2008 issue [current-page:url:args:value:2]


Role of Transit in Emergency Evacuation


The Transportation Research Board of the National Academies just published this study on transit and its role in emergency evacuation. "The purpose of this study, which was requested by Congress and funded by the Federal Transit Administration (FTA) and the Transit Cooperative Research Program, is to evaluate the potential role of transit systems in accommodating the evacuation, egress, and ingress of people from or to critical locations in times of emergency. Its focus is on transit systems serving the 38 largest urbanized areas in the United States - a proxy for those systems serving populations larger than 1 million.



Home Health Care Response During a Flu Pandemic
Agency for Healthcare Research and Quality

(2009) Home Health Care During an Influenza Pandemic: Issues and Resources, a report identifying home health care as a critical component in providing care during a pandemic influenza event and offering resources to home health care providers and community planners to prepare for such an event, was released today by the U.S. Department of Health and Human Services' (HHS) Agency for Healthcare Research and Quality (AHRQ) in collaboration with the Office of the Assistant Secretary for Preparedness and Response (ASPR).



Top 25 Most Dangerous Programming Errors


(May 2009) This report lists significant programming errors that can lead to serious software vulnerabilities. They occur frequently, are often easy to find and easy to exploit. They are dangerous because they will frequently allow attackers to completely take over the software, steal data, or prevent the software from operating.



Role of Public Transportation in Emergency Evacuation
By the Transportation Research Board, Washington

(2008) Transportation and evacuation professionals are part of emergency management teams in some urban areas, but the potential for transportation in general and transit in particular to play a more significant role in emergency response and evacuation is far from being realized.



Secure Borders and Open Doors


(January 2008) This phrase summarizes the goal of the U.S. federal government charged with interviewing, assessing, processing, analyzing, and welcoming hundreds of millions of international visitors while finding the small numbers of people (the needles in the haystack) intent on using our openness against us. This Committee was tasked with advising the Departments of Homeland Security and State in their mission to protect not only America's security but also U.S. economic livelihood, ideals, image, and strategic relationships with the world.



Editor's Corner
Protecting Our Infrastructure
© 2008 FrontLine Security (Vol 3, No 1)

Our main theme for this edition is on Critical Infrastructure Protection. The protection of these essential assets (80% of which are privately owned) is a major government responsibility that requires proper legislation and ­coordination. It is saddening how little progress and attention seems to have been brought to this real safety concern for all Canadians. The pleas go ­unanswered, but we continue – it is that important!

We received much positive feedback on our 2010 Olympic edition and I thank all for their comments. We are pleased, in this light, to bring you another round of related ­articles. First, is the promised interview with Ward Elcock on his role as Coordinator at the Privy Council Office responsible for G8 and Olympic Security.

Josué Kibambe Muaka Bambi ­provides us another follow-up on Olympic security preparations in his interview of RCMP Assistant Commis­sioner Bud Mercer on the Vancouver 2010 Integrated Security Unit.

Doug Harrison has added to this issue his knowledgeable analysis of the new CSA National Standard for Emergency Management and Business Continuity Programs, Z1600-08, released this last Fall.

This Spring 2008 edition, however, we focus on the issues of Critical ­Infra­structure Protection and the threat of Terrorism.

Though the Federal Government in November 2002 produced a Discussion Paper on a National Critical Infrastructure Assurance Program, followed in Nov 2004 with a Position Paper on a National Critical Infrastructure Protection Strategy (now believed to be somewhere in its 16th draft), private industry and government departments across Canada feel that not enough effective coordination has been achieved between the private owners of 80% of this infrastructure and governments at all levels. Innovations as the Canadian Cyber Incident Response Centre and the Integrated Threat Assessment Centre are most welcome additions to our Critical Infrastructure threat awareness, but the private sector needs more. FrontLine Security offers you four articles in support of this.

Following his report to the Conference Board Transportation Security Conference last Fall, Scott Newark states that national and local law enforcement and threat awareness remains uncoordinated, insofar as local transit operator information sharing is concerned.

Stuart Brindley from the Ontario’s Independent Electricity System Operator (IESO), outlines similar information ­challenges in his sector when he titles his contribution: “Do Government and Critical Infra­structure Sectors communicate?”

Giulio Maffini adds to the dialogue by examining how new technology applications for securing Critical Infrastructure are evolving.

Dave McMahon from Bell Canada will, I am sure, open the eyes of many to a real – and very dangerous – threat. He proposes a national proactive cyber defence strategy to deal with this evolving issue. I am led to remind our readers that many of these same reflections were highlighted in the lead article of our November 2005 launch edition, entitled a “Better coordination is vital to better security for Canadians,” thus, we can extrapolate that little progress has been made. The urgency seems to be lost but it remains vital.

From the outset of our publication, we have maintained an avid interest in providing current information on the threat of terrorism to Canada from experts with access to much current intelligence. This has been done to apprise our readers of a balanced and realistic state of the “War on Terror” for which Canada is presently providing soldiers and resources at home and abroad. In this issue, Tom Quiggin addresses the issue of the information dimension of this war at the strategic level wherein he postulates that the struggle is: “clearly ideological and an asymmetric one… the key is not the need to know; it is the imperative to share.” Sound familiar?

Howie Marsh, on another plane, gives a parallel projection wherein he postulates on the “Fear of Freedom” that motivates those in power behind the terrorist threat.

Joe Varner provides a synopsis on the murder of Benazhir Bhutto and the consequent anointing of a new chief assassin in the terrorist Al Qaeda. Enough input, we hope, to at least stimulate more urgency within the towers of government to address meaningfully the threat of terrorism to our Security and Critical Infrastructure.

 Lest you still believe the West is secure, a U.S. Justice Depart­ment news release “Former Boeing Engineer Charged with Economic Espionage in Theft of Space Shuttle Secrets for China,” highlights the need for security measures. Mr. Chi Mak had allegedly been providing defense articles to handlers in the People’s Republic of China, and it appears that he had a Canadian link. Chi was convicted of taking discs from his employer, Power Paragon, a division of New York’s L-3 Com­muni­cations that acquired the Edmonton-based Spar Aerospace in 2001. Spar’s major customers include the Canadian and U.S. militaries, the Royal Malaysian Air Force and a number of North American commercial airlines and international military air forces. The FBI says this is the type of technology that Chi and his family of spies were siphoning off to China. A U.S. federal jury found him guilty of ­conspiracy on two counts of attempting to violate export control laws, failing to register as an agent of a foreign government, and making false statements to federal investigators. On 24 March 2008, Chi was sentenced to over 24 years in prison for exporting U.S. defense articles to China.

I wish you a good read and good reflection on these issues. Please let us know what you think.

Clive Addy, Executive Editor
© FrontLine Security 2008



Editor's Corner
Critical about Protecting Infrastructure
© 2008 FrontLine Security (Vol 3, No 2)

Our Spring issue on Terrorism and Critical Infrastructure Protection ­generated much interest and comment. As we embark on the key trial of Momin Khawaja, the first Canadian-born to be charged under the new ­terrorist legislation, the issues brought up in our last edition by Howie Marsh and Tom Quiggin will surely resonate in the minds of our readers.

On the issue of Critical Infrastructure Protection, we have received very interesting perspectives from other sources that deserve full airing in our magazine. First, Sharzad Rahbar, Vice President Strategy and Operations of the Canadian Gas Association, offers some serious policy recommendations from her sector’s point of view and Tyson Macaulay, from Bell Canada, offers new and innovative considerations to evaluate and manage the security interdependencies of various sectors of critical infrastructure. We have an article on protecting public transit by Peter Holt, based on recent work by Desseau Engineering on the Montreal Subway and Peter Johnston and Wayne Pickering of Lansdowne Technologies offer us a risk assessment model for Critical Infra­struc­ture that bears consideration. Jim Facette gives us the airport operators’ perspective on security efforts in this field of CIP as well.  One must, however, read the reflections on this matter by Scott Newark wherein he screams for more concrete action and less discussion at the federal level, a cry oft-repeated in these and previous FrontLine articles on CIP.

We at FrontLine Security note, with less than great enthusiasm, the May 2008 release of the Public Safety document “Working Towards a National Strategy and Action Plan for Critical Infrastructure” the follow-on to the November 2004 “Position Paper on a National Strategy for Critical Infrastructure Protection” wherein the very titles and the timeframe explain the growing frustration by Sector operators in industry.

In the realm of natural disaster ­management, Ernest MacGillivray, Director of the New Brunswick Depart­ment of Public Safety’s Emergency Measures Organization, provides an excellent summary of key lessons from their recent flood of the St John River in May. At its peak, Andrew Easton of Public Safety reported the lower part of the river spread to form a “lake 45km long, at points 12km wide, where normally there is a river 1 to 1.5 km wide. One day, boat operators reported 1.5m surf with whitecaps.” He also recalled a story of initiative and courage: a scow saving people and cattle at risk of drowning. “One of the two boats pushing the scow had an engine failure, in the dark. The scow had a crew of 10-15 Canadian Forces members and civilians, plus the crew of the two boats, another eight, I think. The scow was picking up speed and heading towards a bridge pylon, and the sole boat could not hold it. A brave young engineer saved some lives (human and bovine) and placed his safety boat, a RHIB, between the scow and the bridge. The RHIB took the impact, with considerable damage and risk to the occupants The scow bounced off and free, and the second tow boat got restarted and that mission finished without further incident.” BravoZulu, as the Navy says!

Perusing the internet one day, my attention was drawn to Canada’s production and export of Ecstasy pills. This ­situation is reinforced by the June arrest, in California, of a Canadian charged with attempting to trade 100,000 Ecstasy pills for cocaine (to be exported back to Canada). Shortly afterwards, U.S. officials confiscated ecstasy, cocaine, and the drug “ice” – a street value of more than $31 million – concealed in massage chairs bound for Australia. I asked Superintendent Mike Aubin for an update on this matter since it had earlier drawn specific criticism from high government levels of our U.S. neighbour. I believe the drug trade is an area that we, as a culture, must urgently address in innovative ways, and I thank the RCMP for their candid contribution to this issue and applaud their “Awareness, Treatment and Enforcement” strategy that embraces ­government, schools, private agencies, plus individuals everywhere  working  to reduce this growing social cancer.

An interesting article has arrived from Steven De Lisi, former senior Firefighter in Virginia, with some very practical advice on how to organize a good Hazmat exercise at the municipal level.

I am pleased to publish Peter Avis’ thought-provoking article on better governance for security. This perspective not only mirrors his reflections on maritime security, as expressed last Fall, but also offers a concrete proposal to address many of the criticisms of the federal approach voiced in the CIP articles listed above.

Finally, I welcome the reflections of Alan Burke on the security risks posed by Climate Change and the urgency in adapting to these changes to mitigate the dangers. In this day of  political “we-they” championing of the environment, there is a real and immediate need to stop the infantile bickering and propose workable policies to Adapt to the inevitable changes, and the sooner, the better. I trust that this article opens the door to other reflections on the security implications of Climate Change.

Again, keep your comments coming and have a good and stimulating read. May your veins boil!

Clive Addy, Executive Editor
© FrontLine Security 2008



Editor's Corner
Cyber Security
© 2008 FrontLine Security (Vol 3, No 3)

As our renewed government faces new and major economic readjustments on a global scale, I am pleased to present this issue on Cyber Security.  

Constable Les Gramantik, of the Firearms Training Unit, demonstrates the new rifle power. (Photo courtesy of the Calgary Police Service)

You will see, in the articles that follow, how much international confidence in our banking systems relies on the stable operation of our web-based information systems – how vulnerable they have proved in the past, and how very necessary Cyber Security is to each and every one us.

Imagine the effects of coordinated and prolonged cyber attacks on governments, banks and stock markets following the work of international leaders to stabilize the situation and restore market confidence and stability. Quel désordre!

To help us get an idea of the scope of this threat, I offer my own thoughts and the opinions and advice of experts in the field. I thank first Dr. Jay Carafano of the Heritage Foundation in the U.S. for his call to do more throughout North America, particularly in the realm of knowledgeable leadership.

Brian Phillips of Bell Canada reflects on the topic of infrastructure reliability in view of the increased reliance of interdependent systems on the global web ­network. He stresses that challenges like securing the 2010 Winter Olympics must encompass serious communications security.

In attempting to make sense of these cyber challenges for our FrontLine readers, I asked Lysa Myers director of research with West Coat Labs, and 10 years with McAfee, where we are going with this. A neophyte in this area myself, Dr. David Gewirtz, the respected editor of Counter Terrorism, brought me up to speed on what he considers as an imminent threat of Cyber War.

Catherine Johnston of ACT Canada again sent us a timely and pertinent article on the electronic identity challenges in this world of cyber threat.

Associate Editor, Scott Newark, offers the final word on this issue with some sage advice on our need to protect ourselves actively from the many realms and sources of our cyber vulnerability.

George Kolisnek, former Director of Strategic Intelligence at NDHQ and Senior Policy Advisor in the Security and Intelligence Secretariat in the Privy Council Office offers his reflections on the knowledge challenge facing Intelligence professionals. As a complement to George’s work, we are happy to bring you Tom Quiggin’s thoughts on the changing front of Security Intelligence. Obviously some major adjustments and reflections are ­necessary in the Intelligence world in both cases.

In matters of Emergency Management governance, we are fortunate to highlight the analysis of the last Senate Committee Report on this issue submitted by David Redman, the former head of Emergency Management Alberta.

A submission by Lance Valcour, an Ottawa Police Services member currently assigned to CITIG (Canadian Inter­operability Technology Interest Group), explains the need for a National Interoperability Plan for Canada.

Finally, from the tiny town of Fauquier in British Columbia, we have an excellent article by its Fire Chief, John Banta, on the challenges of small town volunteer emergency response training and leadership.

Some sound ideas to help us solve some immediate and imminent threats. Have a good read.

Clive Addy, Executive Editor
© FrontLine Security 2008



Editor's Corner
Border Security
© 2008 FrontLine Security (Vol 3, No 4)

Putting this Border Security edition together, in the wake of the world-wide recession, increased tension in the Middle East, and much turbulence in both Canada and the U.S. over government regimes, was indeed a wonderfully stimulating challenge. Yet, it turns out, the real challenge remains to secure our borders without isolating ourselves (which would reduce our chances of mutual prosperity)… the same issue we have tackled for over 50 years.

We start on the front line as Ron Moran brings us the “boots on the ground perspective” of progress at CBSA in fulfilling their, now not so new, mandate.

Tom Tass from BORDERPOL stimulates our reflection on border enforcement in the 21st century.

We then get a taste of the turbulence in Mumbai recently and the potential new sophistication of non-state actors and ­terrorists tactics by Angus Smith at the RCMP. Tim Lynch, a past contributor and recent tourist in the area offers another fresh perspective of Mumbai, post attack.

In our feature interview, we are grateful to have Dr. Ed Amoroso, the head of security at AT&T, share his views on evolving Cyber threats and our security as the global information world and its platforms change.

Our ports are so important to border security and prosperity along our coasts and inland waterways. Mike Toddington reflects on the challenges and urgency of securing and policing our ports intelligently, effectively and competitively.

Adrian King brings us up to date on the new spirit of free enterprise off the Somali coast that continues to threaten an important commercial life-line and sea lane – in a less folkloric way than did Captain Hook.

Alan P. Burke reports on the recent Pozna´n conference with the results and challenges on how adapting to climate change is affected by politics and global finance, and how the environment in turn affects national security.

I provide my own views on the supposed “security or trade” border dilemma, to suggest that both are not only possible, but must take an urgent place together in any upcoming national economic policy. There are a lot of good, practical and urgent proposals that just need doing!

We welcome the interesting contri­bution by Jill Olen on cross border and intersector partnerships for better emergency preparedness.

Finally, I must warn you of the potential mellowing of Scott Newark, who provides a no less pertinent ‘Last Word’ on Border Security.

Enjoy these commentaries, they may be helpful. Do send us your views.

MGen (ret) Clive Addy, Executive Editor
© FrontLine Security 2008



Fear of Freedom

© 2008 FrontLine Security (Vol 3, No 1)

History reminds us that the advent of freedom is regularly confronted by campaigns of terror. Today’s elevated levels of terrorism, in my view, are largely the result of the increasing availability of information to nations where information has long been censored or unavailable. This block of nations is a ­disparate agglomeration of states with serious internal struggles. Let’s examine some current terrorist trends and relate them to our own counter-­terrorism strategy in the War on Terror.

Whenever a major freedom is about to be won, those with the most to lose, have been known to resort to fear to thwart its achievement. A few well-known examples occurred in our own western evolution. For instance, fear tactics occurred during the abolition of slavery, the Christian Reformation, and the emancipation of women. Much like the pre-Reformation lords and priests of Europe, the radical leaders and fundamentalist Imams of the world have much to lose should their adherents gain equality and freedom of conscience. They will make their displacement as difficult as possible.

The Fears
While Western leadership predominantly fears the loss of physical assets and its economic consequences, the Jihadist leadership, for the most part, fears apostasy and with it, the loss of psychological control.

The West is largely unaware that its advancements, especially the birth of the Information Age, accelerated the War of Terror. This “Information Age” began when the personal computer became accessible. By the early 1990s, modems were facilitating the worldwide sharing of high volumes of information. As this giant network – the Internet – began to surround, then penetrate previously insulated cultures. It posed a challenge to controlling leaderships. With renewed purpose, jihadist-based terrorism blossomed.

Those whose prime aim is control, fear liberty. The initial Jihadist attacks of this era could thus be viewed as counter-attacks against the invasion of the Information Age. Previously, large pockets of the Muslim world lived securely behind censorship and extremist interpretations of the Koran. This culture is now being assailed by modern communications. Many Muslims now have the means to see and judge for themselves how others live.

They are confounded by how little their culture, which excelled Europe in the 6th century, has advanced in the last millennium. Over a thousand years ago, Iran and Iraq led the world in science. Now, they depend on Western engineering, medicine and money. Restricting the education of women ensures that more than half the children they raise do not reach their potential, and thus, the gap widens.

Internet postings speak of achievement, equality, and freedoms enjoyed elsewhere. The Imam’s voice at daily prayer must now compete with other messages. This lack of control of access to other messages is a major concern of radical leadership. The strength of Jihadist terrorism is based on control of conscience and soul – espousing suicide bombing as instant redemption. The dogma of Fatwa empowers the Imam to make this so.

This is not so different from some ­elements of Judeo-Christian history. The difference, for instance, between a pre-Reformation priest selling “Indulgences” to sinners and an Imam assuring access to heaven for acts of Jihad, is marginal – both assume divine authority in matters of ­conscience and soul. However, in true Judeo-Christian teachings, only God decides who has eternal life; in Islam, the Imam is allowed to interpret for God and make pronouncements of eternal consequences.

Christian Evangelists believe the church, especially outside North America and Europe, is currently undergoing a global revival. Thousands of Chinese Christians are reportedly studying Arabic in preparation for missionary work – a cause for serious concern among the political and spiritual leaders of the Muslim world.

Surrounded by rapidly developing nations, jihadist leaders may be in a precarious position. Modern communications offer differing world views to its people. It is becoming clear that internal political and spiritual power struggles weaken the very essence of extremism.

Global Strategy
To reach its present state, Europe suffered a prolonged war over conscience and soul. The Reformation distressed spiritual and political power across Europe for over a hundred years, and the people suffered. In the Nuclear Age, the Western world has deduced that it is less dangerous to help accelerate the transformation of the Muslim world than it is to sit back and hope that Islam will reform itself. In my view, this approach has merit.

The current form of War on Terror has been relatively benign in terms of effects on both the developed and developing world. Global combat fatalities and casualties are less than deaths and disabilities caused by medical malpractice annually in Canada. The world economy has experienced unprecedented growth. Health, longevity and standards of living are improving. In a world of 200 nations, less than 20 are stuck in reverse, our so-called “failed states.”

The Western strategy of bolstering homeland security and establishing presence in such failing states protects the Informa­tion Age base and serves as a conduit of information to those perceived to be in need of modernization. Containment keeps Sunni and Shiite Muslim debates in a crucible that might bring a better future. A new, more palatable and shared blend of liberal and fundamental doctrines might thus emerge. The average Muslim citizen is tiring of suicide bombers and the continuing violent assassinations of fellow Muslim leaders. Millions that fled the ravages of internal disorder in Iraq are slowly returning as conditions of security and freedom improve. Once the people and their leaders tire of internal struggles, they may seek a peaceful co-existence both internally and with others. The advent of technology, like the solar-powered $100 laptop, will further accelerate the transformation of the ­pre­viously censored world.

The USA’s 50-year strategy of declining dependence on Middle East oil should reach its goal of zero barrels by 2020. From an energy perspective, the Middle East would then become an Asia-Europe concern. Contrary to popular myth, the War on Terror, while partially funded by oil revenues, is not a resource-based war.

A looming question, however, is whether Western nations will succumb to the counter-information war that is being fought daily in the world media. Appeasement could lead to Western disengagement that would embolden radical leadership, prolong transformation of fundamentalist Islam, and place Europe in a more dangerous situation. Add to this the potential of nuclear terrorism, and the necessary infrastructure hardening costs could far exceed forward presence strategies.

The War on Terror is best viewed as a by-product of the long march to freedom for all peoples. The plenary issue is removing religious restrictions on freedom of conscience and equality. However, new-found freedoms can cause watershed changes in authority, however fear tactics are often successful in delaying these freedoms.

The West’s strategy of containment, forward presence and accelerating access to information should continue. Religious reformation can be nasty long-term affairs. The rest of the world, having spent over a century in reformation itself, knows it cannot afford a century-long reformation of Islam. This western global strategy, while valid, needs to embrace the central issue in religious transformation – conscience and eternal salvation. At present, Imam authority trumps Western sensibilities.

The battle of conscience is the vital ground in the War on Terror and it needs to become a strategic determinant in this global campaign on the “battlefield of information.” Given that internally-led religious transformation is either unlikely or very slow in the Muslim world, an external ­catalyst is required. The West should aim to reduce the influence of the radical voice and raise doubt in the mind of young jihadists. Neutralizing the Jihadist bomber would reduce suffering and chaos in the Muslim world and lessen fears in the West. This common goal would benefit all.

Howard Marsh served in the Canadian Forces, was the Senior Defence Analyst of the Conference of Defence Associations and the Senior Policy Advisor to Minister of Defence O’Connor.
© FrontLine Security 2008



Natural Gas Perspective
Critical Infrastructure Security
© 2008 FrontLine Security (Vol 3, No 2)

Today, the threats to industry vary from those of a decade ago. The natural gas ­distribution industry has responded to the challenge – we have improved our understanding of new threats; and we have taken steps to ensure the continued reliability of the critical infrastructure that delivers 24% of Canada’s end-use energy to Canadian industry, businesses and homes, and exports half of our production over 3 trillion cubic feet of natural gas to the U.S.

Texas Wetlands are an example of the many diverse geographic areas through which gas pipelines run.

Still, there’s room for advancement in the areas of communication between ­government and private sector owners and operators and clearer understanding of critical infrastructure interdependencies. This would provide improved understanding of domino effects, and increased knowledge of effective responsibility and communication channels. We need this type of knowledge and communication between government and industry to get the right info to the right person at the right time; supporting industry’s readiness to respond when it matters the most.

The Change
9/11 was the catalyst that changed the way industry thinks about asset vulnerabilities and resilience. Historically accustomed to dealing with threats to our infrastructure from digging activity and from nature, the owners and operators now have an enhanced understanding of deliberate, malicious, cyber and human resource threats to our systems. Our industry has responded to these potential threats by focusing on improved emergency response plans.

Given the diffuse characteristics of the natural gas infrastructure, securing the reliable operation of this critical infrastructure in large part is in response, not protection. The natural gas industry has significant reserve in its infrastructure and focuses on rerouting and other immediate responses rather than building barriers to protect itself.

In Canada alone, Canadian Gas Association (CGA) members have over 580,000 km of distribution pipeline composed of mainlines and services which are fed by 80,000 km of high pressure transmission pipelines. The majority of our lines and valves are buried, with stations and some valves above ground. The substantial number and vast distribution area of our facilities make it impractical to protect the assets. Focusing on Emergency Response is the best way to secure the resilience of the critical natural gas delivery infrastructure.

New Initiatives
Post 9/11, CGA formed a task force to examine additional threats to our system and review major issues related to protection and emergency response. Companies exchanged best practices and compared the results of independent security reviews. We also partnered with the RCMP who brought in other government agencies (intelligence, security and law-enforcement) and carried out a joint study on our vulnerabilities. Several of our members participated in cross-border studies with the US. As a result, natural gas delivery companies reviewed and enhanced their security and response plans to deal with potential deliberate malicious attacks, and more.

The majority of gas infrastructure is buried.

We have an industry-wide Mutual Aid Agreement in place and have developed an Influenza Pandemic Planning Guide. Our members continue to exchange best practices and emergency response procedures and participate in mock emergency response scenarios. These exercises are now common­­place within companies.

Our members are involved with the national effort, led by the National Energy Board, to develop a new security standard for natural gas pipelines through the Canadian Standards Association. We welcome and support security standards. For us, however, standards determine the minimum performance requirements, or setting ‘the floor’ for ­company practices. The ceiling is set by the rigorous ongoing exchange of best practices and exercises.

Interdependency – The Domino Effect
These are steps that natural gas distribution utilities have taken to enhance the security and resilience of our assets. Yet, our understanding of the domino effect is still primitive.  The study of interdependencies among different critical infrastructures is a journey, not a destination; some local level progress has been made, but work is sorely needed at the national level. Working with government and other critical infrastructure owners and operators will take time. As the layers are peeled away, greater understanding of how we are connected is gained, revealing further layers to be examined and resolved.

We must work together to improve our understanding of interdependencies. For instance, since 2001, Gaz Métro has been involved in a research initiative with the École Polytechnique de Montréal and ­critical infrastructure operators like CGA, Hydro-Québec, Bell, the city of Montreal (potable water supply), and the Ministry of Transportation. Geographical and functional issues are being examined in Québec City and downtown Montreal on how an incident on one system can affect the critical infrastructure of another. The scenario of a major water pipe break identified serious infrastructure domino effects and time lags. As a result, individual plans addressed such potential effects; critical zones were ranked, and harm reduction measures developed. Industry is considering the establishment of early warning systems and the use of alternative resources. This research led to concrete operational changes and understanding; and also increased cooperation and trust among the stakeholders.

While there are obvious benefits to understanding the interdependencies of energy, banking, telecom, transport and other critical infrastructure, complex and practical issues remain around business confidentiality challenges. Local exercises are easier to implement, and have been an ongoing focus for most companies. Continued work is needed, with the understanding that effort with different industries will take time.

While the threat profile has changed in the recent past, the net effect on our system from a deliberate and malicious attack is similar to any other disruption. Our members have been operating the natural gas delivery infrastructure for over a century; we have robust emergency response procedures in place and we continuously improve our understanding of interdependencies.

The Private/Public Sharing of Responsibility
Another key issue that remains to be addressed fully is the private/public responsibility in ensuring the security of the critical infrastructure. Government’s interest in ensuring the safety and security of critical infrastructure is obvious. What is less clear is the delineation of responsibilities between the government and the private sector (owners/operators of over 80% of the critical infrastructure) to ensure overall security of all citizens.

Good management of our infrastructure security is based upon the ability to have timely knowledge of threats and the ability to respond. Government has a responsibility to ensure safety. Its responsibility lies in informing the commercial owners of infrastructure of threats in a timely manner. It is then up to industry to make the decisions in response to threats and ensure continuity of critical services. This reality mandates a close collaboration between governments and the critical ­infrastructure owners and operators. In the past several years, major progress has been made in this area, yet much work still remains and needs attention.

Government has access to information from intelligence, security and law-enforcement. Compiling, analyzing and translating this information to relevant knowledge about threat situations relating to different critical infrastructures and then communicating it to the owner operators of the infrastructure in a timely fashion is one of the key roles of government. There is not yet the necessary single government point of contact that private sector owners and operators of critical infrastructure need and can approach to understand the threats and agree on the best protection and emergency response measures.

There is a plethora of agencies on the government side: intelligence and law-enforcement agencies, agencies focused on terrorist threats and those focused on emergency response and preparedness against all threats and the different federal, provincial, territorial and sometimes local agencies. This defines the challenging domain in which critical infrastructure owners and operators operate. It also makes these same operators less receptive to meeting multiple agency demands for information on their infrastructure without a clear understanding of how that information will be used, who will have access to it, and how it will be kept secure.

The One-Stop Government Shop
The pursuit of a single stable government agency, a one-stop-shop for critical infrastructure operators, still remains our goal. It will allow governments to develop the experience and knowledge of how industry works while providing us with meaningful information. With ongoing communication and support from one source, industry will be confident that we are obtaining the right information and guidance from government when threats are imminent. Industry will also find it easier to provide the confidential information on our actions to protect and respond confidently.

One example of success has been the way Canada and the U.S. have handled the security of cross-border critical infrastructure. These two governments engaged the private sector as an equal partner. Company representatives were teamed with intelligence officers, defense experts, assault planners, specialists on interdependencies and policy, first responders, explosive analysts, modelers, and government representatives. Several joint vulnerability assessments were completed on natural gas pipelines that cross the border. The outcomes were very positive.

We can build on successes such as the cross-border efforts to enhance ongoing dialogue between Canadian government and industry. The roles and responsibilities of the public and private sectors need to be more clearly understood and accepted. What government asks of us should balance with what industry needs from government. Governments need to avoid asking for duplicated efforts and variations of information from industry; figure out how to streamline communications both within different government agencies and between local, municipal and provincial levels. Industry needs a one-stop contact that speaks our language.

Let Us Progress Together
The natural gas distribution industry is ready to meet the security challenges of today. While we continue to work on securing our critical infrastructure through internal exercises, there remain key pieces of work to improve response in a crisis. Better understanding of interdependencies and government support through the establishment of a one-stop contact will ensure the right communications are in place during an emergency. The new National Strategy plan from government is a step in the right direction, let us now work on the implementation with industry.

Dr. Shahrzad Rahbar, is Vice-President Strategy & Operations, Canadian Gas Association and a graduate of London University in England, BSc in Mechanical Engineering and her PhD in heat transfer from Queen Mary College. She has more than 16 years of experience in the natural gas industry in Canada and holds patents as inventor of two technologies.
© FrontLine Security 2008



Dr James Jay Carafano
Cyber Security Concerns in the U.S.
© 2008 FrontLine Security (Vol 3, No 3)

On August 13, 2008, in an article entitled: “When Electrons Attack: Cyber-Strikes on Georgia a Wake-Up Call for Congress” Dr. James Jay Carafano wrote:

Bombs and bullets are not the only things flying around in the Russia-Georgia war over the week-end. There is a flurry of battling electrons as well. According to a news story first reported in The Telegraph, the Georgian Ministry of Foreign Affairs claimed that a “cyber warfare campaign by Russia is seriously disrupting many Georgian websites, including that of the Ministry of Foreign Affairs.” How these contributed to the country’s crushing defeat and the extent of deliberate Russian “cyber-warfare” remains to be determined. This incident, however, is the latest reminder that Washington needs to get serious about systematically developing the cyber-strategic leaders in the public and private sector who are skilled in dealing with the complex issues of deliberate attacks in cyberspace.

War Online
It has been reported in The New York Times and elsewhere that weeks before the Russian invasion, “denial of service attacks” (where websites are flooded with useless data) and other malicious acts were targeted against Georgian government computer sites. Some speculate these were a prelude to a preplanned assault on Georgian territory. In addition, it is clear that government and business websites were intentionally disrupted during the invasion. How much has been directed by the Russian government, individual hackers, and Russian criminal elements (some with alleged ties to Russian government agencies) remains to be sorted out.

That is not the first time that Russia has been accused of cyber warfare. A widely publicized cyber assault against Estonia in 2007 increased suspicion that Russia is using online malicious activity as a tool of national policy. The assault disrupted public and private Estonian information networks with massive denial-of-service attacks. The attacks targeted the websites of Estonian banks, telecommunication companies, media outlets, and government agencies. Estonia’s defense minister described the attacks as “a national security situation... It can effectively be compared to when your ports are shut to the sea.” The Estonian and Georgian attacks testify to the disruptive power of a coordinated cyber offensive.

Russia is not the only [nation] threatening other countries. And many countries, including America, are their targets. U.S. government information systems are attacked every day from sources within the country and around the world. China [allegedly] uses “cyber-spying” as a matter of course, and America is one of their prime targets. Some of these intrusions have been extremely serious, compromising ­security and costing millions of dollars. Penetration of ­computer networks at the National Defense University proved so pervasive that the university was forced to take the entire computer ­network offline and install new information system defenses.

These attacks come from states, criminal networks, “hacktivists” (online political activists), and other malicious actors. In addition, bad people exploit the freedom of the Internet – terrorists included. They go online to gather intelligence, raise money, share tradecraft in chat rooms, and coordinate ­propaganda messages.

Q:Dr. Carafano, you view this as a broad, all en­com­pas­s­ing and constantly evolving national threat, not only to government, but to industry as well. Many leaders in both of these sectors tend to leave it to the other to handle, or they pass it on as a purely technical task for their Chief Information Officer. What do you suggest is the level of concern that should be involved in each sector?

It is indeed time for leadership to get involved. The lesson for the United States, and probably applicable in large measure to Canada as well, is that we must take the challenge of cyber threats seriously. The initiatives that will likely best serve us and our international partners in the cyber conflicts of the 21st century, are those derived from private sector experience, emerging military and intelligence capabilities for conducting information warfare, and law enforcement measures for combating cyber-crime.

Cyber-war, like real war, is a competition of action and reaction between two determined enemies. Technology, which evolves every day, is the “wild card” that keeps changing the nature of the battlefield. Like war on an escalator, there is no standing still. Thus, there is no quick fix or “silver bullet” solution that will make us immune to these threats. The situation calls for dynamic, informed national leadership (in both the public and private sector) that understands how to compete in the cyber-strategic environment. We need cyber-strategic leaders that can:

  • Ensure adoption of best pra­ct­ices. They must ensure the priority of con­stantly refreshing and re-applying current knowledge.
  • Employ risk-based approaches.  All information programs must include assessments of criticality, threat, and vulnerability as well as measures to efficiently and effectively reduce risks.
  • Foster teamwork. Cyber security is a national responsibility requiring international cooperation. We must maintain effective bilateral and multinational partnerships to combat cyber threats.
  • Exploit emergent private sector capabilities. Government and industry must become more agile consumers of cutting-edge commercial capabilities.
  • Manage cyber systems. Most programs under-perform because, due to inattentive senior leadership, they lack clear requirements and hold unrealistic projections of the resources required to implement those requirements.
  • Protect, defend, and respond to cyber threats. Targets of malicious acts by either state or non-state threats should respond by using the full range of military, intelligence, law enforcement, diplomatic, and economic means.

Q:How do you see this occurring and what counsel would you offer to leaders, both public and private, as you see them attempting to respond effectively to these cyber threats?

First what we do not need is massive reorganization, massive government bureaucracy, massive infusions of government cash, or massive intrusions into the marketplace and the lives of our citizens.

What is needed are long-term commitment and sound initiatives based on better and faster acquisition of commercial services; better and smarter management of military, intelligence, and information technology programs; and better and sustained professional development of federal, state (or provincial in your case), local, and ­private-sector leaders.

Federal governments can help develop the needed leaders to respond to cyber threats. This can be accomplished in part by establishing effective interagency programs for professional development, particularly in regard to cyber skills. Much of this can be done through modest initiatives that require federal interagency education, assignment, and accreditation programs, one that in particular addresses the preparing of cyber-strategic leaders. This framework should include:

  • Education. A program of education, assignment, and accreditation that cuts across all levels of government and the private sector with national and homeland security responsibilities (especially cyber security) has to start with professional schools specifically designed to teach interagency skills. In the U.S., no suitable institutions exist in Washington, academia, or elsewhere – the gov­ernment will have to establish them. I do not know about Canada.
  • Assignment. Qualification will also require interagency assignments in which individuals can practice and hone their skills. These assignments should be at the “operational” level where leaders learn how to make things happen, not just set policies. Identifying the right organizations and assignments and ensuring that they are filled by promising leaders should be a business and government priority.
  • Accreditation. This is vital in the U.S. and, I suggest, in Canada as well. Here, accreditation and congressional involvement are crucial to ensuring that our programs are successful and sustainable. Before leaders are selected for critical (non-politically appointed) positions in national and homeland security, they should be accredited by a board of professionals in accordance with broad guidelines established by Congress. Perhaps corresponding measures should be considered in Canada.

Critical components of good governance, such as establishing long-term professional programs for developing cyber-strategic leaders, are often shunted aside as important but not pressing – something to be done later. But later never comes. The latest real cyber war threats should serve as a wake-up call that this is unacceptable for critical national security activities such as cyber-strategic leadership that require building interagency competencies that are not broadly extant in government.

Q:What sort of feedback have you had or do you expect from these observations and proposals for training and selecting future business and government leaders?

Surprisingly little. People are our greatest asset. There are hundreds of volumes on leadership published every year  and people snap them up. Yet, when it actually comes to focusing on leader development it is amazing how most just give it lip service. Cyber-strategic leadership has proved no different. The problem here is that there is such a great shortfall in qualified strategic leaders that the lack of human capital investment puts us at great risk.

James Jay Carafano, Ph.D., is Assistant Director of the Kathryn and Shelby Cullom Davis Institute for International Studies and Senior Research Fellow for National Security and Homeland Security in the Douglas and Sarah Allison Center for Foreign Policy Studies at The Heritage Foundation in Washington.
© FrontLine Security 2008



Border Enforcement 21st Century
© 2008 FrontLine Security (Vol 3, No 4)

From 1990, travel restrictions out of the post communist states almost evaporated. Simultaneously entry restrictions were significantly eased in the U.S., Canada and most western European countries.

As appropriate as these changes may have been politically, they were conceived by policy makers with little regard for the advice provided at the time by the intelligence community. The criminal community and organized terrorist groups began to exploit these freedoms almost immediately.

East bloc crime syndicates, whose roots were directly associated with the former Soviet military and political leaderships, laundered their former state assets into newly minted enterprises ranging from classic banking and investment scams to the establishment of new global networks for trafficking in drugs, weapons and people. These businesses rapidly proved successful.

Terrorists similarly embraced the ease of travel regulations and reduced border controls. Obstacles to their movement were reduced significantly and they exploited open immigration and benevolent refugee screening programs. Passport and identity fraud were treated as misdemeanors by most western governments.

These criminal activities flourished as a result of the evisceration of border controls by most countries. In the early 90’s, the political wisdom was that border controls were redundant. Conventional political approach was that the general law enforcement ­community and the associated justice systems were well-enough equipped to deal with such criminal elements.

By the mid-nineties, the few remaining members of the western intelligence community were raising alarm bells. The international criminal community had clearly become the major catalyst in the extraordinary number of cases related to a broadly connected series of crimes associated with trafficking in human beings, drugs and small arms. Passport and identity fraud were skyrocketing. Radical religious groups were using immigration programs to expand their influence in European and American metropolitan communities.

These intelligence warnings went generally unheeded and were in some instances openly derided by senior domestic law enforcement officials in Canada, the US and in western Europe. A recession had forced cutbacks in government spending and many of them reduced the size of their border services.

The continued growth of international traffic both in terms of persons and goods - brought about the “streamlining of screening procedures” that, coupled with the reduction of border officials at borders and embassies, made for a perfect storm, whose winds filled the sails of the global criminal community and their financial coffers and influence. .

Trafficking in women and minors was on the rise, travel document fraud was endemic but there existed no broad network nor protocols for the exchange of information on this increase in crime.

Left: Canadian Border Services detector dog and handler inspect the trailer of a commercial vehicle. Right: Customs and Border Protection officer Ballard inspects the trunk of a car at the San Ysidro border crossing between Mexico and the U.S. in San Ysidro, California, on 31 January 2008.

Fortunately, necessity being the mother of invention, BORDERPOL exists today because it was recognized over a decade ago that there was such a need to facilitate and provide secure travel channels between like-minded states.

In the fall of 1997 a three day meeting was held in Riga, Latvia which examined the effects of the liberalization of the border controls. It was made clear to all that the existing global institutions such as Interpol, the World Customs Organization or International Organization for Migration did not possess the necessary mandates to cooperatively challenge border related crime. Against this backdrop, a group of law enforcement officials from the Americas and Europe determined that the time had come to form a unique body to challenge this type of criminal activity.

In 1998 a genesis study was commissioned by the International Center for Migration Policy Development (ICMPD) in Vienna, Austria. It was to produce a proof of concept document for the European Commission (EC) to develop an intelligence based institution that could challenge cross border criminality at a trans national level. The study called “Project Solomon” concluded in 1999 that there was an immediate need to establish a network of like- minded states that would share information through an automated system about the cross-border movement of persons.

This report was reviewed in 2000 by the EC and was immediately shelved due to data protection concerns. However, its overall recommendations were accepted as part of a genesis program that would eventually lead to the creation of European Union border agency in 2004.

With “Project Solomon” effectively dead, the authors were determined to proceed with the establishment of a fraternal body of border enforcement officials to examine ways in which to gather the necessary support from “like minded” states to establish BORDERPOL.

World events overtook the process. The terrorists attacks of 9/11 both helped and, ironically, hindered the progress.

9/11 galvanized public attention and effectively put an end to the ill-conceived post cold war liberalization of border control policies and programs. Resources became available for the replacement of obsolete equipment, the addition of more human resources and a recognition that the intelligence community to monitor the movement of persons and goods had to be re-established.

Adnan el Shukrijumah (US); Lamine and Ibrahim Adam (UK); and escaped rapist/murderer Blane MacDougall (CAN)

Almost immediately the compartmentalized border enforcement community and its legacy agencies, were subsumed into large bureaucratic ­institutions.

The need to rebuild counter terrorism capabilities in like-minded states also brought with it an unprecedented level of secrecy and insularity. This, ironically, made establishing an intelligence based global institution extremely suspect.

Despite this difficult climate, BORDERPOL was officially created in March of 2003. Founding members from Canada, the United States, and a number of European Union states received its charter from the Government of Canada to operate as a non-profit ­organization.

Since its incorporation, BORDERPOL has been actively pursuing its original purpose while working to meet the needs of the international border security and border management community with 21st Century approaches.

Currently, the organization has senior representatives from 11 national border policing agencies directing its activities, and over 170 members make up the expert support group. All BORDERPOL ­programs are managed through a Headquarters Secretariat office in Ottawa. A European Secretariat, sponsored by the Hungarian National Police Service in Budapest, is responsible for EU and Central Asian projects. Similar regional Secretariats are planned for Asia and Latin America.

Over the past five years, BORDERPOL has developed and delivered capacity building programs to improve the capabilities of national border enforcement agencies to track, detect and deter specific forms of trans border criminality. These programs have taken place in countries as diverse as Kyrgistan, Croatia, Hungary, Kosovo, the United Kingdom and Central Africa.

