2014 issue [current-page:url:args:value:2]


Global Competitiveness Report 2013-2014
By the World Economic Forum



X-Ray Security Screening: Technologies and Global Market


Homeland Security Research Corporation analysts forecast a strong comeback of the X-ray security industry generating a solid 7% CAGR. The growth will be boosted by three main drivers: expansion of the Asia Pacific secured facilities and aviation security markets; the replacement of more than 40,000 outdated X-ray systems; and despite a decade of R&D aiming at new baggage, luggage, cargo and mail screening technologies, there is no modality on the horizon that can competitively challenge the cost-performance of the X-ray based screening technologies.



National Counterterrorism Center Report


(updated) The NCTC compiles observations on types of attacks and attackers, numbers of victims and targets, and assesses trends.



World Disasters Report 2014


(2014) This year, the World Disasters Report from the International Federation of Red Cross and Red Crescent Society, takes on a challenging theme that looks at different aspects of how culture affects disaster risk reduction (DRR) and how disasters and risk influence culture.



Canada in a Changing Climate
By Natural Resources Canada

Our understanding of climate change impacts and adaptation in Canada has increased, both as a result of new research and through practical experience. Led by Natural Resources Canada, the development of this report involved over 90 authors and 115 expert reviewers, and synthesized over 1500 recent publications.



Joint Action Plan for State-Federal Cybersecurity


(July 2014) WASHINGTON – The Council of Governors, the Department of Defense (DoD), and the Department of Homeland Security (DHS) together approved a joint action plan for cybersecurity.



X-Ray Security Screening: Technologies, Industry and Global Market
By Homeland Security Research Corporation

(July 2014) Analysts forecast a strong comeback of the X-ray security industry generating a solid 7% CAGR. The growth will be boosted by three main drivers: expansion of the Asia Pacific secured facilities and aviation security markets; the replacement of more than 40,000 outdated X-ray systems; and despite a decade of R&D aiming at new baggage, luggage, cargo and mail screening technologies, there is no modality on the horizon that can competitively challenge the cost-performance of the X-ray based screening technologies.



CBRN & HAZMAT Incidents Decontamination Technologies


(Feb 2009) This report describes existing and upcoming technologies, markets, business and funding opportunities related to producing, using, and/or stockpiling Chemical, Biological, Nuclear and Radiological (CBRN) decontamination equipment and materials for the purpose of decontaminating people, as well as indoor and outdoor environments. The need to decontaminate people, buildings and infrastructures after CBRN incidences will lead to an $8.3 billion market by 2020 for CBRN Decontamination equipment sales & maintenance.



Securing Critical Infrastructure
© 2014 FrontLine Security (Vol 9, No 1)

As we reflect upon the broad  perspectives offered in this of FrontLine Security, particularly their varied input into the ­vulnerabilities of the many infrastructures upon which modern life, its governance and economies, rely – we are struck by the growing potential and increasing numbers of attacks upon their cyber component, the very life blood of much of our critical infrastructure. This is not just occurring in the western world – it is indeed global, in its targets, victims and perpetrators. To analyse the risks, and establish sufficient security and mitigation measures to remain effective, authorities responsible for these infrastructures are faced with myriad and complex arrays of often contradictory challenges. I felt it important to expose, from a Canadian perspective, some of the risks to some of our major infrastructures.

When one looks at the recent update available on Critical Infrastructure Security from Public Safety Canada, one is struck by the lack of detail and relative urgency to define and address the realm of actual damage done by cyber attacks on this infrastructure. The general report is good news, but judge for yourself, after reading other articles in this edition, if indeed the report helps you feel better informed of the scope and urgency of the cyber threat to our critical infrastructure sectors.

In reference to the increasingly relevance of cyber security for critical infrastructure sectors, the report says: “Connectivity and the world’s dependence on the internet continue to grow – as has the ­number and significance of cyber incidents. Canada’s Cyber Security Strategy, announced in 2010, is the Government of Canada’s plan for meeting the cyber threat. … The Action Plan 2010-2015 for Canada’s Cyber Security Strategy outlines the Government’s plan to implement the Strategy and meet the ultimate goal of securing our cyberspace for the benefit of Canadians and our economy...”, notes the report.

The resulting Renewed Action Plan (2014-2017) explains some of the thrusts and focus of federal coordination efforts to define threats, establish reasonable responses and security standards, and test them in coordinated exercises. They represent a laudable national strategic effort, but one must pause and look at this effort, particularly the report, and ask: “Where’s the beef?”

In the U.S., General Alexander, head of Cyber Command, testified before the U.S. Senate in February of this year. “We have a lot of infrastructure – electric, our government, our financial networks…We have to have a defensible architecture for our country, and we’ve got to get on with that… Cyber Command also needs to develop methods to prevent adversaries from easily penetrating networks and stealing data, money, and other property. During a cyber attack, hackers could shut down the power in the Northeast or attack the New York Stock Exchange and damage its data… the financial losses from such attacks could range in the trillions of dollars and potentially cost American lives. Government computer networks and transportation infrastructure also could be targeted.” He admitted to needing to yet resolve some “key capability gaps in dealing with these increasingly capable threats.” Though necessary security on the details was maintained, there was an obvious precision and sense of urgency in his words. What do we know of our vulnerability in these areas?

As tax season ended this year, it was interesting to note that, on our own Public Safety department web site, we find a warning that thieves are posing as Revenue Canada agents to obtain private financial data from citizens – but there is little or no warning of identity theft to obtain tax rebates. Whereas, this February, the Wall Street Journal reported that the U.S. Justice Department “filed charges against more than 880 people suspected of stolen identity tax refund crimes in the last budget year... The number of IRS investigations jumped 66% in the past year …” What is happening on this front in Canada?

On the positive side, there have been some good initiatives such as the announcement by Defence Research and Development Canada (29 January 2014) to fund 20 new science and technology projects as part of an approximately $14.5 million investment under the Canadian Safety and Security Program. These projects are built on a model of partnership between government, academia and the private sector. Of these, four deal specifically with cyber security on critical infrastructure.

  1. Public Safety Canada will lead a study to ­produce ‘machine learning algorithms’ – a computer system trained to recognize malicious network data. It will assist in detecting ‘advanced persistent threats’ to computer networks. Partner: Dalhousie University.
  2. Public Safety Canada will lead development of a method to leverage cross-sector resources to more effectively analyze critical, real-time intelligence against emerging cyber threats, thereby providing capabilities to assist security and intelligence communities during the investigation of cyber threats against critical infrastructures. Partners: École Polytechnique; and Natural Resources Canada.
  3. The Government of British Columbia Environmental Assessment Office will lead a series of case study reports on Smart Grid Technologies to understand Canada’s current security vulnerabilities. These studies will contribute valuable knowledge to policy-making agencies and support their future efforts in securing Canada’s electricity grid. Partners: ABB Inc.; BC Government; and Tantalus Systems.
  4. Industry Canada will lead a study that will assist in the development of a secure and functional framework to enable sensitive information-sharing between telecommunications network operators. Partners: Centre de services partagés du Québec; and Centre risque & performance de Polytechnique Montréal.

It is unfortunate that there are few actual private infrastructure companies taking part in these particular studies. Are they funding and sharing their own research on improving cyber security?

Let us look at just two key infrastructures: banking and energy. What is the state of their cyber threat and corresponding security?

The banking industry has long been considered one of the most secure and secretive infrastructures in the world. The arrival of the debit and credit cards, as well as use of the web for normal banking such as cashing cheques, changed much of that in the span of less than a decade – and that trend continues to expand. The UK Business Times (4 March 2014) reported in PwC’s 2014 Global Economic Crime Survey, that “39% of financial services companies world-wide were hit by cyber attacks, compared to only 17% of firms in other industries.”

Cybercrime is growing and the methods are constantly evolving,” noted Andrew Clark, a partner in PwC’s forensics practice, in response to the survey (based on responses from 1,330 companies in 79 countries). “We see no abatement in attacks on banks’ infrastructure.”
Add to this, the increasing reliance on mobile phones for personal and corporate banking, and the threat of cybercrime and industrial spying increases exponentially. McAfee Canada lists the following as major cyber threats for 2014 in its annual report:

  1. Mobile Malware   
  2. Virtual Currencies
  3. Cybercrime and Cyberwarfare
  4. Social Attacks
  5. PC and Server Attacks
  6. Big Data
  7. Attacks on the cloud

All of these will be felt in the banking industry, but will also heavily affect the cyber security of other major infrastructures. However, the banking industry does have the advantage that its losses can be more easily quantified and measured than others and, thus, they are more prone to invest a reasonable sum to reduce those losses. This is far more difficult for other infrastructures to rationalize. Add to this, however, a greater awareness of the loss of privacy, and even the banks have to be more careful. This is in evidence more and more. For instance, for recent online transfers of even moderate amounts, I have been called personally to confirm these with my specific agent, who advised me that this is now a widely standard protocol due to a gigantic increase in cyber fraud.

In my inquiries with major Canadian energy infrastructure players, they were all relatively secretive about their progress and arrangements. This is most telling and understandable. The risks are indeed quite complex to identify, define, cost – and eliminate. They vary from environmental activism to terrorism and cyber crime and interference on a major scale.

There is also a significant risk in relying on SCADA (Supervisory Control and Data Acquisition) for remotely controlling, on the net, the various infrastructure machinery and transmission of product, be it electricity, water, gas, oil, or even communications themselves.
Add to that the vast geographical coverage of such infrastructures, and imagine the immediate, immense, expensive and wide impact of failure. These sectors have generally deployed ageing systems that are all the more vulnerable to internet interference from more modern devices.

The task for them is not easy. For instance, in February, BBC News reported that: “Underwriters at Lloyd’s of London say they have seen a “huge increase” in demand for coverage from energy firms… Assessors look at the steps firms take to keep attackers away, how they ensure software is kept up to date, and how they oversee networks of hardware that can span regions or entire countries. Energy firm cyber-defence is ‘too weak’, insurers say”.

That same month, Nextgov reported: “Of the roughly 260 cyber incidents reported to DHS last year, the majority (59%) occurred in the energy sector.”

Similarly, in respect of overall vulnerability, in March, the Wall Street Journal reported that: “The U.S. could suffer a coast-to-coast blackout if saboteurs knocked out just nine of the country’s 55,000 electric-transmission substations on a scorching summer day, according to a previously unreported federal analysis.”

Also in March, USA TODAY reported: “There is evidence that energy systems, in particular, are becoming a popular target. The Department of Homeland Security recently reported responding to 198 cyber-incidents in 2012 across all critical sectors. Forty-one percent of these incidents involved the energy sector, particularly electricity.”

One can see why major infrastructures guard closely their measures and vulnerabilities – and the difficulty of even sharing with others in the industry.

The same McAfee report stated that: “More than 80% of business users use cloud applications without the knowledge or ­support of corporate IT. This loss of direct control of the enterprise security perimeter puts tremendous pressure on security leaders and administrators… Large enterprises may have sufficient leverage to put security measures in place that are consistent with the enterprise’s security posture. Smaller consumers of cloud-based services will not.’’ Not to mention the potential vulnerability brought on by the differing security of ­various sub-contractors.

In this game of “cyber poker”, as so accurately depicted by David McMahon in his article, there is indeed a need to exchange information and share intelligence among cyber specialists and users, public and private owners, and providers at all levels of Critical Infrastructure. It is fortuitous indeed that specific Canadian efforts are being made to study and achieve this. I underline and recommend strongly to our readers, the recent launch of the Infrastructure Resilience Risk Reporter (IR3), published by the faculty of Engineering at Carleton University. It offers sound policy and practical approaches for public and private agencies at all levels to better your hand in this game.

There is a new and dynamic cyber world out there, where change is normal and rapid, and where infrastructure’s cyber resilience is as challenging as its physical protection.

Clive Addy, Executive Editor
© FrontLine Security 2014



Reflections on a Healthy, Safe World
© 2014 FrontLine Security (Vol 9, No 2)

As I end my nine years as first Executive Editor of this fine magazine, and reflect upon the coming security challenges we face as Canadians in the next half decade and beyond, what has most struck me is the exponential increase in the number and complexity of security challenges and risks brought about by a myriad of important factors, the most prevalent of which is the dominating and increasing presence, influence and dependence upon the internet for everything in our much changed “every day lives”.

One need only think about what is immediately before us in the recent Transportation Safety Board Report on the Lac Mégantic railway tragedy in Quebec, and wonder how such scams and risks could have gone unnoticed or been left unverified and uncorrected for so long.

We can look to our South, where evidently poverty, unemployment and, quite likely, racism turned a petty theft incident into violence and death in ­Ferguson, Missouri. In response to what might otherwise be found to be a legitimate grievance against police action, we witnessed the appalling scene of people looting local stores and violent rioting with casualties that forced the call-out of the National Guard and federal intervention by no less than the US Attorney General to control this brutal confrontation and restore peace and order.

Looking further, there is the greater and dangerous international poker game playing out on the Ukraine-Russia border which challenges major leaders of the free-world and the legitimacy of international laws, institutions and treaties.

The over 192,000 deaths to date in the crisis with ISIS terrorists along the Syria-Iraq border, among whom have been recruited several Canadian so-called “jihadists”, and the continuing violence in Gaza are other arenas where the information war has had remarkable, unprecedented and sometimes criminal influence based on social media.

No, we are not immune, and we must insist that our elected officials and our governmental structures do their duty and minimize risks to our safety and well-being. To do so, they must take action to produce effective legislation and to bring culprits to heel – be it at the international, national, provincial or local levels. That too will be facilitated if proper allocation of the internet is afforded to emergency responder agencies, and regulatory regimes are seen to be enforced.

This is no time for isolated ‘Ivory Towers’! “Not my job” is not a legitimate answer in such a world. Effective cooperation and coordination is possible and expected of all authorities.

For instance, try to swallow this one as reported on 18 Aug 2014 by the Customs and Immigration Union: “Three officers […] were on duty earlier this year at a local port of entry when an RCMP officer contacted the port with an urgent request for assistance to help apprehend a reportedly armed individual who was suspected in a child kidnapping and wanted on outstanding warrants. In accordance with their understanding of ongoing inter-agency assistance protocols and section 129(b) of the Criminal Code which requires such assistance when asked, the officers immediately responded, as did the Superintendent on duty. Together with the RCMP they were successfully able to apprehend the individual in question. They were away from the port of entry, which remained staffed by three other officers, for approximately one hour. The incident was formally reported to CBSA senior management approximately 12 hours later. Following the incident, the RCMP formally thanked the CBSA officers in question.

Rather than commend the officers for their swift actions that helped keep the community safe, local CBSA management advised that the officers would be investigated for leaving the port of entry for an “unauthorized” purpose. Last week, CBSA imposed suspensions of between 4 and 25 days to the Officers. UNBELIEVEABLE!

On a more positive side, I have been impressed with much that is going on with our Health and Emergency Medical Response agencies across the country. We have dedicated this issue primarily to them. But even here, we cannot escape some major recent shortcomings in responsibility and accountability such as the ORNGE Air scandal of its past CEO, the purchase of new aircraft, and the June 2013 accident that killed four.

Happily, as Cameron Heke presents in this issue, there are other examples which I am pleased to see: the Shock and Trauma Air Rescue Service (STARS) in the Prairie provinces… what a ­contrast!

On the matter of Emergency Communications itself, Chief Jeff Brooks, and Inspector (retd) Lance Valcour graciously provide us with an up-to-date view of the 700MHz Emergency frequency communication allocation progress, challenge and upcoming national and international fora and issues.

Though I was unable to interview Dr. Taylor, the Deputy Chief Public Health Officer of Canada, I did receive responses from the Public Health Agency of Canada (PHAC) through Patrick Gaeble, of their Public Relations Office, who was able to clarify the role and achievements of the Agency over the last ten years.

As well, you will read in interviews conducted at the sharp end, that the means, methods, expectations and standards for medical emergency response are evolving rapidly and will rely more and more on trustworthy and effective communication of medical information on site. Greg Forsyth, Superintendent Special Operations for the Ottawa Paramedic Service, paints a clear and proud picture of what his expectations are. Likewise, Dwayne Forsman, the Chief Administrative Officer/ Secretary/ Treasurer for the Paramedic Association of Canada, is proud of the progress but voices quite clearly some needed improvements such as communications and a nationally recognized registry for paramedics.

In our rural counties, Dr. Paula Stewart, Medical Officer of Health at the Leeds, Grenville and Lanark District Health Unit in Ontario offers her reflections on public health and our security beyond the emergency response level, wherein she wisely explains how working towards a healthy and active community should, in turn, ­create a more secure society.

Richard Bray provides an update on marine border surveillance and the significant progress that has been made through the RCMP-led deployment of Accipiter Radar’s automated analytical radar systems in the St. Lawrence and Great Lakes region.

Exemplifying other important use of radar surveillance, we bring you a report on Operation Driftnet, and how the joint patrols conducted annually by DND, Fisheries and Oceans, and numerous international partners support enforcement of the North Pacific Anadromous Fish Commission (NPAFC) which polices the UN ban on high seas driftnets.

Casey Brunelle paints a very good picture of the U.S. National Guard at home and abroad, which provides some potential for wise emulation in Canada. Another such volunteer public safety force, the U.S. Civil Air Patrol offers us similar reflection as described by Lt-Col Steven Solomon.

Ken Pole does double duty for us, covering both covering the issue of the evolving use of UAVs in Controlled Airspace and that of Simulator Training for the Law Enforcement sector.

Eric Spence informs us of the very ­pertinent recent study by Aite Group on Consumer Fraud which should alert and inform our readers of all levels.

Blair Watson, another of our regular contributors, adds an interesting and complementary article on the dangers and complexities of identity fraud.

Finally, Scott Newark, the lead of my very helpful trio of Associate Editors who helped steer this ship for the past nine years, again offers his very expert advice on the importance of intelligence-led enforcement strategies and the need for them in enhancing our immigration and border processes in his One Last Thing column.

I would like to thank my publisher, Chris MacLean and her team, and wish her well in the search for a less-rusty Editor-in-Chief. It is important that the pages of FrontLine Security continue on its mission to stimulate discussion, offer advice, and influence action in effective governance in fostering national security.

Clive Addy, Executive Editor
© FrontLine Security 2014



Editor's Corner
Changes: FrontLine 2015
© 2014 FrontLine Security (Vol 9, No 3)

General Clive Addy steered this magazine throughout its first nine formative years; following in his footsteps will be a distinct honour. Throughout the many years of service to his country, he has given much. Upon retiring from the Canadian Armed Forces, he found a unique way to continue to serve his country – he used this magazine as a vehicle to promote awareness of the need to enhance national security. It is with pleasure that I have accepted the position of incoming Executive Editor of FrontLine Security magazine.

There are a few changes that I will be bringing in as the new executive editor that I hope will enhance an already well respected and important magazine.

The most obvious change will be to add the word “Safety” to the title. This added emphasis on Public Safety is intended to be more reflective of what FrontLine has been exploring over the years as a publication designed to focus the attention of its readers not just on security matters but on information that will make us all safer.

Under the auspices of becoming  more safe and secure, expect over the coming year to see an expansion in scope of coverage to more widely reflect this important mandate. Articles for example on food safety, personal safety, workplace safety, and technology development for safety, will be added to the usual security-related articles that FrontLine readers have come to expect.

We anticipate that  articles on best practices in safety management will be of particular interest to hospitals and first responders (emergency medical, fire and police services) – those for whom keeping us safe and secure is the primary goal of their job as well as an area of high personal interest. Expect this change to be more evident as the year progresses.

The more traditional security articles that FrontLine is well respected and known for will still be important to this magazine; and readers can expect a ­continuation of excellent coverage of the all-hazards-approach to managing and mitigating manmade and natural disasters of all kinds.

Outreach through partnerships and a Board of Advisors will be another personal priority. Over the next six months, I will be putting together a Board of Advisors for the magazine. This Board will be composed of experts in safety and security who can advise the magazine on matters that are important in their area and will generate the kinds of material that are important to their constituency. I currently have commitments from representatives from academe, police, government, security associations, and am actively on the lookout for a few other sectors. The Board will formally be introduced to you in the coming issues.

These changes I hope will broaden the appeal of an already well respected magazine by increasing the relevance to a broader base of readers. FrontLine Safety and Security will become even more valuable information forum on safety and security to those whose job it is to provide response in times of crisis; to the providers of products and services; and those involved in planning, policy, regulation, and funding.

Jonathan Calof, Executive Editor
© FrontLine Security 2014



Is Our Critical Infrastructure secure?
© 2014 FrontLine Security (Vol 9, No 1)

“The nature of strategy is paradoxical and does not follow a linear pattern.”
– Edward N. Luttwak

“The real measurable value within Critical Infrastructure is that of the transportation and transformation of information and control telemetry. Cyber-attacks have already adversely impacted the North American economy to the tune of tens of billions of dollars. Risks to critical infrastructure are increasingly complex and ­frequent. Cyber is the nervous system that binds all other critical sectors, and upon which other sectors are most dependent. More than $174 Billion in ­electronic funds traverse the network core every day. This figure eclipses the physical cross-border shipments of goods, which has garnered so much attention. Consider that a miniscule disruption in network-throughput results in a direct and measurable ­financial impact – a 2% loss of network performance is ­equivalent to Canada’s GNP.”
– DARK SPACE STUDY  (Bell Canada and SecDev)

How Real Is The Hype?
If you believe pop culture, Armageddon is likely to be triggered by technology that we neither understand nor control. It is a theme played out in the movie Live free or Die Hard that depicted techno-savvy extremists launching a progressive-compound attack on critical infrastructures (CI) in what was coined a “fire sale” – because everything must go. If that isn’t bad enough, Matrix, I-Robot and Terminator movies examine a world where machines become self-aware and take over humanity in the dystopian worlds created in .

The media would have us believe that Cyber terrorists are poised to unleash a catastrophe that would send western civilization back to the stone-age, leaving us with zero bars in darkened rooms.

Certainly, our most vital systems (government, energy, transportation, finance and communications), depend on complex, inter-connected global networks. They\\\'re fast, efficient and uniquely vulnerable to major failure or attack. In System Crash, a documentary by Omni films, the director looked behind the scenes at how critical systems and infrastructures work, and how they can fail in spectacular and sometimes devastating ways.

A CI attack might come in the context of an emerging crisis in Russia/Ukraine, Japan-China-Senkaku Islands, or the Middle East. Dealing with a deliberate CI attack in the midst of another crisis would overwhelm most governments. Hostile actors could very well take advantage of a natural disaster to launch a cyber offensive.

As the rate and severity of natural disasters increases, so does the possibility that disruptions of critical infrastructure could result in prolonged loss of essential services. The risks and vulnerabilities are heightened by the complex system of interdependencies among critical infrastructure, which can lead to cascading effects expanding across borders and sectors. The implications of these interdependencies are compounded by society’s increasing reliance on information technologies.

The computational power and interconnectivity of the Internet will soon exceed that of the human brain. We are entering a period of instability and risk within the system, where social media ­provides a frictionless state between the human terrain and the cyber world… where a meme can precipitate an Infrastructure collapse or the inception of a ­contagious idea that overloads or otherwise compromises systems. Look no further than the Arab Spring, or in 2013, when the Syrian Electronic Army hacked the Associated Press Twitter account, releasing a 140-character fake story of an attack on the White House that caused the stock market to plunge by $136.5 billion (this would have drained the Canadian defence budget).

“The history of strategic surprise has been filled with the failure to predict future discrete events and, more importantly, a failure to detect the nature of emerging threats,” says former Privy Council intelligence analyst Tom Quiggin.

Anecdotal Evidence
There are plenty of anecdotes of maleficent actors turning on lights in darkened office buildings, remotely opening dams, hacking government servers, denying commercial business operations, interfering with air traffic control, and mounting clever bank heists.
The terrorist attack on the world trade centre on 9/11 took out vital communication hubs, and trading centres – and the aftermath affected the viability of air travel afterwards. This was not by design. The ­terrorists had absolutely no clue as to the ramifications of slamming airplanes into big buildings for shock effect.

Similarly, Stuxnet was arguably one of the most sophisticated and well-orchestrated targeted attacks, but it was on an isolated system that was not designed to cascade failures through other infrastructures.

Cyberspace advances asymmetric and irregular warfare. It is the means by which a hactivist group like Anonymous can mount a successful Distributed Denial of Service (DDOS) assault against CIs.

Quantitative Evidence
According to McAfee, a variant of the high-roller malware could be re-engineered to target financial services infrastructure and attack the Automated Transfer Systems in Europe, which processes much of the world’s e-commerce transactions.
The Iranian government was itself suspected to be behind the hack of the Root certificate authority DigiNotar in 2011. In the same year, over 12% of the internet traffic, including that of 8,000 North American businesses, was deliberately redirected through China, for what analysts suspect was a precursor to the targeted espionage attacks against Canada.
We have tracked a textbook pattern of unrestricted warfare in Estonia, Syria, Iran and ongoing now in the Ukraine:

  1. Deny the opposition forces or government their information communications technology (ICT) infrastructure;
  2. Jam the media and outside access to the Internet;
  3. Propagate malware through manufactured hactivism to hide advanced targeted cyber operations;
  4. Attack confidence in the economy and financial systems;
  5. Launch a disinformation and influence campaign in traditional and social media;
  6. Become the only source of news, and control the message;
  7. Precipitate power blackouts where you are mounting operations; and
  8. Roll tanks down the main streets to ‘protect’ the population and ‘restore stability’.

Critical Infrastructures are vastly complex beasts. As an analogy, tic-tac-toe is a solved game, chess can be mastered with a super-computer, but poker represents a nearly unsolvable game owing to computationally-heavy probabilities, practically infinite possibilities and human interaction. As such, gaming or simulating the attack and defence of CIs is even more complex, and cannot be done with a working group. A potential aggressor cannot avoid the theoretical mathematics or big-data processing.

The Cyber Critical Infrastructure Interdependencies Study by Bell Canada and the RAND Corporation in 2006 quantitatively measured the interdependency risks, contagion and multi-order effects between Canadian CIs using network communication flows, and supply chain econometrics. The findings were compared with qualitative risk assessment gained through extensive interviews of stakeholders. There was found to be a profound perceptive gap between common beliefs about threat-risk and the evidence.

The Davos Foundation warns of the perils of hyper-connectivity and networks; “a healthy digital space is needed to ensure stability in the world economy and balance of power.”

Challenges for bad actor
Thankfully, not all terrorist groups are good at math, nor do they have the means or insider knowledge to model and manipulate CIs for effect. Deliberately knocking out a national infrastructure and getting it to stay down, is tough.

Components of systems-of-systems fail all the time, which builds resiliency through natural selection, evolution and self-organized criticality. Consider that, 1.7% to 8.6% of disk drives will fail in a year across the country. Power and telephone lines are taken down by storms every day. Yet, telecommunications remain effective 99.9995% of the time.

In the same fashion that complex systems can fail in unforeseen ways, they also heal in unexpected ways. Thus, an ‘invisible hand’ frustrates attackers. CI attacks are even more difficult to predict and effect because the strategy requires an in-depth understanding of the systems-of-systems, within each environment.

Also, attacking a given CI can prove dangerous because globalization of supply chains and interconnectivity often make the attacker and defender reliant upon the same critical infrastructure.

The science behind a successful strategic offensive against critical infrastructure is to manufacture the perfect storm of events such that one can precipitate cascading failures, from which it is difficult to recover.

Tic-tac-toe Solutions
While the fortification system that made up the Maginot Line did prevent a direct attack, it proved strategically ineffective. Likewise, traditional security systems can’t deal with strategic assaults. Physically mapping some ‘vital’ facilities is missing the forest for the trees – ignoring the larger ecosystem.

Calls for more working groups, standards, or compliance audits are as effective as ­“rearranging deck chairs on the Titanic.” Much of the discourse to date has been preoccupied on recovering from natural and accidental disasters, but these scenarios do not address complex deliberate offensive campaigns across multiple domains, particularly the vital ones: cyber, transportation, finance and energy.

The beneficial purpose of regulation of CI is to limit degrees of freedom in these systems, to allow for them to self-correct. However, this must be done very carefully.

What is the art of possible for defence of CI?
We can still win at poker (an unsolvable game) by complex pattern recognition, playing the probabilities, and practical gaming theory.

Protection of Critical Infrastructure requires a high-fidelity model based on interdependencies, contagion and risk conductance. The next priority would be to conduct an attack surface analysis using Advanced Open Source Intelligence, or A-OSINT. This would involve: network enumeration, detection of existing cyber attacks and compromises, supply-chain providence, operational security exposures, foreign ownership control and influence activities, econometrics, social media monitoring and human terrain mapping. Subject Matter Experts from the CIs should then validate and verify the data-model. Operational research could then be used to create a synthetic environment (test range) to realistically simulate a given critical infrastructure defence strategy.

