2010 issue [current-page:url:args:value:2]


UK: National Security Strategy




Strengthening the Defence role in disaster management


This Special Report, authored by Athol Yates and Anthony Bergin argues that it's time for Defence to more fully incorporate domestic disaster assistance tasks as part of its core business. Defence is likely to be used more frequently in the future to assist in domestic disaster management. There will be larger and more frequent extreme weather events with a growing community and political expectation to use military resources to support whole-of-government counter-disaster efforts.
Three key actions should be taken:

  • Government should clarify that disaster assistance is a defence priority task. Elevating domestic disaster assistance into a core Defence activity will ensure that this priority flows through the Defence organisation.
  • Defence should undertake a fundamental review of its domestic disaster assistance role with the goal of maximising its contribution to disaster management. This is likely to involve modifying existing organisations, policies and procedures, logistics and training.
  • Defence and civil counter-disaster organisations should work together to facilitate the transfer of capability development, research and development and other skills to accelerate the development of the states and territories next-generation disaster management systems.



Australia's National Security Institutions: Reform and Renewal


(Sept 2010) This report, authored by Carl Ungerer, highlights the major changes to Australia?s national security institutions since 2008. The paper argues that despite several years of reform, the institutional design for national security policy-making as a whole remains dominated by centralisation and limited coordination.



National Drug Threat Assessment 2010


(Feb 2010) This report provides policymakers, law enforcement executives, resource planners, and counterdrug program coordinators with strategic intelligence regarding the threat posed to the United States by the trafficking and abuse of illicit drugs. The assessment highlights strategic trends in the production, transportation, distribution, and abuse of illegal and controlled prescription drugs. It also presents strategic intelligence regarding the operational trends and tendencies of drug trafficking organizations and street gangs that distribute illegal drugs and highlight drug trafficking trends along the Southwest Border.



NEWS REPORT: Saudi Arabia and the oil bank


(Jan 2010) As crude oil prices climbed back over US$80.00 per barrel during 2009 (after the dramatic spike to $147 and subsequent collapse to $35) U.S. politicians and regulators knew who to blame.



Money Laundering and Terrorism Activity Financing
By FinTrac

(Dec 2010) This report Summarizes relevant group-based, activity-based and country-based money laundering and terrorist activity financing issues. It alerts readers to new developments that could possibly be exploited for money laundering or terrorist activity financing purposes in Canada.



Editor's Corner
Getting the Most Out of Success
© 2010 FrontLine Security (Vol 5, No 1)

Much has happened since our last edition. Three events in particular deserve mention here. First, I must commend Minister Toews for finally releasing the government’s first Federal Emergency Response Plan (FERP). With the Minister’s announcement of the FERP, Public Safety Canada has successfully responded to the call from many, including the Auditor General, to take the lead in setting policy and procedures for a robust response to any national emergency. Minister Vic Toews granted FrontLine Security an interview that we will publish in the next edition, along with an analysis of the effectiveness of the plan.

Second, the H1N1 reaction, by PHAC in particular, minimized the damage of a potentially dangerous pandemic and it was reassuring to see the level and extent of communication to the public.

And third, the magnificent Olympics awakened Canadian pride and achievement which flourished under discrete, yet effective, security preparations. Blair Watson explores some of these in his article on the Olympics, pointing out that 15 law enforcement agencies, at all levels of national and international governments, were involved in the 2010 Winter Games. RCMP Assistant Commissioner Bud ­Mercer states that “the safety and security inter-agency cooperation and relationships will remain in place for years to come.” Business as usual, we would hope, but I suggest that this will require some periodic nurturing.

Successes from the 2010 Winter Games will provide sustaining value to the rest of the country – for example this summer in Huntsville, Ontario, the G8 security environment will have systems and procedures that add to the overall security of an international event and these solutions were first introduced last winter in Vancouver.

It is now time to reflect upon getting the most out of these successes. We all must capitalize on these fresh lessons learned, ensuring that we can maintain and improve upon what works – and identify where and how to improve the rest. To that end, we discuss, in this edition, the critical need to create, improve and maintain strategic and tactical relationships, or establish the new partnerships needed to secure the safety of our citizens.

From his most interesting strategic view, Lieutenant-General Mike Jeffery of CDFAI stresses the need for federal vision and leadership for Canada’s future security by creating “a political and organizational environment that will bring all stakeholders together and ultimately see the emergence of a more effective national system.” He also sees the need to eliminate or minimize barriers and improve international cooperation. Good measures indeed, and which, by the way, can be used to evaluate the new Federal Emergency Response Plan.

At the coal face, Steven MacLean and Bill Mackay’s articles propose a disciplined approach (DA) for public and private sector Emergency Managers. They seek to effectively train responders from all sectors and equip them in a common way to conduct situation analyses, prioritize objectives, arrive at response strategies and “manage the response through to completion.” This is a key partnership objective in the developing mosaic of security inter-relationships.

Likewise, Brian Rexford of AT&T highlights the serious efforts being made towards the all-encompassing and increasingly-important role of cyber security in the national threat arena. These efforts must include a “need for strong public-­private partnerships as the best path to ­mitigating the globally diverse botnet threats.” We should also study the U.S. Comprehensive National Cybersecurity Initiative (CNCI) in this domain, especially for methods of framing partnerships.

Two major efforts from the United States include a look at the Homeland Security Institute, a Private-Public Partnership that works to provide analysis on possible solutions such as public engagement in counterterrorism efforts; and an article by Dr. Craig Galbraith and Christy DeFelice on the guidance provided for Command, Communications and Coordination of First Responders. See also Ed Myers’ article about ECS, a U.S. company, and its approach to data fusion as a solution to effective national security collaboration.

Peter Avis and Doug Hales, in their follow-on Maritime Domain Awareness article, analyze our history of non-cooperation in this area and prescribe a new way forward. Justice Minister Alison Redford expounds on Alberta’s model Safe Communities initiative and partnerships that are essential to smooth operation.

Harold Bottoms is back in this edition with a very pertinent pitch for leadership in the criminal intelligence field, particularly in the fusion of criminal information in private and public domains. Also, Hal Newman offers some interesting thoughts on the role of social media in emergencies. Both pieces imply that computer and communications technologies can be used to advance public safety and national security.

There is still much work to do at the national level – coordinating standards, mitigation measures, plans and responses to protect our critical infrastructure domains – and FrontLine will pursue these in coming issues. This is a major “Private-Public” partnership and leadership challenge.

Money Laundering and Immigration Fraud are also key areas of concern. Denis Constant and Garry Clement provide advice in this area for our next edition.

One final issue that I wish to bring to our readers’ attention is the changing dynamic in our border security measures. Major changes are forthcoming in the U.S. approach to some of their tremendously expensive Smart Border initiatives and some rather critical weaknesses in measures that Canada has just recently imposed. For instance in January, the Globe and Mail reported that “Canada’s border guards fear that they may be letting in terrorists because of inadequate information-sharing agreements with other agencies, both federal and international.”

All in all, I hope that you will agree that focusing on Partnerships is indeed a proper way to launch this decade, confront the work ahead, and encourage all to work together towards a safer world.  

Clive Addy, Executive Editor
© FrontLine Security 2010



Editor's Corner
Crime, Money and Your Security
© 2010 FrontLine Security (Vol 5, No 2)

As promised, this Summer 2010 edition deals with criminal financing and its effects on our security. To open, we called upon the expert perspectives of two former RCMP authorities well-versed in the subject of what we call ‘Dirty Money,’ for our first look on this specific topic. Garry Clement, former RCMP Director of the Proceeds of Crime Program and now ­president and CEO of White Collar Consulting and Investigative Group, and Denis Constant, former RCMP Director General of Economic Crime, and president of Constant Corporate Security & Investigations Inc, answered an identical set of questions. Their perspectives set the scene for FrontLine’s examination of Organized Crime and its impact on one of the key Critical Infrastructure components – the Financial Sector.

From across the border, we are pleased to be able to offer an interesting warning from Nick Contratzos of Efficient Research Solutions, destined for all security professionals in major corporations, especially those dealing with critical infrastructure. His article on Insider Financial Crime will open eyes to the less obvious risks.

On a similar note, Kim R. Manchester, the Managing Director of ManchesterCF, a financial crime risk management firm, examines money laundering as well, this time from the perspective of a growing expansion of the Black Market Peso Exchange.

Our own Edward Myers calls for ­serious efforts to improve timely national coordination and sharing of Intelligence if we are to effectively address financial crime.

With the advances in our virtual world, Steven Landman, from the Investigative Program on Terrorist Financing, outlines the challenges of thwarting this burgeoning terrorist threat. And, just to give this some perspective, coupled with the article on weapons of mass destruction and the ­terrorist by FrontLine’s new contributing editor, Mario D’Angelo, we can see one route down which this threat may indeed prove dangerous to our potential security.

Blair Watson takes a look at the security question of passports. It seems the added features in biometric passports can assist in interrupting forgery efforts but the loopholes demand answers.

Professor Steven Hutchinson from the University of Ottawa brings us up to date on our laws and the national and international mechanisms in respect of proceeds of crime, and makes us aware of the security challenges that criminal financing poses here and abroad. This, in conjunction with the excellent submission by Yiagadeesen Samy, associate professor at the Norman Paterson School of International Affairs at Carleton University highlighting the differing objectives behind money laundering and terrorism financing, indeed justifies his most valid plea for an efficient inter­na­tional body to coordinate this global fight.

FrontLine continues to follows the ever-important topic of cyber security.

We present an important interview with US Deputy Secretary of Defense, William J. Lynn III, following his visit to Canada, on the importance of addressing our continental cyber security challenges, particularly to our critical infrastructure.

In another article on this same topic, Dave McMahon from Bell Canada and Dr. Rafal Rohozinski of Sec Dev Group deal with the issue of cyber espionage, in terms of the economic and other advantages that amplify our vulnerability.

Scott Newark closes with his One Last Thing on $ound and $ensible $ecurity in the application of Justice.

An interesting edition indeed, and one which we hope will encourage readership debate and sponsorship support.  

Clive Addy, Executive Editor
© FrontLine Security 2010



Editor's Corner
2010 - A Lot Done and More to GO!
© 2010 FrontLine Security (Vol 5, No 3)

At the beginning of 2010, the government had just published its Critical Infrastructure Strategy and Action Plan and published this October another major ­document, its Cyber Security Strategy. Mr Justice Major revealed the findings of his inquiry on the Air India intelligence and other law enforcement shortcomings. Canada had the Olympics, the G8 and G20 to secure in an ever more visibly terror-laden world.

At the national level, Public Safety remains the department charged with the coordination of national efforts and international cooperation in these matters and we addressed with Minister Vic Toews, his views on the three challenges of Border Security, Critical Infrastructure and Cyber Security. We also talked with Senator Hugh Segal, Chair of  the Senate Special Committee on Anti-terrorism. Readers will note that much has been accomplished, however, some serious divergence of ­opinion remains, such as on the need for and role of a legislated National Security Advisor.

On the matter of Emergency Management, this issue offers a veritable compendium of ideas and resource recommendations for concerned emergency planners and responders at all levels. Aaron Wynn and Dr. Kieran Moore share some challenges related to public health ­surveillance practices at major international events.

The smart use of technology and the sharing of better practices at all levels is vital to improving the safety of Canadians. A good example is the electronic collaboration on best practices between partners across Canada evolving with the process of Partnership Towards Safer Communities (PTSC), originated by our Fire Chiefs and made known by Bill MacKay. The ever-more-common practice of “texting” offers numerous dangers and it is refreshing to see that wireless providers have stepped up to waive fees in support of an education program for young teens by the Canadian Centre for Child Protection.

Barb Mills, Disaster Management Coordinator in the Peterborough area reminds us of the important responsibility of Business Continuity planning for not-for profit organizations of all sizes. Likewise, Sean Tracey, Chair of the Canadian ­Centre for Emergency Preparedness, underlines the importance of small and medium businesses and their Business Continuity planning. Tyson Macaulay, from Bell Canada, exposes the critical interdependence of infrastructure sectors when considering business continuity, and, most importantly, provides a wise way to evaluate and mitigate the risks. Ron Meyers from the Canadian ­Standards Association advises FrontLine readers of the new Z1600 Standard on Emergency Management & Business Continuity Programs as the guide across Canada.

Blair Watson offers a most interesting update on recent events and response procedures to major air disasters.

Our editor Ed Myers brings us up to date on the recent Disaster Integrated Response Exercise (DIRE) on a simulated earthquake in Ottawa, and comments  on the need for National Emergency standards where he encourages the department of Public Safety itself to take the lead and develop its capacity to assist others.

As usual, our own Scott Newark has the Last Word; a lessons learned on the Omar Kadhr case.

Enjoy the ride and the read, but remember to let us know what you think we need to make Canadians safer!  

Clive Addy, Executive Editor
© FrontLine Security 2011



Lt-General Michael Jeffery
Vision and Leadership
Canada Must Face the Potential for Domestic and Global Threats!
© 2010 FrontLine Security (Vol 5, No 1)

In an editorial published recently in the Ottawa Citizen, former Head of the Army, Lieutenant-General Michael Jeffery reviewed a survey of Canadians’ perceptions on various potential threats to Canada. He decried the lack of general awareness and emphasized an urgent need for leadership commitment and sacrifice to prepare for potential threats. FrontLine’s executive editor, Clive Addy, interviews him:

Q:What priorities would you wish to see in any coherent Security Strategy for Canada?

Let me put my remarks in context. The CDFAI poll asked people to assess critical threats to Canada over the next 10 years. So we were not talking about imminent threats – certainly this is not a case of suggesting the sky is falling. What concerned me was that Canadians’ sense of threats is declining when any reasoned assessment would indicate that the mid to long term threats are growing.

My concern is that if we want to avoid having to face these threats at a critical level, we need to start dealing with them now and that is really where leadership comes into play. My own sense of the current state of national security policy and how it is being managed is not necessarily very positive.

To my mind, our National Security Strategy needs to follow four thrusts:

The first is that it should increase the responsiveness & efficiency of our security structure. Approximately 26 federal institutions, 10 provinces, three ­territories and the myriad municipalities across this nation, all have a role to play in the security challenge. The overall coherence of the structure, through cooperation coordination and/or integration, is the first thing that needs to be improved. The sharing of information and intelligence, and the effectiveness of our risk management approaches are also measures that we must take, rather than just talk about. Only in this way can we ensure that Canadians get best security value for money.

Second, I think there needs to be an effort to decrease the vulnerability of our critical national infrastructure to threats. “Critical infrastructure protection” is important, but a higher priority should involve the reshaping of national infrastructure, over time, to make it less fragile and more resilient to shocks; not just terrorist attacks but also natural disasters such as earthquakes and storms. Reshaped infrastructure could be more resilient and able to withstand those threats.

Third, though some might disagree, I do believe that we must work to reduce the underlying factors that increase threats – and here I mean “root causes.” I recall, early post-9/11, some commentators at the UN and in other government for a voicing the opinion that these were an excuse for 9/11… that is certainly not what I am saying. However, to suggest that there are not root causes for some of the threats we face and the sort of attitudes that are being expressed around the world is naïve in the extreme.

For example, in the matter of terrorism, what are the economic and social issues which generate the level of disenchantment in young men that leads them to use force? You are always going to find and have to deal with extremists, but I am convinced that many among these groups are just poor and desperate individuals with no alternative to support themselves and their families. There is a serious economic and social underpinning to the terrorism threat.

Immigration is another aspect. This nation has grown and survives because of it. We benefit from having people of various nations come to live here and we should continue to welcome them. But, we need to ensure we not reach the state of other countries, like the UK, where those groups tend not to integrate into the greater society, but become microcosms of their home nation, bringing all of those difficulties and problems with them. We don’t need that. We have not had it in the past and we must ensure that we do not in the future.

Other security challenges brought on by climate change, globalization and pandemics need to be addressed. This nation must take a positive leadership approach in dealing with these issues on an international scale. I believe that requires linking our security requirements to everything we do by integrating security objectives into all government policies and initiatives. All policies, foreign, aid, trade, economic etc should contribute to minimizing these underlying factors. Solutions are not necessarily military ones or even security agency related, so reducing these underlying causes will require a broad range of capabilities throughout government and beyond. Some of this is happening now, but not in any ­particularly coherent way. Much more should be done.

Finally, and the TOP PRIORITY is that all of this requires Leadership & Education of the people. There needs to be a clear statement of intent from government and a strong message that we need to deal with these issues. The nation must have the will to do so – must see the need and be prepared to sacrifice to achieve it. This is foremost a matter of leadership and education by our leaders. These are not disjointed things but part of an overall policy to improve the security and well-being of the nation and its place in the world.

I believe that it is time for our political leaders to begin to address these issues openly. I am surprised, and, dare I say, even appalled, at the level of unwillingness to talk about some of the issues. We say we want a debate and as soon as anyone starts to challenge what we are doing, we throw roadblocks like “we’ve got be loyal to our troops.” Such positions are disingenuous. We ensure loyalty to the troops by maintaining loyalty to the nation and ­ensuring their sacrifice is not wasted or misguided. That means we need the nation not just behind them, but also behind the mission – and that requires open debate and strong political leadership.

We must also ensure that we do not create an environment where we induce panic. National leadership needs to take a reasoned long term view that advances an understanding the complexity of underlying issues and the actions necessary. This should lead to a general acceptance that the nation has to change if we are to mitigate the threats we face. None of this will be easy, but such is the role of leaders.

If we do not take this approach, we will wake up some day to find some of these threats on our doorstep, at a critical level, and be unable to respond to them… the cost, in resources and suffering, will be far, far higher than if we start now.

Q: The Canadian government, under both the Liberals and Conservatives, consulted “broadly” on security since September 2001 and produced some changes and guidance documents, such as Securing an Open Society (2004) and Working Towards a National Strategy for Critical Infrastructure (2008). How effective have these been, and what, if any, other process would you encourage the government to follow to achieve as broad a consensus as possible on a major national strategic vision and to resource and action such a Security Strategy?

On this question of Strategy and Policy, might I first recognize that the Martin Government published the first ever Canadian National Security Policy in 2004. While one can certainly take issue with some of the specifics, and argue that it should have done more, I think it was a good start. Unfortunately it seems to have withered on the vine andthe Conservative government has been slow to advance the strategies and objectives espoused within it.They did publish a discussion paper on a National Strategy for Critical Infrastructure (2008) a topic which was identified in the 2004 document and in December 2009 the Federal Emergency Response Plan.

However, given the time gap between them, I am unclear whether the latest documents are a logical progression or, possibly, a de-facto whole new policy under a different guise. So I must say that the real state of actual National Security Policy remains very much unclear to me.

Minister of National Defense Peter MacKay and Secretary of Defense Robert M. Gates conduct a bilateral meeting at the Citadel in Halifax, Nova Scotia. (Photo: Cherie Cullen)

As I look back on those documents, I can certainly endorse the strategies and objectives contained in them. They recognize the need for a systems approach across the nation and at all levels of government, by seeking greater integration or by working towards better partnering. All recognize the need for a comprehensive risk management process, and they highlight the need for improved system-wide information or intelligence sharing.

It appears that we have been saying the same thing and identifying, arguably, the right objectives since at least 2004… we just need to get on with it.

If the new Minister of Public Safety can do that, he will serve the nation well. One must recognize, however, that unlike Homeland Defence in the United States, Canada’s Public Safety continues in some ways to be an umbrella department under which divergent and virtually autonomous organs continue to operate without any real attempt to pull them together.

In the present structure, Public Safety lacks the overall authority, the leverage, if you will, to conduct the kind of integration or partnering that we are talking about.

If the system really is to change, it must start with firm direction from the Prime Minister that all departments are to contribute to the security of Canadians. Such a declaration must be very clear in establishing who has the authority (either central agencies like the Privy Council, or a specific department) for changing structures, bringing people together, and creating the dynamic for increased cooperation and integration. Changing the very culture across many, many federal departments will be difficult, as it will be across Provincial and other levels. Indeed, while the requirement is for people to deal with security issues that have not been part of past mandates, or to accept this increased level of integration, some have already fallen back on the comfortable habits of pre-9/11 views of security.

I recognize the difficulty of getting all levels of government to cooperate on this issue. Indeed, getting just one level to work together can be arduous. While there are legal limits to integration in some cases, this is no excuse for inaction; Canadians have a right to expect a more effective and efficient security system.

Another challenge is the spectre of resources, but, I am convinced that, in the longer term, the move to a more coherent and integrated system would actually save money. We are wasting resources because so many agencies are duplicating work. An integrated approach will ensure much better value for the money we are investing in our collective security systems.

Such savings are not only to be found in the security architecture but can be seen in many other areas. Take energy for instance. Arguably, the move to new forms of energy will require considerable investment in new infrastructure. A properly structured energy policy could guide the development of a more resilient, less vulnerable, distribution system than the current centralized one. This could also reduce the security costs of subsequent infrastructure protection. In short, proper government policy development can increase our security and ensure good value for money spent. Government alone cannot do it, but it must provide the leadership. Of course, achieving consensus will be a major challenge, but this is where leadership is most required.

I believe it is the federal government’s role, and in particular, the Minister of ­Public Safety’s responsibility, to create a political and organizational environment that will bring all stakeholders together and ultimately see the emergence of a more effective national system.

Q:As with SARS, H1N1, Haiti, climate change, economic recovery, the Olympics, Afghanistan and other missions at home and around the world, there continues to be a need for multi-level internal and international coordination and cooperation to deal with the predictable and the unexpected threats to the safety and security of Canadians. Under past leadership, we had the “Security and Prosperity Partnership for North America,” with the U.S. and Mexico. If nothing else, this gave annual regional leadership focus to many common security and safety problems. Would you consider this SPP approach valuable to get more of the public interest and support that you deem might be needed?

First, I must say that my recent visit to its Web Site would indicate to me, and to the rest of Canadians, that the SPP is no longer in effect. There is no question that we need to work closely with our U.S. neighbour on all aspects of security. Our nations are so closely tied together that it is in our mutual interest to do so, both to ensure the security of our societies but equally to facilitate continued economic activity.

The problem with the Security and Prosperity Partnership is that it was undertaken without sufficient public discussion. Canadians became suspicious of the process and in particular saw it as the increasing domination of the United States. Indeed, for this reason, I think that the SPP initiative is for all practical purposes dead.

That being said, could something like it be undertaken in the future? Something must replace it. Whether it includes Mexico or not is another matter. Our requirements and situations are so different that one might legitimately ask why at all. With the change of government in the U.S., the conditions are more favourable. Any future such initiative would need very much to take Canadian sensitivities into account. Our political leadership would have to convince Canadians of a need and provide assurances of protecting their rights and Canadian sovereignty. I believe John Manley’s smart border initiative was effective in this realm for this reason. Small steps well taken can often prove most effective.

We also must not forget the powerful sensitivity about security that still permeates the American political psyche. We must deal with that in discussions about our common border and the free flow of legitimate goods, services and people for our common security and prosperity.

Essentially, I believe there are really two major options that we must consider for our future relationship with the U.S. One is to have a more integrated border serving us both, with better agreed and facilitated transit both ways. In short, a “one stop shopping” approach. The second is to get rid of the border altogether and focus on more integration of our economies… and before ranting about loss of sovereignty drowns out discussion, we should just reflect for a moment at what has happened to Europe… with old very sovereign members operating well with invisible borders. It would certainly prove much cheaper. However, we proceed, this relationship and its management will remain perpetually a top security priority for our government.

Q:Your Institute recently released (October 2009), a fine analysis of the Canada First Defence Strategy (CFDS). One of its main criticisms is that “it is very general in its strategic framework and fails to prioritize any of the initiatives described. The existence of a small but steady increase in defence funding over the longer term is very positive for planning purposes, but the ability to meet the demand for capability with the supply of resources will remain a major challenge. Adjustments to the Strategy will certainly be required, as circumstances and priorities evolve, suggesting the need for a mechanism to make modifications from time to time.” Do you agree with this assessment and what adjustment mechanisms or processes would you think should be proposed, particularly in this economic environment?

HMCS Toronto and CCGS Pierre Radisson, during a refueling operation while at anchor in Iqaluit harbour. The Ships are participating in Operation NANOOK '09. (DND Photo: Cpl Dany Veillette)

I believe the CDFAI report is a good analysis and raises a number of important issues and I would highlight two of them.

CFDS Funding
The strategy provides a commitment to long term stable funding, which I believe is essential if DND is to maintain or improve its capabilities and achieve a degree of efficiency, particularly in Defence procurement. However, as all such documents tend to do, this strategy tries to leave the impression that the funding commitment will solve all of the problems – I don’t believe that to be the case. The CF went through at least a decade of significant cutbacks in the 90s, which seriously eroded many of the core capabilities. Subsequent increases to defence funding have been vital in stemming and reversing that trend but it would be wrong to believe that they have been completely resolved.

The amount of funding forecast would see a real growth in the defence budget in the order of 0.6% which could be even less if inflation grows as it is forecast. So, while the increase in funding and the stable forecast are all good signs, the CF will face tough decisions in the years ahead to maintain an effective force. The Department is not getting a lot more money; it is largely growing at the rate of inflation. Some, of course, will argue that the nation has other priorities and we should not be spending money in this area. I certainly recognize the importance of balancing priorities and to not spend more on defence and security than the nation needs and can afford.

However, I remind your readers that the first job of government is to protect its citizens, and with the growing threats we may need to spend more in this area.

I would also highlight the fact that, as a nation, and for a long time, our defence spending has been among the lowest of any developed country, and even with the recent increases, it ranks about 8% of the Federal budget and only 1% of GDP. So, if indeed the threat to our security is increasing, the nation does have the flexibility to increase the wealth it devotes to its security.

This second issue gets to the core of what you asked, essentially the whole issue of priorities. The CFDS lacks clear priorities to guide investment. The analysis talks of the lack of mechanisms and I think we are saying the same thing. I believe the reality will be that, given the potential for economic difficulties ahead, the defence cloth will continue to be re-cut to fit the changing economic framework. It has always been that way, and will not change in the future. Indeed history shows that government resource challenges result in such a review at least every couple of years.

The defence strategy needs to establish priorities or mechanisms to allow the force structure and plans to be re-shaped logically, as resource availability changes. If this does not exist, it means that every budget implies a totally new series of time-consuming submissions and conflicting priorities, resulting in higher costs and conflicts and the potential for imprudent discarding of expensive equipment and other resources.

The means of achieving these priorities starts with an overarching vision of how the nation will meet its defence needs, given the resources it can afford. This involves high-level reflection on possible options.

As a very general example, one could focus on forward engagement – where the nation addresses its security concerns and interests primarily on the international stage. Such an approach would mean dealing with the threats at their source; in the worst case, fighting the battles on someone else’s shores.

The alternative would be to focus on continental defence and security, which would see a minimizing of international involvement, but beefing up domestic defences. A Fortress Canada / Fortress North America approach.

In the final analysis, it is probably a ­balance between these two, wherein the priorities are expressed with the required clarity to allow decisions to be made on the type of capabilities required and to apportion the resources accordingly.

If such overarching concepts of priority don’t exist, then with every change in budget, the military is potentially discarding capabilities it has spent years and much money developing. Investment in Military Capital is a long term business and must not be subject to current whims.

Investments must be made in capabilities which are deemed essential to the long-term security of the nation in the type of operations deemed most likely and threatening by the military leadership.

This isn’t to imply that short term requirements don’t arise, as they have in Afghanistan. However, such procurement must be carefully shaped both in quantitative and qualitative terms to ensure overall balance and sustainability of the capital ­programme. Otherwise we are getting no return on investment.

I must reiterate, the military cannot address these issues in isolation. There is a need for coherence within government to ensure that all tools are used to fix any problem before it becomes a major threat to our nation, and to resolve it if it does.

We are a part of Team Canada and must work together. In truth, not all players on the team are as well prepared for the game. As a nation, however, we must look at this more seriously and ensure that all parts of the team we send abroad to support Canadian interests, have the capability to do so together, be they diplomats, economists, police, medical people, engineers, governance experts or military.

Q:How do you see Canada approaching our sovereignty claims in the North West passage? What do you see as threats to our security and their mitigation?

The Arctic is a very important issue for the country and I am pleased to see the increased attention being paid to it. Overall, I believe the sovereignty claims, especially issues like Hans Island, are minor. Even the Beaufort Sea claim disagreement with the U.S., I think is manageable. The Northwest Passage is, of course, not really a sovereignty issue but, rather, a definitional issue – whether it is an internal or international waterway.

The loss of ice cover does mean that we can expect a greater level of activity along our northern coast. For practical purposes, I don’t see a significant security threat to our North. However, increased activity will have consequences that we must be prepared to deal with. We have seen a rise in cruise ship and commercial ship activity, and we can expect that to continue. This will mean an increased probability of distressed or lost ships, an increased requirement for Coast Guard presence and a greater probability of the Canadian Forces receiving requests for assistance or search and rescue. This imposes upon us a greater demand for reliable communications and navigation ­situational awareness.

With the extreme distances and temperatures of the North, we must be capable and prepared to make rapid response to calls for help. The truth is, however, that Canada’s support infrastructure in the North is limited, and major events could exceed Coast Guard and CF rationed capacity. Clearly, contingencies for such emergencies must be foreseen in our strategy.

Canada has an integrated northern strategy which is focused on: exercising Canada’s Arctic sovereignty; protecting the North’s fragile environment; promoting economic and social development; and improving and devolving Northern governance.

We rely on National cooperation in the North, with Indian and Northern Affairs Canada (INAC) as the lead department, and all departments taking a collaborative approach. For its part, the Canadian Forces is working to: increase Arctic capability and capacity; build support infrastructure/logistics; obtain and use ice capable vessels and develop arctic expertise through exercises and training such as Operation NANOOK.

Internationally the country has long pursued a strategy of cooperation and collaboration as we work together with the other Arctic nations.

Key areas are information sharing, search and rescue agreements, Canada/U.S. agreements on shared ice-breaker use and international environmental cooperation in this fragile area. So, while there is much to do in the North, I believe this is an area where the approach is sound and should serve us well over the long term. The real problem, as always, is finding the resources necessary to meet the many challenges faced there.

Q: Non-state actors, such as major international crime syndicates and terrorist networks, pose great threats to our Security, be it in the realms of piracy, drug trade, cyber crime, weapons and people trafficking or nuclear blackmail. The Obama administra­tion has made overtures to reduce nuclear arsenals and to pursue non-proliferation, and is particularly concerned about Iran, North Korea and Pakistan nuclear weapons. It is very much engaged in thwarting drug cartels in Mexico and South America. How and what should Canada do to lessen the threat to our own security from these sources?

Wow! You have covered a great deal of ­territory. I think our global strategy must perforce consider an “all threats” approach. We must endeavour to structure our security systems and policies to allow the resources of the nation to be applied effectively and efficiently to counter them all.

This is a difficult undertaking, as each agency in the defence and security business has different roles and a different legislative basis. These result in a lack of sharing of information and cooperation on common threats, even though they both share the same broad objective of national security. We must work at minimizing and eliminating the barriers, recognizing that some will remain.

Cooperation with international partners is a key component. These threats, although some begin at home, are international in nature – where boundaries and sovereignty are meaningless – and we cannot address them on our own. However, by working together with other nations, by sharing information and coordinating responses to the specific threats, we can achieve much better outcomes and more effective use of resources. That, of course, is happening with such cooperation as Canadian police and our military and allied counterparts at home and abroad in Afghanistan and Haiti. We have to improve that, and ensure we are all on the same international team – ­ultimately to the benefit of Canada.

Q: In wrapping up, what do you see as key long term considerations for Canada?

I would like to remind FrontLine readers that, historically, Canada has been blessed with wealth and security – much of it due to our geographical position. However, given the changes in the world, neither can be assured over the long term.

With increased globalization, many of the problems in other parts of the world will increasingly wash up on our shores. This means that our approach to security at home must change and we need to achieve a much more effective and efficient security structure. We also need to work with other players on the international stage to deal effectively with the root causes and ­mitigate the threats we face.

We don’t face major imminent threats, but we need to start now to better prepare the nation for the inevitable challenges of a new era. This requires real leadership, both domestically and on the international stage, and people of vision to chart a course for our nation through some potentially difficult waters.

Clive Addy is the Executive Editor of FrontLine Security magazine.

Lieutenant-General (retired) Michael Jeffery is a Senior Research Fellow at the Canadian Defence & Foreign Affairs Institute. He also runs his own consulting business focusing on defence, security and strategic planning. Lt-Gen Jeffery retired form the Canadian Forces in 2003 following a 39-year career. He served as Chief of the Land Staff from 2000-2003.
© FrontLine Security 2010



Intelligence Public Safety
© 2010 FrontLine Security (Vol 5, No 2)

Actionable intelligence is the most needed tool that both law enforcement and national security policy makers must hone to combat the plethora of threats – from local gangs to the global crime syndicates. Biker gangs or street gangs are common, known threats to our communities. Although violence and property damage may seem like the extent of their reach, the financial networks into which they tap provide money laundering and racketeering opportunities that can elevate them into the same league as financial ­fraudsters such as Bernie Madoff.

A recent report by the Association of Certified Fraud Examiners, indicates that global annual fraud loss has reached an estimated 5% of commercial revenue, and small businesses are disproportionately victimized by fraud.

Fraud, Organized Crime and Terrorism
Serious invisible threats come from organized crime groups that cooperate with, and often include, international terrorists. They seek clandestine ways to obtain large sums of money and then feed that capital to organizations, like Al-Qaeda, that are committed to our extinction. The hidden nature of the threat cascades through the financial community and affects our overall security and safety. Done well, and many are, these threats engage everyone, whether you know it or not. Certainly not all international organized crime networks finance terrorism, but international terrorist organizations themselves engage in large-scale criminal activities, like drug and human trafficking, financial fraud, trade in contraband and other illegal activities in order to mobilize and deploy funds for their ­operations.

In terms of sophistication, the most ingenious form of organized crime may be tax evasion. American and European intelligence capabilities have been deployed to uncover massive tax evasion (in the billions) by their own citizens through Swiss and Lichtenstein banks. We are not immune from such criminal initiatives. Currently, these investigations are headed eastwards to Singapore and Hong Kong. Tax evasion is criminality on a massive scale, and Tax Intelligence (TAXINT) could become a valuable tool of government for tracing and uncovering these fiscal absconders. What’s more, TAXINT is cost-recoverable intelligence.

‘Fraud scheme,’ covers most if not all financial criminal activity that threatens us individually or collectively and implies deceit for gain. To be deceitful requires sophistication in planning and execution. All fraud schemes require clandestine activities such as hiding identity, method and motive. Fraud artists on any scale concoct believable stories. Therefore, short of imbuing all Canadians with an instinct to avoid fraudulent situations altogether, something needs to be done to allow law enforcement to detect, monitor, and interdict such organized criminal fraudsters.

In the last edition of FrontLine Security, Major Harold Bottoms argued for more leadership in the field of criminal intelligence. According to him, ‘Canada needs a new multi-faceted intelligence process designed to enhance the ability of local, provincial and federal criminal law enforcement and security agencies to identify, target, and remove threats and activities spanning multi-jurisdictional and, sometimes, international boundaries.’

This is a natural role for the Canadian Federal Government. The Finance department and regulators, CSE, CSIS, FINTRAC and the RCMP must cooperate, coordinate and share to produce valuable exploitable intelligence in a timely fashion. The time has ended for useless post facto finger pointing between stovepipe government bureaucracies in Royal Commission inquiries.

Intelligence is, by its very nature, a concept that works best through cooperation and sharing in a secure environment. The RCMP must cooperate with other law enforcement agencies and heed the advice of their peers. According to the 2008 report, Obstacles to an integrated, joint forces approach to organized crime enforcement – A Canadian case study by Stephen Schneider, ‘The walls that obstruct communication and cooperation between law enforcement and other government agencies in the fight against organized crime and terrorism must be torn down and replaced with institutions and commitments to a truly coordinated and strategic approach in order to better serve the public good.’

Protecting the community from organized crime or physical destruction would surely be enhanced through improved intelligence acquisition and sharing. The recent firebombing of a Royal Bank of Canada branch in Ottawa (because RBC supported the Olympics), is an example. Though the police captured the perpetrators through good use of intelligence, the fact that the incident was planned and executed by a group that had already been infiltrated by the police begs the question of why they had not been stopped or arrested earlier.

On a more dramatic scale, it is interesting to note that two of the worst terrorist attacks of our time – 9/11 and the Air India bombing might have been prevented with more effective intelligence exchange between government law enforcement agencies. In the case of 9/11, the CIA kept crucial information from the FBI. In Canada, according to the Report of the Air India Commission, CSIS withheld critical information from the RCMP.

Both terrorist disasters were financed by small amounts of money – about $10,000. Trying to catch terrorists by looking at the money trail alone in each case would have proved inadequate. As the Air India Commission stated, agencies should focus intelligence on determining how terrorists obtain their resources and then use this knowledge to defeat them through early detection and interdiction. For law enforcement to be effective against future terrorist threats, it must have secure systems to gather actionable intelligence that can be easily shared among agencies.

Applying Intelligence Beyond Law Enforcement
Public Safety Canada has recently shown itself to be able to make progress on substantive issues, including real program development assistance in the Emergency Management area. It has had recognized experts design and implement customized Emergency Management plans that all government departments must now implement.

Public Safety Canada (PSC) should expand its situational awareness responsibilities in its Federal Emergency Response Plan and ensure that it has a new, intelligence-driven mission plan to focus much of its operational mandate for public safety and national security. PSC needs to develop systems of intelligence gathering and processing that overlay each of the government departmental and PSC stovepipes and integrate its horizontal responsibilities for things like Critical Infrastructure (CI) and Emergency Management (EM). As a first step they should call in the experts to define a realistic aim and scope as was done for the Federal Emergency Management Plan.

In conjunction with such experts, PSC needs to determine what is reasonably accessible from public and private sector sources to apply against an emergency situation. Then, on a national level, the knowledge that comes from best practices and lessons learned experiences needs to be catalogued, made accessible and disseminated. Once the intelligence-based model has been developed, it can be adjusted to deliver the necessary information for all CI components and for all facets of all-hazards EM.

For community-based public safety programs to be designed and developed for maximum protection, a shared intelligence-driven focus will make our options clearer to all and solutions more easily accessed and readily achievable. For example, FrontLine Security has been following the initiative of the Canadian Association of Fire Chiefs called Partnership Towards Safer Communities. Public Safety Canada recently indicated support and contributory funding for this intelligence-oriented initiative. The PTSC-On-Line Project, as it is now being called, will use communities of EM groups to electronically share the elements of successful public safety measures and aid in standards development.

The PTSC On-Line Project is meant to become a self sustaining enterprise whereby all elements of the community share information, advice, tips, ideas, contacts, and any other feature that will add to the ability of the community to prevent, mitigate, respond to, or recover from a natural or man-made disaster.

Perhaps, at the end of the day, it is not too fantastical to think of a Canada where people are imbued with a better way of avoiding fraudulent situations altogether, because they are empowered to look after themselves and the government plays its proper role as enabler of the solution but does not aspire to be the sole and long term executor?

Edward R Myers is the Editor of FrontLine Security magazine.
© FrontLine Security 2010



Security Policy
© 2010 FrontLine Security (Vol 5, No 3)

Today’s changing and complex environment of national security and ­public safety has underlined the role that innovation plays in battling terrorism and mitigating the effects of large scale national disasters. The need for cooperation and the coordination of resources is required if the world is to be effective in battling sustained terrorist threats or to ­mitigate major disasters.

Police officers conduct roadside safety checks.

In Canada, the Auditor General (AG) has often criticized as inadequate our own efforts at national emergency management development. Last year, the AG released a report that indicated the money that was given to Public Safety Canada had gone mostly unspent. The result, as the report states, is that the department has been “unable to develop its capacity for emergency management.”

Since the AG’s Report, Public Safety Canada has released key documents in the areas of Emergency Management and Critical Infrastructure Protection. Plans have indeed been coming out since the Government passed the Emergency Management Act. Major policy and action plan documents, such as the Federal Policy for Emergency Management and the Federal Emergency Response Plan of March 2010, have been released. More recently, the department announced the National Strategy and Action Plan for Critical Infrastructure. This strategy proposes: “to establish sector networks, at the national level, for each of the critical infrastructure sectors. This approach will build […] upon existing coordination and consultation mechanisms, [while enabling] governments and critical infrastructure sectors to undertake the range of activities (e.g. risk assessments, plans to address risks, exercises) unique to each sector.”

Public Safety Network
One sector that needs more focus is the ­public safety network. This group encompasses heroic yet ordinary people who assist fellow citizens in all manner of hazards and emergencies. All responder groups – from fire, police, paramedic, and other municipal, provincial or federal security and emergency response personnel – are included in this sector. Safety and security planners and operators in ­public and private institutions, often described as Emergency Management (EM) or Business Continuity (BC) managers, also constitute an important part of this Public Safety sector. They deserve the support needed to excel at their jobs … for our good. Support and leadership should come from Government.

Canada’s national security depends greatly on federal level policy leadership and funded program development of EM. This leadership should define our strategic direction on important public safety policy and governance issues. The programs themselves should focus on developing security infrastructure, broadly defined. For true infrastructure security, policies should ensure that the necessary development programs are resilient, sustainable and easily funded.

The recent changes to policy formation elements related to the Emergency Management Act, announced by Public Safety Minister Vic Toews, are significant. The provisions deal with fundamental requirements for a resilient critical infrastructure by stressing standards and best practices. Parliament passed the Consolidation to The Emergency Management Act on 6 October 2010. Specifically, Section 3(o), the Act states:

“The Minister is responsible for exercising leadership relating to emergency management in Canada by coordinating, among government institutions and in cooperation with the provinces and other entities, emergency management activities…[by]… promoting a common approach to emergency management, including the adoption of standards and best practices.”