During 2008, members of the represented border agencies requested that BORDERPOL expand and focus on its the core ­mission of providing more operational support to the border enforcement community. Consequently, in 2009-2010, it will emphasize developing sustained support services for its members.

The first service will be the development and introduction of an automated border management system to track the movement of travelers through a central registry. Its primary purpose will be to verify entry and exit protocols for participating states. It will ­effectively deny the ability of identified and suspected criminal movement from one state to another by air or sea.

Another initiative will see the testing of an International Passport Card (IPC) that will complement existing national passports. Its primary purpose will be to provide the traveler with a secure document in the form of a biometric-based smart card that combines and expands the usefulness of existing national “trusted traveler cards” for use in multiple jurisdictions with specialized services such as travel insurance. The border policing community in participating countries will have access to security features that will facilitate entry, exit and various visitor registry processes.

A third BORDERPOL initiative will be the development of an international ‘bad guy’ lookout database using the remarkable technological developments in face recognition biometrics. Such lookout systems are in rudimentary and largely isolated deployment around the world, including the UK and the UAE. The BORDERPOL system is intended to make use of existing law enforcement photographs of persons who are either fugitives or barred (based on security, criminality or other grounds). By facilitating the sharing of this most relevant data in a preventive rather than traditionally reactive fashion, BORDERPOL will help countries detect and prevent entry to their territory of persons that pose a threat rather than respond after the fact.

These and other projects are primarily designed to make borders more effective in denying criminals and terrorists the ability to move unimpeded from one jurisdiction to another. At the same time, such programs will facilitate and begin a long-awaited ­standardization process that will ease border formalities for ­legitimate travelers. As a border focused organization, BORDERPOL actively promotes this combination of low risk facilitation and intelligence driven investigation because, in today’s world, more security is not necessarily better security.  

Thomas A. (Tom) Tass is the Executive Director of BORDERPOL. Visit the official website at www.borderpol.org
© FrontLine Security 2008



Transportation Security
© 2008 FrontLine Security (Vol 3, No 1)

It was billed as a Transportation Security and Technology Forum with the goal of applying Canadian and global solutions. And it didn’t disappoint. Kicked off by a refreshingly candid analysis of maritime security ­vulnerabilities by Defense Minister Peter MacKay, the Conference Board of Canada’s November 2007 Transportation Security Conference ­featured an impressive array of speakers with detailed ­presentations and a series of ­specific recommendations for improvements.

Minister MacKay is well briefed on maritime security and the former Crown Prosecutor has been a leading advocate for an enhanced public marine security presence since the abolition of the Ports Police in the late 90’s by the former Liberal government. Following a question from the floor, the Minister also agreed to bring the message of urgency of solving the pre-border clearance impasse back to the Department of Justice whose position on fingerprinting persons suspected of conducting border security surveillance has caused an impasse with U.S. officials.  

Panels throughout the two-day event featured Canadian, American and international perspectives on all transportation sectors with presentations focused on mass transit, seaport security, rail and air transport. Of particular note, were the intriguing engineering design perspectives ­presented by Professors Roshdy Hafez and Halim Abd el Halim of Carleton University that mirrored a security-based analysis of transit infrastructure. On the same subject, Carl Desrosiers, Executive Director of Société de Transport de Montréal provided a detailed operational overview of STM’s security approach including its recently deployed state of the art command and control communications system.

Delegates were repeatedly invited to challenge status quo assumptions and to think ‘outside the box’ by both Superintendent Phillip Trendall of the British Transport Police and Israeli security expert Rafi Sela of AR Challenges. A lively discussion regarding the nature of law enforcement (and intelligence) presence required at seaports was provided over the two days from industry and U.S. and international law enforcement. This revealed that Canada’s unique status in not having seaport dedicated public policing. Gary Gilbert, Senior VP of Hutchison Port Holdings delivered a pragmatic and expert look at the challenges posed by concurrent security and business priorities for a global port operator.

Mark Camillo of Lockheed Martin put transportation security into a special events context by analysing the transportation security planning considerations for the 2010 Olympics, which was eye opening to say the least. It no doubt caused reflection on just how soon 2010 will be upon us. Information sharing, or the lack thereof, was also raised as a recurring theme and delegates were given a detailed overview of how industry based information sharing can work from EWA Information Infrastructure Tech­nologies President and CEO John Lindquist. The highly controversial US request for over-flying passenger information sharing was a part of an update on U.S. Trans­porta­tion security priorities, provided by TSA/s Assistant Adminis­tra­tor, John Sammon.

The Conference Board event, once again, was a valuable forum for discussion of important transportation related security issues. FrontLine Security has assembled some of the specific insights and recommendations emerging from the discussions. We present them here in the text box at right for your convenience.

Conference Insights & Assessments

  • Operators and law enforcement providers must learn objectively from past events (London) to identify what worked and what didn’t in all future planning.
  • Train front-line responders through exercises to the extent possible, including and especially, where interagency cooperation must be involved.
  • National and local law enforcement/intelligence remains uncoordinated in so far as local transit operator information sharing is concerned. Formalized, industry-led, with concrete government participation, information sharing entities are essential for providing effective transportation security.
  • Command and Control (C2) and Common Operating Picture (COP) communi­­-cations are essential for transportation security in all domains.
  • Effectiveness of specialized subway police is being lauded where in effect (note TransLink’s police unit and special transit municipal detail in Montreal).
  • Better to have security included at the outset in full capacity system design and deployment than to rely on “add-ons” or retrofits after the fact. This is becoming more widely accepted as an engineering principle and for system ­enhancement (note broad need for CCTV deployment on transit as an example).
  • Transit security needs to focus not only on ‘things’ but also on people. Name-based “no fly” or lookout systems are dangerously inefficient and deceivingly ­ineffective when such technologies as face recognition biometrics are available.
  • Sophisticated technology requires properly trained/qualified personnel to operate and to respond effectively.
  • Find ways to maximize incentive for third party financial contribution to ­security at Critical Infrastructure (as examples, Ben Gurion airport duty free advertising and revenues and the TTC Onestop passenger information and security systems provide ­revenue generating advertising opportunities).
  • Avoid “security” systems that cause delays/line-ups and thus targets.
  • Architecture modification to meet security requirements should be considered where possible and justified by proper risk analysis.
  • E-seals for cargo containers are deemed very desirable to encourage expedited clearance at ports and at subsequent inland borders.
  • Better-standardized freight descriptions are also deemed desirable to expedite secure clearance.
  • Onsite public marine port enforcement presence is highly desirable.
  • Pre-border clearance procedures are essential, including a definite focus on ­expediting clearance through low risk identification programs.
  • Risk also creates opportunity for learning and enhancement.
  • More security is not necessarily better security: terror-related threats require ­intelligence-led efforts and a broad common awareness security network.
  • Success is measured in terms of prevention not prosecution.
  • There are no 100% guarantees, but that is not justification for inaction.

Scott Newark was an Alberta Crown Prosecutor, Executive Director of the Canadian Police Association and Director of Operations for the D.C. based Investigative Project on Terrorism. He has also served as a Security Policy Advisor to both the Ontario and Federal Government and is currently the Vice Chair/Operations of the National Security Group in Ottawa.
© FrontLine Security 2008



CI: We Need a Measuring Stick
© 2008 FrontLine Security (Vol 3, No 2)

Novice SCUBA divers first learn to find “up”– where the­ ­surface and safety lie, basically the direction of ­bubbles – knowing “up” enables them to maintain normal orientation and control. While this may seem obvious and intuitive, it is not. When you are 60 feet down (3 atmospheres) and lose visibility and orientation, it is easy to panic and make fatally bad decisions. You might lose orientation in thousands of ways: someone or something around you stirs up a silt cloud, the setting sun suddenly disappears behind a cloud and you can’t see to the bottom anymore, or you accidentally rip your own face mask off because it snags on a piece of gear – and it sinks away. As long as you can figure out where your bubbles are headed (watch them or feel them passing over your body), you can find the safety. Like SCUBA diving, assessing the risks around critical infrastructure (CI) interdependency starts by understanding which way is “up” – the normal orientation. In the context of CI interdependency, “up” is interdependency under normal operating conditions.

CI itself is broadly identified by “species” according to the good or service produced and delivered. Any taxonomy of CI species is not absolute and usually reflects an aggregate of professional and/or policy-maker opinion. All national governments seem to group and name the critical goods and services within their economies similarly, but differently. Furthermore, these groupings evolve and morph regularly depending on the administration in power. For the purposes of this article, sector definitions (see table on page 15), representing Canadian, American and European CI definitions will be applied.

Critical Infrastructure Interdependency is a feature of all societies and economies, modern or not. CI sectors supply each other with goods and services and are dependent upon one another to greater or lesser extent. The relationship between two CIs is always bi-directional but not usually equal or proportional, for instance, a given sector may have a greater dependence on another.

Understanding CI interdependency is fundamental to understanding how threats and impacts can cascade through CI sectors and amplify initial impacts, making recovery and remediation that much more difficult. A black-out means pumps for fuel and water quickly cease to function. If the black-out persists, food will soon run out as trucks stop running and the health infrastructure will become overloaded as black-water contamination makes the population sick. A data centre fire and a coincidental but unrelated back-hoe cable-cut at a second location result in an overload and subsequent failure in the national telecommunications network at newly emerged choke-points. Since all telecommunication converges onto an “IP backbone,” the financial transaction systems stall and people can’t buy food. Hospitals can’t get timely laboratory results or order new inventory of pharmaceuticals. These are simplistic examples of cascading interdependencies among CI sectors. The reality is that interdependencies are far more complex than we can imagine or intuit.

The normal, natural orientation of CI interdependency, our ‘‘up,’’ is the state of interdependence under normal operating conditions. This is the state from which a CI will be wrenched when a threat materializes, and the state to which the CI will strive to return. Understanding what normal conditions looks like, allows CIs to gauge and assess their degree of disorientation (impact of the threat and resulting risk) and invoke more appropriate remediation, recovery and response.

Risk assessments on CI interdependencies and cascade risks must start with a thorough understanding of normal conditions of interdependency in order to evaluate the impacts associated with different threats. There are typically thousands of viable, credible threats against any specific CI sector or industry, and probably tens of thousands of viable, credible threats against all the currently defined CI industries. Trying to select the most pertinent threats and then assess them in the context of risk is a daunting process as there are too many threats to consider.

An “all-hazards” approach to the tens of thousands of combined physical and logical (IT or systems) threats facing CI industries is possibly meaningful for specific asset owners and specific assets, but quixotic at the CI sector level and not applicable to managing inter-sector interdependency.

Risk assessments focused on specific assets are possible, because the owners are innately aware of their normal operating conditions – they understand their baseline and can apply the risk assessment results to it. In the case of CI Interdependency risk assessment, the baseline is poorly understood and always incomplete. Additionally, measures used for establishing interdependency will vary from relationship to ­relationship and are typically one-sided in perspective. (A understands how urgently and why it needs B, but B is scarcely aware of A – it simply assumes A is there.)

The adoption of standard methodologies and metrics for measuring and mapping CI Interdependency under normal operating conditions has advantages for those trying to manage and understand CI ­cascade risks.

  • Cascading risks, by definition, flow through, and to, all sectors – but with differing degrees of intensity. To compare and model these cascades, a single system or measurement among all sectors must be employed – apples to apples.
  • Cascade risks must be assessed from a full 360° view, with all CI sectors  included in the model. Anecdotal or intuitive approaches to CI interdependency only include the cascade risks which are known, remembered or understood. “We don’t know what we don’t know” in the area of CI cascade risks.
  • In approaching the management of cascade risks, a wide and diverse set of industries, interests and objectives must be addressed in unambiguous, empirical terms to facilitate participation and adoption. There is no place for unsubstantiated opinion: just the facts, please.

The challenge associated with establishing a baseline metric for CI interdependency under normal operating conditions is commonality of measurement. How do you measure “interdependency”? What do you measure? How do you compare the strength of interdependency between Telecoms and Energy with Telecoms and Food? Health to Manufacturing? Health to Government? In total, if you have 10 CI ­sectors defined you will have a total of 90 inter-sector relationships and 10 intra-sector relations. Think of this as a table with 10 rows and 10 columns so that each sector has a cell in the table representing a relationship with every other sector. But what is the common denominator? For SCUBA divers, bubbles present a simple solution to a potentially complex problem; finding a common denominator for CI interdependency requires far more effort.

The development of CI interdependency “common denominators” has begun, to establish the CI “up.”

Tyson Macaulay, author of “Critical Infrastructure: Understanding its component parts, Vulnerabilities, Operating Risks and Interdepedencies” is involved with Customer-CISO (C-CISO) at Bell Canada. His assessment proposes normal operating condition ­metrics for the 100 inter and intra sector dependencies. Whitepapers and references can be found at www.tysonmacaulay.com.
© FrontLine Security 2008



From "What" to "What's"
© 2008 FrontLine Security (Vol 3, No 3)

So often, for those of us who deal daily with the vulnerability of our critical infrastructures, what we do for a living feels like selling insurance to people who are just trying to survive day to day.

Yet, like it or not, we are the leaders and therefore the protectors of national and international critical infrastructures. Communications and Information Technology (IT) ­networks are major players in keeping the world right side up. But others, like energy, transportation and public safety are inextricably linked to the future of our communities, whether that community is Portage La Prairie or the entire planet.

As these critical infrastructures (CIs) become more pervasive and interdependent, we are indeed compelled to shift the focus from reactive – consequence ­management and response – to proactive prevention and protection. To move from “what if” to “what’s best.”

Instead of trying to anticipate everything that could happen to our vital assets, it’s time to take a look at what we have to protect and then harden that. In that way, we become less similar to insurance agents, and more pertinent business enablers.

It begins with a new understanding that those of us in the CI protection club must act more like family, recognizing that a competitive and secretive attitude will hamper response and recovery when it is most needed. Like family, we must acknowledge our mutual interests, common experience and increasing interdependence.

10 traditional CIs
There are 10 accepted Critical Infra­structure sectors in Canada: Communi­cations & Information Tech­nology, Energy & Utilities, Water, Finance, Transportation, Safety, Food, Government, Healthcare and Manufacturing.

While all are deeply interconnected, at another level, some – such as Com­mu­ni­cations and IT – support everything else. Their survivability is the cornerstone of a successful first response and viable recovery from any emergency. All other CIs depend on them, and their failure can lead to a cascade of chaos affecting every area of our society.

Emerging CIs
The case can be made that two additional CIs are emerging: the Internet; and SCADA (Supervisory Control and Data Acquisition).

The Internet is much more than simply a component of Communications and IT. It’s a venue for the best and the worst of human nature. When it comes to malware and subversion, we’ve seen a rapid evolution from script kiddies, hackers and social scammers right up to cyber terrorists and state-sponsored Black Hatters.

In fact, cyber crime has surpassed the illegal drug trade as the #1 crime in Canada – and 70 percent of victims don’t even know they’ve been had. Internet child pornography is now a $2.6 billion cancer in our society.

Canada is ranked 9th as an international cyber target, with Canadians standing a better chance online than on the street of being a victim of crime. Yet, of 62,000 public police in Canada, only 245 are fighting cyber crime, while 18 million Canadians are spending $50 billion a year online – a number that will skyrocket as the use of commercial sites like Amazon.com and EBay continues to expand.

Cyber security is more than just protecting against viruses and worms. It also encompasses information assurance in enterprise computing. This means controlling access to information, managing loss of data and security associated with IT, and supervising human information-handling processes.

New Vulnerabilities
SCADA – sometimes called Distributed Control Systems or DCS – is emerging as yet another or 12th CI sector. It’s found in just about everything: manufacturing, transportation systems, postal sorting machines, security surveillance systems, food production, drug manufacturing, water and water treatment, control of dams, telecommunications networks, airplanes and ships.

In the energy sector, for instance, the 2003 blackout was traced to a SCADA failure to respond properly to a sagging hydro wire shorting out on a tree branch. Another example – 75% of the world’s gas and oil pipelines longer than 25 km are controlled by SCADA systems that run parallel to the physical infrastructures. What a highly inviting target for any terrorist or disgruntled employee, not to mention its vulnerability to random events such as a natural disaster, general systems failure or human error!

Size and reach add complexity.

Also, we must acknowledge that each sector is so vast that it’s impractical if not impossible to protect every vital component. As well, stove-piped organizational structures are designed to hoard information, seriously hampering the sharing and correlation of information necessary in a crisis. Then there is the question of who’s in charge since all of the governmental, private sector and regulatory groups expect and demand influence.

Understanding complex technologies well enough to design effective strategies and policies is a major challenge. Add to this the fact that subtle interdependencies exist between CIs. These produce weak points that are often not apparent until the whole system is under stress.

Focus Resources
We must, therefore, focus resources where they will do the most good. The Internet, for instance, has about 100 critical nodes at its core – 13 root servers, 13 gTLD servers, 26 Network Access Points and about 50 top e-commerce sites.

So which is easier? Protecting the 650 million computers in the world, or hardening the 100 critical computers that control everything? Deny unauthorized access to these hubs and viruses and worms wouldn’t reach the critical mass necessary to become an epidemic.

In that sense, the Communications sector becomes the Keeper of the Gate. But the sector must work in close partnership with all the other CIs to prevent a cascading crisis that could rock everyone. Bell, for instance, runs constant surveillance and trend analyses. If there is any “pinging” that attacks are imminent, the company notifies all relevant parties immediately.

Unified Communications
First we must look internally for disgruntled employees with access to basic software systems. SCADA systems are so pervasive and so interconnected that a single worker motivated by a grudge can do more damage from his den than can a whole crew of terrorists running amok in an unguarded facility.

Just as the Communications sector has to harden its telecom hotels, other sectors must so secure their networks. We can’t just play “What If?” while waiting around for something to break or for someone to arrest. We must do “What’s Best” now, by hardening with unified cyber-security and communications those vital elements that are exposed to threats.

That has been at the heart of Bell’s approach to the 2010 Olympics in Vancouver as it addresses the challenge of securing a global sports event while ensuring participants feel relaxed and free.

With three billion people watching, the Games could become the ultimate terrorist prize, not to mention natural challenges such as the rock slide on the Sea to Sky Highway just seen this summer.

Bell’s strategy keys on Unified Communications – the immediate and complete integration of video and other sensory data. First Responders can be alerted immediately. Remote digital systems can greatly enhance rescue and recovery operations. Centralized control can also have dramatic impact on the outcome of crisis events. Redundant systems provide constant back-up, with layering of physical and electronic security adding fail-safe depth where it’s needed.

All this and more is essential for an event where all eyes will be on Canada.

Productive Collaboration
Regardless of the challenge, the first line of defence also becomes the first line of offence – a secure IP communications infrastructure. But success also requires the ­collective collaboration of all sorts of local, regional, provincial, federal, international, law enforcement, security, public safety, corporate, media and countless other players.

It’s about rising to the occasion, as we did in the blackout of 2003, coming together in a critical mass that produced the terrific amount of collective and effective collaboration necessary to respond effectively to that crisis.

What we need now – not just in Vancouver and Whistler but to protect all our Critical Infrastructures – is to rise to the occasion before the occasion arises. It just makes good business sense to do so. Studies show that a solid emergency preparedness program and public safety plan yields a return on investment of 400-700%.

It all starts with closer collaboration among the people charged with securing critical infrastructures. Together we need to create a roadmap that integrates security within the very design, not only of our own sectors but also at every point of contact with other CIs. That roadmap would emerge from an external audit that answers the right questions, such as:

  • Does your organization dedicate resources to security?
  • Is final responsibility for implementation of security placed at the executive level?
  • Are security policies implemented enterprise-wide, including supply and partner chains?

Such questions go on and on. But as we answer them together, we reach critical mass in the protection of our Critical Infrastructures and we move from a defensive “What If” attitude to a proactive “What’s Best” stance that ensures the profitability of our businesses while dramatically strengthening the security of our broader economy and communities.

Brian Phillips is Senior Security Consultant with Bell Canada in Calgary. This article is adapted from a presentation in Calgary to the 1st Annual Cyber Security Conference – Critical Infrastructure Protection for Energy and Communications – September 9, 2008.
© FrontLine Security 2008



The Challenge for Canadian Port Security & Policing
© 2008 FrontLine Security (Vol 3, No 4)

As identified by the Canada Council, competing ports in the U.S. have a much better foundation under which to work. American ports are publicly owned, and port officials are elected locally, therefore, port developments in the local public interest receive grants derived from local taxation. Alternatively, limited human and financial resources continue to present a significant disadvantage for Canadian ports.

Considering that much of the container cargo arriving at Canadian ports is destined for the U.S., we must remain competitive with their ports, particularly in terms of security. Let us examine the overall protection of ports. The phrase ‘protective services’ is widely used to define the three distinct components of security, law enforcement and emergency response.

A significant difference between Canadian seaports and those of other countries in the world is that Canada does not have dedicated port police employed directly by the ports as part of their protective services. The International Association of Airport and Seaport Police (IAASP) believes that dedicated port policing is the key to providing effective protective services to ports, particularly in cases of widespread crisis when local law enforcement and emergency services may not be available to respond.

Commerce vs Security
When discussing security for all ports, one must remember that there are two important competing priorities. In the first instance, the ports are responsible for the movement of cargo and passengers in the most cost-effective and expeditious manner. Security, on the other hand, does not attach the same value to the expeditious movement of passengers and cargo, otherwise security standards would be rendered largely ineffective. Any law enforcement activity that is likely to interfere with cargo or passenger flow is regarded by the industry as an encumbrance and an effective loss of revenue.

The following international situations clearly illustrate this common conflict of priorities:

Fiji has just announced that it will disband the 180 member security force at its ports. This has come as a result of pressure from the industry not to pay the cost of security which increases cost of imported merchandize. Under the previous system, one in five containers entering the ports of Fiji was underwent security scanning. The Fiji military has expressed concern about the national security risks of importation of illicit drugs and materiel to support terrorist activity. The industry, however, has discounted these criticisms, saying that the security risks to ports are low and that the cost of security is too high.

In the UK, the London Metropolitan Police, because of increased security threats at Heathrow Airport, spend 7 million pounds per year providing security of the airport. In one of the terminals, as many as four heavily-armed police officers patrol together when there are heightened security alerts. Heathrow airport is operated by a private company with profits going to shareholders. Some feel that the airport operator should therefore be made to pay for the increased security provided by the police rather than the tax paying public.

The British Association of Chiefs of Police has identified the same problem with other airports across the country and is now asking the government for a surcharge on all airline tickets for flights through UK airports to pay for the policing services.

As you can see, in ports there is a universal challenge of striking an acceptable balance between the expeditious movement of passengers and cargo and effective security and law enforcement.

In Canada, more thought must be given to who will pay for high alert port security that requires the presence of heavily armed police on site. What outside agreements, protocols and planning arrangements are in place when our ports are unable to protect themselves?

In times of crisis or increased threat, heightened security will be expected at seaports. If competing ports in the U.S. have a superior ‘protective services’, they will have a competitive advantage over Canadian ports if, and when, threats and exposures increase.

Under the previous nationally mandated ‘protective services programme’ the Ports Canada Police were responsible for the administration of the overall programme through Ports Canada in Ottawa, accountable directly to the Minister of Transport to maintain proper standards in national seaports.

In the mid 1990’s the Port Corporations and industry obtained autonomy for the ports and severance from the National Port System under Ports Canada. The premise was to make Canadian ports more competitive. Under the new Marine Act ports would be renamed as Port Authorities providing their own security and as a city and municipal tax payer entitled to call the local police when needed. The system works when there is peace and good order and there are no specific or serious threats or exposures relating to security, law enforcement or emergencies.

Dedicated port policing provides a much better and reliable service than outside police services, since the latter view the policing of ports as a temporary assignment and an extension of their own authority and jurisdiction. There is also a serious gap in coordinating with specialist port police agencies in other countries that have a greater mandate to support the industry. Another important matter, national security, must be taken into consideration when comparing Canadian ports to others.

Port authorities in the United States consider themselves part of the critical infrastructure to protect their country. The U.S., already targeted by acts of terrorism, has a heightened awareness of the need for the most effective security, law enforcement and business resumption programs in their ports. They often initiate security measures beyond mandated requirements. The U.S. and other ports promote their police and security as a marketing tool to demonstrate how they are safeguarding their ports and goods in the public and national interest.

Unfortunately, Canada has been criticized for complacency in some quarters, since it believes that it is immune to acts of terrorism that other countries around the world have been exposed to. The Canadian Senate Committee on National Security and Defence has been most vocal on this matter. Its valid recommendations continue to be ignored.

Challenge in the Pacific Rim
How do competing U.S. seaports on the Pacific Rim apply and market their protective programmes? We will examine the different infrastructures and how they could prove a competitive advantage against Canadian ports.

Port Metro Vancouver and Prince Rupert are in direct competition with U.S. ports on the west coast of North America. In policing, it is important to note that the U.S. Coast Guard, a para-military organization, performs many constabulary duties in policing these ports. All waterborne activity in the U.S. ports is under the authority and direction of the Captain of the Port, the senior officer of the U.S. Coast Guard. This is supplemented by police and naval marine patrols.

The Port of Seattle, Washington, is Vancouver’s closest U.S. competitor. Though smaller, the Port of Seattle has a dedicated port police department of around 140 personnel. Though they are also responsible for the airport (SeaTac), they share policing the shoreline (with a number of boats) in conjunction with the city of Seattle police and the U.S. Coast Guard. The department has specialist units such as investigations, marine patrols, maritime ERT teams (with heavy weapons), Crisis Negotiations Unit, Police Divers, K9 units, EOD unit, cruise ship detail, public relations, and school and community relations (crime prevention) programmes. The port’s dedicated security department also manages the ID and access control programs, and works closely with the port police. Seattle markets its police department as part of its corporate structure. Particular attention is paid to developing the growing holiday cruise industry, which continues to expand at the expense of Port Metro Vancouver. Before Holland America Cruise Line established its headquarters in Seattle, a review of the security and port policing was undertaken at the facilities there by the Rotterdam Port Police. Following a positive report, Seattle won the day.

The Port of Tacoma, Washington. Mainly a container port, Tacoma does not have a police department but employs a substantial number of security guards. The guards are all former police officers and are armed. The security department is, in practice, a private police force.

The Port of Long Beach, California, employs a security department as the Harbor Patrol. It consists of as many as 60 armed security guards. They undertake many responsibilities normally assigned to civilian port authority personnel. The Department works in conjunction with the Port of Los Angeles police department.

The Port of Los Angeles, California is the nation’s largest port in terms of container traffic. The port police department is in the process of 100% expansion of up to 200 sworn members, and has a new HQ and Training Academy. The Department has a number of specialized units including: investigations, intelligence, anti terror specialists, marine patrols, maritime ERT teams (with heavy weapons), Police Divers, K9 units, EOD Team, cruise ship detail, Missing Cargo investigations, public relations, crime prevention, security awareness and school programmes. The ports Chief of police is also the Director of Security responsible for the implementation of the ‘TWIC’ (Transportation Worker Identifica­tion Program) required by the Federal Government.

The Port of LA is attaching a priority to ‘rapid response to security breaches’ which are detected by the video camera system which is monitored 24/7. Response to all security breaches means a full record system by the police department and identification of suspicious or questionable individuals. They do not use TV monitoring systems simply as a “post facto” investigational aid. The recent expansion of the port police means that the department will become responsible for general security at the port focussing on container movements while the port authority continues to place more emphasis on seaport security. The marine enforcement unit is expanding with recently acquired maritime law enforcement responsibilities in conjunction with the U.S. Coast Guard.

The port police also head a joint law enforcement programme to deal with the problem of containers and cargos that are stolen or missing after leaving the port. Many arrests and recovered cargo seizures have taken place. The port of Los Angeles supports this joint law enforcement initiative since it does not want the reputation that goods shipped through them do not arrive at their destination intact.

Houston dockyards.

Risk and Exposures
While dealing only with the Pacific Rim, we should know that all U.S. Ports will continue to promote their law enforcement and security regimes. In contrast, Canadian ports rarely market the good work being done by present law enforcement and only occasionally mention their own security regimes. This is shortsighted, since sea cargo volumes into North America are diminishing in the current economic ­climate and competition for cargo will grow and security will continue if not increase as a key factor.

This, combined with the U.S. mandated increased security measures, over and above international recommendations, will add to the additional expenses of U.S. Ports. There have already been complaints voiced from senior U.S. Port officials that lesser standards of port security in Canada and Mexico encourage shippers to divert to non U.S. ports to avoid the more stringent security. Ships coming to U.S. ports are subject to sporadic pre-arrival boarding inspections by the U.S. Coast Guard that sometimes cause berthing delays of up to two hours. Representations have already been made to the U.S. Government and one can only speculate what initiatives could be implemented to increase the U.S. port market share, especially if Canadian port security becomes the focus of dispute.

Finally, one must wonder, with the recent growth in the illegal drugs trade, how vulnerable the Canadian seaports are to the infiltration of organised crime and the import of contraband. A recent intelligence report by the RCMP shows that gangs have significantly infiltrated Canada’s airports and are facilitating other illegal activities. What results would be garnered by a similar assessment of seaports?

The most efficient way for criminal organisations to import contraband into any country is by sea container. One reason is the movement of cargo is a priority for industry making it difficult or impossible at this point in time to examine all imported cargo. In addition, criminal investigations at seaports are much more complex than at border crossings and airports. Closer scrutiny, inspections and searches are expected. Detections rates are naturally higher as perpetrators can be more easily identified and liable to immediate arrest. Enforcement statistics are therefore much better by comparison.

We should not lose sight of the fact that drug importation through our seaports is still a serious problem. For example; the Ports Canada Police joint force drug team in the Port of Vancouver, prepared a report of the total street value drug seizures between 1987 and 1994. The targeted drugs were Heroin, Cocaine, Hashish, Hash Oil, Marijuana and Opium. The results revealed a total street value seizure figure of $1,192,952.000 over this period. This averages almost $150 million dollars per year in street value drug seizures by the combined force drug team. There is no reason to believe that this activity has diminished since that time and in fact indications are that it has increased.

Seaports are just as vulnerable to the export of contraband. Stolen automobiles remain a good source of revenue for organised crime in Canada. Bill C-343 and C-53 dealing with this matter should be re-introduced.

Canada should think more seriously about the protection of its ports. Our ports must not be tagged as venues where crime and corruption can flourish. More resources should be provided to address organised crime and potential acts of terrorism.

Why should the cost of port policing and the provision of more resources for law enforcement not be met out of port revenues as they are in competing ports in the U.S.? Let us hope that the 2010 Olympics do not highlight our inadequacies.

Mike Toddington is the Executive Director of the International Association of Airport and Seaport Police.
© FrontLine Security 2008



Information Sharing
Do Government and Critial Infrastructure Sectors Communicate?
© 2008 FrontLine Security (Vol 3, No 1)

In the Spring 2007 edition of FrontLine Security, I described the work underway to develop ­voluntary partnerships between those who own and operate our critical infrastructures and their U.S. and Canadian governments. These partnerships will help establish trusted ­mechanisms to share information between governments and the critical infrastructure (CI) sectors; information that is essential to address the threats and hazards that could disrupt the reliable delivery of basic services such as telecommunications, electricity, water, fuel, and natural gas.

In the United States, the partnership framework has been formally established since June 2006 by the Department of Homeland Security’s (DHS) National Infrastructure Protection Plan. Regular meetings take place between the CI sectors (see table below) and their U.S. ­government counterparts. Joint accomplishments were publicly presented at a July 2007 ­conference in Washington DC. In Canada, Public Safety Canada has held continuing consultations with the provinces on its National Strategy for Critical Infrastructure Protection.

There was some hope the Strategy would be adopted at the January 2008 meeting of the Federal/Provincial/Territorial ministers in Halifax. This did not occur, however, ­certain Provinces, with the support of some of the more proactive CI sectors, continue to encourage and pursue the development of critical infrastructure assurance programs.

Why Share Information?
The ability to share information quickly with the right people is an essential tool that is absolutely critical when responding to emergencies. In fact, it is our strongest defence against physical and cyber threats. If there is a clear picture of the threats we face, the CI sectors can describe to governments the actions they are taking, and the extent of any residual risks. Governments learn who they need to work with in the CI sectors, and develop ­confidence that the sectors can effectively respond to threats and incidents. The result: we are all forewarned, forearmed, and better able to help ensure secure, safe, and reliable critical infrastructure services.

Sharing Routine Information
Since 9/11, both the U.S. and Canadian governments have established some mechanisms to routinely share information with the CI sectors. Daily summaries of open-source material related to emergencies and security events are distributed by email, classified as For Official Use Only (FOUO). Both governments also issue declassified intelligence assessments on specific topics; these could be further enhanced by involving the CI sectors as reviewers to help ensure the information is relevant and actionable. In some instances, government agencies have sponsored industry representatives to obtain Secret level clearances, and periodic classified briefings are held. Although well intended, these briefings have limited value. Secret level briefings have rules; classified information cannot be distributed further within the CI sector, except to others with secret level ­clearances on a need-to-know basis, which inherently limits the usefulness for CI sector use.

These briefings have proved helpful in other ways, however, providing benefits that don’t necessarily require a level of secrecy. They provide a forum for government and industry representatives to meet, share and collaborate. They also provide an opportunity for the CI sector representatives to get to know each other and discuss issues of common interest, such as interdependencies. Such face-to-face conversations form the beginnings of the trusted relationships that are invaluable when responding to the next emergency or incident. It’s all about knowing whom to call during the early stages of an emergency, when it is too late to exchange business cards for the first time.

When Real Incidents Occur
During real incidents, the U.S. Depart­ment of Homeland Security is able to quickly reach the leadership of the CI sectors using its Executive Notification Service. This system provides a mechanism to convene a conference call quickly with the CI sectors to exchange information from credible sources, including government intelligence authorities. This process proved successful in 2007 during the U.K. car bomb plots in June, and the California wild fires in October. Perhaps not surprisingly, real events tend to focus attention on solving the right problems.

Security Threats – Real and Perceived
In contrast to the effective information exchange that occurs when actual events arise, sharing information appears to be most difficult when dealing with potential or real security threats. While the benefits of sharing this information seem obvious, for whatever reason, we have had limited experience or success so far. A recent example that eventually attracted intense media interest shows us that the challenges are formidable.

A Case Study: The “Aurora” Vulnerability
In 2006, a U.S. Department of Energy’s national laboratory began researching whether it was possible to disrupt the operation of the grid by remotely accessing the types of digital electronic devices used by the energy sector. The project was named “Aurora.” After months of research, the lab discovered a potential vulnerability and advised the Department of Homeland Security. The lab’s research and computer models indicated that, without proper cyber security protection in place, “hacker” actions could result in the disruption of an electric generator. In early 2007, the lab informed a few electricity industry representatives (that had Secret-level clearances) of their findings, and a field test in March demonstrated that physical disruption of a small generator was possible under the right circumstances.

The industry representatives had a ­different view of the potential threat. The need for cyber security was not new to the electricity industry; voluntary guidelines and standards had been in place since 2002, and more comprehensive standards were in the process of being implemented (enforced through sanctions and penalties for non-compliance). For all practical purposes, with the right protection in place, the vulnerability did not exist. Industry experts did agree that in order to prompt companies to take any necessary action, information describing this potential vulnerability needed to be shared more broadly across the industry than could be done by ­maintaining the Secret-level clearance.

To that end, DHS supported a briefing of the ­members of the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection Com­mit­tee in a closed-door session for members only.

Just the Right Information
Obviously, the details of the vulnerability and the specific “hacking” method and the technical details remain today a tightly guarded secret. But, individual electricity companies needed to understand the threat.

It was a struggle to decide what information needed to be shared, and the limits of its distribution. If all the information was classified, the industry would not have the access it needed to take the appropriate action. At first, the information dissemination did not involve an important third party – manufacturers of the digital devices that were subject to the potential threat. This was troubling to the electricity industry which knew the device manufacturers were in the best position to provide advice on how to secure their devices and develop necessary security enhancements. The electricity companies own and operate the generation, transmission and distribution facilities that make up the electricity grid, but they don’t design and manufacture the ­devices. Excluding the manufacturers precluded a key and knowledgeable resource addressing this risk, until they were finally brought into the picture in mid-2007.

Under the leadership of NERC, a small team of government and industry cyber security experts developed written guidance describing actions that owners and operators across North America could take to eliminate or mitigate this vulnerability.

Then came the hard part – addressing vulnerabilities meant sharing at least some of the details with a thousand electric utility companies across North America. It was one thing to share sensitive info with a small number of industry experts, quite another to spread it across an entire industry sector. However, enough detail needed to be shared so that companies would examine their own equipment and take action. Given the necessarily broad distribution, this ­guidance had to be written in a way that would conceal details that could further fuel the risk, yet still provide enough info to be helpful to the industry. This “ES-ISAC Advisory,” as it became known, was distributed widely to the industry on June 21, 2007.

At this stage, the ES-ISAC Advisory would soon become public, and the electricity sector agreed to refer any media enquiries to DHS officials. CNN interviewed a DHS Under Secretary, and broke the story on September 21st by also showing dramatic video footage of the March field test that destroyed the small generator. Well-intended efforts to limit the information to a “need to know” audience were incorrectly interpreted by some as being an attempt to conceal even greater threats.

The lack of clear and consistent information describing the vulnerability created a fog of misperceptions that frustrated both government and industry – now, it threatened to unnecessarily alarm the public.

Overcoming the Challenges
The Aurora experience has helped us identify the challenges associated with sharing information, but it’s certainly not the only example. At this point in the evolution of the government/private sector partnership, such challenges might seem insurmountable to some. While government agencies and the private sector may appear to have differing agendas, this is not the case. Both parties want and need to demonstrate leadership in addressing security and public safety issues. Both want to manage costs, and in doing so, and they must effectively assess the risk of potential or actual threats so that appropriate and preventive actions are taken.

Stuart Brindley is the Manager of Training and Emergency Preparedness at Ontario’s Independent Electricity System Operator, and past Chairman of the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection Committee.
© FrontLine Security 2008



CI: Risk Management Approach
© 2008 FrontLine Security (Vol 3, No 2)

Critical Infrastructure consists of those ­physical and information technology facilities, networks, services and assets which, if disrupted or  destroyed, would have a serious impact on the health, safety, security or economic well-being of Canadians or the effective functioning of government.  

The 1998 ice storm had a major impact on the functioning of critical infrastructure in Central Canada. (Photo: Hydro One)

An event caused by a natural or accidental hazard, or a deliberate threat that disrupts the availability or integrity of a portion of our CI, could degrade the functioning of Canada’s economic and government activities – with cascading effects throughout Canadian society. Recent events that have affected CI in ­central Canada include the 1998 ice storm and the 2003 power blackout.

The Government of Canada has grouped CI into the 10 Sectors, shown in Figure 1. Stakeholders for the 10 CI Sectors include all levels of government in Canada and the private sector. The private sector and non-government organizations control over 80 percent of Canadian CI. Disruption of CI does not respect organizations, sectors or borders, and a disruption of CI in Canada has the potential to affect CI in the United States and elsewhere.

Critical Infrastructure Protection (CIP) refers to ensuring the availability, integrity and confidentiality of the physical systems, cyber-networks and economic processes supporting our nation’s CI. The primary responsibility for protecting CI rests with its owners and operators. CIP is complicated by the interconnectedness, diversity, complexity and interdependencies of CI. Interconnectedness and interdependence, in particular, make CI sectors vulnerable to disruption or destruction. Because many CI sectors are dependent on the resilience of systems belonging to other CI sectors to maintain their functionality, a failure in one sector may have a significant impact on the ability of other sectors to perform their functions. For example, a disruption in the energy, communications or finance ­sectors could rapidly cascade through many other CI sectors, causing unexpected and increasingly more serious failures of essential services.

Corporate consolidation, industry rationalization, efficient business practices and the concentration of population in urban areas have exacerbated the immediacy of disruptions to CI. To complicate the challenges to CIP, over the past decade, the nation’s CI has become more dependent on common information technologies, including the Internet.

CIP Model and Risk Management
Because of the complexity of CI and its interdependencies, it is not possible to design a protection system that will completely and always protect all CI assets against every possible threat and hazard. Therefore, a CIP program must prioritize protective measures, so that safeguards are applied where they offer the most benefit for deterring threats, minimizing the effects of hazards, reducing vulnerabilities, and minimizing the consequences of disruptive events. This requires a risk management approach. Risk management involves a continuous, proactive and systematic process to understand, manage and communicate threats, vulnerabilities and risks.

A model has been developed to facilitate the risk management approach (see Figure 2). This model, similar to those used in other risk management domains, covers preparedness, prevention/mitigation, response and recovery, and follows the generally accepted risk management methodologies outlined below:

  • Mission and Business Objectives Analysis. CIP Planning begins with the conduct of an analysis to confirm the mission, objectives and purpose of the CI. The analysis is done under the direction of the facility’s senior management and must consider the actual mission and objectives of the organization.
  • Criticality Assessment. A criticality assessment is performed to identify and prioritize the structure and products of the organization, using a recognized methodology such as Network Analysis or the CARVER tool. In all cases, the criticality of CI is based on its support to mission-critical functions identified by the mission analysis. The criticality assessment must answer the questions: What must be protected? and What portions must be protected first? To identify the components of CI, critical paths must be followed, both from a cyber perspective, through its information systems, and through its business lines to determine nodes where safeguards must be established to protect the overall CI. Although tools exist to determine which assets are the most critical to accomplishing the mission, the final arbitrator in defining criticality remains senior management.
  • Threat Assessment. All threats and hazards to CI are considered in the threat assessment. Threats and hazards can be grouped as deliberate, natural, and accidental, and further re-grouped as internal or external to the CI provider. It is very difficult for a CI facility or sector to conduct an assessment of threats external to the facility or sector without the assistance of government security agencies. For this reason, the need to share information between the government and the private sector is critical.
  • Vulnerability Assessment. A vulnerability is an exploitable weakness in an asset. A vulnerability assessment determines the susceptibility of critical assets, so identified and prioritized by the criticality assessment, to disruption by threats and hazards identified by the threat assessment. Vulnerability assessments can be conducted using the facility’s personnel, external expertise, or a combined team.
  • Risk Assessment. The assessment of risk considers the impact (severity) and probability (likelihood) of a threat or hazard exploiting a vulnerability in a critical asset to disrupt the functioning of CI. For CIP, the impact of a threat agent or hazard exploiting a vulnerability takes precedence over its likelihood. There are a number of methodologies and tools available to assist management in assessing and prioritizing risk. Figure 3 is a simplified example of a risk assessment tool.
  • Risk Management. The risk assessment establishes the criteria for risk management decisions. This involves the commitment of resources within the purview of the senior management of the facility. Risk management decisions are made to address the highest risks, and may include establishing redundancy, building in resiliency and selecting safeguards, as well as the assumption of remaining (residual) risks by the authorities responsible for providing the CI. Safeguards are implemented to maintain the safe provision of services from the infrastructure and may include security measures, and emergency and business continuity plans. There is little room for traditional risk management in CIP – such as accepting a known risk that is assessed as unlikely to occur, but where the impact will be critical.
  • Incident Response. It is not possible to prevent all disruptive events to CI. In cases where resiliency, redundancy and safeguards have not been effective in preventing a disruption, effective response capabilities must be planned, coordinated, tested and maintained. In the event of a major disruption, much of the response may come from municipal, provincial and federal agencies. For that reason, the coordination function must be considered during emergency planning, exercised and not developed after a disruptive event has occurred.
  • Consequence Management. For CIP, consequence management includes the recovery and restoration of all critical facilities and services. Not all components of CI can be recovered or restored at once. Consequence management planning determines the priorities for recovery and restoration and ensures timely remediation in order to contribute to mission success and reassure the clients.