Dave McMahon is the Chief Operating Officer of the SecDev Group and formerly managed R&D and complex security programs for Bell Canada. SecDev is an Advanced Open Source Intelligence (A-OSINT) company. They work at the intersection of cyberspace, social and political change, competition and conflict to provide critical insight, digital acuity and fidelity onto complex issues affecting businesses and governments.
© FrontLine Security 2014



Frontline Medical Response
© 2014 FrontLine Security (Vol 9, No 2)

Those of us who live in Western Canada appreciate the traditional spirit of community service that permeates life in the Prairie provinces. One good example is the Shock and Trauma Air Rescue Service (STARS) organization, a non-profit helicopter air ambulance service that provides rapid and specialized emergency care and transportation for critically ill and injured patients. The service’s physicians, nurses, paramedics, and pilots work with a team of dedicated support staff and community partners to save lives. Approximately 550 people, including physicians, pilots, aircraft engineers, nurses, paramedics and support staff make up the STARS family. From bases in Winnipeg, Regina, Saskatoon, Calgary, Edmonton, and Grande Prairie, the STARS services extend from the eastern edges of British Columbia to eastern Manitoba.

The primary role of STARS is to provide care and rapid transportation to the critically ill and injured. In addition, the service is also called upon to aid the RCMP in search and rescue efforts.

Our helicopters land at rural hospitals (where there are helipads) or close to the scene of an emergency, such as on roadways, farm fields, industry worksites, and remote wilderness areas. Patients are typically in very critical condition, either from illness or injury, and roughly 60% of calls are from rural hospitals that need to transfer a patient to a major urban hospital, while the remainder involve lifting a seriously injured patient directly from the scene of an accident (such as a farm, worksite or roadway) and transporting them quickly to a hospital.

Two experienced pilots fly on every mission for added safety, and each is trained in the use of night visions goggles. A flight paramedic and nurse, each with critical care level training, are also on every mission, and physicians fly onboard when needed.

STARS operates a fleet of 11 helicopters, including eight BK117s and three AW139s. Each base has at least one BK117, while the faster AW139s are located in Calgary, Edmonton and Saskatoon. The additional helicopters allow for continuous 24/7 response at all the bases, even when aircraft require down time for maintenance. There were 2,686 emergency missions in 2013, and the service has flown more than 27,000 times since 1985.

Missions from bases in Alberta and Saskatchewan are coordinated directly through the STARS Emergency Link ­Centre, while in Manitoba missions are coordinated through the provincial Medical Transportation Communication Centre.

STARS bases were launched in the following years: Calgary (1985); Edmonton (1991); Grande Prairie (2006); Winnipeg (2011); and Regina and Saskatoon (2012)

A unique feature of the STARS program is the role of physicians. They are the key drivers of the service, and available 24 hours a day guiding and coordinating missions in all regions, either over the phone or directly within the helicopter. About 100 physicians are on staff, mostly part time, while also serving in hospitals.

“The doctors who treat patients inside critical-care centres and emergency rooms across Western Canada are the same doctors overseeing care in our helicopters,” notes Andrea Robertson, STARS President and Chief Executive Officer. “When our physicians aren’t working in hospitals or in our helicopter, they teach our paramedics and nurses. We hire highly trained and experienced critical care nurses and paramedics, then we add another nearly 100 hours of medical training, taught by a critical-care physician, before they treat patients. Their training is updated annually.”

All STARS Air Medical Crew (AMC) complete a minimum 96 hours of ongoing training every year. The quality and quantity of training exceeds international accreditation standards, according to the Commission on Accreditation of Medical Transport Systems, and strategically meets pre-identified competencies. Participants must achieve a minimum grade of 80% on all exams. Annual education includes: quarterly patient simulation sessions; quarterly education rounds; monthly online education; a series of intensive day-long didactic, simulation, and skills station sessions that meet or exceed regular transport certifications; clinical rotations through Emergency Room, Operating Room, Intensive Care Unit, Pediatric ICU and other training as required on an ongoing basis. 

STARS is dedicated to ongoing training and optimal delivery in high risk areas of airway and ventilation management; including insertion of breathing tubes, and other procedures to enable air to enter a patient’s lungs. In 2011, a full-day physician-developed course was introduced to maintain a dedicated focus on adult and pediatric airway management skills. The air medical crew complete pre-work and then participate in an eight-hour face-to-face session facilitated by transport physicians involving: lectures, skill stations, simulation scenarios, and a final examination. Maintaining patient safety and providing the highest quality care is a key goal.

“When patient lives are on the line, learning from past experience is a critical component of doing things right. This is why STARS\\\' quality assurance program ensures physician-led case reviews are performed every time we help a patient. Every STARS\\\' mission is methodically examined and pertinent findings reported. We believe better patient outcomes result from ongoing case reviews, and we are committed to ­continuing this as an important part of how we operate.”

Doctor J.N. Armstrong is STARS’ Chief Medical Officer and Executive Vice President. He oversees all aspects of the medical program. As a helicopter pilot, his dual background gives him a unique perspective on the work of our organization.

“STARS has been almost 30 years in development,” says Armstrong. “But our main focus has never changed. It’s all about the patient, and we all work together as a team to provide the highest quality care in the safest manner possible.”

The organization has two volunteer Boards of Directors: the STARS Society (which is focused on operations), and the STARS Foundation (which oversees fund development efforts).

STARS has 10-year service agreements in each province the bases are located. Each base costs approximately $10 million per year to operate, and all costs and revenue are outlined in the organization’s annual report (www.stars.ca).

The three bases in Alberta are primarily funded by community contributions, with over 75% of costs paid through donations and fundraising campaigns, and the remainder paid by government. In Saskatchewan, the funding ratio is closer to 50% by government. In Manitoba, nearly all costs are paid by government. STARS is striving to increase private fundraising in Manitoba to reduce the burden on taxpayers.

Major fundraisers include annual STARS lottery and calendar campaigns, major galas, and special events like CEO Rescue in the Rockies in Alberta, and Rescue on the Island in Manitoba. The Alberta lottery raised over $11 million net in 2014, and the annual Petroleum Services Association STARS and Spurs Gala raised $1 million.

Corporate donations are also well represented, with many company logos placed on the helicopters. Potash Corporation in Saskatchewan, for example, contributed $27 million toward the purchase of a new AW139 helicopter and base facility and hangar space. “PotashCorp helped us realize our vision of bringing this new helicopter and hangar to the people of Saskatchewan,” says Robertson. “Their commitment is the largest in STARS’ history.”

In spite of many successful fundraising efforts, and substantial corporate donations, STARS will still be challenged to maintain needed future revenue as mission volumes continue to increase. For instance, the older BK117s will soon need replacement. Fund development plans are being prepared to meet funding challenges.


  • STARS was a pioneer in the use of on-board ultrasound, and recently incorporated a video laryngoscope as an advanced airway management adjunct. The use of a video laryngoscope further enhances airway management skills in a variety of clinical circumstances.
  • STARS implemented a program to have blood in place and ready for airborne administration at the Calgary, Regina and Saskatoon bases; and plans are now under way to expand the program to Edmonton and Grande Prairie by year’s end.

Many former STARS patients – or Very Important Patients (VIPs) as we call them – volunteer their time and share their stories to help build greater awareness of the service’s need and benefits.

One former patient who volunteers with STARS is RCMP Constable Marcus Hirschfield. On 14 February 2013, his patrol car was struck at highway speed by a vehicle that had hit a patch of black ice and skidded toward him.

The impact was severe, breaking many bones. “The front of my car was annihilated,” he recalls, adding that, although his radio system wasn’t working, he was able to contact his coworkers on his portable radio and they rushed to the scene.

Extracting Hirschfield from the wreckage wasn’t easy. The dividing wall between the front and back seats – known by police as the ‘silent patrolman’ – made it difficult for the fire department. The mercury hovered at a frosty –30°C. In the meantime, STARS had been dispatched, and the helicopter landed on the highway before Hirschfield was out of the vehicle.

“The crew was able to stabilize me well enough to start administering morphine during the flight and after that things get a bit fuzzy,” he says. Hirschfield was transported to the University of Alberta Hospital and underwent surgery that afternoon. He spent more than three months as an outpatient, and has recently returned to work doing light duties.

Hirschfield volunteered as an ambassador during the 2014 STARS lottery campaign in Alberta, doing media interviews and sharing his story in the organization’s newsletter. “We are incredibly fortunate to have VIPs like Marcus share their stories,” says Deb Tetley with STARS Communications. “Our patients are certainly our greatest ambassadors, and the stories they share are an inspiration to all of us.”

At STARS, we continue to save lives from the Prairie sky.

Cameron Heke, is a manager in the non-profit STARS organization.
© FrontLine Security 2014



Security Screening of Employees
Is it Really necessary?
© 2014 FrontLine Security (Vol 9, No 3)

Countering corporate espionage has much more to do with your business culture than bars in the windows, more firewalls, or checking the locks after hours. Given that espionage is mainly perpetrated by insiders, an effective security program hinges on your employees and their buy-in of the security culture.

A common myth is that security screening is an expensive and complicated process – this could not be further from the truth. Implementing a security screening program can be added to your policy and good management practices in a cost-effective manner. Depending on the size of your company, it is just an added step for the management of your human resources department, and may not require additional funding. Medium or large companies might consider assigning this responsibility to the Chief Security Officer, who also handles the renewal of Security Clearances with the government.

What is the value of a screening policy? Research has shown that 85-90% of all spy cases and major information leaks were done with the assistance (intentional or not) of an insider, a person that had legitimate access to the information. So if “the wolf is in the barn”, how do you protect the chickens?

FrontLine readers will recall the recent case of Canadian Navy Lieutenant Jeffrey Delisle – this trusted officer sold secrets to the Russians for more than three years before being caught. Another case involved Quing Quinton Huan, a Lloyd’s employee who tried to sell secret information to China about Canada’s frigate program.

In retrospect, it was very clear that red flags were up, but nobody took the time to connect the dots.

Money issues, career problems, big (or bruised) ego, and emotional distress, are some of the many “red flags” in these cases, so how – and why – had nobody noticed? Simple, because they weren’t looking!

So how do we go about protecting our organization better? Believe it or not, some lessons and best practices could be learned from the federal government. They have been in the business of security screening for a long, long time, and we can modify some of these lessons for the private sector with good results. Some general steps can be easily applied to private industry:

Get Management Onboard
“Easier said than done.” Not true again. Implementing a security program is always difficult if presented as an expense rather than a strategic investment. Demonstrate that you are contributing to the profitability of the company by showing how you add to the bottom line. Demonstrate the cost of losing intellectual property or trade secrets. Show potential savings through the implementation of appropriate (and not always costly) policy, practices and programs. Develop a solid “game plan” that shows the benefits and costs but also the savings from avoiding a crisis.

Engage HR from the Beginning
In Canada, over 3 million people have a criminal record, but it is important to remember that not all bad people have a criminal record and not all people with a criminal record are bad people.

An effective security program starts before the hire is completed. The best place to begin is in drafting the job posting – let potential candidates know that a criminal background check will be conducted, or that a satisfactory security clearance is mandatory for the winning applicant. By advising applicants ahead of time that a security background check will be conducted or requested, you can save yourself time and a potential problem. This does not waive the need to ask probing questions during the interview process.

Mistakes happen, as the saying goes, and the more serious mistakes, such as a Criminal Code conviction will require serious consideration. When you have full disclosure, it is up to you to decide if you still want to hire that person (at least you know who you are “going to bed” with). Someone who has something to hide can be subject to blackmail, so be proactive and request full disclosure. Surprisingly, the strongest push-back may come from your own HR people invoking human rights, privacy protection, and other arguments… they are wrong. Criminal convictions are public record.

If finally you decide to hire the person, make sure they sign a Confidentiality Agreement. Some might argue it is not worth the paper it is written on, but you are conveying your seriousness and, if an incident does happen, at least you had set the table for your legal team.

These measures will send a positive signal and your investors will recognize that you are serious about protecting their money. Suppliers and business partners will also take note, but ultimately, your employees will immediately understand that you take security – and their safety – seriously. By incorporating these simple conventions into your planning, you take the first steps towards the cardinal objective of building a solid security program and a better business culture.

Identify strategic sectors or employees
In any organization, not everyone needs the same level of access to sensitive information, nor do they need the same security clearance. Be wise about it. Conduct a serious Threat and Risk Assessment (TRA) based on simple principles: Threat To + Threat From = Vulnerability Assessment. How does it work? Simple. First you need to identify what is really crucial to your company (intellectual property, key individuals, corporate secrets, etc.). That is “Threat To”. Then, move on to identify who is, or could have, interest in those sensitive elements. Now you have “Threat From”. When you overlap the findings of both, you will get a solid perspective on your real vulnerabilities. Not only will that dissipate false perceptions, it gives you a chance to optimize your budget allocated for security by focusing on the real vulnerabilities rather than “perceived” threats. In addition, don’t forget that, just like in the government where you have confidential, secret and top secret levels, any organization can have different levels of access. This can be easily granted and managed with your IT manager, access control system, or employee awareness program.

Train all management levels & develop awareness program
All security specialists know that the weakest link in any security plan will always be the human factor. That said, those same people are the ones who will implement your security strategy, so you need to enlist your management and all employees by developing a good business culture. Develop reflexes. Train them to watch for “red flags” (without becoming paranoid) and to care about fellow employees. Concern for the personal well-being of all employees is part of a good management practice (beware of the difference between nosy and truly caring).

Proceed to regular review
In a human environment, the only constancy is change. Even with all the best protections in place, remember that a regime of regular re-verification throughout the career of each employee can save your company from being caught in the web of espionage. For example, you bring a young engineer in at 24, and by 29 he or she might have been married, had children, gotten divorced, and is now struggling to pay child support… or maybe they have developed a gambling habit… is having an affair… is burdened by health issues, or a severe accident in the family requiring hours of unexpected care… there are many, many scenarios that can lead to a compromising situation. The point is, your security program needs to have regular checks. The easiest way is to include that process in the annual performance review where you usually meet with your employee to discuss their situation and interest in the company.

Don’t forget the executives
Too often companies will neglect to conduct the same level of review or support with Directors and the C-suite. Several studies have demonstrated that breach of security incidents often come from executives – they may be travelling, working long hours, and susceptible to an invitation of an easier, faster way to make money. Problem is, with their often full access to the most sensitive data and information, they can cut corners and circumvent security protocols, unlocking the sensitive network in ways that may go undetected. Make sure they too are part of the regular reviews and awareness programs.

None of this has to be complicated or expensive – the KISS principal ("keep it simple, stupid") will always have a place in security. Awareness, good stewardship and effective leadership can direct the process towards appropriate security practices. And when applied, people will see the benefits and will buy-in. You will soon recognize changes in your organization’s business culture, and the implementation of your new security measures will be validated.

Michel Juneau-Katsuya, a 36-year veteran of CSIS and author of the book, Nest of Spies, is a well-known authority on espionage.
© FrontLine Security 2014



Cyber Strategies
© 2014 FrontLine Security (Vol 9, No 1)

The Snowden leaks that were first publicized on 5 June 2013 in The Guardian, continue to have wide-ranging implications. They highlighted significantly developed US state cyber surveillance capabilities designed to counter complex threats within the domestic security space, including the NSA’s sec. 215 and sec. 702 programs. The capabilities were unprecedented in their reach (bulk collection and mass data storage of some 1.7 billion interceptions daily), and in their depth (enabled by computational metadata analysis). Security breaches aside, weaknesses in Western intelligence have become apparent, and 2014 will be a cardinal year of recalibration for Western intelligence.

More than just classified documents, the leaks revealed a US grand strategic approach to aggressively secure the homeland from terrorist attack. The grand-strategy was comprehensively applied in a global security context, in peacetime, domestically, and with resources beyond a military scope –but with a cyber technology-fuelled ultra-tactical focus. The result was a bifurcated strategy split between the grand strategic and the ultra-tactical.

Like using air power to fight enemy operatives in theatre, the cyber-surveillance programs employed a light, non-physical footprint, providing full-coverage of US domestic space, against a similarly light-footprint terrorist global strategic threat operating within US domestic space. Terrorists in the US could blend into the population, and potentially strike anywhere, so the US looked everywhere through the NSA 215 and 702 programs, treading increasingly heavily through the metadata to find them - collecting records en mass without reasonable articulated suspicion (RAS), contact chaining with three “hops”, using sophisticated computational metadata analysis, and leveraging the historical connections contained within years of stored data, all with the American people unaware.

The programs quietly expanded into a full-saturation surveillance presence – well beyond the light-footprint approach originally envisioned, and one with unprecedented ultra-tactical reach that could pinpoint individual terrorist needles within the US domestic haystacks. Leaked US Management Directive #424 detailed sophisticated US programs: the PRISM data mining program; the XKeyscore risk-scoring analytical program; the Enterprise Knowledge System suite of relational databases and metadata programs; and the Bluffdale, Utah Mainway mass data storage facility. Additionally, the “Shotgiant” program monitored Chinese global telecom giant Huawei, which boasts services reaching one-third of the globe.

The US programs are not unique. The Communications Security Establishment Canada (CSEC) intercepted and collected domestic communications and generated metadata, having gained ministerial approval in both 2005 and 2011, including from the Ottawa International Airport.[iii] Canadian authorities made nearly 1.2 million requests for telecom customer information, often without court orders.

The UK’s Government Communications Headquarters (GCHQ)’s Optic Nerve program (2008-2012) sought to locate suspected terrorists by deploying facial recognition programs against 1.8 million Yahoo webcam chat accounts, unbeknownst to Yahoo or its users. Images were collected at five-minute intervals (rather than as continuous feed) in an entirely inadequate effort to respect privacy. US Senators Wyden, Udall and Heinrich jointly criticized the “…breathtaking lack of respect for privacy and civil liberties”.[v] An expectation of webcam privacy was evident, with 3-11% of interceptions containing “undesirable nudity”.  GCHQ lacked the ability to adequately filter compromising images from (and for) its employees. The data was nonetheless uploaded to the NSA XKeyscore program.
The European Union collects and retains telecommunications metadata for at least 6 months. German law enforcement has engaged in intense cyber surveillance of suspected terrorists, in stark contrast to Germany’s conservative approach to surveillance post-WW II. The s.129(a,b) 2001-2008 “MG 1” investigation that targeted the Militante Gruppe (MG), claimed an alarming ratio of 3:200 original suspects to collateral victims of surveillance. Individuals were geo-located and their movements mapped through silent SMS ping-tracking of their phones (similar to Inmarsat’s ping hand-shake tracking of disappeared Malaysian flight MH370). The investigation was ruled unlawful in its entirety in March 2010 by Germany’s Federal Supreme Court (BGH), yet the data remains in cyber-storage.

Between March 2011 and March 2012, the Mexican Secretaría de la Defensa Nacional (Sedena) made significant purchases under non-disclosure contracts of cyber surveillance equipment, including equipment with audio and optic capabilities. The equipment was destined for use by an elite military group and the military’s intelligence Sección Segunda. It is unclear whether this program assisted in the February 2014  capture by Mexican special forces of most wanted Mexican cartel lead Joaquín “el Chapo” Guzmán Loera, in Culiacán, Sinaloa, which did involve wiretaps.
The capture of Osama bin Laden and the pinpointing of a previously unknown terrorist on US soil through the NSA programs - identified in the 23 January 2014 Privacy and Civil Liberties Oversight Board (PCLOB) report – were linked to cyber surveillance programs. Just how critical those programs were to locating them is unknown. Bin Laden, like Guzmán, was the subject of a complex, multi-year man-hunt. Cyber surveillance in German law enforcement investigations was found to be of limited value by the Frauenhofer Institute.
The international community’s continued inability to locate Malaysian flight 370 and the failure of Western intelligence to detect the recent public meeting of Al-Wuhayshi and some 100 Al Qaeda in the Arabian Peninsula (AQAP) affiliates in Yemen have raised important questions about over-reliance on technology solutions by Western intelligence.
Moreover, threat groups are adapting to intensified cyber surveillance. The Yemen meeting participants are believed to have minimized their cyber communications leading up to the meeting, consistent with Leistert’s interviews of some 50 activists spanning the globe, who indicated that groups are avoiding surveillance by “unplugging” from cyber communications, including removing batteries from devices – a practice believed to be shared by at least some within Huawei. This has resulted in reduced battlespace awareness, and the need for Western intelligence counter-innovation and recalibration. The negative effects of cyber surveillance on free speech and free association are also being felt at home. Former US President Jimmy Carter revealed in March 2014 that he actively avoids surveillance of his communications by using traditional mail service.
Greater oversight of intelligence programs alone is not the solution. US Senate Intelligence Committee Chairman Dianne Feinstein highlighted that the NSA programs are the most overseen within US intelligence.  The core problem may be the strategic bifurcation behind these secretive, highly-centralized programs that are ultra-tactically operationalized by personnel operating on the periphery of the strategic vision. Strategic coherence is thereby limited, but critical for methodological, operational, and information security soundness, and ultimately for program success. As with Obamacare, there was a vertical disconnect between the strategic vision and the rising tactical-focused tech stars who rolled-out the program. Dispersed access to the centralized metadata will likely increase through liberal Five Eye sharing, increasing law enforcement demand for cyber and geospatial intelligence, and with President Obama’s call for work-related access, rather than “need to know” or “need to share” access to metadata. Horizontal disconnect is also evident, with incident-focused technology experts leading the effort, and traditional surveillance scholars (who offer lessons learned, best practices, and a contextualized understanding of the societal impacts of surveillance programs) having been largely excluded from the programs. Moreover, achieving public support and private sector buy-in (including from CSO’s, CISO’s, and the C-Suite), which is critical to the long-run success of the intelligence programs, is becoming increasingly unlikely as details of the programs emerge.
Multiple drivers have produced the grand strategic/ultra-tactical bifurcation of Western intelligence cyber-surveillance efforts. Identifying and understand these drivers will be instrumental in bridging the Western intelligence strategic gap as it relates to cyber surveillance.
A sense of urgency in protecting the homeland has helped shift the West from intelligence- and defence-led paradigms to a security-led paradigm. The desire to secure everyone and everything, with a no-fail imperative, pushed the strategy toward a grand strategy of domestic full-coverage with creeping scope; while the need to establish attribution to specific individuals in order to pre-empt attacks, pushed the strategy toward ultra-tacticization through the unprecedented and privacy-eliminating deep profiling of individuals. This increasingly broad and deep operationalization arguably created overstretch within Western intelligence efforts. Overstretch was reflected in the weak legal footing of the programs. The NSA technology-driven light-footprint programs were loosely extrapolated from sec 215 of the USA PATRIOT Act (originally intended for handover of specific existing business records in relation to specific investigations) to allow for broad and continuous cyber bulk collection in the absence of applicable Supreme Court jurisprudence. Physical safety objectives were allowed to trump privacy rights and civil liberties. The NSA programs are currently being rolled back under Presidential Policy Directive PPD-28.
The over-reliance on a technology solution also drove bifurcation within Western intelligence strategy, at the expense of well-calibrated human intelligence analysis. Human analysis struggled to keep up with the volume and tempo of communications within the cyber landscape. The automation of responses at the ultra-tactical end of the spectrum emerged from the tech-led extrapolation of cyber surveillance to domestic counter-terrorism efforts.
This ultra-tacticization of the programs was accelerated by the blurring of method and mission. Collecting intelligence to support the mission gave way to bulk intelligence collection, storage and analysis programs that became the mission itself. No longer were targets selected based on reasonable suspicion, and then surveilled; rather society was surveilled, and the targets selected through metadata analysis – a fundamental shift within intelligence. Sustainable intelligence practice over the long-run was eclipsed by what was technologically possible in the immediate. State cyber-surveillance programs began to resemble cyber warfare targeting its own people through continuous, intense surveillance in the name of counter-terrorism – with unrestricted activity conducted by personnel without reasonable restrictions, and with civilians being targeted en mass.
Beyond targeting, the technology-led approach also appears to have affected analysis decisions. Assumptions made to wade through the metadata were sometimes questionable, and may signal a Western intelligence capability gap across multiple strategic levels. The MG 1 investigation assumed that if a phone was turned off it indicated the subject was engaging in conspiratorial behaviour. Optic Nerve, in an attempt to eliminate the many privacy-compromising photos from being queried, made the assumption that if a certain percentage of an image included skin it was pornography, potentially leading to false positives for criminal activity and the potential for additional meritless investigation and intrusion.
The high cost of HUMINT, analysis, and training in times of austerity, have increased the attractiveness of computational analysis for intelligence agencies trying to achieve economies of scale. Technology that could go broad and deep was seen as the best return on investment. With OSINT volunteers (such as Grey Goose, the Cyber Minutemen, Blue Servo, and the Minutemen Civil Defense Corps) having proved controversial and unsustainable, and the private telecommunications sector unwilling to store and query metadata for the intelligence community, governments pursued a technological solution to provide discrete, full-coverage of the domestic space, with pinpoint attributional accuracy.[xviii] The cost-value calculation failed to adequately take into account the risks inherent in the strategically bifurcated programs that operated under an assumption of sustained secrecy from the public.
Increased pressure to share information amongst allies on globalized threats has resulted in lowest common denominator intelligence sharing. State protections regarding privacy and civil liberties, and legislated restrictions on intelligence collection activities, have been circumvented by metadata sharing amongst partner states, just as rendition programs allowed countries the benefit of torture-derived intelligence, while themselves banning the practice. Optic Nerve provided the US with data on US citizens that they could not otherwise have collected. Such peripheral accessing of otherwise prohibited information increasingly distanced the cyber surveillance programs from the strategic light-footprint vision of the programs.
Western intelligence cyber surveillance efforts have arguably gone down a rabbit hole, and evaluation is required beyond the roll-back of existing programs and increased intelligence oversight. 2014 will mark a key year of recalibration for intelligence efforts that have become strategically bifurcated and unsustainable. Strategic coherence and control must be re-established in order to effectively and sustainably protect domestic populations against globalized threats in difficult economic times and within a rapidly changing cyber landscape, while still respecting the rights and trust of Western populations.

Bonnie Butlin will be formally inducted into the International Women in Homeland Security and Emergency Management Hall of Fame in November 2014.
This article was also published in the Summer 2014 edition of The Winston Report.
© FrontLine Security 2014



PHAC on the International Scene
© 2014 FrontLine Security (Vol 9, No 2)

The Public Health Agency of Canada (PHAC) was created in 2004 within Health Canada to help protect and improve the health and safety of all Canadians and to strengthen the health care system. Public health in Canada is a shared responsibility between all three levels of government in collaboration with the private sector, non-government organizations, health professionals and the public. At its outset, the challenge of the H1N1 bird flu epidemic was well handled under the guidance of its highly-respected Dr. David Butler-Jones, Canada’s first Chief Public Health Officer.

To maintain its currency and pertinence, PHAC must maintain a broad and current base of medical and public health information with sound national and international links to alert us all to potential threats. Germs and diseases, we must remember, are immune to our borders, governance, rules and legislative terms of reference.

Health Canada, and PHAC therefore, is now well established as part of the Global Public Health Intelligence Network (GPHIN) which “serves as an early warning global surveillance system disseminating information on global public health events through a secure website, on real-time 24/7 basis”. This accurate and timely information network is vital to Health Canada’s Centre for Emergency Preparedness and allows the broad and detailed public health information to be disseminated across Canada and throughout our Health Portfolio (www.phac-aspc.gc.ca/portfolio-eng.php).

As well, the information provided by the Global Public Health Intelligence Network supports the necessary rapid response programs to handle identified emergencies with such resources as the World Health Organization’s Global Alert and Response Teams.
On the international level, one must also mention Health Canada’s role with its Counter-Terrorism Coordination and Health Information Networks (CTCHIN) responsible for providing accurate and current information and counsel to all relevant agencies, as well as collaborating and sharing with international agencies on:

  • Health issues related to chemical, biological, radiological and nuclear( CBRN) events;
  • Specific emergency management issues;
  • Latest research, policies, programs, training, literature and conferences on CBRN issues;
  • General health preparedness and response information for the public.

At this higher level, in May of this year, Canada, the US and Mexico signed a Declaration of Intent to coordinate their Health Emergency Public Communications. This tri-lateral agreement is intended to allow all to share public communication plans, statements and other communication products related to health emergencies prior to public release; and apprise other authorities, depending on the type of emergency, with their respective governments when the declaration is invoked.

Formal exchange of this information is made through the PHAC’s CANADA HEALTH PORTFOLIO OPERATIONS CENTER. This centre is the hub for the Minister of Health who is responsible for maintaining and improving the health of Canadians.