This is very significant to overall public safety in Canada. It means that we can become proactive and build resiliency as a systematic effort across government jurisdictions and private sector disciplines. It means being able and obliged to integrate necessary security solutions and protection systems within the very architecture of ­designated Critical Infrastructure.

Public Safety seems to be getting the point, but other key areas of our CIP strategy need to assist; Cyber Security, for example, is the purview of the Treasury Board Secretariat. Public Safety Minister Toews announced in October 2010 that TBS will support and strengthen cyber incident management capabilities across Government, through the development of policies, standards and assessment tools.

When we see national standards being recognized and deemed essential to long term success, we can rest assured that Canada’s approach to national security is maturing. When standards are applied, it becomes easier to develop and rely upon the required solutions and systems that may come into play should we face any disaster. With standards, we assure the systems being developed to ensure our safety will talk to each other. We are also reassured by the fact that the resultant operating procedures will have been developed with input from subject matter experts.

If we assume that Public Safety Canada is “getting it” with respect to policy development, are they also “getting it” with respect to programming? The answer here is a guarded “yes.” Minister Toews recently announced that the Partnership Towards Safer Communities (a program of the Canadian Association of Fire Chiefs), would be supported by the Department. This ties in the standards promotion for Emergency Management (policy), with development of on-line resources for professionals across Canada (program).

Standards are very important in developing resiliency in Critical Infrastructure. The vital interdependency related to the security of Canada’s 10 critical infrastructure components demands common standards for effective protection.

It is well known that 85% of Canada’s Critical Infrastructure is in the hands of ­private enterprise. The energy grid, the telecommunications networks, and the big banks are all a part of Canada’s CI foundation – and their interdependence is self-evident. But the fact is, large components of our CIP strategy are also in the hands of the Small and Medium Sized Enterprises (SME). It is therefore important to consider the SME role in CIP which, in turn, demands broadly adopted standards such as CSA Z1600 (see article by Ron Meyers). The same applies to some not-for-profit agencies that are beginning to follow similar procedures and standards on their own.

Cyber Clarity
Nowhere today is the requirement for standards and good governance more prevalent than in cyberspace. Appropriately enough, Public Safety Canada announced the Cyber Security Strategy on October 3rd of this year. We were hoping for something like the Chinese cyber offense strategy: “win victory before the first battle and do it with a borrowed sword.” Instead, we got another “framework” oriented directive with perhaps just a bit more bravado baked in: “With a subject as critical as cyber security, there is no room for ambiguity in terms of who does what. This Strategy sets out the required clarity.” Alas, the “clarity” part may be a bit of a stretch.

In view of recent threats, the Cyber Security Strategy is a key component to the work of emergency managers and business continuity professionals in all Critical Infrastructure components. Front-line workers in the public safety sector are highly dependent on technology – including communications technology – to excel at their jobs. They understand the benefits of ­standards-based procedures, and the need for the government to support them, both in learning and applying those standards. They also rightly expect that the Government will do the same in its own shop.

The Future
Based on the fact that the public safety sector in Canada is comprised of so many moving parts and overlapping responsibilities, applying and imposing standards like CSA Z1600 must form part of government policy. Public Safety Canada is now well ­positioned to build on its nascent efforts to partner with the other segments of the ­public safety community in order to achieve the resiliency and capability all Canadians and the Emergency Management and Business Continuity professionals expect and count on for their protection.

Ed Myers, FrontLine Editor.
© FrontLine Security 2011



Safe Communities: Alberta
© 2010 FrontLine Security (Vol 5, No 1)

If you talk to Alison Redford about what it takes to do her job as Alberta’s Attorney General, her answer isn’t what you would expect from the province’s top lawyer. Crime rates have eased since she was appointed in 2008 but Attorney General Redford would not attribute this success to any one development alone. And, she makes the point that getting tough on crime takes more than just getting tough – it takes getting smart.

Although Alberta has put lots more cops on the street, Minister Redford attributes a safer Alberta to a community based initiative called Safe Com, short for Alberta Safe Communities. More police are, in fact, a major component to the Safe Com initiative but they complement rather than dominate the overall strategy for community safety. Three hundred additional police officers over three years is matched by other community based initiatives. Together, the police/community interaction has, in fact, reduced crime rates. Moreover, because the program has a pay-back model attached, the investment should bring both safety and taxpayer cost benefits.

“When we took a long, hard look at crime prevention, we recognized that this isn’t something you can arrest your way out of,” says Redford. “Even the police will tell you that. You need to balance effective enforcement with prevention and intervention strategies.”

Alberta is entering its final year of implementation for its $468 million, three year experiment in providing Albertans with a safe environment within which to live. Justice Minister Redford is passionate about what’s happening with Safe Com. When she took over the Justice Minister’s office, she inherited the Safe Communities program which originally came into force in the fall of 2007. The multi-ministry approach brings together nine government departments, including Health and Wellness, Education and Children and Youth Services.

“I think collaboration is at the heart of Safe Com,” she says. “Every partner ministry brings their own expertise and best ­practices to the table and it’s allowing us to launch programs that address multiple risk factors.”

Safe Communities was conceived after touring the province to find out how Albertans felt about community safety and crime. “We found out how crime is impacting communities of all sizes. Albertans told us they’re concerned about drugs and violence and repeat offenders. They told us that something needed to be done before criminal activity starts to change the character of our province, and much of that activity involves drugs.”

Under the Safe Com umbrella, new laws have been implemented over the past two years. The Victims Restitution and Compensation Act allows for the seizure of property, vehicles and cash linked to criminal activity. The proceeds from the re-sale of the property supports crime victims. More than $11 million in property, including homes used for marijuana grow operations and so-called “dial-a-dope” delivery vehicles has been restrained under the new legislation. Albertans are also being empowered to clean up their neighbourhoods through the Safer Communities and Neighbourhoods Act, or SCAN. The law targets properties used for criminal activities such as drugs, gangs, and prostitution based on citizen reports. It also makes sure that property owners are held accountable for illegal activities regularly taking place on their property. SCAN promotes community safety by cleaning up properties that meet certain conditions that affect the healthy, comfort, safety or security of the neighbours. SCAN units have investigated more than 500 citizen complaints since launching, and a number of problem properties have even been shut down.

Safe Com and the Cops
For three budgets in a row, the Alberta Government has backed the increased manpower needed to bring effect to the spirit and letter of Safe Com. In each of these budgets, 100 additional police officers have been hired through the Solicitor General’s department, another Safe Com partner ministry. According to Minister Redford, “Our view of the need to back Safe Com with police personnel has been consistent from the outset. Continuity is very important and we cannot let down our guard! By ­supporting the police services and refusing to make them subject to annual budget cuts, even in economic downturns, we solidify our commitment to our most important constituency: the people of Alberta.”

It was important to Minister Redford that the rest of the traditional justice system in Alberta keep pace with the increase in police officers. As such, along with the peace officers, Alberta Justice hired 26 new Crown prosecutors and 41 support staff to help manage the increasing demands on the justice system and to improve court efficiency. Through Safe Com an additional 30 probation officers were hired to add to the 50 brought onboard last year. The notion here is that the added probation officials will be able to enhance the supervision of offenders released back into the community and hopefully the system will come together to provide sustained safety and security in Alberta’s growing communities.

The other aspect that is increasingly recognized as an important component to an effective safe communities program as well as an effective criminal justice system is the use of criminal intelligence. The Alberta Law Enforcement Response Teams (ALERT) initiative is a provincially funded project that integrates law enforcement and intelligence gathering units across the province for the sharing of information and reduction of duplication in the growing war against gangs and organized crime.

ALERT has 19 operational law enforcement units that are dedicated to:

  • Disrupting and dismantling organized crime networks, street-level gangs and the drug trade.
  • Tracking down on-line sexual predators who prowl the internet looking to sexually exploit children or trade in child pornography.
  • Working with other intelligence units to collect, evaluate, and disseminate vital information about organized crime.
  • Reducing and preventing domestic violence and stalking situations as well as providing court requested threat assessments and expert evidence.

Community Based Partnerships
Attorney General Redford knows that tougher law enforcement resources and programs like ALERT are required to match the resources, knowledge and networks of criminal gangs and other organized criminal elements. However, she also expresses great faith in the power of community partnerships in the pursuit of safety and security. “We are truly taking our lead from the communities themselves. The communities know what they need to do to address crime at the grassroots level. They just need the tools to do it.” Through the Safe Communities Innovation Fund (SCIF), $60 million has been earmarked for organizations that form partnerships with community agencies to prevent and address crime. The first year of the fund saw successful applicants launch projects to address domestic violence, addiction, youth at-risk and gang intervention. The next round of funded projects will be announced this spring. Minister Redford sees this early success as adding a key component to the overall mission of crime reduction province-wide. “Community engagement is what will drive Safe Com forward,” she says. “These SCIF projects are bringing together community groups to stand up and play active roles in preventing crime in their own backyards.”

Redford believes that in the past the government has been focused on the enforcement side only, and these new Safe Com initiatives represent a fundamental change in thinking. “The work that we’re doing around supporting programs to help with addiction services, mentoring and family violence are just as important to us as the law enforcement part,” Redford says.

“Take, for example, the Community Solution to Gang Violence and the Native Counselling Services organization. These two groups work together to address root causes of gang violence like a lack of education or the lack of good relationships. These joint efforts bring real, meaningful change to the community that results in fewer incidents of violence and property crime.”

The need for partnerships is increasingly critical as it is clearly evident that one agency or one branch of government can neither have all the answers nor provide all the solutions. “The root causes and the solutions to community crime are vested in the community itself and there’s only so much the justice system can do.” admits Minister Redford. “What we have tried to do in Alberta is to bring the notions of belonging and responsibility together. By providing a sense of connectedness and belonging in youth, for example, they are much less likely to be attracted to gangs for friendship and support. At the same time, we hold these same people and their parents and neighbours responsible for making sure that their living environment does not become a breeding ground for gang and criminal behaviour.”

“Our partnerships within the Alberta Government itself – in all there are nine government ministries, police, community groups, municipalities, businesses and social agencies in the deal – are working very well. Everyone believes in the power of the partnerships and sees these collaborations as key to the long term success of Safe Com.” The Attorney General goes on to explain that “Alberta’s Safe Communities Initiative works to address the consequences - the impact – that crime is having on our communities. But it goes further and seeks out meaningful, long-term solutions. Certainly there is no easy fix when it comes to reducing crime and preserving the safety of our communities. However, I am convinced that through cooperation, community innovation and our sustained commitment, we can improve the safety of Alberta communities year over year.”

Spreading the Benefits
Attorney General Redford believes that the Safe Com initiative is truly an evolutionary development in the pursuit of a safe and secure Alberta. “People now understand in the last 30 years we have not really dealt with punishment and enforcement as well as we should have,” says Redford. “People want consequences to be severe and they should be severe. Communities don’t want anyone to think they can get away with anything.”

Complacency is certainly not an option for Redford. “There are a lot of serious issues around gang activity, organized crime and other activities that threaten our communities. I believe that what we have with the Safe Com program is a holistic approach where community members and groups see themselves as involved individually and in partnership with other individuals and organizations with like minded aspirations for the future.”

Attorney General Redford talked to FrontLine about how the investment that Alberta made in Safe Com was returning dividends. Crime rates have been dropping and community awareness and vigilance have become side benefits that will get Alberta to where it needs to be in terms of public safety and security. This may, in fact, be the key element to the success of Safe Com in Alberta and ultimately in the rest of the country. If Safe Com can reach its goals and not be a burden on the taxpayer, why can’t it work in all provinces and territories?

As with just about any other place in Canada, the face of crime in Alberta is often drug related, and drug crime breeds violence. The Alberta Victims Restitution and Compensation Payment Act allows the courts to seize property, like vehicles and weapons, which have been used to commit crime. The Act will also be used to compensate victims as well as to disrupt the business of organized crime. This legislation also promises to be effective in allowing police agencies across Alberta to target dangerous property for removal from the community.  This property usually involves vehicles that are used to commit crime or homes that are used to grow marijuana or make crystal meth. The proceeds from the forfeited property will be used to repair losses and injuries suffered by victims.

Minister Redford is anxious to communicate Alberta’s Safe Communities Initiative successes with the rest of Canada. Partly she has done this at meetings of provincial Attorneys General.  More proactively yet, Minister Redford has held consultations with the Alberta Chiefs of Police Association and with the Canadian Association of Chiefs of Police.  She is indeed passionate about safe communities and about every individual or organization that shares her commitment to the cause.

Edward R. Myers, Editor, FrontLine Security
© FrontLine Security 2010



Cyber Security Leadership
© 2010 FrontLine Security (Vol 5, No 2)

Since that time, then Senator has indeed become President Obama and has launched (in March) the National Cybersecurity Initiative with a $40 billion budget.

William J. Lynn III
Deputy Director of Defense

"The reality is that we cannot defend our networks by ourselves. We need a shared defense.

"In the cyber world, the speed of attacks will require even swifter and more coordinated responses.

"Aircraft can cross the ocean in hours. Missiles in minutes. But cyber attacks strike in miliseconds. Cyber also disregards traditional notions of sovereignty. For the most part cyber traffic crosses boarders freely.

"In the cyber arena, knowing who your adversary is, and what they've done, is a key part of mounting an effective response. Yet determining where an intrusion originates is imperative for establishing the chain of events in an intrusion, and for quickly and decisively responding."

Last December, Howard A. Schmidt, a veteran of computer security and law enforcement, was appointed as his Cyber Czar. Schmidt, the former chief security officer at Microsoft Corp, played a key role in drafting the 2003 report, National Strategy to Secure Cyberspace. On leaving the Bush administration, he was quoted as saying: “While significant progress has been made, there still is much to do. It is the role of industry to take the lead in the implementation of the strategy and the creation of the mosaic of security. [Accomplishing] this will require real-time solutions, not just reports and plans that take years to implement [and] have limited value in dealing with the tremendous vulnerabilities that exist here and now. Each sector, each enterprise, each company and each user must do their part to secure their piece of cyberspace.”

In keeping with the scope of this security challenge and the U.S. leadership’s sense of its importance and urgency, U.S. Deputy Director of Defense, William J. Lynn III, conducted a two-day visit to Canada with counterparts at CSE, Public Safety, and DND. He also made a presentation to the public and the press, sponsored by the Conference of Defense Associations Institute.

Mr Lynn was direct in his public presentation. He stated, in the “tradition of defense cooperation begun by Mackenzie King and Franklin Delano Roosevelt,” that “one of the most challenging asymmetric threats is what brings me to Canada – the cyber threat to our national and economic security. For most of our history, we have relied upon the great oceans that surround us to shield us from attack. However, our natural geographic defenses are of no use against cyber attacks. The internet can transport malicious code twice around the globe faster than the blink of an eye. Our networks can fall prey to an attack in an instant.”

Mr Lynn is concerned that intrusions are growing more frequent. “More than 100 foreign intelligence organizations are trying to hack into U.S. systems,” he said. “Foreign militaries are developing offensive cyber capabilities, and some governments already have the capacity to disrupt elements of the U.S. information infrastructure.”

Even Senator Obama was not spared when, during his presidential campaign in 2008, hackers gained access to campaign files of Barack Obama. Policy papers, travel plans, and sensitive emails were compromised. Mr. Lynn referred to some strategic adjustments they were making that ­followed from the Quadrennial Defense Review, which was completed this spring with the active participation of a representative from the Canadian Department of National Defense… “first, our militaries need to respond to both high-end and low-end threats… second, we must shift some resources from longer-range scenarios, looking out a decade or more, to the fights that we face today… third, moving to reduce the stress on our forces.”

Specifically on the topic of Cyber Security, he went on to observe that: “like the long history of our cooperation in border defense, we have a similar interest in protecting our networks. Doing so will also require a similar partnership. But, in the cyber world, the speed of attacks will require even swifter and more coordinated response.”

The reasons for stepping up our cyber response are clear, suggests Mr Lynne. ­”Aircraft can cross the ocean in hours. Missiles in minutes. But cyber attacks strike in milliseconds. Cyber also disregards traditional notions of sovereignty. For the most part, cyber traffic crosses boarders freely. And in the cyber arena, knowing who your adversary is, and what they’ve done, is a key part of mounting an effective response. Yet determining where an intrusion originates from, and who is responsible, are among the most difficult challenges we face. Put simply, international cooperation is imperative for establishing the chain of events in an intrusion, and for quickly and decisively responding. The reality is that we cannot defend our networks by ourselves. We need a shared defense.”

In a subsequent session, Deputy Secretary Lynn agreed to answer questions from selected media. FrontLine was there.

Q1 It has been suggested that some new structure, like or including NORAD or the Permanent Joint Board on Defense, might be models for what we might seek jointly, but there are also some serious new players… our own key private industries own and operate much of our mutual critical infrastructure (com­munica­tions, power and financial infra­structures are largely privately owned). What is your vision of the scope and process to achieve this bilateral cyber security body that you seek with Canada?

Mr Lynn: I think there are three lines to answer your question; One, we are looking to integrate the Permanent Joint Board on Defense in this matter. We are in fact wishing to strengthen the present U.S./ Canadian alliance. The PJBD is an important part of this partnership and should be part of this solution going forward, particularly as a forum in matters of critical infrastructure.

Secondly, we are looking to strengthen the relationships in a particular way with Critical Infrastructure with our four departments – our DOD and DHS and your DND and Public Safety. The four of us need to work through these important critical infrastructure issues so that we share more. The U.S./Canada alliance is different in that we share much more of this critical infrastructure… we really do need a collaborative joint approach in the public and private domain.

Third, refers to my specific mission here in examining how we can increase our partnership on cyber security. I think this is more of a high level experts’ exchange. This would be less of a permanent thing unlike the PJBD. We must mutually identify the various policy issues, legal framework concerns and extend our already fruitful technical exchanges and do so on an agreed basis.

Q2  We look at what you have done in creating Cyber Command, yet what Canada has done appears only to have been a re-announcement – for the third time – that we will be getting a Cyber Strategy. What deficiencies do you see insofar as what Canada needs to do to face this growing threat?

Mr. Lynn: Both the U.S. and Canada face a similar threat from similar sources in the cyber arena, so I think that there is also a mutual need for urgency.

A critical part of how we succeed in facing this security challenge is how we work with our allies. We are particularly focused on our closest allies; we have talked to the UK and Australia and are engaging with Canada. We will probably work out to the larger NATO audiences as we progress, but both the geography and the closeness of the alliance with Canada makes Canada a particularly important partner.

We are initiating a group to look at the power grid and we are looking at a cyber security policy group; these are the kind of things that we would want to do. We are not announcing something today, but I think this is the pathway we must follow. We also find it useful to have an ally attend our deliberations, (as happened for the QDR) since we all know that when you just read the report you miss the debate of options and factors discussed and do not get an organic understanding of a strategy and why it is there. It helps to communicate and better understand when you attend. It increases trust for all. We have found it very valuable to have allies participate in this.

Q3  You mentioned the legal policy and framework discussions. Would you, for instance, sit down with Canada and determine what constitutes a cyber attack and what retaliation it would need if any?

Mr. Lynn: I think that each country will have to address this within its own particular legal structure, but there are also international norms that apply here and the laws of war are, frankly, imperfect when you look at Cyber Security – so how do you adapt them and have appropriate constraints on roles and processes? Therefore, discussion on how we interact between allies is vital. It is something that we agree needs discussion.

Q4  When you talk to allies, you both know there are some nation states and other non-state actors who have the means to conduct cyber attacks… and you have also that capability, as do some allies. Will your discussions encompass both defensive and offensive measures?

Mr. Lynn: One of the most difficult issues in the cyber world is the whole concept of deterrence. In the nuclear arena where much of the literature on deterrence evolved, there were certain things that you had, that do not so clearly exist in the Cyber world. One is attribution. Missiles come with a return address and you pretty much know who wants to do you harm. In cyber it is very, very difficult and even when you can, it may take months. Similarly, it is not even clear what constitutes or is an attack. Is the theft of data an attack? Is shutting down certain web sites an attack? If you get the loss of life and huge economic damage, people will pretty much agree, but there is a whole spectrum that makes it hard to be precise and consistent. If you are unsure it is an attack and cannot clearly attribute it… then who do you go after? As well, people get focused on high end threats with nation states, but this is a capability that can be developed by non-state actors with a smaller resource footprint. Terrorists… criminals can do it, and possess already some pretty sophisticated cyber capabilities. Deterrence is based on threatening a person having something at risk that he is unprepared to lose. Those non-state actors may not have such ‘things,’ and all of that changes the parameters of deterrence. This is part of what must be discussed with our allies and friends. How do we adapt our notions of deterrence to the Cyber world? What are the risks and costs of cyber security and how do we determine methods and means to protect our networks without undermining the businesses involved or, worse, losing lives.

I thank Mr Lynn for his time and efforts during his visit. We urge our own government to treat these active, complex and very real security threats with the urgency they deserve.

A recent CBS 60 Minutes special on Cyber Security (13 Jun 10) made reference to major disruptions of infrastructure power, water distribution, financial and banking systems, major black outs in Brazil in 2005 and 2007, and major interference in 2009 including a breach and viewing of deliberations at US Central Command HQ. As well, it reported that more than $100 million was stolen through the internet this year. Let us not forget the well known Estonian and Georgian cyber attacks by Russia.

FrontLine Security continues to monitor Canada’s progress in this pervasive cyber domain, and finds us sadly wanting in ­leadership. Oh… Canada!

© FrontLine Security 2010



Vic Toews
Moving Forward at Public Safety
© 2010 FrontLine Security (Vol 5, No 3)

This year has been very productive at the Department of Public Safety, from both the legislative and policy implementation points of view. As well, there has been a greater degree of coordination and integration with our U.S. neighbour in many security domains.

Minister Vic Toews delivers a speech at the CentrePort Construction milestones event in Winnipeg, June 18, 2010.

From Border and Anti-terrorism initiatives, through the complex, much-needed, but often-delayed work of collaboration on Critical Infrastructure protection, to the addressing of the emerging risks of Cyber threats to our ­government and infrastructure, much has moved forward since last Fall. In an interview with Executive Editor Clive Addy, ­Minister Vic Toews addresses these issues and points out how they make Canadians safer and where the challenges remain.

Minister Toews, my first question deals with joint border initiatives with the U.S. that seem to have progressed quite well over the last year. Can you share with our readers your perspective on the scope, goals and recent achievements in Canada/U.S. cooperation along our common border as you see them, as well as the challenges that lie ahead?

It is interesting that you frame the question that way since, in the way that we did for NORAD a generation or two ago, we are approaching these issues from a continental perspective. Secretary Napolitano, the Director of the U.S. Department of Homeland Security, has been very forthcoming. I have known Secretary Napolitano since we were attorneys general in our respective state and provincial governments. I find her very open and easy to deal with, and very forthright in respect of the American expectation that security issues must be addressed if we want to see the mutually beneficial trade relationship continue.

Secretary Napolitano, the Director of the U.S. Department of Homeland Security, has been very  forthcoming . . . I find her very open and easy to deal with, and very forthright in respect of the American expectation that security issues must be addressed if we want to see the mutually beneficial trade relationship continue.

In order to pursue this, we have looked at a number of initiatives. We have taken the Shiprider program, from a pilot project of joint policing of our Great Lakes, and used it in the context of the Vancouver Olympics. We are now bringing it forward in legislation as a permanent program. It has been extremely successful. I see that project as a key determinant of how else we can cooperate along the borders. This could go to such measures as shared facilities, joint and integrated operations and all of those issues. As I have often said to the Americans: “If we can make it work on water, why can’t we do it on land as well?”

We’ve initiated discussions with them on such things as the border crossing at Cornwall. Given the difficulties encountered there, we have determined that there are only two real options. Either we shut down the border at that point, or we develop some joint border solution with the Americans. They have been extremely receptive and propose opening a joint facility at Massena New York. Those discussions are occurring right now. We believe that these sort of joint operations will ensure that borders continue to allow the free flow of legitimate goods, services and people, while still protecting us against criminal elements.

We have signed agreements, for example the recent Money Laundering Agreement, where we share information on the seizure of money and all other intelligence that goes along with that.

The other point that you raised is moving the threat further away from Canada. The challenge is in developing joint criteria that will assist us in identifying those threats and screening cargo and passenger planes or ships, so that once someone moves into our airspace or waters, the Americans also know that we have followed a rigorous process of screening that meets our mutual concerns and allows access or denial to both countries. It is vital that we both achieve that mutual satisfaction with the screening of either.

What has happened with the development of these and other initiatives with our neighbours, is that I have seen, already, a very different attitude of the Americans toward us on security. When we compare the reaction to us in respect of the 2009 Christmas Day bomber with the recent Yemeni situation, the improvement is astonishing. They were on the phone to us immediately; our operational people were apprised minute by minute; our jet fighters from DND were scrambled; we boarded the planes and worked hand in glove with the U.S. on this issue. Most importantly, there was no negative reaction at the ­border. Things did not slow down as had happened in the past when the Christmas Day bomber failed in that very serious attempt to blow up that passenger plane.

On the same issue, Transport Canada initiated certain measures as a result of the Yemeni situation, such as the banning of some cargo emanating from Yemen, and we have taken other steps that essentially parallel those of the U.S.

This is important and emphasizes my point that we want to walk closely with the Americans and mirror their actions and methods so they can be confident that we, like they, take these security issues very seriously. There is more work ahead.

On the issue of Critical Infras­truc­ture security, I applaud the initiative with U.S. Secretary Napolitano and the Critical Infrastructure Action Plan 2010 resulting in an Emergency Management Consultative Group. This is a great step forward, and coherent with the 2009 Critical Infrastructure Strategy you released in late 2009, entitled Build Partnerships. Milestones have been set over the next 3 years, but could you share with us your sense of the working relationship with your Homeland Security counter­part? What are the key mutual challenges – with respect to industry and the provinces/states – to make this a truly useful and credible strategy?

What we have done with the Americans in signing this document on a political critical infrastructure agreement, is essentially to extend the relationship that the federal government has had over the past decade and continues to develop with the provinces, municipal authorities, and private industry, which led to the announcement in May 2010. We now have a coordinated program across Canada in order to protect our Critical Infrastructure. So, essentially, when we signed on with the U.S. on this agreement, we are applying the same principles that we apply with the provinces, municipalities and businesses here in Canada. We identify sectors jointly, we develop plans to help prevent an accident from becoming a disaster, assess and address risks – in all domains of Critical Infrastructure. The approach then is a very integrated one in identifying risks and developing strategies to deal with possible interruptions in critical infrastructure, be they in pipelines, power or other sectors.

On the matter that you mentioned of a National Security Advisor as proposed by Mr. Justice Major in the Air India Inquiry, might I first say that I am quite pleased with the appointment of Mr. Stephen Rigby to be the National Security Advisor to the Prime Minister. He was, of course, the President of the CBSA and has just moved into this new appointment. I am impressed with his ability and he has worked very closely with me recently in terms of working with the Americans to identify security risks in the context of the American Border Services and our own CBSA. On the matter of whether we need take any legislative steps beyond the legislation that presently exists, I am not sure that will necessarily be crucial. At this point, I have not seen any great demand for that type of legislation.

Following the recent visit of the U.S. Deputy Secretary of Defence, William J. Lynn, on the issue of cyber security, as well as your recent visit with DHS Secretary Napolitano, and the fact your department and other agencies recently partook in U.S. Exercise Cyber War III, what challenges do you see for Cyber Security?

We are making pretty significant progress in this particular national security strategy. This is something that we, as technologically advanced nations, need to address. One of the things that became very clear to me in my discussions with the Americans was just how very vulnerable we are, as technologically dependent nations, to that type of threat of Cyber War. To this end, I recommend Richard Clark’s Cyber Wars. It is a great book from a layman’s point of view as to how an economy can be crippled in cyber space and even worse. That was very helpful to my understanding the scope of challenges we face. Take for example the recent attack on the Iranian nuclear facility where it was essentially disabled and set back 2 or 3 years by cyber means. I do not want to go into any details but it indicates how even the most sophisticated and powerful weapons and facilities are vulnerable and at risk to cyber attack. Add to this the difficulty in determining just who the attacker is. Thus we need and have a national level strategy. But on the local and individual level, the internet has also become an invaluable tool to so much of our industrial, government, social and economic life. So on a national level, we will invest in securing government of Canada systems as well as partnering with other governments and industry to ensure that we protect our vital systems and infrastructure. We also will be boosting education at the individual level to ensure citizens keep their personal information safe.

There are concerns about how our critical infrastructure systems have developed and are now vulnerable to cyber manipulation and attack. Our strategy is intended to address the ways and means to tighten up our controls. For example, is it necessary to have so many portals as points of entry into government information and critical industry systems? Should we be ­limiting it since the greater the number of portals, the greater our vulnerability to attacks? How many are really needed and how do we buttress these? That is one of many governmental system challenges.

Cyber security is a very complex and rapidly evolving realm that is with us daily. The threats are personal, structural, economic, criminal, and military. We are working on all.  

Executive Editor Clive Addy thanks Minister Vic Toews for talking with FrontLine.
© FrontLine Security 2011



Securing Global Projects for Canadian Companies
© 2010 FrontLine Security (Vol 5, No 1)

The security industries’ supply chains have evolved over the past decade to include various subcontractors or specialized resources that help you bring your products to market. When looking at the bigger picture, your supply chain has grown to encompass other organizations that add value to your products. These partnerships form your value network and can include research laboratories, universities, testing facilities, clients, and government. All of these partners play a role in your success.

One such partner is the Canadian Commercial Corporation (CCC), the Government of Canada’s international contracting and procurement agency. Through its over 60 years experience in the aerospace, defense and security industries, CCC is positioned to assist Canadian companies in identifying and securing opportunities in markets around the globe.

Tom DeWolf, Director of Business Development, Defence Procurement at CCC explains that “through our knowledge of the Canadian industrial base and our long-standing contacts worldwide, we are able to move projects forward and ensure the best possible terms and conditions for all those involved in a government to government contract.” CCC has worked with many Canadian firms active in the security industries, be they large companies or SMEs, such as Ultra Electronics and ­Canadian Bank Note.

Your value network can include companies that have large contracts with other governments that may need your expertise or government organizations like the Department of Foreign Affairs’ Trade Commissioner Service (TCS) or Export Development Canada (EDC) – part of the Government of Canada’s International Trade Portfolio, alongside the Canadian Commercial Corporation. By tapping into a growing network of resources, you will increase your potential to participate in global opportunities.

© FrontLine Security 2010



Keeping it Real
© 2010 FrontLine Security (Vol 5, No 2)

The Scenario
You walk into a store and hand the cashier a $20 bill in exchange for some groceries. The cashier takes your note and looks at it, and then tells you, 'Sorry, I'll need another $20. I think this one's a fake.'

Perhaps you'll blush, especially if there are other people in line, now beginning to give you subtle looks heavy in meaning. You might also feel confused because you thought your money was good. But if you had checked all your cash, immediately after accepting it from an ATM or some other person, you wouldn't be in this -situation.

Did You Know?
According to the Royal Canadian Mounted Police (RCMP), criminals passed on $3.4 million in fake money in 2009. Given that there's over $50 billion worth of real cash in the wallets and tills of this nation, that may not seem like much. But consider this:

Cash Tip
Older notes (ones without the metallic stripes) are less secure than newer ones. Only accept older bills if you know how to check them.
A Job for the Bank of Canada
The Bank of Canada is always working to improve the security features of our bills. In fact, the Bank will be releasing a new series of polymer notes starting in 2011 to keep us all a few steps ahead of fraudsters. The Bank also works with retailers, the police, and your local banks to fight fake cash.

A Job for You Too
Don't forget to check your cash. Canada's most recent bills (the ones with metallic stripes) have security features you can touch and see in seconds. In the above scenario, a few seconds to check with just your eyes and fingers would have saved you valuable money. Those two senses work way better than any machine out there!

Here's how to check the security features in Canadian money:
So what do you do if you suspect that someone's trying to hand you a fake bill? Refuse it and ask for another one.

What if you discover your cash is no good when trying to spend it? Unfortunately, the Bank of Canada will not exchange a phoney bill with a real one. That's how we make sure fraudsters aren't rewarded.

It's better to hand the suspect note to the local police. They'll send it to a special division of the RCMP to formally determine if it's fake or real. Real money will be returned to you. Whatever you decide to do, don't try to spend cash that you suspect is fake. It's a crime to knowingly do so.

Cash is a convenient way to pay for what you buy. Just remember to check all notes before accepting them, so we can keep our cash real.

For more information and free training tools, contact:bankofcanada.ca/en/banknotes
education@bankofcanada.ca, 1 888 513-8212
© FrontLine Security 2010



Hugh Segal
Whither Anti-Terrorism
© 2010 FrontLine Security (Vol 5, No 3)

Canadians, generally, are concerned about the threat of ­terrorist activities. With the potential return of Omar Kadhr, the recent sentencing of a Toronto 18 member, and other events around the world, most realize that we are not immune to “home grown” terrorism. Executive Editor Clive Addy sat down with Senator Hugh Segal, Chair of the Special Committee of the Senate of Canada on Anti-­Terrorism, to provide FrontLine readers with a perspective on the developments in Canadian anti-terrorism legislation and international cooperation, and other key concerns and happenings within that Committee.

Senator Hugh Segal.

Q: Senator, how is the Special Committee dealing with anti-terrorism, and what measures might help to reduce radicalization in our ­neo-Canadian communities?

We have now had five sessions devoted exclusively to “home-grown terrorism.” Security agencies and academics from across Canada have testified, and we will also hear from British academics who have advised the UK government on the terrorism issue. We heard from major police forces from Vancouver, Montreal and Toronto with respect to their activities in these areas. Two or three key points are emerging. The first is that we are on a learning curve as a western democratic society about “home-grown terrorism.” We seek to define what produces a shift to radicalization and then what produces another shift from radicalization to violence. That is the bad news. The good news is that much of the learning and lessons in this domain are being shared constructively between the British, American and Canadian intelligence authorities; between our various academics and police forces; and between our respective security services (CSIS and others). What that is producing now are profiles, not as to ethnicity, but profiles as to behaviour.

We have also heard from representatives of the Islamic community, including from one young Imam who has a multi-staged de-radicalization process which he has spread to 50 mosques across Canada. The community, as loyal Canadians in supporting the process, seems constructively engaged. I would say we are 100 yards ahead on this issue from the time when the Toronto 18 were arrested. We are certainly farther ahead than the British were when the Tube bombings occurred. Moreover, the sharing of information in volume and between numerous agencies is very intense and, as your readers would know, the Integrated Threat Assessment Centre, up and running now for some years, has quite a substantive network of both intelligence and threat assessment sources right across the country that is of immense assistance to our police, in a prophylactic way.

In Canada, traditionally, our activities have been divided between that of gathering evidence for the purposes of prosecution and putting people in jail through our justice system. And such intelligence gathering is about obtaining information on a prophylactic basis to prevent bad things from happening. Part of our challenge, under the Charter of Rights and Freedoms, is that, when you gather evidence for the purposes of court proceedings, you must disclose all information to counsel for the other side. When you gather intelligence on a prophylactic basis, that is for the purpose of planning activities (some of which fall in the category of “lawful disruption” to keep bad things from happening), the great challenge is in managing that balance, and in being able to share that information between agencies in support of a common goal. We are currently assessing these challenges.

Q:Mr. Justice Major’s recom­mendations in the Air India Inquiry indicate that much needs to be done about effective and timely anti-terrorist information sharing among authorities. What are the Committee’s view on this, and on the appointment of a National Security Advisor as coordinator and enforcer of timely collaboration among various agencies?

Let me share with you what the police forces of Montreal, Vancouver and Toronto said to us at the most senior level just this week, and it was very, very clear. In their view, we lack a firm statutory base, namely a law that forces all organizations that come into the possession of important evidence to transfer it to some central processing point on a timely basis, and they are very much in favour of such a law.

When we asked specifically: “What do you feel about Mr. Justice Major’ s recommendation with respect to a Senior Security Czar with a statutory authority to have access to that data, and to make sure that it is shared on a timely basis?” All, including our friends from Quebec, were very much in support of the need for that kind of structure.

I have a very high regard for Madame Morin who is just finishing her term as the Senior Advisor in the National Security position in the Privy Council Office (a DM position in the PCO). She is, I believe, now going on to serve Canada at the World Bank. But, that position is not statutory, it is an appointment under the Executive Council Act, and while she was the “Clearing House” and put the information together to pass to the Clerk of the Privy Council (and she was double-hatted as deputy clerk with deputy clerk duties) for the Prime ­Minister, she did not have the statutory capacity to force organizations to share information with her or with each other, on a timely basis.

I am sure a lot of that sharing takes place now, because of a common will to do the right thing, but those big city police and security forces that appeared before us were very much of the view that there needs to be a statutory base for that sharing and for the role of the National Security Advisor.

Though the Committee has yet to opine on the matter, and it is one of the issues we will be considering. Testimony from these experts very strongly supports the proposition of a statutory piece for timely exchange of information and a statutory role for a National Security Advisor which is very consistent with Mr. Justice Major’s recommendation.

Q:Recent comments from your committee on the proposed Bill S-7, an Act to deter terrorism and to amend the State Immunity Act, legislation that would establish a list of terrorist states is most interesting. Can you provide our readers with the scope and progress of this proposed legislation?

The good news is that on 16 November, Bill S-7 received Senate approval – with the amendments that had been largely proposed by our Committee. That means that the government, as the original draft suggested, can no longer wait before producing a list of nations that are supporting terrorists around the world. They must now do that in a fixed period of time, but we no longer remove the right of a plaintiff to get compensation should the government of the day remove the defendant terrorism-sponsoring country that has been sued successfully under this act. If a state is on the list when the suit starts and is found culpable in an open court system, it is required to make the compensation payments ordered. In this sense, we have a very strong bill and it has now passed the Senate and is going to the House of Commons. I hope that it is dealt there with speed so that we get this in the courts. I believe there will be numerous plaintiffs relatively soon who will seek compensation from countries like Iran, and perhaps some others. I feel these persons will make substantial claims under our adversarial system.

I am glad that it has passed the Senate because it keeps the Prime Minister’s promise on this and now it is up to the House of Commons which, hopefully, will pass it expeditiously before they rise this June.

Q:Our national counter terrorist intelligence community has gained a lot in working with allies in and around the “question” of Afghanistan. Can you reflect on the recent change in government policy there and the potential need to maintain and improve upon the Canadian intelligence community’s skills and links as we change our involvement there and beyond?

First, let me say that I am delighted with the Prime Minister’s decision and that of the government to transition our Forces to a training mission. As you know, Canadians from the PPCLI deployed with the Americans in the first serious assaults on the ­Taliban heartland after 2001; then, when Kandahar needed stabilization and protection during the Loya Jurga’s and the ­elections process, Canadian troops were there doing a superb job. Later, when the most difficult part of that country had to be addressed because of a burgeoning insurgency in Kandahar province, Canadians deployed and held the fort with modest forces of about 2,300 to 2,800 in a way that gave NATO time to recalibrate.

We then sent our Task Force, headed by John Manley, to make solid recommendations about the task and our forces. Increased helicopter capacity and other encouraging improvements were put in place shortly after the Task Force returned.

The fact that the next strategic goal for the stabilization of Afghanistan, and the departure of NATO Forces in a timely way over the next few years, is the training of the Afghan Security Forces (both military and police plus continuing development activity), speaks to a whole and broad mission through which Canada will have ­discharged itself quite responsibly and ­effectively.

That being said, there is no question that exposure on the ground to different forces that represent Al-Qaeda, the Taliban, and even war lords in Afghanistan has been of great value with respect to intelligence.

While our Committee never talks about operational matters, the notion that there may have been Special Forces and other security and intelligence forces engaged with our armed forces in Afghanistan, has provided a depth of expertise and collaboration as well as technical potential for our own intelligence operatives, military and otherwise. Outside of Canada, learnings are always of value.

We have large ex-patriot communities – a large North African Community, for example, in Montreal and a large Tamil community in Toronto, made up of hard working and valuable citizens. Within these communities, there are often new arrivals that are largely extremely hard-working and loyal Canadians, making a wonderful contribution to our society. But, there are, within those groups, a few individuals who are still connected to a “jihadi” or more direct action view of the world that is inconsistent with Canadian laws and values. It is clearly important for us to maintain, on a covert basis, the intelligence nets necessary to ensure that our security services and police forces have the capacity, not only to arrest those that may be conspiring in an “un-Canadian” approach to political problems, but also to lawfully disrupt them before they do.

It is general knowledge in the security community that the “Toronto 18” was not the first network that had been uncovered by security services through some measure of surveillance. The first networks were rendered useless through lawful disruption of their activities which saw those networks neutralized before harm could be done. So we need a mix of both.

We need a real intelligence capacity, and this is the time to be giving CSIS more resources. It is also important that sister organizations like the defence intelligence services, intelligence groups that act with provincial police authorities and those of the federal police force have a way to pull their information together to be capable of acting disruptively.

We have some very good examples of this in the preparation for the G20 and the G8 as well as the Olympics. There were four levels operating on a daily basis sharing information on potential areas of difficulties (for which response plans had to be made), and defining areas where prophylactic engagement was appropriate. It is important that we maintain those horizontal ­linkages as robustly as possible. If we fail to do so we will be letting down our guard, and I think Canadians have a right to expect that that is not what transpires – and that is the basis of our Committee.  

Executive Editor Clive Addy thanks Senator Hugh Segal for talking with FrontLine.
© FrontLine Security 2010



Cyber: Your Digital Shadow
© 2010 FrontLine Security (Vol 5, No 1)

Have you thought about your “digital shadow” recently? Whether you’ve thought about it or not, yours is probably growing. Unless you were born in a barn and live off the land, it’s hard not to have a digital footprint these days.

The term digital shadow refers to the trail of online information created about you – and by you – without your explicit intent, as you use the Internet. But calling it a shadow can be very misleading, given its visibility to others, even when you’re not aware of it.

