsibility.

Large organizations have some flexibility to shift resources to important program activities like communications; relationship management; joint planning; exercises and training; requirements analysis; project management; risk, issue and opportunity management; cost, benefit and risk assessments; and performance measurement. However, small organizations are forced to contract out these activities, which does not maintain and create internal knowledge, or worse, they are compelled to minimize such activities, which can jeopardize the overall program and capability.

New approaches are needed to close the emerging gap between capability and the threat-risk-vulnerability environment. A systems approach is a critical success factor to create capacity at the local level, to sustain emerging special capabilities and to protect the investment at all levels. The key component of the system is its people. Relaxing constraints and controls at the local levels could free up resources, and create more flexibility and capacity in the system. Incremental improvements at multiple levels do not guarantee success. Less emphasis on control and coordination, and more focus on leadership, balanced resources and systems thinking is a reasonable start point to close the gap, sooner rather than later.

After serving as a Signal Officer in the Canadian Army, Ian Bayne was a business development manager for global system integrators in the aerospace and defence industry. Since 1997, he has been developing risk, IT security and business continuity management solutions for the federal and municipal levels of government, and for Canadian and international industry clients. He holds a Master of Science degree from the University of Leicester in Risk, Crisis & Disaster Management, and is currently a consultant. Ian can be reached at irbayne@rogers.com
© FrontLine Security 2006



One Last Thing
We Have the Technology
© 2006 FrontLine Security (Vol 1, No 4)

He has seven separate aliases (that we know of), and is believed to possess American, Guyanese, Trinidadian and Canadian passports as well as pilot training. He is an engineering graduate that the FBI reports attended Ontario’s McMaster University (where he sought to acquire nuclear material) as well as Al Qaeda training camps before 9/11. He speaks English flawlessly having been raised in New York and Florida where his associates included Jose Padilla and Mohammed Atta. He’s been spotted in Mexico and Guatemala involved with smuggling “Other Than Mexicans’ (or OTMs as the Americans delicately put it) into the United States. Last month, an Al Qaeda spokesman described him as the person who will deliver ‘America’s Hiroshima’. The FBI has his photograph on their Most Wanted website and have offered a $5M reward for his capture. His real name is Adnan el Shukrijumah and you might think we are doing everything in our capacity to identify and prevent this person from entering our country or gaining access to critical infrastructure. Think again.

Adnan G. El Shukri Jumah

The Canada/US border is not only largely ‘undefended’, it is also remote, and mostly unwatched. There are approximately 300 roads linking Canada and the U.S. that are without border inspection points or surveillance of any kind, from our side at least. Much of the Can/US border in Ontario as well as on our Eastern and Western coasts is defined by rarely patrolled waterways that are an open invitation to undetected illicit cross border traffic, as the people living near Cornwall can attest. We now know that of the 119 land border crossing sites that are manned, 82 of them don’t have proper internet access, and all of them lack sufficient ­equipment and mandate to prevent the hundreds of persons every year that deliberately blow through the border to avoid inspection and are never caught.

On the American side of the border, this casual approach to border security is but a fading memory of different times, while on the Canadian side… we’re still debating whether we should install signage and spike belts or, God Forbid, permit the pursuit of “port runners” as they’re euphemistically called.

Both examples are situations where identifiable technological and or physical ‘solutions’ exist to these increasingly serious problems. Canada is home to what is arguably the world’s most sophisticated face recognition biometrics. It works off of existing photos such as law enforcement agencies have of Shukrijumah and an estimated 200,000 security and criminal threats we don’t want in our countries or anywhere near critical infrastructure.

Abu Arif

The error-riddled American experience with CAPPS II has aptly demonstrated how unreliable a name-based data system is – America’s Senator Ted Kennedy and ex-RCMP Commissioner Phil Murray were ‘listed.’ I can’t speak for the Senator but Phil Murray is a friend of mine, and he’s one of the good guys. Face recognition biometric systems today, on the other hand, have incredible accuracy and camera capture range capacity – and while it may not be perfect, it’s better than racial profiling or trying to decipher if that’s Mohammed with one ‘m’ or two. Besides, Adnan ain’t coming in to give us an iris scan or fingerprint as a standard to match him to.

The U.S “Secure Border Initiative” has begun the process of shining a light on its remote and not so remote southern and northern borders. Their efforts in the south are beginning to show significant results. People caught illegally entering the U.S. are held, processed and returned to Mexico or their homeland within weeks rather than the years still in vogue in Canada. The Americans understand that their land and maritime border is a place where people intent on doing them harm may seek entry and thus a place where detection, interdiction and apprehension are a priority. Their Secure Border Initiative (and SBI net) is an example of this resolve and will see a combined deployment of sensors, radar, secure wireless communication, physical barriers, unmanned surveillance and personnel for that purpose. As their success in the south increases, they appreciate the possibility of a northern scenario involving infiltrators such as dangerous criminals or illegal immigrants whom they are determined to prevent… as should we.