As already mentioned, the key audience and contributing advice to the Minister of Health is the group known as the HEALTH PORTFOLIO which comprises Health Canada, the Public Health Agency of Canada, the Canadian Institutes of Health Research, the Hazardous Materials Information Review Commission, the Patented Medicine Prices Review Board and Assisted Human Reproduction Canada. The Health Portfolio consists of approximately 12,000 full-time equivalent employees and an annual budget of over $3.8 billion.

In April 2012, PHAC committed to developing milestones for the National Office of Health Emergency Response Teams. This was followed up with its participation in a Health Surge Capacity Task Group to develop an Operational Framework for Mutual Aid Requests (OFMAR). This framework provides tools to address surge capacity requests for registered nurses and physicians from other jurisdictions to work in familiar types of clinical settings. Though dealing specifically with nurses and doctors, it does not preclude mutual exchange of other health care professionals. This framework was officially endorsed in Dec 2013. The “Framework” is being expanded to address other mutual aid needs.

One need only visit the Health Canada and the PHAC websites to appreciate the currency and breadth of information that is handled daily by its Operations Centre.

For instance, on the matter of the return of a Canadian team from West Africa for isolation and observation reported on 28 August of this year, the Public Health Agency advised the Canadian Press that it “remains committed to the effort to control the Ebola outbreak in West Africa and will send another team to restart the lab operation at Kailahun after appropriate steps are taken to ensure a safe living environment for the scientists.”

One should also browse the mandated Annual Reports from the Chief Public Health Officer to understand the breadth and depth of the work being done daily on our behalf over the last decade. (www.phac-aspc.gc.ca/cphorsphc-respcacsp/index-eng.php)

At the provincial and regional and municipal levels we are equally well served. For example, looking to the future, the Chief Medical Officer of Health for Ontario, Dr. Arlene King, MD MHSc, FRCPC, stated in her 2012 review that:


  • Educate the public and health care providers about infectious diseases;
  • Improve scientific literacy;
  • Reinvigorate Ontario’s immunization system;
  • Reduce sexually transmitted and blood-borne infections;
  • Reduce health care-acquired infections;
  • Discourage the inappropriate use of antibiotics;
  • Improve information and knowledge systems; and
  • Reduce preventable diseases by continuing to address modifiable risk factors that put people at risk of bad outcomes from infectious diseases, such as tobacco use and harmful alcohol use: and by promoting healthy environments both natural and built.”

These words reflect much of what is repeated in the National Annual Reports from our national CPHO.

Much has happened in this last decade since PHAC was formed. The visible leaps in improvements to our health care system and our ability to mitigate and respond in time to health threats in Canada have played an important role in ensuring our overall security. As our population ages and we depend more on immigration for our growth these challenges will grow along with us.
WE MUST be ready.

Clive Addy is the Executive Editor of FrontLine Security.
(PHAC public affairs staff provided information and data for this article)
© FrontLine Security 2014



Cyber Security
The Dangers of Ignorance in the Boardroom
© 2014 FrontLine Security (Vol 9, No 3)

A worldwide survey of 10,000 executives in 154 countries by Forbes revealed that corporate security, including cyber-security budgets, had been reduced at a time when cyber breaches were rising dramatically. The survey found that corporate boardrooms were either ignorant of the risks, or demonstrating “ostrich-like” behaviour and ignoring the risks of cyber-security breaches. These results are especially of concern given the ever-increasing number, severity and sophistication of cyber-attacks in a treadmill of expanding sectors including retail, finance, education, national defense, health care, and other levels of government.

This particular survey begs the question: Does the corporate director have a fiduciary duty of oversight with regard to cyber-security and its relation to risk management functions within the organization? This article will focus on key cyber governance questions that responsible Directors must ask corporate officials as part of their duties to assure an effective corporate information and reporting system. Failure to fulfill this fiduciary duty could result in massive class-action lawsuits for losses incurred caused by non-compliance with such duties.

Actual and potential risks demand vastly increased Board oversight of the cyber-security governance
The news of actual cyber-security breaches should scare every corporate board in the world. In just one of a multitude of high profile examples, an estimated 40 million credit and debit cards were stolen from ­Target Corporation – over 70 million personal data items are now in the hands of hackers. The cost to the company just in terms of the attack is in the hundreds of millions, and potentially billions in the face of lost reputation and trust. Proxy advisor ISS has advised against the re-election of all of Target’s audit and CSR committees, arguing that these committees failed in their duties to monitor the risks to sensitive information.

Class-action law suits against Target and other companies arising out of cyber security breaches have argued the directors of these companies failed to take reasonable steps to maintain the personal and financial information of customers in a manner that met their fiduciary duties and kept such information secure.

In countries with developed corporate governance laws, such as the U.S. and Canada, case law typically imposes a fiduciary duty of good faith to assure that the corporation’s information and reporting systems are adequate, and that failure to meet this fiduciary duty can result in ­directors being liable for losses caused by non-compliance with the applicable legal standards. While directors can still plead in defence of such liability for cyber-security breaches that they exercised informed and good faith business judgment, they must provide evidence that such judgment was indeed exercised and not left to other officials in the corporation.

A leading benchmark in the U.S. is the 1996 Caremark decision, which established the basic duty of directors to attempt to ensure that corporate information and reporting systems are adequate and that failure to do so, under some circumstances, may render directors liable for losses. The facts presented concerned failure of the directors to place adequate internal controls – the lack of which enabled employees to commit criminal offences, and resulted in substantial fines to the company.

In Canada, decisions of the courts have made it clear that boards and even directors who resign after there have been breaches of fiduciary duties can’t escape liability if they have not exercised proper judgement when relying on external experts without proper supervision and directions to external experts. While such cases have dealt with excessive compensation, the reasoning could apply also to relying on inadequate external advice on cyber security threats.

In light of this critical, fiduciary duty to exercise oversight over the corporation’s cyber security governance system, the table below highlights some of the more basic critical information required, and questions and that Boards must demand be answered by corporate officials or external experts.

In addition to these questions, boards should also ask if the company should consider adopting the NIST cyber security framework released on February 12, 2014 by the US Department of Homeland Security. According to the website of the NIST the Framework was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure. The prioritized, flexible, repeatable, and cost-effective approach of the Framework helps owners and operators of critical infrastructure to manage cyber-security-related risk.

The list of critical questions below could be much longer than these six, but it has been shortened in the knowledge that the majority of existing board directors are not experts in cyber security and will need more of general signposts towards fulfilling their fiduciary duties on the growing multitude of cyber threats that face their companies in the globalized wired world. They are expected to understand that asking the right questions is critical for the company and its internal and external experts to then provide the right answers.

Professor Errol Mendes is a well known lawyer, professor at the University of Ottawa, and a consultant on corporate ethics, governance and compliance. He has acted as an  adviser to the UN in these areas. emendes@uottawa.ca
© FrontLine Security 2014



Cyber Crime and CI in the Americas
Only as Strong as Our Weakest Link
© 2014 FrontLine Security (Vol 9, No 1)

The British Virgin Islands (BVI) House of Assembly passed the Computer Misuse and Cybercrime Act on 13 March 2014. This Bill stiffens penalties for crimes related to both the ­distribution of child pornography and also the publication of confidential data. The Bill was deemed necessary after an embarrassing incident last year in which 2.5 million confidential files were leaked from two national trust companies. Opponents have criticized it as a move against the freedom of the online press, but its supporters, including Premier Orlando Smith, regard it as necessary in protecting the financial services industry and, perhaps more to the point, BVI’s national security.

Whether the leaked files constitute a blatant act of criminality or of “hacktivism” aimed at shedding light on tax shelters and stashed wealth, is a debate for another essay. For now, let us focus on the risks associated with operating in cyber space and on identifying weak links in the fight against cyber crime – ­particularly through the lens of emerging markets struggling to develop modern ­critical infrastructure in an increasingly ­perilous cyber landscape.

The dissemination of confidential data, such as took place in BVI, should come as a wakeup call for any person, company or government participating in an increasingly connected world, where privacy is an endangered commodity and ostensibly small security breaches can pose a threat to the very foundations of society. Everyday invasions of privacy, such as a hacked Twitter account, may seem trivial occurrences considering the massive structures that have been linked to International Cyber Terrorism (ICT) over the past decade and a half, but they should alert us to the presence of a shadowy, increasingly sophisticated criminal class, and remind us that this vast global network we share with this criminal element remains highly insecure due to a number of critical deficiencies.

What is at stake? The U.S. Department of Defense has recognized that cyber attacks will be among the top threats to national security in the next decade. Furthermore, in response to “repeated cyber intrusions,” President Barack Obama issued Executive Order 13636: Improving Critical Infrastructure Cybersecurity, in February2013.

As pertains to the EO 13636, the U.S. describes critical infrastructure as “systems and assets, whether physical or virtual, so vital… that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”

The list of vital services being linked to ICT is long and growing: electricity generation systems; gas and oil production, transport and distribution; telecommunications services; water distribution systems; agricultural production and distribution; public health systems; transportation systems; financial services; and military services. Thus, in terms of the security of any nation of the Americas, whether rich or poor, the stakes could not be higher. Yet “Many countries, especially developing ones, struggle with awareness of cyber issues. The fact that cyberspace is an intangible force makes it easy to downplay the [important role] networks play in the highly connected world in which we live.” That was a conclusion drawn from the Organization of American States/Inter-American Committee Against Terrorism (OAS/CICTE) Regional Cyber Security Symposium that took place in November 2013 in Montevideo, Uruguay.

“Awareness” is the key word here because it represents a strategic launch point in the movement against cyber crime. Awareness also presents the first of many challenges, as it may prove difficult to galvanize an effort against crimes that go undetected, and criminals whose livelihoods largely depend on avoiding detection.

As the OAS/CICTE notes, “Network intrusions are routinely discovered months or even years after the original breach was perpetrated.” Indeed, there even appears to be no established terminology for nations to report upon. In fact, the term ‘cyber incident’ was neither uniformly understood nor applied among the 20 OAS member nations volunteering to report on instances of cyber crime to the CICTE.

A lack of awareness would be far less dangerous if cybercrime were strictly a national problem, however, like money laundering and international terrorism, cybercrime is a threat that respects neither international borders nor the sovereignty of nations. Defenses must be coordinated multinational efforts with active public and private sector participation. Parallels can be seen in current anti-money laundering – countering the financing of terrorism (AML/CFT) efforts in the Americas – for which organizations like the Caribbean Financial Action Task Force (CFATF) are seeking to establish a unified front. There are, of course, obvious overlaps when it comes to cybercrime, terrorism and money laundering. Therefore, CICTE describes its mission thusly: “to promote and develop cooperation among Member States to prevent, combat and eliminate terrorism.”

The notion of cooperation leads us to emerging markets and their role in the fight against cyber crime.

Before delving into specific examples, we must underscore the head start that cyber criminals have had. From 2001 to 2011, the number of per-capita Internet users in North America increased by more than 152%. Latin America and the Caribbean experienced a 1,037% increase in that time. Look at nearly any jurisdiction in the Caribbean and you will likely find one or several telecommunications providers scrambling to roll out universal coverage.

Such astronomical growth comes with obvious benefits at an individual, corporate and government level. ICT advances have opened new channels for attracting foreign direct investment and for small and medium-sized businesses to gain a foothold and participate in international trade. More developing nations are turning to various modes of e-governance, to increase public sector efficiencies and modernize services.

But such rapid expansion comes at a price! The fact is, many governments – ­particularly those of small-island developing states (SIDS), have been slow to respond to the Internet boom (for many reasons, as outlined by the OAS/CICTE), and it is probably not reasonable to assume that nations with small populations (and small governments) will have the financial resources or technical knowhow to enact legislation that will bring its anti-cyber crime regime up to international standards. Many of these countries already find their law enforcement resources stretched thin as they deal with high crime rates that include murder, theft and drug trafficking – tangible crimes which, at least in appearance, are the more immediate security threat.

But, as the Barbados-based Caribbean Cyber Security Center (CCSC) points out, cyber crime has already surpassed the international drug trade in terms of illicit revenues. Failure to respond at a regional level is precisely what is turning the Caribbean/ Latin American region into a hive for cyber criminality. To illustrate, the OAS reports that, in Jamaica, instances of cyber crime increased more than 14% each year since 2012, with most of the cases related to attacks on public institutions.

In spite of a public awareness campaign, Jamaica’s lack of incident response, investigation personnel and international cooperation indicate that the island remains a weak link, with serious cyber crime deficiencies. That only four criminal convictions (including one individual charged with attacking Jamaica’s critical infrastructure) took place between 2010 (the year the Cybercrimes Act was passed) and 2013, has led Parliament to establish a joint committee to review the Act and recommend ­revisions to bolster the Organized Crime Investigation Division’s Cybercrime Unit.

This is not intended to pick on Jamaica. The CCSC predicts that “the level of sophistication of attacks will increase…We can look forward to more web site defacement, more DDOS attacks and more breaches in customer account data across the region. There will be new strains of malware, spyware and crimeware and an increase in the number of botnets in this region.”

Even the mightiest economic powers of the Latin American/Caribbean region have had difficulty keeping pace with cybercriminals.

From 2011 to 2012, Mexico – ‘ground zero’ for cybercrime in the Americas – reported more than a 40% increase in cyber incidents, with the majority of cases attributed to hacktivist activity. According to its 2013 survey, Norton Symantec found that cyber crime cost Mexico an estimated $3B in 2012 (nearly double that of 2011), and represents a growing percentage of the total amount that cyber crime costs the world on an annual basis ($110B in 2012). What is noteworthy is the rate of increase of cyber crime, and the way Mexico is trending to become a regional hub. It will be interesting to see if the trend continued last year when Norton’s 2014 report is released.

Mexico’s high level of connectivity has combined with a well-documented struggle with organized crime to establish a true hub for cyber criminality. Over the past 10 months, the U.S. Public Security Secretariat (SSP) has reported over 1,300 incidents of cyber crime in Mexico City alone, including widespread identity theft and child pornography.

Jamaica can’t go it alone. Nor can Mexico, which has decidedly more resources at its disposal. Changes may be on the horizon. Argentina, Chile, Colombia, Costa Rica, Mexico and Panama have been invited to accede to the Budapest Convention on Cybercrime, the treaty that in 2001 established international standards for addressing Internet and computer-related crime.

Paraguay and Peru have also expressed interest in signing on to the convention, which, to date, only the Dominican Republic has joined. On 31 March 2014, Mexico held a national workshop on cybercrime legislation, and an international workshop took place in 1-2 April, with the backing of the OAS and the Council of Europe.

For its part, the CCSC has outlined an expansive, eight-point road map for ­bolstering cyber security standards in the Caribbean:

  • Establishment of a Caribbean Cyber Security & Crime Non-Governmental Organization or Secretariat.
  • Establishment of a Regional Cyber Security Assessment Service Desk for Government Networks.
  • Establishment of a Caribbean Cyber Security Operations Center (CCSOC).
  • Enhancement of Regional Cyber Security SME for the Public & Private Sectors.
  • Facilitate Improved Caribbean Cyber Security & Crime Research and Development Partnerships with Key Global IT Security Solutions Providers and Organizations.
  • Establishment of a Caribbean Public Sector Regional Cyber Security Awareness Campaign.
  • Facilitate Regional Cyber Security & Crime Information Sharing.
  • Establishment of a Regional Computing Crimes Forensics Capability.

Of course, the weakest link in cyber security remains the individual. The Information Age has led us down a path from which there is no return, and exposed us to conveniences that most would probably not be willing to give up. As technology becomes more pervasive in our lives, public awareness and educational campaigns may prove the most effective means of shrinking the playing field for would-be criminals.

Still, as seen in Jamaica, public awareness will not be enough. Though no doomsday scenarios have yet come to pass, the time has come for the Americas to take aggressive measures to assure that none ever do. All countries must be on board – from Montserrat to the United States – because all have a stake in cyber security.

Safe and smart computing, the establishment of proactive cyber security hubs, like those envisioned by the CCSC, and international cooperation will all play ­pivotal roles in protecting ourselves, our businesses and the critical infrastructure ­systems upon which our societies have come to depend.

Nathaniel Bowler is an author, blogger and leading regional analyst with expertise in the Caribbean markets. Nate has worked as a contributing author for regional publications, distinguishing himself through analysis of key topics such as cyber security, anti-money laundering, public-private partnerships, sports tourism and alternative energy.
© FrontLine Security 2014



Public Safety Communications
© 2014 FrontLine Security (Vol 9, No 2)

Much activity and improvement in the realm of public safety communications interoperability have occurred since the horrific events of September 11th, 2001. One very promising area is that of wireless paramedicine, the ability to get paramedics, and the health community they support, the information they need when needed.

Despite all the successes, often driven by the practitioner community, a great deal remains to be accomplished. While having made some progress, two issues that continue to face major hurdles, primarily in the areas of policy and governance, are the use of 700 MHz broadband for mission critical public safety data and a national level vision and strategy for Next Generation 9-1-1.

Our ageing population increases the need for mobile healthcare (mHealth). This is absolutely dependent on getting the right information to the right people, at the right time, in the right place, and on the right device. While there has been an explosion of various “apps” and innovative technology (including capabilities like wireless ultrasound, remote home vital signs monitoring, and virtual referrals to specialty services), the one thing we continue to lag on is a national public safety broadband capacity.

Public safety and emergency management agencies are facing a huge challenge and massive opportunity with the onset of Next Generation 9-1-1 (NG9-1-1), which Canada’s current 40-year-old system must move towards. This is critical and overdue.

New technologies are slowly being implemented in a patchwork of public safety answering points, or 9-1-1 centres, across Canada. For instance, a texting service that began commercial testing in 2013, now allows members of the deaf, deafened, hard of hearing or speech impaired community to sign up for this service with their wireless provider. Servicing only a few major cities so far, T9-1-1 will be more widely available as 9-1-1 call centre upgrades are completed. (see textwith911.ca)

This is a great first step. It provides agencies an opportunity to walk before they run towards full implementation of NG9-1-1. Once fully implemented, which will take years, NG9-1-1 will exchange a wide range of information with the public – such as photos, videos, and data (including personal health information).

Many new technologies are already being worked on. A quick look into the future will see this scenario as a reality: Imagine your loved one, who has a wireless pacemaker, collapsing in front of you. Instead of dialling 9-1-1, you quickly open an app. A touch of the screen will contact NG9-1-1 and transmit your precise location; details of the patient’s health history and a stream of data from their pacemaker flows immediately towards paramedics – who have already been alerted and are on the way!

Of course, the true measure of this vision is not financial, but that of returning the patient safely home to their anxious family. However, take a moment to contemplate the widespread savings throughout the entire healthcare system.

In a similar realm, the Canadian Advanced Technology Alliance (CATAAlliance) recently launched a national program on mHealth. Part of that program saw the creation of a new “Mobile Heath Advisory Board.” Its vision is “of a health care system that adopts a ‘mobile first’ mindset, thereby creating a better user experience for all Canadians and driving cost efficiencies in the delivery of health care.” (www.cata.ca/communities/mhab/).

What is 700 MHz and why is it so important to PUBLIC SAFETY and EMERGENCY MANAGEMENT?

August 2011 marked the transition from analog television to digital in Canada, freeing up spectrum, often called the “Digital Dividend,” for potential use by public safety. Many private and public agencies were vying for the additional spectrum, with some estimates placing the value of 20 MHz of this spectrum as high as $2 billion.

700 MHz is often called “beachfront” property due to its ability to travel long distances yet still penetrate buildings well. These attributes are valuable to public safety and commercial carriers who wish to licence the spectrum for resale back to consumers and responders alike.

For more about 700 MHz and public safety’s “Call to Action” and a wealth of information, templates and tools, please see www.action700.ca

As Will Rogers once said: “A vision without a plan is just a dream.” Based on this principle, the Canadian Interoperability Technology Interest Group (CITIG) began working with many of Canada’s leading experts in 2008 to develop what is now known as the Communications Interoperability Strategy (CISC) for Canada.

The Strategy worked its way through the approval processes and was almost completed in December of 2010 when CITIG launched its drive for the 700 MHz spectrum, known as “Action 700.” The Canadian Associations of Fire, Police and Paramedic Chiefs confirmed the need for a national public safety broadband capability, and CITIG announced its intention to seek 20MHz of the 700MHz spectrum for public safety use in Canada at the 2010 Canadian Public Safety Interoperability Workshop held in Victoria.

In January 2011, at a ceremony hosted by the Province of Ontario, the Federal, Provincial and Territorial (FPT) Ministers Responsible for Emergency Management approved the CISC. The strategy included multiple action plans with concrete timelines and deliverables, including an action plan for 700 MHz. As a result, this issue went from being a responder driven vision to a confirmed national public safety and emergency priority.

While the roadmap for this has a “home” in the CISC’s Action Plans, the same is not true for NG9-1-1. CITIG and their partners, the Association of Public Safety Communications Officials (APCO) Canada and the Canadian Chapter of the National Emergency Number Association (NENA) subsequently joined forces to host the “NG9-1-1 National Governance and Coordination Workshop in 2013. With about 70 of Canada’s leading experts in attendance, the workshop resulted in a number of key recommendations. (See: http://www.citig.ca/Data/Sites/1/ng911/ng911-national-goverance-and-coor...).

First and foremost (and no surprise due to the importance of governance) was the recommendation that: “NG9-1-1 be developed and considered as a Communications Interoperability Strategy for Canada (CISC) Action Plan and be governed under the Communications Interoperability Strategy for Canada governance model.” While widely supported, this recommendation has yet to be implemented.

In a very positive first step, Industry Canada, which regulates Canada’s radio spectrum, announced in March 2012 that it was setting aside 10 MHz of the 700 MHz broadband spectrum for “public safety use” in Canada and along the Canada-U.S. Border. Our American counterparts had, just the previous month, received the full 20 MHz of 700 MHz broadband spectrum for their use – along with a promise of approximately $7 billion to start building a national public safety broadband network.

While the Industry Canada announcement was met with wide praise from responder agencies across the country, they still anxiously await a decision, after more than two years, on the second 10 MHz. Industry Canada has certainly been busy, conducting research, reaching out to stakeholders and developing a position. While their recommendations are confidential, we are cautiously optimistic that a positive announcement will be forthcoming.
On the technical front, a great deal has taken place since 2012. Led by the Centre for Security Science (CSS), a part of Defence Research and Development Canada, in partnership with a wide range of stakeholders in Canada, the United States and internationally, various technical working groups have developed a solid technical foundation for both the Canadian Public Safety Broadband Network (PSBN) and how it would link to the US “FirstNet” along the border. (See www.firstnet.gov)

The CSS is also working on a “deployable” 700 MHz system. With the vast majority of Canada, like most of the world, being remote and lacking communications infrastructure, the requirement for alternate systems, sometimes as small as a back pack, is obvious. However, technical solutions are not simple.

With this in mind, CSS is again partnering with the U.S. Department of Homeland Security’s Science and Technology Directorate to plan the Canada-U.S. Resiliency III Experiment, called CAUSE III, to improve cross-border interoperability and regional resilience through enhanced situational awareness. CAUSE III will take place in the fall of 2014 along the Canada-U.S. border between Alberta and Montana.

While Canadian Science and Tech leaders, and their industry partners, drive forward on technical aspects of mission critical broadband data, we still lag on the far more important issues of governance and policy.

In early 2012, CATAAlliance, in partnership with CITIG, the Federation of Canadian Municipalities (FCM), Public Safety Canada and the Senior Officials Responsible for Emergency Management (SOREM), organized a workshop to make recommendations on the governance of the future “Public Safety Broadband Network” (PSBN). After a broad exploration of governance models and best practices, the resulting recommendation was to create a new Not-for-Profit (NFP) corporation.

Key to this choice was the fact that the recommended governance roadmap respected Federal, Provincial, Territorial (FPT) and Municipal participation. This new NFP would also include such other stakeholders as the tri-service Chief’s Associations, FCM, and CITIG.
Though not discussed in 2012, this NFP could also help attain other “national” interoperability goals such as NG9-1-1, Alerting, Public Safety Cloud, Multi-Agency Situational Awareness Systems, and others.

Though rarely discussed in the media, one of the most critical aspects of handling public safety and emergency management events, small or large, is the effectiveness and pertinence of policies and procedures. Often called “Standard Operation Procedures”, these SOPs are based on years of experience, lessons learned, legal requirements, and a host of other considerations.

As any Incident Commander knows, one of their main responsibilities is to review SOPs as part of any emergency “after action report” process. Often, this means making changes or, in some cases, drafting new SOPs, for review and subsequent implementation by the organization(s) involved.

What are the SOPs for a public safety broadband network? Who will have final say on who gets the majority of the broadband capacity during any given incident? What if police, fire, paramedics and emergency managers all believe THEY need the majority of the spectrum? Who decides?

For instance, imagine an emerging incident along the Canada-U.S. border. With Detroit-based FirstNet users on their side of the border, and Windsor- based PSBN users in Canada, both requiring the full 20 MHz, who gets the final say? What are the SOPs? What is the best governance model for cross border interoperability?

These are just a few of the questions that will be discussed at CITIG’s upcoming “Canada-U.S. Bi-national Cross Border Interoperability Workshop” being held in Windsor on 20-22 October 2014. Thanks to a grant from the Motorola Solutions Foundation, the Workshop is designed to support and promote the transfer of best practices and experience, and the development public safety interoperability between nations.

There is absolutely no doubt that Canada has been well served by the various public safety and emergency management leaders spearheading improvements to our communications interoperability capabilities. Over the past few years they have been committed to moving these issues forward. But there is much more to accomplish. As Robert Frost’s poem said so well: “…I have promises to keep, And miles to go before I sleep, And miles to go before I sleep.”

Both the Canadian Advanced Technology Alliance and Canadian Interoperability Technology Interest Group are committed to continuing our efforts to improve public safety communications interoperability in Canada and with our U.S. partners. Why not join us?

Chief Jeff Brooks worked as a Paramedic for Forest District Ambulance Service from 1986 until 2001 when he was promoted to Supervisor. He became the County of Lambton’s EMS Quality Assurance Manager in 2004, and later became EMS Acting Manager/Chief in 2008. Jeff is an Equivalency Examiner for the Ontario Ministry of Health. A Certified Municipal Manager with his EMS Executive Designation, he continues to work on committees for the Ontario Association of Paramedic Chiefs.

Inspector (Ret.) Lance Valcour O.O.M. is the Vice President of Public Safety & Emergency Management for the Canadian Advanced Technology Alliance. He retired from the Ottawa Police Service in 2010 after 33 years of service. He then led the Canadian Interoperability Technology Interest Group, and now chairs the International Association of Chiefs of Police Law Enforcement Information Management Section and is Technical Advisor to the Canadian Association of Chiefs of Police Information and Communications Technology Committee.
© FrontLine Security 2014



The Cyber Protection Equation
© 2014 FrontLine Security (Vol 9, No 3)

Although Henry Ford wasn’t referencing network security when he said “getting ready is the secret of ­success”, his words are particularly appropriate when talking about keeping the cyber world safe. Despite all available security precautions, it’s just a matter of time before a breach happens – and when it does, the fallout is significant.

As a sign of the vulnerable times we live in, 2014 has been dubbed “The Year of the Breach.” Of course, we’ve heard that before. We see more sophisticated and more costly breaches every year. If recent discoveries about some of the leading retailers are any indication, that trend isn’t going to change ­anytime soon.

And it’s worldwide. Our research shows Russian hackers taking aim at government, military, and security operations – gleaning information that would likely benefit the Russian government. We have also uncovered political hacktivists in Iran, who appear to be conducting full-out espionage against Iranian dissidents and U.S. defense firms.

But it is not always about spying, sometimes hackers want access to their victims’ bank accounts. Other times, they may be after IP-related details. And the frightening fact is, it doesn’t matter how many ­millions of ­dollars are spent on security measures – targets of all shapes and sizes have fallen victim to zealous hackers with an agenda.

Of course, there is the enormous financial hit of a breach to consider, with untold amounts of money spent on mitigating the losses. But there are other costs to consider. Following a breach, businesses face losing customers and credibility – intangibles that are very difficult to put a price tag on.

Be Prepared
Standard breach timelines repeatedly show that most companies are not prepared for a network attack. Discovery might take minutes or months, but regardless, it takes time to determine the depth and the damage.

What’s to blame? Unprotected networks? Failed technology? Lack of staff? Any of these could shoulder the responsibility of a data breach. Put all of them together and you may as well personally hand over your password to attackers.

But is blaming the “perimeter” the right answer? Just as first responders will shore up the perimeter of a disaster by putting defenders around the scene, corporations large and small focus their efforts on protecting the network. Resources are dedicated to keeping the bad stuff out and protecting what’s inside. Restricting access is definitely a good move and must be part of the solution.