Your digital shadow is more like a set of “online annotated fingerprints.” Much more than basic account information can be learned about you from databases, thanks to all the additional data that gets associated with your identity. It’s easier than you might think to connect the dots and build a picture of your life and actions.

Leveraging Available Location Data
Consider your use of cell phones. Depending on your phone’s features, your location can be pinpointed to within a few metres using triangulation with cell phone towers or GPS. The phone companies certainly have the technology to constantly track your physical movements. What prevents them from using your location information (or abusing it) without your knowledge? Basically, the answer is privacy policies and their enforcement. Do you know what the phone company is doing with your location information right now?

You may feel that you have nothing to hide, and it doesn’t really concern you much if others have information about your location. But it’s a slippery slope. While we can all think of how location information could be useful in locating a fugitive, or finding victims of an accident, there is a wide range of scenarios that fall into a grey area – anywhere from “targeted marketing” to “cyber-stalking.”

In Harlan Coben’s novel “Hold Tight,” a parent uses the GPS tracking feature on his son’s cell phone to locate him after being uncharacteristically out of contact for a while. Many phone companies now have this feature. Does yours?

Would you want an obsessive ex-spouse or friend to simply pay a fee for locating your cell phone at any time? Maybe the phone company would like to charge you for the ability to block access to your location data.

What were once ludicrous science ­fiction scenarios are no longer highly improbable. The Tom Cruise movie ­"Minority Report" featured talking billboards in pedestrian walkways that harassed ­people by name as they walked by. While this annoying scheme relied on facial ­biometrics, the same effect would also be possible if the advertising company received your location information in real-time from the cell phone company.

In that same movie, the authorities used mutant humans with the ability to see into the future, so they could arrest people before they committed the crime. How far off is this scenario? It might be closer than you think, even without the need for the unlikely sentient mutants.

Risks of Reality Mining
Although we don’t seem to have a ready supply of reliable psychics to aid law enforcement, there is a new area of research called “Reality Mining,” spearheaded by Dr. Sandy Pentland of MIT.

Reality mining is the concept of integrating the inputs from machine-based ­sensors of to analyze movements of individuals. The goal of this research is to open up a range of practical applications for detailed, real-time location data. It could help answer deeper questions about human behaviour and even predict people’s actions in certain situations – and locations.

Reality mining has the potential to help with the study of epidemiology and other problems, but at the same time, demonstrates how close we are to creating a real-time picture, as well as a historical trail of evidence, detailing where you are and what you are doing, at any given time. The ­current MIT study observes consenting individuals using today’s technologies like cell phone networks. Technically, the research is verifying that whenever you are connected to the “grid,” you are leaving behind data that can be harvested and used.

Imagine being called as a witness in a trial based on the fact that the authorities knew exactly where you were at the time of the crime. Or perhaps they might ask you to aid in a sting operation, based on ­predicting that you will probably be at a location where a crime is likely to be ­committed.

Dr. Pentland’s team performs its research in a well-documented and ethical manner that is intended to bring benefits to society through new applications, or by demonstrating technological risk scenarios. But it’s clear that the technology implications of this research are bringing us closer to a point where surveillance of individuals well beyond location tracking becomes ­relatively simple.

Once your presence in a database can be determined, what other information about your location and actions is available today? With web-based services like Foursquare.com (an online game and loyalty service that is popular with iPhone and other smartphone users), Twitter and even Facebook, it becomes much easier to track your physical location and actions based on posts associated with you. With a few creative Google searches (called “Google dorks”) or the use of illicit, but easily available search tools, you can find information about almost anyone who uses these sites. With a “social engineering” trick or two, “identity theft” also becomes possible, which opens the doors to an attacker or ­investigator.

Privacy Policies – Get to Know Them
While not “exciting” reading, privacy laws and policies are becoming more important to all of us as a way of defending our digital shadow. It’s time for each of us to take a closer interest in them. Any good policy defines a clear scope, mandates specific requirements with accountability, and details the penalties for violating the policy. Privacy laws and policies are often weak in one or more of these areas, leaving ­wide-open interpretations and opportunities for abuse.

Knowledge is Power – Especially Managing Risks
With this in mind, and knowing how long it will take to have a solid infrastructure of enforced laws and policies, your best defence is in realizing how your digital shadow can be used and abused. To start with, question the trustworthiness of businesses that manage the connected devices and websites you use. Do they have solid privacy policies that protect your rights, and can they prove that they handle such private data responsibly?

Of course, you will weigh the conveniences of new technologies against the possible risk that you might become a ­victim of online scams or cyber-stalking. You may decide the trade-off is worth it to you, but you can’t expect to make an informed decision without being aware of the risks.  

Scott Wright is an Ottawa-based security coach, podcaster and consultant.
© FrontLine Security 2010



Dirty Money
© 2010 FrontLine Security (Vol 5, No 2)

In a recent book entitled Tainted Money, author Avi Jorisch states: ‘As Washington reaches out to financial and foreign ministries around the globe, policymakers and laymen alike should be keenly aware of the financial dangers we will need to counter – whether they stem from rouge regimes like Iran and North Korea, the Osama bin Laden’s of the world, or criminals that are engaged in illicit activity. Unquestionably, one of the most serious public policy challenges that the United States will face in the foreseeable future will be the use of every tool in its arsenal to make progress against those who exploit tainted money.’

Estimates indicate that organized crime costs every Canadian as much as $600. The best example, well known to Canadians, are the outlawy motorcycle gangs (OMG's), primarily the Hell's Angels.

From the UK, in late November, Sir Hugh Orde, president of the Association of Chief Police Officers (Acpo), questioned if the policing set-up was fit for purpose in a world where the most dangerous threats came from international ­terrorism and cross-border organized crime.

Sir Hugh, former Chief Constable of Northern Ireland and a policeman for 33 years, said that the political debate on policing had been ‘hijacked by the ‘more cops on the street’ brigade’ which was fixated on ‘antisocial behaviour, dog fouling and bicycles on the pavement.’

At home, as was noted in the Globe and Mail article dated August 1st, 2009; ‘Our Government has been trying to strengthen the criminal justice system, including measures to toughen penalties not just for violent crime, but for these kinds of white-collar crimes as well.’ (Prime Minister Harper).

Of course we have FINTRAC, the independent federal government agency with a mandate to assist in the detection, deterrence and prevention of money laundering and the financing of terrorist activities. This year, 556 case disclosures were provided by FINTRAC to law enforcement, other domestic partners and to foreign financial intelligence units. In their reports on money laundering and terrorist financing, FINTRAC’s report on Money Laundering and Terrorist Financing indicated the following activities across the country last year (note the last one):

On a smaller scale, but answering similar concerns, the Canadian Association of Chiefs of Police established two committees specifically to address dirty money: the Counter Terrorism Committee, and an Electronic Crime Committee.

The threat appears real, persistent and effective. How effective then is our legislation? Are the resources that we dedicate to counter this double barreled criminal challenge working to deter potential criminals and, alternatively, to catch and punish the undeterred?

Two former RCMP officers who are still active in the security domain answered a few questions on the tainted money situation as they see it.

Garry Clement, the former Director of the RCMP’s Proceeds of Crime Program, is now President and CEO of White Collar Consulting and Investigative Group. Denis Constant, the former Director General of the RCMP’s Economic Crime unit, is currently President of Constant Corporate Security & Investigations Inc.

Q:What is tainted money… and how important is it to the safety, well being and security of Canadians? How are ordinary Canadians threatened?

Garry Clement: The term tainted money is slang for proceeds of crime and/or funds derived legally or illegally for the purpose of terrorist financing. The reality is that money laundering occurs as the result of criminal and/or terrorist financing activities. The impact is often swept under the carpet but estimates have been published that orga­nized crime costs every Canadian as much as $600. The best example, well known to Canadians, are the outlaw motorcycle gangs (OMGs), primarily the Hell’s Angels.

When I commenced my policing career in 1973, OMGs were on par with today’s street gangs, and during my career I watched them become a multi-million dollar international criminal enterprise. To gauge the impact today, one only has to look at the hydroponic marihuana grow industry and realize that large amounts of investment capital is being put in the hands of criminals, some with terrorist leanings. This provides power and the ability to corrupt at all levels of society. Tainted money and white collar crime involves everything from straight financial fraud to money laundering, to identity theft, to stock market manipulation, to cyber crime and to terrorist fundraising and combinations of all of the above. These crimes are also committed by individuals, incident specific conspiracies, organized crime groups and terrorist supporting individuals and organizations, including (in some instances) co-operation with agencies from foreign gove

The Financial Action Task Force (currently consisting of 35 countries) plays a critical role in the development and promotion of policies associated with thwarting money laundering and terrorist financing.

Denis Constant: Tainted money can best be described as illicit profits generated in the course of criminal activities. The threat associated with money laundering is world-wide and Canada is no exception, however, in safeguarding the finance industry our sound financial system is better than most and is a reflection of the moral fabric of a society.

Q:What agencies monitor such money laundering schemes nationally and internationally? Can you give us examples of some successes and failures?

Denis: Several key agencies are monitoring money laundering schemes in Canada.

First and foremost, the Police community (predominantly the RCMP) plays a big role in defining new trends and schemes associated with money laundering. They have an opportunity, through several major investigations they undertake, to be at the leading edge of these new trends and schemes being developed or used by criminal organizations.

FINTRAC, our Financial Intelligence agency in Canada plays also a significant role in defining these trends since they experience first hand through their analysis, suspicious transactions being reported through the mandatory process. Of course there is FATF internationally since 1990 that has updated in 2003 its 40 recommendations for its 53 permanent or associated members. These deal with national legal systems, measures to be taken by financial institutions and non-financial businesses and professions to prevent money laundering and terrorist financing, and institutional and other measures necessary in systems for combating such laundering and financing. Canada underwent an audit recently and was found wanting in some domains. Under the auspices of the Government of Canada, the Finance Department have also been monitoring new trends and schemes in order to assist them in the development of future policies.

Garry: Nationally: Most of the intelligence flowing as a result of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) is directed to FINTRAC. Over time, they have developed expertise and systems that provide value added intelligence to law enforcement and CSIS. The RCMP also has a capacity to monitor some of the intelligence through its intelligence units and CISIS. The FATF [Financial Action Task Force – an inter-governmental body of 35 countries] plays a critical role in the development and promotion of policies associated with thwarting money laundering and terrorist financing.

In its 2007 review, FATF singled out Canada for its lack of enforcement which I feel is a legitimate and ongoing concern.

I have written and spoken extensively on the fact that white-collar crime investigations require a high level of investigative expertise garnered only through years of experience and training. Unfortunately, law enforcement promotion systems and frequent transfers of personnel reduce the institution’s capacity to develop the expertise to effectively counter this sophisticated threat from organized crime.

It is my experience that law enforcement’s high end investigative units are, first, understaffed and those in the discipline do not stay long enough to develop sufficient expertise and, second, they are underfunded since they cannot meet the requirements mandated through case law to complete a court-ready investigation requiring significant resources and funding.

Organized criminals and terrorists are for the most part ‘lifers.’ They have become experts at their trade. By contrast, we largely counter them with marginally experienced enforcement officers.

Internationally: FINTRAC, through various Memoranda of Understanding with other Financial Intelligence Units throughout the world captures some of the financial intelligence. CSIS and the RCMP through their international liaison programs also ­capture some of the necessary intelligence.

What needs improvement is: ‘Who responds most effectively and in a timely manner when intelligence is forthcoming?’ For example, the value of FINTRAC is measured by the number of disclosures provided to law enforcement and CSIS. A more objective item to measure would be the number of cases that are brought before the courts as a result of the intelligence, and what organizations (criminal and/or terrorist) were weakened by this intelligence.

Q: Has the electronic transfer of funds in this wide world web increased the work for forensic auditors and policing agencies?

Investigate the creation of a National White-Collar Crime Investigative (Agency Task Force) similar in nature to the Integrated Market Enforcement Teams (IMETS) of investigative experts dedicated to corporate and market fraud cases.

Garry: At present, I am reviewing a nationally recognized money service business. Many of their wire transfers originate from countries that fit one of these categories:

  • Countries identified as lacking appropriate anti Money ­Laundering and Terrorist Financing laws, ­regulations and other measures;
  • Countries identified as providing funding or support for ­terrorist organizations operating within them;
  • Countries identified as having significant levels of corruption, or other criminal activity;
  • Financial Action Task Force’s Non-Cooperating Countries & Territories; and
  • Countries identified by a credible source as narcotic source or transit countries.

This particular company has filed a multitude of suspicious transaction reports. This, in my view, is the norm within the financial sector which would indicate funds continue to flow for the most part unabated.

Denis: The electronic transfer of funds has been instrumental in facilitating commerce and trade worldwide; however, the potential for criminal use has presented a huge challenge to law enforcement and forensic auditors. The mere fact that only 50 countries (of which only 37 are members in their own right) have chosen to be represented as part of an international framework that provides worldwide standards in combating money laundering and terrorist financing, shows some weakness.

The speed with which electronic transactions occur, added to the fact that several countries (non-member participants of the FATF) have continued to pursue international investments by highlighting the secrecy of their bank operations, makes it extremely difficult to track transactions.

The lack of adherence worldwide to FATF standards in combating money laundering has created a void for investigators and financial auditors to track the money. We are only as strong as our weakest link. For instance, in the 2008-2009 FINTRAC report, 10 international banks, including British-based Lloyds, are suspected of laundering billions of dollars for Sudanese and Iranian banks and their clients, through banks in New York. While Lloyds has admitted to money laundering, the other nine banks remain under investigation. In order to hide the identity of its clients, Lloyds bank ‘stripped’ wire transfer information. This practice involves removing information that links payments to countries of origin, such as Iran or Sudan, which are barred from the American financial ­system.

Q: What are banks doing to protect themselves? What involvement do the IMF and World Bank have in reducing this threat? Does Interpol have a sound approach to this international threat?

Denis: Since the implementation of the program to combat money laundering in Canada (as a result of the 1989 G-7 meeting in Paris), there has been a great degree of cooperation between our commercial and government institutions, international governments and entities such as the IMF and Interpol. Over these last 20 years, several countries have adopted more aggressive policies in order to safeguard their financial institutions.

Cooperation at home between law enforcement and the Canadian Bankers Association (CBA) has been instrumental in ensuring that banks are aware of new trends, so they can conduct their own due diligence. Financial institutions will now not hesitate to hold back a cheque of $5,000.00 for five days originating from a major corporation until they have had the opportunity to verify the authenticity of the cheque with said company. This is a ­significant step in the right direction.

Interpol plays a significant role. Under the Interpol charter, they have 185 signatory countries for which 70% of whom do not have a money laundering regime in their respective country. Under their leadership, they can exercise influence in their attempt to convince countries to adopt a money laundering regime that is comparable to International standards as established by the FATF… but it is a chore.

Garry: Banks have spent millions to implement elaborate software programs in an effort to thwart money laundering. The reality is that banks today are engaged in all aspects of finance and therefore they are as vulnerable to money laundering as any other financial infrastructure.

All of the world’s focus on money ­laundering has not diminished the levels of organized crime activity. For every loophole we fix, organized crime finds other means. Organized crime and terrorist groups have the resources and skills to engage subject matter experts and put infrastructures in place which mirror any multi-national corporation. For example, one of the last outlaw motorcycle investigations I was involved in uncovered around 800 business registrations which served to highlight the sophistication of organized crime and the lengths they will go to hide their illicit activities. What is worthy of note is that the group in question, had co-opted professionals from all disciplines which highlights the fact that money laundering cannot occur without assistance from the professional bodies.

The value of the IMF and World Bank has been their ability to name and shame through FATF and oversee country audits relative to ensuring they have viable anti money laundering and terrorist funding regimes. Without a doubt this has helped open up the capacity of enforcement ­agencies to seek financial intelligence.

Interpol is, in my view, a great vehicle for some developing countries but, in my experience, most developed countries prefer to deal directly with their own enforcement agencies.

Q: What policy initiatives would you propose for Canada?

Garry: Canada needs to adopt a holistic and systemic approach whereby the entire spectrum of weaknesses in this area are identified and addressed. [Similar to the] reasons espoused in the UK by Sir Hugh Orde, I am convinced the RCMP needs to become solely a Federal Force and leave contract/uniform policing to provinces. We need to develop expertise if we are to keep up with the advances in technology upon which organized crime and terrorist organizations definitely capitalize.

The Government needs to recognize the complexity of these cases and fund accordingly, ensuring that crown prosecutors are available and assigned to these units.

We need to change the measurement tool for success of our money laundering and terrorist funding program to measure any significant impact on a given organized crime group or organization flowing from FINTRAC disclosures.

Consider, for instance, the complexities involved in this case reported by FINTRAC:

‘In a joint RCMP-FBI investigation, Rosenfeld was caught on tape agreeing to launder large quantities of ‘coke money’ for an undercover RCMP officer posing as a representative of a Colombian cocaine cartel. Rosenfeld also informed the undercover RCMP agent that he was able to set up a meeting with Vito Rizzuto, head of the Rizzuto organization, to discuss the sale of 3,000 kilograms of cocaine, and arrange a collaborative agreement with the Hells Angels Motorcycle Club. Rosenfeld used solicitor-client privilege, the legal professional privilege which protects all communications between a professional legal advisor and his or her clients from being disclosed, to conceal the activities of his criminal associates. The National Post notes that ‘lawyers are the only financial intermediaries exempted from the currency-reporting requirements in the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, an exemption that lawyers won in a series of court challenges by law societies against the government.’

Other recommendations I would make to government to consider are:

  • Investigate the creation of a National White-Collar Crime Investigative (Agency or Task Force) similar in nature to the Integrated Market Enforcement Teams (IMETS) of investigative experts dedicated to corporate and market fraud cases.
  • Amend Seized Assets Management Act to direct assets forfeited back to the Task Force with defined expenditure criteria;
  • Fund a white-collar investigative certification course, similar in nature to the Certification program offered by the Certified Fraud Examiners, thereby increasing expert capacity.

Denis: As much as significant progress has been done by the Government to protect the life savings of Canadians, major gaps continues to exist. For instance… Businesses associated with ATM machines remain unregulated by the Government. This self regulated industry has provided opportunity for organized crime groups to utilize the services of ATM machines to launder their illicit profits where they can unload their cash, charge a fee to any citizen seeking access to cash and legitimize it through a business entity that will not raise scrutiny.

Another policy change that would be welcome deals with a greater harmonization of the Intelligence agency (FINTRAC) and law enforcement community. When FINTRAC was instituted, it was deemed important that the agency remain at arms length from the law enforcement community to prevent fishing expeditions on the part of the police seeking information at large from FINTRAC. This approach has been highly criticized through the FATF 2008 evaluation of Canada’s financial system, since it leaves major gaps in the system. For instance, a proactive disclosure cannot be contemplated by FINTRAC unless the police formulate a specific and prior request for this same information. As well the Intelligence agency is significantly under-resourced to deal with the analysis of the large volume of suspicious transactions.

Last but not least, I remind you of the complexity of investigation in dealing with malfeasance/fraud by major corporations. As I indicated to you, our legislative system associated with Securities is continuously compared to that of the US. Drawing such comparisons does not do justice to the tremendous effort of investigators engaged in pursuing these cases. One of the significant tools investigators lack deals with the absence of a law compelling witnesses (I say witness not potential accused) to provide evidence in a case where a corporate fraud has taken place. When a fraud of great magnitude takes place, the board of directors of the company quickly replace the old management team. In most cases, the new team then directs all employees not to speak to police in order to protect shareholders value. Investigators in Canada need this critical tool in their toolbox.  

Clive Addy is the Executive Editor of FrontLine Security.

Denis Constant, the former Director General of the RCMP’s Economic Crime unit, is currently President of Constant Corporate Security & Investigations Inc.

Garry Clement, the former Director of the RCMP’s Proceeds of Crime Program, is now President and CEO of White Collar Consulting and Investigative Group.
© FrontLine Security 2010



Health Survaillance
© 2010 FrontLine Security (Vol 5, No 3)

The global population is approaching 7 billion people and, combined with the ease and frequency of modern air travel, this gives rise to a rapidly increased public health risk at major world events. Mass gatherings, as they have come to be called, are largely pre-planned events, held for a limited time and attended by more than 25,000 people. These events can include any number of purposes – political, religious, athletic – and can be attended by, for instance, 300,000 rabid soccer fans at a FIFA World Cup, or 2.5 million pilgrims at the Hajj in Mecca, Saudi Arabia.

Dr Kamran Khan (St. Michael's Hospital, Toronto) implemented a novel, internationally collaborative approach to health surveillance of the 2010 games, based on the fact that air travel can cause the global spread of infectious disease.

There are many public health factors to consider when planning these events. Most obvious are the police presence and the ability to safely accommodate attendees. However, there exists a relatively new, albeit essential, factor to consider in the planning of mass gatherings: public health surveillance.

While mass gatherings typically feature attendees in good health, such public events also present an ideal environment for the amplification and global dissemination of infectious disease. They also increase the incidence of injury. Common health-related issues at mass gatherings include: heat-related illness, drug and alcohol abuse, ­lacerations, head injuries, trampling, viral infections, gastrointestinal and musculoskeletal issues, increased prevalence of asthma, and heightened risk of terrorism.

Public health challenges result either directly or indirectly from the great number of event attendees. The temporary surge in population density increases both the absolute medical case load, and the potential for the spread of infection. High population density yields a heightened opportunity for contact transmission and respiratory infection propagation, as well as the possibility for changes in the epidemiology of sexually transmitted infections.

Another challenge posed by mass gatherings is the ­mixing of citizens from various ecological and environmental disease backgrounds. Visitors are exposed to locally prevalent infections, while locals are exposed to foreign infectious diseases. For instance, the 2006 FIFA World Cup in Germany ran concurrently with a national measles outbreak – posing an added threat to international attendees.

The sheer volume of attendees creates potential strain on infrastructures that have not been built to withstand the dramatic population increase. Heightened demand on existing services also poses issues regarding water quality, food preparation hygiene, sanitation due to portable washroom facilities, as well as safe and secure accommodation for visitors.

Additionally, the grandeur of many large-scale events often garners increased media attention as we have witnessed recently with the Commonwealth Games in India. For this reason, there is increased potential for acts of chemical, biological, radiological, nuclear, and explosive terrorism. Heightened press coverage also yields the potential for what would normally be a minor health incident to have a more ­sub­stantial impact as awareness (and sometimes misinformation) of the issue is amplified.

In the absence of health surveillance for these events, there can be a considerable lag between the outbreak of a significant public health issue and the response of public health officials.

Infected individuals must first present symptoms of an illness. Next, some of these must seek medical advice. Finally, a sufficient number of patients presenting similar symptoms must seek treatment in order for the issue to be reported to public health officials. Furthermore, alerting of public health is contingent on physicians’ acute ability to recognize an emerging trend, as well as on repeated lab tests confirming the presence of disease. Real-time disease surveillance is designed to severely cut the lag time between disease outbreak and public health response.

Health departments in Miami, Indianapolis and Chicago had seperately installed versions of ESSENCE (Electronic Surveillance Systems of Early Notification of Community-based Epidemics) software to track significant public health events in all three regions simultaneously.

Health surveillance is required at mass gatherings to improve rapid detection of health-related issues, but more importantly, to allow for prompt response to prevent the spread or reoccurrence of these events.

Too often, health efforts are reactive, rather than proactive. Through early identification of emerging trends, public health officials can work to prevent further incidents from occurring. This way, the surveillance system functions as a disease prevention and health promotion tool. In the absence of rapid pattern detection, endemic diseases may spread unknown to public health officials, and recognition of an outbreak may come too long after the optimal response time has passed.

Take, for instance, Ontario’s provision of the H1N1 vaccine in fall, 2009. A study conducted by Beate Sander found that the campaign saved 50 lives, prevented 420 hospital admissions, and kept about one million people from contracting the H1N1 flu. Sander noted that if the campaign had been started later, it would not only have been less effective, it also would have been less cost-effective. Therefore, rapid response to disease outbreak in any scenario is of both health and economic importance.

Mass gathering surveillance can involve any number of important factors, all with the aim of increasing situational awareness. ­Surveillance software receives electronic data input from a variety of sources, such as hospital emergency departments. Incoming information can include patient age, gender, symptoms and more. These properties are analyzed by the software, and are compared to historical data to detect abnormal trends. Detected anomalies signal an alert to epidemiologists.

Therefore, effective surveillance requires daily reporting from various sectors of the healthcare system. Reporting from a wide variety of data sources, both conventional and unconventional, ensures that surveillance is comprehensive. Not only is reporting from emergency departments a useful tool, but reporting increased levels of water bottle distribution may signal an impending outbreak of heat-related illness.

Surveillance systems may already be in place at the event’s location; these systems often require alteration for real-time identification of relevant issues. Alterations may include adjusting the frequency of data reporting to the surveillance team, as effective analysis can only be achieved if data is reported on an ongoing basis. For instance, the 2000 Sydney Olympic Games surveillance team increased mandatory reporting from its sentinel partners – including hospitals, laboratories, and schools – from once daily to three times per day during the Games. Such increases in reporting allow for same-day response to relevant issues.

Once data collection and analysis is in place, communication of such information becomes one of the key components of a surveillance system. Information sharing allows collaboration with all sectors of public health to provide a coordinated response to emerging issues. This way, effective and thorough preventative action – such as educational efforts, strategies to prevent crowding, or installation of hand-wash stations – may be taken. Privacy constraints may pose a problem to data-sharing. Communication is therefore most effective if it includes the analysis and interpretation of trends, rather than the raw data itself. A high level of reporting also yields transparency, which can raise the level of trust in the system.

Additionally, increased reporting raises public awareness, which acts as a preventative measure in its own right.

Super Bowl XLI in 2006 between the Indianapolis Colts and the Chicago Bears took place in Miami, Florida, and provides a great example of a collaborative biosurveillance system. Surveillance of Super Bowl XLI ­represents the first time that separate installations of biosurveillance software were integrated into one system. Health departments in Miami, Indianapolis, and Chicago had separately installed versions of ESSENCE (Electronic Surveillance System for the Early Notification of Community-based Epidemics) software, and used information communication to track significant public health events in all three regions simultaneously. The pre-existence of ESSENCE meant that users were already comfortable with the system. This fact, combined with reports between regions omitting raw data, meant setup took less than 24 hours. The successful collaboration and communication between these bio­surveillance systems displayed the potential for inter-jurisdictional disease surveillance tactics.

Surveillance efforts for Super Bowl XLI underscored the advantages of using a ­surveillance system that analyzes trends from a variety of data sources. The system analyzed data from the ESSENCE software, from the Miami-Dade Fire Rescue 911 Call Centre, and from the Biological Warning and Incident Characterization system. It also used school absenteeism information to gain a comprehensive perspective of potential injury or illness stemming from Super Bowl weekend. While no unusual disease outbreaks were detected, the integrated approach to surveillance did prove useful for detecting other notable trends. Surveillance detected increased daily emergency department visits (between 2425 and 2584 visits per day, compared to the previous two month average of 2315), increased respiratory syndrome cases, increased school absenteeism, increased injury from motor vehicle accidents, and found that a quarter of all 911 emergency calls on Super Bowl Sunday were made from inside ­Dolphin Stadium.

Surveillance of the 2010 Vancouver Olympic Games used multi-jurisdictional surveillance, as Super Bowl XLI did, but also showed a revolutionary approach to integrating data from a variety of sources. Drs. Kamran Khan (St. Michael’s Hospital, Toronto) and John Brownstein (Children’s Hospital, Boston) implemented a novel, internationally collaborative approach to health surveillance of the 2010 Games, based on the fact that air travel can cause the global spread of infectious disease. They combined a web-based infectious disease surveillance system, known as HealthMap, with a global air traffic system called BIO.DIASPORA. Updates were received from both surveillance systems on an hourly basis in an effort to identify where attendees were coming from and what diseases they might bring to the Games. Due to its success, a similar system was implemented to monitor the 2010 FIFA World Cup in South Africa.

Khan and Brownstein’s system targeted diseases that are contagious, those involving drug-resistant pathogens, and those involving pathogens that could indicate acts of terrorism. While no major threats to the Games were identified, the potential benefits of combining syndromic surveillance with monitoring international travel were realized. “The capability to integrate knowledge of worldwide air traffic patterns and intelligence from internet-based infection disease surveillance in real time could significantly enhance situational awareness of infectious disease threats,” assert Khan and Brownstein. Additionally, they suggest that international collaboration for health surveillance can foster global cooperation of health officials.

More recently, acute care health surveillance of the G8 summit in Huntsville, Ontario was performed by the Queen’s University Public Health Informatics (QPHI) team, based in Kingston, Ontario. While these summits were attended by fewer than 25,000 people, and thus do not fit the classic definition of a ‘mass gathering’, public health surveillance at these events is necessary due to their high-profile participants.

The QPHI team analyzed data from a variety of sources including the real-time Acute Care Emergency Management system that monitors Emergency Department visit levels, and the Telehealth Surveillance System that monitors calls into Ontario’s Telehealth nurse-based health advice hotline. Based on historical values developed by QPHI, abnormal public health events could be detected by these systems. Additional data sources used by local public health included reporting from temporary accommodation facilities for the events, and environmental health. While some aberrations were detected, no major threats to public health were present during these summits.

Public health surveillance practices have proved effective in identifying disease outbreaks and other relevant issues. However, absence of adequate ­surveillance remains for mass gatherings worldwide, such as the Hajj in Mecca, Saudi Arabia.

Saudi Arabia has made great progress in improving the health of Hajj pilgrims. For one, vaccination against meningitis is now mandatory for all attendees at this religious ceremony. Additionally, travellers from countries known to be infected with Yellow Fever must show proof of receiving this vaccination. If this requirement is not met, individuals can receive the vaccine upon arrival.

However, influenza is among the most common illnesses experienced by the roughly 2.5 million pilgrims, featuring an estimated 24,000 cases of infection per session. Given that attendees travel from many corners of the Earth, and subsequently travel home after the service, this creates a potential for these 24,000 cases to spread globally. Despite this fact, no real-time ­health surveillance takes place at the Hajj.

As health records and data are increasingly collected electronically in the healthcare field, the opportunity for better public health surveillance is growing. Fusion of information from multiple data streams ­creates a more comprehensive picture of disease activity in populations which can be made available to public health decision-makers. As global population continues to escalate toward and beyond 7 billion, real-time, electronic, automated disease ­surveillance will become the gold standard in the mitigation of international disease outbreaks.  

Aaron Wynn is an undergraduate Life Sciences Honours student at Queen’s University, and a research assistant for the Queen’s Public Health Informatics Team (QPHI).

Dr. Kieran Moore is an adjunct Associate Professor of Emergency Medicine at Queen’s University, and the director of QPHI (www.qphi.ca).
© FrontLine Security 2010



Integrated Security for Base Protection
Safeguard personnel from all types of hazards
© 2010 FrontLine Security (Vol 5, No 1)

Securing Canadian military installations is essential to fighting terrorism. ­However, base commanders understand that their force protection security ­system must also safeguard military personnel, their families, and civilian contractors from all types of hazards. To accomplish this, security planning must anticipate intelligent, adaptive adversaries and large-scale emergencies that ­create terror and confusion, and complicate response by causing multiple, simultaneous incidents. In those circumstances, the sheer volume of inputs from alarms, sensors, closed-circuit televisions (CCTV), and situational reports can overwhelm a security team and provide a confusing picture of the unfolding situation. That’s why security systems must do more than provide raw information – they must provide automation, intelligence, and interoperability to streamline work processes and maximize the protection of ­people and properties.

Effective streamlining of data from multiple sources is critical. (DND Photo)

Integration Technology for a Common Operating Picture
With successful implementations underway at CFB Valcartier-St. Jean and CFB Edmonton, Intergraph’s Force Protection solution is gaining attention from Canadian base commanders, police chiefs, and fire chiefs. Based on Intergraph’s proven and widely-deployed public safety-based computer-aided dispatch (CAD) system, the company’s Force Protection solution pulls together data from a base’s physical security systems into ‘one screen’ operations, helping make sense of chaotic situations caused by asymmetrical or conventional threats. The system acts as a force multiplier, enabling decision support that focuses limited resources where they’re needed most. Through the one ­common operational picture, security teams and first responders can easily and efficiently achieve situational awareness and supports disposition of forces to manage security and public safety incidents to their resolution.

Interoperability is Essential
Intelligence sharing and system interoperability require open enterprise solutions. Whether it’s spanning multiple, geographically dispersed sites or crossing jurisdictions, the ability to seamlessly share information is increasingly critical.

Intergraph’s dedication to interoperability is a key reason for their solution’s effectiveness in managing base security. The solution is able to integrate a wide range of third-party intrusion detection systems – such as radar, sensors, alarms, access systems, and unmanned aerial vehicle (UAV) video – through Intergraph’s geo­spatial intelligence products and COTS (commercial-off-the-shelf) command-and-control software. The system also supports interoperability among local, provincial, and national systems, and has been used successfully for over 35 years throughout the civilian public safety and security ­communities.

As a premier systems integrator, Intergraph works with intrusion detection vendors to provide standards-based adapters, which shortens implementation costs and time frames. Long-standing partnerships with technology leaders such as Microsoft, Lockheed Martin, SAIC, and Oracle; academic and non-profit organizations such as the Open Geospatial Consortium (OGC®); and the Canadian Department of National Defence ensure Intergraph’s standards are based on best practices and are proven in simulated and real-world environments.

Fast-Track, Scalable and Flexible Implementation
Few out-of-the-box solutions support the complex requirements of enabling complete domain awareness. At the same time, built-on-demand solutions are expensive to develop and maintain. They are often proprietary and require considerable investment to make system changes over time.

Intergraph’s configurable, flexible, and expandable COTS force protection solution helps mitigate these challenges. The starting installation contains the basic functionality, standard interfaces, and tools for rapid customization that provide a shortcut to system development and a fast track to implementation. System updates are typically made during routine product maintenance, which reduces costs over the long run.

With the ability to start as small as a base needs, with unlimited expansion possibility, the Integraph solution incorporates the flexibility needed to support the changing environment of a Canadian military base. The company’s scalable COTS framework reduces the time to implement an easy-to-understand, common operating picture. The agile architecture can be adjusted according to user requirements, such as user security or level of detail. This flexibility allows rapid and efficient builds of adapters to any intrusion devices, accommodating evolving technology and supporting the insertion of tomorrow’s innovations as base infrastructure is upgraded.

Deciding on an Integrated Security Solution
When choosing a vendor to provide an integrated security solution for your base operations or federal organization, look for a suite of solutions that gives you the maximum expandability, interoperability, and flexibility for customization.

Intergraph’s Force Protection solution maximizes the value of the security ‘pieces’ you already have (databases, intrusion devices, alarms, access sensors, and personnel resources) and layers connectivity on top to give you a common operational picture. Strengths of the Intergraph suite include:

  • Incident detection software that assists in assessing threats via interface with existing or new access control, intrusion detection, radar and video analysis systems
  • An industry-proven computer-aided dispatch core, enhanced with interactive, real-time map displays, as well as web-based and mobile availability
  • Powerful communication interfaces between Intergraph’s CAD and your existing or new radio and phone systems
  • Consequence management components that allow the further development, integration and execution of existing or new response plans
  • Mobile dispatch integration
  • Complete interoperability with existing or new pagers, alerting systems, and external databases
  • Planning and simulation tools for flawless incident management
  • Integration of existing or Intergraph-based video management tools to provide seamless threat assessment and response management

Strong relationships with key asset ­management partners
To learn more about integrated security and how your base or enforcement group can benefit, visit www.intergraph.ca/FLS for a special information package or contact sales@intergraph.ca

Intergraph is the leading global provider of engineering and geospatial software that enables customers to visualize complex data. More than 1800 agencies in 27 countries that provide police, fire, emergency medical, force protection, national security, and related services choose Intergraph solutions.

Shane Loates is Intergraph’s geospatial defence integration expert in Canada. shane.loates@intergraph.com
© FrontLine Security 2010



Defending Against the Threat of
Insider Financial Crime
© 2010 FrontLine Security (Vol 5, No 2)

Businesses of all types and sizes face the risk of insider fraud. This can be for corrupt personal gain, criminal or terrorist extortion or combinations of these. Responsible and successful organizations anticipate and take measures to mitigate such risk. For instance, one must realize that organized crime is first and foremost a business. As such, it has objectives, a management structure, financial performance goals, and metrics. Given this framework, anticipation and mitigation demand that you think like a predator. As a security expert, enlist your business acumen to reason through how to target your own employer. Internal fraud and fraud defense are daily occurrences, and many losses occur even without a crime boss or terrorist calling the shots behind the scenes. Examples abound.

Case Study:
An Avoidable Loss

In the school of hard knocks, audio ­product giant Koss’s chief executive paid $4.5 million for an employee’s three-month shopping spree before learning not to exempt his financial executive from oversight. She had diverted these millions out of Koss’s business account to pay her personal American Express bill. Following a tip from American Express, Chief ­Executive Michael Koss discovered his $200,000-a-year employee’s misdeeds on entering her office and seeing credit card bills for shoes and dresses on the corporate American Express bill. For more details, see the Wall Street Journal (23 December 2009).

Case Study:
Proper Diligence or Overkill?

The Defense Finance and Accounting Service (DFAS), a government agency, recently told 39 employees they could not work there because their background investigations revealed a chronic pattern of financial or personal irresponsibility. The terminations and suspensions are new, but the background investigation criteria date back to 2005. Meanwhile, an attorney is already opining that it is unusual to relieve employees over their financial records. Details are available via Federal News Radio (7 July 2010) on this issue.

Fraud Risk:
How to Attack

From an attacker’s point of view, which ­target would give you more anxiety: Koss Corporation, or DFAS? Keep these cases in mind as we proceed with a business look at recruiting an insider to carry out financial crimes.

Both employers have rules to limit opportunities for insiders (employees in positions of trust) to misappropriate funds. But either the rules were either not enforced or only selectively. Then again, maybe enforcement varied depending on relative position in the hierarchy. If so, the safest positions to occupy for a financial trust betrayer would appear to be at the top or bottom.

Why the extremes? People in the executive ranks are accustomed to more discretionary time and authority than average employees. Their big paychecks often come with a huge sense of entitlement and behaviours that intimidate corporate sentinels (the security practitioners, auditors, and others charged with defending the institution). Even when executives do not openly intimidate, they defend their autonomy and balk at being questioned. Employers assume that executives represent substantial value, therefore, they receive deferential insulation from ordinary rules designed to keep the base impulses of ordinary employees in check.

Employees at the opposite end of the hierarchy also enjoy surprising freedom of manoeuver. People at the bottom get ignored. Their value to the organization is modest, so they appear interchangeable. Often, they can enter a gathering of chief executives to refill water pitchers or adjust a thermostat without even being noticed. They become invisible non-persons. Should they happen to be caught doing something irregular, they are likely to escape notice. Inertia leads employers to dismiss the misdeed as a harmless faux pas by someone who does not know any better. Often, the effort necessary to follow up on an infraction committed by someone ‘so lowly’ seems out of proportion with more pressing business at hand. Besides, harassing this person looks bad to the union or media. It takes on the appearance of bullying, assuring negative public relations consequences.

Though admittedly an unfair question, as a crime boss, which of the two would you recruit?

Like any general manager with profit-and-loss responsibility, a crime boss has to make such tough decisions. Consider:

  • Who has the access necessary to further your objectives?
  • Who is less of a risk to you?
  • Who is easier for you to manage or control?
  • Who is more accessible to recruit?
  • Who will offer you the better return?

The executive at the top has the better access and more freedom to manoeuver. However, seniority in executive ranks comes with knowledge and ego. That means the executive may have connections that can offer immunity or are even with competing criminal elements that offer a more lucrative business deal.

Executives also possess negotiating skills. You could find yourself dealing with one who drives a hard bargain and then renegotiates at the first hint of gaining the upper hand. The executive could be so ­narcissistic as to resist your guidance about discretion, making this person difficult to control. Recruiting may be another problem. You may not be able to get close to this executive without drawing undue attention. Remember that you want a way to meet discreetly while protecting yourself later by denying any association. Important people have staffs and audit trails that are easy to examine – once someone decides there is a reason to.

As for return, for all the effort it takes to get close to the executive for an assessment and recruitment pitch, is it worth it? ­Perhaps, if the executive is venal, competent, and discreet. More realistically, though, expect no more than two out of three of those qualities. Note, too, that most executives have a limited shelf life. Few stay at the top more than five years. The rest may need to accept rotational assignments, ­lateral moves, or promotions that remove them from your orbit, making them a stranded asset.

The worker at the bottom, by contrast, starts to look more attractive to the crime boss if he can find one with the right access. For instance, if the need is for plundering coffers or laundering funds through the targeted business, then you need a worker involved in financial services or automated funds transfers. Overcome this hurdle, though, and this recruitment looks more appealing. Why? This individual is going to be younger, less sophisticated, more malleable, and less possessed of the knowledge and resources most likely to backfire on you.

Use your own junior minions to find a candidate through shared acquaintances who can make introductions without ­necessarily going through six degrees of separation. Shared hobbies or high school connections may be all it takes. Failing that, Facebook or other social networking sites are more likely to help you here than they would for an executive.

As for return, it takes a modest investment and little risk for the crime boss to try this and other lowly employees until finding the best producer with prospects for remaining or advancing in the targeted business. Play your cards well, and this becomes a bonanza for you.

Back on Defense:
What to Look For

All recruited insiders give themselves away at some point. Interpersonal deception ­theory calls this ‘leakage’ – the result of the stress in maintaining the deception necessary for fraud. In any case, what purpose do ill-gotten gains serve if they remain indefinitely hidden or unused? This modern day manifestation of what Thorstein Veblen termed ‘conspicuous consumption’ becomes the defender’s ally. It supplies observable clues.

What types of activity might provide hints of criminal activity?