We should also recognize the existence of a northward flow of persons smuggling drugs and guns or demonstrating a preference for our decidedly more lenient refugee or justice system than that to the south of the 49th parallel. Proper border security is in our joint interests and, once again, Canadian surveillance and detection technology is as good as it gets. We also make top-notch spike belts and barriers, which, although decidedly low-tech, should be high priority nonetheless if we’re going to finally get serious about border runners.

Jaffar Al-Tayyar

Deploying security technologies such as biometrics is not the only answer to these new challenges, but they are without a doubt an important part of a ­solution to this great challenge that needs to be implemented now.

In his past lives, Scott Newark has served as Crown Prosecutor, Executive Officer of the Canadian Police Association, Special Security Advisor to the Government of Ontario and Senior Policy Advisor to the Canadian Minister of Public Safety. He is currently a security analyst and Executive Member of BORDERPOL.

Photos: www.fbi.gov/terrorinfo/elshukrijumah.htm
© FrontLine Security 2006



Neuroimaging and the Brain-Computer Interface
© 2006 FrontLine Security (Vol 1, No 1)

The field of neurofunctional imaging (or neuroimaging) has evolved significantly over the past two decades. What started out as a means to confirm information derived ­from subjects suffering brain damage, has emerged as a tool for a number of possible ­security-related applications. Several neuroimaging techniques, such as positron emission tomography (PET), magnetic resonance imaging (MRI) and electro­encephalography (EEG) have been used to monitor or measure brain function.

Neuroimaging applications that may be of particular interest to the defence and national security sectors have been identified in the “Expert Assessment of Neuroimaging and Brain-Computer Interface” report by Dr. Lizann Bolinger and colleagues (October 2005):

  • brain-machine interfaces for ­instrumentation control;
  • two-way brain computer interfaces;
  • interrogation and lie detection;
  • determining intent to do harm;
  • hand-held anatomical imaging or ­functional imaging devices; and
  • remote imaging and detection.

While the overall goal of forensic imaging is to unravel the biological basis of violence and psychopathy, neuroimaging techniques are also being investigated as tools for lie detection and interrogation, and may someday provide personality assessment. The lack of ability to infer function (such as mood, thought, intention and memory) from brain structure has sparked development in the neuro­functional imaging field.

In a broad sense, functional imaging encompasses a wide variety of measurements (physiological and metabolic) such as perfusion, blood flow, metabolism, drug receptor distribution, to name just a few. However, the most prominent association people have with the term neurofunctional imaging is neural activity, or how the brain thinks.

Brain-Machine interfaces have been the primary application of functional ­neuroimaging (other than knowledge-gathering and medical diagnostics), and several companies now sell multi-electrode devices. The Brain-Computer interface is a more sophisticated approach, however, as it implies two-way communication: the person controls the computer and the computer provides responses, by methods other than visual feedback, on the computer screen. Initial attempts at this have been developed for surgical procedures, providing feedback to the surgeon through tactile sensory input. Work has not been done using direct electrical signals to the brain. Scientists are, however, working to grow brain cells on computer chips, which might act as an interface into the brain, but this approach is outside the scope of a neuroimaging assessment.

Techniques are continuously being improved and refined for medical applications and this trend is likely to continue, and these improvements will quickly translate to new applications.

The true limit in applying neurofunctional imaging to problems like lie detection, brain-computer interfaces and such, is our lack of understanding of how the physical and physiological measurements that we can make on the brain relate to those aspects of the mind that we want to detect. Cognition and the brain processes that relate to it are not well understood. Thus, for neurofunctional imaging to be used in these cases, more work needs to be performed, both on the methods used to cause brain activation (paradigms), and processing and interpreting the resulting data. This will require a deeper understanding of the mind than is currently available, but would provide the biggest technological leap and would greatly accelerate the timelines of all such applications for security interests.

Neuro­cognitive function is an area where advances could significantly affect the timelines. here too, a better understanding of how the brain works (What causes particular memories to occur in association with specific stimuli? How do biochemical processes interact with thought?) leads directly to better interpretations of neurofunctional imaging results and thus better application of these methods to a host of applications. Devel­op­ing tools to allow sophisticated tasks to be performed and monitored during neurofunctional imaging experiments will go a long way to aid in developing this understanding.

Timelines associated with the development and deployment of many of these applications are generally long (15-25 years), however, it is important to realize that the ability to make measurements in neurofunctional imaging has greatly outstripped our ability to understand what the data means. The cost of medical care is pushing the development of faster and cheaper instrumentation, and therefore, the development of neuroimaging instrumentation is heavily invested by the ­corporate and government sectors.

On the other hand, development is slow in specialty applications such as hand-held detectors, implantable devices, and the application of non-medical imaging techniques to biological systems.

Defence R&D Canada (DRDC) has strong interests in the physiological, psychological and sociological aspects of human performance and capabilities, and has some laboratory capabilities to help support these interests. DRDC is also monitoring developments at institutions, such as NRC’s Institute of Biodiagnostics, research laboratories in the academic and private sectors, as well as the US Defense Advanced Research Projects Agency (DARPA).

Improving measurement capabilities involved in neurofunctional imaging and increasing the understanding of what those images mean, in terms of the mind’s function and intent, will be of great benefit to future security applications. DRDC is ­supporting the challenging areas of understanding the human mind, and how it is related to human intent and performance.