The results of risk management must not end with dusty reports and unused plans, and the resulting plans must be tested through exercises, which assess and recommend further improvements to CIP and clarify management roles and responsibility.

Critical Infrastructure Protection refers to ensuring the availability, integrity and confidentiality of physical systems, cyber-networks and economic processes supporting the nation’s CI. It is not possible to protect all CI assets against every possible threat or hazard, therefore a risk management approach is required. Canada cannot afford to ignore CIP, as Canada’s CI is vital to our economic vitality, way of life and national security.

Peter D. Johnston is a retired naval officer and is Vice President of both Lansdowne Technologies Incorporated and the Critical Infrastructure Institute of Canada.

Wayne L. Pickering is a retired army officer and an associate of Lansdowne Technologies.

The authors wish to acknowledge the assistance of Cdr A. Gale of the Canadian Forces in the development of this article.
© FrontLine Security 2008



Reflections of a Neophyte on Cyber Security
© 2008 FrontLine Security (Vol 3, No 3)

While preparing for this edition, I wanted to improve my own knowledge of cyber security. In my search, I discovered some rather interesting facts and some downright scary issues. As is usual in many matters related to security, I found the usual industry trick, which is to scare the customer, define the problem and sell your product to avoid it, and, eventually, improve upon this protection with even more costly technical fixes. As a neophyte, relying, as many, on conventional and well-known security programs, I wondered just how real and serious was this issue of the cyber threat and where I fit in neutralizing it.

To do this, I looked at some risk analysis authorities. The first was the Western Economic Forum Global Risks 2008 report. Within it were some startling issues such as looming food and health risks on the global scene. Additional issues appeared in the table of risks and impacts. The next authority that I examined was from the UK. I chose the UK because of the trying experiences to which they were subjected in recent years. I considered both of these sources pertinent to my quest about the seriousness of the cyber threat, and its estimated probability and consequence in the coming years. Information gleaned from these two sources was used to create Tables 1 and 2, below, to identify the seriousness of key risks.

More pertinently, in relation to electronic attacks, the UK report states:

“The risk and impact of electronic attacks on IT and communication systems varies greatly according to the particular sectors affected, and the source of the threat. Electronic attacks have the potential to export, modify or delete information or cause systems to fail.

“There is a known risk to commercially valuable and confidential information – in government and ­private sector systems – from a range of well-resourced and sophisticated attacks. Electronic attack may be used more widely by different groups or individuals with various motives.

“IT systems in government departments and various organizations, including elements of the national infrastructure have been and continue to be attacked to obtain the sensitive information they hold. Some of these attacks are well planned and well executed.”

This message indicates the real, ongoing, omnipresent and pervasive nature of the cyber threat.

The Cyber War
Among the many views relating to the “Cyber War”, I found that one by Dr. David Gewirtz expressed in an article entitled, The Coming Cyber War, published in the ­current issue of Counter Terrorism magazine, was the clearest and most interesting.

David Gewirtz, is ZATZ Editor-in-Chief, Cyber Terrorism Advisor to the International Association for Counter-terrorism and Security Profes­sionals, and a columnist for The Journal of Counterterrorism and Homeland Security International. I contacted him, and we shared some concerns.

Dr. Gewirtz’ s position is that “when it comes to a future cyber War, the issue is no longer if it will happen. Instead the concern is when it will happen, how bad it will be, and how many attacks we’ll have to withstand.” He goes on to point out that unlike traditional war, which he describes as “a bullet to the chest,” he considers that cyber war resembles a “cancer… just as dangerous and deadly, but far more torturous over the long term. And like cancer, we’ve yet to find a cure for cyber war.”

Attacks have already occurred, or at least they have been credibly reported to have occurred. Gewirtz points out that in May, the National Journal reported on a ­suspected Chinese cyberstrike when a “9,300-square-mile area, touching Michi­gan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected.” There are, of course, the reported past attacks on Estonia as well as more recent reports of alleged cyber strikes against Georgia.

Dr. Gewirtz recognizes that without concrete evidence, such as hard drive dumps that he could examine, he could not corroborate these himself. Yet, like the need in more classical past wars to destroy the enemy’s command and control capabilities, it is quite reasonable to assume that some action would have been taken to neutralize web based communications – at least in the Georgian case. Both the technology and resources existed to meet this need by ­distributed denial of service (DDoS).

He is quick to point out that this war is not restricted to the classic clash of nation states. Take the case of collateral damage, for example: A DDoS attack was directed over the Memorial Day weekend and was aimed at a small Internet video broadcaster named Revision3. “They were attacked – a full, ­premeditated, no-holds-barred attack – by a company called MediaDefender.” MediaDefender’s clients have included Sony, Universal Music, and industry groups for both music and movies. Why did this happen? Dr. Gewirtz explains that Revision3 distributes legitimate programming through a legitimate network called BitTorrent. However, BitTorrent is also used to ­distribute pirated movies and music. MediaDefender, he says, has made it their business to initiate terrorist-like denial of service attacks against BitTorrent users. “A few more attacks like this,” says Gewirtz, “and Revision3 is out of business, with 20 or so families losing employment”

How powerful and how difficult are cyber attacks to deliver? In 2005, three young Dutch men aged 19 to 27 created what is described as a “botnet to steal identities from an American firm that resulted in them linking 1.5 million computers, all working in tandem, to attack U.S. Systems and computers.” They managed, says Gewirtz, to produce a “network with a computational capacity at least five times greater than any supercomputer on the planet.”

Cyber Defence
How do we protect ourselves, our companies and governments from this threat? Dr. Gewirtz wants us to realize just how much information we have now and how much our continuing use of the net for everything from toasters to home security systems makes us and our institutions vulnerable. For instance, the security guard of yore that had himself handcuffed to his briefcase vice today’s security guard who lost a memory stick with the whole of a ­terrorist investigation data… or the company employee who lost his Blackberry or cell phone. “Cyber defence like homeland defence really does begin at home with heightened awareness. Awareness that the portability of information increases risk and these things will happen. We must be prepared to mitigate and minimize the effects of these inevitable occurrences.”

What are the dangers and the impacts of losing such information? For instance, much of our infrastructure is monitored by Supervisory Control and Data Acquisition (SCADA) and “sometimes technical vulnerabilities are designed into these systems for convenience – such as open web-based maintenance verification systems. Some of these could be attacked, and technical solutions will not solve these issues,” asserts Gewirtz. “Stupidity will sometimes negate the most sophisticated security codes, or the effort of a normal-sized state will allow it to be broken. Business continuity contingencies must be in place before these inevitable failings occur outside our front door.”

Standards and Testing
Pursuing this further, I spoke with Lysa Myers who was recently named to West Coast Labs as director of research.

Myers spent 10 years working in the Avert Group at McAfee Security, during which time she wrote for the Avert blog and Sage magazine, among others. She also ­provided training demonstrations to new researchers within McAfee along with other groups such as the Department of Defence, and McAfee Technical Support and Anti-Spyware teams. West Coast Labs is more than a ‘testing house,’ its services help vendors validate functionality and ­performance of security products, while arming corporate end users with the data they need to make smart purchasing ­decisions.

In speaking with her, I determined that her expertise in this realm was both broad and practical. She describes the growing cyber environment as being an increasingly more mobile and web-based framework of information and communication. There would be, in both industry and government, a continually increasing need to protect data and information as well as access to the protected technical resources that house this information and communication capacity.

In dealing with the loss of information or communicating power, Lysa stresses that malicious attacks from various sources, be they commercial competitors, nation states, criminal organizations, terrorists or just hackers of all nature, will all contain and use the latest technology. She explains that all information theft is essentially for a profit motive of some form or another and that employees, and all citizens more broadly, need to be aware of the risks and probabilities of their information being attacked, stolen or destroyed.

This is not to scare people away from the use of technology but rather to instill in all of us, in our daily and business lives, the need for recognition of risks and the development of proper risk management in our constant and more mobile use of web-based information devices.

Lysa deals largely and foremost with businesses of all sizes and insists that the provision and design of cyber security move away from a “fear-uncertainty-doubt mode” to a more Risk Analysis and Return on Investment business-like framework.

Individuals and companies should know the value of their information and the cost to the company of its loss to theft or destruction. Think of the loss from a bank of all the credit card info of selected customers? Companies should then plan to spend what is necessary to protect that value, within reasonable risk parameters, to mitigate the damage if lost.

On the matter of cyber security standards, the evolution of technology is such that specific standards are often behind the development of new threats. On the other hand, the early adopter of new technology is often at risk of untested equipment or software, and unforeseen results. Therefore it is becoming more prevalent that lab testing by third parties for cyber security may, and often does lead, to tailored and more effective up to date security.

How often do we take our laptop home or elsewhere with important company or personal data on it? Do we open it in a location that is insecure, thereby opening up the possibility of attracting malware, trojans, or allowing a botnet to install itself and then defeat the company or personal firewall? What contingencies do we have when, not if, this occurs? When we plug our innocent laptop in at the office, are we aware of our security breaches… how about with our blackberry or cell phone?

No one can be completely invulnerable to cyber attacks. One can, however, mitigate both the occurrence and the results of these by good knowledge and responsible corporate habits. Attacks will occur… when there is a profit to be made, an attack will be attempted. The unknowns are who, what and where. Be responsible.

I trust that you feel a bit more at ease and knowledgeable and a little less of a neophyte about the need and challenges of cyber security. Good Lucccccck.

Clive Addy, the Executive Editor of FrontLine Security magazine, is the founding Chair of the National Security Group.
© FrontLine Security 2008



Better Border Security
© 2008 FrontLine Security (Vol 3, No 4)

Our common border with the United States stretches across 8,893 kilometers (5,526 miles) of land and three oceans. According to Gov­ernment of Canada statistics, the annual two-way trade in goods and services between Canada and the U.S. in 2007 was worth over C$576 billion. Clearly, border security is a vital component of our ­economic security.

At the turn of the last century, Ahmed Ressam, the potential millennium bomber nurtured in Montreal, was serendipitously arrested in Washington State, after leaving by ferry from Vancouver, by a professionally inquisitive US Customs and Border agent. On 4 December of this year, his sentence of 22 years was reconfirmed and, it is believed, will again be appealed by the state as too lenient.

This major millennium threat to Los Angeles was luckily averted, but Ressam’s own links to the subsequent tragic events of 9/11, and the results of the inadequacies identified by the U.S. Commission of Inquiry into ­intelligence and security failings led to the 17 Dec 2004 passage by the US Congress of the Intelligence Reform and Terrorism Prevention Act. This, in turn, set in motion a series of ongoing discussions and actions about the measures the U.S. should take along its border with Canada. This may still be impacting the economic, political and security relationship with our most powerful trading partner during this time of immediate economic challenge.

The Mood
Since 2005, there has been a rush by some to build a material wall across our common border. For example, in 2006, Congresswoman Candice Miller of Michigan, not ­unjustifiably, demanded such a structure since “every day, smugglers are bringing drugs, people and ­contraband across our northern border, which is met with little or no resistance… Terror cells have been rounded up in Toronto [referring to the 18], which is literally a three-hour drive from my District.” In Canada there were, and continue to be, a number of editorials espousing a naïve position of laissez-faire by some commentators who feel that this will pass, and that all evil comes from the United States. The truth resides, unsurprisingly, between these two poles.

The original imposition of some of the draconian measures of the Western Hemisphere Travel Initiative (WHTI) policy caught the attention of the Canadian government, and Deputy Prime Minister John Manley was dispatched (prior to 2005) to work on commonly agreed measures and timings for their implementation. Within the Security and Prosperity Partnership that followed this and other talks (through the maturing of the new Public Safety Department in Canada and the subsequent creation of the Canadian Border Services Agency, to the very pertinent studies ­conducted by both the Parliamentary and Senate Security committees), Canadian efforts to arrive at smarter border security have slowly evolved and continue to do so. (See article by Ron Moran in this issue).

The Mutual Prosperity Case
In March 2006, at an address to the 101st meeting of the American Society of International Law, Canada’s Ambassador to the U.S., the Honorable Michael Wilson, underlined the importance of our mutual trade better than most when he stated:

“Let me give you some numbers. From 1993 to 2005, trade among the NAFTA partners grew an astonishing 173%, from $297 billion to $810 billion. Services trade has increased, and so has investment.

“By 2005, foreign direct investment by NAFTA partners in the NAFTA region had reached close to $539 billion, almost four times the $136 billion figure registered in 1993. The Canada-U.S. trade relationship is characterized by a remarkable level of both volume and integration.

“Each year, there are over 70 million cross-border visits.

“Every day, $1.6 billion in commercial transactions cross the joint border. That is over $1 million every minute.

“Over 70% of Canada-U.S. trade is transported via truck, one of which crosses the northern border every 1.5 seconds.

“We sell goods and services to each other, but more and more we make things together. More than one-third of our trade is comprised of intra-company shipments.

“In addition, auto parts, plastics, equipment, and machinery figure among the top ten bilateral exports for both Canada and the United States. This trade in intermediate products feeds into the North American manufacturing process and supply chains. Clearly, our economies enjoy a very high degree of integration.

“The inevitable conclusion of all this,” he said, “is that the management of our joint border is an extremely important ­element of the Canada-U.S. trade and investment relationship. This must be maintained carefully. It is absolutely essential that the proper balance be achieved between economic and security objectives, between legitimate and illegitimate travel, between our joint border as a gateway and a checkpoint.” Ambassador Wilson also pointed out, however, some of the actions that must be undertaken and still need to be followed closely today.

First, the cost of delays. Notwith­standing excellent programs such as FAST, NEXUS and CPAT, measures must continue to minimize the costs of delays for ‘just in time’ delivery to integrated networks such as the auto industry:

“Auto industry analysts note that the industry’s standard practice is to manage a border crossing with a 20-30 minute window,” said Wilson. “One can get a ­fascinating insight into the effect on inventory and carrying costs from delayed cross-border shipments. Every additional hour of inventory to cover the risk of shipment disruptions of Canadian parts to U.S. plants costs $432,000, and for U.S. parts flowing into Canada the impact of delays equates to $800,000 per hour of inventory charges. This could easily add up to millions in additional annual costs that industry should not have to bear, given the hyper-competitiveness within the auto sector.”

Add to this, the current economic fragility of these very industries and the case becomes ever more compelling!

Verification of a marine container by a CBSA officer at dockside.

Delays are not the only cost; improvements must be made in other areas of border procedure. To set the scene again from Ambassador Wilson’s perspective:

“If our industries have made the investments to reduce the need for intrusive inspections and delays at the border, then we must take a hard look at the myriad of government border inspection fees for which they remain liable, let alone new fees under consideration. To name a few:

  • merchandise processing fees on the cargo value;
  • COBRA fees on the truck, rail carrier, marine vessels;
  • harbor maintenance fees (HMF) on marine cargo; and
  • the proposed APHIS (Animal Plant Health Inspection Service) fee that would be collected on every carrier crossing the border, whether it be a truck carrying auto parts or a railcar loaded with bauxite.

“There are many other fees,” explained Wilson, “but these four alone exceed the tariff reduction benefits of the NAFTA. Individually, they do not present an onerous burden but collectively, and in aggregate, the numbers are huge. According to the U.S. Customs and Border Patrol (CBP), COBRA fee collections have increased by over $50 million from 2003-2006. HMF fees have increased by nearly $550 million in that same time period. There is now a surplus in that fund to the tune of $3.3 billion! Yes, billion. The proposed APHIS fee to be collected along our border is anticipated to cost the air industry in the first year alone $55 million, $8 million to the rail industry and $17 million to U.S. and Cana­dian trucking firms. This is an $80 million tax on border users in the first year alone!”

Add to this the estimated loss of $800 million in the tourism industry alone along our mutual border, according to Canadian/American Border Trade Alliance. American CEO, Jim Phillips, repeated clearly (and often) in both 2006 and 2007 at the Pacific Northwest Economic Summits that “WHTI is going to be disastrous if done wrong, but if it is done right it could be beneficial to trade.” He stressed that it must address security “in a manner which actually promotes the seamless movement of goods across North America.”

The Public Safety Case
Canada and the U.S. share a common economic challenge that is amplified greatly by the current recession, but we must not forget that we also have a major crime problem along our mutual border – and that it travels both ways. Consequently, to stop such nefarious profit on either side, better and smoother coordination of intelligence-led international cooperation of border police authorities and facilities is vital.

It was reported that “almost 5.5 million pills of ecstasy were seized in the states ­bordering Canada in 2006 (the most recent year for which full statistics are available). This is an almost tenfold increase since 2003. “They drive them in; they bring them in by boat and by plane; they bring them across by people just ­carrying them across their back much like the southwest border,” says Ed Duffy, ­assistant special agent in charge for the U.S. Drug Enforcement Administration’s northern region.

The coordination of intelligence-led and effective collective policing of such crimes is improving, as exemplified by the following three recent examples. However, as the size and frequency of these seizures attest, Canada is in urgent need of a border policy and better material support.

On 18 Dec 2008, the Greater Toronto Area Combined Forces Special Enforcement Unit (CFSEU), with members from several law enforcement agencies (RCMP, Toronto Police Service, Peel Regional Police Service, Ontario Provincial Police, York Regional Police Service, Durham Regional Police Service and Canada Border Services Agency), arrested four Ontario individuals on Extradition Act warrants as a result of a lengthy international drug exportation investigation that lead to drug related charges by the U.S. Drug Enforcement Agency (DEA) in Los Angeles, California. This created another dent in the criminal network that began with a series of over 20 other arrests of major Asian gangsters since early 2007.

On 23 Dec 2008, the Canada Border Services Agency (CBSA) announced that its officers at the Pacific Highway Com­mercial border crossing seized 121 kilos of cocaine with an estimated street value of $16,248,750, as well as US$22,000 cash. These seizures continue. Cooperative and more effective systems are re­quired to curtail trafficking. That same day, in the Port of Saint John, New Brunswick, CBSA officers seized about 276 kilograms of cocaine (an estimated street value of CAN$40 million). This is the largest drug seizure by the CBSA in that province. Officers had discovered the drugs on 11 Dec 2008 while searching a marine container that originated in Guyana. The shipment was targeted for examination as a result of intelligence gathering and information sharing among law enforcement agencies. With the assistance of x-ray technology and a detector dog, CBSA officers found 1,653 packages of ­suspected cocaine in 551 cardboard boxes.

Many superb examples of Canada/U.S. cross-border cooperation ­initiatives could be sighted as models for the way ahead, but one in particular bears mention.

In July 2008, the Pacific Northwest Economic Region (PNWER) held its 18th Annual Summit in Vancouver, British Columbia. Government and private sector leaders from all levels called for urgent action to improve Canada-U.S. border security before the region hosts the 2010 Winter Olympic and Paralympic Games. PNWER endorsed ­specific recommendations by the U.S. and Canadian Chambers of Commerce on reducing border costs while strengthening security, as put forward in their February 2008 report Finding the Balance: Reducing Border Costs While Strengthening Security. It proposed an increased outreach and expansion of frequent border crossing programs, such as the BC enhanced drivers’ license program, to improve security by focusing resources on higher-risk traffic.

In addition, the conference recognized that more major urban centers are experiencing greater impacts to critical infrastructures through weather and rapid aging of existing systems. These also cause delay and expense in border areas. Major investment in repair and adaptation to climate and operational change are required.

Another key area where progress should be made to face the immediate ­economic challenges ahead, was heralded in the 2006 closing statement in Cancun Mexico by the leaders of the three Security and Prosperity Partnership countries:

“Our vision is to have a border strategy that results in the fast, efficient and secure movement of low-risk trade and travelers to and within North America, while protecting us from threats including terrorism. In implementing this strategy, we encourage innovative risk-based approaches to improving security and facilitating trade and travel. These include close coordination on infrastructure investments and vulnerability assessments, screening and processing of travelers, baggage and cargo, a single integrated North American trusted traveler program, and swift law enforcement responses to threats posed by criminals or terrorists, including advancing a trilateral network for the protection of judges and officers.”

This call, two years ago, is far more urgent now, as these nations prepare to spend billions to save just the auto industry that is so much a part of our common trade.

I will also quote two interesting recommendations from the excellent Senate Committee Report on Borders of March 2007 in relation to border security:

“Border crossings are ideal locations to put a damper on criminal activities. For a government clearly advocating stronger measures to assure law and order in Canadian society, border crossings should be ideal places to make ­relatively small investments and receive a significant return.

“Negotiate property swaps with the U.S. government so that Canadian and U.S. border officers can pre-clear persons and vehicles entering their country before they cross a bridge or enter a tunnel (to prevent would-be terrorists from damaging crossing structures vital to each country’s security and economic well-being).”

Funding initiatives that make our borders more efficient and secure will indeed prove a worthwhile and effective stimulus to our economy and quickly render our products more competitive internationally. This is a very practical and remunerative one of many urgent initiatives that the federal and other governments must consider. There are others, of course, but confidence grows as one is selected, built and achieved. Let’s get things done!

Clive Addy, the Executive Editor of FrontLine Security magazine, is the founding Chair of the National Security Group.
© FrontLine Security 2008



Proactive Cyber Defence
© 2008 FrontLine Security (Vol 3, No 1)

Proactive Cyber Defence doctrine compels an ­enterprise to act by interdicting and disrupting an attack preemptively in self-defence to oppose an attack against their computer infrastructure.

The Perfect Storm is developing in cyberspace. The maelstrom has already hit landfall on the outermost reaches of the critical information infrastructures. The Canadian national ­information infrastructure is now decisively engaged in a cyber-war; the telecommunications and financial sectors are fighting on the front lines against trans-national crime and state-sponsored campaigns. The only effective national defence strategy is a proactive one.

Let’s talk about numbers: the national proactive cyber defensive matrix interdicts and disrupts over one-trillion inbound attacks per year in a pre-emptive fashion. That is 125 million attacks per hour inbound at 1 billion km/hr! Cyberspace is so toxic at its outer limits that any computer placed at the source would be instantaneously possessed and rendered useless or a threat.

Anonymously they lurk, interconnected by virtual networks; spying, compromising and exploiting. They can attack and withdraw back into the darkness at the speed of light. “They” are the hackers and crackers, telecommunications phreakers, precocious script kiddies, corporate espionage programs, cyber-terrorists, spies, competing nations and sophisticated trans-national organized criminal syndicates engaged in multibillion dollar heists.

Public and private sector executives in Canada are being targeted by organized crime and hostile intelligence agencies using spear phishing tactics, and consumers are being robbed of their identities. Then, just when you think you have identified the threat agent and understand the tradecraft, your organization is blind-sided by the actions of an insider with access to your most sensitive computer files, and a penchant for trouble. No system or organization is safe. If a chartered bank or a nuclear weapons lab can be hacked, where does that leave you?

People attribute sluggish computer networks or outages to chance, when the cause is most always deliberate.

In this age, the mouse has proved mightier than the missile in its ability to deliver multiple nuclear payloads, launched from Russia and China, incarnated by robot networks (botnets). The strikes rain onto Canada relentlessly; inflicting 1.5 million casualties daily and the laying waste to ­portions of our infrastructures. Deconta­min­ating the fall-out from one of these cyber bombs that hit your organization is a costly affair. The annual cost of foreign-launched cyber-attacks against Canada ­currently rivals our entire defence budget.

What if the current proactive defence matrix crashed? Simulations and models were run based on real threats and the prognosis is not good. The modeling predicts that a cyber maelstrom, beyond most organizations’ comprehension, released in the morning, would cascade through critical infra­structures, along risk conductors and interdependency vectors. Those most reliant on telecommunications would be affected first, and they would propagate ruinous effects to other sectors. The ­catastrophic impacts would ricochet throughout the fabric of the economy at velocities faster than a human’s ability to intercede. The government would fail in the first few minutes, financial markets and energy grids would collapse by noon and the remainder of sectors would see the end of business by early afternoon. Look no further than Estonia for a poignant recent example.

Ironically, most organizations have invested heavily in treating the symptoms and not the cause. Words like ‘react’, ‘respond’, ‘recover’, and ‘restore’ are expensive and ineffective alone. Recall that “an ounce of prevention is worth a pound of cure.”

Predicting and interdicting an attack before it occurs, provides far more and better options at lower cost, than detecting and reacting to an impact. Prior to every major cyber security incident in Canada there have been early warning signs and opportunities to act, however they have ended up costing Canadians billions owing to the subsequent measurable impacts.

“Preventing a threat event before it happens” is much more difficult. Scenes from the movie, Minority Report come to mind, where the ‘precogs’ foresee incidents and events with enough lead-time for authorities to intervene. The disturbing ramifications are that people are punished for crimes that they did not yet commit. Similarly, the ubiquitous surveillance in George Orwell’s 1984 is unnerving in this day and age, when it is engineeringly possible to intercept all communications all the time and install cameras everywhere to watch everyone.

No one is suggesting that we employ such intrusive surveillance – nor are we ­advocating, you will be happy to know, pre-cognitive enforcement and punishment.

What is promoted, is intelligence-led proactive defence that interdicts, disrupts, pre-empts and thus prevents emerging threat intent. Not only is this possible, but it is necessary today.

So how do we begin to act, rather than react, to emerging threats?

First we must acquire accurate intelligence upon which scarce resources can be deployed most efficiently against developing threat-vectors. Such situational awareness is developed from sciences, technological forecasting, social trending, environmental scanning, threat analysis and modeling. We need to take a serious look at the evolving world in which we live, and understand that the threat agent is subjected to the same trends as we are.

Deliberate threat agents adopt new technologies early. Consider the early and rapid spread of cell-phones and pager use among the youth. This was a strong ­indicator of the resulting illicit activities by that demographic.

The common trend is that criminals will own a technology legitimately, then use it to facilitate crime, and finally exploit the technology itself. By understanding the effect of introducing disruptive-technologies into society, and envisioning their ­criminalization, one can effectively predict the early development of a threat. Such accurate strategic forecasting buys police time and precision.

But how does one establish means, motives and marks in a target-rich and threat-heavy situation? Risk assessments that integrate the source and means of the threat (“threat-from”) and the recipient target of this threat (“threat to”) play a crucial role in ­’precognition.’ “Threat-vectors” can be established from source to recipient with greater degrees of certainly.

When John Dillinger was asked why he robbed banks, he answered “that is where the money is.” Often authorities are too busy chasing the bad guys, when guarding the cyber-gold could save a lot of time and money. This seemingly trivial analogy nevertheless clearly underlines the merit of a “threat to” risk analysis.

The “threats-to” approach begins by identifying potential targets of the threat; the intrinsic vulnerabilities of the asset and its potential exposure to these threats. It is complementary to a “threats-from” analysis and has the advantage of being a more selective examination of threats based upon a given target system.

The disadvantage of a “threats-to” approach is that it is reactionary and provides little warning of threat activities, intentions or trends. Nonetheless, if John Dillinger was robbing today, he would exploit cyberspace, because that is where the money is. Today, all money crime has a direct or ­indirect connection to cyberspace. Illicit micro-banking transactions are more likely to occur in a virtual gaming environment than on a street corner. Authorities need to be just as street-smart in cyberspace as they are on the traditional beat.

Threat events and agents can be examined without immediately linking them to an incident or victim. It is common practice for security and intelligence services to gather information on potential groups that have demonstrated potential to precipitate an attack. This analysis is useful from a security preparedness point-of-view, and to focus investigative efforts to head-off an incident. The analysis involves examining motives, means and methods of a threat agent surrounding a potential threat event. A “threats-from” analysis is performed from within the threat milieu as a proactive step to mitigate the risk by addressing the threat directly. The disadvantage of a “threats-from” approach is its focus on traditional threats-agents-events at the expense of emerging threats and new trends in targets.

A vector is a measurement of direction and magnitude. Direction requires both a start and end point. There is often a gap in the intelligence coverage linking “threats-to” and “threats-from” evidence – but a good investigator needs to connect the dots to deduce a threat vector.

Understanding the world of threat-agents is also important when forming a predictive analysis. A “risk-to” or “vulnerability weighted” perspective to threat analysis suggests static protective safeguards to mitigate perceived exposures. “Threats from” has a more significant bearing on the “predictive” risk analysis in contrast to the “historical or empirical testing.” It is a better indicator of what detection and response mechanisms should be added.

Risk assessments that do not examine threat agents and their victims cannot be predictive or proactive. They present but a snapshot in time. Without accurate threat agent information, an assessment cannot determine the magnitude of exposures particularly in this dynamic threat environment.

There is interdependency between a threat and its victim. Two entities are known to be interdependent when they exchange or share: goods, services, communications or geographic proximity. The interesting prospect is that all these metrics are measurable, and, if we can model it, then we can predict it. You have heard the aphorism “follow the money,” well, consider that, these days, the phenomenon of convergence converts paper cash into electronic funds transfers and places it over the Internet along-side communications. Monetary, communications and geospatial metrics lend themselves well to surveillance technologies. This allows authorities to regain the advantage over evolving cyber threats.

It is impractical to uniformly implement security safeguards and exercise all scenarios across large and complex systems at the highest levels. This is particularly pertinent when countering trans-national criminal organizations or state-sponsored information warfare. This would raise the business risk associated with the ­programme to unacceptable levels.

But these sciences are still reactive, albeit faster, to the threat’s intentions, and do little to shape a threat’s behaviour. What can authorities do to interdict, disrupt and pre-empt widespread identify theft, banking fraud, espionage and attacks against critical infrastructures when they are perpetrated by networks of robot-armies controlled by organized crime syndicates operating abroad with the duplicity of foreign states?

Home-grown terrorism, domestic extremism and radicalization of our youth manifest themselves over time on the Internet in manipulative relationships with undesirables. The only message that is being heard is that of the militants. Authorities are often called upon when things have gone dangerously wrong and the only option left is arrest. Early detection of burgeoning threat activities is required. The authorities must first understand the Internet-based landscape. Secondly, a strong communications and marketing plan can be used to counteract the toxic messaging to the victims. Thirdly, influence operations should be considered to shape the behaviour of the threat and the target.

We must be willing to conduct proactive, pre-emptive operations (P2O) in Cyberspace to shape behaviours and avert the development of malicious intent. Enforcement, when required as a final solution, will need to be global and coordinated across critical sectors and boundaries.

If one enters the proactive defence game, one should understand that it has a rich narrative upon which one’s enterprise can capitalize. From 500BC, proactive defence developed as a strategy, coming into the cyber hype-cycle peak of enlightenment in 1994 and reaching a highly mature cyber capability by 2005. Yet, there still exists great disparity in Canada between sectors that possess an indigenous capability of mature proactive cyber defence programmes and those that do not.

Establishing a common operating picture is central to the matter of discussing and deciding upon a proactive cyber defence strategy across Canadian critical infrastructures.

Neither technology nor costs have been the principal impediments to successful proactive cyber defence programmes thus far. The major challenges to a proactive national defence strategy appear to have been: a lack of an organizational behaviour model; mission ambiguity; legal and privacy speculation; and, perceived information sharing concerns.

The roll-out of commercial proactive defence capabilities, products, services and intelligence by the private sector has been further delayed by: intellectual property protection; cost recovery; and a nascent market demand.

A model enterprise proactive cyber defence strategy would likely include: level setting on the proactive cyber defence spectrum; establishing a governance structure that recognizes the autonomy of sectors while promoting collaboration; clarifying mandates, resolving legal and privacy issues in the context of proactive defence; promulgating explicit standards and technical guidelines; promoting existing programs; building proactive cyber defence into existing shared environments; and forming information sharing mechanisms within the larger community.

Meanwhile, proactive cyber defence initiatives will be taken unilaterally or through multiple exchanges where organizational missions and interests intersect. These programs may eventually reach a critical mass which would dominate and dictate the conduct of proactive cyber operations in the future. Ergo, join early.

David McMahon is a computer engineer from the Royal Military College of Canada. He spent 25 years with the military intelli­gence and security community in the public and private sectors. David was a founding member of the interdepart­mental committee on Information Warfare. He is a published author on the subject of the Cyberthreat, the Olympic threat risk assessment, critical infrastructure protection and proactive cyber defence. A former National Biathlon champion, Dave is currently the National Security Advisor for Bell Canada.
© FrontLine Security 2008



Designing Mass Transit Security
© 2008 FrontLine Security (Vol 3, No 2)

Across Canada, mass transit ­systems are the lifeblood of our cities, with ever-increasing numbers of commuters using them daily. They are also vulnerable to a variety of natural and man-made disasters – ranging from floods, fires and earthquakes, to terrorist attacks. To guard against widespread disruption, as well as to mitigate the effects of disasters when they strike, requires a well-designed and resilient Command and Control system. This article presents the basic security ­principles used in designing or renovating command and control (C2) systems for mass transit. Recent experience with such a project, involving the Montréal subway Le Métro, will illustrate these principles.

The detailed work involved in designing and building C2 systems for mass transit is covered in a number of excellent codes and standards, issued by both NFPA (NFPA 130, for example) and our own Canadian Standards Association. However, it is very useful to go “back to the basics” when looking at the C2 challenges of something as complex as a mass transit system. Five security ­principles are offered as guidelines in this case:

  • Design redundancy in systems.
  • Separate Main from Alternate Control Centres.
  • Layer security, both physical and electronic.
  • Provide timely “Situational Awareness.”
  • Design capacity for growth or enhancement to face additional threats.

Redundant Systems
Redundant systems ensure that continuity of service is common in many fields of endeavour – from NASA to power grids. In the case of command and control of mass transit, redundancy is achieved both by using a number of alternate means of communication and by ensuring that there are multiple paths for each of these communication channels. For example, Le Métro in Montréal uses both underground radio and telephone systems for voice communication between stations and its two control centres. Each of these systems can act as a back-up for the other, should there be a system-wide failure in either. There is also provision for re-routing within both systems if only a portion of the network is damaged. This ensures that no disruption occurs in voice communication between stations and control centres in the event of an emergency. In the highly unlikely circumstance that both telephone and radio are knocked out, there remains a separate Public Address system in all stations, and both command centres, that can be used to communicate with passengers and staff.

A similar approach was taken for data transmission. As shown in Figure 1, double linkages to each of the control centres effectively provide a total of four parallel paths for information flow. Should one of the two control centres be knocked out, two ways remain for data to be transmitted across the system.

Separate Control Centres
Clearly, both the main and back-up control centre should be fully equipped to handle all daily transit operations as well as emergency response. It is also vital to have enough geographical separation between the two such that an attack or other disaster will not shut down both centres at the same time. Exactly how far apart the two centres should be is of course dependant on the local situation, but a good way to determine this distance is to analyze the effects of a variety of events such as bomb blasts, gas main leaks, fires, and floods on one of the control centres. Once the radius of these effects is calculated, a safe location for the other control centre can be determined.

Layering of Security
This aspect of mass transit security deals primarily with the threat of terrorist or criminal attack rather than a catastrophic natural event. Successful protection of a mass transit system must include both physical and cyber security, since modern transit operations are regulated electronically.

Whether physical or electronic, the concept of layered protection applies: there must be a number of lines of defense around key assets.

Electronically, a combination of password protection, encryption, firewalls and network intrusion detection systems should be used to complicate life for anyone attempting a cyber attack. The principle is to closely guard any access to the network, and trigger alarms the moment any unauthorized entry is detected.

Similarly, key physical locations should have a single point of entry, robust identification and access control, and an airlock system, or equivalent, to provide a further check on individuals seeking access.

Protection against blast and fire is another consideration. If the control centre is vulnerable enough, terrorist or criminal organizations may simply choose a cruder means of disabling it through explosives. Therefore. blast walls, fire-resistant materials and the actual design of the control centre itself – such as locating it underground with an independent power supply – are important elements in ensuring the survival and continued operation of  the control centre in the event of an attack. A model of  such a control centre is shown in Figure 2.

Situational Awareness
This term, in the context of mass transit security, refers to being fully aware at all times of possible disruptions to the system, whether caused by deliberate action or ­accident.

Comprehensive surveillance ­systems, good communications with ­emergency and police services, and a clear, regularly updated picture of current threats, are the cornerstones of good situational awareness.

Situational awareness ideally means the ability to anticipate and prevent an attack or disruption, but it also must be maintained in the aftermath of such occurrences. The tragic 2005 attacks on the London transit system clearly show how critical situational awareness is. In hindsight, it is easy to argue, as with 9/11, that these attacks could have been foreseen. The debate over that issue (including many improbable theories) will likely continue for years, however, it is in the aftermath of 7/7 that we can learn some lessons about situational awareness.

The quick response of emergency, fire and police services was essential in calming the public and mitigating the effects of these attacks. This was due, in large part, to the emphasis London transit authorities placed on working closely with these services. The legacy of 30 years of IRA bombings in London, including the 18 February 1996 suicide bombing of a double-decker bus, meant that the transit authorities were in many ways ‘battle-hardened.’ The response to these attacks was swift and comprehensive, as was the alerting of all other transit systems across the UK. Had there been a wider plan to disrupt the entire country, this swift reaction would have saved many lives; as it was, it helped to strengthen the determination of Britons in general, and Londoners in particular, to carry on with their lives in spite of these attacks.

This is the goal of situational awareness; terrorism feeds on ignorance and fear, so the faster the actual situation is determined, assessed, and dealt with, the faster the transit system and the general population can return to normal. The whole system was back in operation within 24 hours. This is miraculous. Would the same occur in our big cities? We certainly hope so.

Capacity for Growth
At first glance, this may seem an odd criterion for transit security. However, it reflects the fact that we are constantly learning about new and different threats to transit systems – and each time a weakness is exposed in London, Madrid, Tokyo or elsewhere, it makes sense to enhance our level of protection in that area.

A case in point is surveillance cameras in Montréal’s Le Métro. The level of coverage across the system with approximately 1300 cameras is very good, however, the design includes the potential for adding up to 500 additional cameras for counter-­terrorism purposes. There is similar room for growth in the data transmission area, and the physical design of control centres also caters to possible expansion. It is easy, and definitely cheaper, to build only the capacity that is needed today, to deal with the known threats. Unfortunately, we are compelled in these past few years to expect the unexpected. Our command, control, and especially surveillance systems, must be flexible enough to adapt to whatever new method of attack terrorists or criminal organizations decide to throw at us. Built-in growth capacity helps attain this.

Such is the strategic-level overview of some key principles to be used when dealing with the command and control of mass transit systems. I have deliberately avoided discussing specific technologies and giving detailed descriptions of the various sub-­systems involved, as such considerations, though important, should be secondary to a clear understanding of the aim.

The aim, of course, is to protect Canadians by making our urban mass transit systems as resilient to terrorist attack or natural disaster as possible. Although the illustrative examples in this article refer exclusively to lessons learned while renovating Le Métro in Montreal, I think most cities are well on their way to building similar command and control systems for their transit operations. We should all try to achieve the level of response and the amazingly quick return to full operation that the London transit system accomplished in July 2005. Otherwise, if transit is indeed the lifeblood of our cities, we are in danger of a serious hemorrhage.  

Peter Holt is a retired Brigadier-General and Professional Engineer who works as a Strategic Advisor for Dessau Inc. Dessau partnered with the STM in a Public-Private Partnership to renovate Le Métro.
© FrontLine Security 2008



Emergency Preparedness in Canada
© 2008 FrontLine Security (Vol 3, No 3)

Reading the latest Report on Emergency Preparedness in Canada from the Standing Senate Committee on National Security and Defence, one cannot help but feel the Committee’s frustration, anger and foreboding. While their observations can be sarcastic and glib, they have certainly earned the right to be so. Their pointed observations on the inadequacies of the emergency management structures, process and resources in our country have fallen, time and again, on deaf ears from all orders of government. Members of the Committee have tried every possible formal route to spur the federal government into action… any action. It appears that, in this report, they have decided to try a different methodology; one of informal black humour. Time will tell.

Emergency Management is a fundamental reason for the very existence of government. Long ago, small groups of individuals banded together to face the hazards of their world. At the time, the hazards were fundamentally “natural,” such as wild animals, severe weather, wildfires, disease and geological events. Assigned leaders were responsible for miti­gating against, preparing for, responding to and recovering from hazards that might occur. They gave up individual “rights” in order to achieve this “collective” safety and security.

Today, this fundamental responsibility of government for the safety and security of the people they govern has not diminished. In fact, natural hazards can now have a far greater impact due to the increased size of our population centres. In addition, human induced hazards, both intentional and accidental are frequently of greater concern than natural hazards.

Citizens have every right to assume that their municipal, regional, provincial, and federal governments fulfill this obligation. All orders of government have responded with a wide range of legislation and regulation – frequently in reaction to the last major emergency or disaster.

The Senate Committee Report, rather than focusing on the Federal order of Government, has attempted to review the status of preparedness of all orders of government. In the process, they have unfortunately erred at times in their assignment of certain areas of responsibilities and blame for shortcomings. That said, their overall assessment of the lack of action by the federal order of government in the past seven years, is significantly understated.

The Committee divided their observations into 12 problems. While each of these can be reviewed as a stand-alone, the sum unfortunately does not represent the full dimension of the inaction of the federal government, let alone the challenges faced by other orders of government.

That said, if this report is read by Canadians and they believe that the Senate Committee findings are the canary in the coalmine, they should be instantly aware that the canary has been long dead and they are at risk in the present circumstances.

Emergency Management consists of five dimensions:

  • Organizations – including all orders of government, the private sector, and Non-Government Organizations (NGOs)
  • Hazards – Natural and Human Induced Hazards (Non-intentional and Intentional)
  • Functions – Mitigation, Preparedness, Response, and Recovery
  • Activities – Governance, Operations (Strategic, Operational, Tactical), Planning, Intelligence, Logistics, Communications, Financial Management, Administration, Training, Public/Private Sector Coordination.
  • Resources – Personnel, Equipment, Supplies, Infrastructure, Information Communications Technology, Publications, Finances.