An executive may invest misappropriated profits in a vacation home, a day ­trading account, a side business, costly holiday trips, or even expensive schools for children. Where will the lowly employee most likely splurge? It will often be on his or her car.

Indeed, even sophisticated insiders, like CIA traitor Aldrich Ames, should have given themselves away to anyone paying attention. How else could a mid-level government employee like Ames possibly afford the burdens of a costly divorce, a demanding Colombian mistress, and drive a Jaguar on his government salary? (Ames briefly considered robbing a bank before deciding he was better suited to selling out the CIA.) So what keeps co-workers from spotting and acting on obvious indicators that something is awry?

Curse of the Indelicate Obvious
Turn back to the case of the finance agency that actually started insisting its workers demonstrate financial responsibility as a condition of employment. As a crime boss, this would worry you. It could lead back to your own people and their shared associations. Now, as a defender, imagine the expression of moral outrage your union steward displays at the gall you must have to deny employment to financial risks like this one.

Next, imagine the accusations of discrimination you will encounter if, on seeing a prospective new hire with ‘sleeves’ (full arm tattoos sometimes seen on hard core prison convicts), you advise against issuing an offer of employment. From your perspective, a good way to avoid risk is to avoid hiring people who trigger your ­concern that poor judgment may cause them treat your workplace as a platform for self expression instead of a place of business. Finally, your own personnel system is unlikely to support barring employment because someone saw the Facebook entry of a job applicant where the latter boasted about ripping off his previous employer and threatening his last boss. Why?

This is the curse of the indelicate obvious. In other words, political correctness, fear of defamation suits, or narrow view of individual roles to the point of forgetting to look out for the employer’s larger interests all converge to limit your acting on the indelicate obvious – the glaring indicators before your eyes that tell you something is seriously wrong.

Just as a trust betrayer is the crime boss’ agent, warning signs, tips, and keen observation can serve as your equivalent of a confidential informant. Like other intelligence, however, you must realize that there are times when you need not compromise your sources. This does not mean that you deny yourself their yield. Instead, you use the intelligence to spur further investigation.

Never break the law or violate your own policies in your zeal to interdict insider misdeeds, but never ignore warning signs. Instead, use what you learn to guide your next move. Expand your due diligence until you find corroboration that your employer will accept. Even if you lack investigative resources to unleash, you can always interview the hostile insider and create an opportunity for self-incrimination. Often, all it takes is just asking open-ended questions until the individual admits wrongdoing. Interviewing skills can make all the difference. The Wicklander Zulawski interviewing technique (www.w-z.com) is particularly useful, as it predisposes the deceptive interviewee to confess, without being accusatory or confrontational.

New Trend:
Insider Attacks without People

Finally, keep an eye on developing trends that a good crime boss might embrace to lower risk and cost; the best are often disguised as the most innocuous.

Bud Miller, Executive Director of the Coupon Information Corporation, pointed out that coupon fraud of 39 to 50 cents per coupon can quickly amount to tens of millions of dollars in undeserved profits, to the financial distress of the companies redeeming coupons for products never sold. In times of economic downturn, Miller observed, “It’s going to get worse before it gets better.” Moreover, a good sign that a fraud technique is gaining traction is that seasoned fraud perpetrators and rank amateurs alike are applying it. When it comes to the latter, as Miller noted, it becomes a case of ‘disorganized crime’ whose consequences can be equally costly.

The abiding lessons? Stay watchful. Neglect indelicate, yet obvious, warning signs at your own peril.

Nick Catrantzos is an associate with Efficient Research Solutions, a consultancy specializing in economic crimes. He also manages security for a large public steward of critical infrastructure. A master’s alumnus of the Center for Homeland Defense and Security of the Naval Postgraduate School, he received the outstanding thesis award for his insider threat study in 2009. He can be reached via www.NoDarkCorners.com
© FrontLine Security 2010



D.I.R.E. (Interoperability)
© 2010 FrontLine Security (Vol 5, No 3)

The lack of communications capability among First Responders has hampered many incidents over the years. Designed by the Canadian Forces Aerospace Warfare Centre (CFAWC) Air Force Experiment Centre (AFEC), the Disaster Interoperability Response Experiment (DIRE) project was aimed at “advancing the integration of communication systems, open source tools, and the adoption of technical standards to achieve better coordinated response between emergency response organizations and the Canadian Military during disasters.” Coordinated by AFEC, DRDC (Defence Research & Development Canada), and DLCSPM (Director Land Command Systems Program Management), the technology for the command post was operated by both DLCSPM and co-op university engineering students seconded to DRDC.

The DIRE exercise simulated a major earthquake in the Ottawa area (a reasonable scenario given recent seismic activity in the area) that cut off all radio and cellular communications. A ­unified command post, using a small and large aerostat and Unmanned Aerial Vehicle (UAV) and whiteboards, provided wide area video coverage, rudimentary map overlays, asset ­positioning via GPS, and communications with field incident commanders.

The DIRE system was impressive from a technological point of view. Using a mobile deployable aerial platform, Senior officers from Ottawa’s Fire, Police and Paramedic Services communicated to field officers, relating situational information through real time voice, data, and video.

Over the past decade, much has been done to improve the technology of first responders in Canada.  However, the DIRE program and other efforts to overcome interoperability problems among these groups could not have come about without important efforts in breaking down the culture of exclusivity that existed.

The technical impediments to interoperability pale in comparison to the longstanding desire to “protect” information rather than sharing with other groups.  With the breakdown of such cultural barriers, the notion of fully interoperable communications systems for police, fire and EMS has truly caught on. CFAWC’s DIRE project initiative and through organizations like Canadian Interoperability Technology Interest Group (CITIG) has played a key role in that endeavour.

The eventual realization of real interoperability among first responders is apparent with DIRE and other technological successes. For example, CITIG held its third annual Vendor Outreach Forum in September, where technology suppliers brought forward solutions to first responders, and recommendations for interoperability was a key priority.

A key concern identified at this Forum was the need for a set of standards to guide the players in the field. Worldwide interoperable open communications standard was a key topic of discussion as a potential solution.

As the cultural barriers fall among emergency response groups, so too do the constitutional barriers of federal versus provincial versus municipal leadership (control).  

Federal programs are emerging from both Public Safety Canada and DND (DRDC) that will benefit the responder when it counts: in battling a disaster.

As the DIRE program proceeds into the future, it is important that they continue to cooperate with the end users and cross the cultural divide time and again. This will accord with their well founded mission to ensure that shortfalls in capability are properly identified and that potential solutions address responders’ overall strategic needs.  

Edward R. Myers, Editor.
© FrontLine Security 2010



Brian Rexrod
Cybersecurity & Cooperation
© 2010 FrontLine Security (Vol 5, No 1)

Q:How much damage can be mitigated if major companies such as Microsoft, AT&T, or, in Canada, Rogers, Bell and Telus provide the security before it reaches the user as your Chief of Security suggested last year?

A significant portion of these threats can be averted by network services providers. There are some categories where a network service provider is best suited to provide security services. There are numerous reasons for this:

  1. The network generates data that can be profiled and analyzed for anomalies that may be leading indicators of threats that are developing on the Internet. A large network service provider has a good vantage point to identify new threats and incorporate mechanisms to counteract them well before most network users can see them.
  2. Providers of private enterprise services can analyze the same types of data for both internal and external threats. Their customers can minimize their need to implement separate internal network protections to supplement Internet gateway solutions.
  3. Many providers control huge amounts of bandwidth in the core network where flooding attacks can be routed away from smaller bandwidth customer access links,
  4. The network represents a huge processing infrastructure that can be used to help provide the security services needed.

Q:Is this happening? What successes are you aware of?

Absolutely, network service providers are increasing these security services. The effectiveness and supplemental security services offerings provided by an ISP are an important differentiator in a highly competitive market. The most advanced security services are generally introduced in the business enterprise markets as supplemental services. They are implemented as supplemental services to help maintain competitive pricing for basic network services and to establish a concise agreement with customers with respect to how the customer’s traffic should be treated. Among network-based security service offerings that are available through leading providers include:

  • Direct Denial of Service Defence, which can detect and filter flooding attacks in the network, where significant amounts of bandwidth are available to steer attacks way from target victims.
  • Network-based Firewall services, which provide filtering of network packet activity before reaching customer boundaries based on ports, protocols, IP addresses, and even web URLs.
  • Email scanning services, which screen email content for malware attachments, malicious Internet links, and spam.
  • Various network flow analysis services can analyze Internet and private enterprise network activity for security threats without customers having to deploy services on their premise.
  • Security analysis and operations services provide 24/7 network security monitoring, analytical support, and incident response capabilities. This service brings to customers the advantages their network providers’ security expertise and merges it with their network operations disciplines.

Many network users are unaware of their need for security protections. This category of customer is the most difficult to help. A large majority of these customers (100s of millions) are consumers or in the small business category where there is no formally trained IT staff. This suggests the services must be very low cost and must scale very efficiently. There is progress here as well. Message Labs reports 81% of email is spam. There is likely a larger proportion of spam targeting consumer email addresses. Yet consumers of most mainstream ISPs receive a minuscule fraction of that spam due to free and automatic anti-virus and anti-spam mail screening in the network. ISPs generally provide the opportunity to opt-out from this service, but I don’t know why anyone would want to. Other service options that should be provided in the network are continually being investigated, and, in the meantime major providers offer anti-virus and web screening tools that customers can use for free.

With all this progress, there is more to be done. For example, Microsoft has a particular role as a software provider on most computers that are most subject to security problems. In my opinion, one of most significant developments in recent years has been implementation of auto-update features in operating systems and applications. This capability significantly reduces the window of opportunity between the time a vulnerability is discovered and the time when the vulnerability can be readily exploited. Newer versions of Microsoft’s operating systems highly encourage auto-update for the operating system and their provided applications. Other operating system providers have followed suite. However, many applications are responsible for introducing vulnerabilities that still do not incorporate effective update capabilities. Many users remain resistant to using auto-update, which places them at greater risk.

As long as there is motive (financial gain), malicious activities will continue. As vulnerabilities in computers are closed, the trend has moved more to using legitimate tools to deceive users.

One of the early forms of this was the “pop-up spam.” It used a little known messaging service to create a pop-up window on a user’s screen stating that your machine was infected and needed to be cleaned. The pop-up window provided a link to a site that would purportedly help. Those following the link were subject to malware or questionable anti-virus tools. The pop-up would occur not once, but perhaps 10 or 15 times. You would then be subject to saying: “Well maybe I really need to do this ...” and you would become a victim! These deception attacks, unbeknownst to you at your desk, are being done 100s of millions of times rather than dozens of times.

One of the recent and more devious botnets propagating now is called Koobface. Koobface impersonates legitimate users on social networking applications like Facebook. It shares malicious links with that user’s friends. The tendency of course is for friends to trust links provided by other friends, and consequently, the user can become easily infected. Once infected, your computer becomes part of a botnet which can be used for other malicious acts, and your user account is used to continue propagation the infection.

These types of attacks have been very successful for the botnet operators. Pervasiveness of this attack is incredibly widespread and diversified, making them ­difficult to stop. There is a deliberate diversification in the way botnets structure themselves in a variety of ways, which make it difficult for any one organization to mitigate the threat. As you see, the analysis suggests this botnet is dominant throughout North America including Canada. We suspect this is due partly to the use of the English language, but the apparent distribution could also be influenced by attributes of our analysis methods.

Another series of botnets called Zeus uses deceptive techniques to infect users’ computers. Once a machine is infected, it will then start transferring funds invisible to the operator whenever any banking or commercial transaction is undertaken by him or her henceforth. They are not out to steal passwords necessarily, though they could, they are using the authentication that you have already performed and are able to bypass the security at your bank for as long as you are logged in.

Threats like this diminish the value of the services, and consequently application operators inherit new challenges to help identify malicious use and control them. As in any arms race, the counter-measures tend to lag a little behind the attacks.

 This is an arms race. Botnet operators and other malicious actors attempt to counteract or steer around each countermeasure that is put in place. As said, as long as there is motive and means, the malicious activities will continue. Much greater deterrence is needed against use of computers and networks in malicious acts. My recommendation is that we need a more formalized cooperative effort. Industry has some ad-hoc groups that exchange threat information and cooperatively counteract threats. And there are some relatively small scale cooperatives with Government to share very high-level threat information. But the activities are far from robust and participation is very spotty. And as we have seen from the Koobface botnet example, this is not only a network service provider challenge; it includes challenges in software quality, and web application abuses, and general user vigilance. There needs to be stronger backing in the public domain to really support a strong cooperative. We must really strengthen the criminal pursuit of these cases.

Q:How do you see working with law enforcement organizations?

Dozens of the botnets being tracked are capable of taking down a medium or large sized business through flooding attacks, and a few of these could take down a major infrastructure system just through brute force of volume -- not with anything clever per se. I postulate that criminals will gravitate to sources of money, state sponsored threats will tend to target critical assets, and terrorist threats will prefer to target high-visibility assets. However, criminal botnets can be (and are) paid to perform any of these objectives.

Underlying all of this, botnets that perform criminal, state sponsored, or terrorist acts are invariably created by committing massive numbers of computer penetration crimes such as network exploitation and installing deceptive Trojans. Only very, very rarely are these individual penetration crimes reported; we have become numb to the notion of computer penetrations being considered serious crimes, but they are. And among the very few that are reported, there is little to no means to effectively correlate the huge numbers of individual crimes with any sort of coordinated effort such as creating a botnet. And the botnets themselves are intentionally designed to remain stealthy to the individuals that are infected.

Consequently, law enforcement organizations cannot do anything about something of which they are unaware. Effective ways are needed to make them aware of the many crimes that are committed to create a botnet. There needs to be a significant effort to help automate the criminal investigation methods. This effort obviously requires a strong emphasis on protecting privacy while motivating private-sector service providers to produce innovations and competitive service improvements for users.

Botnets do not respect regional or national boundaries. In fact, as the Koobface example shows, they deliberately will diversify across jurisdictional these boundaries to help thwart investigation. I believe that it is imperative that all jurisdictions pursue aggressive criminal investigation and that we work together globally to establish appropriate information exchange as well as national and international cooperative on malicious botnet intelligence. Together, we need to investigate the technical and monetary trails and diminish the motivation for operating botnets.

Finally both the private and public sectors should be encouraged to purchase network services from network, software, and application service providers that are part of the solution.

Q:This brings up the issue of secure operating systems for large infrastructure and the vulner­ability of open source SCADA control systems. What are your thoughts?

There are certainly ways of making the SCADA protocol more secure, but we also need to recognize there is really no such thing as an absolutely secure protocol. And while it may be a noble goal, we should not presume the control systems themselves can be autonomously secure. A protocol can enhance security, but it still needs security around it. While we have come to expect any general purpose computer to require supplemental security controls such as enclosing it within a private network, providing supplemental network-layer encryption, and scanning for malicious behaviour, we can expect to do the same for SCADA. No matter how well you encrypt or authenticate, an attacker can overwhelm the control system and, consequently, you lose control of those systems. A framework needs to be followed that considers the threats, and considers a systemic approach to minimizing vulnerabilities. All of the network-based security services that encompass policy enforcement, private network services, attack mitigation, security monitoring, and incident response are applicable to SCADA control systems to help create an inherently secure system.

Q:In January 2008, as part of National Security Presidential Directive 54 and Homeland Security Presidential Directive 23, the Com­prehensive National Cyber­security Initiative (CNCI) was adopted in the U.S. as a national policy. The annual threat assessment again stated that:

“We are witnessing an unprecedented unity of effort across a broad coalition of government agencies, members of Congress, and leaders of industry. To succeed, however, the CNCI must remain a long-term national priority. With ­sustained momentum and continued national resolve we can and will build an enduring security framework capable of protecting our vital national security, economic, and public health interests.

This of course fits well with what you were saying earlier. Do you know if other NATO countries are doing something similar? Are you aware if we are doing something similar or at least compatible? Does this possibly imply some potentially coordinated offensive cooperation?

I am aware Canada is pursuing very similar objectives, but I really cannot address specifics. Nor can I speak in detail of the US CNCI strategy as many aspects are still evolving. However, there is one initiative making good progress. It is the Managed Trusted Internet Protocol Service (MTIPS). This service contract precipitated from as a mandate from the Office of Management & Budget (OMB) in the US. The OMB mandate requires US Government agencies to meet some basic security requirements for connectivity to the Internet. The mandate also requires consolidating the number of US government connections to Internet from tens of thousands to around 200. MTIPS is a service contract facilitated by the US Government Services Administration (GSA) where agencies can purchase Internet access while easily satisfying this mandate. The service includes network-based security protections including network-based firewall, intrusion detection, web filtering, incident response, forensics analysis support, and highly reliable access. There are arrangements included to facilitate coordination with US-CERT (United States Computer Emergency Response Team) on incidents. This allows US-CERT to alert the MTIPS service with threat information or allows the MTIPS provider to alert US-CERT of any recognized incidents or threats to US Government agencies. MTIPS is basically an enhancement to our commercial network-based gateway service to satisfy the Government’s needs. Some agencies are building a trusted internet gate way themselves for specific reasons. The question is: “Should MTIPS or derivative be made available to private industry companies that provide critical infrastructure services?” This could foster significant progress toward important cooperative industry-government security measures in keeping with CNCI.

Q:Are U.S. financial institutions still the “most secure,” in light of what transpired with the recent bank defaults?

I believe that this is still so. I do not think that oversight is going to be the ultimate panacea to financial institution security as espoused by some. In fact, we should not expect oversight to be effective at improving security significantly in any industry sector. What the financial industry has to their benefit is that they can quantitatively measure losses. Because of this they are more prone to invest a visibly reasonable sum for their cyber security to control these losses. For many other industries it is far more difficult to make a quantitative evaluation of risk and decision on investment unless there is a catastrophic failure like the 2003 Eastern Seaboard Power failure. That, of course, led to greater attention to the security of at least the power grids. Unfortunately, I do believe that it will still take more publicly apparent events in the other industries to yet raise attention to the level referred to in the Intelligence Assessment. Some of the defence contractors, however, are recognizing the need for improved security for obvious reasons and we are working with several. They are seeking to get a more secure network controls, though they are not yet entitled to the MTIPS program itself. I think the public sector can help by providing incentives to improve security across industry by helping to highlight the value of good security and helping to provide positive incentives to implement good security measures.

Information sharing between Government and industry must be improved for this to be accessible. Government entities responsible for criminal investigation need to be aware of crimes that are perpetrated. As well, there is the mutual need to maintain the private nature of the private sector and the public nature of the government. There is much sharing and trust ongoing but the challenge is to establish the infrastructure to optimize and not compromise this security and trust. This ultimately becomes an international challenge as well since we do need to share information with each other, as the recent financial situation attests so vividly. It seems that if we can team internationally to make a space station, we should be able to team up to share cyber-security threat information.

Q:How does cyber spying among allies and adversaries affect security, trust and information sharing?

We must ultimately operate within our realms of authority. We are aware of these types of threats and they present quite a challenge. Certainly there are more kinds of things than we can discover and there is a lot of what I would call “noise” that helps to cover up things that would be lower and slower and well hidden. Ultimately it consumes resources to pursue these, and, if you have just enough resources to deal with your day to day threats, it is very difficult to go looking for these more subtle long term threats, let alone doing something about them. As suggested earlier, if we can do a better job thwarting the criminal activities, it will raise the signal to noise ratio, and the more sinister activities will become exposed to detection. And ultimately, there will be better opportunities to mitigate the threats before they are able to induce any significant damage.

Q:What can service providers do to help increase protection?
Network-based security services provide an opportunity for network service providers to offer more than competitive pricing as selection criteria for customers. As an important part of critical national security infrastructure, it is only natural to consider network service providers as a trusted resource to help protect other assets. A strong public-private partnership is the best path to mitigating the globally diverse botnet threats. Attack techniques, tools, and botnets used by terrorist and state sponsored attackers are the same as the criminal element. A solid criminal investigation structure including automation will increase threat awareness, deter less committed perpetrators, and will help isolate more sinister threats. Incentives for an international public-industry cooperative for real-time information and response will help to thwart globally diverse botnet threats before they can conduct other malicious acts. And we hope that owners and operators of other critical infrastructure will do their part to employ well prepared service providers to help protect their services. That is our challenge and our destiny in cybersecurity.  

Clive Addy is the Executive Editor of FrontLine Security magazine.
Brian Rexrod is Principal Network Security Architect at AT&T Chief Security Office.
© FrontLine Security 2010



Proceeds of Crime
A Look at the Legal Landscape
© 2010 FrontLine Security (Vol 5, No 2)

“Financial and material gains from criminal activity should not be enjoyed by criminals. ­Not even after they have served prison terms.”

This is the foundational premise of ‘proceeds of crime’ laws in Canada, the United States, and the UK. In general, any proceed or material benefit derived from most criminal offences listed in the Criminal Code of Canada can be deemed a ‘proceed of crime’ and be subject to forfeiture or seizure by the Courts. ­’Proceeds of crime’ laws have been devised in many Western democracies to provide a legal mechanism through which the government, on behalf of the citizenry, can recoup or ‘seize’ material proceeds acquired through criminal activity, and return them to the state and society as a whole (from whom, it is argued, they were stolen in the first place).

Money Laundering is the most common method used by criminal groups and individuals to ‘hide’ illicit proceeds. Following 9/11, the specter of international terrorism brought these laws into sharp focus. The potential for organized criminal groups and regimes (such as the Taliban in Afghanistan whose opium trade financed their rule ) to fund international terrorist attacks linked ‘proceeds of crime’ and ‘money laundering’ with terrorism. Combating international terrorism and money laundering has thus evolved into an international - perhaps global - enforcement and regulatory enterprise.

Most modern ‘proceeds of crime’ laws emerged in the late 1980s and early 1990s. Originally they focused on seizing the profits acquired by ‘Mafia’ type organized crime groups, such as drug cartels and criminal biker gangs like the Hell’s Angels. The theory was to attack directly the primary motivation for organized criminal activity – i.e. profit. Seizing large amounts of criminal proceeds, the theory went, disrupted criminal groups and caused them ultimately to dismantle. Experience with organized crime had taught law enforcement, intelligence agencies, and the Courts that such large, well organized groups depended upon large and regular income streams to make the risk of crime worthwhile, and to ensure the longevity of the organization (using profits for bribery, paying collaboratives such as lawyers, and for ensuring the ‘trust’ and ‘loyalty’ of their members).

The Four Uses of ‘Proceeds of Crime’ Laws
‘Proceeds of Crime’ Laws now tend to have four main uses. In legal terms they are used by governments to seize funds obtained through criminal activity, though in practice this has happened in a small number of cases since the onus has been on prosecutors to prove the illicit source of funds ‘beyond a reasonable doubt. They are also used for prosecuting ‘money laundering’, which is itself a crime. In practice, ‘proceeds of crime’ laws can also be used to help police and security agencies uncover criminal groups themselves (through forensic financial investigation of ‘suspicious transactions’, for instance), and any other crimes in which they may be engaging. Finally, and more recently, such laws also serve to regulate the financial sector by ensuring that private institutions such as banks are complying with the legal directives that require them to flag and report ‘suspicious’ transactions to police and security agencies. If a financial institution fails to follow these guidelines, they can and have been fined by Canadian and/or international regulators. This aspect of ‘proceeds of crime’ laws has become particularly important since the terrorist attacks of September 11th, 2001, which shed light on the potentially devastating consequences of financial transfers to terrorist-oriented individuals and groups (both domestically and internationally).

The Laws in Canada
‘Proceeds of Crime’ provisions have been part of the Criminal Code of Canada since 1989 (Part XII.2). These sections allow for the seizure, restraint, and forfeiture of proceeds of crime. They also made ‘money laundering’ a punishable crime in itself, which refers to the handling the proceeds of crime in such a way so to mask or hide their criminal source. While originally developed as a measure to target and dismantle ‘organized crime’ (as defined in the Criminal Code), the proceeds of crime provisions were broadened by amendment in 2002 so that application for forfeiture of proceeds could be made for almost any ‘indictable’ offense under federal legislation, with only a few exemptions. After a conviction for an indictable offence, the Crown could therefore apply to the Court for forfeiture of the proceeds of the specific crime for which the individual or group was convicted. In order to obtain an ‘Order of Forfeiture’ however, the Crown had to prove that: (1) the property is the ‘proceeds of crime’; and (2) that the property is connected to the crime for which the individual or group has been convicted.

If no connection can be made by the Crown, the Court has to decide whether the proceeds were the result of the crime ‘beyond a reasonable doubt.’ As a result, forfeitures after application by the Crown are rarely successful. Most commonly, the Crown had to rely on the Court’s determination of proof ‘beyond a reasonable doubt’ that the property was the proceeds of crime. The most significant and consistent problem with this legal scheme was that even after conviction of an indictable offence under federal legislation, forfeiture of the proceeds of that crime was rare.

The Anti-terrorism Act (2001) and Fintrac
In 2001, following the terrorist attacks of September 11th, Part 4 of Canada’s Anti-Terrorism Act created the new Proceeds of Crime (Money Laundering) and Terrorist Financing Act. This Act linked the previous sections of the Criminal Code relating to ‘proceeds of crime’ and ‘money laundering’ with ‘terrorist financing’ by making any financing of any terrorist group (as defined by the Criminal Code) an offence under federal legislation. This Act also created FINTRAC – the Financial Transactions and Reports Analysis Centre of Canada –responsible for collecting, analyzing, assessing and disclosing financial information to assist in the detection and prevention of money laundering and terrorist financing. FINTRAC, based on similar ‘financial ­intelligence agencies’ in the United States and Europe, was thereby made responsible for implementing specific programs and measures to investigate and prosecute money laundering and terrorist financing. They did this in part by creating ‘client identification’ and ‘record keeping’ regulations for financial services providers (such as banks) and any other entities or persons that could be used for money laundering or financing terrorism.

The emergence of FINTRAC also served to consolidate what had been rather dispersed and relatively autonomous financial intelligence and policing units into a federally authorized, national financial intelligence agency. It did not take long for FINTRAC to prove its worth. In early 2002, shortly after its creation, FINTRAC passed on to the RCMP’s ‘Proceeds of Crime Unit’ a series of ‘suspicious transaction reports’ on a resident of Vancouver, British Columbia. Dat Dac Tien (Frank) Tran had been handling cash transactions of more than $50 million annually. Tran was the mastermind behind a massive drug-money laundering operation for Latino and Asian gangs, who imported cocaine and exported B.C. marijuana. Tran laundered over $201 million over a 3 year period for these groups, Canada’s largest money laundering case to date.

The Proceeds of crime (Money Laundering) and Terrorist Financing Act (2006)
In 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the PCMLTF Act) was further amended to reverse the onus on the Crown in the existing ‘proceeds of crime’ sections of the Criminal Code. In other words, once an offender has been convicted of a ‘criminal organization’ offence under the Criminal Code or under certain offences under the Controlled Drug and Substances Act (specifically Sections 5, 6, and 7 which relate to ‘Trafficking’, ‘Importing/Exporting’, and the ‘Production’ of drugs), the Court is now directed to Order the forfeiture of ‘proceeds’ identified by the Crown, unless the offender can prove that the property is not the proceeds of crime. This now placed the burden of proof on the convicted offender. The importance of this seemingly subtle change was clearly demonstrated at the 2006 sentencing of Frank Tran: rather than the Crown having to file an application for forfeiture of the proceeds from Tran’s massive money laundering scheme, Chief Justice Patrick Dohm of the B.C. Supreme Court was able to Order $3 million of Tran’s assets immediately forfeited to the Crown. He also ordered Tran to pay a fine of $423,462.96, and sentenced him to a 10-year prison term - the maximum penalty for money laundering under the Criminal Code.

Other amendments to the PCMLTF Act in 2006 enhanced information sharing between FINTRAC, law enforcement bodies, and other national security agencies. They also provided for a new ‘registration’ regime for money service businesses in Canada, and enhanced ‘client identification’ measures across the financial sector. The amendments also created an administrative and financial penalties scheme for enforcing compliance with the Act, and allowed FINTRAC to seek criminal penalties for extensive and repetitive non-compliance (repeated failure can lead to a $2 million fine and/or up to 5 years in prison). FINTRAC releases ‘sanitized’ annual Reports of some of the cases and trends they have identified from the previous year. In May of 2009 they disclosed 210 total cases of which 171 were associated with money laundering, 10 with money laundering and terrorist financing, and 29 involved terrorist financing and threats to national security. Of these cases, ‘fraud’ and ‘drug trafficking’ were the most common, with investment/securities, telemarketing fraud, marijuana production and cocaine trafficking being the most prevalent.

The International System
The past decade of potentially devastating consequences of terrorist attacks has brought anti- and counter-terrorism to the front of the policing and security community’s agenda. The post-9/11 Anti-Terrorism Act in Canada brought together ‘proceeds of crime’ and ‘money laundering’ provisions with ‘terrorist financing’ laws, acknowledging the potential link between organized criminal groups, their illicit finances, and terrorist attacks. Identifying the increasingly international character of terrorism and organized crime, the Act also affirmed Canada’s commitment to participating in the global fight against ‘transnational crime’ and to sharing information with international security agencies from allied countries. A notable example of information sharing among allied nations was the 2007 indictment of 39 individuals in Baltimore for running an international money laundering scheme. In this case the individuals operated an informal money transfer system (called a ‘hawala’ in Pakistan and the Middle East) between Spain, Canada, Belgium, and the United States.

The Financial Action task Force (FATF)
In 2006, the Government of Canada announced Toronto as the site of the permanent Headquarters of the Egmont Group, a collection of 101 of the world’s financial intelligence agencies, including FINTRAC. That same year, Canada also became the President Country of the FATF, the Financial Action Task Force, an international body of 34 Member Countries which develops and promotes national and international policies to combat money laundering and terrorist financing. The FATF came into existence in 1989 at the G-7 Summit in Paris out of concerns over the increasingly international scope of money laundering schemes. Their original function was to monitor and ensure member countries’ implementation of 40 Universal Recommendations they devised for dealing with money laundering.

After 9/11, the development of universal standards for combating terrorist financing was added to the FATF’s Mission. Since then, the agency has outlined 9 Special Recommendations for fighting terrorist financing, and has been overseeing implementation everywhere. The intent of this international collaborative strategy is two-fold: (1) to create a universal and seamless international system for combating terrorist financing and money laundering; and (2) to establish and implement universal regulation of the financial services sector and any other private sector institutions or businesses which might be used in either money laundering or terrorist finance. The last objective is based on the clear recognition that addressing money laundering and terrorist financing necessarily requires the cooperation of the private financial sector, those responsible for the majority of money changing in free-market societies.

Money Laundering & Terrorist Financing: Emerging Challenges
Though still imperfect, the international system for regulating financial crimes has constricted the flow of terrorist financing and international money laundering. Yet, just as the vacuum created by the dismantling of the major Columbian drug cartels led to an explosion and proliferation of arguably more violent Mexican street gangs, the national and international pressure on terrorist financing, organized crime, and money laundering has had some similar unintended consequences. Domestic and international terrorist groups can no longer be funded so easily by organized criminal regimes such as the Taliban and al Qaeda, and have been pressed to engage in ‘low-level’ crime and fraud to fund their terrorist actions. Increased criminal activity of terrorist individuals and groups is certainly an unforeseen and unintended consequence of restricting global terrorist financing which all policing agencies must now address.

Informal Money Transfer Systems
Likewise, informal money transfer schemes are constantly being invented, for the precise purpose of bypassing ‘official’ financial institutions thereby avoiding detection by FINTRAC and related agencies. On top of the so-called ‘hawala’ system for informal money transfers between individuals (through a handshake, a piece of paper or on trust alone), in 2009 FINTRAC also identified 2 other emerging illicit money systems: (1) the use of prepaid phone cards; and (2) digital precious metals. Prepaid cards provide access to funds that are put on the card in advance or in another location, by the cardholder or a third party. The cards – like cash - are portable, valuable, exchangeable and largely anonymous. They are not yet subject to cross-border reporting since they are not considered ‘monetary instruments’, which makes it much easier to transfer wealth from one jurisdiction to another. The origin of the money on the cards is also extremely difficult to trace, and hence no way to ascertain whether or not the money is from a legitimate source. They can therefore be anonymously loaded with funds, and moved across the country and the world.

As the internet takes a more central role in banking worldwide, a variety of new internet payment systems (IPS) are continuously being developed. One of these is based on what are called ‘digital precious metals’ (DPMs). Digital precious metals operators (DPMOs) are IPS service providers that use ‘digital currencies’ (purportedly backed by real precious metals) for online e-commerce, bill payments, person-to-¬person payments and other typical transactions. These systems allow a higher degree of anonymity than other IPS systems which are often monitored by banks, and, as a result, offer greater disguising of the origin and destination of the funds.

‘Lone Wolf’ and ‘Home Grown’ Terrorism
The increasingly high level of risk associated with organizing a large terrorist or organized crime group seems to have led to criminals and terrorists operating on their own, or in small groups of 2 or 3. In general, the more members an illicit group has, the higher it risks being detected or penetrated by law enforcement and intelligence operatives. What is referred to as ‘lone wolf’ terrorism seems to be increasing, though how directly this is linked to pressure on organized groups is unclear. The Times Square car bomber from last May, the ‘shoe bomber’ (Richard Reid), and the ‘underwear bomber’ (Farouk Abdul Mutallab), all appear to have planned, organized, and perpetrated their attacks largely on their own. While security agencies were able to link some of these individuals with international terrorist organizations (such as the Pakistani Taliban) after the fact, the connection was largely through loose internet affiliation and chat room discussions. Al-Quaeda spokesman Adam Yahiye Gadahn praised such individuals as ‘pioneers, trailblazers and role models who have opened a door, lit a path and shown the way forward for every Muslim who finds himself among the unbelievers’.

Efforts to constrict the international flow of illicit monies to terrorist groups may also be of little help with what is called ‘Home Grown Terrorism’. In such cases, residents of western democratic countries are ‘radicalized’ before finally deciding to plot and carry out an attack on their own country. Having regular revenue from work and family, such individuals are able to ‘hide in the open’, and need not rely on illicit financing, crime, or any other ‘detectable’ income source. It also costs very little to plan and carry out a devastating terrorist attack. Reports of the Times Square car bomb suggest it could have killed dozens of people and caused millions in damage – and the bomb cost less than $5,000 to construct.

Non-cooperative Countries and territories (NCCT)
The bane of the international effort to regulate and police money laundering and terrorist financing is what are referred to as ‘non-cooperative countries and territories’. While the Financial Action Task Force is composed of 34 member countries, there are many more states and territories – particularly in the Middle East and Asia – who are not party to any universal regulatory regimes. Unsurprisingly, money laundering indeed seems to prevail wherever there are corrupt, negligent, or unaccountable governments, and particularly so in ‘weak’ or ‘failed’ states. Policing money laundering and terrorist financing at an international level must first in identify non-cooperative countries, and then convince them that it is in their interests to join the fight. There can be many benefits to operating state-level money laundering schemes, and, indeed, to financing terrorist attacks in ‘enemy’ democratic countries. ‘False friends’ in the international system are those who are official signatories to international regulatory regimes, but abstain from effectively policing money laundering and terrorist financing in their own states. Countries with favorable tax regimes tend to attract ‘dirty money’, and many financial institutions in these states pay only lip service to the law, being subject to little government oversight or pressure. Illicit capital accumulation can be well entrenched, and the profits that can be accumulated from financial crimes can be deeply rooted in national economies themselves. International regulatory and policing initiatives will need to come to grips with these persistent problems, and the risks they will continue to pose to the balance of the international community.

Steven Hutchinson teaches Criminology at the University of Ottawa.
© FrontLine Security 2010



Small Companies: Big Security Challenge
© 2010 FrontLine Security (Vol 5, No 3)

When considering protection of key infrastructure, big companies come easily to mind. The energy grid, telecommunications networks, and the big banks are all a part of Canada’s Critical Infrastructure ­Protection (CIP) strategy. The fact is, however, that smaller companies can contribute enormously to the ­necessary resiliency of this very same CIP strategy.

The business base of Small and Medium Sized Enterprises (SME) needs to be considered part of the mosaic of effective CIP programming across Canada. Consider the numbers. Statistics Canada reports that 97.9% of Canadian businesses have less than 100 employees. This number is larger when we consider family and sole proprietor businesses and the construction industry. The total number of these businesses in Canada is over 2 million and, according to the Organization for Economic Cooperation and Development (OECD), they generate 43% of Canada’s private sector GDP.

The small/medium enterprise is the true lifeblood of many of our cities and towns. Many of these are even vital ­elements of their community’s critical infrastructure. Recent surveys of these ­businesses revealed that few are prepared for long interruptions and have little in the way of resources to do so. Emergency responders must focus on ­critical tasks in an ­emergency. They deal with immediate life and safety issues and cannot be distracted by the long term survivability of these ­businesses.

If these businesses are subjected to catastrophic losses, precipitated by any of the multi-hazard threats facing us all, they may never rebuild or may relocate away from the community. In a recent Angus Reid survey, 41% of the businesses surveyed had previously experienced a significant disruption to their operations: 80% were impacted for five or more days and 46% were affected for more than 30 days. Despite previous experiences with disruptions, only 20% of all businesses agreed that ensuring continuity was a priority, and a further 60% recognized the need but it was further down their priority list.

In May 2009 the Canadian Manufacturers and Exporters surveyed their members. The result was that “87% of the companies participating in the survey indicate that their businesses do not have a continuity plan in place to deal with an emergency situation like a pandemic, while 90% are not sure what steps to take to safe guard their operations, including their supply chain.” This is a significant deficiency in our national resiliency. Overcoming this deficiency is critical if we truly want a disaster resilient Canada.

To shore up these capabilities, SMEs must be given the Emergency Management and Business Continuity tools they need to prepare and mitigate their own risks. These businesses stated that their major hurdles to continuity planning were indeed a lack of money, time, and expertise.

The Canadian Centre for Emergency Preparedness (CCEP) recently launched a web-based program that addresses many of these concerns and helps small businesses prepare for disruptions. The program, entitled B-Ready Now, provides basic tools for customizing plans to the unique concerns of individual businesses.  

This approach was necessary because despite genuine interest from Industry Canada and Public Safety Canada, the mandate of supporting SMEs for emergency preparedness fell between the cracks of their respective programs. It also made sense, since any truly sustainable program for these businesses must first show independence.  

The SME community has been looking for a program that could be adapted to their own needs – provided it is convenient and reasonably priced. Initially trialed through 15 one-day pilot workshops funded by Public Safety Canada, the program will be a fee-based resource with ongoing support tools. Although the workshops were extremely beneficial, it became evident that a new delivery method was needed. Development of the web-based program included reviewing the lessons from the initial seminars and subsequent feedback, and also establishing a small business ­advisory panel.

The B-Ready Now! program is a secure online resource that walks a small business through six steps necessary to develop their own business disruption plan. Users can complete their plan at their own pace at home or at work – supported by webcast tools and templates.

Visitors to the site are given background information as well as some free tools (including an interactive game and an oversight video). They can also complete the first step in their planning – creating their risk profile. This helps determine the need to go further in the planning process. Should the user decide to proceed to the next step, a $250 enrollment kicks in, permitting access to the next five steps. Each step includes a video tutorial and all the tools needed to complete a customized plan. It can be completed by a single person in as ­little as 1 hour with no previous experience in business continuity planning or emergency management.

Despite many past incidents of disasters (ice storm, flooding, wildfire, etc), the vast majority of SMEs remain unprepared for business interruptions. The tardiness is due to lack of motivation, lack of education programs and the perceived complexity of the task. The CCEP product now provides a quick, inexpensive, and easy way to complete a thorough business interruption plan. This, according to the CCEP, is a first and very significant step in building Canadian business resiliency from the grassroots.  

Sean Tracey, P.Eng., MIFireE, is the Canadian Regional Director of the NFPA and Past Chair of the Board of the Canadian Centre for Emergency Preparedness. CCEP annually hosts the World Conference on Disaster Management in Toronto each June.
© FrontLine Security 2010



Embracing Social Media
© 2010 FrontLine Security (Vol 5, No 1)

After the earthquake struck Haiti, my colleague, Andrew Fielden, and I worked with our partners at Igloo Software to put a wisdom-sharing community online. We called it The Crisis Kitchen because we believed the best way to share ideas, opinions and pragmatic pearls of wisdom is in a warm and inviting kitchen – real or metaphysical. Thus, I’ve spent the past couple of weeks working as a sous-chef in The Crisis Kitchen.

My work here has been at turns heartbreaking, gratifying and extremely frustrating. We tried to connect-the-dots at the 50,000-foot level in order to get help to the most organizations and agencies which could, in turn, get help to the most people on the ground. We see numerous messages like the following: “We are in desperate need of getting diesel for our generators and vehicle.” “10-15 people in need of critical medical attention...” “next to what remains of our house...”

Guy Corriveau, my personal candidate for Lead Chef and one of the top emergency managers in Canada, said it best, “The Crisis Kitchen has state of the art appliances, all the necessary tools, and a fully-stocked pantry. It’s definitely a place where ‘chefs’ from Canada, the US, and other nations can converge to build whatever recipes they may have in mind.”

As director of the National Emergency Management Resource Center (NEMRC), I used a similar model that incorporated network quilting to receive/ triage/transmit information during Hurricanes Gustav and Ike, and in the immediate aftermath of the terror attacks in Mumbai, India. The idea was to provide capability to request resources and respond to those requests in a streamlined fashion – while flowing a multi-channel stream of meaningful information to members of the emergency management community.

Some emergency managers have been slow to embrace social media as part of a new reality. It is as if they are migrating between stages in a grieving cycle linked to the proliferation of social media. It’s true that we are confronted with the reality that our position in society is, indeed, in flux. Organizational change is usually measured in multiples of years. How do we create an integration/engagement strategy for a phenomenon evolving at an exponential pace?