Dr. Harold Stocker is a Defence Scientist, Science and Technology Policy, with DRCD.

Dr. Ingar Moen is a Director, S&T policy, with Defence R&D Canada.
© FrontLine Security 2006



National Security
© 2006 FrontLine Security (Vol 1, No 2)

Some analysts have noted inadequacies in certain Canadian national security strategies. The fault may lie elsewhere. Any strategy, no matter how robust and well thought out, will not be fully effective in a policy vacuum, because strategy is derived from policy, or at least it should be. Without a sound policy to provide guidance and context, strategy is like the Maple Leafs at the end of the regular hockey season – lots of activity, but going nowhere.

This article offers a conceptual description of policy and evaluates Canada’s National Security Policy (NSP).

Policy as Concept
National policy describes what is to be achieved, in a broad sense. Policy is an idea, based on ideas, like values. Government officials have been notoriously enthusiastic in invoking Canadian values and interests to justify various actions, but seldom making the effort to specify what those values and interests are. Prime Minister Harper has been consistent in defining Canadian values as freedom, democracy, rule of law and human dignity. Page vii of the NSP’s Executive Summary mentions the “core Canadian values of openness, diversity and respect for civil liberties,” values that cannot be found in any other government document of the time.

A well-articulated policy can come in many forms. Some might not even look or sound like policy at first blush, but upon reflection, the grand idea and the values upon which it is built become clear. Perhaps the greatest policy of the modern era went like this:

“… we shall not flag or fail. We shall go on to the end, we shall fight in France, we shall fight on the seas and oceans, we shall fight with growing confidence and growing strength in the air, we shall defend our Island, whatever the cost may be, we shall fight on the beaches, we shall fight on the landing grounds, we shall fight in the fields and in the streets, we shall fight in the hills; we shall never surrender, and even if, which I do not for a moment believe, this Island or a large part of it were subjugated and starving, then our Empire beyond the seas, armed and guarded by the British Fleet, would carry on the struggle, until, in God’s good time, the New World, with all its power and might, steps forth to the rescue and the liberation of the old. – Winston Churchill in a speech to the British House of Commons on 4 June, 1940.

Winston Churchill’s short policy statement generated a number of successful Allied strategies. It has three compulsory characteristics of good policy – it expresses a desired end-state in the form of a grand (hopefully inspiring) idea; it identifies broad objectives which subordinate strategies must achieve; and it is concise.

Policy spawns one or more strategies, each of which must be consistent with national policy objectives. Given the link between policy and strategy, one can immediately see how the absence of adequate policy can make the development of effective strategy an almost impossible task. Ineffective strategy, in turn, can be fatal to hopes for the successful conduct of subordinate operational campaigns and can render tactical victories and their cost pointless.

Is the NSP really a policy at all? The answer comes from a review of the three criteria mentioned earlier – the presence of an inspiring grand idea, broad objectives to be achieved by particular strategies and brevity. These will be addressed in reverse order.

The NSP is too long. At 52 pages (59 en français) it could be considerably shortened by a few format changes and the elimination of all elements that do not belong in the high ranks of policy. Specific organizational changes listed in each section are operational actions that need not be included in the policy proper. Nor should policy dwell on specific allocations or expenditure of funds, which might be more appropriately found in operational plans. Similarly, lists of measures taken, such as implementing the Smart Border Action Plan, are strategic level concerns at best.

Broad Objectives
The NSP starts reasonably well by making the point that a core responsibility of government is to provide for the security of Canadians, noting that “the right to life, liberty and security of the person is enshrined in our Charter of Rights and Freedoms.” It identifies three national security interests, but fails to describe a broad, but achievable, objective for any of them.

Take for instance the first national security interest – Protecting Canada and the safety and security of Canadians at home and abroad. It cannot be done. Given the extent and nature of the elements of Canadian national power, the Gov­ern­ment cannot protect all Canadians abroad, period. Maher Arar knows this all too well.

The second national security interest is ensuring that Canada is not a base for threats to our allies. Does this mean that threats to those who are not our allies will be tolerated? Probably not. This negatively worded aim typifies the pathological inferiority complex that plagues most Canadian policy makers. A better broad objective might be, “Eradicate all forms of terrorist activity in Canada.” This puts our security first – the real point of the policy – and incidentally solves the problem of exporting terrorism from Canadian soil. It is also refreshingly offensive.

Contributing to international security is the third national security objective. It advocates simple participation, perhaps via military or developmental activity, probably in failed or failing states. There is no objective, end-state or desired effect offered. It seems process trumps effect here.

Chapter 2 of the NSP, Building an Integrated Security System, initially brings hope that it might produce a true broad policy objective, sound enough to generate its own strategy. It does a reasonably effective job in setting policy objectives for an overall protection and prevention capability, consequence management, and evaluation and oversight.

However, as promising as Chapter 2 is, Chapters 3 to 8 do not live up to the advance billing.

Chapter 3 – Intelligence – essentially declines change when it says, “No changes to the current mandates and structures of Canada’s security and intelligence agencies are being proposed at this time.” It goes on however, to advise that intelligence collection and assessment capabilities will be increased and that a greater proportion of effort will go to security intelligence. As benign as all this may be, it is, nonetheless, sound policy guidance.