As a fundamental responsibility of government, the OBLIGATION of each order of government is to ensure that each of these five dimensions is completely analyzed and incorporated into appropriate Doctrine, Legislation, Policy, Regulation, Standards, Best Practices, Plans, Process, and Pro­ce­d­ures. All of the above are then subject to continuous improvement and “ever greening.”

Unfortunately, in Emergency Manage­ment, as in other disciplines, many elected officials appear to think that “government” is only accountable for establishing the first three: doctrine, legislation and policy. They believe, either consciously or subconsciously, that all steps after that are either not required, or will simply occur without any dedicated allocation of resources or leadership.

To compound this challenge, senior civil servants have found that promotion and careers are based on supporting the Elected Officials, by limiting themselves to being legislation and policy experts. These senior executives must adamantly remind their elected superiors that legislation and policy without the remaining actions is useless. Hence, within Public Safety Canada, one is hard pressed to find personnel who either have an operational background, ability, or a desire to produce anything other than Legislation and Policy.

All 12 of the Committee findings fit into one or more of the five dimensions of Emergency Management as defined earlier. Frequently, the findings of the Committee are focussed on First Responders, Municipal Government and the lack of resources for these essential members of the Emergency Management community. Unfortunately, Municipalities and their First Responders are not, except in very rare circumstances, the responsibility of the Federal Gov­ern­ment or Public Safety Canada for any of the seven areas outlined previously.

Municipalities differ significantly across our Country, since they are the domains of Provincial and Territorial Governments. Similarly, the requirements for First Responders in the municipal order of government are the domain of Provincial/ Territorial Government. Some Provinces and Territories have legislation that defines specific requirements for Fire Services, Police Services, and Ambulance/EMT Services by size of municipality. Some Provinces and Territories do not. In a similar fashion, the Emergency Act of Canada clearly identifies Public Welfare and Public Order Emergencies as the purview of the Provincial Order of Government except in very specific cases.

Therefore, Public Safety Canada can highlight the findings of the Committee for these First Responder and Municipal areas as “inappropriate” criticism of their mandate. The department has, in the past, used this perceived lack of understanding by the Committee to ignore the other findings of the Report.

The Senate Committee is correct in stating that Canada is NOT PREPARED for a national emergency. The federal government muddles through (SARS, the Eastern Blackout), expects Provincial and Territorial governments to take action (SARS, floods, BSE), coordinate among themselves, at times completely ignores the Provincial agencies (Avian Influenza 1); and reacts to major emergencies and disasters as if they were all unpredictable. They dodge blame, ignore reports and criticize recommendations – and as a last resort, pass new legislation.

Canada needs both a fully implemented federal and national emergency management plan. The plan must cover mitigation, preparedness, response and recovery for all hazards with relation to Canada.

A plan is neither legislation nor policy, both of which only define “what” is required. A plan defines “how” the legislation and policy will actually be achieved, and includes:

  • who is in charge (before, during and after major emergencies or disasters);
  • a definition of command relationships between organizations (under command, in support, in location);
  • a statement of groupings (strategic, operational and tactical);
  • assignment of tasks (operations planning, intelligence, logistics, communications, financial management, administration, training, public/private sector coordination);
  • assignment of resources; and
  • detailed coordinating instructions including timelines.

In order to move forward, three essential actions are required:

  • A very senior Ministerial Elected Official in the newly elected Government of Canada, must become the federal Champion of Emergency Management for our Country.
  • An accountable senior supervisory Task Force must be initiated to direct and monitor a one-year priority development of “federal” (with a view to “national”) emergency management. This group must include senior federal Ministers holding appointments essential to the federal emergency management mandate and their Deputy Ministers, and should have an independent advisory group of Emergency Management Experts available to it.
  • Finally, a cross-Ministry Emergency Management Tiger Team (EMTT), accountable to the Task Force must be formed. The backgrounds of this team must include proven ability in analysis, design, implementation, evaluation and validation of programs and all program elements (Doctrine, Legislation, Policy, Regulation, Standards, Best Practices, Plans, Process, Procedures, Continuous Improvement/Ever greening).

The EMTT should be assigned the following tasks, as their sole priority, for a one-year secondment:

  • Within six weeks: Present a conceptual Federal Emergency Management Frame­work, including a Work Plan to achieve the priority elements.
  • Task Force approval within one week.
  • In the subsequent eight weeks: draft the Federal Emergency Management Plan (FEMP) for all-hazards (minus detailed annexes). The Tiger Team should request additional team members, as required, to assist in the drafting of function and/or hazard specific annexes. Finally, a budgetary impact analysis would be developed by the for potential major program costs of the FEMP.
  • Task Force approval within two weeks.
  • In the subsequent 12 weeks: prepare final version of the FEMP, with detailed annexes, for approval by the Task Force. In addition, draft an implementation action plan for the FEMP, detailing initial groupings, tasks, resources (including budget) and timelines.
  • Task Force approval period of four weeks.
  • Following approval of the FEMP (with annexes) and the implementation action plan, a cross-Ministry implementation (as directed by the Tiger Team) would commence. An initial implementation period of 16 weeks, with monthly reports to the TaskForce. This period would also include detailed budget submissions from affected Ministries, if and as required, for a Next Fiscal Year program allocation. This period would end with a detailed review of progress to date, fiscal impacts, and a draft concept to move the “federal” actions into a “national” framework.
  • Task Force review would then determine if the Task Force and Tiger Team would be required for a subsequent period, or if the FEMP could then continue to be implemented, evaluated and validated within the normal governmental process.

Skeptics will say that the process identified above is naïve, unrealistic and or impossible to achieve. It is none of the above.

This is the exact process followed in a major jurisdiction in Canada following September 11, 2001. This process achieved significant and benchmark changes to emergency management for that jurisdiction. This process does, however, require a firm commitment from the leader of the jurisdiction, and a continuing dedication of that leader to the safety and security of its ­citizens.

It is strongly encouraged that the “federal” emergency management framework and process described above be completed before attempting to develop the “national” framework. That said, the Senior Officials Respon­sible for Emergency Management (SOREM) should be fully included as information addressees in the development of this one-year process. Selected members in fact may be valuable advisors to the Task Force.

It is recognized that it may be desirable to have complete concurrence by the SOREM community to a FEMP. Unfor­tunately, regional diversity in Provincial/ Territorial Emergency Manage­ment policy and practices, as well as FPT politics in other areas may simply preclude this. As long as the FEMP governance recognizes the legislative and regulatory authorities and precedence, as and where applicable, and adheres to the responsibilities and authorities as defined in the Emergencies Act, then a National Emerg­ency Management Plan, involving all levels of government and infrastructure owners across the sectors, should dovetail easily with the FEMP.

The Standing Senate Committee on National Security and Defence continues to be a lone voice trying to awaken our country to the fact that our Emergency Management systems are in desperate need of improvement. The Committee recognizes that individual jurisdictions are in some cases better than others, but that these lead agencies often are ignored.

Accordingly, the Committee points out that the inter-relationship between essential supporting agencies is weak at best – and often non-existent. They highlight a lack of emergency management resources, the need for a definition of roles for critical agencies, a lack of federal action, and the continued disregard of recommendations and shortcomings.

It is time to listen. The canary is dead! We need to either evacuate the mine (Canada) or fix this problem before the next major emergency or disaster surprises the federal government again – with predictably disastrous consequences.

David Redman is the former Head of Emergency Management Alberta.
© FrontLine Security 2008



Dr. Ed Amoroso
Cyber Security: An Expert Opinion
© 2008 FrontLine Security (Vol 3, No 4)

Dr. Ed Amoroso, AT&T’s Chief Security Officer, with over 20 years in this field, was in Ottawa recently, speaking at a Cyber Security Conference by the ­Conference Board of Canada on Proactive Defence of Critical Systems and Information. An ­experienced and internationally respected Computer Engineer, Dr Amoroso presented a clear picture of our overall cyber vulnerability and of what he described as our patchwork and ineffective reaction to it. His ­proposal suggested a major change to this situation, and he consented to answer FrontLine questions based on a Canadian perspective.

Q:Dr. Amoroso, while in Canada recently, on assessing on the cyber activity of 20 April 2008, you postulated that potentially destructive Botnets could be used for Denial of Service (DOS) such as in Estonia in the Spring of 2007 or other nefarious purposes (see table 1). Is this a typical day, and what do you deem to be the key targets and sources of these threats: Foreign Government? Criminal? Com­petitive business focus?

I am pleased to be able to share what knowledge I have with your readers. This is a particularly pertinent question indeed.

This was just a sample day and quite average. In fact this was only part of a random sampling on that day and these were new ones that cropped up. On normal days we find a couple of dozen new ones and monitor several thousand at all times. From 2003 to 2005, you will recall you would be warned of viruses and worms quite regularly by your security provider. These days threats have now morphed to phishing and denial of service attacks from captured computers on these botnets. As I said there are literally thousands out there.

Some are active in many domains obtaining information for criminal, business or other advantage. Others are dormant until they need to be used. We monitor them and take what actions are necessary to protect and forewarn our customers and friendly agencies. They can target just about anything. For instance, Storm Worm Botnet from Jan to Sep 2007 had an estimated 2.5 million captured ­computers to form the Botnet. You should put this in the perspective that a net of 250 could disrupt a business and one of 4,000 or more could disrupt major ­infrastructure such as electric power, water or gas in a major state or province.

Yes, it is a dangerous cyber-world out there and the security of our tools and the information itself is at vital risk in this age of new and evolving cyber threats.

Q:You have been quoted widely saying that the patchwork/firewall security systems that most employ are not only complicated, they are very vulnerable to such attacks. Could you explain to our readers by whom and how our computers should be secured?

Indeed, this must be put in context. Back in the 90’s there were not the different means and volumes of computer use we have today. For instance, one could characterize the Communications provider, be it Bell, AT&T or whomever, entering the business or institution on a single or at least controlled choke point into the local information network of 10 to 20 computers. Firewalls were designed and quite effective at controlling the access in and out of this network at that choke point. With the advent of access by all to the World Wide Web and the mushrooming of platforms in everyone’s hands, firewalls are challenged by thousands of potential connections that could go out to distrusted sources, themselves multiplying continuously. Relying only on firewall protection is unwise in this environment. The firewall was a good device serving as a traffic cop on one road, but is incapable of maintaining security when the access roads continue to multiply. The firewalls have become so complex in most organizations as to render them even more vulnerable to volume attacks and to be easily overwhelmed and useless.

It is a bit like protecting yourself in a glass bubble with your computer, the bubble being the firewall, when now the cyber thief can enter the whole house without going into the bubble and pulling the plug on the bubble and computer therein on his way out. In addition there are thousands of variable access rules to each bubble within a house. There is much room for human error and technical weakness let alone aggressive attack.

A new approach is needed. As all knowledgeable people in the Com­muni­ca­tions Security field would attest, this must be a multi-layered approach.

Instead of focusing on protecting multiple millions of guarded bubbles, in millions of homes, I have suggested that we produce a guarded community wherein the providers such as my company or major Canadian providers like Bell, Telus or Rogers be required to “clean the pipes” before sending these dangerous cyber-threats towards you to be screened by a complex and inadequate firewall.   

Q:In discussing the failure to recognize the risk of attacks, and the consequences thereof, you have been quoted as saying: “There will be some set of catastrophes, then the lawyers will fight it out, and the question will come down to, "Who’s responsible if software flaws exploited over a network cause damage to society?” And on the topic of present cost to Internet Service Providers of firewall/patchwork systems, you have said: “They typically get $50 or less a month from each subscriber. As zombies and malicious attacks proliferate, sucking up band­width and disrupting PC performance, consumers don’t call the phone company or Microsoft, they call the ISP. It costs $8 just to have a service rep pick up the phone, about $50 to roll out a service truck on a house call.”

These are very serious liabilities and infrastructure security risks here. How vulnerable are we, and how do you see this being handled internationally?

I think that I partially answered this earlier, in that I believe it is the responsibility of the major phone companies and the likes of Microsoft to “clean the pipes upstream” as a customer service for the whole system in principle. This will lessen the occurrence of these failings whereby the user and ISP will have left a minor number of bad software and technical failures to deal with and the available bandwidth should be greater.

Of course, other technical developments and realities occur as the systems and their use evolve. Take Facebook, for instance. This is a much-used social network that has one of the few securely encrypted one to one discussion platforms commercially available. Another reality is that the cell phone has fewer vulnerabilities than your standard PC. Some people are giving up the PC altogether and relying on the portable communication devices with text in lieu of classic email. The securing of the mobility cloud computing network, of which this forms part, is the present security challenge. We are already in another generation. Not only is the liability from vulnerability that you outlined still there, but the reality is that its resolution or mitigation is constantly changing. No doubt these features will be tested in the coming years and weaknesses will be found and amplified. The mitigation will reside largely with less software and the simplification of ­systems like smart phones.

We also have serious vulnerabilities to our major infrastructure control systems relying on the very vulnerable and web-based SCADA systems that can be potential prime targets for major botnets world-wide. These deserve major attention.  

Q:As we are going through a major economic challenge world-wide, what is the threat of, and vulnerability to cyber attacks on our financial business systems – and what would you recommend be done?

I believe that there is a serious public ­misconception here. In fact, the financial and banking sector has been at the forefront of cyber security from the beginning – as one of the three core partners, along with government and telecommunications. They are among the best at sharing solutions and have some of the best ­cryptography in the business. They also ­continue to attract the best and brightest in the computer security field. Notwith­standing the stories that crop up now and then, what is remarkable is how secure and reliable the new electronic way of doing business really is. Can you imagine any other way of transacting things these days… troubled though they are? These systems have been regularly ­subjected to botnets and other types of attacks, and have fared quite well.

Q:In your Canadian presentation, did you imply that these botnets could be attacked and taken down? Can you tell us more about the possible use of hackers as allies versus villains that you have suggested elsewhere along this vein?

Let me start by saying that most SPAM comes from botnets originating in port 425 DCP. In our previous discussion on security and cleaning the pipes we can indeed affect many of these through pro-active defence, but it is not “attacking the botnets” as you put it, but rather denying them access to what they need to be effective.  

As to the hackers, notwithstanding the less-than-politically-correct jargon that they use and their unbridled enthusiasm in finding fault and even entering, altering or sometimes destroying data, I feel that they are a resource that we must co-opt and engage, less we be caught short through professional vanity and, someday, consequently brought to account for major failure. I cannot but reflect upon the fact that it is that same undisciplined and raw enthusiasm which burns in them that attracted me to do what I have become reasonably good at doing. It does attract my son a well. Let them have a go and let us learn from what they achieve…better them than learning some surprise vulnerability from the hands of terrorists, criminals or other less than friendly groups.

Q:Any further reflections with you wish to leave our readers?

As a matter of fact, yes. Much of our security vulnerability, complexity and technical fragility comes from poorly designed software of all types. There is a need for standards for programmers and computer engineers, but it would be wonderful to have a type of Software Consumers Report available that we could all refer to. I know I would use it. I mean one dedicated to evaluating the best from the tons of products flooding the market for a myriad of applications. Just a thought.

© FrontLine Security 2008



New Technology = Better CI Protection
© 2008 FrontLine Security (Vol 3, No 1)

It’s on CNN
Watching a recent CNN video of a staged Cyber attack showing a large turbine generator self destructing, may have caused some to dismiss the story as yet another attempt to sensationalize and shock an increasingly desensitized TV audience. As the report unfolds, however, one learns that the video was created by the Department of Homeland Security (DHS) in a training experiment, code named Aurora. It’s time to pay closer attention.

Apparently, such an attack is not ­difficult to execute. The cyber holes that made this possible have now been plugged, we are told, but not “eliminated.”

There is more – industry analysts hypothesize that simultaneous cyber attacks on key electric facilities could knock out power to a large geographic area for months.

It gets worse – it would only take $5 million or so to mount such an attack. And such an attack could cause a third of the U.S to lose power for up to three months and be equivalent to 40-50 large hurricanes hitting the United States simultaneously. This in turn would result in the loss of $700 billion in economic activity. Do the quick math and evaluate a $70 billion equivalent for Canada. A disastrous hit indeed on the budgets of all levels of government!

In the U.S., everybody, from the DHS through the CIA to the White House, agrees that something needs to be done, quickly, to avoid such a national ­disaster – yet, apparently, very little has been done for the past five years.

Apart from wondering why we are identifying our vulnerabilities and giving ideas to people who do not need any ­further encouragement... two major questions leap to mind: How did we get into this situation and, more importantly, how do we get out of it?

Examples of Critical Infrastructures
To answer the first part of the question we need to agree on what is “Critical Infrastructure.” Wikipedia defines it is “a term used by governments to describe material assets that are essential for the functioning of a society and economy.” That sounds about right but what does it mean to the average person? Comparing a typical list of government-defined Critical Infra­structure with the levels in psychologist Abraham Maslow’s hierarchy of human needs (see the chart below), we can see how Critical Infra­structure maps to his framework.

CI supports our Basic Human Needs
The Critical Infrastructure (CI) that produces and delivers our food, water and energy is “critical” to meeting the foundational physiological needs of the individual.

The other parts of the Critical Infra­structure, emergency services, telecommunications, transportation, finance and banking, industrial processes and our postal and parcel systems, provide basic individual safety and our collective capabilities for creating wealth in a predictable and orderly world. These include security from crime, financial security and access to health care. It would be a different world indeed without these – even for a short time.

Clearly, interfering with our CI poses extremely serious consequences for all of our most basic human needs.

Physical Infrastructure Components are Globally Available
To comprehend why our Critical Infra­structure is vulnerable to cyber attacks, we need to understand how it has evolved, how it is managed, and it is operated.

Historically, Critical Infrastructure networks evolved and were developed and managed by civilian, special purpose, public organizations dedicated to the operations of that particular service. This included water, gas and electric utilities, national railways and, more recently, telecommunications companies. Unlike military infrastructure whose development and dissemination are strictly controlled, most civilian Critical Infrastructure components and technologies are manufactured and readily available around the world. The components used to manage our public and private critical infrastructure are essentially commercially available. In many instances, our CI has been designed, built and deployed through international engineering firms that also develop similar infrastructures worldwide, modeled mainly on North American and European designs. The documentation of the products that make up our Critical Infrastructure is often accessible in online catalogues and whitepapers. As a consequence, significant segments of such infrastructure are relatively easy to access and therefore vulnerable to malicious intent.

Despite its civilian role, Critical Infra­structure has always been a target during times of war. Bombing and sabotage have been used to damage the enemy’s CI and thereby reduce an opponent’s capacity to fight. In the past, this could only be done physically at the target location. This proved costly and difficult to disguise. Now, because of the very technologies that have made our society successful, our Critical Infrastructure is vulnerable – remotely and anonymously – to our foes.

Critical Infrastructure Protection is an Overlay
The segmentation of our CI into independent operational silos has served us well for economic efficiency and industrial development. Typically, such networks have been designed to be operationally ­efficient – protection and security from malicious intent was seldom an area for concern, and certainly not a priority. Therefore, they lack redundancy. Indeed, they exhibit the properties of scale-free ­networks in which a few major hubs are connected to many spokes. If the hubs fail, disastrous consequences cascade through­out the entire network.

While our Critical Infrastructure may be owned and operated as independent silos, they are also intertwined with, and highly reliant upon their shared energy and communications grids. A failure of a component in one silo can not only cause a catastrophic collapse of that particular silo network, but also has the potential to cause a cascading failure in another silo.

The protection of our CI has also traditionally been delegated to each silo. Today’s stringent security requirements are being overlaid on existing operations – they are being retrofitted. Unfortunately, we have discovered that the sum of measures taken by each silo do not ensure an effective protection of the whole.

Our combined integrated and interdependent Critical Infrastructure system has been, largely, left unattended. This is the fundamental cause of our vulnerability.

CI network Characteristics
Critical Infrastructure networks require control systems to manage them. Supervisory Control and Data Acquisition Systems (SCADA) provide the data necessary to manage the control of transportation traffic networks, electric power grids, water delivery networks and sewage networks to control pumps, valves and switches. Telecommunications are used to link these network components, usually to a Network Operations Centre (NOC). Initially the communications networks were internal. This has led to the misperception that SCADA systems are obscure and irrelevant to our general well-being.

With the rapid evolution of the internet, there has been an increasing tendency to connect and manage the control systems through internet-based technologies. In ­particular, owners and operators of Critical Infrastructure have been using Virtual Private Networks (VPN) to secure communications tunneled through the public Internet. The proliferation of the Internet and Wi-Fi technologies has inadvertently created many opportunities for intrusions. Even though these networks are virtually separated from the outside world through firewalls, access gateways, and other devices, hackers can use their knowledge of lax security practices in order to gain access to user names and passwords to impersonate an authorized user. Once inside the NOC, hackers have access to the control systems and can compromise operations.

How CI Networks Can be Compromised
There are a few generic ways that Critical Infrastructure can be compromised. These are shown in the following table. Not all of the compromises need be due to action of someone intent on causing harm; some occur as a result of acts of nature or unintended component malfunctions. There are all too frequent examples of catastrophic electric grid failures caused by the collapse of a single transmission line. The fact that some of these failures have occurred is an indication of the inherent susceptibility of some of our Critical Infrastructure to failure. We will get to that next.

Despite growing awareness of these susceptibilities, there is continuing evidence of documented penetrations of such networks. Fortunately, most of these result from staged penetration tests, as the DHS Aurora hack has shown.

The sheer complexity and dynamic nature of the communications networks controlling our Critical Infrastructure, combined with the difficulty of maintaining appropriate security practices, has created a permanent state of vulnerability. Is there a simple and cost effective way to break this cycle of vulnerability?

New Technologies to Secure CI Networks
As you might expect, there is no silver bullet to eliminate all of our CI security vulnerabilities. There are, however, emerging technologies that will significantly raise the bar for preventing Cyber intrusions. These innovations focus on new capabilities to “fingerprint” or “DNA” individual computers and use this information, in combination with standard security practices, to control access to the network.

In the past, unless a computer was located in a secure facility it was difficult to authenticate its identity. A hacker who had gained access to the right security profile could use any computer to anonymously access the network. In the future this may get a little harder.

For instance, Uniloc USA Inc., an innovative company specializing in electronic device recognition initially used for software copy control and information security, developed Physical Device Fingerprinting, a patented method of uniquely identifying a user device, such as a PC, game console, smart phone or cell phone. This technology identifies the inherent physical imperfections of a device, and then incorporates that “fingerprint” into the licenses and access credentials of the user.

A new product designed to restrict SCADA network access to designated PCs at the Network Operations Center (NOC), also limits access to designated computers used by field engineering staff logging into the NOC Virtual Private Network (VPN). With this technology deployed, a hacker must be on an authorized PC to impersonate an authorized user. The technology also provides intrusion detection, location and notification at the NOC.

In addition to making the work of the hacker a little more difficult, there are technological developments that also make it a little less anonymous. A few years ago (2005) promising work by Tadayoshi Kohno, a PhD student at the University of California, described research based on unique clock skews of processors to fingerprint a physical device remotely without the fingerprinted device’s known cooperation. The technique did not require any modification to the fingerprinted device. It worked with devices thousands of miles away, from different locations and via different access technologies. This research provided a basis for new forensics applications: investigators could use his techniques “to argue whether a given laptop was connected to the Internet from a given access location at a particular time”.

Some new developments exploiting this research could make a would-be intruder’s foray into our CI a lot less ­anonymous. For now, in the interest of ­leveling the playing field, some of those details should remain a mystery.

Giulio Maffini, based in Ottawa, is President of a + i2 Inc. and a member of the National Security Group.
© FrontLine Security 2008



Jim Facette
CI: Airport Security
© 2008 FrontLine Security (Vol 3, No 2)

Our Editor, Clive Addy, recently conducted an interview with Mr. Jim Facette, President and CEO of the Canadian Airports Council to get an update on the state of security at the airports in Canada.

Q:What are the major accomplishments in ensuring the Security of Canadians at our airports since 2001?

As you know, much has changed at airports, big and small, across Canada since September 2001. Our federal government, with its first National Security Policy followed by its Critical Infrastructure Position Paper and the creation of CATSA, changed the focus at all airports. All are aware, I am sure, that since December 2005, there is the heavy bag search and security for all passengers at all airports across the land. We also have, across Canada, a common system in our airports for controlling and restricting access of airport employees to certain areas where indeed their work calls them, and not general access to all parts.

Q:What other security work is in progress at airports besides the baggage... what about cargo?

Cargo is indeed a major challenge, and remains a work in progress.  Our principle is to secure cargo at source wherever possible before it even gets to the airport. We have, with key carriers and shippers of cargo by air, developed a method of doing this, through regulated accreditation of ­certified shippers such as FedEx and other similar major shippers. The system is clear and compliance is verified. Where we still need work is the certification and screening of cargo on mixed passenger and small package shipment flights.

Q:What do you see as major security challenges, not only terrorism, which seems to take an inordinate spotlight, but in crime and smuggling for instance, at and through our large and smaller airports?

As you quite rightly point out, a lot of public focus is on terrorism, but crime and smuggling do indeed present other serious security challenges at our airports. They can corrupt our employees and threaten passengers if violence and crime are perceived as being uncontrolled in these very public of places. We have had, for long time, sensors around the perimeter of our airports and all the land is indeed federal and access is posted as being strictly controlled.

You may have read of the dangerous practice by some journalists of pulling off a stunt of sneaking under a fence. This is very dangerous and future such acts will be ­punished with the full force under the law. Our agents and the police forces at the airports across Canada are trained and made much more vigilant in respect of these ­exterior and internal threats and risks. In the matter of the potential internal criminal threats, you may be aware of the recent arrest by the RCMP on June 4th of three food suppliers and the seizure of 60 kg of cocaine on site at the Montreal airport. This was the result of vigilance by airport employees and good police work.

We are also improving the mechanisms for restricting unauthorized access to all parts of the airport and changes will be occurring in this realm progressively across the country in the near future.

Q:Our airports are a major critical infrastructure across Canada. What measures have you taken or ­contemplated in the event of failure of other sectors such as hydro, water, gas food and cyber security breakdown at our airports? Are these potential threats assessed, and responses exercised?

Halifax Airport, gate entrance.

Indeed, our airports represent a major critical infrastructure. They are jointly owned and operated, with federal ownership of the real estate, NAVCAN control of the tower and flights, CATSA responsible for passenger screening, various police forces and security agencies contracted by the commercial airport authority to maintain law and order on the premises and the operation of the airport itself being done by our members. Add to this the various commercial tenants and the potential passengers and visitors and it is a complex mix of authorities and shareholders that must be satisfied that they operate in a secure environment. We have a series of redundant systems of redundant systems to cater to potential failures of all perceived types. The airport and aircraft travel industry has a culture of redundancies that I am happy to say, though not impermeable, offers a tremendous degree of reliability. For instance in the GTA we are integrated with local and provincial government resource industries into a myriad of power and other alternatives to ensure we stay in operation. Similar measures are taken across the country and all airports have undertaken a threat assessment to guide them on focusing limited resources to the needs. Airports conduct exercises to confirm their readiness in respect of these hazards normally every year but certainly every two years. These would involve airport staff, carriers, civilians on site, the various ­airport police and security forces, RCMP, hospitals and other related emergency responders.

Q:What support has been received by the airport authorities from the federal government and particularly Transport Canada to help mitigate and respond to these potential security threats at our ­airports?

As I am sure most are aware, airport authorities are private companies in the business of providing a service and making a profit.
Since 9/11 there have been many measures taken by the federal government such as CATSA and others on the premises of all airports across Canada. You are no doubt aware as well that the security tax on each airline ticket is used to pay for some of this. The remainder goes into the general revenue coffers of the federal government. There has been, however, no money provided to the airport authorities themselves for improved security, though major costs have been incurred through increased regulation in this area. We feel that there is some need to mitigate these costs to the airport authorities that should come from this security surcharge.  

Q:What do you think of having a con­sistent and uniform police system for airports as proposed by the Senate Com­­mittee on Security and National Defence?

The RCMP used to do this across Canada at all airports. Now a patch-work of solutions is found across the country that appears to best suit the situation to the satisfaction of airport authorities and their clients. For instance: in Halifax, the RCMP are contracted by the airport authority and fulfill this task largely through special constables; in Toronto Pearson, Peel Region police are contracted; in Montreal they have their own police with powers of arrest as peace officers. Whatever solution is taken will cost. If the RCMP provide a uniformity of service across the country it may cost more and provide more security that may be necessary in some places. At present, there does not seem much appetite on the airport operator’s part to pursue this as the benefit is deemed neither great nor obvious.   

© FrontLine Security 2008



Cyber Security - Secure Your Identity
© 2008 FrontLine Security (Vol 3, No 3)

We sometimes make decisions without thinking about how we would defend them. Remember the sign that used to hang in most print and copy stores: You can get it cheap, fast or good – pick any two.

When it comes to cyber security, picking fast and cheap may be attractive but may also be indefensible. So why do good people make bad decisions? Usually it is because we don’t ask the right questions. Time is often the problem. With security, we are more likely to be in a reactive than proactive mode. That was the case with the Western Hemisphere Travel initiative (WHTI), which has resulted in Canadian provinces planning enhanced driver’s licences (EDLs) based on U.S. specifications.

What do EDLs have to do with cyber-­security? Let’s start with the fact that a radio frequency ID technology is being used to transmit information through the air across a distance of 30 or more feet. This is meant to speed border crossing, because it allows agents to request and receive information about travelers before they reach the booth. That requested information is transmitted and stored electronically. Some systems have robust security, but do they all? When viewed systemically, how does this proposed process rate?

WHTI has been questioned by many experts on the basis of systemic security, as well as privacy. While it initially seemed to meet the cheap and fast criteria, that too may be hard to defend now, because the infrastructure to read the proposed EDLs cannot be used for the soon to be deployed e-passports. This has led many to question whether the money required for this program would be better spent on the deployment of those e-passports. This same question should be asked by Canadian provinces when they consider enhanced driver’s licences to meet WHTI requirements.

There are other questions that should be answered before governments move forward with EDLs, such as:

  • Are they sure the radio frequency identification (RFID) technology cannot be counterfeited?
  • Should the citizen be responsible for ensuring that no-one can read anything from their tag without their knowledge?
  • Is the citizen even capable of doing that?
  • Why are we considering the use of a technology designed to move goods, rather than more secure technologies designed for human identity management (as employed in e-passports)?
  • Will the government provide electronic data from a driver’s record that would not be available from a passport?
  • How long will a copy of the data be kept on American border computers?
  • Where else will they keep this data, and how will they protect it from both internal and external threats?
  • Will access to this data be controlled by a rights and privileges rules based system, using counterfeit and tamper resistant multi-factor identifiers?
  • Are we endangering consumer confidence in RFID by using it inappropriately?
  • Are there other ways to meet the requirement for expediency at border crossings?
  • Are we close enough to the introduction of e-passports that we could suspend this program?
  • Who pushed hard for this technology, and what did they have to gain?
  • Is the number on the EDL that links it to the holder’s record totally random, or are there things in that number that can help you know something about the person?
  • How many Canadians will apply for EDLs and does it warrant the cost of each province building them?
  • Is joint development more practical?
  • Will the financial sector be hurt by conflicting messages regarding the distance from which RFID cards can be read? The U.S. government says 30 feet or more. Canadian (and American) banks say that contactless RFID needs to be in close proximity and this is part of why contactless payment is secure.

Many of these questions have nothing to do with cyber-security, but customers and constituents view programs more by what doesn’t work than by what does. If your security plan plugs one hole but leaves another open, you won’t be praised for the one you plugged.

Hackers force us to secure our networks and data, but we often fail to recognize the internal risks, so we don’t adequately protect ourselves against inadvertent or intentional employee breaches. Security experts know this and so do the bad guys, so they exploit this hole in the cyber security net. When that happens, can you defend the money that was spent on external threats, if the data was compromised anyway?

The payment card industry has taken steps to protect customers by introducing Data Security Standards, developed to ensure financial data security. Do we not need to do the same to protect identity data, given the alarming growth of identity fraud? Could we leverage these standards for that purpose?

The financial sector has moved forward with new levels of security for Canadians. New chip-based credit and debit cards are starting to move into the market. Because they are counterfeit and tamper resistant, they raise the security bar. This protects us and puts pressure on the public sector to raise their security standards.

Online stakeholders include consumers, merchants, government regulators and law enforcement, among others. While the ability to conduct transactions electronically has significant benefits, identity fraud has eroded success and prevented the market from reaching its potential.

Until we can demonstrate our ability to secure client data, we are racing the clock. Canadians are apprehensive – and it slows in their slow adoption of e-government ­services and internet payment.

The online world must employ new ways of identifying users and their data. We must also remember that an online transaction almost always results in a database record that exists long after the online part is completed. Securing that record is just as important as securing the original transaction. If we are going to stop identity and payment fraud, and drive adoption of e-commerce and e-government, we must deal with both. That means identifying every party that can access data and controlling their rights and privileges.

It also means having a systemic plan and a threat/risk analysis that covers outsiders, employees, contractors and even ­visitors. When such assessments are good, they are rarely fast or cheap!

Not all organizations think about ­suppliers when assessing data risks, as ­witnessed when a U.S. organization bought 129 used PCs – all but 12 had personal or financial data on them. There are numerous stories of individuals and companies that have equipment such as hard drives replaced and are assured that the old ones are destroyed, yet they show up for sale at flea markets or other places.

Employees are a growing part of the problem. Sometimes it is accidental. There are many reports of employees recycling redundant equipment, not realizing that critical data had not been removed. In other cases, information was downloaded or emailed home so that it could be worked on after hours. Other times, organized crime has bought data from an employee or even placed employees in certain jobs.

Identity fraud is growing at an epidemic rate. We’ve seen 8 million credit card ­numbers compromised in a single hack. The private information of 180,000 Canadians was put at risk when a single hard drive was found to be missing from a 3rd party processor. The financial ripple effect of that was felt by both the public and the private sector. We must also stop the ability of organized crime and other criminals from escalating the current counterfeiting problem. To do that, we need to move away from magnetic stripe cards to more advanced card technologies and applications such as smart or optical cards.

In cyber security one is often surrounded by alligators, but remember that questions are an effective weapon. No matter how well you do your job, you will still be affected by the failure of others to ask and answer questions that drive successful programs. When they fail to ask those questions, you must.

You must also insist upon rules-based access to data, and counterfeit and tamper resistant authentication measures to enforce those rules. Governments and corporations around the world are including smart and optical cards in their cyber security. We must step up and do so or risk becoming the target of choice.

When it comes to cyber security, good trumps fast or cheap.

Catherine Johnston is the President and CEO of the Advanced Card Technology Association of Canada. She is also Chairman, International Smart Card Associations Network (ISCAN).
© FrontLine Security 2008



Mumbai and the Future of Terrorism
© 2008 FrontLine Security (Vol 3, No 4)

Should we have been surprised by the terrorist siege of Mumbai? Probably not.
In a January 2005 article in The Atlantic, former White House security official Richard A. Clarke posited an “alternate future” for the post-9/11 decade. Clarke chronicled a series of terrorist attacks on the US homeland. The first wave consisted of simultaneous assaults on hotels and amusement parks; the second of a series of carefully planned shooting and bombing rampages in America’s largest shopping malls. In both ­scenarios, thousands died.

The problem is, attacks of this magnitude do not just exist in the realm of the common imagination.

In 1993, investigation of the first World Trade Center bombing led U.S. counter­terrorism authorities to a conspiracy centred on Omar Abdel Rahman, the so-called “Blind Sheikh.” The conspirators, some of whom would eventually be linked to 9/11, intended to carry out simultaneous attacks on hotels, tourist attractions and transportation infrastructure across Manhattan. The “Landmarks Plot” – as it came to be called – was meticulously planned, highly tactical and timed down to the split second.

And then it happened for real.

In the early morning hours of 26 November 2008, a group of 10 militants armed with automatic weapons and ­explosives carried out a coordinated attack on selected targets across Mumbai, the city that has been characterized as the “Manhattan of the sub-continent.”

By the time it was over, three days later, more than 160 people were dead (including police and counterterrorism officers and two Canadian citizens), and there was widespread destruction across this historic tourist and financial center.

Initially, a group calling itself the Mujahideen of Deccan claimed responsibility (Deccan refers to the extensive plateau region of Southern India). However, it now seems likely that this claim was a diversionary tactic, intended to sow confusion among Indian and international intelligence and counterterrorism agencies.

The attack is currently attributed to the Lashkar-e-Taiba (“Army of the Righteous”). Based in Pakistan, Lashkar-e-Taiba’s ideological roots lie in the long-festering question of sovereignty over Kashmir and, more broadly, in the establishment of an Islamic caliphate across South and Central Asia and Western China. Lashkar-e-Taiba has links to al Qaeda.

Mumbai is no stranger to violence. Since 2006, random bombings of public spaces have been carried out by various Islamic and Hindu factions, and possibly by organized crime groups as well. For the most part, these seem to have been intended primarily to exacerbate existing political tensions, to draw attention to long-standing grievances over Kashmir and, presumably, to settle underworld accounts.

What distinguishes this most recent attack from its predecessors is its highly specific targets: civic infrastructure, historic buildings and monuments and American, British and Israeli nationals.

As important, is the tremendous degree of organization and planning that underlay the attack. The terrorists clearly benefited from extensive pre-operational surveillance and inside knowledge of their targets. They were extremely comfortable navigating the Victorian labyrinth of the Taj Mahal hotel, and separate assault teams moved with ­evident assurance towards targets spread over a wide geographic area.

The attacks were precisely coordinated. Their focus was the Taj Mahal and Oberoi hotels and the Chabad House Lubavitch center, however, simultaneous assaults on railway stations, hospitals, media outlets, restaurants, bars and theaters ensured maximum chaos, distracted police and security forces and, ultimately, slowed and blunted the Counter Terrorism response.

The fallout from Mumbai will exacerbate existing regional tensions.
India has implied that elements within Pakistan’s military and intelligence services knew about the attacks and may have actively colluded in them. Pakistan has countered that there is no evidence of such involvement. The Indian government faces a political crisis stemming from the confusion that seemed to surround its initial response to the attacks. Pakistan, leery of possible Indian action, has moved troops away from the Afghan border to face potential Indian reprisals. This creates a troubling situation of two nuclear powers facing each other over a contested border.

The attacks are also an indicator of the fragility of the entire South Asian region, and the complex interplay between state governments and non-state actors. This has implications for Canadian foreign and security policy, particularly around Afghanistan.

A shift in terrorist operational strategy.
Geopolitical implications aside, the Mumbai attacks may also be an indicator of a real shift in terrorist operational strategy. The world has come to expect terrorist attacks on urban centers and infrastructure to be swift and sudden. The 9/11 attacks, for all of their destruction, took minutes.

By contrast, Mumbai bears many of the hallmarks of a commando or guerilla-type raid. Assault teams in small craft along the waterfront made effective use of intelligence and reconnaissance. They created diversions, success­fully dug in to defensive positions (which they held for days), and took hostages with almost surgical precision. Ten well-drilled militants managed to shut down one of the largest, most important cities in the world, not for hours but for days.

All of this suggests a high degree of strategic and tactical planning, of excellent training and of real professionalism. These are all part of the escalating violence and the increasingly ambitious tactics and strategy that seem to be characteristic of “evolved” terrorist organizations like al Qaeda and – increasingly – Lashkar-e-Taiba.

The Mumbai attacks are as much an act of war as of terrorism. Whatever their strategic intent, the attacks demonstrate that with sufficient planning and expertise, lightly armed and equipped terrorist operatives can effectively stage military or paramilitary operations against significant, more or less secure targets.

Instead of being rooted in the notion of quick hits for maximum effect, terrorist doctrine may be evolving to something much closer to insurgency and guerrilla warfare, in which small groups of operatives confront and, ultimately, undermine the state by disrupting its authority, attacking its symbols and harrying its ­military and security forces.

Have we witnessed the birth of a new “terrorist paradigm” in Mumbai? Time will tell.

One thing is certain, when terrorist groups find something that works, they tend to repeat it.
The notion of using commercial aircraft as instruments of terror was not new at the time of 9/11, nor did it die in its aftermath. The attack on Mumbai proves that a paramilitary-type assault on a large city – as imagined almost a generation ago with the “Landmarks Plot” – is a feasible tactical approach.

If Mumbai indeed represents a step in the evolution of contemporary terrorism, it will have tremendous security implications from a global – and a Canadian – perspective. Just as in Mumbai, an assault of this nature on a large Canadian city would be potentially devastating, both physically and psychologically.

For law enforcement and security agencies, Mumbai underscores the need for functioning intelligence systems and networks. Intelligence is what allows us to understand the nature of the threat and, ideally, to anticipate and neutralize that threat before it materializes.

Mumbai’s other lesson is rooted in reaction and response. It forces us to examine what we would do, as a nation, if faced with an unfolding “Mumbai-type” terrorist attack. Who would respond? Who would deal with the aftermath? Who, ultimately, would ensure that justice was done?

Could Mumbai happen in Canada? Yes. Is Canada ready for its own Mumbai? Perhaps.
Canada has a professional intelligence community that provides well-developed understanding of, and keen sensitivity to global developments. In the RCMP, Canada boasts a national police service that is internationally recognized as a leader in criminal investigations and major case management. Chances are good that we would collect and interpret information to warn us of an impending attack.

An effective response to an impending terrorist act requires that intelligence passes rapidly from collectors to the RCMP. However, this transition of intelligence to evidence remains problematic. In order to develop our national intelligence capability to its potential, we must find ways of breaking down some legislative and statutory walls between intelligence collection and law enforcement response that continue to divide the Canadian intelligence and security community.

Emergency preparedness networks in Canada are extensive and well-coordinated. Logistically, a national response to a “Mumbai-type” attack would proceed smoothly and would engage a range of players, from the Armed Forces, through first responders, to critical infrastructure and local authorities.

Any act of terrorism, even a paramilitary action on the scale of Mumbai, is a criminal act under Canadian law and must be investigated and prosecuted as such.

The challenge that flows from this is to ensure that proper criminal investigative follow-up and case management is incorporated into all aspects of Canadian emergency preparedness.

Responsibility for this falls squarely upon the RCMP, which is in the process of building post-attack contingency planning into its overall counterterrorism response. This planning is being developed in consultation with key federal partners in order to ensure a seamless response to a major ­terrorist attack.

The lessons that we have learned from Mumbai will help us prepare for new possibilities, but there is no such thing as absolute safety, whether from this or any other kind of terrorist action.

Effective intelligence gathering and sharing, and professional intelligence analysis remain critical, particularly when they are integrated into a properly managed, evidence-driven investigation. Together, they increase – by large orders of ­magnitude – both our chances of anticipating attacks before they happen, and of responding effectively when they do.  