One of the key elements to successfully integrating social media technology into emergency operations is, quite simply, trust. How does one build that trust? Credible information is key.

By tapping social media and by leveraging the wisdom of crowds, there comes the potential for a spectacular mix of views, opinions and factors from which we can draw down on our own intelligent situational awareness. One of the most striking advantages that comes with social media is the ability to interact with the crowds – to provide guidance on what kind of nuggets [credibility] you need to be fishing for at that moment in time – or more importantly, for the next several moments in time.

Retired Canadian Forces Colonel Richard Moreau teaches a serious ‘leadership in ­crisis’ program that emphasizes the need for intelligent awareness. According to Moreau, if you don’t provide guidance on what you’re looking for, don’t be surprised when your intel crews come back excitedly proclaiming, “We’ve got cod! We’ve got cod!”

At some point, you have to explain that you were looking for swordfish.

I understand the hesitancy I hear from colleagues trying to get their heads around the concept of integrating social media into their emergency operations. Social media is a networking enabler not unlike what they’ve been doing for years in backyard gatherings and after-meeting networking sessions. With a bit of creativity and imagination, social media technology can be used to strengthen cross-disciplinary relationships, accelerate response, provide decision support and harness mission-critical resources when they are most needed.

Hal Newman is the Executive Director of NEMRC (the National Emergency Manage­ment Resource Center) www.nemrc.net He is also a Managing Partner at TEMS. Visit: www.tems.ca
© FrontLine Security 2010



Biometric Passports
How Secure Are They?
© 2010 FrontLine Security (Vol 5, No 2)

At 6:41 p.m. local time on 19 January 2010, a woman arrived at the luxury Al Bustan Rotana hotel in Dubai, accompanied by a large man in a Panama hat. Unbeknownst to hotel staff or authorities in the popular emirate, the couple were part of a clandestine group sent to Dubai to track and kill Mahmoud al-Mabhouh, a senior Hamas commander.

New microchipped passports designed to be foolproof afainst identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.

The Israeli government had long suspected the Palestinian of being involved in the kidnapping and murder of two Israeli soldiers in 1989 and also arms purchases from Iran for use in Gaza, where he was born 49 years ago.

The video shows al-Mabhouh returning to the hotel at 8:24 p.m., exiting the elevator and turning the corner to proceed to his room (number 230). Three minutes later, ‘Kevin’ and ‘Gail’ took up their position to monitor the empty hall as a four-man assassination team killed al-Mabhouh in his room by injecting him with succinylcholine, a fast-acting ­muscle relaxant, and smothering him. At 8:46 p.m., the ‘hit’ team was recorded by the ceiling video camera entering the elevator. They subsequently depart the hotel and Dubai via flights to various countries. Dubai police believe they are in Israel.

Forged passports and a global manhunt
One month after the killing, INTERPOL issued Red Notices – notifications to national governments – requesting the arrest and extradition of “11 internationally-wanted individuals who have been charged by UAE/Dubai authorities with coordinating and committing the murder of Mahmoud al-Mabhouh.” Several more suspects, including 10 that used passports with the names of people with dual Israeli citizenship, were later added to the list.

“Based on close co-operation among our member countries and on information provided by innocent citizens, it is becoming clear that those who carefully planned and carried out the murder of Mahmoud al-Mabhouh most likely used forged passports of innocent citizens whose identities were stolen,” said INTERPOL Secretary General Ronald Noble after the assassination.

In March, Magnus Svenningson, CEO of Speed Identity, a Swedish company that provides a biometric data capture platform to the Swedish, Luxembourg and Lithuanian governments, said in an interview with EUobserver Magazine, ‘The EU passport is a very, very secure document. EU countries have invested a lot in the document. It’s extremely expensive and difficult to forge, although not impossible.’

Police learned during their investigation that the surveillance and assassination effort in Dubai involved several people. Twenty-seven of the suspects are known to have entered the United Arab Emirates using fake passports from the following countries: Britain (12), Ireland (6), France (4), Germany (1), and Australia (4).

On March 23, British Foreign Secretary David Miliband told the House of Commons that there were “compelling reasons” to believe that Israel was behind the passport forgeries. “SOCA [the U.K. government’s Serious Organized Crime Agency] were drawn to the conclusion that the passports used were copied from genuine British passports when handed over to ­individuals linked to Israel, either in Israel or other countries; they found no link to any other country,” he said. “Given that this was a very sophisticated operation, in which high quality forgeries were made, the government judges that it was highly likely that the forgeries were made by a state intelligence service.”

The following month, the Australian Broadcasting Corporation interviewed ­Victor Ostrovsky, a former Mossad case officer, who said that the Israeli spy agency had its own ‘passport factory.’ “They create various types of papers, every kind of ink. It’s a very, very expensive research department,” he said.

‘Fakeproof’ e-passports cloned in minutes
An ePassport, also known as a biometric passport, looks like a traditional passport book, however, it contains an electronic chip that is encoded with the same information found on page 2 of the passport (surname, given name, date of birth, place of birth and gender). It also includes a digital picture of the bearer’s face. The addition of the electronic chip to the Canadian passport is aimed at increasing security by providing greater protection against tampering and reducing the risk of fraud.

However, the biometrics may not be as tamper-proof as they should be. In the summer of 2008, a reporter with The Times in the U.K. teamed up with a computer researcher to investigate how easy or difficult it would be to steal personal data from an e-/biometric passport and forge a copy.
His August 6 report said:

“New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports. Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organized crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged.”

Jeroen van Beek, a security researcher at the University of Amsterdam, cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber, Hiba Darghmeh. The altered chips were then passed as genuine by passport reader software used by the United Nations agency that sets ­standards for passports.

The Times report continued: “The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international data-base. But only 10 of the 45 ­countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but [did] not use the directory [until 2009]. Even then, the ­system will be fully secure only if every e-passport country has joined.’

According to the Chairperson of the International Civil Aviation Organization PKD Board, Dr. Eckart Brauer, only 16 nations – Canada, the U.S. and U.K., France, China, Switzerland, Germany, India, Japan, Kazakhstan, Australia, New Zealand, Singapore, Nigeria, South Korea and Ukraine – are PKD-registered. “However, I know that other States and non-State entities are in a preparation phase so that I expect more PKD participants in the short and medium term,” he said in a June 2010 e-mail. In addition to the 45 countries that will reportedly be part of the PKD, at least 95 other nations issue passports.

Reporter Steve Boggan of The Times wrote: “Some of the 45 countries, including Britain, swap codes manually, but criminals could use fake e-passports from countries that do not share key codes, which would then go undetected at passport control. The tests suggest that if the microchips are vulnerable to cloning, then bogus biometrics could be inserted in fake or blank passports.” E-/biometric passports contain a tiny radio chip and antenna attached to the inside back page. An electronic reader transmits an encrypted signal and the chip responds by sending back the holder’s ID and biometric details.

Boggan explained how the e-/biometric passport forgery was accomplished: “Using his own software, a publicly available programming code, a £40 card reader, and two £10 RFID [radio frequency identification] chips, Mr van Beek took less than an hour to clone and manipulate two passport chips to a level at which they were ready to be planted inside fake or stolen paper passports.”

Britain dumps biometric ID programs
The Times report said, “the tests also raise serious questions about the Government’s £4 billion identity card scheme, which relies on the same biometric technology [as the passports]. ID cards are expected to contain similar microchips that will store up to 50 pieces of personal and biometric information about their holders.”

Five days after the May 2010 election in Britain and the formation of a coalition government, the Conservatives and Liberal Democrats released a written agreement on various issues such as implementing a ­programme of measures to reverse the ­erosion of privacy and roll back state intrusion. The measures will scrap the ID card scheme, the National Identity Register, the next generation of biometric passports, and the Contact Point Database.

Canada presses ahead
“Biometric passport promise revived,” was the Toronto Star headline on 4 March 2010. “The Conservative government has vowed to press ahead with biometric passports for Canadians, two years after first promising to adopt a more secure electronic travel document by 2011,” the report stated. “According to the government’s throne speech on 3 March, passports encrypted with biological information “will significantly improve security.’’

The new passports are to be valid for 10 years. Critics have complained that this timeframe is too long, for security reasons. NDP public safety critic Joe Comartin says biometric passports are ‘still of questionable value,’ adding that when a parliamentary committee last looked at the technology, biometrics were only 85-90% accurate – “nowhere near what you want,” he states. Additionally, the proposed use of DNA technology in the passports have raised many privacy concerns.

DHS use of biometrics
A Department of Homeland Security (DHS) web page says: “Biometrics collected by US-VISIT and linked to specific biographic information enable a person’s identity to be established, then verified, by the U.S. government.” At present, the program digitally photographs the face and obtains fingerprints of people entering the United States and checks their biometrics “against a watch list of known or suspected terrorists, criminals and immigration violators.”

Fingerprints are compared to those in a DHS database of millions of people “to determine if a person is using an alias and attempting to use fraudulent identification.’ Also, a check is done comparing an individual’s biometrics imbedded on the chip of “the identification document [such as a passport] presented, to ensure that the ­document belongs to the person presenting it and not someone else.”

These measures can assist in preventing identity fraud and stop criminals and immigration violators from crossing the borders. The DHS website claims that “based on biometrics alone, US-VISIT has helped stop thousands of people who were ineligible to enter the United States.”

In Europe, the inclusion of biometric identifiers in passports is binding only for the 25 countries of the Schengen area (the U.K. and Ireland are not part of the area; Cyprus, Bulgaria and Romania have yet to join). ­Biometric specifications are also binding on European Economic Area countries (Norway, Iceland, Liechtenstein and Switzerland).

According to Svenningson, one of the easiest methods to obtain an illegal ­biometric passport is to acquire a duplicate passport – a ‘real’ fake passport – rather than forge one. “The problem is enrollment,” he explains, “and lies with the breeder documents. These are the documents that confirm your citizenship (such as a birth certificate or naturalization papers). These documents, plus the biographic and biometric data, are then unified and stored in a passport tied together, forming a proof of identity.’

According to Speed Identity’s CEO, the party seeking to obtain a fraudulent passport should choose a victim that roughly matches the illegal passport holder’s appearance and then digitally edit – using photo editing software – an image of the person so it appears closer to what the original person looks like. The forgery process is aided by “the transfer of a paper photo to a digital one, which involves a huge loss of quality, resulting in a photo that makes it very easy for others to use,” said Svenningson.

“When all this is done, you apply for renewal of your victim’s passport and file a new application with your tailored picture,” he explained. “Then you wait at his or her mailbox until the new passport arrives by mail and snatch that particular letter.” This illicit method is the most used, according to Svenningson, who added, “there has been a big shift in the last five years from counterfeiting to applying for a real one.”

On 2 January 2009, the Sydney Morning Herald in Australia reported that a South Korean woman duped an advanced fingerprint scanner that was one of several units installed in 30 Japanese airports by using special tape on her fingers. There was already a deportation order against the woman; the newspaper did not say how authorities in Japan eventually found her.

Have hackers already stolen personal data from Canadian government computer systems? Have data buyers already forged e-/biometric passports using stolen Canadian identities?

Given the known loopholes and vulnerabilities, and the fact there is at least one ‘very sophisticated’ passport forgery operation in the world, affirmative answers cannot be discounted. What other more secure alternatives are there and what measures might our government take to improve what we already have? These incidents demand answers.

Blair Watson is a Contributing Editor at FrontLine magazines.
© FrontLine Security 2010



Business Continuity
© 2010 FrontLine Security (Vol 5, No 3)

In July of 2004, the damage done during the ‘Peterborough Flood’ devastated many businesses and organizations in the area. Non profit agencies were the hardest hit. Many were unable to attend to their clients for days. “Business Continuity” immediately became the new buzz word!

“Business Continuity” involves planning for the loss of business operations due to a disaster. After the flood, the Peterborough/Haliburton Canadian Red Cross received a special grant from the United Way Peterborough to prepare and execute a business continuity plan.

Our plan covered three parts. The first was the production of a handbook and obtaining emergency supplies for clients with low literacy levels for the Regional Literacy Network. The second was to ­provide education materials for the deaf, deafened and hard of hearing, to mitigate or even eliminate their communication struggles. Finally, the third part was to help United Way agencies and other non profit organizations with their business continuity plans.

In this phase we attempted to answer the most common questions: Why are my employees not at work? Where are my files? How can I continue to care for my clients? To do so, we prepared a two-day business continuity seminar offered by the Peterborough/Haliburton Red Cross.

Lessons Learned
Steve Armstrong, a Red Cross official who had been a key player to rebuilding another community that was devastated by flooding, was brought in. The seminars provided participating agencies with blueprints for preventing loss and responding to natural or man-made disasters. The blueprints included business continuity plans, protection of facilities and property, protection of vulnerable clients and coping with the effects of a disaster upon agency employees as well as clients and agency property.

The Peterborough/Haliburton Red Cross then published and distributed planning templates free of charge to local agencies. Following these seminars the Peterborough/Haliburton Red Cross also provided assistance to individual agencies that serve vulnerable clients, helping them to adapt the blueprint to their own needs, capacities and communities. Red Cross Disaster ­Man­agement volunteers delivered the ­service to non-profit agencies in the Peterborough, Northumberland and Kawartha Lakes area.

Challenges and Responses
 The challenges with this project centered around the agency’s resources – both human and financial. Many non-profit agencies were very optimistic about the Red Cross helping them with their business continuity plans but found it difficult to devote time to completing the tasks, so many let the template sit on the back burner.

To jump-start the project, the Peterborough/Haliburton Red Cross held business continuity forums in Peterborough and North­­umberland, and a workshop in City of Kawartha Lakes. Attendees represented agencies that had received help as well as others that had not. Participants recognized quickly that having a business continuity plan was important, not just to them, but to their clients as well.

Dale Windle, a Certified Business Resil­ience Professional, and James Kilgour from the Canadian Centre for Emergency Preparedness – both business continuity professionals – were invited as guest speakers. James spoke about a community resiliency program. He used a flower shop as a business example to go through what its key products and services were and what critical inputs would be required. He then spoke of how long a business can go in a disaster before it stops. He talked about different interruptions to business that can occur at any time and how one can prepare for all contingencies. Mr. Kilgour outlined basic steps for survival, how to restore business operations, and then how to build resiliency into ongoing operations.

Mr. Windle spoke about the actual business continuity planning. Why you should plan, what resources you need to complete a plan and the lifecycle of the plan itself. He used a non-profit organization as an example. He also provided an orga­nization impact analysis work sheet that agencies can use to help with their own plans. This elicits information about what is most important to the managers of a given business and why.

With input from the experts, the business continuity workshop with the agencies was spent working through this template and the workbook provided. The second step involved making appointments for the Disaster Management Volunteers to visit other agencies’ place of business, help them make personal connections and to complete the planning process.

Some Positive Early Results
To date, the Peterborough Red Cross has helped 20 agencies in Peterborough County – 10 in Northumberland County and 16 in City of Kawartha Lakes. In addition, the Peterborough/Haliburton Red Cross and the Canadian Mental Health Association used an expert resource to complete its business continuity plan.

The Peterborough/Haliburton Red Cross continues to help non-profit agencies with their business continuity plans. They are working on putting together another workshop in 2011 for local United Way agencies. This successful initiative has ­continued to grow, and the importance of having a business continuity plan for all businesses, agencies and organizations – be they for profit or non profit – has finally become recognized as a vital and “living” document to have, practice and maintain.  

Barb Mills is the Disaster Management Coordinator for the Peterborough/Haliburton, Northumberland Branch of the Red Cross.
© FrontLine Security 2010



Private Security
© 2010 FrontLine Security (Vol 5, No 1)

A year ago, Lieutenant Mike Parker, Unit Commander of the Los Angeles County Sheriff’s Department (LASD) EBD Unit presented a seminar on Education-Based Discipline (EBD) at the Justice Institute of British Columbia. The concept of education-based discipline challenged every notion of workplace discipline that had been ingrained in me during my 20 years in public safety and security. Although the seminar was targeted to police departments, I found that it very applicable to the private security sector, where, in my experience, conflicts often arise in balancing ­discipline with the challenges of personnel retention.

The Challenge
Typically, should a security team member require some measure of discipline, the officer will likely face suspension without pay for the misdeed. Although the message that the officer did wrong will have been clearly sent, other negative impacts result:

  • Though the officer is rightly punished by the loss of pay, his or her family suffers through no fault of their own by this loss of income;
  • A stigma results from the disciplinary action and is attached to that officer , both from peers and supervisors; as well, embarrassment at home often results amongst family and friends;
  • The personal morale of that officer may diminish, perhaps for the long term, which could in turn affect the esprit de corps of the entire organization.

Security management thus faces this dilemma: “How does one apply discipline in a manner that reinforces the good order and discipline of the team, yet has a positive outcome for all?” LASD Sheriff Lee BACA identified this and developed a solution – Education-Based Discipline. Lt PARKER reports that the police culture in the United States historically disciplines officers through suspensions without pay, resulting in the negative factors outlined above. To eliminate the perception that discipline equals punishment, the LASD established a discipline system in April 2009, that sees “offending” officers undergoing training to address the factors related to their offence. For instance, in the past, an act of “Abuse of Authority” could result in a 5-15 day suspension without pay. However, under the EBD initiative, that officer is now presented with the option of spending the suspension days undergoing specifically designed remedial training to address the root causes of the incident. Such training includes ethics, leadership and decision-making skill classes, professional development seminars, and the like. The officer is on duty and fully paid while undergoing the remedial training, and active participation is mandatory. By offering the EDB option, the LASD has exercised due diligence. They have ensured that the factors causing the officer’s infraction have been dealt with, that efforts have been made to maintain a positive employee/manager relationship and that the officer is better equipped to deal with his or her professional shortcomings. The EBD program is optional, and LASD officers facing suspension are free to choose the suspension without pay over EBD training if that is their preference. Training needs are mutually agreed upon by both the officer and command staff. LACSD Sgt Albert Cobos of the EBD Unit reports that since the inception of the EBD program, several officers who participated have provided very positive feedback. In fact, the LACSD now offers the EBD program for several other law enforcement and fire service agencies in the Southern California area. The Education-Based Discipline model has proven to be a success, and Sgt Cobos is confident that it will soon become a strong part of the law enforcement culture in Southern California.

The EBD model may work for a professionalized and unionized culture such as the LASD, but how can the private security industry incorporate the EBD principles into its own culture, and what would be the benefits? Private security companies are naturally interested in making a profit, and must watch the bottom line, especially during these fiscally challenging times. Is there any real long-term benefit for a private security company to send a security guard for remedial training instead of removing him or her from the payroll for a series of days for a work-related infraction? I suggest that there is, if the EBD concept is applied.

Private Security Options
Anyone who has spent time working in security can imagine a number of scenarios that would normally see a guard suspended or fired from the job, as that is often the only available option. But if this officer was otherwise a good employee who simply exercised one instance of poor judgment, are the needs of the company, the guard and the client really being met by suspending the security officer without pay? Is there a better way to bring this employee back into line within the ethical expectations of the company, and indeed the security industry? I suggest that this is where the EBD model should prove a viable alternative to a disposition of suspension.

Once the investigative process into the complaint against the security officer has concluded and disciplinary measures are required, a risk analysis regarding the officer’s professional future with the company should be conducted. If it is determined that the infraction was a single occurrence with minimal risk of a repeat, the officer should be offered the option of suspension without pay or participating in the EBD program. Like the LACSD, the security officer should receive as approximately the same number of days of EBD training to satisfy the suspension otherwise imposed and to ensure that the officer’s shortcoming is rectified. For instance, a security officer who received five days of suspension without pay would have the option of receiving EBD training equal to the five days of suspension and meet the remedial training needs as agreed upon by that officer and their supervisor. Some options for remedial training could include additional basic security training, additional site training with a training officer or exemplary peer, and customer service training for example. The options for remedial training are limited only by the scope of duties the security company expects its officers to provide.

Short or Long Term Vision
Certainly, a major stumbling block for adopting the EBD scheme is the cost of developing EBD options; paying for a training facilitator, paying the officer to attend the training and paying another officer straight-time or even overtime to fill the vacant position. It may be easier to erase the security officer’s pay for the days of suspension and simply pay the wage for the back-filling officer. But as a result, what will the security company have lost? Lt Parker advised that the LASD experience proved that punitive action such as suspension without pay in many cases resulted in the subject officer harbouring resentment towards the departmental management team, which could easily translate to poor morale, poor performance, a sliding level of professionalism and ultimately a poor reflection on the department. The same theory applies to the private security industry; this can affect recruiting, retention and also the company’s public reputation. As Lt Parker pointed out, “The negative perception of action taken against the officer who erred is infectious. Other officers watch with frustration and thereafter justify negative attitudes towards management and their customers as well. The employee may be gone but the infection spreads.”

Suspending security officers without remedial training does not address the factors that caused the misdeed. Ideally, officers going into EBD training will emerge with a better understanding of their misdeed and a clearer view of opportunities for improvement. The officers’ morale will be higher as they have retained their job with minimal disruption in income, and they will carry a feeling that the company truly cares for them as individuals by assisting them in overcoming their challenges and investing in them as a professional. Subsequently, the company may benefit from an excellent reputation among the client-base.

There is a real opportunity for both the public and private security industries to benefit from the education-based discipline program established by the Los Angeles County Sheriff’s Department. To increase the level of professionalism industry-wide and enhance client confidence, it’s important for security companies to invest in the development of their employees, particularly in situations where a misguided employee can be rescued through remedial training. Suspensions and firings don’t always satisfy the needs of the client or the company. There are better ways, and an effective Education-Based Discipline model is one viable option for private security companies looking to become leaders in their industry.

Steven MacLean is the Assistant Director, Security Operations of Campus Security at Simon Fraser University.
© FrontLine Security 2010



Espionage in 2010
© 2010 FrontLine Security (Vol 5, No 2)

Espionage has been described as “the second oldest profession, and just as honourable as the first.” The practice of intercepting wireless signals existed at the time of the Russo-Japanese War of 1904. The disciplines of electronic warfare (EW) and signals intelligence (SIGINT) evolved over the years. The doctrine of Information Warfare (IW) reached its peak in 1994, and cyber espionage then emerged in nation states. China and Russia were quick to add the concepts to their arsenal, which evolved throughout the 20th century into “the last, best-kept secret of the state.”

Cyberspace has transformed the ­practice of signals intelligence. Previously, signals intelligence agencies spent billions of dollars building collection platforms that snatched conversations out of the ether. Today’s cyber spies simply rely upon a globally interconnected set of networks, and automated bot nets to harvest information and engage in espionage.

Russia and China regard their telecommunications infrastructure and industrial base as a national asset and use it as a weapons platform to: facilitate foreign Signals Intelligence collection; project foreign policy agendas; perpetrate state-assisted crime; shape the global supply chain; or launch an all-out cyberwar coordinated with a ground battle, as in the cases of the Georgian and Estonian conflicts.

Nation states are not the only organiza­tions driving the transformation of signals intelligence. Increasingly, espionage is becoming privatized – run by shady networks of contractors, cyber criminals, and privateers. This ‘unique’ private-public partnership applies Internet crowd sourcing to espionage and war fighting – enabling the rapid development and deployment of technology and tradecraft. We now find ourselves decisively engaged with foes that lead with their best offensive line – and pay top dollar for top talent.

‘The threat sees the network as an asset, not a commodity.’ For instance, the 2007 Annual Report to Congress on the Military Power of the People’s Republic of China ­contends that: “The People’s Liberation Army (PLA) is building capabilities for information warfare, computer network operations, [which could] be used in pre-emptive attacks. China’s CNO concepts include computer network attack, computer network defense, and computer network exploitation. The PLA sees CNO as critical to achieving ‘electromagnetic dominance’ early in a conflict. The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks.”

China has not been shy in flexing its cyber muscles. In the spring of 2010, its state-owned China Telecommunications propagated false routing tables from IDC China Telecommunication, which effectively hijacked 37,000 networks, (12% of the Internet) redirecting them to IDC China Telecommunication instead of their rightful owners. These included about 8,000 networks in North America.

The Problem Set
During the cold war, spy cases were intriguing but irrelevant to most folks. It was a war fought in secret between cloak and dagger intelligence agencies. The average citizen and business-owner were not immediately affected by the spectre of espionage.

These lines between the state and ­private enterprises, crime, espionage and warfare are now blurred. We can no longer think of spying as a distinct phenomenon. Nor can we conduct counter-espionage operations in a traditional way. Spying can switch from a criminal vector at the speed-of-light. E-spionage is an industrial-grade problem that affects everyone insidiously.

Conventional misconceptions contend that only nation-states possess the sophistication, means, motive and mandate to conduct e-spionage; and that e-spies are only after military secrets. This is simply no longer the case.

Focused targeting and a persistence of attack, rather than technology are the distinguishing features of e-spionage today. Organized crime is by far the most prevalent and resourced threat in cyberspace. The tradecraft and technological sophistication is, for the most part, identical to that of hostile intelligence services.

It is no surprise that hostile nation-states systematically outsource e-spionage and computer network attacks (CNA) to national telecommunications providers and indigenous organized criminal groups. ­The privateering of CNA with virtual Letters-of-Marque provides the state non-attribution and a safe harbour for the criminals. E-spionage can hide in the noise generated by broadband use of criminal botnets.

However, spying and cyberwar do not pay the bills. So, organized crime is left to run the business by economic pillaging using robot networks; with the duplicity of the state. “We use computers to send viruses to the West and then we poach your money,” says Russian ultra nationalist, Vladimir Zhirinovsky.

Likewise, foreign e-telligence no longer focuses exclusively on military targets; increasingly it targets political and economic assets. In part, this is a consequence of ­characteristics of the cyber environment. Systems are now so interconnected that data leaks from classified systems to public networks. Moreover, this interconnection means that attacks that leverage social ­vectors – basically the trust people put into relationships with others – can successfully overcome even the most sophisticated ­firewalls and technical defences.

Tradecraft has adapted to take advantage of these soft targets. Espionage is often carried out by sophisticated commercial grade botnets which are difficult to detect, and the deployment costs are close to zero. Intelligence actors can focus on targeting and analysis, and can essentially outsource the collection activity to third parties.

​E-spionage may compromise your supply chain through the persistent shaping of infrastructure components and traffic.

On a slightly more sophisticated level, the foreign ownership control and influence of critical infrastructure and the pervasive use of untrusted providers for goods and services (such as Internet and telephony), exposes many organizations to e-spionage. Treating critical infrastructure solely as a commodity is a most precarious strategy.

A recent investigation by the Information Warfare Monitor uncovered security and privacy breaches affecting TOM-Skype – the Chinese version of the popular voice and text chat software Skype, marketed by the domestic Chinese company TOM Online. TOM-Skype routinely collects, logs and captures millions of records that include personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform. The report called into question the extent that TOM Online and Skype cooperate with the Chinese government in monitoring the communications of activists and dissidents.

The Actors

Russia is one of the clear leaders in evolving and adapting its intelligence practices to the cyber domain. While the remaining largely undeclared, cyberspace operations consisting of sophisticated botnet attacks, denial of service events, and selective use of private communications harvested from cellular phones and Internet vacation, have been used to silence opposition and shape domestic politics, and that within the Commonwealth of Independent states. These aggressive new techniques stand in direct contrast to traditional human source methods – which have remained cautious and conservative.

Criminal groups are alleged to be “in cahoots” with Russian security forces. The most often cited is the Russian Business Network (RBN) which has been described as embodying the greatest concentration of evil in cyberspace, and is considered by some experts as the most significant ­deliberate threat to Canadian information infrastructures. RBN offers Internet access, computer network exploitation and attack services to organized crime and state security services alike. Spamhaus describes RBN as “the world’s worst spammer, child-pornography, malware, phishing and cybercrime hosting network, providing bulletproof hosting.”

The RBN’s apparent immunity from prosecution in Russia, lends credence to the theory of that they operate under some umbrella of protection by Russian officials, possibly in return for providing information against targets of mutual interest and a platform for e-spionage.

The PLA considers active-offence to be the most important requirement for information warfare to destroy or disrupt an adversary’s capability. Contrast this with Canada’s predilection for a strategy of incidence-response and ­disaster recovery.

Gordon Housworth writes – “Informationalization, has entered Chinese military thinking in earnest, affecting both foreign commercial and military assets.”

U.S. and EU commercial assets have already suffered serious predation from Chinese military assets and Chinese commercial assets operating under military direction. Shifting from passive to active cyberwarfare, the People’s Republic of China (PRC) intends to “be able to win an ‘informationized war’ by 2050.”

Recent Investigations
Lengthy investigations like Titian Rain, Moonlight Maze, and Aurora have uncovered a tangled web of intrigue and skulduggery involving their former cold war antagonists. The Deputy Defense Secretary in a congressional hearing stated “in no uncertain terms” that “we are in the middle of a cyberwar.”

The report Shadows in the cloud: Investigating cyber espionage 2.0 by SecDev Group, Citizen Lab and the Shadowsever Foundation, describes a complex ecosystem of cyber espionage that systematically compromised government, business, academic and other computer networks. Data was stolen from politically sensitive targets. The report analyzed the malware ecosystem employed by the attackers, which leveraged multiple redundant cloud computing, social networking platforms, and free web hosting services in order to maintain persistent control while operating core servers located in Chengdu, China.

Similarly, the Tracking Ghostnet: Investigating a Cyber espionage network investigation discovered over 1,295 infected computers in 103 countries, 30% of which were high-value targets, including ministries of foreign affairs, embassies, international organizations, news media and NGOs. The capabilities of Ghostnet are far-reaching. The report provided evidence that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself forms of signals intelligence. It is a clear warning to policy makers that information security requires serious attention.

Attribution is difficult because there is no agreed international legal framework for being able to pursue investigations down to their logical source, which is often local.

Google was compromised in January 2010 along with other hi-tech and defense companies. Netwitness revealed the existence of a Zeus-based botnet that had compromised over 74,000 computers around the world where the attackers demonstrated technical sophistication “on par with many intelligence services.”

SecDev’s investigation confirmed that Zeus infected targets within the government and military sectors with second instances of malware designed to ex-filtrate data and sensitive documents from the compromised computers.

The investigation found 81 compromised computers that had uploaded a total of 1,533 documents to the drop zone. They found sensitive contracts between defense contractors and the U.S. Military – documents relating to, among other issues, computer network operations, electronic warfare and defense against biological and chemical terrorism. The investigation found the security plan for an airport in the United States as well as documents from a foreign embassy and a large UN-related international organization.

On 6 February 2010, Brian Krebs reported that attackers using the Zeus trojan targeted a variety of U.S. government and military email addresses in a spear phishing attack that appeared to be from the National Security Agency, and enticed users to download a report called the ‘2020 Project.’ Following publication of Krebs’ ­article, attackers used portions of it as lures in further spear phishing attacks. The malware was connected to a command and control server located in China.

The Zeus botnet was highly active, coincident with the 2010 Olympic Games.

Robot Spynets
Cyberspace is expanding beyond billions of computers and other Internet-aware devices; all are highly exposed to hijacking  malware that can assimilate them into a larger criminally-controlled robot network.

Most organizations use traditional security architecture practices to secure their networks. These are inadequate safeguards against advanced persistent threats. As recent studies show, considerable amounts of botnet traffic continue going to and from these networks. In this study, evidence was provided of extremely large distributed denial of service attacks, sophisticated ­foreign-controlled robot networks, spynets and high volumes of cybercrime affecting both public and private sectors.

The Resolve to Solve
E-spionage must be addressed by a proactive, pre-emptive strategy. A reactive strategy focused on passive-reactive-defense serves only to invite cyber attack. The increased activity in cyberspace by actors like China and Russia attests to an emerging ecosystem in cyberspace – one which requires attention at foreign policy as well as technical levels. A failure to do so will result in increased exposure and encourage even more audacious acts.

The answer to this e-spionage threat requires a coordinated response. At a technical level, we must focus on rapidly engineered ‘best’ security practices for modern High Performance Secure Networks. This advice goes beyond ‘common’ policy and standards that are decades behind advanced persistent threats. Classified networks are no longer safe – everything is connected.

The attack vectors used for e-spionage can be closed off by mitigating against broad advanced persistent threats like ­criminal botnets and their controllers.

Corporate IT architectures must be built on a strong foundation. Trusted Internet connectivity, core intelligence and ‘clean pipes’ provided by upstream security are the cornerstones of the U.S. Comprehensive National Cyber Security Initiative, the impetus for which was the e-spionage threat. Traditional paper risk assessments are obsolete upon publication. Real-time risk management and adaptive-dynamic enterprise security architectures are necessary.

Engineering a solution to e-spionage must be performed in the context of an integrated risk management framework that clearly explains (and calculates) business imperatives, the TCO (Total Cost of Ownership), and ROI (Return on Investment) per dollar spent.

Education and awareness is key. Most spynets are built by social engineering entry into a network of interest by using a well-crafted email harbouring a malicious link or attachment – hence ‘executive spear phishing.’ There is no technical defense against a well executed social attack, or ‘viruses of the mind.’ Network owners and users must be vigilant in opening suspicious emails containing links or questionable attachments.

Protecting Our Assets
Policy is critical. Cyberspace needs to be recognized as a national asset, and both a potential national weapon system and a vulnerability. Security policy focused on the defense of networks is simply insufficient. An effective cyberspace strategy requires an effort that synchronizes our activities across the whole of national governance – including foreign affairs, defense, public safety, and industry. Our strategy must emphasize manoeuvre; to do less renders our best efforts and cyber security to no more than a 21st century ­version of the Maginot Line that any hacker can crack.

Dr. Rafal Rohozinski is the Director of SecDev Group and David McMahon is with National Security Programs at Bell Canada.
© FrontLine Security 2010



Partnerships Towards Safer Communities
From a Vision to Reality
© 2010 FrontLine Security (Vol 5, No 3)

A few months ago, the concept of a nationwide Canadian emergency management network was just that – a concept, a dream. Today, ­Partnerships Towards Safer Communities Online (PTSC-Online) is a reality. Its growing membership has a good grasp on current issues facing Canadian emergency managers and are deriving value from their participation in this program.

Those Emergency Management (EM), Business Continuity (BC), and ­Critical Infrastructure Protection (CIP) professionals who are now beginning to enjoy the benefits of PTSC-Online membership asked some key questions before becoming involved:

What is PTSC-Online?
From a technical perspective, PTSC-Online is a Canadian virtual online community built on a software platform which provides blogs, discussion forums, wikis, member profiles and other tools to facilitate collaboration. It is integrated with popular social media channels such as Facebook, Twitter and YouTube to strengthen its commu­nication and collaboration capabilities.

Canadians who develop and maintain emergency management, business continuity and critical infrastructure programs are now working together to share best practices, collaborate on current issues and, in general, help each other do their jobs. Initiated by the Canadian Association of Fire Chiefs (CAFC), the PTSC-Online Community will continue to enjoy the leadership of the CAFC as the program expands.

Through an aggressive outreach program, the CAFC is sending the message that PTSC-Online is not just for those who are responsible for, or work on, programs to help make our communities more resilient. It includes and welcomes emergency management students and suppliers who support our emergency management programs.

Why Participate?
Why did the CAFC sponsor PTSC-Online? Why did Public Safety Canada provide financial support to get it started? Why are organizations such as the Canadian Standards Association, the National Fire Protection Association, the Federation of Canadian Municipalities, the Salvation Army, the Red Cross, and emergency management and business continuity associations, all participating in PTSC-Online? Why are individual community and industry emergency managers and business continuity professionals joining?

The answer is, they all face the challenge of doing more with fewer resources, and they recognize that collective efforts can be greater than the sum. They understand the need to break down silos to work more effectively to help Canadian communities and industry become more resilient to withstand emergencies and business interruptions. They recognize that online technology can help provide a solution but the real key is to get involved themselves and participate in the collaboration process.

How did the Community Build?
The PTSC-Online Community has matured from being a vision of Don Warden, CAFC’s Executive Director, into an active on-line community. It grew to over 100 members in its first few months and continues to build steadily. Members are dedicated professionals working in Emergency Management or Business Continuity fields in public and ­private sectors and not for profit organizations from across Canada.

To ensure the long term sustainability of PTSC-Online, a steering committee, ­representing key stakeholders, has been formed and is diligently working on a structure to ensure that the benefits being seen by members today can be extended well into the future.

What are the Main Issues?
The three main focus areas in PTSC-Online are standards for emergency management and business continuity programs; collaboration to help implement programs; and program accreditation. Updates are posted on these topics including: the developing CSA and NFPA standards; collaboration between a community emergency management program and an amateur radio club to improve emergency communication; and efforts (sponsored by the International Association of Emergency Managers Canadian Chapter) to make program accreditation available in Canada.

Issues range from discussing the implications of government policy – such as the proposed $35.8 million cuts to Public Safety Canada’s budget, or the challenges of complying with the emergency response provisions of new Ontario propane regulations. On a very practical level, the PTSC-Online Community has engaged in formulating a discussion around current emergency management challenges such as the BC wildfires.

The topics discussed on PTSC-Online will change with the interests and concerns of its members because, unlike a traditional web site, PTSC-Online is an online community where members post and comment on articles, participate in discussions and add information to a wiki knowledge base that is of interest to themselves and the many other members from their sector.

A section in PTSC-Online is dedicated to suppliers of emergency management related goods and services. It allows suppliers to list their company in a directory, announce upcoming events in a suppliers’ calendar, and explain the products and services they offer in a suppliers blog. Although only a few suppliers are participating to date, the feedback received from them has been very positive because it has stimulated discussion between the suppliers and potential purchasers.

What are the Key Challenges?
PTSC-Online needs to demonstrate value to its members and supporters to attract the financial support required for it to become a vibrant sustainable Canadian emergency management community. It has clearly demonstrated that the technology works for the members who have chosen to use it. Feedback from those members has been very positive. The essential challenge is to increase the level of member participation so more PTSC-Online members will get a greater return for the time they invest participating in the Community. With over 8000 views of the PTSC-Online home page and articles which have been viewed over 300 times, there is clearly an interest in the topics being discussed.

It is important for members to provide feedback to keep discussion rolling. To quote Christel Hollinger, the first municipal Community Emergency Management Coordinator to join PTSC-Online, and the Communications Chair for the Ontario Association of Emergency Managers, “One comment is an opinion … many is an irrefutable message.” As members coalesce in opinion, benefits to members and their causes will increase in direct proportion.

John Lindsay, with the University of Brandon emergency management program, suggests that PTSC-Online can break the stovepipe mentality that has stymied efforts at collaboration in the past. He predicts that PTSC-Online will be the first to “tear down that wall.” This is exactly what PTSC-Online aims to do by sharing the technology and power of the online community to help other organizations such as associations, communities and even government departments more effectively network and collaborate on emergency management issues.

What is the PTSC Vision?
The CAFC’s vision for PTSC-Online is to become the premier information and collaboration forum for Canadian emergency management, business continuity and critical infrastructure program professionals. Don Warden views the Community growing to meet its members’ and supporters’ needs and sharing its state-of-the-art collaboration technology with other organizations thereby helping them improve emergency programs for their own local, regional or national mandate.

“I’ve been checking the [PTSC-Online] site very regularly and I think that all the ingredients for its continued success are present,” commented Patrice Cloutier, a respected senior EM/BC coordinator. “It’s only a matter of time before more people start realizing its enormous potential as a forum for the exchange of ideas, best practices and as a source of inspiration and knowledge.”

William MacKay, President of MacKay Emergency Management Consulting, is leading the development of the PTSC-Online Community on behalf of the Canadian Association of Fire Chiefs.
Visit www.ptsc-online.ca
© FrontLine Security 2010



Data Gathering for Emergency Response
© 2010 FrontLine Security (Vol 5, No 1)

A disciplined approach to emergency response (DA) is a data gathering and decision making process to aid responders in handling hazardous materials emergencies in a logical and methodical manner. For over 30 years this method, which is summarized on a Disciplined Approach to Emergency Response chart, has been used by industry response teams and public sector first responders to effectively respond to incidents involving dangerous goods. The process helps trained responders work together to conduct a situation analysis, develop prioritized objectives, select appropriate response strategies and tactics and manage the response through to completion.

The DA process, developed by Imperial Oil, was shared with oil and chemical industry associations and the Exxon Mobil organization, resulting in it being used widely throughout North America and in Europe and Africa. For some years Imperial Oil provided coordination for updating the process and printing DA charts. With restructuring, however, there has been a coordinating gap. However, DA has continued to be used and updated independently by various users.

Putting the Disciplined Approach to Emergency Response on the web will help fill the coordination gap, provide a means for users to share lessons learned, and provide training opportunities. The website provides background information on the development of DA, downloadable training material, identifies training opportunities but more importantly provides for ongoing communication among DA users. A DA2ER blog, Google group and DA2ER Twitter account have all been created to facilitate communication and raise awareness about DA.

Planning ahead to more effectively use technology to support DA, the website highlights the use of Google Wave, (still in beta testing), for improved communication and collaboration during a response and two long time DA users are collaborating to develop on line training. Ernie Wong (EW Compliance and Response) and Bill MacKay (MacKay Emergency Management Consulting Inc.), both former Imperial Oil employees with extensive emergency response and training experience using DA, are collaborating to develop the on-line training.

© FrontLine Security 2010



Black Market Peso Exchange
© 2010 FrontLine Security (Vol 5, No 2)

Innovative South American narco-traffickers have recently expanded their cocaine smuggling repertoire with the use of diesel-electric submarines capable of handling ten-ton loads, replete with conning tower, periscope and air-conditioning. Such stealthy shipping vessels demonstrate clearly that well-funded drug cartels can approach the transportation of their product imaginatively.

CBP officers discovered 13 packages of cocaine in a vehicle that entered the country from Mexico.

Yet, when it comes time to the laundering of billions generated from the sale of cocaine, it would appear that ‘…what is old is new again.’ Law enforcement has been disrupting Black Market Peso Exchange money laundering networks for decades, but a recent case in Los Angeles adds a new twist to a proven method of reducing ill-gotten cash into clean financial instruments that are employed to pay the narco-trafficker’s tuition bills at top private schools.