Emergency Planning and Management is the title of Chapter 4, a chapter that exemplifies the enthusiastic descent into strategy, without the prerequisite policy guidance. Information on strategic coordination reads like strategy, although it does contain one nugget of policy objective; “The Government needs to be able to continue to provide core services to Canadians during emergencies.” There is one other; “… the Government will strengthen its capacity to predict and prevent cyber-attacks.” The chapter ends with statements of action, not policy objectives. Chapter 4 is not policy.

Chapter 5 deals with the important subject of Public Health Management. Astoundingly, it talks only about establishing a robust public health system, nationally and internationally. There is no policy objective describing what it is supposed to do. Again it seems that process trumps effect. Chapter 5 is not policy.

Transportation Security is found in Chapter 6. It lacks a defined, preferred end-state vision and, like Chapter 4, plunges into strategic activity, past and future, in a way that comes across as serving the political end of showing how busy authorities are. There are many worthwhile endeavours in the chapter, but Chapter 6, as a whole, is not policy either.

Neither is Chapter 7 – Border Security. Again, a lot of strategic activity is described here, but nothing is found to define an end-state, or any standard of what all that activity is to achieve.

Chapter 8 focuses on International Security, but does so in a manner that simply provides an introduction to the separate International Policy Statement, the critique of which is beyond the time and space available here. Given its introductory role for the IPS, Chapter 8 is not authoritative policy.

Although the NSP occasionally hints at true policy, it ultimately falls short because it too rarely articulates broad policy objectives to be achieved. To be sure, there are many good strategic ideas and calls to action in the NSP, but strategic action is irrelevant if not aimed at known policy objectives.

The Grand Idea
In the end, one is left in a quandary when trying to answer the question, “what grand national security idea does the NSP promote? The Prime Minister of the time could only say that the NSP “articulates core national security interests and proposes a framework for addressing threats to Canadians.” This is hardly grand, or comprehensive enough to generate significant subordinate strategies.

Nowhere in the NSP are we given the ultimate what that is to be achieved. Almost by default, the document leaves the impression that we will exert a lot of effort and spend a lot of money to ‘address’ threats as they arise, without committing to what effect such ‘addressing’ should have. How happily un-controversial! How conveniently and politically benign!

However, to be fair, the NSP does flirt with true policy in three ways. First, it talks of an integrated approach to security which horizontally spans government departments and vertically connects to all levels of government. Second, it does recognize a broad spectrum of threats that represents a more holistic view of security than in the past. Third, it connects the domestic and international realms of security. But this is not enough to give it a passing grade.

The NSP missed the chance to adequately describe the grand idea it could have and perhaps three principal subordinate objectives. The NSP could have said:

“The Government will lead Canadians in a broad and enduring effort to counter all threats to the national security of Canada, at home or abroad, be they natural, accidental or man-made. Recognizing the nature of global interdependence, we will collaborate, when appropriate, with International Organizations, allies and like-minded nations to predict, prevent and counter threats to international peace and security that affect the national security of Canada. Where threats may be manifest, the Government will ensure the continuation of core national services to Canadians, in addition to the conduct of effective emergency response, emergency management and mitigation, and consequence management; the aim being to maintain or restore the normal conditions of Canadian life as much as possible, with minimum injury and suffering. Our priorities today include counter-terrorism activity (the pro-active, aggressive, offensive action taken to pre-empt terrorist activity directed at Canadian interests) against all terrorist threats to Canada, wherever they may be; positive control and security of national borders and the effective surveillance of all maritime, land and aerospace approaches to them; and the establishment of a nationally integrated emergency preparedness organization capable of managing and mitigating possible natural or man-made disasters in Canada, including geological phenomenon; pandemics; meteorological events; chemical, biological, radiological and nuclear emergencies; and space-based catastrophes.”

This attempt is hardly Churchillian, but it makes the point.

The NSP was intended to be a policy to guide the post-9/11 national security effort in Canada. There are occasional glimpses of policy in the document but ultimately, the NSP admits its own failure as a policy when the document is referred to as “a strategic framework and action plan….” As such, it may be good strategy, but it is not adequate policy.

Brigadier General (retired) Jim Cox is currently a PhD candidate in War Studies at the Royal Military College of Canada.
© FrontLine Security 2006



Information Security
© 2006 FrontLine Security (Vol 1, No 3)

Demands on information security are increasing due to complexities from regulatory change, such as the Privacy Act, and added requirements to share more information broadly and quickly, as brought on by recent threats to public safety. Organizations and information providers are faced with escalating demands to exchange information, sometimes across jurisdictions or to groups for whom the information was not originally intended. As the Editor of this magazine pointed out in a previous issue, the ­challenge facing the intelligence community (and others) is one of improving timely information sharing – how do we ensure pertinent and secure information will flow to where it is required (whether that is to an oil rig, a refinery or pipelines, transit systems, or to local border guards and government agencies)? In this context how can we be confident that we recognize which information is true and pertinent and which needs to be secured?