But what if something breaches that carefully laid-out defense? There’s nothing left to mitigate the attack, because all the resources were dedicated to prevention.

First Responders
What if that equation changed? What if, instead of investing everything in keeping a network protected, we dedicated equal resources to incident response?

Breaches happen. The key is not to invest 100% in preparing for a breach; we need to prepare equally to respond.

Three key factors can help when a security incident occurs: a mix of reliable intelligence feeds; data capture and analysis tools; and the ability to anticipate and adapt.

Reliable intelligence. An intelligent alerting system, which is threshold-based and sends out alerts before problems even exist, offers a first glimpse into potential threats. This same system can trigger other actions when an alert is generated, whether it’s sending emails to specific groups or notifying other work flow systems that something out of the ordinary has occurred. Understanding the nature of a threat, and how to use that information to assess risk, is critical to preparing a response. Who is likely to attack and what would they be after? What could possibly be exposed? A solid threat analytics platform can help answer these questions.

Analysis tools. This seems obvious, but there are two parts to this requirement. Clearly technology needs to be able to capture and provide endpoint data. It also should provide forensic tools to investigate where, when and how a breach happened. But part of the arsenal includes security analysts, who need to be well trained in how to reverse engineer. Just like first responder training covers all aspects of emergency preparedness, analysts need training to respond quickly and confidently regardless of who breaches the perimeter and what they are after. When a breach happens, security analysts have to be prepared to run a large-scale investigation and remediation effort.

Assessment. Attackers don’t rely on the status quo. They’re continually adapting their approach to find new ways to exploit weaknesses, which means anyone with a computer need to continually assess and adapt as well. Review the value and relevance of each security tool, anticipate when it will be out-of-date, and adapt to keep pace. For example, not long ago, we relied on firewalls to keep networks safe. It didn’t take long for hackers to circumvent them, making some anti-virus protection obsolete almost as quickly as it appeared. The ability to be nimble and change with the current threat landscape is essential.

Of course, this is not an extensive list. There are plenty of other steps to an effective incident response plan, but these key elements are a strong start. It’s important to note that all of these need to be in place before a breach happens. Once attackers have found their way into a network, it’s too late. You can’t capture the past. You can’t fully analyze the events that led to the breach because of the many unknowns. Vulnerabilities may have been exploited and modified for future uses. You’re forced to try to clean up without hope of mitigating damages.

The bottom line? Technology alone won’t defeat a determined attacker. Threat actors can find their way into even the most up-to-date systems. Companies need a multi-pronged approach to network security that includes detection, prevention, analysis and resolution strategies. Those who can be adaptive and formulate a strong incident response strategy will find themselves better prepared to respond to a breach quickly, effectively, and – ideally – with as little impact to its customers, its checkbook and its credibility as possible.

Robert Masse is a Director at Mandiant Security Consulting Services.
© FrontLine Security 2014



Insider Threats to Cyber Security
The Enemy Within
© 2014 FrontLine Security (Vol 9, No 1)


“We have seen the enemy and he are us!”

The foregoing adage, oft thought of as the whimsical perspective of a fictional swamp dweller (“Pogo”), is a truism and a warning when considered in the realm of cyber security. The common perception that cyber threats are usually external to the target system ignores the reality that the system user, administrator or vendor is frequently an essential element in the waging of a successful cyber-attack. The Hollywood image of the lone hacker sitting in a dark bunker cleverly using a multitude of high tech machines to single handedly, forcefully penetrate and control a distant computer system couldn’t be farther from the truth. Having participated with my wife in raising seven children, I can take ­analogies from family life that mirror all of the issues and threats that owners and users of modern computer systems face in the cyber world.

The Vector
Like its biological counterpart, the computer virus, or malicious program has to penetrate a computer system in order to effect a cyber-attack. In the biological world, families with children, especially small school age children, are all too familiar with the experience of a child catching and bringing the latest viral agent home from school, virtually guaranteeing that every member of the family will be similarly infected.

In the cyber world of “plug & play”, users often bring devices such as thumb drives, memory sticks, and personal media players to the office, and connect them to their work computer without considering that their personal device may be infected with hidden malware. The most well ­publicized attack on an automated control system is alleged to have occurred when an infected USB device containing the STUXNET virus was plugged into an Iranian desktop computer.

The Door Opener
Penetrating an otherwise secure home is difficult if all of the “doors” providing access are locked and guarded. The same applies to computer systems.

Unauthorized access of an otherwise secure system requires assistance from within. In the case of a family home, children have been known to open otherwise secure doors to the outside world and allow strangers into the home if the stranger appears “nice” (and mom or dad can’t get to the door before the child). This is especially true if the stranger at the door is a four footed, tail wagging fury carnivore from next door (particularly if the stranger appears forlorn as a result of being wet and muddy).

In the cyber world, the hacker disguises his “stranger” in a phishing email sent to an unsuspecting system user. In most cases, the phishing email carries either malware hidden in an attachment, or a link to a malicious site which will automatically download malware to the target system. For the attack to succeed the user must open the attachment or click on the link. Like the cute wet/muddy dog from next door, the phishing email is crafted to seduce the recipient to open the email, and click on the attachment or link in the email thus bypassing the system security.

Sharing the Key
Secure homes and computer systems only allow access to individuals possessing an authorized key. In the case of a home, children will occasionally tell their friends (or even a perfect stranger) where mommy and daddy hide a spare key for the house in the front garden. In the cyber world, users can be tricked into providing their corporate email identity and password to a hacker as a result of receiving a carefully crafted email that appears to originate from an internal source (such as the IT help desk).

Adolescent children sometimes lose or loan their set of house keys to a “friend” who needs to drop by your house during the day to pick up something that the “friend” previously left at your house. System users echo this behaviour by writing down system IDs and passwords on a piece of paper which they then stick on the front of the computer monitor or on wall beside their company PC. System users have also been known to allow an associate to use their ID and password.

Leaving Doors Unlocked
Every parent is familiar with the nighttime routine of having to walk around and check to make sure the front, back and patio doors of the house are closed and locked to compensate for the inability of the dependent occupants of the house to understand the concept and purpose of door locks. Occasionally system administrators and system vendors suffer from the same learning disability – especially when it comes to industrial control systems. These systems are often left connected to the internet with ­little or no protection that would prevent a hacker from accessing the system.

In some homes, an otherwise secure door is compromised by the home owner installing a “pet door” which allows four footed members of the family unfettered access in and out of the home. Unwittingly the home owner is also providing a means of access to unwanted guests (such as the neighbour’s dog, the local skunk or youthful burglar). Software vendors will sometimes install the cyber version of a “pet door” in their products. Known as “backdoors” these special portals are intended to allow the vendor access to the software after installation to facilitate easy system maintenance and upgrading. The hacker, (the cyber version of the local skunk) finds such backdoors of equal value and utility.

Show & Tell
Family secrets are sometimes intentionally shared outside the home by an exuberant child (who, for example, elects to take dad’s box of condoms to the grade one “show & tell”). Adolescent children may help themselves to the keys to mom’s car. In the cyber world, system users may utilize their access to files and data on the system for purposes that could be regarded as harmful or inappropriate to the system owner. A careless system user may send out an email containing sensitive information to a third party without encrypting the contents or attachment. A disgruntled or corrupt employee may actively seek and remove valuable or sensitive information from the system they have access to.

Design, Training, & Audit
A diligent parent will set up the family home with a foundation that supports family security. Good quality door locks, proper external lighting, an alarm system, vehicle key lock box, even a safe for valuables may be included in the physical design of the home. System owners should ensure their system setup and design incorporates robust system access controls, separation/securing of critical databases, real time firewall traffic monitoring, internet access controls, and other tools that will provide a secure foundation.

Effective home security requires indoctrinating and training all residents of the home in the purpose, principles and use of the security devices and set up. Regular reminders prove essential to ensuring that even the smallest family member fully ­participates in keeping the home safe and secure. System users should be regularly reminded of the tools, principles and purpose of system security. Face to face training (rather than the tired practice of sending out an instructional email) is essential for effective system security training of users.

Periodic reminders and re-training sessions on areas of security that are being ignored by users should occur as required, and without delay. In the physical world, a careless adolescent who fails to appreciate the importance of locking the front door when he arrives home after midnight will become a convert to the theory and practice if made to stand guard at the front door with dad for a night. Similar methods for dealing with users having issues with “link clicking” on phishing emails may prove beneficial.

Finally, just as a diligent parent checks all doors before going to bed at night, system owners need to audit the security of their system, and the security behaviour of their users regularly. Back doors left by software developers, careless clicking on phishing email, poor system access password management, and various other internal security demons can only be excised, without paying a high penalty, if caught BEFORE a system security breach occurs.

Leaving Home
Children eventually grow up and strike out on their own. System users are here to stay, as they are the reason for having a computer system. Unfair comparisons of system users and children aside, the pace of cyber threat evolution surpasses the ability of cultural adaptation for most of us. When I began my career in 1977, a “hacker” was a chain smoker. A laptop was a tray that you put your TV dinner on. Computers still filled entire rooms and were the haunt of exotic professional nerds. Today, computers have become ordinary objects that we rely upon hourly without realizing the full extent of their impact. The adversary, on the other hand, realizes the potential of our computer systems. His ability to adapt to new ­technology and use it for his own ends is in lock step with the evolution of this ­technology.

We all rely on myriad systems every day and, in order for them to remain secure from the adversary, we have to incorporate the culture of cyber security as part of the design, administration and use of these systems, at all levels.

Above all, security starts with the user. As the adversary has shown, the weakest link in system security is the user. The ­principle around which every system owner should build his system’s security is: “Cyber security is every user’s responsibility”.

Mike Chernichen is currently Manager of Corporate Security at Canadian Natural Resources Ltd in Calgary Alberta.
© FrontLine Security 2014



Interview: Paramedics
Emergency Paramedic Response from the Sharp End
© 2014 FrontLine Security (Vol 9, No 2)

FrontLine’s Executive Editor, Clive Addy, recently took the opportunity to speak with Dwayne Forsman, the Chief Administrative Officer of the Paramedic Association of Canada and Greg Forsyth, Superintendent Special operations of the Ottawa Paramedic Service some questions about the evolution of their profession over the last years and get their opinions on future general needs and responsibilities. Dwayne has been a Paramedic for 37 years, in both rural and urban environments. Greg has been a Paramedic for 12 years and was a Paramedic Tactical Unit member for 7 years before advancing to his current role. Greg continues to be involved with the training and development of Paramedic Tactical Unit members and regular operations Paramedics.

Clive: In Canada, it appears that the need, scope and use of paramedics have increased significantly over the last several years. What has been your experience in this case? Where have you operated? Can you give me a brief description of your most harrowing successes and frightening moments?

Dwayne: When I started, paramedic services were little more than first aid services that could get you to a hospital fast. Today Paramedics are essentially bringing the Emergency Room to your living room. Patients who encounter a medical and trauma emergency are being stabilized in the field across Canada by highly trained Paramedics with less emphasis on a fast ride to hospital.

Greg: The overall scope of Paramedicine has changed considerably over the last 10-15 years. Not only are Paramedics bringing an increased skill set to the patient’s bedside but they are also able to provide care within certain environments that traditionally they did not enter which ultimately delayed care and put lives at risk.

We have had to deal with environments such as the presence of an active shooter, CBRNE scenes, on the water for dive operations or in support of large scale demonstrations. As a Paramedic for 12 years in the city of Ottawa, I have worked in both a rural and urban settings, although on land only.

Due to how dynamic a scene can be for a Paramedic, there have been many examples of when things got interesting. Scenes can quickly escalate to the point where you find yourself in the middle of conflict. Paramedics routinely walk into many unknowns with limited information. The potential is always there for the scene to escalate, which is evidenced by the increase in violence being reported by frontline responders across the country.

I take the most pride in successful resuscitation of cardiac arrest patients. I remember those times when I felt that we were just too far away and their down time was just a little too long prior to our arrival. We always put everything into those scenes to give the patient that fighting chance. There have been a few examples of patients that I have brought into the hospital, unresponsive with a heartbeat and was fortunate enough to have them thank me a few days later.

Clive: There seem to be very definite differences in how Paramedics are qualified categorized and certified nationally. What is the position of the Paramedics Association of Canada on these 3 issues? Doctor certification, or by provincial or local authorities, based on national or provincial standards?

Dwayne: The regulation of Paramedics is a Provincial responsibility. Paramedics are regulated and licensed within each Province. Nationally, the Paramedic Association of Canada sets the educational standards for each level of Paramedic; Emergency Medical Responder (EMR), Primary Care Paramedic (PCP), Advanced Care Paramedic (ACP), Critical Care Paramedic (CCP). Currently, there is no National Registry for Paramedics. The Paramedic Association of Canada has made the creation of such a National Registry a high priority in the next year.

Clive: When and if you need air assistance, have you had use of ORNGE, the Canadian Forces Search and Rescue, or others?

Greg: We cover a large geographical area and have required air assistance. ORNGE has been called to facilitate that continuity of care and rapid transport to the local Trauma center. I have had ORNGE land on golf courses and on major highways when time and distance was not on our side. The CF has always remained an option as our scope continues to evolve. Our Paramedic Tactical Unit and Paramedic Support Unit members provide response in remote areas with difficult terrain. In such incidents, ORNGE would not be an option whereas CF would be able to provide that assistance.

Clive: Many Canadians do not appreciate how lucky they are to live in such a resource rich, wealthy and democratic country. The emergency public health services you provide are one of many elements to ensure their well being in case of disasters of all kinds. Recently, the federal government allocated a dedicated part of the 700 MHz spectrum for communication and coordination of emergency services of all types. Where is this resource most needed from the paramedic point of view, and have you been involved in defining this need?

Dwayne: The Paramedic Association of Canada supports the Federal Governments move to dedicate the 700 MHz spectrum for emergency services. The current band that is used by most emergency services including Paramedics is at capacity. By moving to a dedicated band, Paramedics can use new technology to improve patient care such as sending data to hospitals, creating video links with physicians, the possibilities would be endless.

Clive: Nationally, do you see the need for paramedical emergency services expanding? Being better supported in one or another area?

Dwayne: The need for Paramedics continues to grow across Canada as the Baby Boomer generation moves into retirement age. Traditionally, ambulances take patients to hospital regardless of their medical problem. Hospital Emergency Rooms are overwhelmed with patients. This causes Paramedics to wait with their patients for the hospitals to accept them. Instead of transporting all patients to an ER, Paramedics need the authority to make decisions of where the patient should go, based on their medical need. Instead of an ER, maybe they should be transported to an Urgent Care Centre or a Quick Care clinic. Maybe they could be advised that their medical problem can wait until they can see their own physician, or maybe their medical problem can be treated in the patient’s home by Paramedics requiring no transport.

For the most part, urban areas are well supported; it’s the rural and especially remote areas of our country that lack support. Typically, the urban centres have the highest level of trained Paramedics whereas the rural and remote areas have the lowest level and least trained Paramedics. It is these rural and remote areas that need the most support as they have the least amount of health services. Transport times in these areas could be an hour or more. One could argue that the rural and remote regions of Canada should have the highest level of Paramedics.

Clive: What are the top three needs and challenges for the Emergency paramedic response in the Ottawa area?

Greg: I think the challenge will continue to be ensuring Paramedic availability for the next request. Many measures have been instituted such as the offload nurse program and the community paramedicine trial. As call volume continues to increase and the calls become more complex with an aging population, the overall demands on the system increase as well. We must continue to endeavour to meet these demands through technology, evidenced based advancement in training and treatment options and staffing modifications to remain ahead of the curve.

Clive: What would you wish to leave our security readers as your “final thoughts” about your trade in Canada?

Dwayne: Canadians need to know that they have an excellent Paramedic service as compared to most developed nations. Although there are some areas that need to be upgraded, over-all , they should be comfortable in knowing that when they need a Paramedic, they will be receiving the best care.

Greg: As much as the system has evolved over the past 10-15 years, I am sure the landscape will look quite different over the next 20. The demands on the hospitals, the increase in call volume and the complexity of the calls and scene dynamics will continue to shape the Paramedic response in Canada. I think the profession will continue to grow to ensure Paramedics with specific skill set make it in time to a patient’s side no matter where they may be.

© FrontLine Security 2014



Engaging Employees to Take Ownership of IT Security
© 2014 FrontLine Security (Vol 9, No 3)

Human errors cause the vast majority of information security breaches. Numerous studies, such as a report by the Ponemon Institute, have compiled statistics that attribute more than half of breaches to human elements. And it takes human beings – “an army of foot soldiers,” to quote my colleague John McClurg – to defend an organization’s information assets.

There is no silver technology bullet. Next-generation firewalls, anti-virus software, and endpoint data encryption are all necessary to safeguard valuable and often sensitive information.

The key to building that army is security awareness and training. As headlines continue to highlight breaches and the need for a strong security program, now is the time for people to take greater responsibility for the security of the information they work with every day. A trained and educated workforce is an organization’s best defense against increasingly sophisticated and persistent cybercriminals.

Organizations with a security awareness program are 50 percent less likely to have staff-related security breaches than those without awareness training, according to a 2012 study by PricewaterhouseCoopers. And though it’s virtually impossible to eliminate risk altogether, few measures, if any, are dollar-for-dollar as effective in reducing risk as security awareness training.

See Something? Say Something.
Raising awareness and instilling a sense of shared responsibility for protecting vital information assets is critical to securing them against the two most common threats: malicious insiders and external cybercriminals.

Insider threats are hard to discover with technology alone. Research at Carnegie Mellon University’s Computer Emergency Response Teams has repeatedly confirmed that most insider threats are first detected by other users who note something suspicious and report it – the cyber equivalent of ‘see something, say something.’ Users need training and awareness to know what to look out for, and must take responsibility for reporting it.

Ever more rapidly evolving threats come from outside the organization, where the energy and effort that cybercriminals are expending to compromise sensitive data are rising exponentially. The social engineering used to prey on our gullibility and emotions grows more sophisticated and elaborate every day. I recently received an email from the nurse at my child’s school alerting me to an accident on the playground and offering a link to the incident report. The email appeared to come from the school, contained my child’s name, as well as the correct name of the school nurse, yet it was a classic phishing attempt that I avoided only because I was aware of school policy against sharing such information via email.

Insider threats are hard to discover with technology alone. Most are first detected by other users who report something suspicious – the cyber equivalent of ‘see something, say something.’

Taking a Moment of Pause
An effective security awareness program teaches users to take what I call, ‘a moment of pause.’ Before reacting to any email containing links, users should inspect the message for suspicious indicators. This instinct to stop and examine email messages (or phone calls from people you don’t know) is the best defense against social engineering. It needs to become muscle memory for every user – not just a few cyber heroes – because threat actors are good at finding the people who are the most gullible and going after them.

Key features of a successful security awareness and training program include:

  • Assessing the baseline level of security awareness within the organization to identify the gaps and develop a plan to address them.
  • Testing should be on-going to reinforce training and create a culture of security across the entire workforce. Testing first, then training, then testing again can demonstrate improvement that acts as a positive motivator. Phishing tournaments and other forms of testing can be powerful teaching tools as employees see first-hand what social engineering tricks have fooled them.
  • Response training gives first responders the skills and knowledge needed to effectively counter attacks. Understanding how to analyze spear phishing emails or phone calls to raise situational awareness, or how best to deal with a compromised system is critical. (Hint: rebooting the machine, a common first impulse, is destroying valuable evidence; instead, disconnect it from the network to cut an intruder’s access.)
  • Threat detection is vital since reducing risk to zero is impractical and some human error is inevitable. Detecting a compromise quickly is key to mitigating damage and maintaining business continuity. We’ve never encountered an enterprise with 100 percent awareness and zero percent risk. Ultimately, someone in your organization is going to get phished. With that in mind, choosing an advanced threat detection security service that can detect the compromise of your machines, and reduce the time it takes to respond, will minimize the impact of that compromise.

Jon Ramsey is the Chief Technology Officer at Dell SecureWorks, which offers a comprehensive suite of services that help organizations teach their employees secure behaviour and how to reduce risk. They help employees understand that each individual is responsible for protecting an organization’s information assets and help build a culture of security. Explore Dell’s approach to security at Dell.com/Security.
© FrontLine Security 2014



Airport Watch
© 2014 FrontLine Security (Vol 9, No 1)

Perimeter security at ­airports had been of growing concern to the policing community before a program called Airport Watch (AW) was created in 1999. In partnership with the RCMP and the Ottawa Police Service as a crime prevention tool for the Ottawa International Airport, it took about 36 months of dedication – by officers and dozens of volunteers – to develop effective protocols and to ­standardize regulations.

Today, the AW program works effectively due to the strong commitment of community volunteers working with airport authorities and police, not to mention increased inter-agency cooperation. By 2004, AW had expanded to Toronto, Calgary, Montreal-Trudeau and Mirabel, Edmonton and Kelowna airports. Over the years, the program has received formal recognition from the federal Minister of Transport, the International Civil Aviation Organization (ICAO) and the Canadian Owners and Pilots Association (COPA).

Based on the Ottawa model, the International Airport Watch Association (IAWA) was formed in 2010 in the Chicago suburb of Bensenville, Illinois. The group also held its first Airport Watch Summit that year, bringing together community-minded officers from the Chicago Police Department, Bensenville Police Department, the Minneapolis-St. Paul International Airport Police Department, and the Royal Canadian Mounted Police to help further the concept.

As the program inevitably spread into the USA, many, including the FBI and TSA saw the usefulness of such a security plan at the largest airports.  Minneapolis-St. Paul, two smaller Minnesota airports, and Chicago’s O’Hare all came onboard in 2008. Subsequently, a Phoenix unit started up in 2011 and, with the strong support of the MIA authority and Miami-Dade Police, Miami International Airport joined in 2014. Other U.S. majors and another Canadian airport are currently in discussions to begin their own programs. 

Miami Airport Watch group and Miami Airport Authority, with Miami Dade Police.

Establishing an Airport Watch unit certainly involves its own unique challenges – each airport is distinctive, both in physical layouts, regulations and management styles, even operating language. Naturally, the association works through this, and helps local groups custom tailor to their specific needs. As an example, U.S. Ramstein Air Force Base in Germany had the “Eagle Eyes” community awareness program already in place but also saw value in the Airport Watch program so, three years ago, the USAF assisted them in adding a local AW unit to the mix. They now have a core group of known air enthusiasts who provide “eyes and ears” at the fence line, working in support of the military police.

During a 2004 international aviation security conference held in Ottawa, informal talks on AW attracted significant interest. From that connection with Sussex police attendees, British airport policing units and the British Airports Authority (BAA) began considering the AW concept. Using largely the same general concepts as their North American counterparts, the UK began their own program at London-Gatwick under the Sussex Police as part of their already extensive list of crime prevention programs.  From there AW expanded to other London airports and then northwards to more than a dozen other airports.

Thousands of Airport Watch volunteers in the UK now provide the “eyes and ears” to the authorities in a trusted, professional, community relationship.

Toronto members of AW, with their ever-present cameras.

Easily identifiable in their jackets and hats, Airport Watch volunteers have all passed background checks and have been issued formal identification by the airports they frequent. Although this grants no privileges or access, they are better-known to the facility operators to whom they report suspicious activities or safety concerns.

In Australia, police carry out pro-active, community-based policing similar to North American and British police organizations. Since 2005, the Australian Federal Police (AFP), in cooperation with state police, have been exploring the best way to increase airport employees and improve community relations at their designated international airports.

Following the wide-ranging Wheeler Report of 2005, aviation security authorities in Australia began to implement 17 recommended major improvements to increase the effectiveness of information sharing and to improve their threat assessments. One of many positives that emerged from this was the eventual AFP funding for the creation of a national Airport Watch program at every international airport in Australia.  This facilitated closer working relationships with airport employees and provided instruction such as Behavioural Analysis and Active Shooter Awareness training while promoting the reporting of suspicious activity to the airport police.  Members of communities surrounding the airports, including aircraft enthusiasts, have made such calls as well.  In the AFP model, the police organization provides group administration for the AW group – a notable difference with other programs.

Although the use of volunteers help local costs remain low in North America, national funding for Airport Watch in the U.S. and Canada has remained elusive. However, each organization shares its lessons learned and the best of these ideas seem to be moving into a common, effective direction where best practices become more widely known. This results in improvements to the basic framework of airport community-based policing.

The IAWA, which supports all airport crime prevention programs, is informally comprised of several policing and airport representatives plus AW volunteers. The association is an advisory group that can also offer advice on forming new AW units by sharing SOPs, recruiting techniques and suggestions.

Awareness training of airport employees and local Airport Watch volunteers is very much encouraged as a positive way for police to directly and effectively engage the communities. The volunteer-based AW model utilized in North America is not reserved for larger airports. Kelowna, in British Columbia’s interior, is a case in point. It is a mid-sized airport with a very proactive management style that has increased perimeter security in a way that promotes positive community spinoffs. Numbering about 45 volunteers so far, they represent all areas of the local society and work closely with the community-based RCMP detachment. The group also assists during Search and Rescue exercises and other community events.  The growing facility has even provided the AW unit their own office, conveniently overlooking the main apron.

Other security concepts include the RCMP Coastal-Airport Watch, where rural community awareness is promoted to report suspicious activities at small airfields along border areas and isolated coastal regions to deter smuggling activities. The Aircraft Owners and Pilots Association also promotes security awareness in the general aviation sectors through its Airport Watch unit. The USAF’s “Eagle Eyes” airbase community reporting, mentioned earlier, is another proven program.  The IAWA promotes all of these, and can work with your airport – large or small – to help identify options that may work best locally.

Toronto AW annual airside tour hosted by GTAA during arrival of an inaugural Hainan Airlines flight.

The recruiting of aircraft enthusiasts has never been an obstacle for any airport, as they are regular visitors in any case. Many are also very good photographers, and can often use their own camera equipment to record events at the fence line as they occur.  It is important to note, however, that they do not take action into their own hands – their motto is, “Observe, Record and Report”. Being registered as an AW volunteer means acceptance at the perimeter and a responsibility to follow established guidelines and procedures. Some airports even engage the volunteers to do foot patrols inside the terminals and parkades once awareness training has been completed. Again, they report suspicious activities by cell phone or radio and do not take action themselves.

Outer perimeter patrols can sometimes be problematic, depending on a given airport’s layout, with much of it covered by bush and trails that can exceed a dozen or even hundreds of square kilometers. Having AW volunteers in the area helps as a deterrent. In many countries, airports utilize a software program to identify areas of threat to low flying aircraft and to better manage security patrols in the area, especially in times of heightened security and reduced resources.  Called SAM-PRAS, this program was created by Cunning Running Software based in the UK. Effectively mapping out the outer perimeter using the latest technology, it provides for more effective deployments and even includes variations based on weather and time of day. In use in three of the four Airport Watch program countries: the United States, United Kingdom, and Australia, the sophisticated SAM-PRAS software is strictly operated by the assigned authorities.

In times of need, AW volunteers can be asked to visit certain areas of the field to report any activity especially during arrivals of higher risk flights such as presidential or military aircraft. The combined effort brings an awareness to help identify users of standoff weapons, rifles, MANPADS and even laser pointers. At their airports, the U.S. Transportation Security Administration (TSA) also provides hands-on awareness training to AW volunteers, teaching them to recognize components of standoff weapons, including MANPADS, while informing them of their total operating envelope, which can be more than a dozen kilometers from the runway.

The IAWA Summit coming up in July, will also mark the 15th anniversary of the start of the program at the Ottawa International Airport. This will be the third such international conference, with Minneapolis-St. Paul International Airport Police having hosted last year’s successful program.

AW members hosted by USAF at Burlington, Vermont, view F-16 take-offs and landings by 158th Fighter Wing.

With sponsors such as SAS Analytics and the InterPort Police Association, the attending authorities and AW volunteers are sure to increase their security awareness through informative presentations on procedures, national security and evolving ­technologies.

Jacques Brunelle, a 29-year RCMP veteran, can be reached at: airportwatch@gmail.com
Police and volunteers will meet in Ottawa during the International Airport Watch Association Summit on 11-12 July 2014.
© FrontLine Security 2014



Public Health and a secure society
© 2014 FrontLine Security (Vol 9, No 2)

“A Healthy and Active society is a Secure society.”
This outcome depends on the availability and support for training, education and physical fitness and the availability of proper employment, remuneration and accommodation for all.

Predictable challenges of the coming decade
Let’s first explore the premise that: “A Healthy and Active Society is a Secure Society”. According to the World Health Organization, “health is a resource for living – it is the ability to realize aspirations, satisfy needs, and cope with a changing environment.” If you extrapolate this to the community level, then a healthy community is also one that has resources for living, and is able to realize its collective aspirations, satisfy its needs, and cope with a changing environment.”