The operation of a Black Market Peso Exchange is rather ingenious, as it relies on a transfer of title and not a movement of funds across borders, a perilous exercise that can be intercepted by the authorities, thereby limiting financial gains.

Generating millions in cash is a by-product of selling cocaine. In theoretical terms, the cocaine wholesaler can then ship the cash to his suppliers in South America, an exercise fraught with risk. Alternatively, the wholesaler can slowly place his cash into various retail banking accounts (known as smurfing) and then wire it to South America, a high-risk exercise made even more difficult by the coordianted efforts of financial institutions, law enforcement and financial intelligence units.

Originating in Colombia during the 1970s, the Black ­Market Peso Exchange relied on a restricted domestic currency – the Colombian peso (COP) – and domestic trading firms unwilling to pay the artificial USD/COP exchange rate set by the government to purchase goods overseas and import them into Colombia and other South American countries, usually through the free trade zone in Panama.

A broker in a Black Market Peso Exchange transaction is an individual who matches a seller of USD currency – either cash or deposits placed into the financial system – with a seller of Colombian pesos. In a typical transaction, the seller of the USD is the narcotics wholesaler, who receives USD but has operating expenses in Colombian pesos. The seller of the Colombian pesos is the importer in South America, seeking to acquire hard currency with which to purchase goods for import.

The broker can be any one of a number of people; however, history shows they are usually professionals, either bankers, ­foreign exchange dealers or operators of money services ­businesses (MSBs) or currency exchange houses seeking to boost their revenues by dabbling in illicit currency markets.

The broker quotes the price of USD to the importer and the cost of COP to the narco-trafficker. The broker maintains a ‘spread,’ whereby he earns his profits. Once the terms of the deal have been agreed upon by all parties, the broker arranges for the USD to be swapped from the narcotics wholesaler to someone trusted by the importer. In some cases, the broker assumes control of the USD and sends it to the exporter nominated by the importer.

In larger cases of a Black Market Peso Exchange, the narcotics trafficker who sells his USD will collect his pesos in Colombia shortly thereafter. The broker is then long on dollars and must find an individual or company importer in Colombia that wishes to transmit money overseas without the scrutiny of tax authorities, shareholders or spouses.

A recent event in Los Angeles demonstrates that Black Market Peso Exchange money laundering, much like the many methods and mechanisms employed to launder the proceeds of crime, is evolving into new and more advanced directions.

The United States Immigration and Customs Enforcement recently laid charges against several individuals operating an import/export business in Los Angeles. Three top-level executives of the Angel Toy Corporation were arrested on 2 July 2010, on various federal charges, including money laundering.

Rio Grande City Border Patrol agents seized 923 pounds of marijuana in a 2003 Dodge Ram 1500 pickup truck near La Rosita, Texas.

The Angel Toy Corporation was in the business of representing Chinese manufacturers to importers in North and South America. The proceeds of crime from the sale of narcotics in the United States were placed by executives of Angel Toy Corporation in the American banking system in a manner that eluded mandatory reporting of deposits in excess of USD10,000 per day, otherwise known as structuring.

The proceeds of crime would be collected and concentrated by the Angel Toy Company into payments for goods to be exported from China, namely teddy bears and Topo Gigio dolls (a European television character from the early 1960s) and other toys, into South America.

The toys would be shipped into either the free-trade zone of Panama or directly into Colombia. The toys would then make their way to the shelves of toy stores, department stores and the like, sold through a regular distribution network for retailers.

Unlike a normal import/export transaction, the toy shipments to South America were paid in USD generated from cocaine sales in the United States. The entire revenues generated from selling the toys to retailers would be sent domestically to the drug cartels. In other words, the shipments were sent free of charge to South American distributors (perhaps under control by the drug cartels) where the entire revenues generated from sales to retailers would be passed on to the drug cartels in compensation for their shipments of cocaine north into the United States.

It seems a rather roundabout way to remit value from the sale of cocaine back to the original exporters in South America, however such a variant of the Black Market Peso Exchange produces transactions whereby no funds are transmitted from the United States to South America, as China becomes the intermediary in the transaction.

The vast anti-money laundering resources of the United States would be hard pressed to defend against such transfers of value from the United States to South America, as the transaction’s indirect route through Chinese exporters adds a layer of complexity that may throw investigators off. As evidenced by the arrests in Los Angeles, this method of laundering is not a foolproof.

Bundles of marijuana that smugglers attempted to conceal with brush.

Canadian exporters face the same risks of becoming embroiled in a similar transaction. Even the most prominent firms with sterling reputations could be unwittingly sending goods to South America after receiving payment from a trading company in Los Angeles or any number of cities in the United States. Where problems occur is the seizure of goods or payments involved in the transaction, a scenario that may leave the Canadian firm’s goods or funds in an evidence locker at the Drug Enforcement Administration. If the sums are large enough, the damage could prove crippling to a Canadian exporter’s cash flow cycle.

For Canadian financial institutions, many risks lie in such a transaction where they offer trade finance or supply chain finance risk mitigation to the Canadian exporter. They face credit risk if the exporter’s financial position becomes hobbled by a seizure of either goods or payments and regulatory risk if they allow such a transaction to flow past their anti-money laundering defences.

As part of its mandate to defend Canada against money laundering activity, the nation’s financial intelligence unit – the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) – should consider educating Canadian exporters on the perils of such transactions, perhaps in conjunction with export promotion activity carried out by Canada’s export credit agency, the Export Development Corporation or the associations for Canadian importers and exporters.

Operation Journey put an end to the tons of cocaine that was being smuggled to 12 countries in commercial vessels.

By increasing awareness of the risks associated with such transactions, Canada increases its defences against international money laundering and bolsters its image as a responsible nation where organized crime will face difficult hurdles in mounting successful operations. Inaction on this front runs the risk of inviting the very activity the nation’s law enforcement and financial intelligence apparatus seeks to deter.

Kim R. Manchester is the Managing Director of ManchesterCF, a financial crime risk management firm based in Toronto that offers training programs, advisory services and project management to financial institutions and public sector agencies in Canada and around the globe.
© FrontLine Security 2010



Handling Aircraft Emergencies
© 2010 FrontLine Security (Vol 5, No 3)

“Mayday” is the internationally-recognized term used by pilots to communicate an emergency situation to the outside world – from the French word, m’aidez (meaning “Help me”). Of course, According to regulations, Nav Canada Air Traffic Controllers and Flight Service Station Specialists must respond to any statement by a pilot indicating that the crew or aircraft is experiencing difficulties and requires assistance. When a pilot declares an emergency, the aviation system responds as quickly as ­possible. The system includes Nav Canada, airports, Canadian Forces’ Search and Rescue (if an ­aircraft goes down), and emergency response services (such as fire, paramedics, police).

Air France Airbus A340 Flight 358 crashed at Toronto's Lester B. Pearson International Airport on August 2, 2005.

Since 1990, there have been 4,282 declared aircraft emergencies in Canada, with the greatest number occurring last year. From 2000 to 2009, there were 738 more emergencies than in the previous decade, a 42% increase. The number of emergencies reached an all-time high of 297 last year; 20 years ago there were 158. Increasing air traffic during the past generation is considered the main reason for the rise.

While aircraft emergencies vary greatly in type, all involve a need for assistance. The help provided depends on the nature of the emergency. A pilot who becomes lost on a flight over unfamiliar terrain may only need Air ­Traffic Services (ATS) to provide VHF Direction Finding to resolve the emergency. The crew of an aircraft on fire needs assistance from Air Traffic Control (ATC) to reach a suitable airport as quickly as possible, and Aircraft Rescue and Fire Fighting (ARFF) and emergency medical services upon landing.

No situation has tested the emergency response capability of Canada’s aviation system like 9/11. After the Federal Aviation Administration closed U.S. airspace, more than 200 foreign aircraft were diverted to Canadian airports. The coordination operation was unprecedented in scope and involved Transport Canada, Nav Canada, Canadian airport authorities, the Canadian Forces and Royal Canadian Mounted Police, and other agencies. All seven Nav Canada Area Control Centres (ACC’s) and 17 airports were involved in “Operation Yellow Ribbon.” By 6 p.m. on September 11/01 in Canadian airspace, some 1,500 aircraft, carrying 45,000 passengers, had landed without incident.

If a pilot is communicating with ATC and declares an emergency, certain procedures are followed by the controller handling the flight. He or she ascertains what the pilot wants to do, which is usually land at the nearest suitable airport. The controller’s ­priority is to keep the airspace around the aircraft clear so that it can proceed to the destination aerodrome without delay. ATC may hold airplanes on the ground, temporarily vector aircraft off airways (while maintaining separation), and/or use other controlling techniques in response to the situation. The controller notifies a supervisor of the emergency and receives assistance with other ATC duties so the controller can remain focused on helping the aircraft in distress.

Aviation professionals such as pilots and air traffic controllers must be resourceful. On 23 July 1983, the controller handling Air Canada Flight 143 used a makeshift ruler on his radar screen to measure the distance covered by the fuel-starved Boeing 767 as it glided toward Winnipeg. Because there was no electrical power to the aircraft’s transponder, the secondary surveillance radar provided no altitude or groundspeed information to the controller. The Air Canada pilots needed to know how much terrain the aircraft was covering as it lost altitude. Thanks to the measurements taken by the controller and relayed to the pilots, they were able to determine that they would not reach Winnipeg, and the captain decided to glide the 132-ton airplane to the Gimli airfield instead. Despite a high-speed landing and nose gear that collapsed after touchdown, there was no loss of life, and relatively few injuries occurred.

In addition to assistance from air traffic controllers, pilots in emergency situations have received invaluable help from other pilots flying in the same area. In January 2005, a Beechcraft King Air 200 flying over central British Columbia picked up so much ice that it had to descend below the 100-nautical mile safe altitude even though the crew had applied full power. The aircraft was in a power-on stall during the descent due to the ice and was difficult to control. The crew of a Dash 8 flying overhead informed ATC that the weather to the west of the smaller turboprop’s position looked better, and the controller vectored the ice-laden airplane toward that area. The King Air subsequently entered clearer skies, the pilots saw the Kelowna Airport, and landed safely. During the approach, the airplane shed ice as thick as 15 centimeters (6 inches).

Air traffic services communicate not only with the pilot of an aircraft in distress but also with the airport where they intend to land. ATC-airport communication is vital so that ARFF will be waiting near the runway as the aircraft touches down. At smaller airports, there is often no on-site ARFF, so word of the inbound airplane in distress is communicated to the local fire department and other emergency services.

Airport Operations (AO) staff are informed when a pilot has declared an emergency. At larger airports, the supervisor in the control tower contacts the Airport Operations Officer (AOO) in the Airport Operations Centre (AOC) via a direct line. In the event of an aircraft crash, the crash alarm, which is activated by a controller in the tower cab, sounds in the AOC. Whether the emergency is a crash, an unsafe landing gear indication, a passenger experiencing a heart attack, or some other type of critical situation, the airport musters the appropriate resources in response.

Immediately after the AOO has been informed of an emergency by the tower, he or she contacts the Airport Operations Supervisor (AOS), Airside Duty Manager (ADM), and other AO personnel. The AOS takes charge of coordinating the airport’s emergency response from the Emergency Operations Centre (EOC). The AOO also contacts the ambulance service, police, fire department, and other agencies as indicated in the specific Emergency Response Plan (ERP), and as directed by the AOS.

While smaller airports usually do not have a control tower, many have a Flight Service Station (FSS). In the event of an aircraft emergency, the FSS Specialist contacts the airport manager and otherwise follows the emergency response protocol established by Nav Canada. At airports with no control tower or FSS, information about an aircraft in distress is passed along by Nav Canada personnel in the regional Flight Information Centre to the local airport ­manager and emergency services. When responding to aircraft emergencies, ATS and airport staff exercise good judgment and draw on their knowledge and experience to make every effort to provide support to the pilot(s).

Nav Canada Area Control Centre in Montreal.

The EOC room is equipped with telephones, radios, and other equipment used to coordinate an airport’s response to an emergency. If it involves an airliner, the ­station manager will come to the EOC to keep the AOS informed of what the air carrier is doing in response to the situation. If the emergency is a bomb threat made against an airline or some other type of ­situation requiring police intervention, officers go to the EOC to coordinate with police units and keep the AOS updated. Aircraft emergencies involving hazardous materials or an unknown substance leaking out of a package in an airliner’s cargo hold, for example, will result in a hazmat team from the local fire department going ‘airside’ (entering the restricted area where ­aircraft manoeuver and park).

Mobile equipment used by airports to respond to aircraft emergencies include radios and cell phones, portable satellite telephones, and an Emergency Response Coordination Centre (ERCC) that can be driven to the scene of an aircraft emergency.

The ERCC is usually a modified motorhome or truck containing communications and other equipment. AO staff in the ERCC communicate with the AOS in the EOC. At some Canadian airports, trailers filled with supplies such as blankets and stretchers can be quickly attached to airport vehicles and driven to the site of an emergency. On Sea Island, where the Vancouver International Airport is located, the Canadian Coast Guard has a hovercraft which would be used to respond to an aircraft crash in the tidal flats west of the airfield.

All airports licensed by Transport Canada have an ERP, which serves as the guiding document for different types of emergencies. Nav Canada has also developed ERP’s, which are used in ACC’s, control towers, and FSS’s. Transport Canada recommends that airports carry out a full-scale, simulated emergency at least every three years, and ‘tabletop’ simulated emergencies more frequently. Such exercises ­provide airport and emergency response personnel with invaluable experience in dealing with different types of emergencies.

ARFF personnel train on a regular basis in order to remain proficient at responding to aircraft emergencies. The effectiveness of such training was demonstrated on 2 August 2005 at the Toronto International Airport after an Air France Airbus A340 slid off the end of the runway into a ravine where it burst into flames. While 12 of the 309 on board were seriously injured, no fatalities resulted from the accident that clearly highlighted the role of training during an emergency situation.

Although people who work in civil ­aviation continue to troubleshoot, aircraft emergencies will undoubtedly occur in the future, and Canada’s aviation system – one of the best in the world – will continue to respond with well-trained professionals and modern resources. As the events of 9/11 demonstrated, not all types of emergencies can be foreseen. Regardless, people who work in civil aviation continue to use their expertise, good judgment, and resourcefulness to deal with ­aircraft emergencies in order to make air travel and operations safe.  

Blair Watson is a contributing editor at FrontLine Security magazine.
© FrontLine Security 2010



Homeland Security Institute
© 2010 FrontLine Security (Vol 5, No 1)

The Homeland Security Institute (HSI) was conceived in the aftermath of the terrorist attacks on 9/11. In its report Making the Nation Safer, the National Academies proposed the creation of a dedicated, not-for-profit technical ­analysis and support institute for homeland security to provide the U.S. Federal Government with much needed analytic capabilities in support of effective counterterrorism-related decision making and program execution.

The Homeland Security Act of 2002 called for the establishment of the Department of Homeland Security (DHS) and directed the new Secretary to “establish a federally funded research and development center to be known as the ‘Homeland Security Institute.’ By law the Institute was to terminate on April 25, 2009. During its five-year history, HSI matured and evolved with DHS and the homeland security mission.  

The role of the public in countering terrorism is often understated. We are currently examining the Israeli approach to public engagement in counterterrorism efforts and identifying best practices that are successful in fostering a resilient and capable citizenry that can help deter and defeat terrorist attacks.

Often unexplored is the role of the public as a stakeholder in homeland security. In this area, we are convening panels of representatives from functional disciplines (public opinion experts, elected officials, social scientists, civil rights attorneys) and specific communities (law enforcement, the medical community, and religious organizations) to identify issues and concerns from the public’s perspective that could adversely impact the deployment of new technologies. Some of the technologies are a microwave vehicle stopper to stop the engines of motor vehicles and vessels; a standoff explosives detection device based on the science of Raman spectroscopy, which employs a laser to scan individuals and materials; and a mobile biometrics screening device developed under the Small Business Innovation Research program. This device can screen people at a distance. Each panel identifies areas of potential concern to the public and makes suggestions to DHS on how best to introduce such technologies to the American people if it decides to eventually purchase and employ them.

Often unexplored is the role of the public as a stakeholder in homeland security. In this area, we are convening panels of representatives from functional disciplines (public opinion experts, elected officials, social scientists, civil rights attorneys) and specific communities (law enforcement, the medical community, and religious organizations) to identify issues and concerns from the public’s perspective that could adversely impact the deployment of new technologies.

Our main objective is to help the Department and others across the homeland security enterprise to prepare for both natural disasters and potential man-made disasters.

We also focus on supporting DHS and others at the Federal level, along with their counterparts at the State and local levels and in the private sector in responding effectively and efficiently to any major disaster.

In emergency management, we analyzed proposed revisions to the National Incident Management System (NIMS) doctrine, developed metrics to track NIMS implementation, and helped secure final approval of the NIMS document. NIMS provides the nation with a framework for blending emergency management and incident response efforts at all levels of government. We also provided a framework of functional needs, typical positions, core competencies, multi-agency coordination systems, resource management, and training for all NIMS stakeholders involved in emergency management and incident response.

This effort supports the implementation of the Five Year NIMS Training Plan for which we also produced an evaluation and made recommendations to improve future NIMS training.

We are also developing user requirements for an advanced ­system to accurately track fi rst responders while they work in very hazardous situations, as well as user requirements for an advanced physiological monitoring system that will track a first responder’s vital signs.

In terms of incident response to actual disasters, we provided an independent analysis of the Federal response to the 2007 Southern California wildfires. We assessed several innovative recovery and mitigation activities such as the new Multi-Agency Support Group (MASG) – a task force coordinating post-fi re mitigation efforts to minimize the effects of potential flooding, erosion,  and debris flow in burned areas.

Our primary objective in conducting research is to support decision makers with useful results and recommendations that they can act on. We employ multidisciplinary team models to ensure that disparate stakeholders’ perspectives are fully addressed. We integrate policy, economic, technical, and operational factors into many of our reports.

Consistent with our original charter and the future needs of DHS, we continually enhance nine overlapping strategic core ­capabilities.

The Homeland Security Institute spent the past five years contributing to the intellectual underpinnings necessary to enable DHS to secure the homeland. The Homeland Security Studies and Analysis Institute will devote the next five years to delivering to the extended homeland security enterprise the high-impact analytic support necessary for improving the nation’s security and ability to respond to and recover from any catastrophe. 

© FrontLine Security 2010



Virtual Villainy
© 2010 FrontLine Security (Vol 5, No 2)

‘Within three to five years, Al-Qaeda will be utilizing the Internet and mobile phones to centralize their fundraising.’ This sobering assessment from Richard Barrett of the United Nations is a stark reminder of the threat posed by terrorist use of developing technologies – the virtualization of terrorism.

Indeed, the past decade has served as a case study into the ability of terrorist groups to seamlessly evolve from the real-world battlefields of the Middle East and North Africa to their virtual counterparts on the World Wide Web.

Although groups like Al-Qaeda have consistently adapted to changing technologies, the Internet’s ease of access, fast flow of information, anonymity of communications, and dearth of regulations have revolutionized the command and control structure of modern terrorist organizations. While individuals such as Younis Tsouli, Abu Monsoor al Amriki, Anwar al-Awlaki, and Coleen LaRose have dragged international terrorism’s propaganda, planning, and recruitment apparatus into the 21st century virtual worlds of the Internet, more ominously, the financing of terrorist operations may be shifting there as well.

The Evolution of Terrorist Financing
Preventing the free flow of money to international terrorist ­orga­nizations has been a prime objective in the war on terror. However, as authorities have cracked down on the abuse of banks, credit unions, and other formal institutions, terrorists have shifted their operations to Hawalas and similar underground banking systems; what the Council on Foreign Relations calls “those places with ­limited bank supervision, no anti-money laundering laws, ­ineffective law enforcement, and a culture of no-questions-asked bank secrecy.”

Virtual worlds provide many of the same characteristics of the existing underground network – they are fast, inexpensive, reliable, convenient, and most notably, discreet. Moreover, financiers no longer need to leave the comfort of their own homes to successfully transfer large sums of money to those looking to carry out horrific attacks. Consequently, while law enforcement officials have achieved successes in regulating the formal financial sector, virtual worlds remain open to business for terrorist dollars.

Virtual worlds are computer-based, simulated environments where millions of users can interact with each other on a daily basis. Users simply download the software to run the program, sign up for a free account, and log in to a world where they are represented by a virtual depiction of themselves known as an avatar. Because these virtual worlds are meant to reflect the real world, many have developed robust ‘virtual economies,’ allowing users not only to connect with new people and old friends, but also to buy, sell and trade goods using e-cash that has real world value. With limited ­regulation or observation by law enforcement, virtual worlds are ­fertile ground and ripe with opportunity for terrorist financiers.

The primary challenge is the paltry customer identification rules associated with virtual worlds. In traditional banking, customer identification procedures are implemented both during origination of accounts and during individual transactions. However, due to the nature of virtual worlds, the ability to accurately identify customers is limited at both of these stages, making them more vulnerable to financial crimes.

Despite these vulnerabilities, without a documented instance of virtual terrorist financing, the methodology remains largely ­academic. However, by combining the recognized vulner­abilities of virtual worlds with the known traits of terrorist financing, it is possible to construct the following hypothetical ­terrorist financing scheme in a developing virtual world (VW):

Over the course of two weeks, 15 individuals in five cities in the United States register to join VW from local coffee shops and internet cafes. After downloading the required programming, these users are prompted to register. Although all of them are men from random countries throughout the Middle East, Southeast Asia, and Northern Africa; they all supply nondescript anglicized names and about half self-identify as female. In order to confirm their identity, they then provide the free web-based email address that they had set up the day before from another coffee shop. After confirming their new virtual accounts, all of the men shut down their email accounts and allow their newly created VW accounts to remain dormant for the remaining time in the two-week period.

With their accounts set up and avatars selected, all 15 individuals begin the task of blending into their new virtual world. They go to social functions and meet other avatars; and looking to ­capitalize on VWs virtual economy, five of them open in-world businesses. One acts as a virtual real estate broker, one sells virtual lingerie, another runs a virtual coffee shop, and two others run stores that transfer real world books and paintings respectively. In order to handle the expected demand for the virtual and real world products that their avatars are selling, each of these businesses hire two staff members who applied by contacting them and providing a pre-approved code word. With their businesses set up, the avatars go about their every day in-world business, selling their wares and making VW$.

Two months after initially setting up his account, and having given the other 15 residents time to get settled in their new businesses, a 16th avatar begins to customize his new virtual life. Having spent the past eight weeks converting $500 per week into VW$ from a PayPal account, this avatar now has VW$4,000 available. Over the course of one week, that avatar then goes about engaging in the following transactions with the aforementioned businesses: he purchases a virtual island home for VW$1000, of which the real estate broker takes a commission of 50%; he buys VW$200 worth of lingerie for his virtual girlfriend; each day he purchases three cups of virtual coffee for VW$5 per cup, for a total of VW$75; and with the remaining money he purchases countless books and paintings, none of which are ever delivered despite the transfer of VW$. Within nine weeks the initial VW$4,000 has been transferred out and into the accounts of the other fifteen avatars. Each of them then exchanges the VW$ back into real world currency through PayPal and prepaid debit cards, and cancels their VW accounts.

Back in the real world, the individuals gather in groups of three in all five of the cities. They combine their funds and are left with a little under a thousand dollars per group. They immediately work towards implementing their ‘mission,’ purchasing the material and creating one improvised explosive device per person. By the end of the week, and less than three months after first signing onto VW, the men carry out 15 suicide bombings in five major cities throughout the United States. Without the ability to identify or trace the source of the funds or the avatars that financed these attacks, law enforcement and intelligence officials are left with ­limited leads in investigating the attacks.

As this hypothetical demonstrates, the use of virtual worlds to finance terrorist attacks is far from merely academic.

Regulating the Virtual Hawala
The environment in which terrorists raise, launder, and transfer funds to further their activities remains all too permissive. The complexity and variety of methods available to terrorist financiers, combined with the difficulties of identifying these otherwise innocuous financial transactions, requires broader regulation and enforcement. In particular, the ability of terrorist financiers to move between the formal and informal financial sectors must be curbed, and any policy aimed at doing so must be all-encompassing to have any chance of successfully disrupting terrorist activity.

At the forefront in the global war on terrorist financing is the Financial Action Task Force (FATF), an international body dedicated to the eradication of money laundering and terrorist financing. The FATF has led the charge for greater regulation and accountability, offering a list of 40 recommendations that should be implemented by those in both the formal and informal financial sectors worldwide. Of all the recommendations, those that are considered integral to developing successful programs to combat terrorist financing include:

  1. the identification of all individuals and businesses engaged in financial transactions, both formal and informal;
  2. accurate and verifiable information through which customers can be identified; and
  3. maintaining records of all financial transactions and reporting those identified as suspicious.

While participating countries have implemented many of these ­recommendations, loopholes remain.

Recognizing this vulnerability, measures should be taken to effectively curb the use of new underground banking by terrorist organizations. The most effective way of reducing the potential for abuse of virtual economies is to refine the scope of coverage and to clarify that virtual worlds that allow for the transfer of money and other things of value are covered institutions. Although virtual worlds may not appear to be traditional ‘financial institutions,’ they can reasonably be covered as a part of the informal financial system. Virtual worlds not only engage in the transfer of funds; by allowing residents to exchange real world currency with virtual currency, they have built a system where the virtual economy is an integral part of the business.

To combat this, virtual worlds must be placed on notice that they are subject to such regulations. They must then begin to implement comprehensive anti-money laundering and terrorist financing programs. Such compliance programs must be required of both formal and informal financial institutions. Expanding them to virtual worlds, while admittedly more complicated, will result in a reduction in the criminal abuse of such systems. A key compliance scheme has been the requirement that all covered institutions ‘know your customer’ – this recognizes the critical role that both formal and informal financial systems play in any effort to find terrorists.

Under existing regulations, covered institutions must:

  1. identify customers as they open accounts by obtaining ­information such as name, address, date of birth, and taxpayer identification number;
  2. exercise reasonable efforts to verify the customer’s identity;
  3. maintain records and information obtained during the ­identification and verification process; and
  4. consult lists of individuals whose assets have been blocked or frozen.

Like their brick and mortar counterparts, virtual worlds must ensure that every avatar with virtual currency can be linked back to a verifiable name, address, and a real-world bank account. Without this basic ‘know your customer’ type requirement, no amount of anti-terrorist financing efforts will be effective.

Implementing procedures for verifying customer identification, while potentially costly and time consuming, is a necessary cost for those looking to profit from the spread of virtual economies. Although this is a developing area of regulation, traditional banks have been implementing similar programs as they have shifted to online banking. This foundation has proven that such regulation is more than feasible.

Roderick Jones, an expert in the use of developing technologies by terrorist groups, has observed that “you didn’t have to speak ­Arabic in the mid-90s to know that terrorism had shifted its focus, and you don’t have to write code to understand it has changed again.” As terrorist financiers shift to unregulated financial sectors, law enforcement officials, and the tools at their disposal, must also evolve.

Efforts to disrupt terrorists’ ability to fund their operations will not succeed if they focus solely on the formal banking or mainstream financial sector. Law enforcement officials must implement a comprehensive counter-terrorist financing policy that will continue to effectively crack down on abuses of the formal financial sector, while implementing broader regulations for developing underground banking mechanisms such as virtual worlds. While this proposal will be neither easy nor popular, to stand idly by and allow the Internet to remain a place where criminals and terrorist groups can anonymously do as they please, is unacceptable.

Stephen I. Landman is the Director for National Security Law and Policy at the Investigative Project on Terrorism, one of the largest archival storehouses of open source intelligence on radical Islamic networks.
© FrontLine Security 2010



Critical Infrastructure Interdependency
Metrics-Based Assessment and Policy Indications
© 2010 FrontLine Security (Vol 5, No 3)

Most research into Critical Infrastructure Interdepen­dency (CII) is based upon ad hoc observations, anecdotes and partial incident-accounts which describe some but not all Critical Infrastructure (CI) sectors and their conditions after the incident. ­Metrics-based systems for understanding, mapping and modeling of CII have been evolving slowly.  

Operational risks within and among CI ­sectors are complex issues. Generally, CI sectors include Financial Institutions, Telecoms, Energy, Health, Transportation, Safety (Police, Fire, EMS), Food, Water, Manufacturing and Government (regulation and social services). To the extent that analytical approaches have been applied to CII, they have been addressed through methodologies such as Threats-Risk Assessments (TRAs), which typically focus on discreet assets and ­qualitative conclusions like “high / medium / low.” However, such assessment techniques do not scale, because the resulting data-set is usually incompatible for the purposes of aggregating findings from discreet assets to an organizational and executive level.

Efforts to assess CI interdependency, through “close-up” TRAs, stall and collapse under their own weight. In the absence of ana­ly­tical approaches to managing CII risks, intuition becomes the most common basis for policy and plans. Intuition often tells planners that Energy and Transportation is core to assuring public safety and ­prosperity. Yet, empirical metrics show that other CI sectors also have substantial impact on both security and prosperity, especially from a business perspective. This gap between intuition and empirical metrics represents a fundamental risk that, in some jurisdictions, policy may not support operational reality in times of crisis, and impacts will be amplified rather than dampened.

Modelling CII with Metrics
An approach to modeling CII is to look for lowest common denominator metrics to describe CII relationships quantitatively (in standard units which remain consistant from observer to observer); measures that can be used to describe CI inter-relationships, such as items those sectors consume and produce. For instance, all CI sectors both generate and consume money (value), therefore, flows of money (representing goods and services) among these ­sectors may be a good indication of interdependency. Data (information) is also both consumed and ­generated by all CI sectors; the extent to which one sector consumes information from another sector may thus be a useful indication of interdependency. Since no single criteria can measure CII indepen­dently (the systems are far too complex), correlation of a variety of “indicator” metrics, such as money and data flows, provide insights which go well beyond opinions and intuition – and creating a more solid foundation for policy.

The metrics presented here are representative of CII under ­normal operating conditions. While metric-sets describing CII vulnerabilities and risks under crisis conditions would be most useful, you would need a unique metric-set for each unique crisis or risk. Maintaining such metrics is not scalable. Instead, metrics under normal operating conditions can be applied to expose vulnerabilities which manifest into varying degrees of risk under all-hazards risk management. Risk practitioners can then apply metrics from normal operating conditions (as the baseline) against risks associated with a specific event and organization.

Applying metrics to critical infrastructure protection in this manner is new, and the indications presented are first generation. There is much more work to be done and refinements to be applied. The metrics discussed here are not proposed as definitive, final or flawless: they are indicative and establish a starting point for assessing operational risks associated with CI, using metrics as opposed to intuition and guesswork.

Inbound and Outbound Metrics
CII metrics can be categorized as “Inbound” and “Outbound.” “Inbound” metrics indicate the level of assurance required in the goods and/or services consumed from other ­sector players. “Outbound” metrics indicate the level of assurance placed upon the goods and/or services produced in a sector, by the consuming sectors. “Inbound dependency” therefore, indicates how strongly a CI sector needs the other sectors’ goods and services, and “Outbound dependency” – how strongly other sectors need a given sector’s goods and services. Inbound metrics provide insights into a sector’s possible supply-chain vulnerabilities, while Outbound metrics provide insight into the threats a sector may pose to other players.

CII metrics versus policy focus
It is an evolved convention among CIP policy managers that Energy and Transportation industries have been the subject of the most attention and public investment; while other sectors receive varying degree of attention. Is this appropriate?

Using a risk assessment process supplemented with CII metrics, this convention is shown to posses some gaps. For instance, while Energy and Transportation are indeed shown to be the most fragile infrastructures (validating the convention in part), other infrastructure such as Healthcare are found to be equally fragile. Similarly, when considering the cascading impacts on reliant sectors, Telecoms and Finance are substantially more intertwined with safety and prosperity than either Energy or Transportation. Yet, unlike Energy and Transportation, Telecom and Finance have been the recipients of far smaller, if any, public investment in CIP.

Overlooked and Undesignated Sectors
A useful by-product of econometric analysis is that critical relationships among designated CI sectors and undesignated (not considered CI) sectors become partially visible. In several cases, dependency relationships exist which imply that typical CI sector definitions around the world require further refinement, otherwise, critical supply chain elements and CII relationships lack even basic policy-­support. Policy support is important not only because it can lead to financial support, and it can also determine logistical support under emergency conditions. The table on the previous page ­represents an econometric view of some industries that are apparently critical to CI sectors, but not considered critical themselves under most definitions. In many cases these undesignated industries are more important economically to a specific CI sector than most if not all of the other designated CI sectors.  

Alternate CI support policies – tax credits and vouchers
One conclusion is that policy and public funding based on non-quantitative understanding of CI interdependencies is prone to flaws, even with the benefit of quantitative assessment. Governments generally do not possess enough knowledge of ­complex CI sectors required to understand CII comprehensively. An alternate approach would be to let organizations and their clients decide on their requirements for assurance independently through a market-based system of tax credits or user-vouchers. These incentives could be similar in nature to the ­successful Scientific Research and Experimental Development tax credits employed in many nations, such as Canada.

As an adjunct to tax credits (or independently), CIP vouchers equating to tax credits or subsidies could be provided to CI sectors to “spend” with their most critical suppliers. The suppliers would then claim back the value – not unlike successful instances of school systems and educational vouchers.

By making info-sharing an eligibility criterion for credits or vouchers, this system could add value by providing benefits to public safety entities that promote information sharing about threats and vulnerabilities.  

Tyson Macaulay, the Security Liaison Officer at Bell Canada, leads security initiatives addressing complex, technology solutions including IT assets, and regulatory/legal compliance requirements.
© FrontLine Security 2010



Partnerships for Safer Communities
© 2010 FrontLine Security (Vol 5, No 1)

Determined to avoid such a disaster in Canada, and concluding that there was a need for governments and industry to work “interdependently” to prevent an industrial accident of the Bhopal sort federal and provincial government departments and industry formed the Major Industrial Accidents Council of Canada (MIACC). One of MIACC’s major programs was Partnerships Toward Safer Communities (PTSC). An early participant in MIACC was Bill MacKay, a leading consultant in the area of Emergency Management.  Today, MacKay wonders whether we have broken down those old silos or retreated further into them as we are all forced to do more with less? As he read FrontLine’s article (fall ‘09), the old passion for the work began to stir again.  “We were really onto something special back then,” he thought.  “The PTSC was a great idea; could it be that there is finally the political will to make it a reality? Maybe now is the right time!?”

The Major Industrial Accidents Council of Canada (MIACC) facilitated collaboration between the public and private sectors, thereby preventing or reducing the probability of a major industrial accident and improving our collective capability to respond. Much was done in the areas of process safety management, risk management and emergency response to get public and private sector stakeholders working together through MIACC sponsored working groups and conferences and through the formation of PTSC.  Government support to continue these collaborative efforts started to decline and, eventually, without sufficient funding, MIACC was forced to cease operation in 1999.

Understanding the value of improving such interoperability and collaboration, the Canadian Association of Fire Chiefs (CAFC) stepped up to the plate and offered to take over PTSC.

Don Warden, then President of the CAFC, was really the key mover behind this interest in carrying on the PTSC program. The passion that Warden brought to the campaign to keep the PTSC alive was remarkable.  Under his leadership, the CAFC worked diligently to rally government and industry supporters to continue operating PTSC. The fire chiefs want to continue to help prevent a major hazmat (hazardous materials) incident in Canada as it would have significant potential to cause extreme harm in the communities they work hard to protect.

CAFC and other stakeholders worked diligently to continue Partnerships Towards Safer Communities, and some progress was made.  Unfortunately many supporting organizations, burned when MIACC ceased operation, were reluctant to support CAFC. Finally, in 2005, with dwindling hope of receiving financial support, PTSC was put back on the shelf.

Hazmat Response Visioning
One of the PTSC-related projects that Bill MacKay led was a hazmat visioning project that involved three levels of government and industry from across Canada; it had developed clear recommendations to improve hazmat response in Canada.  

Much had been accomplished; recommendations were ready for publication, plans to encourage and facilitate implementation were we being developed, and all else seemed ready to go. The recommendations applied to hazmat response and emergency response in general, however, without support for implementation, they continue to sit on the shelf.  The high level recommendations, summarized below, still apply today:

    Consistently implement standards for emergency preparedness and response
    Improve collaboration within the public and private sectors and between the public and private sectors
    Improve communication among key stakeholders and with the public

Progress and Challenges
Have we made progress since PTSC ceased operation? What are the gaps today?

Significant progress has been made on the PTSC goal of developing guidelines for community and industrial emergency management programs, however, they are not consistently followed (possibly die to a lack of awareness).  The NFPA 1600 and CSA Z1600 emergency management and business continuity program standards incorporated many PTSC guidelines, and are considered comprehensive world class standards. Furthermore, NFPA and CSA technical committees are in place to continuously improve these standards. Unfortunately, many who could benefit are either not aware of these standards or choose not to use them. A few Canadian communities strive to meet CSA Z1600, but many reluctantly meet only the minimum legislated requirements. This same gap applies also to other levels of government and public sector organizations. Generally, the lack of awareness of either of these two standards (or a lack of will to use them) poses a problem since they are critical to effective and efficient emergency planning for communities and other public sector organizations – including our schools, colleges and universities.  In the private sector, some companies meet the standards but many do not.

There is clearly a need to raise awareness about emergency management standards, to encourage their use, to develop and share best practices for implementing standard based programs and to recognize organizations that choose to meet them.  This is what Partnerships Toward Safer Communities was about, and the need is still there.

The Future for PTSC
Now that we have emergency management standards, the biggest challenge is to encourage their use for developing and upgrading emergency management and business continuity programs.  If PTSC is to be revived, what will be its primary purpose and how can it be organized most effectively to learn from past failures? The following suggestions may assist:

First, start with the best available standard; PTSC needs to work with the Canadian Standards Association and use the CSA Z1600 Canadian emergency management standard as the basis for a new PTSC.  This involves working with CSA to encourage use of Z1600.  It also involves developing and sharing best practices for implementing Z1600. Equally important, it involves communication and dialogue with the Z1600 technical committee to recommend upgrades to the standard.

Second, a compliance measurement must be established to gauge effectiveness of the overall emergency management program and provide recognition for good performance. It will help to work with the Emergency Management Accreditation Program (EMAP) and a number of Canadian organizations which have been working with EMAP for the past few years to make EMAP available in Canada. More partnerships to develop!

Third, technology must be used effectively to build and administer a new PTSC and rally the partners for a common cause. On-line communities using new social networks provide a way for potential supporters, stakeholders and users to collaborate without the need for costly administration, facilities, or travel. Some face to face meetings and workshops will certainly be required but they should be used only when necessary and to complement a sound web-based administration and communication system. To communicate with potential users and the public, a communication strategy that incorporates social media in addition to traditional media, should definitely be considered.

It is exciting to follow efforts to revive the PTSC.  

In addition to operating MacKay Emergency Management Consulting Inc. and 30+ years emergency management related experience in the oil and chemical industry, William MacKay has extensive experience in leading and supporting cooperative solutions to improve emergency management. His experience has involved both public and private sector projects for improved oil, chemical and LPG response.
© FrontLine Security 2010



CBRN and the Terrorist Connection
© 2010 FrontLine Security (Vol 5, No 2)

Post September 11, 2001, an increased sense of urgency has been paid to the threat of terrorism; more specifically, to the possibility that terrorists might resort to the use of a chemical, biological, radiological, or nuclear resources in a deliberate act of aggression. This notion was certainly reinforced when, in 2001, a domestic terrorist(s) mailed letters containing anthrax through the United States Postal System.

Perhaps as no surprise, governments in Canada acknowledged the threat, and increased their investment in building capacity and capability to respond to such incidents. For example, the 2001 federal budget allocated 513 million dollars over a six-year period to enhance the ability to respond to a CBRN event. At a provincial level, the (Ontario) Office of the Fire Marshall offered Terrorism/HAZMAT awareness level training, and, at the local level, CBRN response capable paramedics – such as the ones in Calgary and Ottawa – were trained.

Despite all of the time, energy, and money spent on preventing, mitigating, and preparing for terrorist use of a weapon of mass destruction, we find ourselves all these years later wondering how real the CBRN threat actually is. After all, there have been no real causes for concern. ...Or have there?

The prospects of a terrorist using chemical, biological, radiological, or nuclear material in a device as part of an offense are both frightening and real. Whether domestic or non-domestic, terrorists have demonstrated they already possess some Weapons of Mass Destruction, and are actively pursuing others. The will by these extremists to use WMD is well established. The threat posed by rogue states, non-state actors and the decentralization of traditional terrorist structures contributes to the likelihood that someone will exercise this option.
If terrorists are going to be able to use Weapons of Mass Destruction in pursuit of their goals, one requirement is that they actually possess one. By many accounts, this precondition has already been met. In the case of Osama Bin Laden and Al-Qaeda specifically, intelligence sources admit to the presence of WMD in their arsenal. Regarding specific capabilities, Al-Qaeda is understood to have been successful at acquiring radiological material at least once, for use in a dirty bomb. The discovery of a laboratory in Afghanistan was indicative of their limited Chemical/Biological capability, and confirmed by Al-Qaeda’s video release in which dogs are exposed to an unknown chemical, believed to be cyanide.

Besides Al-Qaeda, there are others who possess Weapons of Mass Destruction, though their financial resources and network make it easier. Aum Shinrikyo’s noted chemical stockpiles and their subsequent release of Sarin in the Tokyo subway system in 1995, the 2003 arrests of Algerian extremists in the United Kingdom for the production of the biological agent Ricin, and the possession of radioactive materials for use in bombs by Chechen rebels, all indicate that extremist acquisition is anything but trivial. While there is certainly no shortage of debate surrounding the ability of terrorists to inflict mass casualties, their possession of CBRN material is a historical fact.