Managers are looking for adaptive business planning and the right mix of governance to accommodate these drivers; Information Security Specialists are looking for a means to add value to these processes, not shackle them; and Transformation Architects are looking for ‘the enablers’ that address the significant issues and allow the business to achieve its objectives without negative outcomes. Each wants to engage the Information Security issue earlier, and in order to do so it requires a business vocabulary that is common and recognizable to all.

As governments and private organizations begin to transform into more responsive client-focused service entities, they discover which outputs add value to their internal processes and to their external delivery of services. This information assists in the development of strategic reference models that categorize specific aspects related to their clientele (as an extreme example, you may recognize that a prisoner is now a “client” of the correctional facility, though it is difficult to change providers if the client is unsatisfied).

To remain relevant, organizations must provide the information, services and products that are demanded by modern clients. Therefore, information systems must be able to adjust automatically to changes within the business model or security policies. This leads to the need and obligation for organizations to exchange information under differing ­conditions – assessing and handling the information according to the business /security contexts rather than simply at the document level. But how do we identify and implement these seemingly disparate security criteria when accessing and sharing data?

Analysis of these expectations are often presented in the form of value statements, performance measures, processes and information movement as items that make up the service or value chains.

Reference models, also known as ­conceptual models, help structure this landscape and provide the basis for a common business language across the organization. They guide the dialogue that relates these interest items with the objectives of any one part of the business. They provide organizations with a means to better understand what information, services or products are of real value to their stakeholders.

The creation of reference models that accommodate evolving business contexts or semantics can help identify what information is at risk or even what information is pertinent. (Semantics being the use of a word, in terms of sense and reference as opposed to the nature of the word itself.)

 Recently, while working with the Chief Informa­tion Officer Branch at the Treasury Board Sec­retar­iat, I was asked to define a concept called the Information Reference Model (IRM). This was seen as an integral part of the Governments of Canada Strategic Reference Model (GSRM) being promoted throughout various ­federal and provincial jurisdictions.

It was understood that the use of a reference model provides a simplified view of complex areas such as: capital assets, target groups, value statements, service levels and analysis results. Such a standardized presentation assists the interested citizen, business-person, government colleague or even curious researcher to understand policies and find authoritative references from which to obtain services or information.

The design of the IRM addressed the need of analysts to capture authoritative information about items of “shared interest in the Government of Canada.” The model had to define associations between different items of mutual interest and place these in an operational or situational context(s). Such contextual adjustments can either be based on the current business interactions or on newly discovered interactions, providing the basis of the required formative security model.

By using reference models, an organization provides a common business ­language that can be adopted across the whole of the enterprise – where the business objectives align with stakeholders’ interests and enables the security specialist to be involved at the outset.

Not having a commonly agreed reference model often leads to trade delays, failure to communicate, increased operational risk, and losses of tactical advantage due to insufficient or incorrect information exposure. Inconsistency of meaning or understanding between information providers and receivers complicates matters and aggravates information security risks. In addition, satisfying information sharing obligations without clearly defined protocol can lead to ineffective security policies that may not provide the right information when needed or could expose more information than necessary – this can make stakeholders skeptical of its ­reliability and effectiveness.

Information Security practitioners would do well to investigate the reference models being constructed in their organizations, since modeling is the basis for transforming the management of information. Service and value chains that result from transformation projects can provide organizations with clear definitions of who produces what, when, and where it goes. Reference models as well as value chains can benefit from having information security concepts and services added.

Semantic-based security models would allow for the evaluation of information within a business or situational context, such as: who requested it; for what purpose; under what authority; and in conjunction with what other information? This type of service support would allow information security specialists to examine the multiple level security problems in a new light – based on the data value and its context.

As an Information Security practitioner, I find it worrisome that there is limited discussion on how to place the information into measurable contexts, how to better assess the information value and pertinence, or how to establish its threat-risk level.

There is a real need to identify specific contexts that place discreet information into composite forms that distinguish one situational context from another when evaluating the risk level, and then determine the appropriate level of security.

Attempts to resolve this quandary by means of document tagging sometimes results in too much information being exchanged or held back. Using a discreet record-level tagging approach can determine the appropriate security level for information in more, but not all, contexts.

Information must be defined first by employing concepts like inferential-role semantics in order to understand the situation correctly. In the case of the reference models being promoted at the provincial and federal government levels, the identification of the fundamental components does provide the basis from which an effective information security model can be oriented towards protection, sensitivity and security.

A reference model augmented by security measures and criteria can define the constraints under which controls can be implemented across the enterprise. It allows an enterprise to produce security policies that define which information can be accessed or released, and that ­provide a rational modern basis to deploy and apply access controls across the ­application portfolio rather than being driven by them.

Engaging in transformation efforts early, with an eye to information security and applying the various reference model elements, allows security specialists to set proper security measures around ­legitimate and expected business transactions or information exchange. Further, it allows the evaluation of risk, thereby ­setting conditions under which information can or cannot be shared. This inherent flexibility is critical to future successes of new legislation, regulations and the evolving demands for physical and information level security at any jurisdictional level.