Relating this to a secure society means that if the community’s security is threatened, from within or without, it has the resources to respond effectively. This occurred, for example, in Ottawa in the 1990s when an outbreak caused by the meningococcal bacteria caused the deaths of six high school students. The Ottawa Public Health Unit organized a successful immunization program for 80,000 students that involved the school boards, schools, health care providers, hospitals, community organizations and volunteers. The community collectively came together to deal with a severe threat to their internal security.

Protecting health and safety is an ongoing effort for all provincial and municipal governments. For instance, some challenges that the Leeds, Grenville and Lanark Public Health Unit has been dealing with in our region that affect the health and security of our communities are poverty, age structure, water and healthy living.

1. Poverty
About one in ten families live in poverty in this area. Poverty increases the risk of many health problems including injury, diabetes, and heart disease. Individuals living in poverty report they are under a lot of stress and this influences anxiety, depression, tobacco and substance use – and quality of life. Food security is also a big issue, as families don’t have enough money to buy sufficient healthy food. This means children come to school without a good breakfast, which in turn affects their ability to learn.

Poverty is an issue for any community, as a whole, for several reasons. For example, a community relies on its children and youth for on-going sustainability. If children aren’t able to learn and complete school, the chances of being able to work and contribute to the community are reduced. Also, the increase in health problems among people living in poverty means that tax-base resources go to the provincially-funded health care system that would otherwise be used for community needs such as grants for infrastructure development, roads, education, and social services.

Much can be done at the community level to reduce the impact of poverty on its residents. I think rural-based communities can do this particularly well because they are so familiar with their own community, and connections are strong. For example, in Perth, the Community Food Table has expanded the traditional notion of food security (giving people food) to an interactive program where participants and volunteers are fully engaged in the community garden, meals, cooking classes, Dads& Kids sessions, after school programs, and many other programs. The Community Health Centres in Portland, Lanark Village, and Smiths Falls/Merrickville provide a range of programs that help people be healthy and stay connected to their communities. In Leeds-Grenville, committed organizations led by the United Way, and the Leeds-Grenville Social Services and Public Health Unit, are working together to mitigate the effects of poverty among residents in the community.

2. Changing Demographics of Communities
Most of the communities in Lanark, Leeds and Grenville have an aging population. Young people often have to leave the community for further education and jobs. The exception are areas close to Ottawa, like Mississippi Mills and North Grenville. As people retire, the tax base decreases. This comes at a time when all municipalities are faced with an ageing infrastructure and the need to invest in repairs and new construction. Schools also face a decreased enrolment which influences their viability. The Upper Canada School Board has responded by placing the grade 7 and 8 program in the high schools, and that requires a major adjustment within the school social structure.

3. Water for Drinking and Recreational Use
Many of the smaller towns in this area do not have a municipal water system. This means residents have their own wells and septic systems, which are close together and are aging. The presence of fractured rock without a lot of ground cover means that the water aquifer can be easily contaminated by agricultural run-off, old septic systems that are not functioning well, and other surface contaminants.

Towns that have a municipal water system and sewage disposal system are challenged with aging infrastructure and a system that is not always able to meet current needs.

Although our region has an abundance of lakes and rivers. Some of them, such as the Upper Rideau Lake, are having difficulty with algae blooms that occur in warmer water due changes in the climate and nutrient composition of the lake. This affects the quality of life of residents and can also lead to health problems.

4. Healthy Living
Being physically active on a regular basis, healthy eating, mental health and resiliency, and avoiding tobacco, substance misuse and injury all promote good health. While many people are living a healthy life, many more could make choice adjustments that would increase their quality of life, decrease the risk of health problems like cancer, lung disease, heart disease, diabetes, or even help manage chronic conditions they currently have.

The Healthy Community Partnership – with membership from the Public Health Unit, municipalities, community health organizations, the YMCA, the Food Matters Coalitions, and the Heart and Stroke Foundation – has created a vision for the Lanark, Leeds and Grenville community: “Healthy people in Lanark, Leeds & Grenville live, learn, work and play in healthy communities.” (healthyllg.org/_resources/HCP_Vision.pdf)

While each individual makes his/her own choice about health-related behaviours, the environment he/she lives in has a profound impact on that choice. Therefore, the partnership, along with several community organizations, has identified that it is essential that:

  • all community members have the opportunity to make the choices that enable them to live a healthy life, regardless of income, education, or ability; and that
  • healthy community environments promote well being and quality of life, and contribute to integrated community sustainability (cultural vitality, economic health, environmental responsibility and social equity).

A video has been developed by the partnership that describes what a healthy community looks like, and is available on the Healthy Community Partnership website (www.healthyllg.org). It has been endorsed by several community organizations and members of the public, and has been presented to both upper tier governments in Lanark and Leeds-Grenville. It is now being presented to each municipality for their endorsement.

This is the first step in raising awareness about the importance of a healthy community, and encourages everyone to consider what they can do to make it happen. Much is already being done by municipalities, schools, child care setting, health care organizations, the business community and the public. It is an exciting time for our community!

Inoculation Controversy
A few years ago, the H1N1 virus inoculation program posed certain challenges. Some critics felt that the imposition of a totally new program reduced the role of the family physician, complicated and confused some patients, and did not optimize the available resources.

In fact, the 2009/2010 influenza season was very different than previous ones. A new form of the virus affected young people rather than the usual older age group and also affected many more people. The influenza virus changes a little every year but this was a significant change and many people had no immunity against it.

The novelty of the virus meant a new vaccine had to be developed, manufactured and distributed within a very short timeframe. The existing facilities had to manufacture two vaccines – one with the new strain, and one with the strains based on last year’s circulating virus – within the time frame they normally did one.

This was a perfect storm for a very challenging influenza immunization program – fear and heavy demand in response to a number of deaths in young people, delay in producing the vaccine, and the challenge in ensuring the vaccine got to those most vulnerable first.

Given the shortage of the vaccine, the Ministry of Health and Long-term Care took the lead to ensure there would be equitable access to the vaccine across the province and that it would be given to the most vulnerable first – people with chronic health problems, children, and teens.

The Ministry decided to use the 38 local public health units to deliver the vaccine in community clinics because those units had the staff to be able to do this efficiently, and had the community connections to be able to set up clinics quickly in all parts of the province – rural and urban. They also could be counted on to follow guidelines to give the vaccine to those most at risk. This strategy generated considerable reaction from both the community and health care providers because primary care providers were not directly involved initially.

The annual influenza immunization program is now provided by physicians and nurse practitioners and, as of 2012, by pharmacists, as well as at public health clinics in communities. Public health provides vaccine to these service providers based on their orders. This system works very well. In 2013, most of the influenza vaccine in the community was provided by primary care providers and pharmacies. Public health clinics provided easy access to the vaccine for those who had difficulty contacting their primary care provider or in communities without pharmacies.

I would certainly prefer to use the existing system described above if there is another large influenza outbreak. In reality it will depend on the outbreak itself and what is most feasible given the context. The Ministry of Health and Long-term Care is entrusted with that decision.

Many Canadians do not appreciate how lucky they are to live in such a resource-rich, wealthy and democratic country. Our public health services are one of many ­elements to ensure their well being in case of disasters of all kinds.

The Ebola outbreak in West Africa is suffering from the lack of an organized ­public health system that would include public health services, primary care, hospital and government support, among others. The virus is not easily spread yet it is spreading rapidly through the involved countries due to this management deficit.

A well-organized public health component of a health system would be able to do the following:

  • Conduct surveillance – identify who is sick, when, where, and what the exposure was. This allows public health workers to understand how it is moving within the community and develop containment strategies.
  • Education – provide education to the community as a whole on how to ensure they don’t become ill and when to seek medical attention. If the community is used to public health units providing this type of information, as in Canada, then the communication channels will already exist and people will have basic knowledge from other contexts that can be added to during any future crisis situation.
  • Follow-up – provide counselling to family members on how to decrease the risk of becoming ill and when to seek medical attention. Public health would also identify people at increased risk post-exposure, and ensure they are monitored and know what to look for in terms of early symptoms. This information and understanding will reduce  the spread of the virus by people who leave the area when they are unknowingly incubating the disease – as is happening now with Ebola.
  • Health care team – Provide information to the health care team on infection control procedures in the clinic and the hospital. Provide additional support as needed.

In Ontario, the well-organized public health and health care system has already provided information on Ebola to all service providers, hospitals and public health units. Specific precautions have been identified for infection control in all settings. Hospitals have identified which ones will receive individuals who might have Ebola. Our local public health units have sent information to schools about what to do if a student who has visited the affected countries presents him or herself at school with a fever. Plans are underway in our health unit to respond to a possible case within the community with follow-up as needed. Surveillance will use the existing, well-developed methods.

When it comes to addressing significant health problems that can threatened the health of the population, we are truly fortunate to live in a resource-rich, wealthy and democratic country. Our very wealth though, also contributes to health problems associated with excess – eating too much abundant unhealthy food, or excessively using vehicles at the expense of active transportation with regular physical activity, or relying on the health care system to fix us when we could have prevented health problems.

Appreciating the benefits of our society and ensuring that all benefit from them equally, actively engaging in promoting and protecting our health and working together to create healthy environments will truly make a “healthy, active and secure society”.

Paula J Stewart MD, FRCPC is the Medical Officer of the Health Unit in Leeds, Grenville and Lanark District in Ontario.
© FrontLine Security 2014



A Tale of Two Insiders
Current and Former Employees
© 2014 FrontLine Security (Vol 9, No 3)

Larry and his company were the victims of aggressive competitive intelligence collection utilizing social engineering (including social hacking and escalated recruitment). He needed to identify the leaks and any third parties involved, and prevent further loss of proprietary intelligence.

The Investigation
After a deep investigation and an aggressive “social hacking” penetration test, it was revealed that two employees had been responsible for leaking competitive intelligence to Larry’s most aggressive competitor. One employee had left the firm a year ago, the other still worked for the company. Here is what the investigation revealed.

The Former Employee:
Employee #1, who we will refer to as “Mike,” had left the company roughly a year before. He had been offered a more lucrative offer from a start up in New York and could not resist the opportunity. As it turned out, the startup company soon began having financial and product problems. Mike’s salary was cut twice, and now that he lived in Manhattan, he realized his expenses were swallowing his income, and his bills were mounting. He updated his professional social media profile and advertised “Small Business Consulting” as an attempt to bring in more income. One day, he received a phone call from an “investment firm” seeking his expertise in the industry he had just left. He would be paid an hourly rate in the high three-figures and all consultations were over the phone. “Why not,” Mike thought, and began having weekly paid phone calls with the “investment firm” immediately. He never questioned it… they never asked specifically about Larry’s company and certainly never asked for detailed company data. They simply wanted to know about the industry and (generally) how companies in that industry dealt with the challenges of pricing, development, and go-to-market issues. Mike received his first cheque and was hooked. After the first few weeks, he was providing flow charts and outlines for strategies. Mike felt fine with this, he told our interviewers, and insisted he had never revealed anything specific about Larry’s company. He truly had no idea just how much damage he had caused.

The Current Employee:
Employee 2, who we will refer to as “Linda,” had been with Larry’s company for many years and was considered a “Superstar” by management and colleagues alike. She had no plans to leave, and she wanted to eventually be offered an equity partnership.

Larry had personally served as her mentor and had adjusted her position to put her on the partner track. However, it was revealed that the more of a “Superstar” Linda became, the more she reflected this in social circles, in her professional social media profile, and on her resumé, which she updated every time she finished a ­project. Linda had been giving the competitors information for months without even realizing it.

The two employees, one current and one former, had been aggressively and successfully targeted by a third party firm that had been hired by Larry’s competitors to collect primary data about Larry’s company and certain product lines.

First, they had targeted Mike for recruitment to serve as an unwitting source to reveal internal processes and methodologies. Then they targeted Linda to confirm Mike’s information and to collect timely updates on projects, programs, key personnel, and internal company organization management. These two primary sources, along with deep secondary probes had allowed the firm to essentially have an almost transparent look at what Larry’s company was working on all the time. Mike, in thinking he was talking about generic methodologies and project management processes, had actually laid out the product development framework for the intelligence collectors. Once they knew the process and the methodology, figuring out which product Mike was talking about was really just an exercise in matching open source product information to Mike’s more detailed (and seemingly generic) process information. Linda was instrumental in filling in the names of key employees, timelines, and upcoming events by essentially posting enough on her online resume and social media profile for the collectors to “triangulate” with Mike’s data. For example, Larry had discussed that he had worked recently on a product that “took 6 months to conceptualize, required a sales consultant and a software engineer, and was still being beta tested.” At almost the same time, Linda updated on her resume that she had just received an internal award for a “yet to be released product.” Her public profile revealed that she would be attending an upcoming convention in San Francisco with her “mentor.” Except for specific product details and labels, the third party collection team had essentially collected enough information to allow Larry’s competitors to “scoop” him at the conference by unveiling a video presentation of an upcoming product that actually improved on Larry’s yet to be released product! Additionally, our investigation revealed that at least seven other employees were currently “consulting” with this same group.

Corporate Espionage is almost impossible to detect in cases like this, but not impossible to prevent. There are currently hundreds of companies across the U.S. and internationally that specialize in this type of collection – and falls into the “grey area” in terms of legality. They are not hacking networks, nor are they paying current employees for information. They are simply using social engineering and deception for collection purposes. Ironically, this is the oldest method of intelligence collection in the world, and remains the most effective.

The Players. Most of the successful actioners of this practice share two important traits: creativity and innovative thinking. They have incredible research skills, excellent sales skills both in person and on the phone, and an ability to look at a company at every level as if it were a puzzle to be “figured out.”

How do you stop them? Here are a few recommended steps to lessen the likelihood of losing important intelligence to outside collectors.

Quarterly social hacking penetration testing. This is the best way to detect leaks prior to them causing too much damage. Firms who offer this service will essentially mimic the behaviours of competitive intelligence firms of this nature in order to provide early detection of intelligence leaks. Any employee discovered to be inadvertently revealing company data can be evaluated and counselled accordingly.

Pre-Publication review of all resumés and social media. Ensure your employees have their professional profiles and resumes reviewed by either a third party counter-intelligence provider or counter-intelligence trained HR personnel prior to public release. This will help you manage what your current employees and even formers are revealing online about your company.

Monitor. All computer, phone, and printer use should be monitored and recorded. Additionally, this data should be reviewed regularly by your counter-intelligence provider for detection of questionable activity.

Training. Having great company morale and excellent corporate communications is just the first step. Have your company receive quarterly counter-intelligence training in a fun and entertaining way that can double as Team building.

Invest where it counts
Larry did everything right, but not everything he could have. Your employees and former employees are the two best sources of intelligence. It is important to invest the resources to protect them as much as it is important to protect your cyber-based data. The Two Insiders of this story, though unwitting, could have destroyed Larry’s business and would have never even known they were responsible.

Remember, your best assets could be your competitors’ best sources.

Brian O’Shea is the CEO of Striker-Pierce, which provides a full range of investigative and intelligence services to both public and private sector clients.
© FrontLine Security 2014



Procurement: Coast Guard Helicopters
© 2014 FrontLine Security (Vol 9, No 1)

Questions are being asked – yet again – about the federal government’s procurement processes after it was confirmed that Bell Helicopter Textron Canada (BHTC) of Mirabel, Quebec, has effectively been sole-sourced to supply one fleet of Canadian Coast Guard (CCG) light-lift helicopters, despite an ongoing lawsuit, and is likely to be awarded the ­contract to renew a second medium-lift CCG helicopter fleet.

The first contract, worth up to $172 million, for 15 light-lift twin-engine Bell 429s, was announced jointly on 13 May 2014 by Fisheries and Oceans Minister Gail Shea, whose portfolio includes the CCG, and Infrastructure Minister Denis Lebel, the government’s chief political minister in Quebec.

The 429s will replace the Coast Guard’s 14 remaining MBB BO-105-CBS helicopters, which were manufactured in Germany and assembled and delivered by Eurocopter Canada between 1983 and 1987.

First delivery of the new Bell 429s is expected to begin in June 2015, with the rest to follow at roughly one-month intervals to replace existing helicopters that had been delivered to Canada between 1983 and 1987.

The contracting process has been plagued by controversy. In 2012, at the beginning of the process, other contenders were the AgustaWestland AW109 and Eurocopter’s EC135 or 145. However, the Statement of Requirements specified fixed landing skids (which only the Bell product has) even though hydraulically-damped wheels are better suited to landing on a pitching and yawing ship. That “requirement”, prompted one industry source to describe the procurement process as a “sham” rather than a true competition.

AgustaWestland, a division of the Finmeccanica conglomerate, also challenged a Transport Canada decision in late 2011 – while Lebel was Transport Minister – to give Bell a 500-pound weight exemption for the 429. This effectively skewed the procurement toward Bell because without the weight exemption, the Bell platform would have been non-compliant. Both the U.S. Federal Aviation Administration and the European Aviation Safety Agency determined the application for weight exemption would provide an unfair exemption to a ­single platform, and refused to grant the exemption for their jurisdictions.

Rebadged as Airbus Helicopters last August, Eurocopter has filed a lawsuit in the Federal Court of Canada against the government’s decision. The company’s lawyer, Marc-André Fabien, a senior partner in Fasken Martineau’s Montreal office, said the government’s approach to the procurement had “clearly” been focused on Bell from the outset (meaning the requirements obviously favoured one product). He also suggested that the same is true of the medium-lift procurement now underway.

Fabien, whose specialties include litigation against all levels of government, expressed surprise that a contract would be awarded before a legal ruling is made on the merits of the law suit – arguments aren’t due to be heard until later this year.

Airbus Helicopters said in a statement from its headquarters in Fort Erie, Ontario, that it “deeply regrets that the federal government moved forward and awarded the [...] contract” while the legal suit is unresolved. “Airbus Helicopters Canada maintains that the government’s Request for Proposals […] was biased to favour one manufacturer and consequently resulted in a sole source tender. Furthermore, Transport Canada’s awarding of a special weight exemption to Bell Helicopter in 2011 created an unfair competitive advantage and contributed to this RFP attracting only one bid.”

Citing its “strong presence in para-public and defence markets around the world” and its status as “the civil market leader” in Canada, Airbus Helicopters pointed out that it has invested “heavily” in Canada for three decades and had expected “to compete in fair, open and transparent public tender processes.”

Neither Shea nor Lebel mentioned the court case in their joint announcement awarding the contract to Bell. Shea said the fleet renewal would “improve the Coast Guard’s air support capability from coast to coast and in Canada’s North” while LeBel focused on the contract’s economic benefits for his home province.

Next up, are eight new medium-lift ­helicopters to replace three late 1960s Bell 206Ls and five late 1970s Bell 212s, all ­manufactured in the United States. At the outset, the potential replacements included the Bell 412, AgustaWestland AW139, Airbus Helicopters EC175 and Sikorsky S76D. However, due to an 11,000-lb weight limit set by the Coast Guard, AgustaWestland, Airbus and Sikorsky are all disqualified. The two European-controlled companies advised PWGSC of their decision not to bid some months ago but neither they nor the government confirmed it at the time, and PWGSC has since declined comment.

When Sikorsky later confirmed its withdrawal, it disclosed that it had evaluated the H-60 it supplies to the United States Coast Guard as well as the S-76D, and although the S-76D “appeared to be the best fit”, it chose “after careful consideration” not to offer either aircraft.
Some 65% of CCG helicopter operations support construction and maintenance of navigation aids and telecommunications equipment, 15% support ice reconnaissance, and the rest involve personnel and cargo transfers, and support for scientific research and ­fisheries enforcement.

Ken Pole is a contributing editor at FrontLine Magazines
© FrontLine Security 2014



US National Guard
Protecting at home and abroad
© 2014 FrontLine Security (Vol 9, No 2)

The United States National Guard serves as a state-federal reserve component of the U.S. Armed Forces. Its 450,000 soldiers and airmen serve as “citizen soldiers” – deploying both overseas and domestically, while maintaining full-time civilian professions. With experience in a wide range of operational environments, from Afghanistan and Iraq to post-Hurricane Katrina disaster response, the National Guard has proven instrumental in achieving objectives set both by state and federal authorities.

Joint tactical air controllers from the 169th Air Support Operations Sqn (Peoria), participate in Operation ­Northern Strike 2014, a joint multi-national combined arms training exercise conducted in ­Michigan. 

State Partnership Program
One of the signature initiatives in the National Guard is the State Partnership Program (SPP), which originated in the years after the dissolution of the Soviet Union in 1991. Many of the USSR’s former republics in Eastern Europe underwent dramatic security re-orientations, seeking to strengthen ties with NATO and the West. The U.S. military was asked to advise and assist these countries in transforming their respective armed forces for the new geopolitical environment, while ­preventing instability and encouraging democratic development.

The National Guard began the first such tasking in 1992, and the first state partnerships in 1993: Maryland and Estonia; Michigan and Latvia; and Pennsylvania and Lithuania. By the end of that year, the program had been expanded to most Eastern European countries. Today, the SPP has branched out to include 68 partnerships worldwide, and now includes Latin America, Africa, Central Asia, and South-East Asia.

With a more clearly-defined mission to provide training and support for domestic operations, such as disaster management and natural resource protection, the National Guard was selected on the basis of two main arguments: 1) the Department of Defense (DoD) insisted that National Guard personnel play a larger role in fostering a reserve-centric defence establishment; and 2) National Guard personnel were perceived to be less threatening to the Russian leadership, who was wary of U.S. expansion into Eastern Europe following the Cold War.

The mandate of the National Guard as “citizen soldiers,” enables the transfer of a broader spectrum of skills, beyond the scope of traditional military contexts, such as business, medicine, law, agriculture, and philanthropy, among others. This unique capability is enhanced further, in that National Guard personnel often stay in the same unit for their entire military careers, which serves to develop lasting personal and professional ties.

U.S. Army National Guard Soliders participate in Base Defense Operations and Entry Control Point training on Jan. 4 in preparation for a scheduled deployment to Iraq.

Foreign participants are selected to become part of the SPP initiative through requests submitted to U.S. embassies by that specific country. The embassy then submits the request to the relevant Geographic Combatant Command (GCC). If this request aligns with the GCC commander’s security cooperation goals, it is sent to the Chief of the National Guard Bureau and the Office of the Secretary of Defense. Once a country becomes a member of the SPP, it is assigned a state partner that will work alongside it, in coordination with the GCC and local embassy in question, in order to develop a program of activities.

In most SPP partner countries, a National Guard Bilateral Affairs Officer (BAO) is assigned to the local embassy to manage program execution and coordinate with both U.S. and partner country representatives on a daily basis.

The program is implemented on a case-by-case basis, with the intent of aligning with the goals of both the ambassadorial and GCC in that partner country. While the concurrence of the Secretary of State is needed prior to establishing an SPP partnership, it is a DoD policy that the relevant Chief of Mission (ambassador) must approve specific SPP activities before execution.

While the SPP is aimed to establish long-term relationships to help foster global security, program activities are not deployments, but are rather Temporary Duty assignments, typically consisting of 3-5 National Guard personnel for 5-7 days. These soldiers and airmen help mentor, advise, and share best practices with their partners within the program.

Its two interwoven lines of effort – to foster the professional development of National Guard soldiers and airmen, as well as support GCC strategic security cooperation goals – generate benefits on multiple levels. The program can include a wide range of possible security cooperation activities, such as:

  • Emergency management;
  • Disaster response;
  • Public health;
  • Critical infrastructure protection;
  • Cyber defence;
  • Natural resource protection;
  • Leadership development; and
  • Peacekeeping operations.

While by no means exhaustive, the above list serves to capture the wide breadth of activities within the SPP mandate, so long as such activities align with National Guard capabilities and the priorities of the GCC and U.S. Chief of Mission within that partner country. The enduring and long-term relationships established through the program, and the interagency and international cooperation on which it depends, enable universal benefits for both the U.S. and its partner countries. Through these activities, the program contributes directly to an improved security environment for the GCC in question, but also helps foster increased cooperation, interoperability, and mutual understanding between participants, as well as within the National Guard.

Aug 2013 – Soldiers from the 1st Maneuver Enhancement Brigade, perform life saving procedures on training mannequins during Exercise Vibrant Response, a major incident exercise conducted by U.S. Northern Command.

Considering the amount of financial and material input into the program, the SPP has proven very effective at all levels. Supported by members of Congress, Combatant Commanders, and other DoD senior personnel, the civil-military mandate of the National Guard, and the unique capabilities that stem from it, have enabled the program to be a powerful resource for building long-term relationships and contributing to international security cooperation.

In fiscal year 2013, a total of 739 SPP activities were conducted across 65 SPP partnerships. Expenditures of the program in fiscal year 2011 were only $13.2 million USD, from which $7.1 million came from respective GCCs and $6.1 million from the National Guard Bureau. In terms of GCC, the largest expenditure for the program is that of U.S. European Command (USEUCOM) at $4.46 million. The short-length of SPP assignments and the few personnel required to oversee and implement its activities enable a relatively low cost for the program, while achieving strategic objectives and reaching four continents.

Activities of the SPP are monitored on an ongoing basis, culminating in a DoD-wide annual report to Congress. Recommendations are made by National Guard personnel, U.S. embassy and GCC staff, as well as the respective partner country. Individual partnership programs are managed primarily by an SPP coordinator – a full time National Guardsman at the state level – as well as a BAO.

Areas of interest for improving the SPP include the broadening and deepening of relationships forged as a result of the program, while also improving the ability to monitor and assess its achievements.

A 2012 report by the U.S. Government Accountability Office (GAO) found that while the SPP is responsible for multidimensional improvements in security cooperation and interoperability, the lack of comprehensive oversight and accountability framework limits the ability for DoD and Congress to accurately assess which activities within the program are an effective use of resources. In order to improve the management of the program, the GAO issued four executive recommendations:

  • Improve the management of the SPP in using goals, objectives, and metrics;
  • Enable oversight and improve the completeness and consistency of data needed to manage the SPP;
  • Address concerns for funding to be used to include civilian participation in the SPP;
  • Improve SPP implementation and develop additional training for program coordinators and bilateral affairs officers on the appropriate use of funds for supporting the SPP, specifically in regard to including civilians in program events.

The SPP highlights many of the benefits to the civil-military dynamic of the U.S. National Guard and the capabilities of its personnel. Its short-term, low-cost taskings enable high levels of international cooperation, transfer of best practices, and the professional development of its members, as well as the militaries of the partner countries with which they train, advise, and support. While originally implemented in response to the shifting security environment of early 1990s Eastern Europe, the program has diversified to include a wide variety of countries across four continents. Through working alongside GCC commanders and local U.S. embassy staff, the State Partnership Program continues to be an effective investment in contributing to greater international security cooperation.

Operation Jump Start and Operation Strong Safety
From 2006 to 2008, Operation Jump Start saw the deployment of more than 29,000 NG troops from all 54 U.S. states and territories over the course of its execution. Its purpose was to increase security and vigilance along the U.S.-Mexico border through interagency cooperation with the U.S. Customs and Border Protection (CBP).

With an original deployment of 6,000 National Guard personnel to California, Arizona, New Mexico, and Texas, the operation consisted of assisting Border Patrol by executing logistical and administrative support, operating detection systems, providing mobile communications, augmenting border-related “observe and report” intelligence efforts, and supporting border security infrastructure, thereby allowing the return of Border Patrol agents to explicitly law-enforcement efforts.

Operation Jump Start resulted in 176,000 assisted alien apprehensions, 1,160 assisted vehicle seizures, the seizure of 321,000 lbs of marijuana and cocaine worth nearly USD $900,000,000, and 101 illegal alien rescue assists. Air National Guard personnel logged more than 28,000 hours of flight time for aviation assistance missions. The operation’s total cost was USD $1.2 billion, throughout 2006 to 2008.

While Operation Jump Start officially ended on 15 July 2008, it was by no means the start of this interagency partnership, nor the end. The National Guard has provided engineering and counter-drug mission support to CBP for more than 20 years. Its mandate as a civil-military organization enables the same skills transfer and sharing of best practices, as captured in its State Partnership Program initiative.

In the wake of the developing crisis at the U.S.-Mexico border throughout late spring and early summer 2014, Texas Governor Rick Perry announced on 21 July that he would deploy up to 1,000 Texas National Guard troops to boost security efforts fighting illegal immigration, saying that criminal activity has taken advantage of the recent influx of unaccompanied child migrants from Central America.