The relative low cost and ease with which they can be obtained, certainly put CBRN well within reach of many terrorist entities. Consider first that many of the constituents used in the production of Chemical Warfare Agents have commercial uses. Simple Chlorine, used in the manufacturing of plastics, in pulp mills, in household bleach, and in the purification of water worldwide, was used as a weapon during World War I. During the Iraq war, chlorine-filled Vehicle Based Improvised Explosive Devices (VBIEDs) were used on many occasions. In fact, the sheer abundance and relative ease of availability of these toxic industrial chemicals makes them a more likely agent of choice for use in a weapon when compared to chemical warfare agents such as Sarin or Tabun.

Although there may appear to be tighter constraints on biological agents, such agents have been mail-ordered from legitimate sources or can be acquired from the natural environment. Radiological substances are common to medical diagnostic, therapeutic, and instrumentation applications. They are used to sterilize food as well as in gauging and measuring devices. Less potent sources can be found in exit signs, antistatic devices, and smoke detectors. While the processes of weaponization and dissemination that are required to produce mass casualties are significant technological obstacles, low-scale use of a biological or radiological WMD certainly exists. It is generally accepted that the greatest risk from nuclear attack of some kind is posed from state level sponsors of terror. Suffice it to say that, for the determined terrorist, the opportunity to acquire some kind of CBRN material for use in a device is not entirely inconceivable.

The current world economic situation may create a situation whereby terrorists are more readily able to acquire WMD materials or technologies from those who are willing to trade this off for financial gain. Consider that in 1998 impoverished workers at a Russian nuclear weapons facility conspired to steal 18.5 kg of highly enriched uranium, presumably to sell on the open market, or notions that Bin Laden has been able to recruit scientists to aid him in his pursuit of WMD. While these points suggest that chemical, biological, radiological, nuclear (CBRN) materials and/or the knowledge surrounding them are available for a price, the pressures being created by the global economic slump suggest increased opportunity for terrorist acquisition.

Rogue states certainly contribute to the increased likelihood of terrorist acquisition of CBRN weapons, especially considering that many of them have varying degrees of CBR or N capability already. These states are characterized as willing to take risks, whose leaders are not averse to using terror, and potentially Weapons of Mass Destruction, as a means to achieving their goals. Whether the differences with these states are historical, fundamental, or ideological, their direct or indirect sponsorship of terrorism is a concern. The lack of inhibitions characterizing rogue states, combined with their material potential, demands serious consideration. Instigated by the current political climate and foreign policy, there is a good chance that they could feel as though their interests and security are being subjugated. This could very well result in their contributing to extremist CBRN weapons aspirations.

The Will
While possession of CBRN materials is one necessary component, terrorists have both stated and demonstrated their willingness to employ them. Bin Laden has repeatedly declared war on the United States and threatened the use of Weapons of Mass Destruction, including the use of chemical weapons. In both its 2007-2008 and 2008-2009 Public Reports, the Canadian Security Intelligence Service (CSIS) reiterated that Canada has been specified as a target by Al-Qaeda. The reports goes on to mention that groups which include Al-Qaeda continue in their endeavor to acquire, manufacture, and use CBRN materials, and that the probability that such a device will be used somewhere in the world is likely to increase.

Still, the last decade or so is wrought with examples of both foreign and domestic terrorist CBRN use. In 2007, there were 844 injuries worldwide resulting from terrorist use of CBRN material. In April 2004 Jordanian authorities disrupted a plot by Islamic extremists to generate a cloud of cyanide gas in Amman. In the same year, a letter sent to the U.S. Department of Transport not only included a sealed container of ricin with a corresponding caution to use appropriate protection, but it also advised that attacks using this agent were imminent unless certain demands were met. Anthrax spores were mailed to Senators Daschle and Leahy of the U.S. Senate in 2001; and, in 1984, a U.S. domestic terrorist group successfully contaminated food in an Oregon restaurant in order to influence local elections. A broader perspective reveals that between 1975 and 2000 there were no fewer than 342 cases of terrorist use of a chemical or biological substance worldwide. While these are but a few examples and are by no means a comprehensive listing, they demonstrate that the threat from domestic and foreign extremists is real.

Increasing the pressure on regimes such as the Taliban, and Al-Qaeda has resulted in a decentralization of the traditional structure. Operatives are now dispersed and free to pursue their own agendas. Though state sponsors and even Osama Bin Laden could be considered to be more calculating in the use of CBRN, in the words of U.S. Senator Richard Lugar referring to fanatics, small disaffected groups, and sub- national factions: “Such individuals are not likely to be deterred…by the classical threat of overwhelming retaliation.” Has-beens and wannabes who choose notoriety above all else will pose a particular danger, as they become less constrained by centralized constructs, concepts of morality, and inhibitions.

It has been said that when someone shows you who they are, believe them the first time. While terrorist aggression was not the impetus for these words of wisdom, there is merit in the context. Assessing the probability of use of a chemical, biological, radiological, nuclear, weapon on a national basis alone is a major risk. In fact, it could lead to complacency. We cannot afford to dismiss worldwide precedents as alarmist, thinking that because it has not happened here as often, that the CBRN threat is an idle one. The materiel resources and know how for an offensive CBRN attack is not beyond the means of would-be terrorists or their supporters, especially considering the current economic and political climate.

The threat posed by rogue states as willing and able supporters of terrorism certainly contributes to the likelihood that someone will exercise the CBRN option. The decentralization of traditional terrorist organizational structures means increased autonomy for factions. This dispatch increases the potential for a terrorist CBRN attack by those groups or individuals who equate it with their own sense of purpose. History has already demonstrated that terrorists have CBRN substances within their possession, and that they are willing to use them. Canada must maintain its vigilance in light of this. The consequences of not doing so are well established.

Mario D’Angelo is a Senior Program Officer at Public Safety Canada.
© FrontLine Security 2010



Unisys: How Secure is Your Data?
© 2010 FrontLine Security (Vol 5, No 3)

In today’s electronic world, criminals routinely use sophisticated means to steal personal identity data from both public and private organizations. As the stability of identification credentials is breached, one response is to turn to the collection of biometrics. Biometric identity solutions are emerging on a global scale as nations and industry recognize the integral role it will play in non-transferable, unique identification. However, as Canada’s Privacy Commissioner notes, many organizations, ”fail to adequately protect this sensitive information – leaving it vulnerable to hackers and identity thieves.”

One vulnerability occurs because current security practices often focus on collection and storage of the data, but ignore the risk incurred by the transmission of this data across network lines and geographical borders. As David Gardiner, Unisys expert in network security states, “one of the best defenses against an enemy, like a hacker, is to be undetected on the network.”

Government departments who collect and transmit personal identification data must protect privacy by assuming the responsibility of being stewards of that data throughout its life and use and ensure it can’t be breached either at rest or in motion, even when crossing department, geography, or network boundaries. Stewardship requires acknowledgement of all risk types and opportunities – from policies against carelessness, to technical solutions preventing access or manipulation.

Securing network equipment is a costly but necessary investment. First of all, maintenance is expensive and, as an additional complication, government enterprises often need to place data collection and supporting network devices in difficult-to-access remote locations as well as in mobile collection points such as airplanes, ships or vehicles – anywhere laptops are used.

Working with requirements from the U.S. Department of Defense to create a solution to maintain the secure separation of different classifications of data coexisting on a single network or shared storage, Unisys Corporation pioneered a ground-breaking solution that provides end-to-end military-grade data protection.

The Unisys Stealth Solution for Networks is a transformational solution that secures data-in-motion and controls the sharing of information within or across networks by employing an innovative cloaking technique. The cloaking technique provides unsurpassed security by making the end point devices invisible. “If you can’t be seen on a network, you can’t be attacked,” explains Gardiner. “Stealth provides government and commercial users with defense-grade protection of data that gives them confidence in their stewardship of sensitive information.”

Unlike virtual private network (VPN) options, Unisys makes communication from Stealth-enabled endpoints undetectable. Stealth is neither policy- nor device-based; it manages communications to multiple endpoints based on user authentication, regardless of device used.

Unisys Stealth Solution for Networks is deployed on existing communication networks, using the infrastructure investments already in place. It provides cost reduction through consolidation and cost avoidance in its ability to reuse network equipment, to limit environmental impact, and to reduce administration overhead. The solution also provides public service with forward-looking agility – not only in deployment but also in use.

With access dependent on login credentials, the user can be physically located just about anywhere. Any updates or changes to credentials can be centrally administered. Role changes (access rights) are easy to accomplish by the site’s identity management administrator, but each user’s credentials are securely wrapped with user-specific certificates.

Unisys Stealth Solution for Networks assures security by cryptographically transforming information using a bit-level, data-splitting algorithm that weaves the data into the very fabric of the network. The Stealth Solution cryptographic module is FIPS 140-2 certified through the use of SecureParser by Security First Corp and is “under evaluation” for Common Criteria EAL4, enabling Unisys Stealth to operate at classified levels within the military space and providing military-grade protection against attacks on data in motion as well as at rest.

Unisys Stealth Solution for Networks allows users in different agencies and orga­nizations to work securely on the same network, resulting in a cloaked network that secures data-in-motion and hides servers and PCs in plain sight. Unisys Stealth provides an economically viable, environmentally responsible option for government agencies who must now be stewards of the personal identification information they collect and transmit to protect and manage their citizens’ needs.

To discuss how Unisys Stealth Solution for Networks, Stealth Solution for Storage or Stealth Solution for Secure Virtual Terminal could secure your business transactions and data, please contact UNISYS CANADA: 613-940-4523.
© FrontLine Security 2010



Criminal Intelligence: Leadership Needed
© 2010 FrontLine Security (Vol 5, No 1)

Secrets may be meant to be kept, but when it comes to ­solving crimes, police organizations need to share information. When it comes to breaking organized crimes and destroying criminal networks, real “intelligence” needs to be shared securely.

By ensuring that strategic intelligence, in particular criminal intelligence pertaining to organized and serious crime, is appropriately stored and shared, police effectiveness and efficiency is maximized. And, although there are national entities in place that have been entrusted with the collection, storage and sharing of strategic intelligence, such as Criminal Intelligence Service Canada (CISC), Canadian Security Intelligence Service (CSIS), Royal Canadian Mounted Police and many others, the current governance and or overarching plan or process to ensure that all intelligence and information has the potential to be controlled by a single national entity which may not necessarily be representative of the Canadian policing community.

In Canada during the early 1960s, concerns were rising regarding the activities of organized crime and the ability of sophisticated criminals to infiltrate and corrupt even the highest of places including those of the executive offices of Ministers of the Crown. In July 1965, at the Federal-Provincial Conference of Premiers, the issue of organized crime received special attention from the premiers and they agreed to delegate this topic to be discussed at a further meeting of their attorneys general.

The Minister of Justice for the Province of Quebec, Hon. Claude Wagner, proposed the idea of a centralized crime intelligence bureau formed to collect, analyze and disseminate intelligence on organized criminal activity for the use of all police services in Canada. This body, said the report of the Conference, “should coordinate the struggle against organized crime in Canada.” To action this point of discussion, a resolution was passed and the Committee on Crime Intelligence was created, comprised of four senior police officials from across Canada.

The Committee’s commentary regarding the challenges faced by law enforcement in combating organized crime in the early 1960’s is more applicable than ever some forty years later:

“…the day has passed when police forces acting independently can control this menace. We are dealing with specialists in crime, a circumstance which demands a departure from established investigative techniques. Furthermore, we are dealing with crime at a time when modern science with its transportation, communication and other facilities defies any one police force to handle its crime problems single-handed. It is essential that a common effort of all the forces be rendered feasible by close liaison.”

The strategy required to mitigate this threat has yet to be fully realized:

“We emphasize that an efficient and effective apparatus for gathering and exchanging crime intelligence is contingent upon strong police participation at each level (local, provincial, national and international) within Canada, and through close co-operation with similar agencies in other countries… Only through the creation of mutual trust, confidence and respect between police forces and, of more importance, between the individual members of those forces, will we arrive at a satisfactory arrangement for the exchange of crime intelligence.”

It is important that the public safety, police and law enforcement leadership take the lead in establishing a national intelligence sharing process that captures the essence of activities relating to an “all hazards” approach and a mechanism in which this information is shared in a timely fashion. Furthermore, it is clear that this venture must result in public awareness and accountability but also support the men and women on the front line.

The Current environment in Canada, as it pertains to the sharing of Intelligence, is that it continues to function in a “stove pipe manner” with most of the key government agencies such as DND, CSE, CISC and RCMP maintaining their own data bases with no intra operability. In essence, the sharing and communication of intelligence continues to be based on relationships and interim agreements.

The USA found itself in a similar situation immediately after the attacks of 9/11 and proceeded to develop intelligence “Fusion Centers”. The main question facing the USA was: How can law enforcement, public safety, and private entities embrace a collaborative process to improve intelligence sharing and, ultimately, increase the ability to detect, prevent, and solve crimes while safeguarding our homeland?: The Fusion Center Guidelines state, in part, “The need to develop and share information and intelligence across all levels of government has significantly changed over the last few years. The longstanding information sharing challenges among law enforcement agencies, public safety agencies, and the private sector are slowly disappearing. Yet, the needs to identify, prevent, monitor, and respond to terrorist and criminal activities remains a significant need for the law enforcement, intelligence, public safety, and private sector communities.” The direction that has been set for the Fusion Centers is:

“Data fusion involves the exchange of information from different sources—including law enforcement, public safety, and the private sector—and, with analysis, can result in meaningful and actionable intelligence and information. The fusion process turns this information and intelligence into actionable knowledge. Fusion also allows for relentless re-evaluation of existing data in context with new data in order to provide constant updates. The public safety and private sector components are integral in the fusion process because they provide fusion centers with crime-related information, including risk and threat assessments, and subject-matter experts who can aid in threat identification.”

Recent, and ongoing, events have clearly demonstrated the urgent requirement for an appropriate “all-source” approach to the collection, storage and sharing of intelligence. There needs to be a well defined and functional interoperability amongst all intelligence agencies. As well, key issues such as governance, policy development, standardized and certified training that reflects the entire community are required. The ultimate goal is to provide a process through which all levels of government, law enforcement and the private sector can come together with a common purpose and improve the ability to protect the Canadian public and prevent criminal activity. There must be a process which maximizes available resources and builds trusted relationships in order to enhance information and intelligence sharing.

Almost 50 years ago the senior public safety and law enforcement leaders in Canada recognized that a collaborative and integrated response to combating organized crime was required. From those early meetings, the Criminal Intelligence Service Canada was born. Through these many years the CISC mandate has focused on intelligence pertaining to organized and serious crime affecting Canada. It has carried out this mandate in an environment where organized crime groups operate increasingly beyond the limits of one jurisdiction, enabled by new technologies, prompting law enforcement to approach the fight against organized crime in a multi-jurisdiction, multi-organization fashion. Experience over the past several decades has demonstrated that the criminal intelligence community must operate in a similarly integrated manner to deliver products and services that provide leaders in law enforcement, as well as government, the ability to develop strategies and policies to combat organized and serious crime. Unfortunately, recent events in Canada, as well as around the world have shown that intelligence can no longer operate in a segmented fashion, the mixing of criminal and terrorist activities have brought forth the weakness in this process.

Canada needs a new multi-faceted intelligence process designed to enhance the ability of local, provincial and federal criminal law enforcement and security agencies to identify, target, and remove threats and activities spanning multi-jurisdictional and, sometimes, international boundaries. The new system needs to facilitate rapid exchange and information sharing among the agencies regarding known or emerging threats and enhance coordination and communication amongst all agencies. For this to become a reality, Canada will need the same sort of leadership and vision that the government and law enforcement leaders demonstrated almost fifty years ago as it pertained to organized crime. However, this time what is required is a truly integrated intelligence process. This will require a state-of-the-art technological solution so that all threats to the Canadian public and the country’s critical infrastructure can be combated.

© FrontLine Security 2010



Terrorism Financing
© 2010 FrontLine Security (Vol 5, No 2)

Terrorism financing is a global problem requiring effective and coordinated solutions at the national, regional and multilateral levels. Fighting it, however, is costly; and measuring success is challenging.

Indeed, in our extremely inter-connected world, where trillions of dollars are transacted through formal and informal markets daily, tracking suspicious transactions is a herculean task. Counter-terrorism experts must keep pace with terrorists and terrorist organizations as they adapt to newly-introduced regulatory frameworks and countermeasures and find new ways to move funds, within and across jurisdictions. Additionally, financial regulators face the dilemma of imposing rules and regulations to track suspicious activity that may prove difficult to monitor and enforce, and could seriously impede the free flow of financial resources.

To be sure, to the extent that financial resources are the lifeblood of terrorist operations, Combating the Financing of Terrorism (CFT) is an important counter terrorism tool that may prevent future attacks from taking place; disrupt operational capabilities of terrorist organizations; prevent alliance formation, training and recruitment of future terrorists; and prevent the acquisition or development of deadly weapons.

We need to continue our efforts to combat the financing of terrorism because, far more important than the amounts intercepted themselves, following the money trail enables the gathering and sharing of information by law enforcement across jurisdictions that can then serve to identify and destroy terrorist cells and networks. To that end, closer international cooperation, better monitoring, and greater enforcement of rules and regulations are needed; as well, more research into incentive structures that induce good behavior and cooperation between countries must be envisaged.

To understand this, one should understand the main actors involved in the fight against terrorism financing, recognize some of the challenges they face, and examine the implications of combating the financing of terrorism within the financial system.

Main Actors
Since 9/11, considerable resources have been devoted by states and international organizations to combat the financing of terrorism. The U.S. adopted the Patriot Act, which among other things, strengthened measures ‘to prevent, detect and prosecute international money laundering and financing of terrorism.’ In October 2001, the Financial Action Task Force (FATF), an intergovernmental body created in 1989 to deal with money laundering, extended its mandate to combating the financing of terrorism. The UN Security Council adopted Resolution 1373 shortly after the 9/11 attacks. The Council also created a Counter Terrorism Committee to monitor state compliance with the resolution and provide expert assessments and counter-terrorism technical assistance to member countries.

There are now more than 100 national financial intelligence units (FIUs) around the world that process and share information about suspicious transactions related to money laundering and terrorism financing.

Several countries have reformed their anti-money laundering (AML) and counter-terrorism financing or Combating the Financing of Terrorism (CFT) regulations to conform with the standards set by the Financial Action Task Force (FATF). The latter has issued several recommendations on AML/CFT and ­collaborates with other international organizations such as the UN, the World Bank, and the IMF. For example, the IMF has facilitated information sharing, encouraged good practices, and provided technical assistance to countries such that they may comply with AML/CFT standards established by the FATF.

The FATF has also encouraged the ­creation of FIUs (which now meet informally as the Egmont Group to share information and expertise) and regional-type FATF bodies.

Canada’s financial information unit is the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) that was created in July 2000 under the Proceeds of Crime (Money Laundering) Act. The Act was amended in 2001 to become the Proceeds of Crime (Money Laundering) and Terrorist Financing Act. In 2008-2009, FINTRAC received some 68,000 suspicious transaction reports and made 556 case disclosures (more than double the amount in the previous financial year) to various law enforcement agencies, about 10% of which were related to terrorism financing, and more than 80% related to money laundering.

Money Laundering and Terrorism Financing
The FATF framework addresses both money laundering and combating the financing of terrorism (AML and CFT) and links these two phenomena. However, motivations and objectives behind money laundering and terrorism financing are ­different, and they thus require different investigative techniques.

Jordanians denounce terrorism in front of Radisson Hotel in Amman.

Money laundering is carried out for profit, and the illicit proceeds of crime are hidden or transformed so that they can be used legally or re-invested in criminal organizations. Most money laundering activities such as drug trafficking, embezzlement and corruption are not related to terrorist activities though terrorists may engage in money laundering.

The complexity of transactions carried out by money launderers makes them hard to detect; techniques range from movement to offshore accounts where anonymous banking is allowed, or breaking large deposits into small amounts that are below the thresholds considered suspicious by authorities.

In the case of terrorism financing, funds can originate from both legitimate and criminal proceeds in the placement stage. For instance, we have seen countless examples where money collected by community-based organizations and charities are diverted to terrorists. An interesting example in the Canadian context is the World Tamil Movement, a community-based organization which has been under investigation by the Royal Canadian Mounted Police and Government of Canada since 2006 and listed as a terrorist organization in 2008. This led to Canada’s first conviction in 2010 for financing a banned terrorist orga­nization, the Liberation Tigers of Tamil Eelam (LTTE). Traditional AML techniques that focus on the placement stage are not helpful when the source of funding is legitimate. Instead, CFT should focus on the integration stage and move up the system to identify contributors. In fact, one of the fallouts of the 9/11 attacks was a recognition that existing money laundering controls at the time, due to their focus on illicit flows, could not detect the hijackers’ transactions.

However, when the source of funding is illegal, AML techniques are equally applicable. In other words, as one builds capacity (by investing financial resources, providing training and so on) to combat money laundering and terrorism financing, it is important to recognize the variety of methods of detection and prevention that may be required.

Informal Networks
The relatively low cost of conducting terrorist operations, when compared to amounts of money laundered, makes the former harder to detect by law enforcement. The 9/11 attacks, which required extensive planning, are estimated to have cost less than half a million dollars, whereas the U.S. Embassy bombing in East Africa, and the Madrid train bombing are estimated to have cost US$50,000 and US$10,000 respectively. Furthermore, as formal financial sector regulations become tighter, terrorism financing activities are increasingly moving to informal value transfer systems (IVTS), also known as Hawalas; trade-based money laundering; and cash couriers.

IVTS have become more popular in recent years as a result of increased international labour mobility and improvements in information and communications technologies. Given the importance of ‘trust’ in these systems, record-keeping is often lacking or minimal. They are also cheaper and faster than formal transfers. For the most part, IVTS are used for legitimate transfers, such as when migrant workers send remittances to relatives in their home country, however, it is a real challenge for law enforcement to distinguish legitimate from illegitimate transfers.

In the case of trade-based money laundering, this can take the form of false invoicing or the exchange of easily-transportable high-value commodities like gold or diamonds. Customs and border agencies often lack resources to track suspicious transactions. With increased trade liberalization and the complexity of such transactions and financing mechanisms, the trading system has become increasingly vulnerable to exploitation by both orga­nized crime and terrorists.

Illicit cash couriers have also been linked with money laundering and terrorism financing, again as a response to increased regulations in the formal financial sector. Couriers leave no paper trail and are difficult to detect. For instance, cash couriers purportedly played an important role in the 2002 Bali bombings.

The complexity of transactions makes them hard to detect.

Besides knowing the methods used to transfer money, it is equally important to understand who is behind these transfers. Although some countries have been identified as state sponsors of terrorism, private funding seems to have grown in importance in recent years, partly because ­countries resent the international isolation that results from being labeled as ‘state-sponsors’ of terrorism. Private sources include ‘legal’ ones such as personal donations, charitable organizations and business profits that are deliberately used to fund terrorism. These sources are sometimes hijacked by terrorists, so that donors may not always know that they are supporting terrorist activities.

In recent years, reports have surfaced that trade in a variety of goods are also connected to terrorism. Certain sectors of the economy (for example, construction) are also more vulnerable to terrorist activities. Such trends follow the practice of criminal organizations to launder money, and use businesses to fundraise and provide sensitive material. On the other hand, it is rather difficult to see any clear trend that tends to be favoured for fundraising by terrorists. Most use a combination of different methods as a direct response to the range of institutional and regulatory frameworks that they face. As we have pointed out, distinguishing ‘legal’ from ‘illegal’ sources of financing can be helpful in determining the choice of detection technique and approach.

Implications for the Financial System
A well-functioning financial system is vital to the process of economic development. When left unchecked, money laundering and terrorism financing can severely damage the integrity and stability of this system.

Even when financial institutions work together reasonably well by pooling risks, the inevitable presence of asymmetric information, where one party to a transaction has more information than the other party, gives rise to the well-known problems of moral hazard (borrowers behaving differently once they are given loans) and adverse selection (borrowers being mostly of the risky-type). As a result, financial institutions tend not to be able or willing to exercise due diligence in differentiating illegal transactions from legal ones, and imposed government regulations become necessary to force them to do so.

Regulators are equally affected by information asymmetries. They cannot perfectly monitor whether financial institutions are responding to their requests, and regulations ultimately need to factor in the incentive structure faced by these institutions. Clearly, when regulations are lacking, as in the case of offshore financial centres (OFCs), there is a higher likelihood that these will be exploited for criminal and ­terrorist activities. For countries that derive much of their revenue from the financial sector, and where the benefits are high compared to the costs of organized crime or terrorism (which tend to take place in other places and do not affect them directly), unless international regulations and standards are strictly enforced or alternatives presented, they have no incentive to behave differently.

Similarly, in the case of IVTS, these can be the result of formal market restrictions such as limits on foreign exchange transactions or artificial interest rate ceilings. They serve a legitimate clientele whose needs cannot be met elsewhere, and policies that try to regulate them should consider reasonable alternatives such as making the ­formal financial system more attractive. Options for accomplishing this could include reducing transaction costs, providing attractive financial services and products, or through educational programs that can foster trust in the ­formal financial systems. Also, regulations should not disrupt the flow of services completely (especially the ones that are for legitimate reasons). For example, an extremely costly and burdensome regulatory framework may well force some of these IVTS’ underground, making them harder to detect. More importantly, collaboration between law enforcement and financial institutions in terms of sharing timely intelligence about best ­practices (both detection and reporting) is essential in fighting terrorism financing.

The Way Forward
Notwithstanding the difficulties and challenges in tracking terrorism financing, it remains an important tool in the arsenal of counter-terrorism. The collection and sharing of financial and technical information needs to be continually improved at the national and regional levels, and international cooperation must be improved. Despite considerable efforts in fighting ­terrorism financing, we have yet to see the emergence of an international body that can coordinate global efforts to fight this global problem. This is necessary because criminal and terrorist organizations are rational actors that have been able to adapt quickly to changing environments.

Law enforcement, the intelligence communities and financial institutions must stay ahead of the game; existing regulations need to be enforced and monitored, and any regulatory structure should factor the incentives of actors to respond to it, by, for example, proposing alternative systems, or compensating good behavior as well as sanctions for those who do not comply.

Yiagadeesen Samy is an associate professor at the Norman Paterson School of international affairs at Carleton University (www.carleton.ca/~ysamy).
© FrontLine Security 2010



Teaching Safe Text
By FrontLine Staff
© 2010 FrontLine Security (Vol 5, No 3)

Concerns surrounding children and teens sending sexual messages, nude photos and videos via text messaging is on the rise, yet the vast majority of kids are unaware of the short-term costs and the long-term ramifications associated with their actions. Since adolescents are less inhibited by technology, it’s important they are aware of the risks and know how to deal with situations these new technologies present.

While some teachers have introduced safe texting education, there is definitely a gap in the delivery of comprehensive text education programming in schools.

To address this, the Canadian Centre for Child Protection developed the textED.ca program, which consists of an innovative and interactive new website and a series of associated lesson plans for teachers to use with their Grade 7 students. Importantly, all of the lessons are tied to provincial curriculum outcomes, making them ideal for use in classrooms right across the country.

From learning how to deal with textual harassers to helping teens deal with stress or a break-up, the textED.ca website incorporates games, quizzes, discussion pages, and other fun tools to help them navigate through the issues.

In partnership with the Canadian Wireless Telecommunications Association, the Canadian Centre launched textED.ca as a four-month pilot project in January 2010. More than 350 Grade 7 classes participated – 1292 users signed on, and 441 teachers signed up for access to the lesson plans.

“Considering the main form of communication for much of today’s generation is through text-messaging, the need for safe-texting education is imperative,” says Lianna McDonald, Executive Director of the Canadian Centre for Child Protection. “There is a shared responsibility to teach our kids how to use this technology safely. Like parents, many teachers are struggling with the issues that arise from this technology. It’s a completely new area they didn’t have to deal with before. TextED.ca will help them address texting in a fun, interactive way.”

Law enforcement officers, dedicated to online child sexual exploitation investigations across the country, have never been as well trained and equipped as they are today. “Even so,” says Det. Sgt. Kim Scanlan with the Toronto Police Services Child Exploitation Unit, “we desperately need parents and young people to be more proactive about their online safety.”

Designed for students in Grade 7 and higher, the website provides a fun, interactive platform for children to learn about the short-term costs and the long-term ramifications associated with texting. The lesson plans help educators teach safe texting and life skills that will allow them to fully benefit from what is now a very public, technological world.

Cell phones – and especially text messaging – have become “one of the most important tools for Canadian families to stay connected and keep safe,” says Bernard Lord, President & CEO of the Canadian Wireless Telecommunications Association (CWTA). “But it is essential that young people be educated about the appropriate and responsible use.”

All text message fees associated with playing this game have been waived so the game is free to all Canadian users. Thanks go to Canadian wireless service providers: Bell, Fido, Koodo, MTS, SaskTel, Solo, Rogers, TELUS, Vidéotron and Virgin Mobile for waiving fees and for their ongoing support of the Canadian Centre for Child Protection.

© FrontLine Security 2010



Maritime Domain Awareness
© 2010 FrontLine Security (Vol 5, No 1)

Effective Understanding for Decision-Making
We can see from the definitions offered in Part 1 of this article (see Winter 2009/2010 edition) that an “effective understanding” of the Maritime Domain must come from a knowledge of the facts -- whether they originate from geo-spatial surveillance and reconnaissance data or intelligence analysis and assessment.

This Australian system, while composed of different players than Canada, could serve as a rough policy model for future MDA Strategic development in Canada.

By finding the means to bring ­individual parcels of information from different departmental sources together in a central pool, then ­analyzing the data and fusing it with background intelligence data through comparison and selection, we can create a common picture. The implementation of an ­organizational architecture that ­formalizes and directs the legal exchange and compilation of information will go a long way to achieving that goal. A lead agency must be selected to organize the fused data into a recognized picture that provides ­maritime domain awareness (MDA) to facilitate informed and timely decisions. Such awareness greatly improves coordinated actions in response to an event or an identified threat.

Information sharing
There have been challenges in gaining this “effective understanding” we call MDA. In the years following 9/11, the Privacy Act, the Access to Information Act, and the Canadian Charter of Rights and Freedoms were often listed by departmental representatives as causal factors for not sharing data between the various departments and agencies of government. This phenomenon was observed when, well before the advent of the Maritime Security Operations Centers (or MSOC s), departmental representatives, counseled by legal staff, named these acts as part of the reason that information management and data exchange projects could not go forward as conceived – even after senate used its considerable influence to move these projects forward.

Not only software projects are involved here – the Maritime Security Operations Centers (MSOC), the Integrated Threat Assessment Centre (ITAC), the Government Operations Centre (GOC), and numerous other federal, provincial, and even municipal committees need to have clarity in the area of information sharing as it pertains to the law and government policy.

Eric Lehre, a Dalhousie doctoral candidate, has found through his research that there seems to be no valid legal reason for these laws to impede the flow of information from one department to another – given the right conditions. Lehre points out that the Privacy Act unambiguously authorizes the transfer of data between Canadian government agencies under four situations: paragraph 8(2)(a) of the act permits this if the institution receiving data will use it for the “same purpose” (which could be interpreted as a limitation); paragraph 8(2)(b) authorizes transfer if another act, for example the customs act, authorizes information release to other government bodies (and it does so in a very strict manner allowing for transfer of information relating to the national security or defence of Canada); paragraph 8(2)(e) authorizes transfer if the data request is from an investigative body; and paragraph 8(2)(f) authorizes transfer if the two institutions engaged have an agreement or arrangement and the purpose of the transfer is tied to “administering or enforcing” a law.

At first blush this seems to offer ample maneuvering room for the sharing of data amongst maritime security departments and agencies. Indeed, in 2004, the Auditor General stated, “we noted that privacy concerns were often cited as the reason why agencies could not exchange information. However, officials were not able to show us any legal opinions, specific references to legislation or judgments as a basis for that position.”

In 2006, the Joint Commanders of the CANUS Bi-National Planning Group stated in their final report: “although national laws and policies permit the sharing of information, this direction is not routinely being followed at the mid-level management and analyst level.”

Now, there is quite clearly a valid distinction between government departments sharing one-on-one under the above stipulations and the compiling of data from numerous, like-minded departments in a single data-base for comparison and analysis in an “integrated information environment.” This is the popular idea of “connecting the dots” against a diverse and well-organized threat. Lehre does not broach the latter scenario, nor does the Auditor General report. It is important to keep these two scenarios separate when dealing with the legal aspects of MDA. The compilation of data by numerous government bodies is an area where more analysis and recommendations are needed. If it is found that the laws should be changed in this specific area, it is only through such analysis supporting a change to legislation that this could happen. This is a central issue for MDA.

As can be seen by Australia’s legislation after their Olympics in 2000, Canada’s government should consider giving strong direction to departments concerning the sharing of data for MDA and any other national security requirement that is allowed under our current laws. This sharing should take place between federal-level departments, between federal and provincial governments, even between federal and provincial with municipal governments – and it must be defined clearly and unambiguously. Moreover there should be unambiguous direction on how to share national security information with members of the private sector who are in need and can handle the security information properly. The bureaucracy must be encouraged to follow these protocols.

DND Photos

MDA in the Arctic
Let us switch to another priority legal and policy issue that concerns MDA. The actual exercise of sovereignty over the portions of the arctic that Canada has claimed has posed problems for successive Canadian governments for years. Commander Guy Killaby, a naval officer of Canada’s Judge Advocate General organization, has placed this problem area in context by stating that “the appeal of the arctic has always been rooted in Canada’s national mythology, rather than in any compelling substantive interests that might have prompted a long-term strategy or a significant investment.” Part of this ambivalent attitude can be traced to the history of Canada’s unrequited claims of arctic sovereignty. The broader question of whether Canada’s arctic waters are internal or international has been left unresolved.

Over the last century, Canada has founded its notion of sovereignty over the arctic territory, continental shelf, and associated waters on three different legal bases: the sector theory, historic waters, and, finally, straight baselines in accordance with UNCLOS. While the legal principles supporting each of these approaches are distinct, they have shared the common need to demonstrate Canada’s “historic rights” to the archipelago and the surrounding waters. The difficulty in having those rights universally accepted has proven troublesome.

Commander Killaby reports that Canada worked very hard during the negotiations of the law of the sea convention to have the language of Article 234 included in the final text, allowing coastal states to adopt and enforce “non-discriminatory laws and regulations for the prevention, reduction and control of marine pollution from vessels in ice-covered areas within the limits of the exclusive economic zone....” It is perhaps a weakness that the article is not specific to Canada, and allows all coastal states to adopt and enforce non-discriminatory pollution regulations. The issue is not “ownership” but legal status of the Northwest Passage - internal waters versus international strait.

Nonetheless, a very recent Globe and Mail article reports that the Canadian government is solidifying its sovereign control over the waterways of the Northwest Passage by designating the waters of its eastern entrance as a national marine conservation area. In this way, the potential agreement would not only protect the region’s delicate ecology, but would bring it under a Canadian regulatory regime. Moreover, the government has announced the intention to make NORDREGs mandatory for the 2010 shipping season. This is a good start – but there continues to be a need for a long range strategic plan to resolve the matter of legal status of and responsibility for the Northwest Passage (NWP) and arctic waterways. Perhaps the first stage of such a strategy in this area would be to influence international legislation in such a way as to consolidate Canadian legal strategies in this area and set the conditions for the national security initiative over the long term.

Nationally-Coordinated Civilian Air Contract Services
In another priority area of Canadian MDA policy, there are two points of interest that need to be highlighted. Both originate from examples that our allies in Australia have worked hard to implement. The aircraft and vessels of Border Protection Command (formerly Coastwatch) make up Australia’s significant “civil surveillance” activity and are often the face of maritime security in the media. MDA in Australia is based on the well-known approach of layered surveillance sensors that paint a picture of what is transpiring in the maritime areas of responsibility and collection and analysis of information and intelligence that underlies the picture. What makes Australia’s approach to domain awareness different from other countries is its heavy emphasis on civilian air contract services. To achieve an impressive ninety percent surveillance coverage rate in the most vulnerable areas of the north and northwest, they utilize a fleet of leased fixed-wing civilian aircraft, helicopters (specifically for the Torres strait), and supporting maritime patrol aircraft from the Australian defence force. Seventeen aircraft are employed on 4500 surveillance flights annually to cover 392 million square kilometers. Based on early intelligence synthesis, air resources are sent to the right place at the right time to counter potential threats.

DND Photos

A National MDA Centre
These sensor resources are backed up by radar satellites (RADARSAT) and signals intelligence (SIGINT) on all coasts. The radar picture and accompanying information collected from each of these platforms is transferred electronically to the National Surveillance Centre in Canberra. In this second MDA approach, input from regional centers is collected three months prior to the period of interest, compared with input from other regions, assessed against intelligence for probability of occurrence, weighed for economic, social, and environmental severity, and then assigned a common risk score. From these reports, the central authority can mete out air and sea security resources according to the assessment priority. Australia has been able to increase the number of apprehensions of illegal migrants dramatically in the last decade by placing the right resources in the right area at the right time. By connecting the regional centers to the national center and clarifying the command structure through legislation, the Australian levels of government have been able to centralize and standardize their coordinated surveillance effort.

This Australian system, while composed of different players than Canada, could serve as a rough policy model for future MDA strategic development in Canada. The establishment of a central, integrated, national-level maritime domain awareness centre that brings a National Maritime Picture (NMP) together and is fed from the MDA centers from the “four oceans” of Canada is a possible strategic consideration for the long term. With ongoing analysis of the burgeoning gateway and corridor systems that are binding trade and security together in a strategic package, an integrated national system for maritime domain awareness would not only provide an effective understanding of the Canadian maritime domain, from which a large percentage of goods and services arrive, but would enable our national security organization to give early priority to resource distribution and interaction with allies.

Strategic Considerations
It is apparent that a number of broad themes for enhancement and strategic positioning for MDA loom in front of us. Strategy sets priorities, and in so doing sets a continual engagement of government towards allocation of resources. Long-term procurement plans are thus linked to strategy. National-level MDA strategy that lies below the framework provided by the NSP must, first and foremost, be comprehensive.

We have come a long way since the early days after 9/11 in the area of MDA. In Canada, we have worked hard at the regional levels on the four activities of maritime security and at the national level we have made good progress in legislation and policy towards national security goals. It may be impossible to go a lot further without a Canadian National Security Strategy to guide follow-on strategies in transportation security, maritime security and, of course, maritime domain awareness. The National Security Policy made a start – now a policy movement toward legislated strategy must come into being.

It appears that the areas of law concerning information sharing (particularly the integration issue) and a legal strategy for the arctic are the most pressing for MDA researchers. In the policy realm, investment should be made for research aiming at a central, integrated, MDA center (probably more than just maritime-oriented) that is supplied by business-smart surveillance and an intelligence-fed methodology which assists Canadian decision-makers to adopt a preventive stance against the threats and risks of this modern era. The research and analysis that is focused in these areas will no doubt increase the capability of Canada to achieve the long sought after “effective understanding” of all things maritime that surround us.

DND Photo

Eight strategic considerations have emerged from recent research in the field of maritime security:
  1. Enhance information sharing in government and between government and private industry. Set national standards for finding commonality in the collection, analysis, and sharing of information;
  2. Enhance technology – surge research and development in areas of C4ISR that deal with the challenge of persistent maritime surveillance in the arctic (particularly in approaches and choke points of the Northwest Passage), in the closer quarters of lake and river systems (Great Lakes and St Lawrence River), and in coastal waters between territorial limits at 12nm and the EEZ limit at 200nm.  The oncoming implementation and distribution of LRIT will be a fine step forward here;
  3. Consolidate legal strategies in international law for Canadian claims to sovereignty in the arctic – culminating in a plan that asserts Canadian interests in the arctic (whatever they may be) to our arctic neighbors and competitors before the international courts;
  4. Enhance security networks – continue to build coalitions and partnerships with the burgeoning global maritime communities of interest that are being spurred on by the U.S.;
  5. Establish a central, integrated, national-level maritime domain awareness center that brings the national RMP from the MDA centers of Canada’s four major “ocean regions” and to the federal level and shares its actionable information with the national security machinery of government;
  6. Base the central, integrated, national-level MDA centre’s operations on an intelligence-led methodology (like the Australian Maritime Identification System (AMIS)) that assesses risk from regional centers across the country and executed plans to distribute marine security resources to mitigate predicted risk;
  7. Understand inter-modal relationships linked to marine security such that information-sharing and response can be leveraged across the security spectrum; and
  8. Encourage departments and agencies of the marine security community to shape human resource planning to move in a multi-year cycle from policy development phases to resource procurement phases, to capability implementation phases – with self-audit and improvement throughout.

Doug Hales, a former naval officer and DRDC analyst, is currently a Senior Consultant with CAE Professional Services. He can be reached at doug.hales@cae.com

Peter Avis, recently retiring as a Naval Captain after a 33-year career in the Canadian Forces, is now a Senior Consultant at Lansdowne Technologies Inc. in Ottawa. He is the author of the book “Comparing National Security Approaches to Maritime Security in the Post-9/11 Era.” (avispca@hotmail.com)
© FrontLine Security 2010



Intergraph Corporation
Reducing the Opportunity For Threat
© 2010 FrontLine Security (Vol 5, No 2)

ETS dispatcher uses Integrah CAD to respond to security incidents.