Angus Smith is the Officer in Charge, Alternative Analysis at the RCMP National Security Criminal Investigations directorate.
© FrontLine Security 2008



Need to Know vs Imperative to Share
© 2008 FrontLine Security (Vol 3, No 1)

The Network Centric War and Terrorism
The terms Network Centric Warfare (NCW) or Network Centric Opera­tions have many definitions and have inspired much debate. They were explored by Vice Admiral Arthur Cebrowski, USN, and John J. Garstka in their 1998 book, Network Centric Warfare: Its Origin and Future, Proceedings of the Naval Institute. In general, however, NCW is a concept in which operations are enabled by the networking of the force, giving it a common situational awareness and communications system that allows it to be more flexible and to act and react more rapidly than can the enemy. NCW is also characterized by the ability of a military force to better produce, share and access information in real time or near real time. The military operation can, it is argued, leverage this information advantage and more effectively dominate the geographical and virtual “battle space”.

The increased capabilities of NCW are obvious on the conventional battlefield. An NCW force has an advantage in speed, ­precision and should be able to put more effective ordinance on target in a shorter time using less munitions. The concepts of NCW should be able to assist multi-national operations as well. Is this the case in Afghanistan?

However, it appears that Al Qaeda and its associated groups are doing a demonstrably better job of employing the principles of Network Centric Warfare than NATO or other Western institutions. Given the asymmetric resource levels, perhaps it is not surprising that the smaller group (Al Qaeda) is doing a better job of adapting to new concepts faster than the larger group (NATO). The Darwinian pressure for ­survival often outweighs various other bureaucratic imperatives that drive larger organizations.

NATO in Afghanistan
NATO is the key component of the international community’s commitment to Afghanistan. Currently, almost 40 countries have committed resources to the conflict under the flag of the International Security Assistance Force (ISAF). While the concept of NCW appears very much alive in the Afghan theatre, questions about its effectiveness have arisen. The integration of military forces in an NCW environment faces multiple challenges. While there are many obstacles, the greatest of them all is probably the self-imposed security measures.

The information that can make NCW so useful needs to be managed within a secure system. The systems involved need to be able to both “push” and “pull” information and this implies a high level of trust between the partners. In my view, this is clearly not the case in Afghanistan. NATO briefings talk of “trusted partners” which is a polite way of saying there are partners who are not as trusted. Today’s partner in Afghanistan, it is thought, could be tomorrow’s opponent in another theatre of operations. Consequently, serious limits exist on the flow of information in many different directions and the situational awareness is inconsistent and varies accordingly.

At the end of the day, NATO and its leaders in Afghanistan appear to have chosen “security of information” over the ability to share it effectively. Given that knowledge is the key factor in defeating an asymmetric opponent in an insurgent operation, this policy appears to be self-defeating.

Information Operations
Al Qaeda, its associated groups, and inspired followers operate at a significant operational disadvantage. Among the major problems that they face are depleted staff, money shortages, disrupted training bases and adversaries who have an overwhelming advantage in technology and firepower.

In spite of these problems, the “core” of Al Qaeda is rebuilding itself in Pakistan and continues to inspire a growing wave of radicalization around the globe. Its presence has been substantially felt in over 90 countries. One key aspect of Al Qaeda’s resilience is its ability to effectively ­network its information operations and communicate their message to a global audience.

Perhaps most interesting is Al Qaeda’s view on the distribution of operational and training information.

Al Qaeda does have two distinct sets of information that is distributes. One set of information is designed to be for “external use” and is regularly published on the Internet and on CDs and DVDs intended for widespread distribution. This material is intended to discourage the West while at the same time reinforcing the interest and beliefs of followers and potential recruits. It is, in short, propaganda. Al Qaeda also has information documents on the Web that are more intended for “internal use.” One such example is the treatise by Osama bin Laden called “Moderate Islam is a Prostration to the West.” This material is designed to be an internal debate among Muslims on contentious issues such as Offensive Jihad. It could be called doctrinal theory.

What is key to note here, however, is that the various works by Osama bin Laden and his deputy Ayman al Zawahiri are all available to those who are interested or will take the time to translate or read them.

What is even more amazing is that many other works are published online that refer to training methods, “lessons learned” from successful and failed operations, technology, surveillance and counter surveillance and a broad range of other subjects.

Unlike NATO and many of the West’s intelligence agencies, Al Qaeda has chosen to prefer effective communications and success over “security of information.” Perhaps this is one reason that a small core of some 300 Arabs operating in the tribal agency areas of Pakistan is capable of leading and inspiring a truly global ideological movement.

The Cold War required and produced a rather traditional and symmetrical approach to conflict with an operations and intelligence environment that required coercion, secrecy, compartmentalization and raw power. The Soviet Union was a fixed and known geographical entity with reasonably well-defined limits and capabilities. Now, however, the West finds itself engaged in a battle of ideas with an entity that has no fixed geographic boundaries and no clearly defined objectives beyond vague statements about the rebuilding of the “caliphate.”

The struggle is clearly ideological and an asymmetric one. Raw power and advanced technology are not always useful assets in this duel. In fact, they can often prove obstacles to success. The requirements in this struggle are for openness, sharing and cooperation. Effective NATO application of NCW in this conflict can be achieved only if the “fine grains” of intelligence that are being collected by a multitude of agencies around the globe, can be assembled and collated. This would seek to produce a commonly shared and clear picture within which the coordinated yet independent actions of many can be taken against terrorism. The key is not the “need to know;” it is the “imperative to share.”

Tom Quiggin is a court-qualified expert in jihadist terrorism and a Senior Fellow at the S. Rajaratnam School of International Studies, NTU, Singapore.
© FrontLine Security 2008



Lessons from a New Brunswick Flood
© 2008 FrontLine Security (Vol 3, No 2)

New Brunswick is a relatively small jurisdiction, the third smallest in Canada, with a population of just 750,000. The lead provincial agency for emergency management is the New Brunswick Emergency Measures Organization (NB-EMO), with a permanent staff of nine people. On reflection, the province performed quite well during this year’s flood – far better than during a similar flood in 2005. We examine some of the interesting reasons why, and explain how the province is incorporating recent lessons learned to improve its emergency program for the future..

Like every other jurisdiction in North America, New Brunswick is now six years into the ongoing transformation in emergency management that began in the wake of the 9-11 attacks on Washington and New York. New Brunswick today is recognized nationally as a leader in emergency management, particularly in two specific areas of public emergency policy: critical infra­structure protection; and the use of information technology for security. This is the result of several key government decisions.

In 2000, the provincial government had ­integrated most programs related to public safety and security within a new department of Public Safety; this brought a strong focus to an area that had been decimated by program cuts during the 80s and 90s. Following the 2001 attacks, new government investments strengthened its capacity to assess threats and respond more effectively to incidents. Much of the investment was in new systems for information management, decision support and internet-based communications, along with the establish­ment of a Provincial Security Program, a Provincial Hazardous Materials Response Program, enhancements to Criminal Intelligence Service – New Brunswick, and a Critical Infrastructure Program.

In 2003, responsibilities within Public Safety were re-aligned to strengthen the role of the New Brunswick Emergency Measures Organization (NB-EMO) as the provincial lead agency for consequence management, while establishing a new provincial office, the New Brunswick Security and Emergency Directorate (NB-SED), to manage the security and critical infrastructure programs. Co-located, these two agencies share staff and infrastructure. They have worked together over the past five years to develop an integrated, “whole of government” approach to managing security events and emergencies, as reflected in the Provincial Incident Management System (IMS). Decisions are taken together and have enabled the province to assess threats and manage events better across jurisdictional mandates and levels of government.

Risk Assessment
In 2005, New Brunswick experienced a major flood which was more severe than predicted. It had been 11 years since the previous flood, and people were not sufficiently sensitized to a possible recurrence. Following the event, many complained that they had been surprised, suggesting government should have done more to prepare the public. In fact, government had been issuing flood warnings in the week prior to the 2005 event, but most failed to act, even when faced with an imminent threat. The 2005 experience identified two key concerns – a lack of preparedness funding, and weak coordination between local and provincial authorities – as significant obstacles to an effective and consistent response across jurisdictional boundaries. These issues resulted in variable levels of service, inconsistent messaging, public confusion, and general dissatisfaction with government efforts. The problems were compounded by a three-month delay in the announcement of government financial assistance, which gave the appearance that authorities had done little to help during the flood and were only doing so, grudgingly, after the fact.

NB-EMO’s principal advice to government this time around, was to make decisions early to provide a positive effect during the impact phase. Heeding this advice, Public Safety was directed to lean well forward – with a clear understand­ing that the provincial ­gov­ernment would help with both ­private and public response and recovery costs.

May 2008 - Flooded Church in Sheffield, New Brunswick.

The context of the 2008 event was a near record snow pack (twice normal) throughout the St John River Basin. Snow came early and stayed late. Based on past events with similar snow pack, officials expected flooding to approximate 2005 levels through­out the lower half of the basin, even without significant rainfall. This forecast was communicated to the media and the public well in advance.  

Due to the complexity of the impending operation and the ­significant threat to government operations and essential services, NB-SED undertook to manage an all-hazard intelligence (assessment) process for NB-EMO. This proved to be vital due to the sheer volume of information coming into the Joint Emergency Operations Centre. The Assessment Unit sifted multiple sources for trends and significant information, and provided a consolidated daily event summary and intelligence assessment forecast five days ahead. The assessment process included a detailed examination of threats to public safety and security as well as government operations, direct and indirect threats to critical infrastructure, as well as emerging trends and public attitudes.

Considering New Brunswick’s integrated approach to emergency management, critical infrastructure and security, NB-EMO and NB-SED assessed continuity and other risks (including strategic considerations) to government , lifeline services, people, property and the environment. This forecasting enabled officials to communicate societal risks, and target policy decisions regarding response and recovery issues, well in advance of the event.

Still-fresh memories of 2005 prompted provincial and local officials, and the public, to prepare for flooding many weeks in advance of the event. Responders in Fredericton and rural communities knocked on every door, assessed special needs and made contingency plans down to individual homes and farms. Provincial officials ran a daily information campaign that included strategic messages from the Public Safety Minister and Premier, supported by a continuous flow of emergency public information that was coordinated across federal, provincial, local and private sector domains. Officials emphasized that there would be a flood, even without rain, and that a significant rainfall could produce a flood event of historic proportions. This is in fact what happened.

Elsewhere, local authorities and responders scaled up in advance, implementing their respective plans for emergency services, evacuations, reception centres, emergency social services, and especially public communications. The Joint Emergency Operations Centre was activated in Fredericton, as were three District Opera­tions Centres to support the smaller and rural communities. Municipalities in Edmundston, Fredericton, Oromocto, Grand Bay-Westfield and Saint John activated their emergency operations centres. To support rural communities near Fredericton, the Oromocto Fire Department established an Integrated Command Post, which coordinated support from local, provincial and federal agencies, including the Departments of National Defence and Fisheries and Oceans.

The Joint Emergency Operations Centre (JEOC ) coordinated activities, information, and decisions along functional lines such as Executive, Management, Assess­ment (Intelligence), Operations, Planning and Com­munications. Consequently, we shared situational awareness, achieved ­consensus on issues and had good synchronization among the partners, particularly in public information. When asked by the Commander Joint Task Force Atlantic, what was the province’s centre of gravity, the Director NB-EMO answered, “Public confidence, and our main effort was information ­operations.”

Farmlands in the Maugerville area (just east of Fredericton) suffered severe flooding.

With these early decisions in place, the Premier was able to announce, on May 5th, just five days after the peak, a comprehensive recovery program, including details of a new disaster financial assistance program. Advance payments were offered and the first cheques reached clients 10 days later. Early decisions enabled concurrent response and recovery planning and assistance payments occurred in the impact phase, rather than six months after the fact, as happened in 2005.

Importantly, there were no deaths or serious injuries. This was due in large part to effective early warning and advice and well-coordinated rescue operations conducted by the Oromocto Incident Com­mand Post, largely with federal resources.

Canadian Forces members and industry volunteers joined forces during rescue operations in Burton, New Brunswick.

The need for rescue of people and livestock was anticipated well in advance, and 60 persons and 140 cattle were rescued over a 24-hour period. The north-west part of the province did not fare quite so well. The region was hit severely by a two-metre flash flood, the result of a 100mm rainfall in a 24 hour period. Flooding in that area came as a surprise to many, despite flood warnings, as there had been no previous history of such an event. People there were traumatized, but fortunately, no one was injured. Recognizing the potential loss of public confidence, the Premier, Ministers and provincial officials made the north-west their main effort in the days following and the situation quickly stabilized.

Ernest MacGillivray is the Director of Emergency Measures Organization in the NB Department of Public Safety. He is a former chair of the Canadian Council of Emergency Management Organizations, former Co-Chair of the National Senior Officials Responsible for Emergency Management and is current Canadian Co-Chair of the International Emergency Management Group.
© FrontLine Security 2008



Working for Public Safety
© 2008 FrontLine Security (Vol 3, No 3)

Have you ever found yourself, in an emergency, a few hundred yards away from a public safety colleague – police officer, fire fighter, or paramedic – yet unable to transmit vital information to him or her? It happens all too often. Radio systems, cell phones, PDAs, and other devices are not always configured, aligned or even designed to allow inter-agency communication. Often the communications are seriously limited by the available technology. At other times, the agencies lack the proper protocols, governance or knowledge of how to communicate with each other. Thankfully, that is changing. A new partnership is putting the spotlight on improving communications interoperability within the Canadian public safety sector An effective national interoperability plan for Canada is sure to improve matters in this domain for first responders from coast to coast.

The Canadian Interoperability Tech­nology Interest Group (CITIG) brings together representatives from public safety, industry, academia, government and non-governmental organizations to shape the future of Canadian public safety interoperability. Launched in April 2007, the CITIG has evolved into a partnership between the Government of Canada’s Canadian Police Research Centre (CPRC), the Canadian Association of Chiefs of Police (CACP), the Canadian Association of Fire Chiefs (CAFC) and the Emergency Medical Services Chiefs of Canada (EMSCC). Key federal partners such as Public Safety Canada, Industry Canada and the Royal Canadian Mounted Police also support CITIG’s role, direction and efforts.

National Forums Bringing People Together
Since its inception, CITIG has focused on bringing the right people together to get things done. One major step was the progress made on a national voice interoperability plan and other related initiatives. These began at the very successful Canadian Voice Interoperability Work­shop: A CITIG National Forum that took place in Ottawa, Ontario on March 27 and 28, 2008. That workshop marked the culmination of CITIG’s first year in existence. The work done there helped solidify the ‘business case’ for moving forward with a more cooperative approach to improve interoperability among public safety providers in Canada.

Building on this success, delegates will congregate again for Second National Voice Interoperability Workshop scheduled for December 7 to 10 at the Fairmont Royal York in Toronto (see www.cacp.ca for details). The preliminary agenda has been set; it includes speakers from Canada, the United States and Israel and an expanded technology exposition with many industry partners, and receptions on at least two of the evenings.

CITIG also continues its important information-sharing mission at the regional level. There have been six regional CITIG Forums – held in Toronto, St. John’s, Calgary, Edmonton, Vancouver and Saskatchewan. Next up is the CITIG Maritime Forum scheduled for October 16 in Moncton and a CITIG Forum set for November 25 in Montreal (for details and up-to-date information, consult www.cprc.org/citig).

Building a National Voice Interoperability Plan
Public Safety Canada (PS) is now working with CITIG on developing the Canadian Voice Interoperability Plan. With the help of PS and CPRC funding, a series of conference calls and facilitated sessions are being held with public safety practitioners across Canada to create the first “draft” of such a Canadian Plan. That draft Plan will be one of the main features to be presented at the Second National Voice Interoperability Workshop in December. Event delegates, expected to number approximately 200, will have an excellent opportunity to revise, refine, enhance and, hopefully, endorse the overall scope and direction of this Canadian Plan.

After the National Workshop, the Canadian Plan will be presented to the Executive of the main public safety ­associations for their comments and consideration. The goal is to have this unique draft plan – almost exclusively developed from the “bottom up” – presented to the Government of Canada by March 31, 2009. The intent would then be to send the Plan to provincial counterparts and other federal departments for their input and ­consultation.

Research Funding Hits the Mark
There’s been a lot of talk, but there has also been a lot of action. In fiscal year 2007-2008, the CITIG consulted broadly, and through the CPRC, supported a number of research projects. A call for proposals ran between September and October 31, 2007. Twenty-one proposals were received with a total value of funds requested at over $1.6 million. In the end, eight projects were funded to the tune of over $300,000. Each of the following projects responded to a clear need for research and development in the proposed area, was deemed to have a potentially significant impact on the state of interoperability in the public safety sector, and delivered specific interoperability outcomes – governance, standard operating procedures, technology, training & exercise and usage.

  • City of Ottawa Five-Year Interoperability Strategic Plan, Ottawa Police Service.
  • Creation of Radio Communications Interoperability Committee for the Province of Quebec, Sûreté du Québec.
  • Engineering and Planning of VHF Interoperability Pilot Programs, Emerg­ency Management BC.
  • Evaluation of the Interoperability Capabilities between the Montreal Police Service’s Centre de commandement et de traitement de l’information (CCTI) and the City of Montreal’s Centre de coordination des mesures d’urgence (CCMU), Service de police de la Ville de Montréal.
  • First-Responder Interoperability Study – Governance, Standard Operating Procedures and Technical Requirements, London Police Service.
  • North East Avalon Interoperability Study, Newfoundland and Labrador Fire & Emergency Services.
  • Public Safety Spectrum Requirement Study, York Regional Police.
  • Radio Interoperability Governance: Best Practice in Canada, York Regional Police.

This fiscal year will feature another call for proposals. The call will be specifically focused this time on the need to improve voice interoperability in Canada. The Canadian Police Research Centre initiated a new approval process for this year, vetted through a “Science and Technology Advisory Committee.” This Committee, with representatives from across public safety, government and academia, reviews project submissions and approves those deemed appropriate and required. The new submission forms and information packages will be available in the next few months.

May the Best Succeed
With the recent migration of the CPRC (and thus the CITIG) to the Centre for Security Science, research efforts are sure to be ­bolstered. The Centre is a joint endeavour between Defence Research and Dev­elop­ment Canada (DRDC) and Public Safety Canada. It provides science and technology services in support of national public safety and security objectives. It is part of the Government of Canada’s approach to public security science and technology and is one of seven research centres within DRDC, an agency of the Department of National Defence (DND). The CITIG surely stands to benefit.

Moving Forward
In April 2008, one year after its inception, CITIG won the national award for public safety from the Canadian Wireless Telecommunications Association (CWTA).

The award was made by CWTA, together with host sponsors Bell Canada, MTS Allstream, Motorola Canada, Rogers Communications Inc. and TELUS. This award is presented to outstanding orga­nizations that, in partnership with Canada’s wireless industry, make a significant contribution to public safety in their communities.

The CITIG is now an organization of over 300 members from the responder community, all orders of government, associations, academia, international organizations and industry. The CITIG has made major strides in raising awareness about one of the single most important issues facing first responders today – public safety provider interoperability. Most importantly, interoperability stakeholders from across Canada will benefit directly, and soon, from a National Voice Interoperability Plan. CITIG is alive, well, and most pertinent to the safety of all Canadians.

The CITIG (Canadian Interoperability Technology Interest Group) was created to raise awareness about communications interoperability for first responders in Canada. The CITIG aims to:

  • create forums for the exchange of information and ideas;
  • facilitate communications amongst Canadian public safety interoperability stakeholders;
  • bring together the collective wisdom of public safety and communications leaders and experts (best and brightest);
  • respond to regulatory issues that impact public safety communications;
  • provide a test bed where aspects of the five elements of SAFECOM®’s interoperability continuum (governance, standard operating procedures, technology, training & exercise and usage) can be understood, designed, tested, negotiated, implemented, trained, exercised, standardized or shared.

Suggestions, questions or concerns can be e-mailed to citig@cprc.org Visit www.citig@cprc.org

Lance Valcour, an Inspector with the Ottawa Police Service, is currently seconded to the CPRC as the Project Manager for CITIG. In addition to his long-time participation as a member of the CACP Informatics Committee, he has compiled over 32 years experience working in operational roles and led many technology-related projects both with the Ottawa Police and in the private sector.
© FrontLine Security 2008



The Mumbai Massacre
© 2008 FrontLine Security (Vol 3, No 4)

On November 27, 2008, while vacationing in Goa, India, I checked my email to discover a message from a friend in Toronto; he was inquiring if I was affected by events in Mumbai, 600 km up the road. Instinctively, I switched on CNN and immediately became aware that the city was under siege. Terrorists were killing innocent bystanders, destroying some of Mumbai’s landmarks, attacking Jewish ­residents and seeking out holders of British and American passports. As the day progressed, we learned of a band of terrorists assaulting the city from offshore, using high speed inflatable marine craft – the possibility of a similar scenario unfolding in my home community of Metro Vancouver during the 2010 Olympics was impossible to avoid considering.

The new geo-political reality in this world is that nations have to come to terms with such acts of terror and it is important that lessons are learned when they occur. The first reaction to such inconceivable behaviour, is to ask “why.” The second has to be a desire to learn how to manage the new reality of such occurrences.

Had the British given Dominion status to India when it gave such self-government to Canada, Australia, New Zealand and South Africa, it is conceivable that Gandhi’s vision of a united, pluralistic and peace loving society might have evolved. Instead, the British (Churchill) engaged in a policy of divide and rule, exploitation of Indian soldiers in World War II, and discriminatory racial practices towards loyal citizens. To begin to understand why the terrorists attacked Mumbai one must analyze events in the context of this history. Similar accounts of British and other colonial decisions underly terrorist insurgencies originating between the Pakistan/Afghan border and the Palestinian/Israeli border(s).

Dealing with the reality of such colonial history, and the terrorist hotspots it has spawned, requires a new approach in the defence of the nation state. Being familiar with the challenges Canada faces in coming to terms with this new reality, I felt compelled to make some comparisons with the Indian situation.

Canadian Comparisons
While acknowledging the significant differences in demographics, India and Canada share a similar pedigree with the British Empire. Both countries encompass large areas of the globe and are governed through a confederate parliamentary government connecting quasi-autonomous jurisdictions. Their coastlines require the need to maintain east and west naval theatres. These features pose similar challenges in developing any counterterrorism policy.

Noting that Mumbai houses the headquarters of India’s Western Naval Command, retired Brigadier Ian da Costa described the attack on the City as a major intelligence failure. He stated that several sources knew such an attack was imminent. Collaboration among government departments was not in place, nor was any one authority responsible for connecting the dots. Da Costa criticized the qualifications of those serving in intelligence, the strategic positioning of Commanders across India, and the absence of a rapid deployment capability in responding to such incidents. He called for greater collaboration among all sectors of Indian society, noting that the Taj Hotel, one of the terrorists’ ­targets, didn’t have a map of its premises when the Commandos arrived at the hotel. He described the need for a program that I consider similar to the “Harbour Watch” initiative being administered by the RCMP in the Port of Vancouver.

Da Costa’s account of the challenges that India faces further reminds me of the situation Canada hopes it has addressed with the establishment of its three Maritime Securities Operation Centres (MSOCs) and also Canada Command.

Mumbai and 9/11  
Commentary in the Indian media compared the Mumbai attack with the 9/11 attacks. However, such observations did not acknowledge the difference between administrations of law in India relative to the United States. Indian society seems to function more in accordance with the “law of the jungle” than “law and order.” This is clearly illustrated in the way people drive and the casual way in which police corruption seems to be accepted. Corruption is an integral part of Indian society, as anyone attempting to obtain a building permit quickly learns. Admittedly, no society is immune from such behaviour, but a credible assumption that the law is being administered fairly would appear to be the first step towards achieving national security. India’s culture of corruption could prove, in my view, a major impediment to its becoming accepted as a safe and secure society.

Formal Inquiries
Various inquiries into the Mumbai massacre are being established at the municipal, state and national levels. Calling on the Indian people to make sacrifices in order to avenge the humiliation of what happened in Mumbai, activist Dr. Oscar Rebello listed the following questions, some of which could have application outside India:

  • Are we prepared to reform our police force so that they don’t end up as mere bullet-proof vests for venal politicians?
  • Are we prepared to say an emphatic “No” to every form of corruption?
  • Are we prepared to honestly pay our taxes to ensure funding and modernization of our valiant armed forces and intelligence agencies instead of funding our overfed cricketers?
  • Are we prepared to educate and lift out of poverty the teeming unwashed millions who are easy recruits for any radical cause?
  • Are we prepared to adopt a zero tolerance policy towards anyone who subverts the law of the land?
  • If you are a Muslim, are you prepared to acknowledge this (the Mumbai terrorist attack) is the most vile form of Islamic fundamentalism that needs to be condemned as passionately (or more) as cartoons on prophet Mohamed?
  • Are we prepared to say that we do not need less politics but more political accountability?

Indian rhetoric about Pakistan’s involvement in the Mumbai massacre caused Pakistan to go on the defensive and move troops from its Afghan border to its border with India.

Observing the Mumbai attack while in India, has reinforced for me the importance of a society having strong and respected law enforcement capability if it is to counteract terrorism. Those working for the state must earn and deserve a reputation for integrity and fairness. Citizens must be encouraged to proudly respect those working in the service of the country – such is not the case in India. Terrorists with the intent to attack such a society need only have spare cash to find critical information and gain access to vulnerable targets.

If India is to achieve international respect as a safe country to visit and do business, questions such as those presented by Dr Rebello need to be addressed by all inquiries into the Mumbai massacre. The real test will be the readiness of foreign intelligence agencies to exchange information with India’s agencies. As long as there is suspicion that sensitive information could be sold or bought, India will be marginalized in the fight against global terrorism.

A Collaborative Civil/Military Response
As reported in the Hindustan Times (28 Nov 2008), the need for better organization and follow-up action plans were acknowledged by Ratan Tata, Chairman, Tata Group, owners of the Taj Hotel:

“We had a blast some years ago. We should have learnt to get a crisis infrastructure in place that could snap to attention as soon as something happens.”

With due respect to Mr. Tata, nobody could be totally prepared for what happened in Mumbai on evening of November 26, 2008. The incident should not have been allowed to get to the stage it did. Prevention of such incidents is beyond the expectation of private sector organizations. Prevention is dependent upon the national government’s intelligence capability, and its ability to respond accordingly. With its new antiterrorism laws, passed December 18 2008, India expects to be better prepared the next time.

Nationalism and Global Terrorism
Many articles following the Mumbai Massacre concluded with the battle cry “Jai Hind,” which means “Victory to India” or “Long live India.” This nationalist sentiment was particularly apparent in the speed with which India’s media accused Pakistan of being responsible for the attack. The Indian government, plus the U.S. and UK governments, expressed concern about possible involvement of Pakistan government officials in the attack.

The Pakistan government denied any direct involvement and responded by arresting Pakistani nationals suspected of being associated with the attack.

Indian rhetoric about Pakistan’s involvement in the Mumbai massacre caused Pakistan to go on the defensive and move troops from its Afghan border to its border with India. Such antagonism between both (nuclear) countries has an outdated sense of nationhood in this era of global terrorism. Pakistani troops are needed at their Afghan border to stop locally trained al Qaeda terrorists from crossing into Afghanistan. Any weakness in this defence places Canadian and other NATO troops at added risk from attacks by terrorists in Afghanistan. Such military manœuvring by Pakistan does not inspire confidence among its allies in the fight against terrorism, and could precipitate ­unilateral military action against terrorist locations within Pakistan.

Clearly, the Mumbai terrorists are geographically linked with Pakistan, as were those terrorists that attacked the London underground. However, Pakistan national pride appears to be more threatened by Indian rhetoric than associations with terrorist training camps.

During the peak of IRA attacks on Britain, the British Government never overtly accused the Irish government of ­initiating such acts of violence. Accusing a sovereign country of a terrorist attack has to be as close to a declaration of war as one can get. This just might be what the terrorists want to see happen; thereby making it easier for their brothers to attack Canadian and other NATO troops serving in Afghanistan.

Tim Lynch is a freelance journalist specializing in maritime affairs. www.infolynk.ca/bcmaritimepolicy.html Send comments to tim@infolynk.ca
© FrontLine Security 2008



Emergency Management Standards
© 2008 FrontLine Security (Vol 3, No 1)

The profession of emergency management is a recent development. Similarly, emergency management program standards are also relatively new.

In the winter of 2006, I conducted an assessment of published and available emergency management and business continuity program standards for the Canadian Standards Association (CSA) in order to prepare its staff for an ISO conference on developing an international emergency management standard. There were about a half dozen standards around the world at the time worth examining. In general terms, all were far from either being complete or representing the entire scope of emergency management. In fact, most were business continuity standards that had been adjusted in an “ad hoc” manner to include emergency management. This reinforced my previous experience, acquired as the deputy head of the Ontario emergency management organization in the 2003-2004 timeframe, when I looked high and wide for an appropriate standard. At that time, we determined that the best of the lot was the U.S. National Fire Protection Association (NFPA) 1600 Standard on Emergency Management and Business Continuity Programs. It also seemed beneficial, from a North American perspective to try and integrate our proposed standard with that of the United States.

However, we felt that the NFPA 1600 was lacking in many ways. So, we set out to become part of the NFPA 1600 Technical Committee to influence the development of the next standard to be produced. Previously, only two Canadians had been on the NFPA Technical Committee. We were able to increase the Canadian representation to four (out of 30) representing the private sector and the municipal, provincial and federal levels of government.

At the time, we involved the Canadian Standards Association in our work, since they were preparing to revise their emergency preparedness and response standard. CSA became the “driver” to integrate the Canadian and American standards and worked closely with the NFPA to that end. What initially seemed an impediment was the “cycle” of amendment. The deliberations to amend the current version of NFPA 1600, which occurs every five years, was deemed out of sync with CSA and Canadian needs.

Nonetheless, work continued. The revised version of the NFPA standard has been published, while our Canadian version is now in final draft. In fact, this proved a blessing in disguise, since it gave CSA the opportunity to improve on the layout and context in many areas.

It is fair to say, however, that both standards are now “harmonized.” This is a very significant step and, in my opinion, the CSA standard is an improved version of NFPA 1600 without sacrificing any of the detail. Congratulations are in order for all members of the CSA Technical Committee for their commitment and integrity in this task.

Developing the New Canadian Standard
Public Safety Canada and the Canadian Standards Association worked closely together to create the new voluntary Canadian National Standard for Emergency Management and Business Continuity Programs, Z1600-08.

The goal of the project was to develop a high level standard that integrated emergency management and business continuity programs. This is consistent with international trends and has provided a much-needed opportunity and reason for collaboration among diverse stakeholders in both the public and private sectors in Canada.

To achieve this goal, CSA was able to reach an agreement with NFPA to use the NFPA 1600 Standard, Disaster/ Emergency Management and Business Continuity Programs, as a base document for the development of this Canadian standard.

The NFPA Standard is a high level comprehensive framework that integrates emergency management and business continuity, provides a common language, and incorporates a risk-based all hazards approach similar to the needs of the current Canadian emergency management practice.

The Canadian Standard
The new Canadian Standard, Z1600-08, will provide guidance for organizations in the public and private sectors to properly develop, implement and maintain risk-based all hazards and comprehensive ­(prevention, mitigation, preparedness, response and recovery) emergency management and business continuity programs.

As a significant added benefit, it will ensure a continentally harmonized approach that will serve Canadians well in the North American context.

The development of Z1600-08 represents a very significant milestone in the evolution of the emergency management profession in Canada and the integration of North American standards. Users can feel confident that the standard is both user-friendly and current with modern emergency management trends. It tells professionals “what” must be done without being prescriptive in nature. Although one might not agree 100% with every item, it has covered the field better than ever before. A process also exists to provide comments and stimulate further discussion for the next edition based on practical experience in the application of this edition.  

Doug Harrison was a member of Emergency Management Ontario for 15 years and retired as the Deputy Chief (Acting Chief) in 2005. He is now President of Georgian Emergency Management & Associates. For information on CSA’s Emergency Management program, contact Ron Meyers at 416-747-2496 or at ron.meyers@csa.ca
© FrontLine Security 2008



Supt Michel Aubin
Ecstasy Canada Inc?
© 2008 FrontLine Security (Vol 3, No 2)

In the Drug Situation Report – 2006, the RCMP presented for the first time the troubling fact that: “Within a two year period, Canada has reversed its Ecstasy supply pattern status from an import and ­consumer nation to a major ­production and export country.” ­Continued smuggling of the MDMA precursor chemical MDP2P from China to Canada in 2006 confirmed heightened domestic Ecstasy manufacture.

This house was destroyed when chemicals in the drug lab exploded. Adjacent homes were also damaged.

In an article entitled Altered Ecstasy from Canada Flooding U.S., the National Post (4 January 2008) reported that “the White House is blaming Canadian drug traffickers for flooding American cities with a pumped-up, addictive form of the club-drug Ecstasy and has issued a public health warning over the ­“dangerous new drug threat coming from Canada.” In fact, it appears that this type of “super” drug never existed and that John Walters from the U.S. Office of National Drug Control Policy retracted on this issue. However, recent seizures – such as $2M in ecstasy pills from a Canadian in California, and $31M worth of drugs destined for Australia from Canada – indicate drug export remains a thriving trade.

FrontLine Executive Editor, Clive Addy, spoke with Superintendent Michel Aubin, the Acting Director General in charge of Drugs and Organized Crime at RCMP, to get an update on the situation and determine if indeed Canada is a major supplier of this and other drugs that would confer upon it the dubious title of “Ecstasy Canada Inc.”

Question 1: Thanks, Superintendent Aubin for agreeing to help us shed some light on this issue. This is troubling, as it appears that we ­continue to be seen as a major exporter of both ecstasy and cannabis with many of their newer and more dangerous deriv­atives. Did this trend continue and what, if any, special ­measures are being contemplated to reduce this?

Allow me to first thank FrontLine for taking the time to report upon this situation. Canada has been producing marihuana in excess of our domestic need, and exports to the U.S. were occurring – despite efforts by law enforcement agencies on both sides of the border to curb this problem. The most recent RCMP Drug Situation Report states that there has been a reduction – by half – in the number of seizures of cannabis by U.S. authorities along the Canadian/US border. We attribute this result to our increased surveillance, enforcement activities, and the corollary deterrence that this places on producers and distributors. Combined initiatives with our stakeholders in BC, as an example, have caused a large number of grow operations to move out of urban areas on the West Coast. It is important to keep in mind that, although we continue to export marihuana to the United States, we are a comparatively small provider.

In relation to the issue of ecstasy, our situation has reversed itself from that of an “importing and distributing” to a “producing and exporting” entity. More specifically, other countries such as Australia, United States, Japan, New Zealand are all reporting seizures of ecstasy ­originating from Canada. For the benefit of your readers, it is important to note that ecstasy is a synthetic drug produced from a number of chemical products, referred to as “precursors,” which are either diverted from their intended legitimate use or are directly purchased for the production ecstasy.

The production of ecstasy has always included the presence of many byproducts, including methamphetamine. Nowadays, the substitution of precursor chemicals due to unavailability could affect the number and variety of these byproducts.

Home-based synthetic drug lab. (Photo: RCMP)

The RCMP, in partnership with other agencies such as CBSA, closely screen for the importation of these precursors. As an example, a recent major seizure (of some 3 tons), capable of producing 30 million ecstasy tablets, was effected at one of our major ports.

With our US counterparts and other stakeholders, we have increased significantly the surveillance of component chemicals originating from various sources. This is a broadening of the National Chemical Diversion Program that has been in effect since 1995. However, we have recently increased capacity and resources as part of our National Anti-Drug Strategy. Further, we have broadened the expertise of our drug investigators through training on these matters. With international partners in the US, Europe and Asia, we also take part in working groups of law enforcement, other government agencies and private industries such as the National Chemical Diversion Working Group and our work with the Canadian Association of Chemical Distributors. This has resulted in a significant reduction in the diversion of domestic source chemicals in the last two years. As well, we are partners in the US National Methamphetamine and Chemical Initiative along with Mexico, Germany, India and China. It is obvious to us all that, in the matter of ECSTASY and methamphetamines, South East Asian crime cartels dominate the market in chemical precursor products and the production of the drugs in clandestine labs across our country.

By focusing our efforts and capitalizing on our partnerships, there have been minimal increases in the number of illicit drug producing labs over the past five years. Although the production size of these labs has increased, the RCMP has been very successful at disrupting very significant organized crime groups profiting from synthetic drug production over the last year. Many of these matters are still before the courts and, therefore, we cannot provide further details. However, many of these operations that were interdicted contained pill presses capable of outputting millions of tablets. In 2005 and 2006 the RCMP intercepted and seized several tons of precursor chemicals thus preventing over 65 million dosages of Ecstasy from reaching our communities.

Question 2: Can you elaborate on the mechanisms and ports of entry used by these cartels and what actions you have taken and what you consider needs to be done yet to thwart both the external and internal traffic in these drugs and their components?

Canada is not a precursor chemical producing country. The diversion of these chemicals for illicit purposes often begins in source countries such as China and India. The RCMP has liaison officers in both countries working hand in hand with their law enforcement counterparts and private industry to ensure that these chemicals reach only legitimate companies. Many poten­tial chemical diversions have been thwarted in the source country through our global efforts to monitor the trade in precursor chemicals, ­preventing them from ever reaching Canada’s shores.

Ecstasy seized by BC RCMP officers. 

Here in Canada, the RCMP works with CBSA to ensure that chemicals reaching our shores are destined for legitimate trade. Our monitoring allows us to find shipments of precursor chemicals misdescribed on shipping documents. The RCMP also works in partnership with Health Canada and the Canadian Association of Chemical Distributors to prevent such diversion of domestic chemicals. This program has been a success.

The fight against the production of ecstasy is not undertaken solely by the RCMP. Most major police agencies in Canada and the U.S. are also involved.

Question 3: The 2006 report mentioned air and marine modes of trafficking as well as land based tractor-trailer. Recent US Customs and Border patrol reports also speak of continuing illegal drug smuggling cross-border. It would seem then that a mobile border patrol (intelligence-led) with a marine component supported by surveillance capacity would be essential to interdicting this activity. Perhaps, inland marine interdiction is also required. For instance, Commissioner Elliott recently described marine surveillance on the Great Lakes-St Lawrence system as 'inadequate'. What might you be contemplating or requesting as a concept in this realm with our neighbors to the South to correct this?

One of our most effective initiatives has been the Integrated Border Enforcement Team (IBET). It is viewed by all police forces involved as an ongoing and critical component of our international border integrity program.

It is recognized nationally and internationally as the most effective and efficient means of harmonizing local, national and international law enforcement efforts to protect the citizens of Canada and the US from potential threats of terrorism and organized crime.

This integrated, multi-agency law enforcement initiative facilitates intelligence sharing, and enhanced cooperative efforts among the core partners: Royal Canadian Mounted Police, Canada Border Services Agency, US Customs and Border Protection/Office of Border Patrol, US Immigration and Customs Enforcement and U.S. Coast Guard. It also encourages the involvement of municipal, provincial, state, federal and First Nations’ law enforcement agencies, ­stakeholder agencies, and related government departments. Under the IBET program, unprecedented integration has been established and critical intelligence is developed and shared on ­targeted cross-border criminal activity. IBET teams are multidisciplinary (weapons, drug and dangerous goods trafficking, human trafficking, smuggling) in nature – they can thus confront any type of criminal activity crossing the border.

The IBET is intelligence-led and much more effective than simply patrolling the border hoping for a chance encounter with criminal or security activity.

Pill stamps seized in drug bust by RCMP in BC.

The links between place, crime, control measures and national identity are becoming more complicated, especially at the border. To a greater extent than ever before, crime and control measures are not always linked to one national ­territory. Instead, criminals exploit international borders, turning the seams between states into operational barriers for effective law enforcement.

During August and September 2007, 50 

RCMP and United States Coast Guard officers operating in support of existing Integrated Border Enforcement Teams (IBETs) conducted a pilot project intended to change the course of ­traditional policing along the shared maritime boundary between Canada and the United States. For two months, in two locations, these officers became “shipriders” – riding together on the same patrol boats and fully empowered by the laws of both Canada and the United States to enforce the laws of both countries.

“Shiprider,” as the program is called, intends to remove the international maritime boundary as a barrier to policing and to deny smugglers and other criminals the illicit use of shared waters. Prior to “Shiprider,” two vessels and crews, one Canadian and one U.S., were needed along the boundary line. Now, one crew of cross-designated and jointly trained officers with authority and jurisdiction on either side of the border can patrol both Canadian and U.S. waters, pursuing suspect vessels wherever they flee and working with land-based patrol officers and investigators in support of established IBETs. Negotiations to institute a permanent “Shiprider” program continue.

In addition, Federal Budget 2008 provided funding for the establishment of a permanent Great Lakes/ St. Lawrence Seaway Marine Security Operations Centre (GL/SLS MSOC), designed to ­further enhance the security of Canada’s marine transportation system and borders. The MSOC includes, and serves, the core ­federal partners from the Departments of National Defense, Fisheries and Oceans, Canadian Coast Guard, Transport Canada, Canada Border Services Agency and the RCMP. The ­primary function of the MSOC is to enable all to work ­collaboratively to prepare and distribute consistent, timely and useable marine intelligence, information and data to all enforcement agencies. MSOCs on the east and west coast are being fully developed under DND, while the Great Lakes/St.Lawrence Seaway MSOC is led by the RCMP.

 In summary, the RCMP has a border security strategy that is predicated on maximizing the use of intelligence, ­technology, partnerships and human resources to target ­individuals and organizations exploiting potential gaps along the border.

Question 4: What is your estimate of total production in Canada of ecstasy and, of that, how much is consumed internally, exported to the U.S. and/or exported elsewhere?

Home production drugs sealed.

It’s impossible for me to provide you with a pertinent estimate. However, it is fact that we have become and remain a producing and exporting country while meeting domestic demand. That being said, it is also important to note that the RCMP is focusing in on this problem nationally, and has undertaken specific initiatives to investigate criminal groups involved and eradicate the supply of amphetamine stimulates on the domestic and international market.

Question 5: What major trends in illegal drugs generally do you consider the greatest threat to Canadian security and the health of Canadians now and in the coming three years? Are we really “Ecstasy Canada Inc.” in the eyes of our allies and neighbors, and what does this underground drug economy do to our legitimate one in these more stressful times?

Criminal groups focus their effort on the most lucrative activities. Our studies show that these groups rely on drug related activities for upwards of 80% of their income. The RCMP has identified the production of ecstasy as a major drug concern and, in turn, is focusing its efforts on the criminal groups involved. It is working with domestic and international ­partners to restrict the supply of the precursor chemicals.

 Regardless of the drug produced, trafficked, or exported, the reality is they all have various adverse effects on the consumer’s health. In addition, lab operators are using more varied and dangerous methods of amphetamine synthesis. These labs contain explosive, flammable, ­reactive, carcinogenic and toxic chemicals. The threats from explosion, fire, poison gas, groundwater contamination and hazardous byproducts associated with “Clan Labs” are likely to increase with the proliferation of synthetic drug manufacture. There have been a number of cases of exploding labs in residential or other high-density areas.