Whereas Operation Jump Start was the product of extensive collaboration between then-President Bush, the Department of Homeland Security (DHS), and the governors of the four U.S. border states, Governor Perry’s unilateral Operation Strong Safety has resulted in concern in both Washington and Mexico, with commentators and White House officials dismissing the US$1.3 million-a-week operation as a political stunt, rather than a multidimensional strategy targetting explicit security concerns.

Members of the New Jersey Air National Guard's transfer a simulated injured hiker onto a medical litter to be evacuated via hoist during the National Guard PATRIOT 2014 exercise at Volk Field.

In what is both a humanitarian and political crisis, a day after Governor Perry’s announcement, President Obama dispatched a team comprised of DoD and DHS officials to assess the need for National Guard personnel to assist the CBP. Critics of the current Texas deployment, while citing the success of the comprehensive Operation Jump Start, have voiced their opposition to the potential damages of uncoordinated strategies between agencies at an already contentious site.

Governor Perry’s office has said that the National Guard troops, rather than being deployed to address the child-migrant crisis, will be lending support to CBP in an effort to combat criminal activity along the border. As was the case in the 2006 federally initiated Jump Start, military personnel are precluded from enforcing immigration policy and can only make arrests in rare cases. Therefore, National Guard taskings are limited to logistical and administrative support roles.

In the case of child-migrants entering the U.S. border, it remains to be seen whether the deployment of National Guard troops will prove an effective countermeasure, as well as deterrent, in securing the border. Many of these children are not infiltrating the border at isolated sites, but are turning themselves in to CBP personnel, in an effort to be admitted into the U.S. This lack of fear in being caught by law enforcement personnel – or the expectation of being put into custody – has created new complexities that were not present in 2006, and may serve to cast doubt on a renewed National Guard deployment as the appropriate response.

While President Obama’s policy calls for comprehensive immigration policy reform, over a short-term military deployment, this latest National Guard operation serves to highlight an increasing possibility of militarizing border sites, especially those afflicted by criminal activity or humanitarian crises that can potentially overwhelm civilian law enforcement agencies. This issue will continue to be one increasingly addressed throughout the U.S., Canada, and their allies. 

Casey Brunelle is a student at the University of Ottawa and a member of the Canadian Army Primary Reserves.
© FrontLine Security 2014



Is your Web Site a prime target for Cyber-Criminals?
© 2014 FrontLine Security (Vol 9, No 3)

Blogging became popular around 1999 with the arrival of platforms that facilitated publication of content to the web by non-technical users. WordPress was such a platform and quickly became the most popular of its kind with more than 74 million web sites using it today. Although initially created to make blogging easier and convenient, it is used today by organizations of all sizes to manage content for their web sites. Cyber-criminals took notice and saw an opportunity to expand their operations by developing methods and tools to effortlessly hack WordPress sites for huge profits.

In October 2014, an analysis from the security firm Proofpoint revealed that half a million systems became infected by Qbot by visiting hacked WordPress web sites. Qbot is a malware that monitors user internet sessions and records online banking traffic to steal credentials.

Captured banking credentials are extremely profitable for cyber-criminals since they can be used to transfer funds overseas and, to date, more than 800,000 online banking transactions with all major United States financial institutions were recorded by the malware and sent back to a Russian cyber-crime group. In 2010, a group of 37 individuals were indicted for a similar international cyber-crime operation which was responsible for illegally transferring $3 million in stolen funds.

With the goal of generating the greatest profits by minimizing costs, today’s cyber-crime operations are managed like well-oiled businesses. Which such a high adoption rate for WordPress, investing in hacking tools research and development for this platform was a no-brainer.

Although the last version of the platform is secure, it can still be vulnerable to cyber-attacks due to its system of multiple open-source plugins created by individual developers around the world. Plugins are modules developed by third party software firms or individuals, which can be deployed in a WordPress web site to easily add functionalities such as web contact forms, email newsletters and image galleries. Unfortunately, those modules are often developed with little or no consideration for secure software coding practices, often because of short time-to-market practices that are driven by an extremely competitive environment. Over time, cyber-criminals find and exploit vulnerabilities in the most commonly used plugins in order to quickly hack a large number of WordPress web sites.

Between May and July 2014, the security firm Sucuri found critical security vulnerabilities in four commonly used plugins. These particular plugins had already been downloaded more than 20 million times by WordPress web site operators.

A window of opportunity exists for cyber-criminals to exploit vulnerabilities before security patches are made available (if at all) by plugin developers. The less ­popular plugins are often abandoned, leaving web sites using them unknowingly exposed and without easy solutions.

Plugin vulnerabilities combined with a lack of awareness and implementation of basic security practices for site management leave organizations exposed to unknowingly becoming a conduit for cybercrime operations. Moreover, compromised web sites can be used as a stepping stone for cybercriminals to penetrate other systems within the organization’s network and cause ever more serious damage.

Although groups targeting WordPress web sites today are mostly interested in infecting visitors with malware, organizations storing information that can be monetized, such as credit card data or highly sought after intellectual properties, should not exclude the risk of a data breach.

How can organizations protect themselves against cyber-attacks targeting their web sites? A good first step would be to identify the development software. Next, a security audit specialized in identifying its particular vulnerabilities should be executed to pinpoint and prioritize areas of improvement according to their level of risk. Common areas of improvement for organizations include deploying security patches in a timely fashion, improving software configurations to protect against common cyber-attacks, and putting in place continuous monitoring to quickly detect and respond to cyber-intrusions.

A security audit should be able to quickly identify if a web site is already ­compromised and distributing malware to its visitors. It should also be executed at regular intervals to measure improvements and ensure that the security practices in place continue to be effective against the latest cyber-attacks.

Martin Verreault CISA-CRISC-CCSK-ITIL, is an Information Security Advisor at EGYDE – Information Security.
© FrontLine Security 2014



The "Mystery Number" Scam
© 2014 FrontLine Security (Vol 9, No 3)

The people who read our site are a pretty savvy lot. You know not to accept checks from distant princes. You can spot a phisher from a mile away. But here’s one that might be new for you: scammers are now trying to exploit your “missed call” screen.

They only let the call ring once before it automatically hangs up.

The scam, simplified: They call you, but immediately hang up. You see a missed call. You call back. They charge you for the call, and for each minute they can keep you on the line.

According to the Better Business Bureau and the U.S. Federal Communications Commission, this so-called “One Ring” scam is on the rise.

Like many a ruse, this one relies on hitting many, many potential targets at once. The scammer sets up a computer to call thousands of numbers per hour – because for every 99 people who follow their gut and don’t call weird numbers, there’s one who will. Maybe they’re waiting for response on a job interview, and don’t know what number it’ll come from. Maybe they’re hoping it’s that girl from the bar last night. Maybe the number just looks kind of familiar. It’s all about making mass sweeps and finding the exceptions.

The trick? They only let the call ring once before it automatically hangs up. One ring is enough for the number to show up on your missed call screen, but just short enough that you’re not likely to answer it in time (which keeps the call from fully connecting and thus keeps the scammer from having to front for any long distance fees.)

The U.S. Federal Trade Commission, which works to prevent fraudulent, deceptive, and unfair business practices in the USA, requires the caller to explicitly agree to charges on U.S. premium numbers. The number these particular scammers are dialing from generally uses the +1 country code (the U.S., Canada, and almost all of the Caribbean nations from the Bahamas to Jamaica), and thus looks a whole lot like a U.S. number, lulling Americans into a false sense of security. The fact is, however, these calls are not generated from the U.S., and the FTC has no jurisdiction on international numbers.

We’ve seen tricks like this before, using many of the same basic concepts – the sneaky international number, the hook to get you to call it back. A few years ago, a common scam technique was to text someone saying “Your [insert relative here] is hurt, and you are the emergency contact! Call [sneaky international number here] for more information.”

But this is the first time we’ve seen them boil it down to a simple missed call. It plays on the ubiquity of smartphones, where no one really calls each other anymore. If someone is calling, it’s probably important, right? Better call ’em back, right?

While reports on scams like this tend to warn you that you’ll be charged a zillion dollars per second, that’s usually not the case, in reality. Carriers will often void the charges if they/you catch them, so the scammer’s goal is often to keep anyone from noticing the charge. They’ll charge you a few bucks to establish the call, then a few bucks for each minute they keep you on hold/on the line.

But even if they charge you nothing, there are other reasons you should not call them back.

They’ll charge you a few bucks to establish the call, then a few bucks for each minute they keep you on hold/on the line.

Once you’ve called, they know there’s a human on the other end of that number. It’s like hitting “unsubscribe” on a mass email – if the sender is a good guy, you’re unsubscribed. If it’s a spammer, you’ve just verified that its a legit inbox and have been signed up to a million more mailing lists.

Once a scammer has a caller on the line, it’s an opportunity to phish. If a person is open to dialing a mystery number, why not see if they’ll believe you work for their bank and need their credentials?

Avoid Getting Scammed
If you don’t recognize a number, don’t call back. If you really want to call back, Google the number first. Check the area code to make sure it’s not long-distance. Make sure you check the full number too; in many cases, you’ll find a page full of results saying “Do not call! It’s a scam!”
Some of the commonly used area codes to watch out for are 876, 809, 649 and 284.

If you’re an Android fan, try to get on a device running Android 4.4 (KitKat). It has a built-in number identification system that works quite well at identifying legitimate, non-scammy phone numbers as being safe to call.

Check your phone bill for sketchy charges. Your carrier knows aaaall about scams like this, and will generally reverse the charge if you complain.

Greg Kumparak is the Mobile Editor at Techcrunch.
© FrontLine Security 2014



Simulation: Live-fire Training
© 2014 FrontLine Security (Vol 9, No 1)

The current generation of simulator is a technological marvel – putting lone officers or groups onto realistic firing ranges or into a selection of the hundreds of interactive, video-based scenarios to confront a range of threats with a variety of resource options. Training systems can be packed into one travel case for delivery to remote locations, and set it up in a matter of minutes for training or qualifying. However, simulator-based training systems, especially for law enforcement officers, are on the brink of taking a giant step into the future as enhanced computer power and better display graphics bring artificial environments even closer to the real thing...

“Until now, the scenarios that were used have all been video-based,” explains Peter Longstaff, president of Meggitt Training Systems of Quebec. “The next generation will be basically computer-generated imagery.” Current video scenarios, with actors ‘responding’ to officers’ commands, may have a hundred paths to choose from, but are limited in the number of situations it can present. Computer generated scenarios, on the other hand, are more moldable, enabling organizations to customize the program to their own training needs. “With computer generated imagery there is much more flexibility in terms of the scenarios that will become available, at much less cost,” Longstaff remarks as he details some of the nuances that are being created to improve the realism of training. “We are looking at things like gesture recognition, so in other words, how does an officer react? You can automatically feed that information into scenarios and affect the outcome.”

Will the next big ‘wow’ factor for simulations-based training be in computer graphics? “As good as computer graphics are these days, it is still not there for interfacing with the officers in training,” says Vince Greiner, VP business development for TI Training Corp. of Colorado. “I need to see the fear in your eyes or the aggressiveness in your face” he says. “Those avatars are not there yet, but they are soon going to be, and once that happens, that will be the next level of full interaction, where you can talk to the screen and they are going to react back to you in real time. It’s not there yet, but it is coming.”

Especially in firearms training, simulations have evolved over several decades from the basic operation of a weapon and marksmanship to the point where they are being used to teach and rehearse split-second decision-making in various situations. The key is to find effective means to train officers to use the correct judgment, suggests Longstaff. “Simulators can be a controlled environment, which allows that training to take place very effectively.”

Led by young, tech-savvy firearms instructors, new generation police officers are embracing simulations training to hone and maintain skills. Beyond that, trainers can measure and compare individual performance over time, which will help in refining training techniques. “Generally over the years I think it has been proven that simulation in the law enforcement world is a very effective training tool, and a testing tool as well,” Longstaff says.

The biggest push right now is to augment or supplement qualification training. Major customers in Canada have been comparing control groups, some training on simulators before live fire qualification, and other groups doing only live fire training. According to Greiner, “they are finding that the simulation is a good stepping stone for qualifying, so the biggest thing now is, can we qualify on the simulator?” That is a big question for police forces, and the answer can only come from their training sections. Simulation companies provide the tools, but it is up to the policing sector to find the most effective means to utilize the technologies, which is why feedback to the developers is so critical to enhancing innovation of simulation products.

“Marksmanship is the basis of all simulation and live fire training, particularly in judgemental scenarios comprising the potential for collateral public damage,” says Meggitt’s Director Business Development, Paul Romeo. “Law enforcement agencies are placing an even greater emphasis on this skill within their force, with a view to understanding simulation accuracy, consideration of realistic weapon performance, ballistics and the impact of environmental conditions – elements that have always been a key basis of requirement in military training systems.” To that end, Judgemental Scenario-based simulation permits individuals and teams to challenge themselves in a safe environment that otherwise cannot be replicated on the indoor range. It provides law enforcement services with the opportunity to verify their lethal and non-lethal ‘Use of Force’ procedures, to develop new procedures, and to confirm the suitability of their procedures in specific situations.

The advent of gaming engines, computer generated imagery, artificial intelligence, gesture and voice recognition will lead policing down a path where the confidence placed in a force will be even more sound and well documented from a liability perspective. Force leadership will better understand what their officers have fulfilled in terms of training, where challenges exist, and where greater emphasis is required to assure the confidence of the public.

Simulation can enable the law enforcement officer to train in a mentally demanding and physically challenging environment, which he could otherwise not experience until the time of a real event. In choosing a system, they measure factors like realism, cost and portability in their purchase decisions. “One thing we have to realize is that, obviously, budget is a huge concern, especially at the municipal level,” says Longstaff. “And that is understandable, but I think when people look at the return on investment, it does work out.”

Affordability definitely comes into play, agrees Greiner. “Right now they look at ammunition costs but we remind them that it is not just their ammunition, it’s logistics. You have to get to the range, you have to pay people to run the range, you have to maintain the range, so there is all that involved with doing your training and firing your guns.”

Although budgets continue to tighten, demand for personnel and equipment is growing, and so training requirements are driving demand for cost-effective simulation solutions. Militaries and policing forces are all looking for solutions to train more efficiently. At the recent CANSEC defence and security trade show in Ottawa for instance, Meggitt demonstrated the FATS M100 system which is designed to support multiple, simultaneous simulation and training modes using flexible systems architecture.

With increasing active or threatening conflicts in today’s world, the use of simulation training solutions not only improves officer training, it can reduce costs associated with live fire training exercises.

Richard Bray is FrontLine’s senior writer.
© FrontLine Security 2014



U.S. Civil Air Patrol
© 2014 FrontLine Security (Vol 9, No 2)

Civil Air Patrol’s rich history of protecting America will come full circle when the U.S. Air Force auxiliary ­officially ­celebrates its 75th anniversary in 2016.

Tow Target Unit No. 2 (1944)

The all-volunteer component of the U.S. Air Force, the Civil Air Patrol, is celebrating its 75th anniversary in 2016. The organization was ­created on 1 December 1941, just six days before the Japanese attack on Pearl Harbor, and has been helping Americans recover from countless emergencies ever since.

“The Air Force was initially part of the U.S. Army, and wasn’t made a separate branch of the military until 1947,” notes CAP’s national commander, Major-General Joseph Vazquez. “So although we’re officially chartered by Congress as the Air Force Auxiliary, we’re actually older than our total force parent.”

CAP had many missions during World War II, including anti-submarine patrol and warfare. CAP found 173 enemy U-boats, attacked 57 and hit 10, dropping a total of 83 bombs and depth charges.

CAP cadet documents hurricane damage

“The first Air Medals awarded during World War II actually went to two CAP pilots, after President Roosevelt heard of their daring rescue of a fellow airman downed in bitterly cold high seas,” Vazquez explains. “By the end of the war, 64 CAP members had lost their lives.”
Today, CAP operates 550 aircraft and performs about 85% of continental U.S. inland search and rescue missions as tasked by the Air Force Rescue Coordination ­Center, with credit for saving about 70 lives each year.

“Our 60,000 members are building on the excitement created in May, when President Obama signed legislation authorizing a Congressional Gold Medal for our founding members,” Vazquez says.

After unloading relief supplies, CAP youth participate in ground team searches and other required tasks during times of emergency or disaster.

“We’ll be celebrating our 75th anniversary throughout 2016, with a ceremony at the Air Force Memorial in Washington, D.C., displays at prominent air shows, and publication of an anniversary book.”

  • CAP provides disaster relief during and after hurricanes, floods, ­wildfires, earthquakes, tornadoes and countless other emergencies – like the 2010 Deepwater Horizon oil spill in the Gulf of Mexico, the largest modern-day mission in CAP history until the organization’s response in 2012 to Hurricane Sandy. During that response, CAP aircrews took more than 150,000 aerial images to assist FEMA and other federal, state and local agencies involved in cleanup and recovery from the superstorm, which ravaged the coastlines of several states in the Northeast, including New Jersey and New York. In 2013, the National Aeronautic Association presented CAP with the Public Benefit Flying Award for its performance in the aftermath of Sandy.
  • CAP responds day or night when planes are overdue and emergency locator transmitters go off. Volunteer professionals perform search and rescue missions, as tasked by the Air Force Rescue Coordination Center. Last December, CAP – using cellphone forensics – saved a family of six stranded in the snowy mountains of northern Nevada.
  • CAP plays a leading role in aerospace education and mentors more than 25,000 young Americans through its cadet program. By partnering with more than 3,000 educators nationwide, members nurture the talents of generations of the nation’s sons and daughters with aerospace education programs that stress leadership and character development and teach aviation and emergency response skills. CAP’s award-winning aerospace education program uses national standards-based materials to help nearly 275,000 school-aged children in grades K-12 to excel in STEM (science, technology, engineering and math) subjects. CAP’s cadets are involved in a wide variety of activities, including CyberPatriot, the national cyber defense competition won by cadet teams in 2011 and 2012. In 2014, a CAP cadet team was crowned the nation’s first CyberPatriot middle school champion.
  • CAP is a major partner of Wreaths Across America, an initiative to remember, honor and teach about the sacrifices of U.S. military veterans. Every year, CAP teams up with the Maine-based nonprofit organization to raise funds to place Christmas wreaths on veterans’ graves at nearly 700 locations throughout the nation as well as in several countries overseas. CAP members also play an integral role in other patriotic events and activities, such as Memorial Day and Veterans Day parades, presenting the colors and demonstrating respect for the flag and love of country.

Civil Air Patrol, the official auxiliary of the U.S. Air Force, is a nonprofit organization with more than 60,000 members nationwide, operating a fleet of 550 aircraft. In its Air Force auxiliary role, CAP performs 85% of continental U.S. inland search and rescue missions, as tasked by the Air Force Rescue Coordination Center, and is credited by the AFRCC with saving an average of 70 lives each year. Its volunteers also perform homeland security, disaster relief and drug interdiction missions at the request of federal, state and local agencies. Members play a leading role in aerospace education, and serve as mentors to more than 25,000 young people currently participating in the CAP cadet program.” 
Visit www.gocivilairpatrol.com and www.capgoldmedal.com for more info.

All Photos courtesy of CAP
© FrontLine Security 2014



Sharia: Canary in the Global Coal Mine
© 2014 FrontLine Security (Vol 9, No 1)

Human rights and liberal values are under threat in a small, little-known country most people would be hard-pressed to find on a map. Following the radical vision of Usama bin Laden and his followers, Brunei Darussalam became an Islamic state under strict Sharia law this past week, with punishments of death by stoning for ­adulterers and severing of limbs for thieves. Policymakers on both sides of the Atlantic have yet to focus on the challenges posed by radical Islamic regimes, much less tackle them effectively.

Located on the northern coast of the Island of Borneo in Southeast Asia, Brunei is the world’s fifth wealthiest country among those with per capita annual income over $48,000. It is now the 14th country or region to fully implement Sharia, a system of moral and religious laws that addresses not only criminal and civil affairs, but also politics, economic transactions, and all matters of personal conduct. Because so few Muslim countries have adopted all aspects of the code (such as capital punishment, flogging, amputation and stoning) into their criminal justice system, Brunei serves as useful prism for understanding the issue.

Casual observers of the Muslim world may be surprised to learn that the all-encompassing concept of Sharia is one of the primary keys to understanding that world, and indeed, the context of the ­September 11 attacks on the United States. Those seeking to understand radical Islamic Sunni movements, and al-Qaeda in particular, would benefit from reading bin Laden’s 2002 letter to America, which explains his rationale for the attacks.

Students at religious institutions throughout the Muslim world, from Cairo’s al-Azhar University, the preeminent school of Sunni Islamic scholarship, to madrasas in Pakistan, are taught the importance of integrating Allah’s heavenly laws into earthly forms of government. In the 1970s and ’80s, Islamist organizations around the world tried unsuccessfully to implement Sharia in their home countries, and largely failed. Countries, including Egypt and Algeria, ­consistently jailed and killed those who championed Islamic republics. Bin Laden himself was forced to flee to Sudan, Afghanistan and Pakistan, which had implemented Sharia and shared his world view. He and his fellow jihadis eventually concluded that their failure to bring Islamic law to their home countries was a direct result of U.S. policy, which largely supported non-Islamist autocrats, dictators and kings. September 11th was an attempt to curtail this U.S. support, so that Islamists could fill the void and implement Sharia.

Beginning in 2001, al-Qaeda and its affiliates attacked Washington, New York, Madrid and London in an effort to influence the 33 Organization of Islamic Cooperation (OIC) member states that have partially implemented Islamic law, and the 30 others where Sharia plays no role. Their audacious goal was to foster the creation of as many Islamic republics as possible. Battles now being waged in Gaza, Lebanon, Egypt, Turkey, Yemen and Bahrain are all part of the war to implement Sharia in Muslim countries.

Ultimately, Brunei is a canary in the mineshaft of the international system, and should serve to alert policymakers of the need to address the threat of radical Islam. Some will be quick to point out – erroneously – that with over 1.5 billion Muslims in the world, this threat cannot be handled in a politically correct manner. But if only 1% of Muslims espouse radical Islam – and some estimates are higher – the international community is unwise to play the ostrich with its head in the sand.

Because they fear being politically incorrect, policymakers have chosen to call this struggle a war against terrorism. Not only is this inaccurate, but it also distracts from the real problem.

Wars are fought against ideologies and countries, not against tactics. In World War II, the Allies did not fight against U-boats or kamikazes, but against Nazi and fascist ideologies of Germany, Italy and Japan. The Cold War that followed was fought against the Soviet Union and communism.

Those who profess support for human rights, freedom of speech and religion and equal rights for homosexuals and women should pay special attention to countries that institute Sharia, since by definition they oppose all the freedoms enjoyed in liberal democracies. International organizations across the political spectrum have addressed these issues for all to see.

For example, the UN Arab Human Development Report of 2002, drafted by leading Arab scholars, was at the forefront of efforts to document the lack of basic freedoms in Islamicist cultures shortly after the September 11 attacks. Amnesty International recently reported that Saudi Arabia, Iran and Iraq (all regimes that have implemented Sharia) lead the world in documented executions. Gay rights groups have repeatedly deplored the statement by ­former Iranian president Ahmadinejad that there are no gays in Iran.

A close look at today’s wealthiest Islamic republics – Saudi Arabia, Iran and Sudan – demonstrates why we must take the problem of radical Islam seriously. These three regimes account for the vast majority of funding, ideological support and protection for terrorist organizations and jihadis around the globe.

The West defeated each of the 20th century’s hostile ideologies using the full panoply of military, economic, diplomatic and ideological weapons. Today’s great challenge – radical Islam – deserves no less serious a treatment. Brunei’s recent tilt toward Islamism is a timely reminder that this contest is far from over.

Mr. Avi Jorisch is a Senior Fellow at the American Foreign Policy Council and serves on the board of advisors for United Against a Nuclear Iran. He is also a columnist for al-Arabiya, one of the largest news outlets in the Middle East.
© FrontLine Security 2014



Radar S21 Networks for Public Safety
© 2014 FrontLine Security (Vol 9, No 2)

Great progress has been made since 2007 when Frontline Security first reported on radar surveillance technology designed for use in the homeland by public safety organizations, whose responsibilities include border security, search and rescue, transportation security, and law enforcement.

Typical radar node.

Operational needs for technology to enable smarter, intelligence-led operations, have been clearly articulated. In response, affordable surveillance-to-intelligence (S2I) solutions have been developed in partnership with the public safety community, and operational pilots have been successfully executed to reduce technical and operational integration risk. At the same time, relevant government policy has supported – and even led – these important operational developments.

Operational Needs
The Great Lakes St. Lawrence Seaway System (GLSLSS), which includes a 3,700 km water border between Canada and the United States, is simply too large to patrol without surveillance technology that provides maritime and air domain awareness.

Automatic Identification System (AIS) and Automatic Dependent Surveillance – Broadcast (ADS-B) technologies provide awareness of regulated, large commercial vessels and passenger aircraft. However, according to retired U.S. Coast Guard Captain, Jeff Ogden, security and safety personnel have continually asked for tactical, real-time awareness of small pleasure-craft, including snow-mobiles and ATVs in the winter when water freezes over, and low-flying general aviation aircraft such as ultralights.

Furthermore, says Ogden, who is now VP of Homeland Security & Safety Programs at Accipiter Radar, “Due to the vastness of the Great Lakes’ shared maritime system, the number of agencies involved in its security, their limited response assets (vessels, vehicles and aircraft), and the dense target environments, domain awareness from sensor data must be shareable with Canadian and American partners in real-time. That data must also include permanent target trajectory retention/replay, with user-friendly analytical tools that allow intelligence analysts, investigators and even watch floor personnel to understand target activity patterns, identify targets of interest quickly, and be able to rapidly respond to them.”

This combination of operational and tactical analytical capabilities, and the ability for partners to share a common view of the world enables intelligence-led operations which result in smarter resource allocation with quantifiable risk management; and act as a force multiplier to cash-strapped safety and security personnel.

Radar S2I Networks
When asked about solutions to this problem, Dr. Tim J. Nohara, P.Eng, President and CEO of Accipiter Radar explained: “We have been privileged to partner with Canadian and American safety and security agencies for over a decade, including RCMP, CCG, USCG, CBSA, CBP, TC, DRDC CSS, DHS S&T, DND, DoD, NAV CANADA and FAA, as well as provincial/state and regional agencies and local police services.

We listen to the operational needs of these early adopters, innovating continuously, and working alongside them to pilot our solutions, getting continuous feedback, and iterating until we get it right; then we repeat this process to improve further”. He notes that his company’s vision is directed to wide-area situational awareness of uncooperative targets (vessels or aircraft not broadcasting AIS or ADS-B), and hence is perfectly aligned to his clients. “This is what keeps us focused and in the game for the long-haul.”

Depiction of full-scale, wide-area, radar S2I network on the Great Lakes modelled after cellular networks.

To explain the challenge, Dr. Nohara notes that “unlike military theatres where ‘friendly’ targets identify themselves, on the Great Lakes there are thousands of unidentified friendlies. To support proper decision-making and risk mitigation, this means radar surveillance must be coupled with a carefully designed target information system (TIS) that can handle the “big data” problem, support arbitrary, multi-mission analytics, and share radar target data securely in real-time with multi-agency users including front-line operators.

“In short, we needed to bring radar S2I power to the edge, and we’ve done just that. The radar information networks we have pioneered exploit a network of ground-based, waterside, radar sites that are analogous to cellular networks. The broad range of users means the TIS needs to allow agencies to easily develop their own software tools or ‘apps’ to exploit the target data as they see fit.

Flexibility allows easy adaptation to changing threats and priorities. “The big advantage we have over military operations, is that we operate in the homeland; this means we can deploy flexible, land-based radar networks giving us wide-area, persistent monitoring, instead of being forced to rely on less-flexible airborne and space-based sensors which are many times more expensive,” says Nohara.

Operational Pilots
Canada and the United States have made considerable investments in operational pilot projects to mitigate risk in developing and fielding new surveillance technologies for the Great Lakes.

In early 2009, for example, the Honourable Peter MacKay, then Minister of National Defence and the Honourable Peter Van Loan, then Minister of Public Safety, announced approval of a pilot project under the Public Security Technical Program with Accipiter to examine the feasibility of using radar networks on the St. Lawrence River and the Great Lakes. Following initial success, the scope was expanded in June 2010 by Defence Research Development Canada’s Centre for Security Science (DRDC CSS), and the deployed radar network demonstrated enhanced maritime domain awareness for the G20 Summit in Toronto. This was a multi-agency, multi-jurisdictional operation including the RCMP, the Great Lakes Marine Security Operations Centre, Toronto Police Service, and National Defence.

More recently, Accipiter partnered with DRDC CSS and DHS S&Ts in the Canada and U.S. Sensor Sharing Pilot, a cross-border pilot consisting of sharing sensor information between the RCMP and Customs and Border Protection along the Canada/U.S. border in the area of Swanton, Vermont.