One key to success is an iterative approach, one which focuses on targeted projects of quantifiable business value that are relatively easy to implement. Business transformation involves improving a service-oriented architecture and is therefore far more than an overnight ­project. Embracing business transformation initiatives will improve understanding of the information and its flow, and by extension – its security.

These concepts, when combined with adaptable reference models, provide the foundation for value-based and context-oriented information security models.

An Information Security Model within the overall business transformation process will enable the organization to respond more effectively to a changing world. Similarly, reference models ­incorporating security precepts will help structure the transformation strategies and lead to solutions that result in the necessary amount of information being exchanged securely, thus ensuring that the client is best served.

Those of us who are either directly involved in re-structuring the business or who provide the security policies and the mechanisms to protect information across the enterprise must operate from a commonly agreed or controlled business “semantics.” Effectively establishing this vocabulary will only be achieved when information security is a recognized factor in the transformation process and reflected in the resulting context models. Perhaps then the border guard will get the information he or she needs in time to stop the next Ressam (aka “the millennium bomber”) without compromising other security needs.

Kevin MacLean is the Director of Business Analytics at Macklin Information Resources (www.macklinir.com). He has collaborated on NATO/SHAPE interoperability efforts, contributed to the Multilateral Interoperability Programme for both Canada and the United Kingdom, and has been involved in the development semantic-based security models. He can be reached at kmaclean@macklinir.com
© FrontLine Security 2006



Homeland Security in the Digital Age
© 2017 FrontLine Security (Vol 1, No 1)

Traditionally, a nation under attack defends itself at defined perimeters of land, sea and sky. Now, the growth of digital technology has pushed homeland defence beyond these boundaries into the virtual plane where the Internet is a continuously morphing front.

Financial services, energy, transportation, emergency services, food production and health care industries all rely on computers and digital information exchange, as do governments. All are susceptible to hackers, viruses and worms that can cripple computer networks, and expose critical data to misappropriation. 

Last year, a security breach at a payment processing company enabled a hacker to defraud at least 264,000 Visa and MasterCard account holders, according to evidence gathered in the case to date. Foreign intelligence agencies and organized crime have hacked Canadian targets such as the Prime Minister’s Office, the departments of Foreign Affairs and National Defence, and the central bank, “mining” information deemed to be of value. 

Such high-profile attacks against government and corporate networks have proliferated over the past few years. The growing incidence of malware and online fraud indicates that organized crime syndicates and terrorist cells are using the pervasiveness and anonymity of the Web to wage war against specific targets. Furthermore, international money laundering investigations have uncovered links between radical power agendas and illicit income from cyber crime, which the FBI estimates has cost the global economy about US$400 billion in 2004. 

Lines between criminal and terrorist groups operating on the Internet are blurring. Criminal elements are not only using technology to their advantage, they are also forming illicit partnerships and ­sharing information. This puts legitimate society in the uncomfortable position of having its own tools used against itself. Public and private organizations are therefore natural allies against a shared enemy that seeks to corrupt the digital infrastructure vital to our global economy. 

Public-Private Partnerships 
Partnerships are one of the five “Ps” of the holistic security approach that has become essential to fend off asymmetrical attacks on the digital front. Working in tandem with the other four elements – policies, processes, people and products – partnerships have proved crucial to achieving an end-to-end security solution that helps ensure networks are continually protected. Together, the five “Ps” form a security framework where the whole is not only greater than the sum of its parts, but each part must be approached as a whole as well. 

Policy sets a solid security foundation in place, and defines responsibilities and expectations. Processes are measures that assist in implementing policies, such as compliance inspections or vulnerability assessments. The people aspect involves education and training, so individuals within businesses and government understand their roles and responsibilities regarding computer security. 

Products deliver security safeguards through built-in or added features such as firewalls and user authentication. Partnerships – either with vendors, consultants or peers – enable people to share experiences and develop standards based on what works. 

With public-private partnerships to encourage best practices, the other steps toward manageable security include:

  • Identify elements that are crucial to the business of the organization; 
  • Identify network security threats; 
  • Select comprehensive safeguards to address these threats;
  • Measure deployed safeguards to ensure their effectiveness; 
  • Encourage information sharing, and facilitate security best practices; and
  • Advise all when there is a breach and/or a remedy. 

Government Collaboration 
In addition to partnering with the private sector, all levels of government should work together to address homeland security solutions. Traditionally, such collaboration has been hampered by red tape and internal policies that limit the sharing of information on a “need-to-know” basis. 

However, the growing number of terrorist attacks proves that malicious users are routinely co-opting technology to share information. Events such as the London bombings and 9/11 are precursors to command and control attacks that blend cyber terrorism with physical terrorism to simultaneously disrupt critical economic infrastructure. Governments must become equally or, preferably, more technologically adept than cyber criminals in order to safeguard against such attacks. 

Many governments are now working to become more efficient and effective in addressing threats to national security, economic strength, and public safety through cooperative projects and information sharing. Effective collaboration is focused on computer incident response, attack mitigation, and citizen outreach. 

For example, the Canadian federal government is taking steps to protect the country’s critical infrastructure by establishing the Canadian Cyber Incident Response Centre (CCIRC) in Ottawa, as a focal point for dealing with cyber security threats. The agency has been given a ­central role in security operations, with a focus on information exchange between with the private sector and other levels of government. This includes sharing ­operational information, such as incident reports and summaries from various ­jurisdictions defining the types of threats they are seeing, and information about possible new threats on the horizon. 