Who could guess there was a Lab on the 4th floor of this apartment building?

These drugs also have a significant impact on our economy. They cause increased expenditures on health care for the addicted and their families, on law enforcement agencies who investigate the ­criminal groups involved, on the costs to the justice system and on the ­correctional services, to name but a few. Criminal organizations and their members also access our sound financial ­systems to launder their ill-gotten gains. They do so by ­corrupting individuals within the financial industry. This is a daily challenge for law enforcement. To combat it requires not only our coordinated efforts, but also the alertness and involvement of all in its prevention.

The three pillars of our National Anti-Drug Strategy, are Awareness, Treatment and Enforcement. Law enforcement is most effective when it can count on the assistance of the public at large.

© FrontLine Security 2008



Success or Failure?
© 2008 FrontLine Security (Vol 3, No 3)

The intelligence needed to support our national security interests, is becoming increasingly difficult to acquire. Today, national security ­intelligence has to be developed in a complex and uncertain world where the rate of change in the external ­environ­ment makes past experience of increasingly questionable value.

Ironically, as more international knowledge is required for national security intelligence, the sources of intelligence will be closer to the front lines of the struggle.

Previously, national security concerns were related to sovereignty, border security and internal security matters. Now, the intelligence role is being forced to expand rapidly. Additional national security areas of interest may now include transnational organized crime, transnational terrorism, supply chain security, pandemics, ­natural disasters, economic challenges and threats, man-made ­disasters and the politics of identity.

Currently, most national security threats are asymmetric in nature. In general, it can be stated that an asymmetric threat is one that avoids attacking the strongest points of their adversaries while seeking to exploit vulnerabilities in the weakest points. An implicit premise exists therein whereby there is an element of surprise not just in the timing of the attack, but also in its method, means and goals. The instigators of an asymmetric threat also expect that many attacks and incursions will be required over a long period of time to break down the will of the stronger power they are attacking. Victory, for the attacker, comes not from battlefield success, but from this gradual wearing down of will.

Knowledge is the most effective weapon when confronting asymmetric threats. Power, of itself, is not only insufficient, it can prove both ineffective and counterproductive. Likewise, technology alone is not the answer. Western society’s inter-dependence on technology often leaves us more vulnerable, rather than better protected.

The knowledge needed to prevail in the face of asymmetric threats must come from a variety of sources. Key among them are frontline sources such as local police, customs and border personnel, as well as our own citizens. In the past, most success in counter terrorism, for instance, has come from the front line. The best-known case is probably that of Ahmed Ressam, stopped at the American border on his way to attack the Los Angeles Airport. Other lesser-known cases were the disruption of the attempted Jamaat al Fuqra 1991 attack on Toronto and the interception of would-be 9/11 hijacker Mohamed al-Qahtani in August 2001.

With specific reference to terrorism, it is clear that the nature of intelligence gathering and processing has changed. In the past, many terrorist groups were developed with clear structures and organizations that could be clearly identified and then tracked. These groups also had clear political agendas. Designing an intelligence collection program against them, though challenging, was conceptually straight forward. Due to the success of the attacks against Al Qaeda in Afghanistan and investigations in other countries, Al Qaeda and its inspired followers have since mutated their structures and organizations. These non-state limited terrorists no longer have a clearly definable structure and organization, nor do they have a clear political agenda – other than some vague ideas about restoring a caliphate. Recent attacks such as those in London, Madrid, and Mumbai have been planned, financed and executed by locally formed groups acting without central direction. These groups lack the structure and organization that was typical of earlier ­terrorist groups.

The newer groups leave a smaller “intelligence” footprint and tend to radicalize quicker. The time period from initial planning to attack is growing shorter. As such, collecting intelligence against such groups requires a different approach. Since contemporary terrorists groups do not have the formal structures of previous groups, intelligence collection efforts have to be recast in order to mirror more closely the groups they are working against.

Given the disparate nature of such groups, the raw “fine grains” of intelligence must be collected as close to the front lines as possible. This raw intelligence must be integrated across the artificial boundaries of the various agencies as quickly as possible. Without this integration at the front lines, the value of this raw intelligence will likely be lost, as will the clarity of the picture it produces. Attempts to centralize the process of intelligence analysis and control it from one office are oxymoronic.

It is important to bear in mind that all knowledge is contextual. Without a close understanding of the local issues, sensitivities and cultural norms, the value of intelligence can be lost. In order to get the best value from collected information, the individual doing the analysis must have a thorough and deep understanding of local matters and an understanding of the issues at stake.

Another key issue to getting better value from intelligence is diversity in personnel. The intelligence community should have different groups or individuals working on the incoming data to produce a diversity of views on the future threats that may be faced. If all the analysts have a similar background, they will likely all produce the same results. A diversity of minds will have a better chance of detecting upcoming threats and problems than a homogenous group of individuals. Diversity in analysis should not be seen as a human rights issue or hiring balance issue; it should be seen as an issue of operational effectiveness. In short, hire more brown guys!

The ultimate frontline intelligence challenge will be to develop effective sources and agents in Canada’s diverse communities. This implies the need for a sustained program of effective and genuine community engagement. Police and intelligence services must have extensive consultation and involvement with the public they are intended to be serving. Without a sustained program of engagement, no linkages of trust or understanding will be built. Most critically, the community engagement effort must be genuine. If the effort is neither genuine nor sustained, the community will sense this and the gap will grow rather than decrease. Intelligence and police services must occupy the moral high ground in order to attract and sustain the confidence of all communities.

The future is at the front lines. It seems counterintuitive at first glance, but the fact is that the greater the level of globalization, the greater the need for police and intelligence officials to know their local neighbourhoods.

From a policy point of view, it is clear that the funding, training and personnel allocation issues need to have a greater focus on the front lines – where success or failure will occur. It is in our own com­munities that peace, order and good government begins and where intelligence to sustain it is best gathered. It is also from a home-grown threat that we may suffer the most.

Thomas Quiggin is a regular contributor to FrontLine Security, a court expert on jihadist terrorism and Senior Fellow at the S. Rajaratman School of International Studies, NTU Singapore.
© FrontLine Security 2008



Maritime Piracy: The Evolving Threat
© 2008 FrontLine Security (Vol 3, No 4)

Piracy on the high seas has been making the news headlines; most notably with the audacious hijacking in November of the Saudi-owned super tanker Sirius Star. At present the vessel, together with its multinational crew, languishes off the Somali coastal town of Hardeheere while negotiators attempt to reach an agreement with the present illegal custodians over a ransom payment for its release. The Sirius Star is just one of many vessels hijacked in recent times by pirates operating from Somali coastal towns and ports. In order to set in place the most effective defence and security measures to use against these pirates we must understand who they are and how they have been able to achieve success. There are unavoidable shipping routes within the ranges of pirate groups, so we must gain a thorough understanding of pirates' attack methods to enable us to best protect our vessels and develop successful countermeasures.

A History of Somali Piracy
The Somali pirates we see riding the seas in powerful speedboats bristled with armaments have their origins in a much simpler way of life. Over a period of several years, evolving circumstances have morphed these hardy seafarers from simple fishermen protecting their territorial fishing grounds into armed gangsters holding the power to disrupt the global economy with a single act. The escalation of the region’s piracy and the evolution of the pirates can be linked to the overthrow of Somalia’s President Mohammed Siad Barre in 1991 by warlord clans and the subsequent and protracted demise of the country’s economic and social infrastructure.

From 1991 until 2006 pirates have honed their techniques and developed their tactics to match their victims’ capabilities and responses. There is no shortage of potential victims either, found amongst the abundant and largely defenceless stream of international shipping traversing the Gulf of Aden and the seas off the Somali coast. Driven initially by economic need and then emboldened and encouraged by the relative ease of earning very large sums of money, pirates quickly developed their trade into a profitable and attractive career. With success, however, has come a long list of beneficiaries from the fruits of extortion, which may include some of the Somali extremist militant jihadi groups.

In 2006 however, the situation changed when the Islamic Courts Union (ICU), advocating a moderate form of Islam, attempted to establish higher degrees of security and implement the rule of law in their areas of geographical influence. Piracy seemed in decline for a while. It was a temporary respite however, because that same year, Ethiopia invaded Somalia, ousted the ICU, and confusion and lawlessness reigned once again, as it still does today.

The main perpetrators of piracy, based on the eastern coast of Somalia, are identified by the area they operate from and the group they are affiliated with. There are four main groups attacking international shipping in this way. The most effective and prominent such group is the Somali Marines – sometimes called the Defenders of Somali Territorial Waters – was responsible for 80% of shipping attacks during 2007 and operates from the coastal towns of Haradheere and Eyl. Other groups include one from the port of Marka (Marka Group) and one from the port of Kismayu (National Volunteer Coast Guard). Both are somewhat less organized than the Marines and tend to target smaller vessels. Both Marka and Kismayu are controlled by a spinoff of the ICU, the Islamic militant group al Shabaab (The Youth – the subject of an HMS Special Report: The Somali Jihadi Threat, 12 November 2008), that has been linked to the Sirius Star incident as one of the profiting organizations should the ransom be paid. The final group is a loose collection of pirates called the Puntland Group. They suffered a rare setback in April when Puntland security forces stormed  a hijacked vessel and arrested seven suspected pirates after a prolonged gun battle.

Piracy Tactics and Techniques
The success of these pirates is based on their complete understanding of the waters they operate in and the knowledge that the majority of their intended victims are not equipped or trained to repel them. Even if boarding attempts fail, which they do frequently, attention can be quickly turned towards other, less prepared ­targets.

The Liberian-flagged oil tanker MV Sirius Star is at anchor 19 Nov 2008 off the coast of Somalia. The Saudi-owned crude carrier was hijacked by Somali pirates on 15 Nov, about 450 nautical miles off the coast of Kenya, and forced to proceed to anchorage near Harardhere, Somalia.

The pirates’ method of attack is fairly predictable: shadow, chase and board. The majority of actual boarding attempts are completed in under 40 minutes. Pirates employ fast speedboats in their attacks – normally two or three, but sometimes more. In one case, 10 speedboats were employed in a swarming attack. Mother ships are almost certainly in the vicinity. launching the attack craft, providing logistic support and controlling the overall situation. Mother ships are usually dhows or fishing craft, although in one case a covered raft was reported as providing such support.

Weapons are commonly carried by the pirates and are frequently used to intimidate the crews. Automatic assault rifles of the AK-47 variety and rocket propelled grenades with high-explosive anti-tank (HEAT) warheads are most prevalent. Other types of weapons are undoubtedly available but as long as success is achieved with the current armaments, an escalation in this area is unlikely. According to a recent HMS Maritime Special Report (Weapon Effects, November 2008), the RPG round is designed to penetrate military armoured vehicles and in ideal circumstances can penetrate between 30 and 60cm of homogenous steel, depending on the warhead series and the range it is fired at. In most of the reported cases, where rounds struck the ship (usually in the bridge or accommodation areas) minor damage was sustained, but on occasion fires were started.

Successful Escape
Analysis of 59 attacks between February and September 2008 showed that Somali pirates were successful in boarding 41% of the vessels attacked during that period; the majority of which were either general cargo (including container ships), or tanker vessels. A combination of increased speed and evasive manœuvring were shown to be the most effective methods of avoiding ­capture by those able to escape attack. Also successful in repelling boarding attempts were the use of fire hoses directed at the attackers or a preemptive muster of the crew on deck, thus showing the attackers that the ship will not be a soft target and that boarding will be repelled by a trained and determined opponent. For these methods to be successful, however, early recognition of the threat is crucial.

The Belize-flagged cargo ship owned and operated by Kaalbye Shipping, Ukraine, was seized by pirates 25 September and forced to proceed to the Somali Coast. (Photo: U.S. Navy)

One other major factor in achieving a successful escape is the master’s judgement of the likelihood of being boarded, balanced against the consequences of resisting the pirates. In all attacks processed, despite the pirates opening fire on the vessel in most cases, no injuries were reported and no significant damage sustained.

Masters who recognized that they were about to be attacked, or identified suspicious craft and took appropriate action, usually made their escape.

Effective Countermeasures
The employment of security guards on board ships sailing in high-threat areas is now being hailed as a possible solution to this increasing problem. In reality, however, this may not work as anticipated. In incidents seen so far where pirates were repelled, the bravery and determination of the master and his crew were often beyond what could be reasonably expected. What advice and guidance can a hired security guard (possibly with little maritime experience) offer a seasoned master who has already received instruction from his company security officer (CSO) and P&I Club?

Clearly, such duties require a broad skill set, including specialist training and a full briefing of the rules of engagement. Such a position requires an appreciation of the reaction and repercussions of their action, and an understanding of risks to master and crew if the need to open fire arises. Security guards may be an option if they are in sufficient numbers and prepared and equipped to meet the threat of lethal force wielded by the attackers. Otherwise, we may see more of them opting to jump over the side once the pirates’ determination to board is tested and found not to be wanting.

It appears the real solution to piracy is to create a climate where piracy is no longer seen to be practicable. This would mean political stabilization of the country of Somalia, creation of a viable economic base, and re-implementation of the rule of law on land and at sea. At this time, such a climate is unlikely in the near future and in the short and intermediate terms, foreign warships and company or IMO-recommended anti-piracy measures will be the order of the day. As far as tactics and measures to be employed by a master preempting the possibility of an attack, this is an issue of effective crew training and being prepared in command and control techniques, capable of application of a coordinated response and good seamanship.

Pirates seized a Panamanian-flagged vessel and held the 23-man crew hostage in Somali territorial waters. Between January and October 2008, Somali pirates had reportedly hijacked more than 30 ships.

Understanding piracy and terrorist threats and trends, and having usable mari­time intelligence to support decision making at all levels towards initially planning the voyage and then preparing for a possible attack is crucial in mitigating against or avoiding attack altogether. By having the correct level of crew training and relevant countermeasure equipment, while being prepared in the operation of the equipment, and displaying a visible anti-piracy capability, the master may deter the attackers, who after all, have no shortage of vessels to try their luck.

Sustainable Resolution
Piracy on global trade routes can have an almost instant damaging effect on the world’s economy, although at present it is unconfirmed whether this is even a concern of the pirate groups. The international community is responding to the current threat at sea on the Indian Ocean and in the Gulf of Aden, but this is surely a temporary solution to a problem that requires far more resources than are available or willing to be committed at the present time. In the short term then, the best we can do is equip and train personnel in techniques and procedures that have been shown to work in practice, with early recognition of the threat and avoidance of the situation paramount in reducing pirate successes in all areas.

Adrian King joined HMS in 2007 as a Maritime Consultant supporting the development of clients’ maritime counter terrorism capability. HMS, part of the Allen Vanguard Group, a premier supplier of integrated counter-IED training, research and consultancy. HMS created and maintains TRITON, the world’s largest open source database of terrorist incidents.
© FrontLine Security 2008



AComm Bud Mercer
The V2010 Olympic Integrated Security
© 2008 FrontLine Security (Vol 3, No 1)

Canadians are looking forward to celebrating and participating in the Vancouver 2010 Olympics and Paralympics Winter Games.
All eyes will be on Canada – the venues, the sports, the ­athletes, the entertainment, and the safety of the Games. Hosting thousands of visitors, athletes and VIPs in an era threatened by global terrorism, increased criminal and fraudulent activities, and home-grown radical multi-issue movements is a challenge to both local authorities and law enforcement agencies. They remain committed to provide the safest and securest environment in 2010. Allowing the world to focus on human achievement – the sports and athletes – while security personnel ensure the safety and security of all is the balanced and measured approach adopted by the Vancouver 2010 Integrated Security Unit (V2010-ISU).

The V2010-ISU is an integrated security team led by the Royal ­Canadian Mounted Police (RCMP). RCMP Assistant Commissioner Bud Mercer has been assigned the mammoth task of overseeing ­security aspects for the 2010 Olympics. He sat down to discuss how all levels of governments and business partners are preparing to secure the Olympics in an innovative Canadian way.

Bud Mercer
Assistant Commissioner Chief Operations Officer Integrated Security Unit V-2010 Winter Olympics RCMP “E” Division

Bud Mercer’s career spans 31 years through which he has served Canada from the Atlantic to the Pacific, the far north, and points between. In the last 7 years, he has served at Command and Executive levels. He has represented the RCMP in various capacities while working and pursuing educational opportunities in the U.S., Europe, Asia and Australia.

Prior to assuming responsibility for the Integrated Security Unit for the Vancouver 2010 Winter Olympics, he held the positions of the Deputy Criminal Operations Officer responsible for Federal Policing in the province of British Columbia, the Operations Officer for the Lower Mainland District in the Province of British Columbia, the Officer in Charge of the Upper Fraser Valley Regional Police Service, the Officer in Charge of Chilliwack Detachment and a Patrol Duty Officer at Surrey Detachment.

In October 2007, Assistant Commissioner Bud Mercer transferred to his current position as the Chief Operations Officer for the ­Vancouver 2010 Winter Olympics, Integrated Security Unit.

Q:Assistant Commissioner Mercer, from a security perspective, how do the Vancouver 2010 Winter Olympic Games differ from previous international events held in Canada?

First of all, we have to talk about the Olympic Games themselves. The Olympic Games are a sporting event. Our goal is to provide security for a safe and secure Winter Games, on behalf of the athletes, the visitors, the Olympics families, and the ­residents of Vancouver and the Lower Mainland. Our objective is for those visiting the Games to remember the mountains, the scenery, the athletes, the gold medals and the celebrations. We want them to remember the 2010 Olympic Games as a sporting event, not a security event. That is the real challenge. What makes the Games different now is that the world really has changed. Past events of 9/11 and 07/07 in London are real reminders that we have to pay attention and work in an integrated manner with all of our partners. We also have to ensure that the measures and the levels of security we take are appropriate given what is going on both at home and abroad. That is the challenge.

Q:Canadians have great expectations for the success of the coming 2010 Winter Olympic games, what are some of the security preparations to date?

The Vancouver 2010 Integrated Security Unit is first an integrated unit – that is our strength. It is led by the RCMP, but includes Vancouver City Police, West Vancouver Police, the Canadian Forces, and other law enforcement partners. Although the Integrated Security Unit has grown exponentially over the years, it has been in ­existence since 2003 and we have progressed in our planning, bringing on other partners as appropriate.

Q:What types of exercises are being prepared to practice elements and procedures for securing the 2010 Games?

Our exercise schedules are integrated with our partners. Several exercises address internal security of systems, but we will also include exercises where we test our systems and our operational assumptions with our federal, provincial, municipal and international partners.

Where it is appropriate, we will be participating in integrated exercises which include all of our partners. Olympic security planning cannot be described as standard security planning, so there are no standardized exercises.

Q:The RCMP is engaged, along with other private and public partners in the Olympic planning operation and coordination. What are the practical challenges faced to date in coordinating with other ­departments and levels of government?

I think the greatest challenge is simply the size and magnitude of the operation. There are many challenges, but none of them are insurmountable. The challenge itself comes from the sheer size of the operation and the number of governments and private sector partners involved. These are very positive challenges that we are resolving as we progress.

Q:What coordinated measures are taken to avoid the risk of creating public safety gaps during the course of the sporting event?

The structure of the Vancouver 2010 Integrated Security Unit is specifically designed to eliminate gaps. We are fully integrated – not only with our security ­partners, but also with our public safety partners at the federal and provincial levels. The Integrated Security Unit coordinates its planning with that of our partners, and vice versa.

Q:What mechanisms have been established to strengthen the security coordination network between all partners involved in the security preparations?

That is a huge question, as you can imagine. We sit on a number of federal, provincial, local and international committees to ensure that our efforts are aligned and coordinated. In addition, our exercise regime for the next two years will ensure that our systems are prepared and that our efforts are aligned, tested and coordinated.

Q:Do you have any particular concerns regarding the security preparations for the 2010 Winter Games?

There are existing systems in place, within the RCMP and within our law enforcement partners, to coordinate and educate all of our partners to be watchful and vigilant.

Our operations plans have gone through a number of revisions and are continually being reassessed internally and externally. I have absolutely no doubt that we will be ready when the time comes.

I think Canadians should and will be proud of the balanced, measured approach that the Integrated Security Unit is taking in security planning. It is my hope that Canadians, athletes and visitors will remember the 2010 Olympic Games as a sporting event, and that they will remember the gold medals and the athletes, and the beauty of British Columbia and of Canada.

Josué Kibambe Muaka Bambi is a Research Analyst – FSWEP, Protective Policing, RCMP NHQ. He is a Master’s Candidate in Criminology at the University of Ottawa.
© FrontLine Security 2008



Climate Change
For the good of all, it is time to adapt!
© 2008 FrontLine Security (Vol 3, No 2)

Last year, the Intergovernmental Panel on Climate Change (IPCC) published its Fourth Assessment Report – Climate Change 2007 (http//www.ipcc.ch/). They, and former Vice-President Al Gore Jr., were later awarded the Nobel Peace Prize. Much controversy has since resulted, but clearly, the climate of the Earth is changing at an unprecedented pace. The impact could be devastating. Major threats to public safety, security and ­emergency response must be addressed urgently at strategic, operational and tactical levels so that we can ­mitigate causes and adapt to inevitable changes.

Much of the controversy that followed the scientific publication is ill-founded or intentionally misleading, ignoring the “Scientific Method,” the most powerful intellectual tool invented by western civilization. Science, when properly done, requires open disclosure, skeptical thinking, and testing.

Regrettably, most published criticism has been qualitative and subjective rather than quantitative and objective.

The IPCC reports consolidated the independent work of more than 1,200 authors and 2,500 scientific expert reviewers from more than 130 countries. The primary conclusions of the Working Group I (Science) are that:

  • It is “very likely” (>90%) that emissions of heat-trapping gases from human activities have caused most of the observed increase in globally averaged temperatures since the mid-20th century.
  • It is unequivocal that our climate is warming, with atmospheric concentrations of carbon dioxide and methane exceeding the natural range over the last 650,000 years. Concentrations of these greenhouse gases have increased at a rate which is very likely to have been unprecedented in the past 10,000 years.
  • Temperatures are the highest since worldwide measurements began in 1850. The intensity of tropical cyclones has increased over the past 30 years. Parts of Africa, the Mediterranean and southern Asia have become drier. Droughts have become longer and more intense. Snow cover, mountain glaciers, and Arctic sea ice declined. The world’s oceans have absorbed more than 80% of the additional heat, causing levels to rise. Melting glaciers and the Greenland and Antarctic ice sheets have also raised levels.

Clearly, climate change is happening, but a determined campaign of disinformation has been unleashed upon us to raise doubts. Much of it originates from organizations responsible for greenhouse gas emissions, according to a list published by the Union of Concerned Scientists. Examples include a deceptive campaign, the “Petition Project,” that included an article mimicking the journal of the National Academy of Sciences, which disclaimed any connection to the fraudulent article. Some of the most intense lobbyists had earlier spearheaded tobacco industry denials, using similar disinformation techniques.

Scientific studies have not refuted the science reported by the IPCC. Quite the contrary, some recent studies show that the IPCC was overly conservative in its ­projections and that climate change is going faster and getting worse than anticipated (for example, the melting of the Greenland ice sheets and Arctic polar ice).

The almost 26,000 data series examined by the IPCC reveal changes consistent with expected responses to global warming; regions that warm the most suffer the greatest change. Past greenhouse gas (GHG) emissions will unavoidably raise the global temperature average another 0.6 degrees Celsius, now at approximately 0.8 degrees above the 1901-1950 average.

As temperatures rise, hundreds of millions of people will experience worsening water shortages. Drought-affected regions and those dependent upon glacial melt are most at risk (western North America). Crop yields will decrease with severe weather conditions. The world already sees riots caused by food shortages, especially in areas where political structures are unstable or oppressive.

If the Greenland and West Antarctic ice sheets were to melt into the ocean, worldwide sea levels would rise by about 7 to 12 meters. Current sea level rise is already affecting low lying areas like Bangladesh.

The influx of cold Arctic melt-water could affect the “Atlantic thermohaline ­circulation,” decreasing the warmth of the Gulf Stream and plunging Atlantic Canada and northern Europe into much colder temp­eratures. The oceanic multi-year ice and Greenland ice-cap are melting faster and are at greater risk than projected by the IPCC.

Oceanic and atmospheric circulation patterns have already shifted and are likely to create more frequent and intense weather-related events. We may have seen such an impact in the deaths of over 100,000 people in Burma from cyclone Nargis.

North America will experience lengthened fire seasons and pest infestations (such as the mountain pine beetle). Consequent degradation of forests will only add to the atmospheric CO2 burden.

Some animal species will be at increased risk of extinction through depletion of habitat or inability to adapt to rapid environmental change.

We can expect these factors to result in increased rates of death, damage, disruption, starvation, disease, injuries, social unrest, and even war in various parts of the world.

For our own security and prosperity, we must develop plans and methods to minimize the impact of climate change and to reduce GHG emissions.

The IPCC Working Group III Report identifies a number of strategies to avoid the most severe impacts of climate change.  The Stern Review on the economics of climate change estimates that if we don’t act, the overall costs and risks of climate change will be equal to losing at least 5% of global GDP each year. Given a wider range of risk and impact, the damages could rise beyond 20%. In contrast, the costs of mitigating action and adaptation can limit the loss to 1% of global GDP each year.

Among economic strategies to reduce GHG emissions are cap-and-trade markets, carbon taxes, and voluntary reductions aimed at more efficient energy consumption.

It is clear to the scientific world that we need to urgently direct hundreds of billions of dollars in research and development of less damaging energy sources like nuclear fission and fusion. Plug-in electrical vehicles could reduce CO2 emissions significantly, given nuclear sourcing.

We cannot afford to wait for impact mitigation strategies. This is particularly true because of expected exponential growth in GHG emissions from emerging countries like China and India, building a couple of coal-fired plants each day.

In the face of inevitable near-term con-sequences of climate change, we also need adaptation strategies. The Government of Canada has produced a comprehensive document titled From Impacts to Adaptation: Canada in a Changing Climate, involving over 30 expert editors and authors (http://adaptation2007.nrcan.gc.ca).

The single most effective strategy for adaptation is management of risk, especially identification, analysis and objective evaluation. However, there are barriers, such as access to knowledge, data and decision support tools; regulations or legislation limiting options; societal expectations; and ignorance.

A wealth of data is available to anyone, unfortunately, most of it is in proprietary form or requires significant pre-processing, thus limiting it’s accessibility and potential usefulness.

Governments can assist by mandating the use of existing open information standards. Available data repositories include location and time-specific climate and weather data, GHG emissions, energy availability, consumption and pricing, and other measurements such as Arctic ice coverage and thickness.

Existing interoperability standards need broader acceptance (for example, National and Canadian Geospatial Data Infrastruc­ture and Object Management Group C4I interfaces).

Within North America, regions will be subject to differing pressures.

In the North, where climate change is most severe, water shortages, melting perma­frost and sea ice will strain infrastructure, transportation and resource accessibility. Toxic waste and excessive water consumption by tar sand extraction have already exacerbated health and abundance prob-lems. We will need to invest in construction and application of more efficient technology to overcome these problems.

Along the Atlantic, sea levels will threaten infrastructure and may require re-build­ing or diking. Changes in weather severity may also threaten flooding, increased storm surges and erosion.

Québec, Ontario and New England, heavily dependent upon hydroelectric power, will find that reduced water flows create difficulties; forcing re­duction in consumption and initiatives to avoid on-peak usage through intelligent control systems built around knowledge of climate and electrical energy pricing and availability.

The 2001-2002 droughts in the prairies had a $5.8B impact on Canada’s GDP. Increased fires, droughts and water shortages will have severe impact on food production although this might be alleviated slightly by longer growing seasons in northern regions. We should encourage more localized food markets and avoid diverting needed food resources to the extremely inefficient production of subsidized biofuels.

On the west coast, reduced water flows will encourage hydroelectric consumption efficiencies. The forest industry has been badly crippled by infestation, fire and over-logging. We may need to renegotiate trans-border water and lumber agreements.

Most at risk globally are states with fragile capabilities or unstable government. We can expect a need to avoid and contain starvation and disease while managing ­tensions introduced through population migration. We will see increasing demands for humanitarian relief, peacemaking and protection from terrorism.

Climate Change poses some of the biggest security threats ever to challenge civilization. We need dramatically improved education about the risks, and a determination to avoid them and lessen their impact. Fortunately, much preliminary work has been done. What is needed now is the ­committed public and political will to push forward.

A graduate from Royal Military College in Mathematics and Physics, Mr. Alan P. Burke is the President of Orcagis Inc., focussing on zero-defect software development and modelling in the fields of public safety, public health, energy and the environment.
© FrontLine Security 2008



The Intelligence Rut
© 2008 FrontLine Security (Vol 3, No 3)

The assumption stated above is misleading though many, including some ­intelligence producers and consumers, believe that is indeed the only true role of intelligence organizations. Numerous articles and books dedicated to the subject of “intelligence failures” clearly illustrate that in many cases, the needed information is collected, however, ­neither the collectors nor analysts are able to recognize the importance or meaning of much of that intel.

In order to avoid such failures, security and intelligence organizations need to place increased emphasis on the real intelligence mission of providing, and in many cases ­creating, knowledge and understanding of new challenges and threats, such as home grown terrorism. Intelligence resources must not focus solely on the increased collection of information by either overt or covert means, but must also create learning and knowledge strategies that will facilitate understanding of the security threats to Canada by both our producers and consumers of intelligence.

To manage these new risks successfully, intelligence producers and consumers must acknowledge that they cannot deduce proper intelligence merely by measuring newly ­collected information against existing knowledge templates.

The understanding necessary to produce updated, revised and appropriate templates can only result from new levels of knowledge. Intelligence organizations tend to fail when not meeting the challenge of incorporating all implications from the new levels of intel being uncovered. They often focus on quick band-aid type solutions to produce reports at short notice and of short term value, or largely based on historical information with little existing ­educational knowledge of much use to consumers.
The real key to the long term intelligence challenge is “knowledge creation.” For example, new security issues and risks demand new understanding. Home-grown terrorism is an excellent example of a requirement for this new knowledge and understanding. Intelligence and security organizations, as well as their consumers, need to address this issue if they are to avoid future failures and have any long term success in providing the required degree of understanding.

Two significant risks have, in the past, prevented such successful understanding. First, there is the difficulty of gaining the required level of knowledge to successfully interpret any and all collected information. Second is the challenge of ensuring that the consumers of any such analysis completely understand what they are receiving. While historically, intelligence organizations have tried to address the acquisition challenge regarding the issue of knowledgeable understanding, they have, for a number of reasons, tended to take the view that their mission ends once intelligence reporting and analysis has been delivered to the consumer.

When new security challenges are presented to security and intelligence organizations, they can either establish new methods of collection of information, or as more commonly happens, redirect and alter the priorities of existing methods and sources. A great deal of attention and resources are directed to this effort, normally resulting in increased funding and assignment of more collection requirements. This inclination is based on the presumption that more information was needed to meet this new challenge and avoid any surprises. Focusing solely on a potential lack of information as the main problem to managing risks posed by new threats deflects attention away from the ­possibility that faulty analysis or decision-making prevented a proper understanding of new developments. A more balanced approach is called for. Resources would often be more effective if directed instead toward concentrated analysis of the ­gathered intel, to gain a clearer picture of the situation.

While the collection of information by all means, whether covert or overt, is a vital part of knowledge building, equally important are capturing existing knowledge, even outside intelligence communities, and seeking new knowledge that enhances our understanding. It is dangerously presumptive to assign, as is the norm, a low priority to pursuing new knowledge that leads to improved understanding wherever it can be found. This often becomes the major overlooked cause of many intelligence failures.

The tendency for intelligence organizations facing new challenges is to assign responsibility for collection and analysis to those with some level of existing knowledge and experience. Additional resources may also be brought to bear over time, but the impetus is to quickly ­produce any reporting that provides clients with the minimal level of understanding needed to grasp the risk.

This reporting usually takes the form of an historical review, ­followed by lists of future probabilities and information gaps. The focus then becomes filling in the gaps, which usually takes the form of specific questions. While useful for focusing attention, this process has the unfortunate effect of creating an impression that understanding can be achieved and risk managed by filling in the gaps. It also creates an impression that the new threat to security is immediately “knowable” if only the collectors can gather all the information needed to fill the gaps. This is very rarely the case.

It is rare for collectors to gather entirely complete and precise information concerning the capabilities and intentions of any potential security threat. Instead, bits and scraps of information, sometimes connected and sometimes not, are usually assembled, and these may or may not actually assist in understanding the exact risk. Therefore, intelligence and security organizations’ biggest challenge is making sense of the information collected and then understanding the precise nature of any security threat and consequent future developments. In reality, to successfully manage this risk and avoid intelligence failure, a deliberate strategy must be developed early on – one aimed at creating processes for learning, and creating new levels of understanding through building new knowledge.

This strategy must include identifying existing sources of knowledge and methods, but more importantly, methods and tools for both identifying new sources and for growing new knowledge and understanding. Identifying new sources includes both covert and overt means. In most cases intelligence agencies focus, at least initially, on establishing new covert means and only turn to overt means as a secondary resource. This is commonly driven by the belief that the aim is to address specific gaps rather than the larger task of gaining understanding and knowledge with respect to the new security challenge.

This approach has historical roots in the past, when information and knowledge were difficult to acquire, either because they were being withheld by others or were just not widely available. This presumption is now being stood on its head, today, there is a vast amount of information readily available to those who can sift through it to find valuable items that lead to knowledge. Never has there been an era where so much information is available – but so little is actually transformed into useful knowledge. To sift effectively through the mountains of information openly available to all, intelligence agencies must reach out to knowledgeable experts who can make the best judgements as to what has value and meaning and can advance understanding. This requires going outside the intelligence community itself as new challenges arise, something that most have been reluctant to pursue. While some change has taken place, it is usually neither quick enough nor sufficiently profound to achieve the desired understanding of new security issues.

The most effective means of creating new knowledge and understanding is through the contact and interaction of knowledgeable experts. Historically, this is the case in other fields such as medicine and other sciences. Intelligence agencies need to identify knowledgeable experts and develop programs that bring them together, either for relatively short periods, such as at conferences, or by hiring more than one expert to develop such intelligence. While one part of the organization focuses on the immediate need to respond, another must focus on developing a knowledge strategy that generates a plan for longer term growth of understanding. Progress here is difficult to achieve without experience, though new security risks demand that we do.

Just as many industry leaders have recognized a shift in their core business – from a manufacturing base to a knowledge based economy – so must intelligence leaders. These intelligence professionals must realize that their business is not just about uncovering secrets but about obtaining knowledge and understanding that guides leaders to more appropriate  action. To avoid failures of the past, and to meet the new security challenges, the focus must change. The emphasis of our ­agencies must be urgently re-oriented toward ­creating wholistic intelligence knowledge strategies.  

George Kolisnek is a former Director Strategic Intelligence at NDHQ Ottawa and Senior Policy Advisor in the Security and Intelli­gence Secretariat PCO. He is currently a Senior Research Fellow at Carleton University’s Canadian Centre for Intelligence and Security Studies.
© FrontLine Security 2008



Partnerships to Emergency Preparedness
© 2008 FrontLine Security (Vol 3, No 4)

Natural and man-made disasters don’t recognize political boundaries; the path of a radiological plume will not respect a port of entry. Border communities share many of the same concerns, but there are also some unique conditions that require innovative initiatives from multiple partners. Increased security requirements have heightened ­tensions at the borders that prior to 9/11/01 were easily resolved with local cooperation. At every level of ­government, the United States, Mexico, and Canada struggle to determine acceptable levels of disaster preparedness between border communities.  ­

Congress, for example, passed Joint Resolution S.J. RES. 13, granting its consent to the International Emergency Manage­ment Assist­ance MOU (Memorandum of Understanding). This provides a mutual assistance compact between the states of Maine, Rhode Island, New Hampshire, Vermont, Massachusetts and Connecticut and the Provinces of Quebec, New Brunswick, Prince Edward Island, Nova Scotia, and Newfoundland. This pact offers the possibility of assistance when asked by the affected jurisdiction(s) during natural or man-made disasters, as well as technological hazards or civil emergency aspects of resource shortages. This document allows for inter-jurisdictional planning, gap analysis, procedural development and review, training, testing, recognition of licenses and permits, and procedures for reimbursement – making it a viable umbrella framework that can be supported by respective governments for application at each border venue.

Such a framework should be available to all of the border states and provinces throughout the United States, Mexico, and Canada, thus providing each border community the authority to customize within the framework to best suit their specific needs. States would then have flexibility – within Federal parameters and endorsed by both governments – so that policies can be molded for each area, as dictated by the region.

The California/Mexico border has ­different concerns than, for instance, Washington/Canada, which again has ­different concerns than Texas/Mexico, and so on. By having a basic structure that includes core responsibilities, border communities can prepare for crossborder ­emergencies in a manner that establishes a modicum of political and practical unity.

There is no doubt that each government desires to “do the right thing” when it comes to emergency preparedness and response. The struggle becomes the definition of “the right thing.”

Not all border communities are able or willing to agree with each other on their respective responsibilities regarding humanitarian or other aspects of emergency ­preparedness and response. Because of this, each community, on both sides of the border, should have ample flexibility to generate policies and procedures that best serve their populations while adhering to basic national tenets.

Emergency preparedness is an essential element to a successful response. Planning, training, and exercising (coordinated under an endorsed framework by each government) is a monumental first step in achieving the dialogue necessary to address policy and procedural questions prior to a catastrophic incident.

Key Questions
Important questions in such discussions should include: what is the role of the first responder during a catastrophic incident that has created panic on both sides of the border? Does local law enforcement have a role at the port of entry? Weapons are prohibited entry into the southern border; is there an expectation of assistance without protection? Can response vehicles travel between the ports of entry uninhibited, or do they need to meet certain requirements? Are crossborder medical credentials recognized during such an event? What about controls for medical supplies such as blood and medicines? What will be the documentation requirements between countries for first responders? What will documentation requirements be for those fleeing danger, or a perceived threat of danger? Is there an obligation to address the emergency needs (food, medical, shelter) of ­citizens first before allowing others to seek services?    Or the more general: does it make a difference? And, who makes that decision?

Communications is another area where there is little standardization in crossborder practices. Does the cost to adjust systems to become interoperable outweigh the benefit? Can shared protocols be used? Is it possible, or desirable, to have a shared common op­erating picture with each other? How much situational awareness is appropriate? What information can and should be shared?

In the event of a public health or other emergency, either natural or man-made, the possibility of thousands of frenzied people flooding to the borders is very real. Some may be contaminated and/or injured. Is crossing the border an acceptable evacuation route? Who will be allowed to cross? Will there be any change in documentation requirements? If decontamination is necessary, how and to whom will those services be provided? People will be looking for family members who are on opposite sides of the border that day, demanding reunification. What basic policies are in place to address such guaranteed outcomes?

Depending on the event, there could be miles of motorized or foot traffic, hindering or stopping the flow of emergency support into these border communities. Without a flexible approach to crossborder preparedness that is both known and ­practiced, there is increased risk of escalating the crisis.

Private Sector Role
The private sector has an important role in crossborder emergency preparedness as well. Critical infrastructures are not the same internationally, so early coordination and cooperation is essential for the continuity of services and protection of key resources. Cooperative co-development of continuity plans and prior agreement on roles and responsibilities will allow the private sector to be that much ­further ahead when a catastrophic incident impacts both sides of the border.

Policy Provides a Baseline
Crossborder emergency preparedness policy is inconsistent at best, nonexistent at worst. Federal policy framework should be developed to apply a uniform baseline to crossborder emergency response to natural or man-made disasters (including a nuclear event, earthquake, or pandemic). Such a baseline policy must be flexible enough, while maintaining some degree of con­sistency, to allow border communities to ­continue their efforts to assist during ­crossborder emergencies.

In order to assist in a catastrophic event, border communities, as well as states, provinces, and national governments must be able to identify needs, roles, and how laws can be changed, created, and barriers dropped to enable successful crossborder planning, training, exercising, information sharing, and communications.

Jill Olen is the CEO of The Olen Group, LLC, a consulting firm specializing in public safety and homeland security issues.
© FrontLine Security 2008



Ward Elcock
Federal Security Support to the 2010 Olympics
© 2008 FrontLine Security (Vol 3, No 1)

Mr. Elcock is a respected veteran of security matters in the higher levels of the federal Public Service, having headed CSIS and been more recently the Deputy Minister of National Defence. FrontLine Security’s Executive Editor, Clive Addy, welcomes his perspective as a follow-up to our recent edition on the security of the 2010 Olympics.

Canada's Meaghan Simister is introduced to the media in the Ice House at Canada Olympic Park at a conference to kick off the 2007-08 World Cup season.

Q:What do you see yourself bringing to the security table to ensure the safety of Canadians and participants at the 2010 Olympics and how would you define your role?

Well, I have been in the security and defence fields in the federal government for some 15 to 20 years and have been working at the Deputy Minister level since 1989. Essentially, I suppose that my background is as good or better than anyone’s for the task ahead of ­coordinating federal government security support to the Vancouver 2010 winter games. I know how Ottawa works and can be made to work, such that we get the best level of cooperation from all federal authorities, departments and agencies. I would define my role essentially as that of a facilitator and coordinator of this federal government support.

Q:What do you see as the challenges and the threat to the security of the Olympics at the National level and what responses from the various departments and agencies of the federal government would you expect to be available to handle these?

As you will understand, we are not, for obvious reasons, about to talk about the precise nature of any threat at this or any time. In reality, we have two years to narrow down the precise nature of these threats as the Olympics approach. At this juncture, of course, there is knowledge in many federal departments about the potential span of such threats; in DND, CSIS, RCMP and Public Safety, for example, ­possible threats are well known and ­monitored. The approach at this stage is to operate at a potential medium threat level with the ability to scale up or down as required, and as we define the threat more narrowly when closer to events.

The structures that we have now, through international partnerships and domestic capabilities will, I am sure, provide a pretty good idea of what the threats will be, be they criminal or terrorist.

There are other positives that we must recognize as well. First, these are winter games and, as such, these are normally smaller and thus potentially less complex to secure than the summer games. However, it is still important to protect against the unexpected or uninvited guest. Work to secure venues and identify any surrounding critical infrastructure that may require protection is well underway.

I see this work as an iterative process to build a layered security approach and applied as the evolving threat level might require. The federal agencies play a significant role and do a good job in this definition of these threat levels. They may also play a major role in preventing, mitigating and responding to any threats.

Q:How do you see your office fitting into the planning and operations for the actual delivery of security within the three levels of governments and other international agencies involved?