Earlier this year, Defence Minister Rob Nicholson and Public Safety Minister Steven Blaney announced another pilot now underway with Accipiter and Shiprider partners (the RCMP and USCG), under the Canadian Safety and Security Program that will further enhance operational capabilities.

Progress & Potential
Policy at the federal and international levels has advanced considerably in concert with operational needs. Most importantly, in 2011, Prime Minister Harper and President Obama announced the joint Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness declaration and developed an Action Plan to achieve it. This remarkably detailed Action Plan includes a commitment to intelligence-led enforcement and to addressing threats early, through initiatives such as joint risk assessment and border domain awareness, cross-border law enforcement such as the Shiprider program, and coordinated technology procurement. Cross-border operational enforcement integration is clearly the goal for the future.

Public safety exercise on Lake Ontario involving police response vessel and personal watercraft.

In this year’s federal budget, it was announced that $92 Million has been allocated over five years to the RCMP to combat contraband tobacco smuggling with increased, intelligence-led policing efforts, including the creation of a Geospatial Intelligence and Automated Dispatch Centre, and the deployment of sensors, including radar, in high-risk areas from the Maine-Quebec border to Oakville, Ontario.

When asked about what he sees ahead for the future, Dr. Nohara sees a “full-scale roll-out of radar S2I capabilities across key areas of the Great Lakes and Seaway system as well as potential expansion to the Arctic and to our East and West Coasts.” In addition, he notes that end-user tools or apps will greatly enhance search and rescue operations by reducing search time and costs. Also, specialized apps for weather, bird and ice monitoring will improve safety and protect the environment.

While challenging, these goals are eminently practical and entirely achievable in the next seven years, thanks to the investments made and the leadership shown on both sides of the border in the last seven years… and that’s definitely a positive development.

Richard Bray is a FrontLine staff writer.
© FrontLine Security 2014



RCMP Face Denial of Basic Rights
MPs Called to Speak Out Now
© 2014 FrontLine Security (Vol 9, No 3)

Elected officials are being called upon to speak up immediately in the House of Commons and Senate with concerns about Enhancing Royal Canadian Mounted Police Accountability Act (Bill C-42) as details emerge about regulations being drafted which would see RCMP members facing a Code of Conduct investigation having fewer rights than other Canadians charged with crimes.

Why don’t RCMP members have the same constitutional rights that are accorded to all citizens? “Our political representatives must stand up now and stop this from happening by asking the questions in the House and Senate that desperately need to be addressed,” asserts Rae Banwarie, president of the Mounted Police Professional Association of Canada (MPPAC). “As we become aware of how C-42 will be implemented through the regulations now being developed, we are extremely concerned, and members are understandably nervous. It appears when someone accepts employment as a peace officer in the RCMP, they relinquish their civil and constitutional rights at the door,” Banwarie states. “The Act does not pass the Charter of Rights test.”

Details emerging from the Regulations drafting process have the MPPAC particularly concerned about three areas:

  • Under the new Enhancing Royal Canadian Mounted Police Accountability Act, RCMP members facing a Code of Conduct investigation relinquish rights afforded other Canadian citizens who have been charged with a crime. The Government’s Legislative summary states that, in the case of an RCMP Conduct Board conducting a Code of Conduct investigation, the member could be tried in absentia. Also, if the member is directed by a Conduct Board to attend a medical assessment and fails to, that hearing may also be conducted in absentia of the member.
  • RCMP Commissioner Paulson has stated that the organization wants to increase the gender intake in the RCMP to a 50/50 split. Yet Section 31(1.2) will continue to foster sexism since the new Act would prohibit an RCMP member from filing an internal grievance claiming the “right to equal pay for work of equal value.”
  • While it has long been the case that an RCMP member cannot refuse to answer a question on the basis of self-incrimination during a Code of Conduct investigation, Section 50.(1) (2) makes it a summary conviction offence for an RCMP member who, as a witness or otherwise, refuses to answer a question – even if it is self-incriminating. The punishment is a fine of up to $5,000 or six months in jail, or both.

These concerns are being echoed by Sebastien Anderson, the founding lawyer of Labour Rights Law Office in British Columbia. Anderson, who has more than 12 years at the bar in British Columbia and Alberta, and has represented dozens of RCMP members and those of other police agencies such as the Transit Police Professional Association and the Port Moody Police Services Union, says “the recipe for curing rampant labour relations problems within the ranks of the RCMP does not lie in dispensing with procedural fairness for the sake of an ill-conceived ‘quick fix.’ Systemic problems within the RCMP have led to a workplace culture in which bullying, harassment and sexual harassment has not been meaningfully addressed by management. Members dealing with such situations need greater protection in the form of natural justice and procedural fairness, not a short-cut to being ‘shown the door’.”

Anderson believes the amendments are extremely outdated and demonstrate a “profound lack of insight” into the underlying labour relations problems. “These legislative revisions offer no creative, meaningful solutions from a labour relations perspective,” he concludes.

MPPAC has grave concerns that the new Act and pending Regulations would significantly add to stressers already in thework environment and may increase the occurrences of PTSD and suicides. “In addition to the daily challenges and dangers of policing, members will be compelled to make statements and produce documents without sufficient protection. Discharges will be done with relative ease and with minimal procedural protections, or members could be muzzled, fined or jailed. Our members are understandably fearful about how these powers will be deployed, and we need our elected officials to voice their concerns on all these matters.” Banwarie says that RCMP members “need strong leadership from our elected officials, leadership that they can place their faith, trust and futures in.”

In the Spring of 2014, Senator Grant Mitchell, who was recently elected Deputy Chair of the Standing Senate Committee on National Security and Defence, was speaking to the Committee when he said: “Many with PTSD – because of sexual harassment and bullying and unbelievable cases of it that have been documented by the RCMP’s tribunal processes – are now receiving their notices to be released, often from boards of inquiry or boards of review that they’re not even allowed to attend. Now we see the development of regulations that will actually allow people to be released before the grievance process is finished,” adding, “I share the skepticism of Bill C-42.”

Noting the positive differences the association has made in every member’s case they have been involved in, Banwarie urges RCMP members to consider joining the MPPAC. “Our membership deserves an independent, professional police association that is recognized by management and engaged to protect members’ interests.”

The Mounted Police Professional Association of Canada (MPPAC) was established in 2010 to fight for the right to engage in collective bargaining on behalf of RCMP regular and civilian members across Canada.
The Association does not seek or support the right to strike. For more info, visit  www.mppac.ca
© FrontLine Security 2014



CSDP: Common Security and Defence Policy
© 2014 FrontLine Security (Vol 9, No 1)

The path to a truly coordinated transatlantic defence and security policy is littered with challenges. Despite a perception that North American security interests are shifting increasingly to the Pacific Rim, there was evident agreement among attendees of an inaugural symposium on European Union-Canada Cooperation in Common Security and Defence Policy (CSDP) that preserving the long-standing transatlantic accord should remain a priority to like-minded nations.

Manitoba MP James Bezan, who chairs the House of Commons Standing Committee on National Defence, and is Parliamentary Secretary to Defence Minister Rob Nicholson, said there was no question that Canada is more engaged than it used to be in Latin America and Asia. “But I don’t think it takes away one bit” from ties with the ­European Union and “our operational mandate.”

A few days earlier, General Philip Breedlove, Supreme Allied Commander Europe, also rebuffed perceptions of a shift in U.S. foreign and defence policy toward Asia, at Europe’s expense. “That is not the case; United States remains absolutely committed,” he replied when asked about the North Atlantic Treaty Organization (NATO) during a joint news conference with General Tom Lawson, Canada’s Chief of the Defence Staff. Breedlove did acknowledge that U.S. troop strength had reduced significantly since the end of the Cold War, but he signalled a possible rebound. “We are all going to have to reevaluate some of the decisions that we have made about force structure, force positioning, force readiness and […] in the short term, our force responsiveness.”

Opening the one-day CSDP symposium, Marie-Anne Coninsx, the European Union’s ambassador to Canada, told the mixed audience of diplomats, parliamentarians and consultants that the event was particularly timely in light of current developments – increased tensions in Ukraine and other parts of Eastern Europe in the wake of Russia’s annexation of Crimea.

Maceij Popowski, Deputy Secretary General of the European External Action Service (EEAS) –  through which the EU tries to ensure policy “consistency and coordination” between its member states – pointed out that the “very foundation” of the EU was a rejection of power politics. However, since power politics are back, so too – and “with a vengeance” – are defence and security policy issues. He said the notion of a CSDP had come of age since its first cooperative mission in Macedonia 11 years ago. “You can’t be a serious foreign policy player without a common security and defence policy,” he said, citing EU training of the Malian Army and the ongoing campaign against piracy off the Horn of Africa.

Sven Biscop, Director of the Europe in the World program at the Royal Institute for International Relations in Brussels, and an occasional visiting professor at Carleton University in Ottawa, asked Popowski whether he was confident that a CSDP was practicable in today’s environment. “I think because of the sense of urgency . . . it’s time to get serious about our commitment to defence,” Popowski replied. He also said it was telling that EU leaders had opted to keep defence on their agenda, a stance he said would have been unthinkable four years ago.

However, Rini Goos, Deputy Chief Executive of the European Defence Agency, said the challenge of coming up with a coordinated response policy was complicated by the EU’s varied security concerns and a lack of true interoperability. ”The numbers do not lie”, he said, citing the member states’ lineup of military hardware: 19 types of armoured vehicles, 14 models of main battle tanks, 16 different fighter aircraft, five models of attack helicopters and 29 different frigates.

In contrast, Canada and the United States had only a “relative handful” of equivalent types. “We have a lot of catching up to do,” said Goos, former head of the Commissariat for Military Production in the Netherlands Ministry of Economic Affairs, where he oversaw consolidation of defence- and security-related industries and kick-started a group of experts to look at opening up European defence markets.

He told FrontLine in a subsequent email that while he was no longer in a position to talk about his homeland’s industrial base “from a truly national perspective”, consolida­tion on such a scale is clearly not a short-term process. “It requires a solid policy framework between the government entities.” He further suggests that suppliers “need to get a fair chance to deliver,” on both national and international levels.” The challenge was exacerbated by austerity measures which had taken “a huge toll” on the Ministry of Defence.

Some industries were able to transition into other markets and areas of expertise that do not only relying on the infrequent defence orders. “Some of them really worked on innovation and competitiveness … and some have become very successful in exporting to markets in and outside Europe,” Goos noted. “But then again, there are also many who did not make it, for a variety of reasons.”

Crisis Management and Support to Peacekeeping in Africa and Beyond From left: Moderator Richard Cohen, former Senior Defence Advisor to the Minister of National Defence Didier Lenoir, Director, Crisis Management and Planning Department, EEAS Ann Fitz-Gerald, Professor of Security Sector Management, Cranfield University and Visiting Chair Royal Military College, Kingston, Ontario Tamara Guttman, Director General, Stabilization and Reconstruction Task Force (START), Department of Foreign Affairs, Trade and Development

General Gilles Janvier, Acting Civilian Operations Commander, Civilian Planning and Conduct Capability, EEAS. As for the EU-Canada relationship, Bezan said that the recently-signed trade agreement “sets the tone” for moving forward on a CSDP. Critical of Russia’s record in Ukraine (even before the latest developments), Bezan said that Canada is, by nature, an “expeditionary” country and that it has “always been a proud partner” in ­various multinational forces. That was evidenced by its response to shifting threat scenarios dating back nearly a century, and continuing through its partnership in the North American Aerospace Defence Command (NORAD). “Our commitment to Europe has not changed one iota,” he stressed.

Colin Robertson, Vice-President of the Calgary-based Canadian Defence and Foreign Affairs Institute, pointed out NATO’s goal of having its members spend 2% of their gross domestic product on defence. He said Canada’s commitment is approximately half that level, but Bezan, noting that most countries are struggling with budget constraints, recognized that Canada is pushing toward 1.7 per cent, “but it is […] a concern.”

Defence Analyst David Rudd queries the panel.

Popowski agreed that “security comes with a price tag”, as reflected in the €200-billion consolidated defence budgets of the EU members. But he believes the solution to “fragmented” spending lay in a shift away from the traditional national sovereignty approach to defence.

Jack Harris, a New Democratic Party MP from Newfoundland who is the Official Opposition’s defence critic in the House of Commons, asked what kind of cooperation on CSDP the EU wanted, given that NATO had the primary responsibility for cooperation. Popowski replied that CSDP tends to be expeditionary in nature and that if the EU initiates anything, it always consults its members, but noted that participation agreements already in place would effectively reduce the time spent on debate. “The demand for CSDP is growing”, Popowski said, citing developments in parts of Africa. “We need to complement that with […] more regular political dialogue.”

Pierre Delestrade, president and chief executive officer of EADS Canada (Airbus Group), paraphrased an early Roman adage, observing that “if you want to protect peace in the world, you have to be ready for war.” He suggested that such readiness required better dialogue between government and industry because it can take a company or consortium five years to design new products within a framework of shrinking defence budgets. “Delay is a nightmare for industry,” he said, stressing the need to retain expertise rather than resort to temporary layoffs. Delestrade said government support, particularly in research and development of increasingly complex, and hence more expensive, products is crucial.

The one-day symposium was described by the EU’s Ottawa office as a great success  and that “positive feedback […] encourages us to play for a 2015 edition.” However, the challenge going forward may be altered by the results of the latest European Parliament elections in which political parties opposed to the concept of a united Europe won 30 percent of the vote – up 10 points from the previous election. The protest vote is expected to have “a huge impact on the parties and policies back home,” said Pieter Cleppe, head of the Brussels office of Open Europe, a London-based think tank. “They will make it harder to centralize powers in the EU.”

Ken Pole is a contributing editor at FrontLine Security magazine.
© FrontLine Security 2014



20,000 Leagues Above the Sea
© 2014 FrontLine Security (Vol 9, No 2)

OPERATION DRIFTNET – Charged with monitoring and protecting the state of the vulnerable resources that lay below, Frank Snelgrove (below) hovers above the North Pacific Ocean in a CP-140 Aurora aircraft, monitoring the endless expanse of water for hours on end.

Frank Snelgrove stands near a CP-140 Aurora preparing for duty.

While the sea can appear infinite, particularly from his vantage point, Snelgrove, a Fisheries and Oceans Fishery Officer, knows that the species it contains are not. Despite international commitments to ensure its sustainability, there is mounting concern that unregulated fishing, among other issues such as climate change, has put the world’s oceans on a dangerous ­trajectory of decline. Snelgrove and his enforcement colleagues, alongside members of the Department of National Defence, have made it their mission to protect the ocean by putting a stop to illegal fishing.

For generations, the world’s oceans have provided some of the most nutritious and renewable food sources on the planet, and from it, important industries have been born – unfortunately, not all of them legal. There is significant money to be made from the ocean’s resources, and not everyone is as committed to safeguarding its future.

Nefarious Elements
That was made apparent last May, when a rogue Chinese vessel was finally apprehended after a harrowing six-day international pursuit. The decrepit, rust-infested vessel was first spotted on May 20th by Snelgrove, who was flying aboard the Aurora aircraft as part of an international annual operation, at exactly 42° 22'5" North and 154° 58'0" East, in the North Pacific Ocean.

“A combination of factors first led us to believe something was ‘off’ with this vessel,” Snelgrove recalls. “Available intelligence allowed us to classify this radar signature as a vessel of interest warranting closer investigation. We descended to have a closer look and were able to capture incriminating images indicating the vessel could be rigged for drift-netting. All told, it seemed to suggest that there was possibly something illicit at play, and I was determined to find out.”

A close fly-by revealed what appeared to be a vessel rigged to deploy its deadly cargo of illegal driftnets stored onboard and covered by tarps. The vessel was flying a Japanese flag, however Japanese officers on board the Aurora were able to quickly confirm that the vessel was not one of theirs.

After refusing to respond to numerous attempts to communicate in a multitude of languages, including other forms of international maritime signaling, the vessel made another feeble attempt at evading authorities, this time hoisting a simple yellow flag high above the ship – the mark of a quarantined vessel. Clearly, something was not right.

A suspected driftnet vessel with its crew photographed attending to its large net.

Unbeknownst to the vessel’s crew, Chinese officials participating in a joint patrol with the U.S. Coast Guard, also happened to be part of the enforcement operation and could not find any reports of a legitimate fishing vessel in the area that would match the ship’s description. The combined information was passed on to the mission’s Op Centre in Alaska and the U.S. Coast Guard jumped into action. It was clear that the suspect vessel needed to be inspected.

Weather, however, would complicate the situation. Strong currents and high winds meant that a pursuit, which should have taken a day, stretched into several.

As the U.S. Coast Guard pursued, the suspect vessel made one last attempt to avoid boarding by entering the Russian Exclusive Economic Zone.

It would not work. The vessel eventually re-entered international waters and submitted to a boarding. After being questioned, and presented with photographic evidence, its crew admitted to several illegal fishing practices, including dumping an illegal 3.3km driftnet that it had had onboard. The inspection also uncovered what appeared to be illegally caught salmon.

“Although the origin of the salmon seized as a result of this investigation has not yet been determined, the discovery of salmon on board the vessel is clear evidence that it remains a highly desirable species to those who have no regard for international measures that have been put in place to protect the sustainability of our oceans’ fisheries resources,” noted Gary Miller, Chief of Enforcement Operations in DFO’s Pacific Office. “It is only through the combined efforts of Canada and our international partners that we may one day see a Pacific Ocean free of the destructive impacts of large scale, high sea driftnets.”

The vessel has since been confiscated by Chinese authorities who have returned it to China, and an investigation by Chinese authorities is underway.

Operation High Seas Driftnet
The successful seizure was the result of a collaborative international effort, with much of the credit going to Canada’s annual North Pacific fisheries enforcement activities, dubbed Operation High Seas Driftnet. First launched in 1993 by Canada, under the auspices of the North Pacific Anadromous Fish Commission (NPAFC), the effort contributed to enforcing the United Nations’ moratorium on the use of high seas driftnets. The fishing nets, which can span the distance of several football fields, indiscriminately scoop up anything in their wake, killing thousands of untargeted marine mammals, turtles and sharks.

Unintended victims fall prey to the indiscriminate grasp of a large gillnet. Here, salmon and sea birds are caught in its netting.

Combined with other illegal, unreported and unregulated fishing, the toll these practices have taken on the ecosystem is enormous. Although it is difficult to quantify the magnitude of the economic impact, some experts estimate that up to 23 million tons of illegal product is being harvested every year – over and above the legitimate fisheries that are occurring – which can translate to upwards of $25 billion in lost global revenue.

International Community
In spite of the UN ban, some vessels continue to fish inconspicuously with illegal driftnets, relying on covert and intentionally misleading practices. While these operators have adopted new and more sophisticated means to avoid detection, the international community has banded together to create a formidable force and, by all accounts, appears to be winning the war against illegal fishing.

Canada’s sophisticated, intelligence-based Operation High Seas Driftnet is a combined effort between Fisheries and Oceans Canada and the Department of National Defence. It complements enforcement activities undertaken throughout the year by other members of NPAFC – namely the United States, South Korea, Russia, and Japan.

For about two consecutive weeks, strategically planned throughout Canada’s high threat periods, daily patrols supported by radar satellite technology scour the North Pacific High Seas in search of illegal activity. Other NPAFC (international commission) contributions complement these throughout the year over the high seas.

Operation Driftnet is a success thanks in large part to international ­collaboration. Seen here are Japanese ­fisheries officers participating in the Operation.

Early on, the operation benefited from a close partnership with the U.S. and was operated out of Alaska, but in 2012, Japan stepped in to provide a more strategic staging ground from Hakodate. The operation itself has also vastly improved thanks to new technology and combined intelligence. Whereas the operation initially flew over extremely large swaths of North Pacific Ocean, today’s efforts are far more targeted and strategic.

Aerial Surveillance is Key
A typical patrol day begins with a debrief that combines various intelligence from two main assets, namely satellite and aircraft radar, and automatic identification sensors (AIS), as well as various other sources. Partner countries provide supplementary information, such as sea surface temperature, species migratory patterns, and historical vessel movement. Armed with this information, the Aurora aircraft, which is particularly well-suited to this sort of operation, is deployed to the highest threat areas.

“As Canada’s only strategic maritime surveillance aircraft, the CP-140 Aurora is often used to patrol Canada’s coastlines, safeguarding our waters from foreign threats,” notes Lieutenant-Colonel Reid McBride of the Canadian Armed Forces. “Capable of flying more than 9000 km – or 5000 nautical miles – without re-fuelling, this multi-purpose aircraft is particularly well suited to the exercise.”

Once deployed, crew members will spend the next 10 to 12 hours conducting high-level surveillance, occasionally descending as close to 300 metres off the ocean’s surface to confirm targets or collect data.

CP-140 Aurora aircraft scans vessels for signs of IUU fishing.

The crew relies heavily on radar satellite and AIS data to help identify vessel locations, size and direction. Combined with experience and other intelligence products, the data collection allows officers to identify specific fishing fleets known to harbour illicit vessels and identify vessels of interest (VOIs). Once the VOIs are separated from the legitimate traffic, enforcement officials are able to better focus efforts on these suspicious vessels.

A Strong Deterrent
“Groups that would conduct illegal high seas driftnet fishing are quickly learning that we’re becoming very good at what we do,” says Blair Thexton, Intelligence Supervisor at Fisheries and Oceans Canada. “Over the last five years, we’ve really honed our skills and better utilize the information and the capabilities that are available to us, which provides a very solid deterrence factor to those that would go out and conduct these very irresponsible methods of fishing.”

In the last 10 years, only four vessels have been seized through Operation Driftnet for illegal activity, down from 14 from the period between 1993 and 2000.

As a result of the dramatic decrease, some began to question whether the international initiative was still necessary.

“It is absolutely necessary,” Brent Napier, Chief of DFO’s Enforcement Programs in National Headquarters says unequivocally. “Our experience in Atlantic Canada has taught us much. A decrease in enforcement activity prompts a resurgence of illegal activity. We have to remain vigilant. Money is the incentive, and there is a lot of money to be made in illegal fishing, so we can’t give them any sort of opening. The cost to the economy, to the ecosystem and to the environment more broadly is just too high.”


According to Napier, the international cooperation has been a huge boon and has lightened the burden on any one nation.

“It’s just not feasible for one country to patrol the vast expanse of the North Pacific Ocean,” he explains. “Each country brings its own strength and its own expertise to the operation, allowing us to leverage all of them for optimal effect. Canada is extremely grateful for the increasing levels of international collaboration and the success it has brought us.”

Canada’s Department of Fisheries and Oceans (DFO) is mandated to protect Canadian oceans and waterways.

Photos courtesy of DFO.
© FrontLine Security 2014



Muscle Memory and Visualization
© 2014 FrontLine Security (Vol 9, No 3)

The mind is the most powerful tool we have at our disposal, and its abilities shouldn’t be taken for granted. Memories stored in our brain constitute a large part of who we are, and our long-term memory allows us to memorize not only facts, but also repetitive physical movements. This is known as muscle memory, or motor learning, a type of procedural memory that is developed by programming a specific motor task or movement into the brain’s memory through repetition. Indeed, muscle memory doesn’t refer to memories stored in our muscles, as the name might suggest, but to memories stored in our brains as a cache of regularly enacted tasks for our muscles.

Any task that improves with practice and becomes automatic, is likely to use muscle memory. Some vocations require repetitive training to develop muscle memory or automatic responses. This is especially the case for frontline workers where unhesitating action can make the difference between life and death during crisis response or search and rescue missions.  

Building muscle memory can take varying lengths of time depending on several factors, including the level of difficulty of the task or movement, whether a previous muscle memory needs to be overwritten to allow for the new one, how often the task is repeated, and how alert the person is while learning the task.

Every time we learn a new task, thought or movement, a string of neurons (nerve cells) connect to form a neural pathway in the brain. These neurons are the building blocks of the nervous system, transmitting information through the body via neural pathways. Sensory neurons send information from the muscles to the brain, and motor neurons relay commands back to the muscles.

Neural pathways are feeble during the beginning learning stages of a new task, but each time that pathway is used, it is reinforced. The stronger the pathway, the easier the task, until it can be performed without conscious effort.

This process can be explained by the psychological model of competence, which comprises four stages: (1) unconscious incompetence; (2) conscious incompetence; (3) conscious competence; and (4) unconscious competence. Training that involves muscle memory is perfectly suited for ­progression from the second to fourth stage of competence – the ability to be competent without effort. Repetition training, kinesthetic training, and visualization all play an important role in achieving the top goal of unconscious competence.

Repetition Training
The old Latin proverb: ‘Repetitio est mater studiorum’ (Repetition is the mother of learning) is an apt observation that spawned the most widespread and commonly used method of learning and training for many professions. As an example, Firefighters have frequent routine emergency training drills in order to prepare them for real emergencies. Guy Pedliham of the London Fire Department (UK) says, “When I joined, during basic training there was a lot of repetition – throwing up ladders, tying knots under pressure, etc. Many are 3- or 4-person drills, so you had to also repeat the various roles within that.”

Any individual can choose a task or a motion to perfect and, if they persevere with training, they will achieve a level of programming that will allow them to carry out that motion flawlessly, expeditiously and, ultimately, unconsciously. Problems only arise when the person programs themselves to do something incorrectly, or when they find a better way to do it afterwards. This not only wastes the original training, but can make it difficult to reprogram the brain to accept the new method.

By habituating repetition with a desired movement or task, our minds are able to recognize the desired task and react more effectively and swiftly in scenarios that trigger the programming. “Gaining muscle memory and utilizing it in crisis situations is a critical element for first responders,” says Dr. Richard Gasaway, founder of Situational Awareness Matters, a consulting and teaching organization dedicated to improving decision-making in stressful environments. “It’s important that first responders are trained through some sort of mental management program to help build knowledge of situational awareness and to better prepare them mentally for dangerous situations,” he explains.

Kinesthetic Training
Kinesthetic training is an expansion of ­repetition training. By deliberately focusing on the exact muscles or muscle groups performing the action, the brain makes a stronger and more direct connection. ­Subsequently, the brain will immediately activate the required muscles when confronted with a trigger situation. For even greater effect, the method can be practiced with a blindfold to ensure that the brain is not distracted by visual information.

Firefighters in Glynn County, Georgia, shown here training ‘blind’ with heads covered to simulate the lack of visibility in a burning building and also to enhance their other senses and improve their “muscle memory” and reaction speed in ­dangerous scenarios. (Photo: Chris MacLean)

Imitation is the first method of learning we acquire, and one of the most basic. Two-thirds of our brain’s electrical activity is ­dedicated to sight, and estimates suggest it is the preferred method of learning for 40% of the population. Mirror neurons in the brain, a recent discovery in the field of neuroscience, may help account for this. These neurons are active both when a person carries out an action, as well as when they merely observe an action. Some scientists claim that we are able to fortify the neural connections governing a certain movement just by observing that movement, or even visualizing it. Therefore, repeated visualization makes for another accessible training method for helping first responders develop muscle memory.

Training Strategies
First responders can perform to the best of their ability only with continuous training in a diverse set of scenarios that reflect the unpredictability of real-life situations. Therefore, they should be trained in the same repetitive and exhaustive manner used to prepare ­federal and military affiliations. Through such repetitive and continual training, first responders can be trained to respond quickly, relying on muscle memory and ­skillfully executed tactics. By incorporating certain muscle memory strategies into training, they can become better prepared for any critical event.

Fast response time. Responding to an incident in a prompt and timely manner is the first important step. Suitable training through repetition, visualization, or kinesthetic training helps guarantee the responder is prepared to act as soon as they arrive on scene. Stephen Hines, who works for the Ambulance Service, cites CPR and carrying people down stairs as two tasks requiring fast response time, which are improved through repetitive training.

Efficient and organized communication. Responders must not only possess the proper equipment for organized communication, but also have adequate training to use it appropriately depending on the situation. It is also important that they have a comprehensive understanding of communication protocols and have practiced these.

Unified command. A unified command structure is essential when two or more independent agencies respond to a scene. This assures a collaborative effort and response. It also facilitates information allocation and circumstantial alertness. This is crucial when an incident needs cooperation from both fire and police lines, for example, and for maintaining the proper chain of command between agencies.

Training Exercises and Scenarios
Many powerful mental management training programs have been designed to build first responders’ muscle memory and situational awareness. During these programs, several scenarios are enacted to help professionals prepare for dire situations. “I operate a Mental Management of Emergencies program for first responders, packed with scenarios that will resonate in the first responder community,” explains Dr. Gasaway. “I combine my 22 years of expertise and extensive research on mental management, and present material and create scenarios that is catastrophically important for all responders.”