Military airports and ports are a crucial part of effective daily ­operations. The potential for becoming a target of terrorism is greater than ever before, yet military installations must often work with a limited amount of funding and technology to implement effective security measures. Security details are entrusted with developing solutions to many challenges, including:

  • Interoperability between many levels of base and military authorities to provide 24/7 vigilance
  • Ever-increasing threats to military transportation infra­structure, cargo and crew such as hijackings, chemical and biological weapons, and vehicle-born improvised explosive devices (VBIED)
  • Adherence to emerging standards and best practices
  • Increase in operations and maintenance needs
  • Lack of personnel resources and expertise
  • Balance between safety and risk with operations

Military transportation security solutions must address many different requirements – from large facilities with highly controlled access points such as airports and seaports to truck and fleet security in Canada and in foreign deployments. Traditionally, security management has occurred by employing numerous one-size-fits-all stovepipe technologies of devices, screens, keyboards, and systems. Effective responses were often thwarted by false alarms due to the lack of integration between detection and assessment technologies.

Why integration?
Integrating your transportation security systems with a solution such as those from Intergraph® gives your installation a highly ­flexible, decision support system. It fuses vast amounts of complex data from disparate security systems into an easy-to-assimilate, common operating picture to simplify monitoring, improve detection accuracy, and speed up responses to all types of security issues and threats.

Essential elements of a best-practice transportation security system
The best integrated transportation security solutions incorporate a suite of applications that work well individually or seamlessly in concert. While many current military solutions only detect and possibly assess potential security threats, end-to-end systems such as those from Intergraph enable you to prepare for, prevent, detect, respond to, and recover from an event. Integrating the ­following elements gives your military airports, seaports, and fleets the best possible defense against a security intrusion.

Communication Interfaces: Effective communication requires seamless coordination between CAD, radio, and telephone systems. Transportation security systems such as those from Intergraph provide a unified communication interfaces so urgent information is shared quickly and accurately.

Computer-Aided Dispatch/Web: The most effective transportation security systems incorporate an interactive, real-time map display with call handling, dispatching, information management, remote access, and mobile data. Intergraph’s CAD Web-based application gives your security team the power of CAD over the Internet without having special CAD software installed on a computer.

Consequence Management: Managing consequences is vital to minimizing damage and recovering from major events. The best solutions to maximize port and airport protection provide an ­environment to build and manage a response plan through the ­presentation of objectives, strategies, standard operating procedures, and checklists. Intergraph transportation security software additionally allows feedback on plan compliance is provided throughout the event life cycle to allow for status checks and corrections if necessary.

Incident Detection: Recognizing an incident has occurred is the first step in preventing or reducing harmful consequences. Incident detection provides a single environment to detect and assess transportation threats by interfacing with access control systems, intrusion detection systems, radar systems, and video analysis. By integrating multiple devices, the best integration systems present a complete picture of the target, and helps determine whether a response is warranted.

Planning and Training: Transportation security response plans must be tested and personnel trained to ensure perfect execution in the real world. The best planning and training tools such as those from Intergraph use simulation to provide a virtual-world ­experience.

Video Assessment: Choose transportation security integration solutions with video management applications to provide you with an effective way to identify a target and assess if a threat exists. The most complete transportation security integration solutions, such as those from Intergraph, provide robust tools for organizing, pre-processing, managing, and integrating geospatial data for advanced image exploitation and geospatial intelligence fusion. When used in conjunction with CAD, these offer a streamlined solution to view targets, assess threat levels, and manage appropriate responses.

Benefits seen in airport and port deployment
Military airports are continuously looking for ways to improve their ability to detect threats to their cargo and troop carrier systems, monitor the activity of crew, troop and airport personnel, advance communications between operations and security personnel, and thwart the risk of terrorist attacks. By providing a common operating picture, an integrated transportation security solution such as those from Intergraph acts as a force multiplier, providing a decision-support system that allows airports to reduce false positives, easily share and communicate vital information, and focus limited resources on confirmed threats.

Canada’s military depends on our naval forces to effectively transport military supplies, troops, and provide active defense over long distances and times out at sea. The importance of our naval bases makes them a potential target for terrorism or criminal activities. An integrated transportation security solution such as Intergraph’s helps military port security agencies protect cargo, troops, port infrastructure, and the surrounding waters; and prevent, detect, and respond to threats.

Intergraph is your transportation security expert
Canadian and international military forces, law enforcement agencies, security organizations, and intelligence agencies have all benefited from Intergraph’s thought leadership, our strong ­customer and partner relationships, and our client-driven approach. Drawing from our strong technical heritage, we have the knowledge and experience needed to secure military populations and assets, integrate disparate transportations systems, and deliver solutions that meet our customers’ most demanding requirements.  

To learn more about Intergraph’s transportation security solutions and to discuss this article, contact shane.loates@intergraph.com.
© FrontLine Security 2010



3 R's of emergency Management
© 2010 FrontLine Security (Vol 5, No 3)

Developing and implementing a comprehensive emergency management program can provide organizations with a structured capability to continue operations in the face of a major emergency or business disruption. A comprehensive emergency management program involves a complete process aimed at reducing loss and protecting assets from all types of hazards through a risk-based program of prevention, mitigation, preparedness, response and recovery activities. It provides a roadmap for organizations to sustain good corporate governance, retain the confidence of stakeholders, and manage its reputation in the face of a major emergency. Simply put, an effective emergency management program can prevent an emerging crisis from becoming an organizational and personal disaster.

Emergencies have become more complex, widespread and severe. A natural or human-induced disaster can happen anytime, anywhere. We have seen many examples: pandemics (SARS); power outages (2004 blackout); acts of terrorism; IT & communication system failures; and natural disasters. Any one, or any combination, can suddenly and severely impact an organization, large or small, and the economic consequences can be severe.

All organizations face a certain amount of uncertainty and risk; in the quest to ensure sustainability of operations and maintain resilience and performance, yet they must have an effective system to manage hazards and threats. This approach must include not only the traditional focus on preparedness and response, but also with emphasis on prevention, mitigation, business continuity, and recovery activities. This essential, comprehensive approach to managing emergencies is prescribed in the 2008 CSA (Canadian Standard Association) Z1600 Standard on Emergency Management and Business Continuity Programs, which was based on the NFPA 1600 Disaster/Emergency Management and Business Continuity Programs standard.

CSA Z1600 outlines the requirements for a comprehensive emergency management program that incorporates a risk-based, all-hazards methodology, integrating emergency management and business continuity programs for a total program approach. This benchmark allows organizations to evaluate or initiate an emergency management and business continuity program that will work for their unique circumstances and requirements.

Already well-received by its key audiences, the CSA Z1600 Technical Committee met in Ottawa in October 2010 to begin work on the 2nd edition. The committee, consisting of first responders, private sector and non-governmental organizations, emergency management and business continuity specialists and all levels of government, will investigate how the standard can be improved. Alignment with government policy initiatives and addressing barriers to implementation are key objectives of the Technical Committee’s work. The Committee will also endeavour to identify and review relevant domestic, regional and international EMBC standards, guidelines and best practices to determine how to build additional value and acceptance for the Z1600 standard.  

Ron Meyers is a Project Manager for the Occupational Health and Safety Program, with the Canadian Standards Association. Ron’s current responsibility includes the development of Canadian National Standards and information products in the areas of emergency management and protective equipment and systems.
© FrontLine Security 2010



Security of the 2010 Olympics
© 2010 FrontLine Security (Vol 5, No 1)

The largest security operation in Canadian history ­successfully wrapped up the Vancouver 2010 Winter Olympics. Main security operations ended 48 hours after the principal sporting events finished. Security needs for the Paralympic Games (March 12-21) were ­significantly reduced.


Vancouver taken from a CH-146 Griffon helicopter during a familiarization flight in preperation for Exercise PEGASUS GUARDIAN 3. (DND Photos)

An estimated 2,500 athletes, their coaches, and other support staff participated in the Winter Games. Approximately 10,000 media representatives covered the Olympics, including the opening ceremonies in B.C. Place Stadium, where more than 60,000 people gathered to cheer on the teams of 81 participating countries.  

Many officers, much territory to secure
The security force for these Olympics consisted of some 6,000 police officers; 4,000 Canadian Forces troops; and 4,800 private ­security guards. The operation was unprecedented for Canada in terms of size, complexity, and cost; the original security budget of $175 million in 2002 ballooned to $900 million seven years later. In addition to Olympic venues in Vancouver and Whistler, 129 km of highway between the communities had to be secured, as well as hundreds of kilometres of coastline and thousands of square ­kilometres of airspace.

Possible security threats to the 2010 Winter Olympics were domestic and international. In January, CTV News reported, “The U.S. government is advising American sports fans travelling to Vancouver for the 2010 Winter Olympics to watch out for al-Qaeda and other extremists, especially on transit and in restaurants, churches and other areas outside official venues.” A U.S. State Department webpage said, “Al-Qaeda’s demonstrated capability to carry out sophisticated attacks against sizable structures – such as ships, large office buildings, embassies and hotels – makes it one of the greatest potential threats to the Olympics.”

While the Canadian Security Intelligence Service reportedly kept tabs on various parties of interest, it was unknown if a group of individuals or a “lone wolf” would initiate an attack during the Games just to make a point. Both have happened in the past. In ­September 1972, members of the Palestinian militant group, Black September, took members of the Israeli Olympic team hostage and later killed 11 team members and a West German police officer. The mistakes made by the West German police during the crisis that ­contributed to the hostages’ deaths triggered the formation of ­Grenzschutzgruppe 9, the elite counter-terrorism and special ­operations unit of the German Federal Police, two months later.

During the 1996 Summer Olympics in Atlanta, Georgia, a ­former US Army explosives expert named Eric Rudolph remotely detonated three pipe bombs surrounded by nails that he put in a military field pack and placed at the bottom of a concert sound tower in the Centennial Olympic Park. The device was the largest known deployed pipe bomb in American history, weighing more than 40 pounds (18 kilograms). A security guard discovered the pack and alerted police. Nine minutes later, Rudolph called 911 to deliver a warning. As people were being cleared from the area, he set off the bomb, which killed one person and wounded 111 others. According to a written statement by Rudolph, “…the purpose of the attack on July 27 was to confound, anger and embarrass the Washington government in the eyes of the world for its abominable sanctioning of abortion on demand.” His aim had been to force cancellation of the Games, or at least create a state of insecurity.

Vancouver 2010 Integrated Security Unit
To prepare for and oversee security for the Winter Games, the Royal Canadian Mounted Police (RCMP) formed the Vancouver 2010 Integrated Security Unit (V2010 ISU) in 2003. This unit included the RCMP, Vancouver Police Departments, South Coast British Columbia Transportation Authority Police Service, the Canadian Forces (CF), Canadian Security Intelligence Service, and Canada Border Services Agency. Other organizations involved in marine or aviation security aspects of the Olympics included Transport Canada, the Canadian Coast Guard, Nav Canada (national air ­traffic services provider), the port authorities for the Vancouver Port, Vancouver Airport, and Abbotsford Airport (east of metro Vancouver in the Fraser Valley), Alpha Aviation (manages the Boundary Bay Airport south of Vancouver in the city of Delta), CYNJ Airport Management (manages the Langley Regional Airport to the east of Vancouver), and the Victoria (BC) Airport Authority.

A V2010 ISU webpage noted: “The RCMP and its partners take a measured security approach to global events. A strong security presence will not be visible – unless circumstances warrant. The security plan [is] based on operational need. The level of security will be determined by our threat assessments – based on information from a wide range of sources and agencies.”

In June 2006, then-Chief of Defence Staff General Rick Hillier wrote in his Initiating Directive (a document that formally authorized the CF to begin assisting the RCMP with security plans for the Olympics): “It must be understood that the V2010 Games are a sporting event, not a security one. Forces and other dangerous individuals or organizations may seize this moment to further their aims using violence. Canadian security forces, and the CF, must therefore be poised to detect, deter, prevent, pre-empt and defeat threats and aggression […] while respecting, as much as possible, the spirit of the Olympic Truce. CF support to this aspect of the V2010 Games will need to be ­discrete to the general public. CF ceremonial support to the federal government will be in the public eye to the extent desired by the government. In both cases, it must be understood that the CF shall remain in a supporting role and at no time should staff at any ­levels attempt to take the lead.”

MCpl Chris Ward/DND

In early January 2008, a large, grey airplane, a CP-140 Aurora from Canadian Forces Base Comox on Vancouver Island, could be seen flying over downtown Vancouver as it conducted aerial ­surveillance and mapping of Olympic venues.

The Vancouver Sun reported in May 2008 that security forces would use a variety of surveillance technologies, including closed-circuit cameras and electronic sensors in Vancouver and Whistler. Hundreds of surveillance cameras were installed, and facial-recognition software was used to help security personnel keep track of ­visitors. The surveillance ‘web’ prompted Dr. David Lyon, Director of the Queen’s Surveillance Project at Queen’s University in Kingston, Ontario, to dub the Olympics “the Surveillance Games.”

Marine security zones were instituted around waterside venues during the Games, and temporary passenger screening ­facilities were set up for flights in and out of Vancouver Harbour (on floatplanes and helicopters). Controlled and restricted areas of airspace, from Whistler to the U.S. border and from Vancouver Island to the Fraser Valley, were in effect between January 29 and March 3. All aircraft, pilots, and passengers ­flying into the region had to pass through security screening, regardless of how many people were onboard or whether the flights were commercial or private.

Richmond Firefighters don HAZMAT suits during an emergency preparedness exercise for Op Podium.

RCMP Air Services and the CF provided aircraft for Olympics security. CF-18 jets were at-the-ready in case any errant or hostile aircraft needed to be intercepted, and Griffon helicopters were deployed in forward operating bases in case Joint Task Force Two, Canada’s Special Forces unit, needed to be airlifted to a location. Medevac aircraft were also put on stand-by.

Due to a lack of hotel space, police officers brought in from across Canada were housed on cruise ships docked in the harbour.

Security Exercises
The 2010 Olympic Integrated Exercise Program included three major security exercises – Bronze, Silver, and Gold – to prepare police and military forces, emergency responders, port authorities and other parties for the Winter Games. Exercise Bronze, held in November 2008, examined regional security and safety issues. Three months later, Exercise Silver practiced security and safety plans, procedures and interoperability between departments and agencies. In November 2009, Exercise Gold involved local police, fire and ambulance services and some 140 federal, provincial, municipal, and private sector organizations in two full-scale, live-action terrorist attacks. Mock casualties were simulated and communications and coordination were tested during this final exercise.

Assistant Commissioner Bud Mercer, V2010 ISU Chief Operating Officer, said the exercises represented “years of planning, integration and preparation with local, provincial, national and international safety and security partners,” also noting that “the safety and security inter-agency cooperation and relationships will remain in place for years to come.” Rear-Admiral Tyrone Pile, Commander of Joint Task Force Games, added, “The Canadian Forces are proud to support the RCMP in securing the 2010 Olympic and Paralympic Winter Games. Contributing to the safety and security of Canadians here at home is our first priority.”

In September, the Canadian North American Aerospace Defense Command (NORAD) Region conducted Exercise Fabric Virgo in the skies over southwestern B.C. to get ready for the 2010 Winter Games. The exercise covered areas of Vancouver and Vancouver Island and involved CF-18 jet fighters escorting civilian-looking ­aircraft at low altitudes. The training was done in coordination with Nav Canada to familiarize air traffic controllers and NORAD personnel with airspace operations in the Lower Mainland (metro Vancouver and surrounding communities). The airspace is among the most complex in the world in terms of how it is organized relative to terrain, aerodromes, navigation aids, and other elements.

Sgt Frank Hudec/DND

By October 2009, V2010 ISU Assistant Commissioner Bud ­Mercer was confirming the next level: “We are now moving into the critical final phase of planning and implementation before becoming fully operational early next year. One of the key aspects that has mirrored the planning cycle is the need to exercise and test our security plans. The ISU has an extensive exercise program that has been up and running for the past two years. Pegasus Guardian 3 and Spartan Rings [which took place October 19-23, 2009] are part of that overall preparatory process. This police and Canadian Forces focused exercise allows the ‘security pillar’ to be validated in terms of protocols and procedures.”

Exercises Pegasus Guardian 3 and Spartan Rings were full-scale, functional exercises aimed at validating the readiness of the RCMP-led V2010 ISU and all security partners. The scenarios, reportedly developed from lessons learned during previous exercises Exercise Pegasus Guardian 2 and Exercise Silver in February 2009, were designed to challenge the ability of security forces to successfully overcome a spectrum of potential threats to the Games. Key areas for validating included tactical procedures, communications and command and control.

“These events have been strategically designed and will be tightly controlled with the guiding principles of safety and security for all exercise participants and the public,” Mercer added.

“At the conclusion of Pegasus Guardian 3 – Spartan Rings we are confident that the V2010 ISU and its key security partners will be prepared for the final Privy Council Office led confirmation exercise – Exercise Gold.”

American Preparations
With many Olympic events being held just 50 kilometres from the international boundary, U.S. authorities organized major resources in case of a terrorist attack, earthquake, or other significantly negative event affecting Americans during the Games. In 2005, the State of Washington appointed a 2010 Olympics task force, and a $4-million Olympics Coordination Center was subsequently established 37 kilometres south of the B.C. border at the Bellingham Airport. Starting in July, personnel from 40 federal, state and local agencies in the U.S. simulated several possible emergencies. While Security Exercises Bronze, Silver, and Gold took place in Vancouver, parallel events were being held in Tacoma, Washington.

Cpl Roderick Hopp/DND

The U.S. government reportedly spent $500,000 on pre-Olympics training exercises involving American emergency workers and financed an upgrade to a mountaintop communications tower to improve contact between first responders and Washington State highway patrol officers. “Our role is mainly coordination in case something happens on our side of the border,” Robert Calkins, a spokesman for the Washington State Patrol, told the Vancouver Sun in July. Throughout the Olympics, the U.S. Coast Guard and RCMP conducted integrated marine cross-border law enforcement to ensure that no terrorist or criminal threat penetrated Canadian waters from the U.S. side.

Security Threats, Responses and Breeches
Many Canadians were unaware of the fact that there was significant opposition in B.C. to the Olympics and a great deal of anger felt by Vancouverites and other B.C. taxpayers who have to pay the lion’s share of $6+ billion in bills for related projects, programs, and operations. (In 2000, people in metro Vancouver were told by politicians and officials from the Vancouver Olympics Committee (VANOC) that the Games would cost less than $1 billion.) In January 2008, the Globe & Mail reported, “An array of activists, from aboriginal groups to anti-poverty fighters, oppose the Winter Games, fearing the impact of the mega-event on Vancouver’s poor, the environment, and the B.C. balance sheet.”

Angry British Columbians have committed acts of violence in the past against large projects. In May 1982, a bomb was detonated at a B.C. Hydro substation on Vancouver Island, causing $5 million in damage. More recently, between October 2008 and July 2009 six bombs destroyed or damaged EnCana Corp. pipelines and wellheads in the northern part of the province. At least one British Columbian, an anti-oil industry activist known to police, is suspected of having been involved in the bombings.

A Security sweep of the fountain at the Olympic Oval in Richmond during Operation PODIUM (Exercises PEGASUS GUARDIAN 3 and SPARTAN RINGS).

Opponents to the Olympics organized and carried out several protests during the Games, most of them peaceful, albeit “energetic.” However, during one demonstration on February 12, a small group of protesters clad mostly in black wearing dark balaclavas ‘armed’ themselves with a ladder, a hammer, and some chairs and went on a rampage, breaking store windows. Police responded and arrested more than one dozen people; charges included vandalism, disturbing the peace, assault of a police officer, and mischief.

On the day before the 2010 Winter Games officially began, a long, plastic cylinder wrapped in tape was found beside some diesel tanks in the Lonsdale Quay in North Vancouver and reported to police as “suspicious.” The Quay is on the north side of Burrard Inlet, across from downtown Vancouver and the Convention Centre where media companies from several nations set up operations. The Lonsdale Quay is also the north terminus of the SeaBus, which crosses Burrard Inlet from Vancouver’s Waterfront Station, not far from the Convention Centre. North Vancouver RCMP responded quickly, shutting down the Quay, its bus loop, and SeaBus traffic for three hours while canine and explosive disposal units combed the facility and RCMP helicopter Air One circled overhead. A robot was used to remove the package which contained... a fishing rod.

During the first week of the Olympics, a mentally ill man using a home-made laminated pass slipped past security at B.C. Place ­Stadium and got within yards of U.S. Vice President Joe Biden, who was seated in the VIP box. After being confronted by two undercover officers, the man, who later told police he was infatuated with Biden, tried to escape into a nearby hallway and was arrested. Fortunately, he was unarmed.

While the Olympics ended without any other major security incidents, its controversial legacy lingers. More than 200 people employed by the City of Vancouver and Vancouver School Board are losing their jobs due to insufficient funds (city and B.C. government spending on the Olympics exceeded $1.5 billion). Also, in Prince George in northern B.C., eight of the area’s 48 schools are being shut down due to insufficient provincial funding. Gordon Campbell’s government is reportedly shoring up revenues with $778 million taken from a provincial insurance reserve fund.  

Blair Watson is a Contributing Editor at FrontLine Magazines. He is based in British Columbia.
© FrontLine Security 2010



One Last Thing
Making ''sense'' of the dollar and cents debate.
© 2010 FrontLine Security (Vol 5, No 2)

This issue of FrontLine Security provides a fascinating look into the full spectrum of financial issues in the security and crime investigation worlds. These subjects are frequently overlooked especially by our increasingly sound byte-driven media and political decision makers. That’s unfortunate because, as several articles in this issue make clear, understanding the financial circumstances that can empower criminality or terrorism is a pre-requisite to designing effective strategies to thwart and prevent them.

Appreciating the financial consequences of how we choose to deal with crime or security is also a subject that ­merits closer attention. Putting G20 Summits in Toronto or letting the Department of Justice run the Gun Registry are high profile examples of this choice-consequence reality, but there are many more that, frankly, involve a whole lot more money and desperately need to see the informed light of day.

This thought occurred to me as I listened to shrill accusations from someone opposed to Bill C-25 (the Bill that would finally eliminate career and bail breaching criminals getting not only credit but ­double or triple credit for time served before they were convicted of their latest offence... that’s right… we actually reward people at sentencing who are denied bail because of their continuing criminal conduct).

This goofy practice emerged in the late 90s, when some members of the Ontario ‘juristocracy’ decided that the conditions in remand facilities weren’t up to snuff. So, rather than put down their gavels and run for office to change things, they abused their discretion under s.719(3) of the Criminal Code and started automatically increasing ‘credit’ for thugs lawfully and properly denied bail.

Guess what? The criminals and their lawyers quickly figured this out, and it had immediate con$equences. Why go to trial quickly or plead guilty now when you can delay and get double or triple credit for every day in remand? Duh!!!

Remand populations skyrocketed… jail sentences got shortened (although you have to read the fine print as the same judges like to pretend they’re handing out ‘tough’ sentences), and provinces who pay for remand and prisons for sentences under two years saw their costs increase. That explains why changing this law has been at the top of the Provincial justice reform agenda for years.

Having lost the battle when the Bill passed, the ‘we know best’ crowd are now claiming that these measures will cost untold billions which has largely gone unchallenged. Given all the variables, no one can completely predict the exact financial costs, but my instincts as a former Crown Prosecutor and justice system analyst suggest that, absent the incentive, remand populations and times will decrease, court backlogs will shorten, and more criminals will end up in federal prisons than provincial prisons. Those are all savings which should be added to the accounting ledger. It is true that some offenders will get longer provincial sentences and that there will, one hopes, be an increase in the federal prison population of these repeat offenders who are the target of this reform. By all means, add that to that calculation. Let’s also add a reduction in the number of crimes these same guys commit at a disproportionately high rate, which means less police investigations, prosecutions and incarceration.

Why can we do that? Because these thugs will be in custody longer which is a good thing. As anyone familiar with our lego-centric ‘justice’ system will affirm, it is very expensive to investigate and prosecute serious crime in Canada – which is why we save a ton of dough when we prevent them in the first place. Prevention, however, includes denial of opportunity as much as it does self awareness counselling.

Let’s put in place a fully informed, objective accounting system to track the real cost of this reform… and I’m betting, if we don’t let the Criminal Defense Lawyers Association do the bean counting, we’ll actually save money.

While we’re at it… let’s apply the same approach to s.6 that will repeal s.745 and deny convicted murders – supposedly serving ‘life’ sentences with no chance of parole for 25 years – the current ‘right’ to seek a backdoor early parole after only 15 years, and every two years thereafter if they don’t get out early immediately.

I attended Clifford Olson’s 745 hearings with the victims’ families, and I have never been more ashamed of our justice system than I was then. Getting rid of this ‘right’ for murderers will cost money because far too many are released early but, again, let’s be sure we deduct the cost of all those hearings that won’t be held for those that wouldn’t have qualified.

This cost analysis is equally important on measures we haven’t taken. The failure to put in place a modern biometric bad-guy lookout system is a big part of why hundreds of deported non-citizen criminals get back into our country – where we find them… after they have committed new crimes. The cost? Think tens of millions annually.

We also haven’t figured out how to expeditiously remove non-citizens who commit crimes. This, in large measure, is because our laws require their consent if we do it while they’re serving their sentence. Just as bad, because CSC and CBSA don’t collectively prioritize the removal of these criminals. The result? Virtually all of them end up being granted parole (?!), so they get out of jail early while supposedly awaiting removal.

There’s one sure way to prevent removal under the current system, and that is to commit a new crime – because the law forbids removing such a person until the new proceedings are completed and they’ve finished their sentence. Think revolving door with another tens of millions annual price tag.

Not having a joint force mobile intelligence-led border interdiction force means drugs and guns on our streets, and the crime and costs that come with it.

Not using electronic monitoring on select offenders means foregoing an effective supervision tool that increases offender compliance in a cost-effective fashion.

This financial lens should also include examining the results we get in security and criminal justice expenditures. How about making the Air Travellers Security Charge a statutory dedicated revenue fund with mandated purposes instead of yet another ventricle into the black hole of general revenue? The list goes on.

The federal Government needs to ensure that there is an objective and informed accounting of their intended security and criminal justice actions – because $ensible policies and laws in the long run inevitably make financial sense as well. $ound and $ensible $ecurity!!!

Scott Newark is an Associate Editor at FrontLine Security magazine.
© FrontLine Security 2010



One Last Thing
The Omar Khadar Case
Time for a Lesson Learned Analysis
© 2010 FrontLine Security (Vol 5, No 3)

With the latest, but by no means last, chapter now concluded in the long running Omar Khadr saga following his guilty pleas and sentencing, it’s a good idea to reflect on how these events came about and why so we might be able to prevent them in the future.

U.S. Defence Press Operations, Pentagon, on Oct 31, 2010 shows a file photo of Omar Khadr constructing an IED.

First things first; because Omar Khadr was physically (and deliberately) born in Canada, he is entitled to the benefits of our citizenship which is the real reason why Canadians even know his name. Khadr is part of a self described ‘Al-Qaeda family’ whose parents acquired Canadian citizenship and thereafter used it in ways most Canadians would think should result in its revocation. A change to the Citizenship Act would be required to make that possible in the future. Lesson One.  

Among the loudest, and oft repeated, claims cited by Omar Khadr’s well scripted advocates is that he was a ‘child soldier’ and thus the American authorities were morally akin to Darth Vader for prosecuting him under their Military Commissions Act. Khadr was, in fact, only 15 when in July 2002 he was captured following an armed battle between US forces and the al Mahdi fighting unit his father Ahmad had created and enrolled him in. U.S. Army medic, Sgt Christopher Speer, was killed when a grenade was thrown as he checked the scene for casualties. Khadr’s lawyers have always denied their client threw this grenade but their supposed evidence of the impossibility of this allegation itself exploded during the only day of actual evidence at his trial.

Readers will recall that his lawyer promptly fainted thereafter causing a six week delay in proceedings during which the plea bargain deal was made. Supposition aside, Khadr plead guilty to the ‘murder’ of Sgt Speer and as well to four other ‘conspiracy’ counts which boil down to being part of Al-Qaeda and helping the Taliban and making and planting roadside bombs targeted against NATO forces. The fact that a video of him making and planting those bombs was found and entered as evidence (after running on 60 Minutes) was something Khadr’s defenders preferred not to discuss while shrieking his innocence.

The concept of ‘Child soldiers’ comes from the brutal practice of kidnapping, raping and drugging young children by West African warlords who then used the deranged kids for their own thuggish purposes. That ain’t Omar Khadr. Having said that, is there any doubt that he is what he is… and did what he did... in no small measure because of how he was “raised” by his Islamo­fanatic parents? If he’d have been planting bombs in Ajax instead of Afghanistan we’d have still arrested and prosecuted him but you can bet that we’d have paid much closer attention to the evil influence of his parents including by prosecuting them under s. 215 of the Criminal Code for failing to provide the ‘necessaries of life’ as parents. We might also ask some pointed questions about where the army of child welfare workers on the public payroll were when the indoctrination of him and his siblings was going on. Those questions have relevance today. Lesson Two.

Omar Khadr was clearly a low level foot soldier with a high level family pedigree. Back in 2002, to have captured someone whose family dinner guests and associates included the world’s most wanted terrorists and whose knowledge included how money was raised abroad and transferred, how safe houses and training camps were set up and run, who had attended them was an intelligence coup to say the least. Not to have interrogated him would have been nothing less than dereliction of duty and that goes for the gentle CSIS and DFAIT interviews of him in 2003 and 2004.

People tend to forget that the U.S. was not obliged to prosecute him at all as, having clearly established he was an enemy combatant, the US Supreme Court (Hamdi v Rumsfeld –2004) had authorized him being held until the ‘end of hostilities’. See ya in 50 years Omar. Unlike terrorists like Khalid Sheikh Mohammed who has plotted and directed the murder of thousands of non combatant civilians, Omar Khadr was engaged in battle with opposing military forces when captured. By choosing to criminalize the process of what to do with him, the US created a procedural and public relations scenario from which they are only now emerging. Lesson Three.

Finally, right wing commentators to the contrary, leaving him in U.S. custody until the end of his sentence means his ultimate return to Canada almost certainly without supervision which is a very bad idea. Bringing him back while we have lawful parole supervision authority, with the ability to generate admissible evidence for post warrant expiry supervision orders (810.01 CC) if necessary, is our new ‘homegrown’ reality. Lesson Four.
Stay tuned for the next chapter – because you know it’s coming!

Scott Newark is an Associate Editor at FrontLine Security. This commentary is published with permission of www.ipoltics.ca
© FrontLine Security 2010



C3 Technology Needs
© 2010 FrontLine Security (Vol 5, No 1)

The range of highly advanced technology available to first responders is truly astounding. From cognitive radios to real-time field draw screens, record fire perimeters and 3-D personal tracking devices, first responder agencies are inundated with technological choices. Many of these technologies are being developed as spin-outs from defense contracts and grants. Others are entrepreneurial inventions targeted directly toward the primary response market. But what really are the needs of first responders? And perhaps equally important, is there a technological gap developing between the “haves” and the “have nots” in the world of response agencies.

In the modern world of limited resources, developing an aggressive technology development program is not an easy task -- technologies are constantly evolving, the nature of emergency response is becoming more complex, and the interdependence between different local, regional, state, and national response units is becoming more acute. The difficulty of framing an effective technology development and acquisition strategy for this sector is evident not only at the level of individual agencies struggling under severe budgetary pressures, but also at the national policy level. Funding for first responder technology development and acquisition comes, primarily, through various federal grant, contract, and investment programs.

Needs assessment
The Center for Commercialization of Advanced Technology (CCAT, a SPAWAR funded consortium located in San Diego, California) recently managed studies on first responder needs. The studies were conducted for the 1401 Technology Transfer Program within the Office of the Assistant Secretary of Defense (Homeland Defense and America’s Security Affairs). The outreach goals of the 1401 Technology Transfer Program are specifically to expedite the successful transfer of technologies to first responders and expand the use of technologies to the broader ­public safety community.

Consisting of over 100 interviews and focus groups with senior management of first responder agencies in several U.S. states, the study examined first responder agencies subject to a variety of natural and manmade critical incidents including wild fires, hurricane, flooding, winter storms, chemical spills, bio and nuclear threats, earthquakes, and port security. The agencies included local and regional law enforcement, fire departments, bomb and arson squads, HAZMAT units, central dispatch managers, port security teams, military, and offices of emergency management from small and large, urban and rural communities. While our studies covered a number of different technologies, the focus here is primarily on the specific areas of Command, Control & Communication (C3) for 1st responder situational awareness.

Enhancing Situational Awareness
In general, all first responders identified Interoperability of 1st Responder Communications and Merging of Data, Voice, Video, and Text as the major technology needs. These issues have been consistently identified by many other studies and after actual large-scale disasters such as the 2005 Hurricane Katrina in New Orleans, the 2003 and 2007 wildfires in San Diego, and the 2010 earthquake in Haiti where numerous and diverse agencies responded. Continuous technology improvements are being implemented in these areas. However, it is important to note that seven other categories were also identified. Many of these technologies have not received much attention, or are fairly new inventions. Table 1 summaries the technology needs by category, with examples of responses.

Rural and Smaller Agencies
In addition, the focus groups indicated that a serious technology gap was developing between the better funded urban agencies and smaller, more rural agencies. For example, rural agencies often rely on larger ­agencies to support them during a major incident.

Not surprisingly, most rural groups were interested in technologies that assisted in communication interoperability. Given the small size, and often volunteer nature, of rural responders, even a minor incident may require inter-agency cooperation. Satellite phones also appeared very important since many rural agencies noted that reception for radios and cellular phones in the their areas are spotty, and that repeaters and communication systems often fail ­during major natural disasters, such as ­hurricanes.

Most agency directors complained that rural communities generally lagged behind their urban counterparts in acquiring C3 technologies to enhance situational awareness in critical incidents, and that resources were a major problem. As the Police Chief of a smaller North Carolina community noted.

“If I have 10 people available and I need 10 people for a major incident, I still have to worry about other incidents that occur. Just because we have a major incident does not mean everyone else will hold off on their everyday emergencies. This is actually the biggest problem because you end up having one person doing too much.”

Another Police Chief of a small community observed, “Communications is the major problems – we need personnel trained well with the proper technology that goes along with the training.” Additional concerns were noted by the director of a rural county emergency service agency who indicated that “ordering and managing resources is often a logistical nightmare”

In fact, solutions for most of the technology needs identified by rural agencies are already being implemented in many urban agencies. There was general agreement that rural agencies could benefit simply from the transfer of existing first responder technologies. However, critical differences between smaller and larger agencies were emphasized by various directors. Most of these differences were due to the small size of rural agencies, such as the need for rural response personnel to multi-task during critical incidents. This creates a situation where communications becomes overly time consuming during critical incidents, Lower levels of training and technology acquisition is indicative of the challenges faced in small communities, The need for inter-agency cooperation becomes glaringly obvious even in relatively minor incidents, due to the lack of personnel.

Table 2 shows the most often cited barriers to technology adoption that were identified by the rural 1st responder agency focus groups.

Some Observations and Recommendations
In conclusion, several recommendations emerged from these studies.

  1. national and state level technology work groups (TWGs) need to have more rural and smaller agency representation. This was noted by many smaller first responder directors who felt their voices were being ignored. Rural and smaller agencies felt they were at the “bottom of the barrel,” yet they often have to deal with the same critical incidents as urban agencies.
  2. first responder grant funding should address not only initial technology acquisition, but also follow-up training, service plans, and equipment add-ons. Many small agencies were found to have acquired technologies that, within a few years of sporadic use, staff had forgotten how to properly operate .
  3. rural and smaller agencies can benefit from existing technologies that are already in use by urban communities.
  4. inter-operability and resource management remain the major problems, particularly for smaller, rural communities.
  5. federal and state level grants and resources for first responder technology development should be based upon honest and well done “needs assessment studies,” rather than the biases of distant decision-makers or non-representative technology advising committees.
  6. there needs to be much greater regional inter-agency cooperation in testing, acquiring and managing expensive response technology, particularly in rural areas. It was generally felt that there should be “repositories” of well positioned assets and resources that could be called out in critical incidents.

Craig S. Galbraith, MSc, Ph.D. is a Professor of Technology Management at the University of North Carolina (Wilmington campus).
Christy DiFelice, MPA, is a Special Projects Coordinator at the Brunswick County Emergency Services in North Carolina.
The full needs assessment reports mentioned in this article are available from the Center for Commercialization of Advanced Technology (CCAT), 5252 Campanile Drive, San Diego, CA 92182-1993. http://www.ccatsandiego.org/
© FrontLine Security 2010



Dirty Money: a Preview
Sneak Preview
© 2010 FrontLine Security (Vol 5, No 1)

Coming in the next edition of FrontLine Security is an examination of the interworkings of organized criminal networks – what are the threats, and what can we do about them. Topics will be targeted at all security stakeholders, including first responders, government security policy managers and every business and individual who is concerned about or has experienced any fraudulent activity or identity theft.  

Our investigation kicks off with two titans of Canadian law enforcement in the illicit finance department. Denis Constant, the former Director General of the RCMP’s Economic Crime unit, who is currently President of Constant Corporate Security & Investigations Inc., and Garry Clement, the former Director of the RCMP’s Proceeds of Crime Program, now President and CEO of White Collar Consulting and Investigative Group, delve into the complexities of dirty money with FrontLine’s Executive Editor, Clive Addy.

Denis Constant describes tainted money as “illicit profits generated in the course of criminal activities.” The global and far-reaching threat associated with money laundering is sustaining increasing levels of criminal activity which in turn will threaten our values and way of life.

As Constant notes, “All of the world’s focus on money laundering has not diminished the levels of organized crime activity. For every loophole we fix, organized crime finds other means. Organized crime and terrorist groups have the resources and skills ... which mirror any multinational corporation.”

Garry Clement suggests Canada adopt a holistic and systemic approach to identify and address the entire spectrum of weaknesses. “We need to develop expertise,” he says, “to keep up with the advances in technology upon which organized crime and terrorist organizations ­definitely capitalize.”

Constant and Clement both bring home the point that the race is on – and the bad guys have the same resources (and ­perhaps more) when it comes to sophisticated financial crime and international terrorism linkages. With refreshing clarity, these experts make the case that it is in our own best interests to seriously bulk up our training and resources across the security personnel spectrum if we have any hopes of winning this war.

These modern challenges of criminal financial networks and fraudulent use of identity for criminal financial gain point to the fact that this is a problem faced by all countries, and is one that is addressable by us all in terms of extra security measures and diligence in release of personal information.  At an institutional level, the banks all need to be looking at increased surveillance and scrutiny as they continue to increase their capacity to process trillions of dollars worth of transactions daily. 

© FrontLine Security 2010



Focus on Fusion
© 2010 FrontLine Security (Vol 5, No 1)

To ensure common objectives such as public safety and security stay at the forefront of an ever-changing global environment, all moving parts of a nation’s security force need to be working in sync and constantly communicating. This, however, is much easier said than done.
During the 9/11 terrorist attacks against the USA, communication interoperability issues severely hindered rescue efforts, some which up to this day still plague response forces.  Predicting the outcomes of catastrophic events while, in parallel, training first responders in appropriate protocols is more important than ever.

Canada and the USA have been working incessantly to address the complex challenges that hamper effective interoperability.  To properly address these challenges, we must first ask ourselves, “where do we stand and what do we need to ensure our frontline workers can talk to each other, understand their environment, and execute plans in a command and control environment that optimizes success?”  

A good starting point in creating this ideally configured national response system is to create a Network Operations Center (NOC) that provides all authorized personnel with a Common Operating Picture (COP) similar to that of the U.S. Department of Homeland Security (DHS).  The newly upgraded NOC COP at DHS provides visualization of data and analysis from multiple intelligence sources, faster fusion of information, and better interfaces with legacy networks and databases in an effort to share accurate information with all counterparts to improve the decision making process.  This type of fusion center is an effective and efficient mechanism to exchange information and intelligence, maximize resources, streamline operations, and improve the ability to fight crime and terrorism by merging data from a variety of sources. Some of these sources may include military systems.  

Electronic Consulting Services, Inc. (ECS), a company based out of Fairfax, Virginia, is currently supporting the DHS NOC COP by providing IT enhancements and analytical capabilities to infuse evolving technologies for incident information management, decision support, distribution, and display. ECS has been successful in this fusion environment by applying their defense expertise to the increasingly sophisticated requirements of domestic security.  On their U.S. Army Program Executive Office for Simulation, Training and Instrumentation (PEO STRI) for Systems Engineering and Technical Assistance (SETA) contract, ECS implements life-cycle management of interoperable training, testing, and simulation solutions “for Warfighters and the Nation.”

Lissette Ferrer, Director of Business Development for ECS believes that the ­convergence of military specifications and civilian requirements in data fusion efforts is putting the company in good stead for future programs nationally and globally.  “Every time we work on a key requirement for DHS or DoD, we learn how to apply our expertise to the next challenge. Together, these cross agency programs build our overall competence in both national defense and public safety.”

With the recent blurring of lines between emergency and military operations capabilities, Common Operating Picture is evolving as a data fusion essential. The processes followed by the military for similar security challenges can serve as a guide when it comes to successfully implementing a fusion center for a national civilian security system. While the concept of a COP has been endorsed by military planners for years, a Common Operating Picture application to domestic security is a recent development.  It has become more apparent that establishing a Common Operating Picture is integral when it comes to critical infrastructure protection and emergency response management. By obtaining a single identical display of operating information that is visible across the entire enterprise, public safety, government, and military agencies can significantly enhance their situational awareness. A COP facilitates collaborative planning and enables new levels of productivity and ­efficiency in critical operations.  

So, whether it is understanding the ­battlefield environment or inter-security agency communications regarding emergency threat indicators, a Common Operating Picture is essential for national ­security. A great deal of COP work has ­proceeded to date in Canada thanks to Defence Research and Development Canada in Valcartier Quebec.  However, given that the concept of national security truly extends to civil security concerns as well as interoperability, Canadian requirements might do well to pay close attention to the DHS NOC COP Program developments in the United States and companies such as ECS who have been able to bridge the gap between military and domestic security.

Edward R. Myers, Editor, FrontLine Security
© FrontLine Security 2010