Crisis Response Tools
Technology is evolving to support this essential sharing of information. In the context of holistic security, the “products” element of the equation helps to strengthen the “partnership” and “people” elements by providing the necessary tools for crisis mitigation and response. Web services security, the virtualization of data storage, and federated identity management, which recognizes single users across multiple shared networks, are some of the technologies underpinning government collaboration.

Partnering with companies in the technology sector is helping Defence Research and Development Canada (DRDC) develop innovative products that support Canada’s military personnel and national defence operations. In its most recent annual report, the agency put the value of collaboration with industry at $40.1 million dollars for the fiscal year in 2003-2004. 

Among other things, DRDC is developing a computer program in conjunction with Concordia University to calculate the Radar Cross Section (RCS) of Canadian Forces platforms. The ability to model a ship’s RCS can be used to minimize its signature, either at the design stage or by applying patches of radar absorbent material to hot-spot areas that are prone to reflection. This research will ultimately provide Canadian ships with greater protection from detection by unfriendly forces.

Communications technologies, such as voice-over-IP, and video-enabled mobile computing devices, are also becoming valuable rapid response tools during crises. Police ­officers and firefighters can use these capabilities for instant access to information, or to remotely view the scene of a crime or disaster. 

Web services are enabling collaboration across wide geographic areas to help restore order in the aftermath of a disaster. For example, Info-Share – a Sri Lankan non-profit organization that uses technology for conflict transformation and virtual negotiations – has created an online repository of information and virtual ­volunteers as a locus for coordinating humanitarian and logistical efforts following the 2004 Asian tsunami. 

In the digital era, security is a constant battle that requires both diligence by organizations and collaboration across multiple government and business stakeholders. With a comprehensive security strategy in place, strengthened by solid partnerships and access to the right tools, society will be better prepared to meet attacks that threaten homeland defences on the virtual front. 

John Weigelt is the National Technology Officer for Microsoft Canada. John is responsible for advocating the technical needs of local
government, education and academic agencies to key Microsoft stake­holders at a regional and corporate level.



Transborder Data Flow Intruding on Privacy?
© 2006 FrontLine Security (Vol 1, No 3)

Outsourcers have a responsibility to protect client data regardless of where it flows or is stored – as is certainly highlighted by a barrage of client data security breaches of late.

The time has past when transborder data flow had little or no legal implications. Even the Government of Canada’s Federal strategy, produced this year, concerns itself with the implications of America’s Patriot Act and Transborder Data Flow Contracts, and highlights the fact that outsourcing contracts must be written carefully in order to protect information that may transit the Canadian border through outsourcing. Notably, the Patriot Act would permit U.S. law enforcement officials the right to seek a court order allowing access to any record for the purpose of, but not limited to, an anti-terrorism investigation, without the data owner’s knowledge.

Gone too, are the days when the technical components of business operations concerned itself solely on costs, efficiencies, and similar service metrics. Advisors must be prepared to make security recommendation that will support and enable privacy. This is becoming quite difficult due to myriad of legislation that are evolving without any apparent consideration as to their individual impacts on the global economy and the operation of IT infrastructure, or the impacts to each other. Among these are, the Patriot Act (US), Lawful Access (Canada/US), Bill C-198, The Graham Leach Biley Act, Sarbanes Oxley, PIPEDA, and other like legislation.

U.S. Lawful Access legislation requires (as it will in Canada upon ratification by Parliament) Internet Service Providers (ISPs) to retain traffic data for significant periods of time in the event that it is needed for investigations by law enforcement and other three-letter agencies. In Canada, not only does the proposed legislation spell out requirements for data retention and surveillance powers, it actually reduces the privacy protection levels normally associated with it. As an example, one proposed scenario notes that ISPs would be required to provide information, with only a phone call, within 30 minutes on a 24/7 basis. No advanced warrant signed by a judge; no privacy! This is certainly more intrusive than anything the Patriot Act permits.

Bell Canada, for example, has recently introduced contract changes and, as recently as June 15th, notified customers that it retains the right to “monitor or investigate content or your use of your service provider’s networks and to disclose any information necessary to satisfy any laws, regulations or other governmental request.”

The Federal Privacy Commissioner, Jennifer Stoddart, notes in recent speaking engagements that PIPEDA, Canada’s personal privacy data law, needs more teeth. Yes, it does, but it also has to examine how to protect data with regard to its processing.

There is no convincing argument, regardless of how strong a contract might be, that would protect personal information from inspection, given that outsourcing contracts do not typically take into consideration the path the information would take to/from the outsourcer and the ability for ISPs in the middle of that path to inspect the data.

Privacy might be a fundamental right in Canada, but there is nothing that presently protects personal information leaving Canada’s borders from being flagged and tagged by US Authorities, including the National Security Agency, which apparently has already established contracts with the major ISPs to provide scanning activities for a fee.