Our office is relatively new, created last October and only really getting up to speed in the last month and a half. It currently consists of seven personnel. It is established within the Privy Council Office (PCO) whose responsibility is that of coordinating all the policies, resources and activities of the federal government. My specific function is to bring a coordinated federal response to the security challenges of the 2010 Olympics, within this multi-dimensional framework of public and private interested agencies such as VANOC, the IOC, the governments of BC, its local municipalities and the participating countries, to name the most evident.

Canada's ski jumpers, Stefan Read (Top 30 in Torino) and Kate Willis (currently ranked 7th overall in world rankings) are photographed at the Hinterzarten Summer Grand Prix.

PCO is the key integrating agency in the government of Canada and it makes sense that they perform this function on this file. That said, as the integrator at the federal level I have been most impressed by the excellent coordination done on their own by federal departments to date. They are working well together. They have set up a series of issue specific inter-departmental working groups dealing with security and other issues. All continue to deliver good support. I have people from our office involved as necessary in these groups and we have already been able to expedite what would have been more difficult issues had we not been there. We do not put ourselves between departments and their work with other governments or agencies; we do help ensure that these links work effectively and we facilitate the resolution of any obstacles that either side may encounter. Sometimes, however, they do need someone such as us to expedite or resolve certain difficulties between other stakeholders when they arise. We provide much appreciated value-added in these security preparations, as I am sure we will in operations when the Games begin.

Q:What are, in very general terms and in your view, the major security command and control challenges of this event?

As I indicated, we do not ourselves do security. We facilitate security efforts between federal departments and between them and outside agencies. This, of course, will remain our major function as part of the command and control during the events themselves. I am sure that there will be challenges in this realm. The key element to ensure the effective awareness and timely reaction to any events of a security nature in these Olympics is the Integrated Security Unit headed by the RCMP. There is a sophisticated joint structure responsible for the Games themselves, but essentially the Integrated Security Unit is the actual executor. We will remain available to them and the rest of the organizations to assist with expediting interdepartmental action federally. There may well be a time when my presence is required in BC more frequently and, if so, I will be there to do so, but the nature of my enabling function will not change. From my perspective then, I see that the Command and Control function is developing well and should thus able to face all challenges.

There will be a calendar of exercises of varying levels and complexity leading up to the Olympics that will ensure that we test this system more rigorously to ­reassure ourselves that we can meet such challenges. We will of course be part of some of those.

Q:What security innovations (technology or others) might we see to ­afford better coverage? For example, biometric watch lists, improved maritime and airport scrutiny?

I consider that the accreditation system for the Olympics is the most vital area. We must have the best possible screening of applications and ensuring accredited access where and when permitted.

I am sure that we will be able to improve upon previous Games. I do not think that we will have biometric accreditation at these Olympics, but we can no doubt expect evolutions in this realm in future Olympics, both in the review of the accreditation applications and in their form and use.

As to other concerns about potential terrorism or criminal activity in the greater Vancouver area concurrent with the Games, to take advantage of the availability of world-wide media, I recognize that no screening system is perfect. There are, ­however, different levels and methods of screening that can be triggered by threat alerts of different types at ports and points of entry on the one hand, and, on the other, local law and order forces will be prepared to take on such extra risks. I consider these measures to be adequate. In any event we will most likely be training for such occurrences during the lead-up exercise ­calendar and reinforcing any perceived or real shortcomings.

Q:What permanent security spin-offs might result at the national level from this preparation and the establishment of security infrastructure for these games?

Anytime you do something big like the Olympics, it takes you through to a bigger level of experience and expertise. It’s something equivalent to, instead of acquiring knowledge at the grade school you are doing so at University level. It gives people more experience of working at that higher level and the consequences of that down the road are positive as you go forward because you have a large bunch of people who have been through this gigantic exercise. They are more confident about how they work together and know how to work together. These are of course intangibles but they are certainly important to our future collective security knowledge and expertise. One has to renew these types of big events from time to time to maintain the currency of this valuable expertise. This is the major beneficial spin-off as I see it.

Canadian World Cup team members from bobsleigh, skeleton and luge pose at the top of the Olympic Track at Canada Olympic Park in Calgary to celebrate Dow Chemical sponsorship announcement in support of all three sliding sports.

As well, there will no doubt be security material, cars and so on, and facilities or technical systems that will be of use and benefit to the security authorities and others after the Games. These systems will, of course, have to be “ever-greened” in any case the farther along we go before another major event.

But essentially, it is the great intangible multi-level benefit to all of working through a major event such as this and the depth of expertise that it creates, that is the greatest residual value-added in my view.

Q:What closing reflections can you share with our readers?

I believe that we are filling what was a real need for a federal coordination agency at this level. It was unfair to expect the RCMP or even Public Safety to carry out this ­function, but I must say that I am most impressed that people were and continue doing what they are supposed to be doing and doing it well. We look forward to a ­successful event.  

Clive Addy, Executive Editor of FrontLine Security magazine, thanks Ward Elcock for taking the time to meet with him.
© FrontLine Security 2008



Hazardous Materials Exercise
© 2008 FrontLine Security (Vol 3, No 2)

Most firefighters today receive training that meets the objectives of the First Responder Operational level. Among the many tasks assigned to personnel at this training level are establishing scene control, initiating an incident management system, and performing defensive control functions and emergency decontamination procedures. Training involves classroom and hands-on skills to ensure students are fully capable of performing these and many more vital tasks necessary to ensure that the initial stages of a hazardous materials (hazmat) incident are handled safely and effectively.

Photo: Ted Ostrowski, DRDC

Although a hazmat team may be called to the scene of a major incident to perform offensive leak control procedures, firefighters will often be on-scene long before. First arrivals most often include EMS personnel, who may or may not be from the same agency as firefighters, along with local and state/provincial law enforcement ­officers. In addition to the hazmat team, other resources required at the scene of any significant incident often include: cleanup contractors; personnel and equipment from public works and environmental quality agencies; local government officials; representatives of the “responsible party” or the person or group who either owns or is ­otherwise in control of the hazardous ­material that was released.

To coordinate the many entities involved in this type of response, most localities have developed an Emergency Operations Plan (EOP) that spells out, in some detail, each agency’s responsibilities. This plan will likely refer to the role of local firefighters, but how many firefighters know the details of this plan or even its existence during their training? If they did learn of the plan, have they ever participated in an exercise to reinforce knowledge of their role and learn about the role of others? And if EMS personnel and police officers have no training in the plan, how can all of these agencies be expected to perform as a cohesive team during a hazmat emergency?

Without the benefit of joint training before an incident, personnel will likely assume their roles as they believe them to be, which can have negative consequences. For example, it is important to know who is responsible for scene control and who is in charge of the incident, as there will be many questions. Who is responsible for cleanup of spilled material; will first responders take on this often-dangerous task themselves? Will there be a battle of wits between firefighters and law enforcement over whether to close a road? Does law enforcement know about the fire department’s incident management system? Police officers may refuse to take direction from anyone other than their sergeant or lieutenant; the orders of a local fire chief may mean little. Who is responsible for emergency decontamination? If it’s the fire department, are rescue squad members aware of this? Do rescue squads provide their members with personal protective equipment, including a self contained breathing apparatus? Do the local hospitals have decontamination stations available up at the entrance to their emergency room? What if responders need the public works department to dig a retention basin using heavy equipment? Are respiratory protection or personal protective equipment needed during this activity? Do public works department employees have access to this equipment and have they been trained in its use?

Photo: Jean Lalonde

Without the benefit of advance planning, too many fire chiefs just assume that their personnel and those from other agencies will know what to do. The real world may spell out a different story – one that could result in injury or death to first responders. And the postincident critique will probably bring many of the problems encountered to light, with more than one suggestion for improving future operations. The unfortunate reality is that promises to correct deficiencies will soon be forgotten, that is, until the next incident and the same issues reoccur.

Why Wait for an incident?
Don’t assume that everyone knows what to do. Conducting a simple, yet effective exercise can be the answer. For years, fire departments have conducted drills for structure fires and vehicle extrication, yet when it comes to drilling for a hazmat incident, the initiative all too often stops.

Do firefighters feel compelled to wait for their emergency management officials to initiate an exercise, or are they overwhelmed by the seemingly daunting challenge of coordinating a multiagency event?

Without a doubt, local fire departments members are fully capable of conducting a tabletop or even a full-scale exercise without spending a lot of money. However, the success of any training exercise of this magnitude will involve time and energy. This investment has a guaranteed high rate of return!

As a result of a multiagency exercise, firefighters are likely to develop long-lasting working relationships with many others whose expertise and resources can mean the difference between success and failure in the future. During an exercise, each agency will have the opportunity to develop the trust of others in their capabilities by allowing personnel to demonstrate their knowledge, skills and abilities.

Furthermore, no one with any degree of real-world experience can deny that the individual personalities involved in an emergency response will play a role in how the incident unfolds. Those attending an exercise will learn about the personalities of other agencies’ representatives. Some may have large egos that need to stroked, some may refuse any advice if it doesn’t agree with what they already believe to be true, some may need to let everyone know how much they know, some may like to be in charge regardless of their rank, some can’t tell you the time without also telling you how a clock is made, and some cannot (or will not) make a decision without first asking permission. It’s better to know these traits before everyone meets on the street at 3:00 a.m. during an incident involving an overturned truck that displays “Poison” placards, and you learn that you can’t get anything done because the guy from the public works department is a jerk – of course, he may think the same of you.

Photo: Ted Ostrowski, DRDC

To be successful, any exercise requires planning. Although a tabletop exercise might be conceived and executed within a few months, planning a full-scale exercise involving the response of apparatus and hands-on participation by personnel may require at least six months. Although this might seem challenging, especially for volunteer fire departments that may already have too much to do and too few resources – the alternative is to learn during an actual event when there may be a high price to pay for a less-than-stellar performance.

Remember too, that most exercise design will focus on a local disaster of some sort, but if the design is not executed properly, the exercise itself can become a real-world disaster, much worse than the one you attempted to simulate. Results could include injuries to participants, lack of critical resources, and confusion resulting from the community and other public safety agencies mistaking the exercise for the real thing. These types of problems, and many more like them, are preventable by using a simple 10-step method for exercise design.

This proven program has been used by local fire departments with a great deal of success. Planners are also reminded to provide refresher training prior to the exercise to better prepare participants for their roles and ensure that everyone is poised to achieve their assigned objectives.

Plan for Success
A key consideration of the 10-step method is that planners are encouraged to develop an exercise that is winnable. Anyone can design an exercise that can push first responders to the breaking point and beyond, yet a desirable exercise is one that is realistic, reinforces positive behavior, and leaves participants with a sense of accomplishment rather than failure.

  • Identify exercise goals. Is the exercise required by the EOP or some outside entity? Is it in response to a recent event that did not go well?
  • Identify stakeholders. What agencies and individuals would play a role during a real situation?
  • Develop performance objectives. What kinds of knowledge, skills, and abilities (KSAs) should be demonstrated?
  • Design a realistic scenario. Develop a scenario to include activities that will require agencies and individuals to ­demonstrate their capabilities.
  • Assign roles and responsibilities. Determine what equipment and personnel each participating agency will require.
  • Identify training needs. Determine if participants need training in the required KSAs identified earlier.
  • Develop a safety plan and site map. The safety plan should address real-world hazards and those related to exercise activities.
  • Develop an exercise schedule. The schedule should include estimated times for setup, start and finish, and major events during the scenario, including a postincident review.
  • Conduct a postincident review. This is best conducted in two phases, with one occurring immediately after the event and another several days later to allow participants time to compile notes and recommendations for improvements.
  • Prepare a summary document. This document includes all activities undertaken for the planning and execution of the exercise and helps avoid having to “reinvent the wheel” when preparing for the next exercise.

Steven M. De Lisi retired after a fire service career spanning 27 years that included serving as a regional training manager for the Virginia Department of Fire Programs (VDFP) and most recently as the deputy chief for the Virginia Air Guard Fire Rescue. De Lisi is a hazardous materials specialist and continues to coordinate a statewide training program for the investigation of environmental crimes as an adjunct instructor for the VDFP.

For more info on Steven De Lisi’s book, Hazardous Materials Incidents: Surviving the Initial Response, visit http://store.penwellbooks.com/hamainsuinre.html
© FrontLine Security 2008



Perseverance Breeds Success and Community Safety
© 2008 FrontLine Security (Vol 3, No 3)

Is it possible for an unincorporated hamlet with a population of about 250 to establish and maintain a full-fledged volunteer fire department? In 1979, a group of forward thinking citizens in Fauquier, BC thought so, and the seed they planted 30 years ago has gone on to bear plentiful fruit.

From left: Dobby Bissell (finance & admin officer), Laurence Charles-Lundaahi, John Banta (chief), Gloria Scott, Leslie McDonald, Demise Douglas... and Maya the mascot. (Photo: Roland Bouten)

Who Cares about Fauquier?
Fauquier is a small (some would say tiny) community on the eastern shore of Lower Arrow Lake, a partly man-made reservoir on the Columbia River in south-central British Columbia. Vernon, in the Okanagan Valley, is two hours to the west on the other side of the Monashee Mountains, and Revelstoke, on the Trans Canada highway, is two hours upstream. By the standards of southern BC, it is certainly a fairly isolated community.

To obtain municipal sponsorship for a fire department, certain minimum standards regarding infrastructure and equipment must be met. In the case of our municipal government (the Regional District of Central Kootenay), the required standards were far beyond the reach of such a small tax base.

Not to be deterred, and pursuing the principle that whatever they obtained would be better than nothing at all, the people of Fauquier formed a registered society and, under its auspices, established their own, independent fire department. The word “independent,” of course, is a double- edged sword. As the chief of an independent fire department, I enjoy more autonomy than many chiefs of far larger municipal departments – on the other hand, there is no municipal council to go to when I need more money.

Archival material indicates that the early days were tough. Fundraising took the form of bake sales, pot luck suppers and door to door solicitation. BC Hydro donated a building to be used as a fire hall. Hoses, nozzles, pumps, etc were gradually acquired and a small group of dedicated volunteers got together once a week to maintain equipment and hone their skills. Then, in 1982, the big day arrived when they were able to purchase a 20 year old pumper from the neighbouring community of New Denver. That vehicle was replaced 14 years later with a larger, newer one that still forms the backbone of our firefighting arsenal.

My Road to Fire Chief  
In 1998, my wife and I decided to flee the growing urban crush of Calgary and seek a more sedate life in the Kootenays, a part of the world we had both come to love over the years. We ended up in Fauquier and, almost immediately, I joined the fire department. From the beginning, I was under some pressure to take over as chief. The fact of the matter was that many of the original members were anxious to pass the torch to younger hands. I, however, was in no hurry to jump into a situation of which I knew very little. On principle alone, I thought, it would be best if I spent some time in the “ranks” before taking the helm. This “breaking in period” lasted until our AGM in December 2006, when I accepted the nomination and was elected Fire Chief.

Of course, by that time, I was fully aware of some of the challenges I was going to face. We have always enjoyed solid public support, however, the prevailing views among the members and the general public, while positive, were somewhat casual. Our loose-knit group consisted of individuals who had more or less agreed to help fight a fire if the need should ever arise. Standard procedure, if it could be called that, was to show up at the scene of a fire and start doing whatever felt right. Some members had not attended a fire practice in years, if ever. The whole situation, while generally effective, was not very safe. I was determined to improve things, if I could.

Hose in Action: Gloria Scott (on nozzle) and Denise Douglas (on backup) during a summer demonstration. Laurence Charles-Lundaahl at the ready in background. (Photo: Roland Bouten)

My predecessors, in fact anyone who voluntarily takes over the leadership of a rural fire department, are worthy of more praise than they are ever likely to receive. The people who preceded me as chief did things as they saw fit, and the decisions they made were right for the time. The debt that I owe to “those who have gone before” is immense. They kept the flame burning through some lean times and, without their efforts, we wouldn’t even have a fire department. I saw that the time was ripe for adding more standards to our procedures, and directed my efforts toward achieving that goal.

On the Job
I’m fond of half-jokingly pointing out that the only thing that qualifies me to call myself a fire chief is my willingness to do so. In the beginning, at least, what I knew about fighting fires, beyond that which logic and common sense would tend to dictate, was limited indeed. However, in large part because of my military background, I like to think I know something about how to mold a group of individuals into an effective team. There’s the key word – TEAM. I had to convince a group of enthusiastic free spirits that by working together they could accomplish far more, and do it more safely than they ever could working separately. To an old soldier, this is a self-evident truth, but for some of my firefighters, well… they needed convincing. Keeping in mind that there is a huge and obvious difference between a rural volunteer fire department and the army, I set to work.

We practised drills in which everybody had to complete a task in order for an overall objective to be achieved. If somebody failed, we all failed. We became familiar with a wonderful thing called the Incident Command System and learned how the principles of the ICS could be applied to our own operations. Because the glue of any team is “esprit de corps,” I spent sparse money on matching coveralls, logoed t-shirts, ball caps and licence plates. I wanted to instil the pride of being a member of the team, and I didn’t want them to be shy about displaying that pride. Gradually, over the course of the past year, it has started to come together. I’m happy with the progress we’ve made.

Funding is always a major problem for a small fire department. In 1982, after intense lobbying, the Regional District passed a by-law establishing the Fauquier Fire Protection Area (FPA). This enabled them to collect taxes on behalf of the fire department (with the consent of the tax payers, of course) and turn the money over to the department on an annual basis. This was (and remains) a far cry from outright municipal sponsorship, but it did provide a source of stable funding and allowed some realistic budgeting. The actual amount, to begin with, was pretty small - $2000 a year – but it was better than nothing. It has gradually increased over the years to the point where our current annual operating budget stands at just over $16,000 – more than adequate. The latest increase, just this past year, came as a result of dramatically increased property values. First of all, though, we had to get approval from the community. Because time was short to meet the deadline for this year, the only practical way to obtain that approval was to collect signatures door to door – imagine trying to convince your friends and neighbours to sign up for a tax increase! We got it done though, and very few people even hesitated. “More money for the Fire Department? You bet!” seemed to be the prevailing sentiment. It was very gratifying.

Without question, the most important ongoing activity in any fire department is training. Until quite recently, our training was exclusively a home grown affair. We identified performance objectives, determined the skills required to attain them and put together a program to progress from individual training, through collective training to what we call a full evolution; in other words, putting it together in a ­realistic scenario. This worked well and we’ve come a long way in a relatively short period of time.

None of it, however, was recognized by any outside agency. That changed this spring when I enrolled in a Train-the-Trainer workshop conducted by the Justice Institute of BC, a community college style institution that specializes in security and safety related programs. Successfully completing this workshop qualified me as an evaluator for the Basic Firefighter Certification program. This had the very useful effect of allowing us to move the training back to where it belongs – in the local fire hall, using local facilities, and conducted under the supervision of the local chief/training officer. No longer is it necessary to engage in the very expensive process of sending people away for several days to get them trained to a provincially recognized level. Much of the material is virtually the same as what we had in our own program, the main differences being that documentation and records management are more structured and easier to administer –and everyone gets a great looking certificate which, when prominently displayed on the wall of the fire hall, contributes materially to team spirit.

It is important that training be regarded as an on-going function. No one in the safety services should ever adopt the attitude that they know everything there is to know and therefore require no further training. This kind of thinking is more prevalent that one might suspect, particularly in smaller volunteer departments. Aggressively discouraging this attitude is a major function of my leadership role.

In addition to training, we felt it was necessary to establish guidelines that could be used to govern our actions at the scene of any conceivable incident to which we could be called. The challenge was to develop a system structured enough enable us to impose order on a chaotic situation – while still sufficiently flexible so as not to stifle individual initiative or inhibit our ability to react quickly to changing conditions.

The Incident Command System in Practice
This is where the principles of the Incident Command System became very useful. We built an organization around four separate but interdependent functions: attack crew(s), pump operation, water resupply, and staging/rehab – all under the overall direction of an Incident Commander. Recognizing that one person couldn’t possibly control all these functions simultaneously, we inserted an Attack Chief to supervise the actual fighting of the fire.

We had to deal with the reality that we did not have the luxury of arriving at the scene of a fire as a formed group. That meant that the first person on scene (which could be any of us) must be capable of assuming command and, perhaps more importantly, willing to do so. That person has to then quickly formulate an incident action plan and, as additional people arrive, plug them into the plan as required. The whole procedure has to be simple, straightforward and easy to understand. We practise it extensively and it’s looking better and better all the time. Progress is definitely being made.

Before I sum up, I would like to say a word or two about leadership. The style of leadership required in a small, volunteer fire department is quite different from that which I learned as a senior NCO in the Army. First of all, I can’t actually order anybody to do anything. People have to be convinced that it is in their best interest to respond to direction. This requires a high degree of trust and confidence in the leader. Trust and confidence cannot be demanded – it must be earned. Leading by example, soliciting and respecting input from everybody for all decisions and being satisfied with nothing short of excellence, especially from oneself, represent three big steps in the right direction. All of this has been said elsewhere many times, of course, but I don’t think it can be said too often.

Final Reflection
The story of the Fauquier Volunteer Fire Department is neither special nor unique. With minor modifications, the same story could have come from any one of hundreds of small communities across this great land. What is special, however, is the message of what can happen at the local level with people who are determined to make it happen. The message is as relevant as it is ageless – persevere!

A former Senior Non Commissioned Officer in our Armed Forces, John Banta retired in Fauquier and is currently its Fire Chief.
© FrontLine Security 2008



On the Road to Copenhagen
Report from the UN Climate Change Conference
© 2008 FrontLine Security (Vol 3, No 4)

Climate change, resource depletion, health, security, economics, and politics are ­inextricably intertwined.

Air pollution in the Valley of Mexico. (Photo: C. Mcnaughton. U. of Hawaii)

We cannot solve inevitable problems by concentrating our efforts only on politics and the economy. The negotiating process on climate change revolves around sessions of the Conference of the Parties (COP) to the United Nations Framework Convention on Climate Change (UNFCCC). It meets every year to review implementation of the Convention. The COP adopts decisions and resolutions. Successive decisions make up a detailed set of rules for practical and effective ­implementation of the Convention and its provisions.

Over 11,000 participants attended the December 2008 conference in Pozna´n, Poland. This year’s focus, intended to advance international cooperation on a future climate change regime, showed progress on a number of key issues.

“We now have a much clearer sense of where we need to go in designing an outcome which will spell out the commitments of developed countries, the financial support required, and the institutions that will deliver that support as part of the Copenhagen outcome,” said UNFCCC Executive Secretary, Yvo de Boer.

The conference closed with a clear commitment from governments to shift into full negotiating mode in 2009. The goal is to shape an ambitious and effective international response to climate change, to be ratified in Copenhagen in December 2009. The parties agreed that the first draft of a concrete negotiating text would be available at a UNFCCC gathering in Bonn in June 2009.

At Pozna´n, finishing touches were put to the Kyoto Protocol’s Adaptation Fund, with parties agreeing that the Fund would be a legal entity granting direct access to developing countries. Progress was also made on a number of important ongoing issues that are particularly important for developing countries, including adaptation, finance, technology, reducing emissions from deforestation and forest degradation, and disaster management.

A key event at the Conference was a ministerial roundtable on the shared vision of long-term cooperative action on climate change. Ministers gave a resounding commitment to achieving an ambitious and comprehensive deal that can be ratified by all. The next major UNFCCC gathering will take place from March 29 to April 8, 2009, in Bonn, Germany.

High Level Segment
UN Secretary-General, Ban Ki-Moon, opened the “High Level Segment” of the conference on 11 December, attended by heads of state and environment ministers from around the world.

“Most of you have noticed, entering this hall, a sculpture of a 10-foot-high ‘wave’ of carbon-dioxide emissions, about to engulf the planet. This is no empty metaphor. We all know the science judging from the evidence presented over the past few years and days; we know the problem is growing worse. Excellencies, ladies and gentlemen: the world is watching.

“The next generation is counting on us; we must not fail. Together, we face two crises: climate change and the global economy. But these crises present us with a great opportunity – an opportunity to address both challenges simultaneously.

“Here in Pozna´n, we have three challenges. First, is a work plan for next year’s negotiations.

“Second, you need to sketch out the critical elements of a long-term vision. We need a basic framework for cooperative action – starting today, not in 2012.

“Third, we must re-commit ourselves to the urgency of our cause. This requires leadership – your leadership.

“Yes, the economic crisis is serious. Yet when it comes to climate change, the stakes are even far higher. The climate crisis affects our potential prosperity and our peoples’ lives, both now and far into the future.”

Differing Opinions
The road to Copenhagen is paved with good intentions. Unfortunately, the reality is that little was actually achieved other than agreement on the groundwork and schedule for negotiations in 2009. The main objective going into the conference appears to have been to ensure that negotiations aren’t derailed entirely by the financial crisis.

Canada performed very poorly, winning the “Fossil of the Day” award, given to countries that block progress at UN climate change negotiations.

According to the CBC, Environment Minister Jim Prentice claimed that Canada was a “constructive force.” He told the ­conference that all major emitters of greenhouse gases must take urgent action on climate change, and said Canada is committed to a “shared vision” for reducing greenhouse gas emissions. The CBC quoted him as saying that “shared vision must ensure continued economic growth and sustainable development while reducing global greenhouse gas emissions by at least 50% by 2050.” However, Canada held firm to the government’s previously stated targets, aiming for a 20% reduction of 2006 greenhouse gas levels by 2020 and 60% by 2050.

Environmental groups, including the Sierra Club of Canada and the David Suzuki Foundation stated, “over the past week, Canada has taken a shameful role here. Our country has been singled out as a spoiler. And the Minister’s speeches today did not contain any signal that Canada will do the right thing and commit to the science-based emission targets and scaled-up financing that the world needs to avert dangerous climate change.”

The CBC also reported comments from Elizabeth May, leader of the Green Party: “Canada, unfortunately, was about the worst performer here, and that’s saying a lot. That means worse than the United States with the lame-duck Bush administration, still doing what it can to obstruct… The speeches at the end of the session really were tinged with regret, and, from some countries, outright anger that the industrialized countries have been taking their time, coming up with excuses.”

Harnessing an alternative energy source.

The Climate Change Performance Index 2009, an assessment compiled by environmental groups Germanwatch and Climate Action Network Europe, ranked Canada second last in its performance in fighting climate change, ahead of only Saudi Arabia. Their press release stated “At the lower end of the ranking, Saudi Arabia comes in last in 60th, with Canada 59th and the U.S. 58th. Some positive changes in the U.S. on state level move them ahead of Canada. Russia, the U.S. and Canada have done badly due to their emissions trend, emissions level and climate policy. These countries could improve their ranking if they embraced and engaged politically to avoid dangerous climate change.”

The UNFCCC collects statistics on greenhouse gas emissions by the Annex I parties. Between 1990 and 2006, Canada’s emissions increased by 21.7%. If the impact of land use, land use change and forestry is included, the increase jumps to 54.8%, worse than Spain (53.5%), New Zealand (33.0%) and all others and better than only Sweden (110.6%) and Turkey (102.9%).

The mantra rationalizing Canada’s dismal performance appears to be that we dare not harm the economy by undertaking major greenhouse gas reduction initiatives. How­ever, the UK Stern Review on the economics of climate change estimates that if we don’t act, the overall costs and risks of climate change will be equal to losing at least 5% of global GDP each year. Given a wider range of risks and impacts, the damages could rise beyond 20%. In contrast, the costs of mitigating action and adaptation can limit the loss to 1% of global GDP each year.

A recent editorial in Nature, the inter-national weekly journal of science, titled “Danger and Opportunity” stated:

“The response to the financial crisis needs to go beyond the immediate pressures. Policy-makers must seize this moment to solidify the science and innovation required for sustained economic growth. … While innovation is commonly associated with growth, it is now more correctly pinned to survival. That was one conclusion from a meeting convened in Dubai last weekend by the World Economic Forum, a body best known for its annual summit in Davos, Switzerland. It is correct: with an economic crisis of unknown proportions looming, more em­phasis on science and innovation – not less – will be crucial to achieving a sustained recovery.”

A study commissioned by the Pem-bina Institute and the David Suzuki Foundation, with modelling by M.K. Jaccard and Associates Inc., found that:

  • Canada’s economy can still grow by almost 20% in the next decade while the country reduces its greenhouse gas pollution to 25% below the 1990 level.
  • Canada will continue to enjoy strong net job growth.
  • Meeting the 25% reduction target requires a significant price on carbon pollution as well as targeted regulations and investments to expand the use of clean technology.
  • By 2020, Canadians will save more than $5.5 billion each year at the gas pump because of more efficient vehicles, more public transit and shorter commutes.

The journal New Scientist recently issued a special report “How our economy is killing the Earth.” It addresses the quandary of an economic system dependent upon growth when growth may no longer be possible and could be toxic to all of us. Our exponential growth will soon hit the barrier of limited resources, making the current financial crisis look comparatively like a tempest in a teapot unless we take drastic measures to make economists and politicians realize just how damaging modern economic theory and practice really are.

The editorial for that report states that it is time to banish the god of growth:

“Imagine an industry that runs out of raw materials. Companies go bust, workers are laid off, families suffer and associated organizations are thrown into turmoil. Eventually governments are forced to take drastic action. Welcome to global banking, brought to its knees by the interruption of its life-blood – the flow of cash.

“In this case, we seem to have been ­fortunate. In the nick of time, governments released reserves that should, with luck, get cash circulating again. But what if they hadn’t been there? There are no reserves of fish, tropical hardwoods, fresh water or metals such as indium, so what are we going to do when supplies of these vital materials dry up?

“We live on a planet with finite resources – that’s no surprise to anyone – so why do we have an economic system in which all that matters is growth? More growth means using more resources.

“If we are to leave any kind of planet to our children, we need an economic system that lets us live within our means.”

A graduate from Royal Military College in Mathematics and Physics, Mr. Alan P. Burke is the President of Orcagis Inc., focussing on zero-defect software development and modelling in the fields of public safety, public health, energy and the environment.
© FrontLine Security 2008



Radarsat-2 Intellectual Capital
© 2008 FrontLine Security (Vol 3, No 1)

Both the United States and Canada are currently engaged in public debates involving intellectual property rights in their defence industries. The Canada’s Standing Committee on Industry is hearing appeals from military experts about the pending acquisition of the information and geospatial divisions of MacDonald Dettwiler and Associates (MDA), a company based in British Columbia. The sale, to U.S. aerospace giant and arms ­manufacturer Alliant Techsystems (ATK), would include a transfer of ownership of the publicly funded state-of-the-art satellite ­surveillance technology known as Radarsat-2.

In the U.S., politicians are questioning the Pentagon’s decision to outsource its tanker-­aircraft contract instead of providing it to the Boeing Corporation of Washington State. The U.S. Air Force has decided to award a $35 billion dollar contract to build the next ­generation of aerial refueling tankers to the European Consortium EADS. Politicians maintain that Pentagon bureaucrats should rescind that decision in the interests of American national security. Speaking in the U.S. Senate March 7, 2008 Senator Patty Murray (Democrat, Washington State) said “Our bombers and fighters can fly farther and faster because our tankers, which supply gas in mid-air, are always there to support them… Until now, the technology that powered these critical planes rested in the hands of Boeing – and its American ­workforce – who have been building them for more than 50 years. Until now, our tankers have been built by manufacturers, designers, and engineers who have been able to pass on the skills and knowledge that 50 years of experience brings – and who are bound by law from selling technology to countries that sponsor terrorism.”

Senator Murray’s statements, translated into Canadian polit-speak, would most likely be attributed to a member of the NDP party as pure socialist rhetoric. Notwith­standing the expectations of free trade, it is understandable that countries seek ways of subsidizing businesses that support the defense of their sovereignty. Canada is comfortable with overtly providing regional development grants, while the U.S. is more ­comfortable following predictable due ­diligences supporting oligopolistic, competitive practices.

National security in the modern world is dependent on an understanding of the need to nurture, create and protect intellectual capital in defence of a nation state. Governments around the world are recognizing that future skirmishes will be won by the country with the most real time knowledge of the terrain being defended.

Through their support of Radarsat-2 Canadian taxpayers have ensured that their government has the ability to protect their country’s terrain from sea to sea to sea. The future of Canada’s Radarsat-2 cannot be subject to market forces only.

Once it is acquired by ATK, Radarsat-2 will be subject to the US government’s International Traffic in Arms Regulations (ITAR). These regulations control the export and import of defence-related articles, information and service between America and any foreign country. Consequently, Canada will lose all rights to the application of its technology on a first serve basis.

Sovereignty is not claimed it is asserted. Under the UN Convention on the Law of the Sea, nations are required to defend sovereignty in terms of domestic domain rather than coastline.

As one of the larger countries in the world with a geographically complex, challenging and, to a large degree, unchartered domestic domain, Canada needs to assert its sovereignty over potential mineral rights as well as rite of passage within its domestic domain. Canada also needs to guard its sovereignty within its domestic domain above, on and below sea level, as well as on and below the sea bottom. Radarsat-2 represents the application of Canadian publicly-funded state of the art science and technology for accomplishing these tasks.

American politicians are prepared to defend their country’s national interests from global trade in defence of their homeland. Should Canadians expect anything less of their politicians? Will Industry Minister, Honorable Jim Prentice and the Cabinet of Prime Minister Stephan Harper allow the publicly subsidized MDA to be sacrificed on the alter of free market enterprise? Or, in the interest of being able to protect and assert Canada’s domestic domain, will the Harper Government stop the acquisition of Canada’s MDA by the U.S. arms giant TKA?

If the decision is to let the deal happen as a purely business arrangement, thereby enriching MDA shareholders but at great loss to the taxpayers who have funded this technology, the Harper government runs the risk of inheriting a similar legacy to the 1959 Diefenbaker government over its ­termination of the Avro Arrow.

Tim Lynch is a public policy analyst living in Steveston, British Columbia; related maritime policy articles are available at www.infolynk.ca/bcmaritimepolicy.html. Send comments to tim@infolynk.ca
© FrontLine Security 2008



Mobile Field Camps

© 2008 FrontLine Security (Vol 3, No 2)

Today, mobile field camps are versatile, deployable facilities for both civil and military operations. After a short assembly time, they provide comfortable living and working conditions designed to ease some of the strain of an extended period of deployment. Field camps with sufficient infrastructure can provide the basis for continuous ­operational readiness, sustainability and motivation.

Access Control Point Shelters.

Responding to natural disasters brings another use for mobile field camps that is creating increasing requirements in recent years. In many countries, the armed forces are the first responders for disaster relief operations. In addition, the international community, such as the UN, Red Cross and other ­governmental and non-governmental organizations, routinely deploy staff and equipment, including medical support ­service, to disaster areas for long periods of time. Air-transportable field camps, based on modular systems, are often the best answer to fulfil shelter requirements with the capability to operate in both hot and icy ­climatic regions, in extreme weather all over the world.      

Field camps must maintain a capability for a rapid deployment. Civilian and ­military installations alike must ensure that participants can live and operate under clean, dry and comfortable conditions.

Expeditionary deployments are most often of a limited duration; therefore, facilities and infrastructure are intended to be temporary. In some cases, it is possible to occupy existing facilities, however, this infrastructure is often destroyed or not in useable condition, such as after military conflict or natural disasters. Thus, expeditionary forces need their own transportable infrastructure, however, only some armed forces have the capability for air transporting of field camps to deploy troops where and when necessary without delay.   

Varying response needs of today require highly mobile facilities – accommodations, utilities, and support equipment – that can be rapidly moved and reinstalled in other areas when deemed necessary. Therefore, these mobile field camps are designed to be light and lean and modular to fulfill changing requirements.

Modern field camps are a great challenge for planners and field engineers. The overall concern is to have capabilities on demand which might be required according to the mission task. Facilities commonly consist of fabric covered, aluminum frame construction, providing lightweight pre-manufactured offices and ­billeting, ISO and CONEX containers, general purpose shelters, expandable shelter containers, and aircraft and vehicle maintenance ­shelters.  

Planning the Camp Layout
A typical camp layout refers to an overall configuration of buildings, equipment, and other assets at an installation. The size of field camps requires extensive planning of the infrastructure to be established. For this, a planning and reconnaissance tool, lead by a national or NATO-Joint Force Command (JFC), will be tasked to develop a plan of the camp to show all buildings, tents and containers, which will be used for accommodation, field kitchens and messing, supply and disposal, storage and shelter. The plan will include critical route maps for water, wastewater and power.

The operation of a field camp also requires some type of power management. Power generation and distribution plants must be functionally reliable. Today, deployable field kitchens, often installed in container modules, offer the technical standards of modern canteen kitchens. Drinking water treatment plants are used for water supply and water filling plants fill drinking water into bottles and cans.

Field laundries not only clean the clothing, they also enable disinfection of, for example, medical clothing. Especially for so called “Quick Reaction Forces,” air transportable modular field camps can provide rapidly available accommodation during initial operations until the establishment of a stationary field camp. Support to special and response forces requires fast availability and rapid deployment within 15 days as well as sustainability in the area of operations of up to 30 days.    

Minimizing Threats
For security reasons, planners should provide adequate perimeter and parking standoff, facility separation, and isolation of vulnerable areas to reduce all sorts of threats. A well-planned dispersal, separating or spreading people, material, establishments, or activities have the right potential to reduce aggressor attacks. For example, functional areas like kitchens or industrial areas which require frequent vehicle access should be separated from billeting areas to minimize the risk from undetected vehicle bombs.

A threat is a known or postulated aggressor activity focused on targeting a particular asset. These threats may range from moving and stationary vehicle bombs to standoff weapons, from small arms to chemical and biological weapons of mass destruction. Therefore, a detailed analysis of the area and camp-specific threat is required to develop an effective protection strategy.

Barriers, fences, trenches, and slopes are simple obstacles for entry and advance, deterring or delaying attacks. Common motion-activated flood lights and electronic or mechanical noisemakers connected to perimeter fences are inexpensive and easy to install. Finally, some level of force ­protection is necessary for responders, even when deployed in response to natural disasters.  

It is an unfortunate reality that Protection Forces must be able to conduct out-of-area operations both under NBC threat and in an NBC environment. In other words, they must be able to detect nuclear, biological, and chemical combat agents and hazardous substances.

Therefore, field deployed troops are equipped with varying efficiency and mobility, ranging from portable detection equipment to advanced container-based laboratories. Nowadays, such temporary facilities can be used for the decontamination of personnel, equipment, land vehicles and aircraft in a contaminated environment, as is currently being done by several armed forces worldwide.

To fulfill this task, the German Armed Forces, for example, are on the way to procure a highly mobile “TEP 90 Decontamina­tion System.” On 10 June 2008, the first TEP 90 system had its roll-out for use by the NBC defence troops. By 2010, they will receive a total of 73 systems, considerably enhancing its ability to defend against nuclear, biological and chemical dangers.

The system consists of the newly designed decontamination equipment developed and produced by KÄRCHER Futuretech, based in Winnenden, Germany, and a carrier vehicle from IVECO Magirus, based in Ulm, Germany. A specially constructed driving cab (by Krauss-Maffei Wegmann), provides the crew with the best possible protection against imminent dangers in the mission area. In addition, the chassis has a built-in crane for loading and unloading the decontamination equipment installed in three containers. The loading crane can also be equipped with a working basket for decontamination of large vehicles, trucks, and battle tanks from the top. The TEP 90 is highly mobile, rapidly deployable and employable off-road; it includes all components needed for ­mission-optimized completion of thorough decontamination.

The container-based system has a ­modular structure, consisting of decontamination modules which can be used independently, and ensures functions such as decontamination of persons, NBC protective clothing and personal equipment, sensitive equipment, large vehicles and aircraft including interior rooms, supply items and packaging receptacles, road sections, plants, and installations to a limited extent. It also measures against infection and vermin destruction. TEP 90 can be operated under all weather conditions in different climatic areas with extreme temperatures ranging from –32°C to over +49°C. These capabilities might be very interesting for Canadian responders and armed forces too, because the system is useable in the field of homeland security and in out-of-area missions.

In the face of serious national security threats, militaries and first responders turn must find decontamination solutions to ­protect people, communities and valuable infrastructure. Allen-Vanguard Corporation, a Canadian company, deploys counter-­terrorism solutions around the world. Its products are in demand by military and civilian emergency rescue personnel committed to safe and effective responses to Chemical, Biological, Radiological and Nuclear (CBRN) events.

Research and product development of Allen-Vanguard’s military-grade decontamination (decon) system, CASCAD/SDF, was initiated by Defence Research and Development Canada (DRDC) during the first Gulf War. These early scientific investments produced a counter-CBRN foam decontaminant that has proven effective against all known CBRN threats.

Customer endorsements are often the truest test of product efficacy, and the Canadian Association of Fire Chiefs has recently recommended CASCAD/SDF for use by fire departments in urban centres across Canada. In international markets, the Swiss government, among others, has acquired this decon system for military applications by its armed forces.

Medical Service
Medical support is a key factor in the ­survival of personnel in a dangerous operational environment. Today modern container and tent systems provide environmental conditions required to operate state-of-the-art medical equipment. In other words, accurate temperature and humidity settings permit the use of the same advanced medical equipment that is currently employed for the treatment of patients at home. For this, the Medical Treatment Facilities (MTF) in the field for military operations or disaster relief ­missions is the backbone of a so called ­medical lifesaving chain.

NATO defines self and buddy-aid as the first and most important step in the field, followed by “Preclinical Care” (Role 1) and “Emergency Surgical Care” (Role 2). This medical support is provided in mobile aid stations and mobile surgical hospitals. Medical personnel perform triage, life-saving measures, initial general and emergency medical care which includes emergency surgery to prepare patients for medical evacuation to a follow-up treatment facility. The “Immediate Hospital Care” (Role 3) takes place in field hospitals. These deployable military hospitals provide multidisciplinary specialty inpatient and outpatient treatment. Whenever possible, patients should receive definitive treatment at field hospitals in the country of deployment. However, the full range of treatment and rehabilitation will be carried out at hospitals at home (Role 4).    

Operating Room in a Modular Medical Treatment Facility.

Disaster Relief Operations
The international defence industry offers a wide range of field camp programs for military and civil organizations to handle disaster relief operations. Companies like Anteon International Corporation, or  KBR, Inc. (formerly Kellogg Brown & Root), both of the U.S., developed field camp solutions and components for expeditionary troops to operate worldwide in any ­operating condition. The U.S. Marine Corps operating in Iraq uses a number of mobile facilities delivered by US defence industries. Kärcher Futuretech, a supplier to the German forces and also NATO allies, produces field camp components and specialized systems which can be operated in all weather conditions. The company delivered water purification systems from the UN and a series of African states serving on peacekeeping missions in Darfur, Sudan.

For the sake of protecting deployed troops in disaster relief operations, the current and future conditions of international and worldwide missions of the UN, NATO armed forces, governmental and NGOs require highly effective and coordinated pieces of special equipment which can be adapted to each other.

Health protection and survivability of deployed personnel under all mission ­conditions are incontrovertible criteria for the development and introduction of new systems. Responders, be they military or civilian, must maintain the capability to establish field camps whenever and wherever rapid assistance is required.   