As Treasury Board Secretariat points out in their strategy, privacy is about control – the right to control one’s personal information – and they were not surprised by recent surveys showing that transborder data flows are of concern to Canadians. A survey conducted by EKOS Research Associates Inc. for the Office of the Privacy Commissioner of Canada found that most Canadians expressed concern about personal information transferred across border.

While it’s true the Canadians have a shared responsibility to inform themselves as to the disposition of their ­personal information, it can also be a very onerous task given the extent to which personal information is shared among some of the sectors holding it.

Certainly a great deal of responsibility is delegated to the provinces and territories, who have an obligation to protect information within their control, but the private sector, too, must step up to the plate by adhering to the provisions of PIPEDA, or similar provincial legislation where it is available.

Most federal institutions have been using privacy and security clauses in contracting agreements to provide a variety of protective measures. Some of the more effective best practices include:

  • the segregation of personal information being handled under the contract from other records held by the contractor;
  • audit trails to closely monitor how information is handled;
  • the limiting of right-to-access, based upon specific user profiles;
  • approval by the government of any subcontracting;
  • the return or approved destruction of all records at the end of a contract;
  • the signing of non-disclosure agreements; and
  • the use of encryption technology allowing only government officials to view the decrypted data.

It is often stated that over 85% of Critical Infrastructure is controlled by the private sector. With that, comes the responsibility of protecting data.

The private sector is not in a position to gripe about the barriers to business that the legal complications of Transborder data flow imposes without providing the security infrastructure to support the operations. The old adage applies; “for every complex problem there is a solution!”

In addition to having security ­measures to Protect, Detect, Analyze, Respond and Recover from incidents, a number of institutions that have information technology contracts should limit the contractor’s access to data so they can only undertake testing or maintenance. Teeth are also necessary to ensure that outsourcing projects include all the mechanisms to properly secure the transmission of personal, and other, data.

There is some discussion about ­additional measures that would see the current practices expanded by:

Reviews in Advance of and During Contracting

  • The inclusion of an additional step in the solicitation checklist (used for every service contract) that asks for the review of direct and indirect risks involving personal and proprietary information;
  • Internal processes to review all new agreements, including the use of multi-disciplinary teams to review proposed contracting arrangements; and
  • The monitoring of all contracts where foreign companies have access to personal or other sensitive information.

Contract Clauses

  • The requirement that part or all of the work be completed within the institution (especially when health information is involved) or within Canada;
  • Ensure that personal information or other protected or classified information is shared with third parties only where warranted;
  • Consultation with legal services to ­include provisions that prevent disclosure under any foreign legislation for all contracts where personal or sensitive information will be exchanged or provided to third parties; and
  • Modification of contract forms to allow contract authorities to better assess risk.


  • The development of risk management approaches related to business and personal information to mitigate risks associated with foreign legislation, which will in turn be incorporated into the institution’s corporate risk management framework;
  • The amendment of training plans to increase department-wide awareness of risks; and
  • The exploration of technology solutions to protect information flows.

Contractual Advice
Guidance out of Europe has been available for some time that provides advice on developing Request for Proposals and contractual language on contracts with elevated privacy risk that will mitigate potential disclosure to foreign governments. Some excellent advice is provided in the the Organization for Economic Co-operation and Development’s September 2000 document entitled “Transborder Data Flow Contracts in the Wider Framework of Mechanisms for Privacy Protection on Global Networks.”

Before such sample clauses are used, changed or adapted, institutions should consult their own legal services and privacy officials to ensure the clauses are properly used and are not in conflict with obligations under existing international agreements.

Personal Protection Data Laws (Council of Europe No. 108, for example) made the gathering, storage, processing and transmission of personal data subject to certain universal rules, such as:

  • The data must be collected in a “fair” manner (i.e., not through deceptive or illegal means);
  • The data can only be used for the purpose for which it was collected, and only for the time reasonably necessary;
  • Persons are entitled to receive a report, on request, on what data has been ­collected about them by a particular company or government agency;
  • One’s personal data cannot be disclosed to third parties unless authorized by statute or the individual has given consent (although the consent can sometimes be implied);
  • Persons have the right to make corrections to their personal data and, in some cases, to have it deleted, or to have disputed data “flagged” as such;
  • The transmission of personal data to locations where “equivalent” personal data protection cannot be assured is prohibited.

Equivalent protection can only be ­provided when the sender enters into a written agreement with the (foreign government) recipient, whereby the recipient affirmatively agrees to abide by the data processing policies of the sender, perhaps those comparable to CoE 108. The task of obtaining the consent of all affected customers may be the only suitable baseline for Transborder data flow, but it is most certainly going to be cheaper to do up front rather than post facto, when a breach is highlighted in the press.

Peter J.Hillier is an IT Security practitioner in Ottawa. A Certified Information Systems Security Professional, Peter is also the founder and past President of the Ottawa Chapter of the High Technology Crime Investigation Association. He can be reached at pjhillier@gmail.com.

The Federal Strategy of the Government of Canada is available on the Treasury Board of Canada Secretariat Web site at:

Find the Transborder Data Flow document at: http://www.olis.oecd.org/olis/1999doc.nsf/LinkTo/dsti-iccp-reg(99)15-final
© FrontLine Security 2006