Wrap Up
There is not such a big difference between military expeditionary operations and ­disaster relief missions when it comes to protecting personnel and providing acceptable life conditions to operate. On the other hand, armed forces in general are often the important backbone of disaster relief operations at home and worldwide. Armed forces have personnel, skill, equipment, transport capabilities, a well functioning command and control structure and they have the experience to act in a crisis. Governmental and NGOs will find a strong and reliable partner to fulfil their task.

Jürgen K.G. Rosenthal is a FrontLine correspondent based in Germany.
© FrontLine Security 2008



One Last Thing
Cyber Security Issues are Here and Now
© 2008 FrontLine Security (Vol 3, No 3)

Normally, when I’m asked to organize an event, I ensure that the subject matter is something in which I have some expertise. I made an exception to that rule earlier this year when the Conference Board of Canada asked me to put together a program for one of their highly regarded security conferences. They told me to select what I thought was the most pressing security related issue and, notwithstanding my lack of personal expertise, I was able to make the selection without hesitation: Cyber Security.

With the assistance of some friends and working associates, we have assembled a collection of international and domestic experts with first hand operational experience in the full spectrum of cyber security issues. And what a spectrum it is.

I remember being wowed at being able to send what I typed (admittedly one fingered) to someone on a different computer or seeing it printed by making a keystroke. Remember the DOS days of ‘Shift F7’? At the Canadian Police Association, we were among the first national law enforcement groups to experiment with a website and some new fad called the Internet.

Very little is done manually anymore. We file important information, activate ­sensitive systems, communicate, and even transfer money digitally. Our world has ­literally been changed and indeed modernized with the advent of a cyber capacity that makes the process of communication as important as the content being communicated.

The ingenuity, and regrettably cunning self-interest, of human nature has also meant that our new computer-enabled world has produced a dizzying array of cyber vulnerabilities. As we become more and more dependent on that capacity (and increasingly forget where that power switch even was), the concurrent need for vibrant, resilient, and literally intelligent, cyber security measures has become paramount.

For law enforcement, which is traditionally reactive in nature, this has added a new way of looking at crime and its investigation and prevention. Ironically, the new security related focus, thrust upon us after (and really before) 9-11, that prioritizes prevention (rather than prosecution) through intelligence-led investigation is actually better suited to this new cyber world.

In that sense, it has never been more true that the capacity to appreciate the security required is inextricably linked to the capacity to understand and anticipate both the vulnerability and the threat that seeks to exploit it. This nasty new lesson no doubt dawned on the folks in Tblisi who suddenly saw computer screens go blank as systems were overwhelmed and immobilized in advance of rumbling tank treads.

Understanding the full spectrum of threats, and anticipating the next generation of ‘malware,’ ‘botnets,’ ‘phishing’ and other maladies (whose names make sense once you understand what they do) have also moved up the operational list of priorities for any organization that communicates or stores data. You can have the best physical perimeter security or biometric personnel credentialing available, but if your operational cyber infrastructure is compromised… things don’t work… and the public loses that essential service. Commercial and financial institutions that have likewise embraced the cyber reality are equally dependent on the viability and integrity of their data security systems. Different product or “information” perhaps, but the same result if compromised. Current, effective cyber security is no longer an ‘add on’ for modern industry or commerce; it’s a business continuity essential.

In a similar way, public protection ­agencies, such as law enforcement, emerg­ency medical and intelligence organizations, even the military, need to adapt priorities and organizational structures to ensure that the marvel of modern technology is an asset and not a vulnerability. As post 9-11 efforts have shown, tapping into the cyber ­communications networks of the bad guys provides incredible intelligence and preventive capacity – just ask Dhiren Barot, Khalid Sheikh Mohammed, or Younis Tsouli, who are sitting in well-deserved jail cells.  

If all of this is not challenge enough, several important issues are far from being fully resolved. Primary among them is how this new cyber ‘information’ can include recognition by private sector sources of a hacking attack or vulnerability that needs to be shared with government. Based on even my steep learning curve, it appears obvious that ensuring that government is willing to accept and then act on such information remains the major challenge. The usual ‘no news is good news’ bureaucratic approach just won’t cut it anymore with these clearly heightened cyber stakes.

At the same time, the age-old balance between security and privacy is again engaged, and with the increased cyber monitoring capacity of the State, all of us (especially those in law enforcement and security) must always remember that privacy is an essential component of liberty. Today’s cyber data world also creates a kind of reverse privacy issue where there is now a legitimate public entitlement to know when their personal data has been compromised while being held in private cyber data bases.  

Finally, and most importantly, the source of such cyber attacks are as likely to be from Brazil or China, as they are from Boston or Calgary. Confronting, and even taking proactive defensive measures (which I suspect is where we’re headed) across increasingly notional national boundaries is a challenge – especially when the foreign government is, shall we say, part of the problem and not part of the solution.

One thing is certain; there’s no going back and it’s a battle we can’t afford to lose.

Associate Editor Scott Newark, a former Crown Prosecutor, is currently the Vice Chair/ Operations of the National Security Group.
© FrontLine Security 2008



One Last Thing
Canada-U.S. Border Security on the Right Track
© 2008 FrontLine Security (Vol 3, No 4)

Usually critical of government (in)action on criminal justice and security issues, I was ­uncharacteristically upbeat when asked by FrontLine Security to comment on the state of ­current progress on border security in Canada. Such unusual confidence comes from the simple but unmistakable fact that – despite all the foot dragging, doubletalk, cost over­estimates, institutional rivalries and the ‘we’ve always done it that way’ attitudes – progress has been made, and more is clearly on the way.

Thanks to the efforts of people like former Public Safety Minister Stockwell Day, Senator Colin Kenney, MP Gord Brown – and the behind-the-scene labours of their ­political staff – the right questions were asked of the right people. Thanks to the front line officers of CBSA and their remarkable union (formerly CEUDA and now renamed as the Customs and Immigration Union [CIU] to better reflect their expanded membership) led by National President Ron Moran and First VP Jean Pierre Fortin, the absolute unvarnished truth was available to frame those questions.

Thanks are also due to an entire spectrum of third party groups like the media who ­dutifully and fairly reported the truth, cross border trade supportive organizations who ­effectively articulate that intelligence based security and trade now complement rather than compete with each other. We can’t forget domestic law enforcement types, like OPP Commissioner Julian Fantino, who ‘aint shy’ about pointing out that what gets through the border ends up on Canadian streets that he is responsible for policing.

So why all the optimism? Consider the following. The enforcement priority of CBSA has finally been acknowledged. Officers are receiving the tools and resources they need to do their jobs – sidearms, internet connectivity at all land ports of entry, port modifications to deter port runners. Dangerous workalone practices are beginning to end. Discussions are progressing on the need for video analytics, better radios, and a recognition that lookout systems have to be modernized (hello face recognition biometrics). Significant positive change has also occurred at CBSA head office where new leadership includes growing acceptance of the enforcement mandate and someone who has at least worn a badge as the new #2.   

Progress elsewhere is also underway. The new RCMP Commissioner candidly told a Parliamentary Committee that marine surveillance on the St-Lawrence and Great Lakes is inadequate, and the redcoats are now deploying technology to address it. More importantly, the Mounties will be participating in a joint CBSA pilot mobile border patrol (long overdue) and which they simply don’t have the ‘horses’ (and boats and people) to cover. ‘Plays Nicely with Others’ has not traditionally been the Mountie motto, but ‘times they are a changing,’ and Canadians (including the RCMP) will be better off for it.

The guys in white coats are also ‘with the program’ as the Public Safety Technical Program (PSTP) re-organized and relevance-enhanced itself to include study areas of biometrics and surveillance. More importantly, PSTP just launched an RFP directly related to the most pressing issues of automated analytical marine radar surveillance and bad guy lookout biometrics at Canada’s ports of entry. Expect good things.

The Government (post 2006 version) has prioritized the various low risk identification programs and successfully convinced the U.S. that enhanced driver’s licenses and FAST and NEXUS enrolment are satisfactory for compliance with the less-than-well-thought-out Western Hemisphere Travel Initiative. You won’t read it in the Globe and Mail, but Stockwell Day and his staff personally logged the overtime to get this done. Canada has also become a respected voice on items like Advanced Passenger Information, and Interpol security/criminality data base information sharing.

There are still items where action is required, such as restoring a public policing presence at seaports, deploying an effective face recognition biometric bad guy lookout system, prioritizing, tracking and (gasp!) actually removing criminal and security deportees, ending temporary residency permits for criminal inadmissibles, implementing pre border clearance and completing the arming initiative with proper employee accommodation. While we’re at it, it’s time to complete the personnel adjustments to end workalone situations and staff up the border patrol and inland enforcement, which I think can best be accomplished by re-allocating funding to operational areas in the regions rather than policy and program functions at national headquarters. Think boots on the ground and keels in the water.

In these times when cross border trade is especially essential to a hurting economy, the fact that we have deliberately and thoughtfully embarked on a campaign that recognizes effective border security is a big plus. Having said that, we must also come to grips with a reality that ‘more security’ is not necessarily ‘better security’ and the thickening of the border that it creates must also be vanquished.

Given the progress to date, and the inevitable institutional momentum it creates, I’m optimistic that we’re up to the challenges if we stay with what’s worked so far – identifying the truth and using it to frame solutions.

And one last thing… people do make a ­difference.  

© FrontLine Security 2008



Master Assassin
Al Qaeda Has a New Weapon of Choice
© 2008 FrontLine Security (Vol 3, No 1)

The late Prime Minister Bhutto claimed, after the first suicide attack in October 2007, that she had received a letter, signed by someone claiming to be a friend of Al Qaeda and Osama bin Laden, threatening to “slaughter her like a goat.” She told UPI editor at large Arnoud de Bourchgrave that she had received an email that said she had been targeted by Baitullah Mehsud, Hamza bin Laden, Osama Bin Laden’s son, and a Red Mosque militant who had been sent to kill her. The Red Mosque militants have strong connections to the Northwest Tribal Areas and Al Qaeda leaders. An initial report, ­prepared by Pakistani security services, concluded that the attack on Bhutto appeared to be a continuation of a suicide bombing campaign that included an ­audacious attack on the Special Services Group commandos that helped storm the Red Mosque a month earlier. Baitullah Mehsud was alleged to have ties to the Red Mosque militants.

The December 27th 2007 assassination of Pakistan’s opposition leader, Benazir Bhutto, bore the hallmarks of an Al Qaeda-directed ‘hit.’ Though the cause of death is in dispute, Bhutto was assassinated as she left a rally in Rawalpindi. The assailant reportedly shot at her and then exploded a bomb, killing Bhutto and at least 20 supporters. This event was geared to produce a significant strategic effect; it required great coordination, and resulted in a high body count. The assassination of the pro-U.S., secular and westernized Bhutto, before elections she was expected win without an apparent party successor in the wings, was set up to cause confusion at the ballot box and delay the election. It also further strained the Musharraf regime’s hold on power in Pakistan and distracted a key American ally from the War on Terror, and NATO from its attempt to rebuild Afghanistan.

Al Qaeda has used assassination to further its strategic goals in the past. In the days leading up to 9-11, Shah Ahmad Massoud (nicknamed the “Lion of Panjshir”), the military leader of the United Islamic Front for the Salvation of Afghanistan and the top anti-Taliban leader in Afghanistan, was assassinated by Al Qaeda agents. The suicide attack occurred at Khwaja Bahauddin on September 9, 2001, when two Arab attackers claiming to be journalists went to interview Massoud and set off a bomb in a belt worn by one posing as the cameraman. Analysts believe the assassination was ­organized at the behest of Osama bin Laden to strengthen Al Qaeda’s Taliban allies in Afghanistan before they were to attack the United States on September 11, 2001.

Since then, the Taliban has tried and failed to assassinate Western-backed Afghan President Hamid Karzai and President Musharraf himself in Pakistan on at least three occasions. In 2004, three extremists were arrested in Germany on accusations they were planning to assassinate Iraqi Prime Minister, Ayad Allawi. In September of this year, a member of Algeria’s Al Qaeda in Islamic Maghreb killed 22 people in a suicide bombing that had as its apparent primary target Algerian President Abdulaziz Bouteflika who escaped unharmed. Al Qaeda tried to assassinate Vice President Cheney last year in Afghanistan. The terrorist group has also plotted unsuccessful assassination attempts against U.S. President Bill Clinton, Pope John Paul II, former Philippine President Fidel Ramos and Indonesian President Megawati Sukarnoputri.

In the case of the Benazir Bhutto assassination there is, in fact, a long list of potential enemies including Al Qaeda, its Islamist allies and domestic terror partners, elements of the Pakistani security services and military, and countries such as Saudi Arabia. Former Prime Minister Nawaz Sharif would rate much higher on a ‘Musharraf hitlist’ than Bhutto. Assassination of Bhutto did not help the recently retired military strongman Musharraf who is now being blamed for not providing Benazir Bhutto with enough security.

Additionally, Pakistan’s own security and intelligence forces are potential but unlikely suspects. The city of Rawalpindi was described by many as a fortified city. In advance of the attack, Pakistan’s intelligence services received word that there was a credible threat to Bhutto’s life and took steps to protect her. Police and military officials boasted their precautions were “foolproof.” Security forces reportedly secured Liaquat Bagh Park and the surrounding neighborhood by flooding it with hundreds of police officers, checking vehicles entering the sensitive area up to 24 hours in advance. Traffic was diverted from the site of the rally, and surveillance was conducted of routes in and out of the park and of the city. Police and Commando units were deployed at key locations within the city. Even with these security arrangements in place, the assassin still got through.

Given the facts that there was a threat of assassination in advance, the stepped up security arrangements to meet that threat, and the great international support behind Benazir Bhutto, assassination by Pakistan’s military and security services seems very unlikely but conspiracy theories still abound. Politically, the big loser in her assassination was the embattled President Pervez Musharraf and his backers in the War on Terror, the U.S.

Foreign governments like Saudi Arabia and Iran had reason perhaps to fear the re-election and the potential future transfer of power to Benazir Bhutto. Her comments about democracy and human rights did not sit well with Pakistan’s close Saudi Arabian allies. Not only was Benazir Bhutto secular and viewed as a ‘puppet of the West,’ she was also a Shia, something that did not sit well with Saudi Arabia’s Sunni leaders, who favored Nawaz Sharif. Neither was this characteristic well-viewed among Iran’s ultra conservative Mullahs or its radical President who openly talks of “wiping” countries “off of the map.” Iran had spent considerable time trying to destabilize Afghanistan and drive NATO forces from the country – de-stabilize Pakistan, and you further destabilize Afghanistan. Both Saudi Arabia and Iran might have their reasons to assassinate a foreign leader, but the risk would be enormous if they were caught – especially considering American interest in both Pakistan and Bhutto.  

The only ‘player’ with a no risk, clear and major gain in the assassination was Al Qaeda and its allies. Benazir Bhutto was not only an object of hate in both Al Qaeda and Taliban circles but she was a Shiite who had openly threatened to rid Pakistan of terrorists. She was also viewed as a friend and ally of Afghan President Hamid Karzai and a friend of the United States.

Al Qaeda reportedly claimed responsibility for the October 18th bomb attack during Bhutto’s homecoming rally that killed 140 people in Karachi and wounded more than 300.

Al Qaeda had no shortage of allies within Pakistan to carry out a successful execution; two Pakistani militant warlords based in the country’s northwestern tribal areas and involved in an insurgency against the Musharraf government had already threatened to kill Bhutto. One was Baitullah Mehsud, the top militant commander fighting the Pakistani Army in South Waziristan, and the other was Haji Omar, the leader of the Pakistani Taliban, also from South Waziristan. Both have close ties to the Afghan Taliban and are believed to have ties to bin Laden.

U.S. officials have reportedly mentioned the Sunni terror group Lashkar-e-Jhangvi, which has been linked to previous attempts to assassinate Pakistani political figures. Al Qaeda has also worked closely with more than a dozen other radical fundamentalist Islamist organizations in Pakistan, including Lashkar-e-Taiba, Jaish-e-Mohammed and Sipah-e-Sahaba Pakistan.

The day after the assassination, it was reported that the Pakistani Interior Ministry had “intelligence intercepts” indicating Mehsud was behind the opposition leader’s death in Rawalpindi. That same day, an obscure Italian Web site claimed that Mustafa Abu al-Yazid, Al Qaeda’s commander in Afghanistan, had told its reporter in a phone call that, “we terminated the most precious American asset which vowed to defeat [the] mujahedeen.”

Prior to the attack, it was widely reported that Baitullah threatened to ‘welcome’ Bhutto with suicide bombers. The Italian Web site also claimed that Al Qaeda’s second-in-command, Ayman al Zawahri decided to assassinate Bhutto in October and gave orders for the killing. Zawahri was previously imprisoned in Egypt for his role in the assassination of former Egyptian President Anwar Sadat.

Three days after the Bhutto assassination, two suspected suicide bombers were killed when their bomb exploded prematurely near the residence of a former Pakistan government minister, Ijaz ul Haq in Haroonabad, in the southern province of Punjab. Haq, a senior leader of ruling Pakistan Muslim League-Quaid, was not at home when the explosion occurred. Six days prior to the Bhutto assassination, a suicide attacker detonated a bomb packed with ball bearings and nails amid hundreds of holiday worshippers at the residential compound of Pakistan’s former interior minister, killing at least 50 people and wounding over 100. That was the second suicide attack in eight months on Aftab Khan Sherpao.

On March 1st, Pakistani authorities announced, after two months of investigation aided by the United Kingdom, that they had formally charged Taliban leader, Baitullah Mehsud, with planning the assassination of Benazir Bhutto. Four other men were also charged in the attack on the opposition leader. A judge issued arrest warrants for the five suspects after charges were filed. Five men have already been arrested over the bomb attack that killed former Prime Minister Bhutto. CIA Director Michael Hayden has also claimed that Bhutto was killed by the “network around Baitullah Mehsud” and that it was “part of an organized campaign” of suicide bombings and attacks on Pakistani leaders.

While it appears that Baitullah Mehsud’s power base is limited to the tribal areas in South Waziristan, his alliances with other tribal militants, links to foreign jihadists, and growing media profile could make him a major Al Qaeda operational commander in their global jihad. Reports in Jane’s have suggested that he could be the next Zarqawi. ABC News has described him as “more dangerous than Osama bin Laden.” A very worrisome sign is that Baitullah Mehsud has already been accused of plotting a series of attacks in Europe after the recent arrests in Spain of 12 Pakistanis and two Indians suspected of planning suicide bombings in Barcelona. On January 30th of this year, the Barcelona newspaper El Peridico quoted an unnamed Spanish official as warning that the detained terrorists intended to carry out three attacks in Barcelona, but not all on the same day. Their reported intention was to commit the first attack, after which their leader, Baitullah Mehsud, would issue a press release demanding the withdrawal of the Spanish troops from Afghanistan – mirroring the infamous Madrid bombings in 2004 that forced Spain out of Iraq.

The Sunday Times later reported that six Pakistanis arriving from Barcelona had been arrested at London’s Gatwick Airport. They were deported back to Pakistan after questioning. The paper quoted a senior British official as saying that Britain was targeted for a second wave of bombings after Spain.

Baitullah Mehsud, emboldened by the assassination of Benazir Bhutto and armed with a small army of suicide bombers has become a major operational commander for Al Qaeda that threatens Afghanistan, Pakistan and Europe. Will North America and the “Great Satan” be next?

Joseph B. Varner is Managing Editor of IntelligenceDigest.ca and Director of National Security and Intelligence Studies at Cana­dian Centre for Policy Studies. A Senior Research Fellow at the Canadian Institute for Strategic Studies, he also teaches courses in homeland security and intelligence studies at American Military University.
© FrontLine Security 2008



Better Governance for Security
© 2008 FrontLine Security (Vol 3, No 2)

In their November 2007 report entitled, A Resilient Canada: Governance for National Security and Public Safety, by Trevor Munn-Venn and Andrew Archibald, the Conference Board of Canada has produced an insightful analysis of how Canadians formulate and implement governance in their national security and public safety ­organizations. Interestingly, after interviewing public and private sector leaders and experts in this subject area, the Board found that the greatest threat to national security perceived by these experts is “a lack of clarity around governance.”

Vancouver Harbour area.

This conclusion is surely unexpected – the threat they are talking about here is not found in the usual panoply of issues that cause insecurity (disease, climatic catastrophe, terrorism etc); it is a self-inflicted threat imposed by our own poor organization for security.

What does governance really mean? And why would these national experts agree that it could be so important in its absence as to qualify as the greatest threat to our security?

Let us define “governance” and then analyze two recent examples of high-level governance that have had varying degrees of success. The Conference Board of Canada first proposes a number of valuable “key governance principles” upon which to base “effective governance of multi-party response.” These principles are: Leadership and Accountability; Coopera­tion and Collaboration; Communication and Transparency; Mandate and Resources; Fairness; and, Continuous learning (Training and Lessons Learned). In examining these principles, we may find why governance is so important to determining best practices at the national strategic level.

Governance Defined    
The Funk and Wagnall’s Standard College Dictionary defines governance as: “exercise of authority; direction; control.” My use of the term “strategic” at the end of the ­preceding paragraph was intentional. If national strategy is a landscape on which the management of scarce resources takes place over longer stretches of time at the national level, then governance is the roadway through this landscape. It is a roadway that can only be successful when its engineers have a comprehensive and profound knowledge of the nature (and broad interests) of the landscape they are taming – and we are concentrating on the security landscape in this article. Thus, in the context of security, governance is the exercise of authority on a roadway that leads to two necessary outcomes in the national security landscape, Policy Approval and Resource Acquisition.

Thus, in the strategic security landscape, existing tools of interdepartmental and “integrated” government structure must be considered and utilized in order to ensure that the optimum process for policy and resource management takes place. In security spheres, the Federal Emergency Response System (FERS) is a critical tool to engage these processes, and must be ­considered whenever governance is contemplated for strategic security concerns.

Emergency Response
FERS has been developed and made part of federal policy by Public Safety Canada, as a reaction to the new security environment of the post 9/11 era. In brief, it is a cross-­government system joining first-responders and their government leaders through Canadian municipal, provincial, and federal government bureaucracies, to decision-making at the very highest level of national government – Cabinet.

FERS was specifically designed for crisis and consequence management in times of emergency, when prevention has not been successful. It is a solid, well-thought-out system that vets the various decision-points at each level of interdepartmental bureaucracy – and, in so doing, preserves only the highest-level, and most serious, national strategic concerns for elected members appointed to Cabinet. We are talking about issues like closing borders, quarantining cities, sinking threatening terrorist-ships – that level of decision-making. Now in place, this government machinery can also be used for strategic, multi-departmental policy and resource issues.

An example of governance-gone-right is the Transport Canada-led Interdepartmental Marine Security Working Group, or IMSWG. This Working Group was a direct reaction to the events of 9/11 and the recognition by then Deputy-Prime Minister John Manley that maritime security, as well as border and air security, were seriously wanting. Within weeks of 9/11, the Minister of Transportation was made the clear and undisputed lead for maritime security policy development in government. Under the Minister, at the Director-General level, the IMSWG was formed from six ­initial member-departments: Transport Canada; CSIS; RCMP; National Defence; Fisheries and Oceans/Canadian Coast Guard; Canada Customs and Revenue Agency; and Citizenship and Immigration. Over time, IMSWG would increase in size to 17 departments and agencies (including central agencies Privy Council Office, Treasury Board Secretariat, and the Department of Finance), and Transport Canada has maintained its lead status throughout.

Tangible results of deliberations in the IMSWG (Memoranda to Cabinet, IMSWG Charter, Resource Management reports) would be presented to individual departmental leadership for review in draft. As lead-department, Transport Canada would corral the commentary from the member-departments, coordinate with Central agencies, and bring the agreed-upon product to the ADM-level Interdepartmental Safety Committee. Once this committee had approved the product, and verified the source of funding, the product would make its way through the Deputy-Minister “mirror-committee” and then to the Cabinet Sub-committee for National Security issues. This roadway would become similar, if not identical, to that of the FERS organization for Public Safety issues.

The IMSWG mandate, leadership, membership, terms of reference for members, coordination methodology, accountability protocols, sub-working-groups, and approval route to authority were set out early on in the IMSWG Charter. This interdepartmental document laid out the route to Cabinet for IMSWG products for both policy and resources. It also laid out the resource management accountability route for IMSWG to report the results of their work.

The roadway to interdepartmental resource acquisition was mapped out in the first document proposed to government. Approved as policy were the broad strategic ideas that Four Pillars of Maritime Security would be supported for ongoing policy development and resource sharing: Domain Awareness, Safeguarding, Responsiveness, and Collaboration. This government-approved strategic approach cemented the governance that existed in the IMSWG for future endeavors. It also ensured Fairness amongst partners of the IMSWG. Its policy and resource products were debated and voted upon central agency guidance along the way and prior to government approval.

Eventually, tools for cross-government policy development and resource acquisition were put in place for integrated training and exercising in maritime security areas. This area is still evolving – mostly because some departments (like DND, CCG, and RCMP) are more inclined to carry out a long-term, continuous training program; whereas many other departments do not include this in long-range business plans, thus making participation seem like an in-year contingency issue.

2010 Vancouver Olympics
In serious contrast, the recent 2010 Vancouver Olympics Security Organization has seen a very different, and less effective approach to governance. The initial designation of Heritage Canada as Lead Department for the Olympics was perhaps predictable and reasonable; however, in the post-9/11 era, the fact that security must play such an important part in overall Olympic planning considerations leads one to question the omission of a security-oriented department as a co-leader or, at the very least, senior member under the lead department. Valuable time and absence of focus on security funding needs resulted from this serious omission.

Eventually, when Heritage Canada recognized that they had neither the experience nor the bureaucratic depth to lead the security portion, the RCMP were designated as a leader for security concerns in the Olympic Integrated Security Unit (ISU), subordinate to Heritage Canada who remained as the overall federal lead for the 2010 Olympic effort. This was a sound, if tardy, governance change.

Unfortunately, other significant challenges were nagging the RCMP at that time. Moreover, the structure of the recently formed Public Safety Canada (PSC) macro-department was not making things easy for the new security lead. While the Commissioner of the RCMP would have direct access to the PSC Minister, the RCMP do not have any responsibility for policy, resourcing, or action in important public safety areas such as Critical Infrastructure Protection, federal/regional government linkages, and Interdepartmental Training and Integrated Exercise Coordination across the security community. Missing was any sort of directed mandate in a Charter to link these and other security areas of interest to the RCMP leadership for specific Olympic action. Neither a clear leadership mandate nor the appropriate accountability protocol were set in place for strong governance in this instance.

While the PSC Minister would, of course, be a proper and valid champion for the security products brought forward to Cabinet by the RCMP lead, the lack of integration into the already-formed interdepartmental roadway at the federal level produces an inability to bring departments together with central agencies to speedily and successfully progress policy and resource acquisition in step with the myriad of other strategic-level issues.

The Olympic Security Working Groups are led by RCMP officers. These Working Groups have formal charters or mandates and are directly subordinate to several Security Steering Committees. These Steering Committees report directly to the Olympic ISU– which is co-chaired by RCMP and VANOC officials. All security community members are not currently represented on the ISU roster. From there, ISU products progress to an Olympic-specific, ADM-level, Public Safety, Inter­depart­mental Committee. Thus, the current Olympic security governance process is decidedly confused and convoluted. Thankfully, Mr. Ward Elcock has been recently appointed as the senior Deputy-Minister level advisor to the Prime Minister in PCO for Coordination of Security of the 2010 Olympics and G8. It will likely be incumbent upon him to sort out this confused governance picture. Early and detailed attention to governance when initial responsibilities were assigned might have alleviated this.

One important tool that Mr. Elcock will have in his governance toolbox is the already formed FERS organization at the federal and regional levels. By using this existing governance structure, he may find ease of communication, coordination, and integration as policy development initiatives and resource acquisition requests rise to government from the Olympic planning front-lines.

Without a recognized and accepted governance system in place, individual Deputy Ministers are left to debate individual priorities – instead of fusing together an integrated coordinated and agreed policy and resource product amenable to all departments prior to reaching the highest levels of the governance roadway. While fairness is attempted at present, without formal governance arrangements, the seduction of departmental competition for resources is strong. The policy development must take place in an integrated fashion – and then the meting out of resources can follow according to an agreed-upon plan.

Finally, continuous learning is extraordinarily important in the instance of an International Olympic event. The national security value of lessons learned in the preparation and execution of this nation-building event is immense. Once formed and accepted, these security lessons can be used across the country to implement other portions of the National Security Policy needed to meet the challenges of this new security era. Precious little in current Olympic governance encourages a healthy culture of continuous learning.

When one compares these two examples of Canadian government organization and governance, one is struck by the crucial importance of creating a solid, functional governance system in government organizations at an early stage of planning – well before organizational policy development, resource acquisition, and certainly before organizational activities are up and running. The most important stage of government decision-making for organizing future major events is selecting appropriate and functional governance. This is akin to selecting Command and Control for the military – if you don’t have it set up in a workable fashion with the appropriate authorities and delegations, the system, full of well-meaning bureaucrats, will stutter in fits and starts while wasting untold resources.

As the Conference Board of Canada found out, a comprehensive governance system must be set in place early and with authority; it must clearly define leadership, membership mandates, coordination linkages, and shape fairness and transparency. Moreover, it must instill a culture of continuous learning so that lessons are indeed learned and the nation benefits from experience for continuous improvement.

The formal discipline of an authoritative Charter of Governance as a Best Practice for interdepartmental committee systems is an effective approach to establish these requirements.

It may well be PCO’s job to set this formal governance from the outset of each new interdepartmental committee and system. In the case of the 2010 Olympics, Mr. Elcock should consider this sort of approach to clarify present lines of authority for policy development, resource acquisition, and activity management. In so doing, the organizers of the 2010 Olympics will be able to focus on the real internal and external threats of globalization on this international event, instead of wrestling with self-made threats emanating from a confused organizational structure.

Navy Captain Peter Avis is currently Commander of Maritime Operations Group Four in Esquimalt, British Columbia. He has worked with the IMSWG, Privy Council Office, and the Strategic Joint Staff at NDHQ. He is the author of “National Security Approaches to Maritime Security in the Post 9/11 Era” available at the Dalhousie Centre for Foreign Policy Studies. This article represents his personal views.
© FrontLine Security 2008



Making the Case for a Canadian Border Patrol
© 2008 FrontLine Security (Vol 3, No 4)

Many Canadians would be surprised to learn that in today’s heightened security world, Canada has not deployed some kind of mobile patrol capable of interdicting cross border illegal activity. A quick look at a map demonstrates both the challenge and the obvious need for such a capacity. This reality was brought home recently when, during a presentation on the U.S. Secure Border Initiative (SBI), a senior American representative from the SBI prime contractor (Boeing) remarked that, unlike Mexico, SBI Net North would be focused on ­surveillance, ­intelligence and mobile interdiction. He actually referred to the intended interaction between the U.S. ­Customs and Border Protection Service and the Canada Border Patrol. One small problem... we don’t have one. Yet.

Traditionally, our 6,500+ kilometre ‘undefended’ border with the United States was acceptably punctuated by some 119 staffed land border crossings. These range from busy 24/7 locations like Windsor, Lacolle, and the Pacific Highway crossing, to rather remote locations like Snowflake, Milltown and Roosvile. There are literally hundreds of unmonitored roads straddling the border (125 in Quebec alone) not to mention thousands of unwatched fields, forests, rivers and lakes. In years gone by, this now-intimidating reality was simply accepted and, in fact, used by some in Ottawa circles to ­justify inaction when it came to making security a priority at points-of-entry. What would be the point of prioritizing interdiction, so the argument went, when criminals and other law-breakers could just sneak across a field, drive along an unregulated road or motor across an unguarded waterway?

Federal governments previous to the current one pretty much adopted that ‘no can do’ attitude and deliberately downplayed, and even distorted, the ramifications of what a security deficiency at the border meant. In perhaps the most blatant ­politically supportive messaging, a former RCMP Commissioner described the idea of a mobile border patrol as a “waste of gas.” Not everyone agreed – mountains of criminal intelligence accumulated on both sides of the border showed that illicit movement of drugs, guns and people were dramatically increasing, with clearly negative domestic safety & security results.

As is often the case, our American counterparts placed a greater emphasis on their ability to secure the actual integrity of their borders – fuelled no doubt by the growing flood of illegal immigrants across their southern border. There was, however, still a mobile patrolling presence on the U.S. side of the Canadian border, albeit in a much smaller capacity than to the south. And then 9-11 happened.

In the months following those terrible events, almost everyone involved in border security had occasion to explain (sometimes repeatedly and sometimes to a less than trusting audience) that, in fact, the terrorists had not entered the U.S. through Canada and that Canada was not a haven for terrorists generally. While those myths have largely evaporated, American decision makers immediately grasped that a previous criminal vulnerability – like an ‘unsecure’ border (or marine port) – was likely also a terrorism vulnerability, and thus needed to be addressed on a priority basis. This has translated, on the American side, into institutional reorganization, significant increases in Customs and Border Protection (CBP) personnel assigned to the northern border, deployment of enhanced surveillance technologies, and a greater understanding that cross border cooperation is essential to success.

High tech equipment atop this pole is used to see and hear illegal immigrants attempting to cross into the U.S. (Photo: James Tourtellotte)

In Canada, the impact of 9-11 on border security has also been profound, highlighted by the creation of the Canada Border Services Agency and a prioritized Border Integrity Program. Central to this has been the RCMP-led Integrated Border Enforce­ment Team (IBET) concept which, although deliberately limited in scope, has shown the success of joint, intelligence-led operations. CBSA has participated in the IBET program – an ability has been dramatically enhanced since January 2006 when the ­current federal government was elected on a platform that included improving border security. This has been accomplished through increased personnel, ending work­alone situations, improving marine radar surveillance, and arming Border Services Officers in recognition of the enforcement duties they perform. Canada has stepped up its cross border efforts with U.S. border authorities through programs like IBET, marine patrols (Shiprider), intelligence sharing, and analyzing lawful authority. In short, we have made significant progress, especially since January 2006.

The most recent development was signaled during the recent election campaign when the Government announced that, if re-elected, it intended to launch a joint force CBSA and RCMP pilot Border Patrol with land and marine patrol duties. Quebec is a natural selection site for this pilot project, as it has over 125 unguarded roads and is home to Lake Champlain plus other cross border lakes and rivers. It’s also the Province where, a few years ago, the RCMP unexpectedly closed seven detachments (several of which were close to the border) resulting in demands for better protection.

Agency intelligence reports from both sides of the border confirm that CBP sectors bordering Quebec (and down the St. Lawrence and into the Great Lakes as well) are seeing continuing illegal cross border activity, predominately the smuggling of drugs (in both directions), contraband cigarettes and people. While it may be surprising to some, there is an increase in the northward flow of illegal immigrants as the U.S. continues its internal crackdown on persons unlawfully residing in their country. It’s also now clear that, all too frequently, these illegal immigrants are engaged in ongoing criminal activity. A joint force mobile border patrol – supported by IBET intelligence, enhanced analytical marine radar surveillance and integrated sensor information – will permit greater interdiction and apprehension success.

In a refreshingly candid observation, the RCMP’s new Commissioner Bill Elliott (former Deputy at the Coast Guard) recently responded to a question at the Commons Public Security Committee from border-savvy MP, Gord Brown, by describing current marine surveillance on the St Lawrence and Great Lakes as ‘inadequate.’ Commissioner Elliott should be commended for breaking with the usual ‘everything is perfect’ Ottawa mantra because the first step in fixing a problem is having the courage to admit one exists.

Being able to interdict such activity right at the border is not just about intercepting persons and goods illegally entering Canada; it’s also about using the proven effective law-enforcement tool of ‘prevention and dissuasion.’ A properly resourced and equipped joint force border patrol will provoke a reduction in the flow of dangerous drugs and guns into our cities which are literally the commodities that fuel the gang violence present in a growing number of urban centers. What we don’t catch at the border inevitably makes its way to the streets of our country. The Government is to be commended for launching this operational initiative rather than succumbing to largely symbolic gestures like banning handguns. After all, we’ve banned murder and that isn’t exactly doing the job.  

A detector dog and handler inspect the trunk of a vehicle. (Photo: CBSA)

Ideally a joint force border patrol will include a shared Canada-US automated sensor and analytical radar surveillance system that can generate real time target interception data as well as track patterns for intelligence analysis in support of future operations. This will likely mean inclusion of other police partners like the Ontario and Québec Provincial Police as well as other municipal police agencies, some of which are already engaged in anti-smuggling enforcement.

Although a border patrol will unquestionably cost money, the cost is expected to be quite modest and nowhere near the estimates provided by the former President of CBSA who saw building fixed locations on every road as the answer. The IBET, intelligence-led model, enhanced by deployed surveillance and sensor technologies will provide a more productive and cost effective solution, especially by learning from border expertise and growing enforcement capacity of CBSA officers.

This is also not a situation that will require extensive legislative reform as the provisions of the Customs Act already creates both the legal obligation for all persons seeking entry to Canada to stop and present themselves for inspection, and a concurrent power for Officers to intercept individuals who don’t comply – including after the person has entered Canada. Section 160 of the Act makes failing to stop as required an indictable offence which triggers the ­justifiable use of Peace Officers’ powers bestowed under the Customs Act.

Border security in Canada has been steadily improving over the past number of years. Perhaps not surprisingly, specific improvements have largely been identified and then championed by front line officers who work at Canada’s points-of-entry, as well as those who perform inland Customs and Immigration intelligence and enforcement duties.

The Customs and Excise Union Douanes Accise, now called the Customs and Intelligence Union (CIU) first started this action in the mid-90s, with a call for greater enforcement authority and proper tools. With the announced deployment of a joint force mobile border patrol pilot, another significant milestone has been achieved, and Canadians will be that much safer as a result.

Ron Moran is the National President of the Customs and Immigration Union.
© FrontLine Security 2008



One Last Thing
CI: Less Talk, More Action
© 2008 FrontLine Security (Vol 3, No 2)

Country and Western singer Toby Keith immortalized this phrase in his gravelly ballad about relationship expectations. His sentiment was right at home last month at the Conference Board of Canada’s Critical Infrastructure (CI) Security Conference. As several presenters and delegates noted, despite the passage of six and a half years since 9/11, Canada still lacks a comprehensive, clear strategy aimed at securing Critical Infrastructure and ensuring, to the extent possible, its business resiliency.

Ironically, the conference coincided with the unexpected release of a Public Safety Canada Consultation Paper, oddly entitled ‘Working Towards a National Strategy and Action Plan for Critical Infrastructure.’ This of course contrasts with the Department’s November 2004 ‘Position Paper on a National Strategy for Critical Infrastructure Protection.’ If the plan in releasing the... uhhh…Plan was to deflect expectations, the strategy backfired. Moving from a ‘Position Paper’ to a ‘Working Towards’ plan may constitute progress in official Ottawa circles, but for people involved in operating or protecting CI, it’s merely continuing an inexcusable delay.

Despite this, there was a distinct air of optimism at the conference’s conclusion. This sentiment emanated from a month of unprecedented, informed, blunt, public analysis of federal inactivity on CI security, and Public Safety Minister Stockwell Day publicly overruling a Natural Resources Canada decision to end threat analysis briefings. The event provided a forum for detailed and specific CI Security recommendations, and the announce­ment that the Board will be assembling delegate recommendations is a further welcome development. Add to that the Public Safety solicitation of input, and it’s clear that something is in the air. I believe it’s called opportunity.

These are no small issues but there is palpable willingness among operators, industry, law enforcement and local governments to participate and achieve tangible results. Some of the topics under consideration will be governance and accountability, funding, information sharing, credentialing, technology deployment, cyber security, business resiliency and sector specific concerns. Each area presents choices, but as our friends south of the border have demonstrated, action is possible – although we may well choose not to proceed as they have. In the U.S., a series of Sector Specific Plans were designed with industry using a Risk Management Framework. The result was a series of enforceable sectoral Anti-Terrorism Standards. Recognizing their litigious propensity, the Americans also decided to enact the U.S. Safety Act with a civil liability exemption model based on deployment of certified technologies. I personally think a statutory presumption of civil liability exemption where regulatory standards are met is a better way to go, but doing nothing is not a wise “choice.”

Given the federal foot-dragging on this file, perhaps it’s also time to assign responsibility for federal completion of CI security issues to a single department – like Public Safety Canada. That way, if, for example, the mass transit sector doesn’t have a federally funded, two way continuous information sharing and threat analysis entity up and running by a defined date there will be specified persons to hold accountable both at Transport Canada and Public Safety. I seem to recall this approach being at the heart of the Auditor General’s 2003 Review of federal Anti-Terrorism Initiatives and a big part of the raison d’être for creating Public Safety and Emergency Preparedness Canada. Accountability works, when it’s real.

Finding the best funding model for CI security is also a priority. A $7.5M federal grant is frequently more effective than a $10M federal grant, 25% of which must come from either the operator or local government. It’s also a good idea to make sure that, whenever possible, federal CI security funding perform a public safety purpose. Bad guy lookout biometrics that recognize fugitive criminals as well as ­security risks or marine radar surveillance systems that detect small and fast moving gun and drug smugglers, and would-be power plant attackers, are examples of this dual benefit approach.

Perhaps the most glaring deficiency is our incomprehensible resistance to creating and operating industry-specific, two-way, federally funded information sharing entities. Once again, the U.S. can be something of a model with their Information Sharing and Analysis Centers. We’ve already got an Integrated Threat Assessment Center (ITAC), which could be beefed up to include an all hazards capacity.     

What we don’t want to do, is allow federal inactivity to lead to an un-coordinated approach on issues like credentialing for employees at critical infrastructure. To the extent possible, a person cleared to work at an East Coast seaport should be able to use that clearance to work at a Toronto airport or, if we’re really efficient, participate in the cross-border, low-risk programs like FAST or NEXUS. This national approach, with an effective bad-guy look-out component, is essential because we want to prevent a CI employee fired for security or integrity reasons from getting a different CI job just by changing towns or changing names.    

Finally, let’s get on with the measures that combine both security and business operations like finally implementing pre border clearance, so traffic is checked before it gets on that billion-dollar-a-day infrastructure called a bridge. At seaports, let’s recognize that, in today’s world, the ability of four illegals to stroll unimpeded out of the Port of Halifax is an unacceptable security deficiency, that if left unchecked will turn into a trade barrier. It’s long past time to admit that getting rid of the public policing presence at seaports was a ­mistake and that in correcting it, we turn this ­deficiency into a security and trade enhancement.  

There is still much to be done, and Toby has the right approach.

Associate Editor Scott Newark, a former Crown Prosecutor, is currently the Vice Chair/ Operations of the National Security Group.
© FrontLine Security 2008