Fire and rescue personnel often participate in response exercises that explore various scenarios. These exercises help in the preparation of protocols for responding efficiently and effectively in emergency situations. For example, in the scenario of an unknown chemical spill, fire and rescue are trained to evaluate the situation and work to identify the chemical(s) and hazard potential. After the spill is stabilized, scene control reverts back to an agency that ­specializes in chemical clean ups. This scenario also gives personnel the opportunity to test the notification process for incidents, thereby helping agencies ­colla­borate in emergencies.

Another training scenario is the forcible entry repetition challenge for firefighters on commercial doors. During training, firefighters are trained to gap a door, set the position for the door to open, and force it open using the necessary equipment. They are trained to force open commercial doors through repetitive training, which in turn helps them gain muscle memory.

Numerous scenarios like these help build muscle memory for the many critical situations faced by responders. With time and practice, they become comfortable with the process, developing calm mannerisms and a strong understanding of protocols. Based on the muscle memory they have developed, they are able to assess and respond to each situation in real-time and further improve the speed of their responses. The end result of such intensive training is first responders who can respond quickly, calmly and effectively to any given situation.

Dr Nicola Davies is a psychologist and writer with an interest in the psychology behind frontline work.
© FrontLine Security 2014



One Last Thing
Confronting the Challenges of Cyber Security
© 2014 FrontLine Security (Vol 9, No 1)

As anyone not living in a cave can attest, literally a day does not go by without some new revelation of cyber hacking, cyber attacking, cyber vulnerabilities or some new cyber surveillance scheme being perpetrated against ‘we the people’ by murky corporate interests – or our own, possibly murkier, governments.

Indeed, it is our very dependence on cyber technologies and (not so) ‘smart’ communications systems, that makes the vulnerabilities and the threats that much greater. Public realization of this anomaly probably started with realization that the ‘convenience’ of the new cyber world also created a concurrent vehicle for vastly expanded identity theft by the bad guys. No worries we were told…. “just change your passwords.”

Perhaps the most alarming aspect of our cyber vulnerabilities is that there is clearly no single problem and, consequently, no single ‘solution’. Our cyber world is multi-faceted; from basic personal use to critical infrastructure operations (that affect us all), to third party holding of personal and financial data, to proprietary or sensitive data holding by industry and government. A cyber breach in each of these areas has obvious public consequences but, unfortunately, that does not mean that a single public regulatory response or even approach is going to work. And, the cyber world is, by definition, inherently and continually ‘modernizing’ itself to serve a consumer culture that is indoctrinated to believe that ‘change’ is always good. These realities make the challenge even greater – but also more urgent.

The cyber attacks on the Target retail chain and Nation Wide Insurance revealed that the corporate entities holding our personal data aren’t always exactly forthcoming when it comes to telling us when their systems have been hacked. “Bad for business” appears to have replaced “the customer comes first” as a business strategy. Expect courthouse step civil suit settlements with no disclosure provisions, which isn’t a long term answer.

Then we were told that the manufacturer of one of world’s most-used operating systems, Windows XP, has decided it’s not going to continue upgrading security for a product it sold to hundreds of millions of users, which means we all have to buy their “new” system or be exposed to a deluge of vulnerabilities. And, of course, we have to change our passwords.

The latest cyber vulnerability revelation is perhaps the most telling of all. It turns out that some ‘upgrade’ that was developed by a young computer programmer was accidentally defective. What makes this an issue is that, in the largely unregulated Internet world, this ‘upgrade’ was adopted into the operating cyber systems of technology providers around the world two years ago without anyone noticing the flaw. The defect, known as ‘Heartbleed’, allows unauthorized hackers to obtain data from users every time a communication between entities is made. In other words, a gazillion times a day… and it’s been going on for two years.

Warnings of cyber vulnerabilities and attacks on critical infrastructure facilities also continue unabated. It’s acknowledged that SCADA (operating) systems are vulnerable to a lurking Advance Persistent Threat (APT) which awaits activation command from the folks in Beijing or Pyonyang or God knows where else. Do we even have the technological capacity to detect such APTs?

Cyber espionage targeting industrial proprietary secrets and government information is a ­continuing reality, and the line between private and public consequences is often hard to discern. Complicating things even further is the fact that the bad guys are not just foreign state actors or their state-owned enterprise frontmen but also ‘non state actors’ that include self proclaimed enemies of the current world order.

The final cyber security area of public consequence is the growing realization that governments around the world, including our own, have been using modernized technological capabilities to gather, store and perhaps use personal information about its citizens (and others) without any meaningful independent oversight. It’s called ‘metadata’ and, while it’s not an interception of actual communications, it provides significant information to the state about a person’s locations, contacts and interests.

The importance of this issue should not be underestimated because privacy is intrinsically linked to liberty. While we always want to ensure the ability of the state to use technology to protect public safety and security, there must also always be defined grounds on which specified actions for specified purposes can be undertaken by a designated authority. And that action must be pre-approved in an expedited process (including telewarrants) by an independent judicial authority. This is really just modernizing our laws to deal with modernized technology while ensuring that balancing of interests occurs.

These are complex issues which require, not only sector specific solutions, but an asymmetrical approach to how they are designed, implemented and maintained. Newly introduced Bills C-13 (lawful access) and S-4 (copyright breach) will be opportunities to ensure we take these ­necessary steps and achieve meaningful results, because changing our passwords is not a long term solution.

Scott Newark is a former Alberta Crown Prosecutor who has also served as Executive Officer to the Canadian Police Association and a Security Policy Advisor to the Governments of Ontario and Canada.
© FrontLine Security 2014



Simulators - Law enforcement training solutions
© 2014 FrontLine Security (Vol 9, No 2)

The current generation of simulator is a technological marvel – putting lone officers or groups into a selection of the hundreds of realistic, interactive, video-based scenarios created to confront a range of threats with a variety of resource options. Training systems can be packed into one travel case for delivery to remote locations, and set up in a matter of minutes for training or qualifying.

Simulator-based training systems, especially for law enforcement officers, are on the brink of taking a giant step into the future as enhanced computer power and better display graphics bring artificial environments even closer to the real thing.

As Peter Longstaff, president of Meggitt Training Systems explains it, “Until now, the scenarios that were used have all been video-based […] the next generation will be basically computer-generated imagery.” Current video scenarios, with actors ‘responding’ to officers’ commands, may have a hundred paths to choose from, but are limited in the number of situations it can present. Computer generated scenarios, on the other hand, will be much more moldable, enabling organizations to customize the program to their own training needs. “With computer generated imagery there is much more flexibility in terms of the scenarios that will become available, at much less cost,” Longstaff remarks as he details some of the nuances that are being created to improve the realism of training. “We are looking at things like gesture recognition, so in other words, how does an officer react? You can automatically feed that information into scenarios and affect the outcome.”

For his part, Vince Greiner, VP business development for TI Training Corp. agrees that the next big ‘wow’ factor for simulations based training is going to be in computer graphics. “As good as computer graphics are these days, it is still not there for interfacing with the officers in training. I need to see the fear in your eyes or the aggressiveness in your face – those avatars are not there yet,” he relates. “But they are soon going to be, and once that happens, that will be the next level of full interaction, where you can talk to the screen and they are going to react back to you in real time. It’s not there yet, but it is coming.”

Especially in firearms training, simulations have evolved over the past several decades from the basic operation of a weapon and marksmanship to the point where they are being used to teach and rehearse split-second decision-making in various situations. The key is to find effective means to train officers to use the correct judgment, suggests Longstaff. “Simulators can be a controlled environment, which allows that training to take place very effectively.”

Beyond training and maintaining the skills of individual officers, police departments can measure and compare performance over time, to refine training techniques. “Generally over the years I think it has been proven that simulation in the law enforcement world is a very effective training tool, and a testing tool as well,” Longstaff says.

The biggest push right now is to augment or supplement qualification training. Major customers in Canada have been comparing control groups, some training on simulators before live fire qualification, and other groups doing only live fire training. According to Greiner, “they are finding that the simulation is a good stepping stone for qualifying, so the biggest thing now is, can we qualify on the simulator?” That is a big question for police forces, and the answer can only come from their training sections. Simulation companies provide the tools, but it is up to the policing sector to find the most effective means to utilize the technologies, which is why feedback to the developers is so critical to enhancing innovation of simulation products.

What do police forces look for when selecting weapons training simulators? They measure factors like realism, cost and portability in their purchase decisions. “It is all of the above – plus 20 more,” says Longstaff. “The one thing we have to realize is that, obviously, budget is a huge concern, especially at the municipal level. And that is understandable, but I think when people look at the return on investment, it does work out.”

Affordability definitely comes into play, agrees Greiner. “Right now they look at ammunition costs but we remind them that it is not just their ammunition, it’s logistics. You have to get to the range, you have to pay people to run the range, you have to maintain the range, so there is all that involved with doing your training and firing your guns.”

The realism of today’s simulators, helps police officers improve myriad skills in a hands-on yet safe environment. In fact, such technologies are also being used to develop judgement skills under crisis. Led by young, tech-savvy firearms instructors, the new generation police officers are embracing and benefitting from simulations training.

Ken Pole is a FrontLine staff writer.
© FrontLine Security 2014



The Two-Hat Volunteer Dilemma
Why One Veteran Firefighter is Being Targeted By His Union
© 2014 FrontLine Security (Vol 9, No 3)

Providing adequate fire protection services for citizens in smaller municipalities throughout the vast Canadian landscape creates obvious financial challenges. In fact, many are currently looking at options to lessen the costs of providing all forms of emergency services. Most of these smaller towns and villages lack the resources to maintain a fire department comprised entirely of professional firefighters, as is the standard in major urban centres. Instead, they must rely primarily on a volunteer force, including “two-hatters”, which is the descriptor given to full-time, professional firefighters who provide their firefighting skills and expertise to the volunteer fire stations in smaller communities during their off-duty hours. And that’s where conflicting priorities and regulations become evident. The unions regard volunteer fire stations as “rival organizations”, and say two-hatters “undermine the union’s ability to advocate fair working conditions and important health and safety protections for its membership.”

The Constitution of the International Association of Fire Fighters, the union representing professional firefighters in Canada and the United States, clearly prohibits full time firefighters from volunteering in the same capacity in another municipal jurisdiction (which it describes as “labor” in a “rival organization”), stipulating that such activity would represent “cause for discipline or dismissal” from the IAFF. And since professionally-staffed Fire Departments must only hire IAFF-registered firefighters, that is a big deal.

This section of the IAFF document, however, is superseded by government legislation in many U.S. states and 11 of the 13 provinces and territories in Canada. These governments have enacted legislation that protects union members who choose to volunteer from the threat of job loss and other forms of extreme union pressure. Ontario and Newfoundland and Labrador are the only two jurisdictions in Canada where a firefighter’s right to volunteer their public safety knowledge and experience is not safeguarded.

For their part, the Unions have a mandate to protect the rights of professional firefighters, and they interpret that to mean safeguarding potential new positions, which they contend are at risk.

However, union action against two-hatters is creating an ethical quandary among the very firefighters the unions were created to ­protect – those who embody the notion of selfless service. In 2002, after what the IAFF proudly described as a “forceful political action campaign” by itself and the Ontario Professional Fire Fighters Association (OPFFA), Bill 30, the Volunteer Firefighters Employment Protection Act, was “soundly defeated” in the Ontario Legislature. In its own words, the win “confirms the right of IAFF affiliates to discipline members who violate the International’s Constitution.”

In 2012, according to the IAFF web site, the union’s “strong lobbying efforts prompted Liberal MP Hon. Ralph Goodale (Wascana, SK) to introduce a private member’s motion M-388 [which was] adopted by a vote of 150-134 [...]. M-388 showed that a majority of MPs representing a majority of Canadians agree that the ­federal government should act on the IAFF’s legislative priorities.”

Despite the defeat of Bill 30 and the adoption of M-388, the practice of double hatting is again being challenged. Is the union acting in the best interests of itself or its members? A current legal case has reopened the debate, stirred emotions, stoked dissent, captured headlines – and has the potential to change the tide in Ontario.

Tom Hunse, a full-time Toronto firefighter, is being confronted by the IAFF for volunteering his firefighting expertise, during his time off, in his home-town community of Innisfil, located 80 kilometres north of Toronto. Hunse, a 50-year-old father of two, is at the centre of a battle that could change the face of emergency services in bedroom communities across Ontario.

On one side are the municipalities, which are tasked with providing emergency response services while balancing other budgetary demands. On the other is the union, which is trying to protect (and increase) full time firefighter positions, particularly in growing communities such as Innisfil. Caught in the middle, of course, are the citizens that each municipality is legally responsible to protect. Also in the middle, are experienced firefighters who see no harm in helping out during their days off to mentor less experienced volunteers and help protect their very own communities. The “safety” argument has no merit they say, because there are no reprisals for engaging in other unionized trades or physically demanding jobs during time off.

Many rural and suburban Ontario communities are requesting that the Premier and appropriate provincial ministers spearhead amendments to the Fire Protection and Prevention Act, 1997 where it deals with salaried firefighters who also work as volunteer firefighters (the so-called “rival organizations”). The changes would protect a firefighter from being denied union membership or from being disciplined or expelled by the association if they engage in this kind of dual role. They want legislation that denies the IAFF any authority to discipline a double hatter or require the employer terminate a salaried firefighter for such practice.

Established nearly a century ago, the IAFF has grown to become one of the largest and most powerful unions in North America as well as one of the most active lobbying organizations. With headquarters in Washington, D.C. and Ottawa, Ontario, the organization represents more than 300,000 full-time, professional firefighters and paramedics in more than 3,100 affiliates across North America. IAFF members protect more than 85 percent of the population in communities throughout the United States and Canada. Unions such as the IAFF have a unique legal position and, in certain situations, operate as a monopoly. For example, dismissal has the potential to ruin a firefighter’s career because it’s virtually impossible to obtain a position as a professional firefighter without membership in the IAFF.

Some observers have surmised that ‘lost union dues’ and the ‘protection of professional jobs’ are the underlying reasons why the unions are working so hard to keep Ontario from enacting protection legislation for firefighters. The gloves are off.

The Toronto Professional Firefighters’ Association, the local union representing Tom Hunse, has taken official action against him; the leadership doesn’t approve of his position as a volunteer firefighter in Innisfil, and has petitioned the City of Toronto to terminate the 20-year veteran firefighter’s employment.

Understandably, when threatened with job loss by their union, most double hatter firefighters resign their volunteer position (which is often in their home community). Gary McNamara recently told the Globe and Mail that in the 11 years he has been Mayor of Tecumseh, Ontario, he has seen a dozen double hatters pressed into leaving his town’s volunteer force.

Despite odds that may be stacked against him, Hunse is standing his ground, challenging the union’s conduct before the Ontario Labour Relations Board. FrontLine contacted Fire Chief Jim Sales of the Toronto Fire Services but, since the case is before arbitration, he is not allowed to comment. Bottom line is, Hunse could lose his job and his pension with Toronto Fire Services, which would be a disaster for him financially. Volunteer firefighters in small communities such as Innisfil are paid a small stipend when called out. Although Hunse estimates he makes $3,000 to $5,000 annually from the Innisfil department, it’s his full-time professional firefighting position with the City of Toronto that he relies on to support his family and pay his mortgage. Asked why his union wants him fired, Hunse responded, “I haven’t actually received a reasonable answer.”

One of the IAFF’s stated reasons for objecting to double hatting is that they feel it presents a health and safety problem. Being a volunteer firefighter is dangerous and physically demanding, they rightly argue. What if a double hatter is summoned to an incident close to his shift that leaves him fatigued or unable to perform his firefighting duties at his regular job? What if a double hatter sustains a serious injury while volunteering? “There’s a reason we work the shifts we do and a reason we have days off between our shift – that time is designed to recuperate,” says Cory Mainprize, president of the Barrie Professional Fire Fighters Association.

However many others, including Hunse’s lawyer, John Gibson, find this line of reasoning extremely weak. They have essentially accused the union of being inconsistent and arbitrary regarding the issue of double hatters. “The union may tell you if Tom Hunse is fighting a fire in Innisfil he may be too tired to fight fires in Toronto,” Gibson told the London Free Press. “The union doesn’t care if he works all night doing construction work. All kinds of firefighters do a multitude of things on the side.”

As part of its argument, the union has also implied that the use of double hatters by small town fire departments is unnecessary or redundant. “There’s many people in Innisfil, I am sure, interested in being a part-time firefighter,” commented Carmen Santoro, president of the Ontario Professional Firefighters Association. But the majority of fire chiefs in rural communities say they rely on the experience of double hatters. While volunteer firefighters are very well trained, they don’t get the opportunity to use their skills as often as professional full-timers. Double hatters bring valuable experience and are able to give plenty of helpful advice on the different types of calls the crew might have to answer.
According to Innisfil fire chief, Jon Pegg, Hunse is integral to the small department because he commands a local fire station and trains other volunteers. “Replacing Tom, given his expertise and knowledge, would be very hard. Tom’s got almost 30 years of service and, in his role as captain, is a valued leader within our department,” Pegg emphasized. Meanwhile, the town of Innisfil and the Association of Municipalities Ontario AMO are doing everything in their power to support Tom Hunse and the important political and legal issues his circumstances represent.

“The reality is that Innisfil and hundreds of other Ontario municipalities are served by volunteer emergency services, and so we deserve the best and most able people to be volunteer firefighters in their home communities.” – Innisfil Mayor Baguley

Speaking to Frontline Security, Innisfil mayor, Barb Baguley, emphasized that in her view the case represents a human rights issue as well as a public safety concern. “The reality is that Innisfil and hundreds of other Ontario municipalities are served by volunteer emergency services and so we deserve the best and most able people to be volunteer firefighters in their home communities,” she said.  “Innisfil just hired 40 professional firefighters, it’s not like we don’t have full-time firefighters, but if we had to completely staff our three fire halls with full-time firefighters the cost would be too prohibitive.”

The town of Innisfil is supporting Tom Hunse and other two-hatters pursue their right to do what they want to in their free time. They recognize the imperative to ensure the health and safety of citizens who live in the rural constituency. “We have a large geography in terms of our area and we’ve had a lot of motor vehicle accidents that require extrication, it’s not only fires,” Baguley explained.

Speaking to Baguley, one could sense her frustration with the issue. “This is a man who is highly qualified who wants to volunteer in his community. He could take a paying job in another field, he could volunteer at virtually any other job,” she stressed. “He can do whatever he wants as long as it isn’t serving the community doing what he loves and what he is very well trained to do. So it seems to be profoundly unfair from that perspective, but it also doesn’t make economic sense to have this highly qualified person staying in his house while his neighbour’s house is on fire.”

In Baguley’s opinion there is a “simple fix” to the problem if the Ontario government would follow the lead of other provinces and legislate the right to double hat. “This is a stroke of the pen fix,” she argues. “The legislature in Ontario could solve this tomorrow.”

Jaqueline Chartier is a FrontLine staff writer based in Calgary.
© FrontLine Security 2014



Editor's Corner
Cyber-safe Critical Infrastructure
A Key Strategic Goal
© 2014 FrontLine Security (Vol 9, No 1)

This edition of Frontline Security is dedicated primarily to the international impact of cyber attacks upon the reliability and security of all critical infrastructure ­systems. You will be reminded that tremendous risks are being taken in this field, and that we face great complexity in effectively mitigating these, be they in public, private or joint sectors. In my own examination of present government policy and public-private coordination, I have found the measures wanting, and the pace of adjustments glacial, as the threats evolve at jet speed. 

Respected authorities on security, David McMahon, Bonnie Butlin, Nathaniel Bowler, and Mike Chernichen offer perspective and advice on numerous cyber security issues for government and business planning authorities.

On 21 May, Russia and China signed a 30-year gas deal worth $400 billion. Note the telling statement in this “business” deal (which I predict will trigger major geopolitical adjustments): “The parties stress the necessity of respecting nations’ historic ­heritage, their cultural traditions and their independent choice of sociopolitical system, value system and development path, of counteracting interference in other countries’ domestic affairs, of rejecting the language of unilateral sanctions, or organizing, aiding, financing or encouraging activity aimed at changing the constitutional system of another country or drawing it into any multilateral bloc or union.” A week later, in the UN General Assembly vote on calling the Russian annexation of Crimea “illegal”, Brazil, India, China, South Africa abstained, but so also did Pakistan, most Arab countries, Argentina, Israel (by its absence) and another 16 major groups opposed to US/EU action against Russia. And so, behind this shift in the poker game, the new cyber card is being played globally by states, businesses and criminal organizations. 

In contrast, Ken Pole, in one of his two articles, covers the cooperation between the European Union and Canada in Common Security and Defence Policy (CSDP) to preserve the long-standing trans-Atlantic accord. 

Ken’s second article, on the purchase of 15 light-lift twin-engine helicopters for the Coast Guard, raises questions – yet again – about the federal government’s procurement processes and hence the seriousness of our trans-Atlantic strategy. 

We congratulate Jacques Brunelle on the progress and successes of Ottawa’s volunteer Airport Watch system, which has blossomed into an international group.

Richard Bray’s update on Simulator Training offers insight into the innovations that are coming down the pipe for live fire training for police and military.

Avi Jorisch identifies another evolving threat – the changes in Brunei – that should serve to alert policymakers to the building threat of radical Islam. 

In his “ONE LAST THING”, Scott Newark makes a pertinent call for the urgent need to modernize our laws to deal with new cyber technologies while ensuring that the private, business and public interests are balanced. 

This is a full read on tough and dynamic topics. Comments welcome. 

Clive Addy, Executive Editor



Integration of Unmanned Aerial Systems
© 2014 FrontLine Security (Vol 9, No 2)

The soaring appeal of unmanned aerial systems (UAS) is undeniable. Whether autonomous unmanned aerial vehicles (UAVs) or remotely-piloted vehicles (RPVs) in fixed-wing or rotorcraft configurations, the technologies enable the public and private sectors to dramatically reduce costs. Their military value has been demonstrated in Afghanistan, and other public-sector uses such as law enforcement, forest fire surveys and environmental monitoring are proving equally effective.

In the private sector, high-end users include geophysical survey companies and the television and film industries. However, their proliferation – exacerbated by the increasing numbers of hobby platforms, some of which have encroached on conventional airspace – presents a challenge for regulators. A Transport Canada working group has been wrestling with operators’ evolving and often conflicting priorities, as has the US Federal Aviation Administration.

Vancouver lawyer Lee Mauro, whose specialties at Harper Grey LLP include aviation and liability, is concerned that in Canada currently, operators of platforms weighing less than 35 kilograms must maintain line of sight and avoid proximity to controlled airspace. South of the border, they’re not supposed to be flown anywhere near controlled airspace without permission.

Yet stories of encroachment abound, prompting questions about the prospect of a UAS striking a larger aircraft. “They are not tested for a 75-pound carbon fibre drone flying into an engine or hit the windscreen,” Mauro told FrontLine. “The technology at this point is . . . moving at a pace that has significantly outpaced the legislative ability to keep up to it."

Police are investigating the deployment of an RPV near Vancouver International Airport (YVR) this summer. In another incident in the area, an Air Canada pilot reported one within 50 metres of his aircraft. An RCMP investigator described the situation as “Incredibly dangerous and incredibly stupid.

Earlier this year, an American Airlines Bombardier CRJ-200 was at 2,300 feet about 5 miles from its Tallahassee Regional Airport destination in Florida when an RPV flew so close that the airliner’s pilot thought he had collided with the smaller platform. No damage was found but that, coupled with other scares, has increased the pressure on regulators to act before there is a mid-air catastrophe of the kind posited by Mauro.

Transport Canada expects to issue a Special Flight Operations Certificate later this year, the end product of discussions by a government-industry working group which began working on a regulatory framework “unique” to UAS operations. “The department continues to work to develop further regulations that will allow the safe integration of UAVs into civil airspace,” it said in a July e-mail to FrontLine. “. . . In doing so, TC will work in collaboration with key stakeholders and its international counterparts to address the emergence of this new aviation sector.”

Meanwhile, responding to “recent incidents involving the reckless use of unmanned model aircraft near airports and involving large crowds of people,” the FAA recently published a Federal Register notice about the rules set out in the 2012 FAA Modernization and Reform Act.

The FAA, which plans to work with the law enforcement community to promote understanding of the limitations in the notice, which doesn’t apply to commercial UAS operations. Those are subject to the same regulations governing conventional aircraft operations, requiring a certified aircraft and pilot. Federal, state and local governments as well as public universities can apply for a waiver but those are reviewed by the FAA on a case-by-case basis.

Richard Bray is a FrontLine senior writer.
© FrontLine Security 2014



The Port of Prince Rupert
An Intercontinental Gateway
© 2014 FrontLine Security (Vol 9, No 3)

Much of the “stuff” Canadians have acquired over the past three decades arrived here from Asia in a shipping container. What is important to both the seller and the purchaser is delivery time, which means the logistics governing the movement of containers around the globe serve one key purpose – time to market.

Every hour from point of origin to point of sale counts, and Canada’s Pacific Port of Prince Rupert is North America’s closest port to key Asian markets by up to three days – Prince Rupert is 36 hours closer to Shanghai than Vancouver, and 68 hours closer than Los Angeles.

A tour of the Port’s Interpretive Centre provides a fascinating history of this treasured region of Canada and demonstrates vividly how the port’s coastal region depicts a symphony of nature that is being modified by man. This transformation continues with the port’s road rail utility corridor being developed through a private public partnership which involves the federal government ($15 million), the government of British Columbia ($15 million), plus the Prince Rupert Port Authority and CN Rail (a combined contribution of $60 million).

Supply Chain Efficiency
With its advantageous location and year-round ice-free access to a deep water harbour, development of the Port of Prince Rupert was a ‘no-brainer’ decision. It provides a classic example of vision, investment and political commitment that is aimed at creating world class, state-of-the-art, intermodal “supply chain efficiency.”

Noting the challenges Canada faces in this era of globalization, Wendy Zatylyny, president of the Association of Canadian Port Authorities (ACPA) says “With 90 per cent of everything we buy travelling by ship, maritime trade underpins the global economy.” In a Globe and Mail op ed, entitled Canada’s ports must prepare for 21st-century trade deal (18 August 2014), she cautioned that “a 2012 report by the World Bank on logistics ranked Canada 14th out of 155 countries when it comes to the efficiency of our clearance process, the quality of trade – and transport related infrastructure, the ease of arranging competitively-priced shipments and other key factors.” The report notes, “Countries with better logistics can grow faster, become more competitive, and increase their investment.” Zatylyny stresses that “In our view, 14th is not good enough for a leading trade nation. Our goal should be to break into the World Bank’s Top 10 in terms of supply chain efficiency.”

Manufactured products originating from North American locations such as Ontario, California, Illinois, Quebec, New York, Michigan, Pennsylvania, New Jersey, and Mississippi, are exported from the Port of Prince Rupert to markets in China, Japan, Korea, Taiwan, and Vietnam. Canadian resources such as wheat, grain and coal are exported to Asia, as well as wood pellets as biomass fuel to Europe, via Panama Canal.

Gary Paulson Harbour Master and VP of Operations at the Prince Rupert Port Authority

Gary Paulson, who retired from the Royal Canadian Navy after achieving the rank of Navy Captain, is now Vice President and Harbour Master at Prince Rupert Port Authority. He proudly describes his port as a “strategic gem,” and goes on to explain: “We have the deepest natural harbour in North America and we are the shortest distance from Asia on the global circle trade route. We were moving 10 million tonnes of cargo in 2007, and our 2013 numbers exceeded 23 million tonnes – we hope to be moving 90 million tonnes by 2025. The deep water of our harbour allows us to make plans for taking the large ships that sail the Pacific today and the mega-ships we expect in the future. We are ready for that now.”

Port Security & Screening
Reporting on a 2008 Canada Border Service Agency (CBSA) exercise involving a shipping container with a dirty bomb exploding in the Port of Vancouver has made me extra ­sensitive to seeing unopened shipping containers in Canadian ports. If we accept any degree of possibility for such a risk, then, from a maritime security perspective, it seemed appropriate to inquire about security arrangements.

In response, Paulson explains the basic protocol: “Transport Canada gives us reports for vessel coming our way 96 hours before the ship enters Canadian waters. This process ensures that arriving ships are in compliance with Canadian regulatory filings. This information is shared with the Department of National Defence (DND) ensuring the ship is not a “vessel of interest” from its perspective. The Canadian Coast Guard (CCG) monitors vessels as they approach Canada, ensuring they stay on course. When the ship is ‘handed over’ to us, we give clearance to the Pilot to guide the ship into our port where we assign it docking arrangements.”

In compliance with U.S. maritime cargo import requirements, under International Shipping and Port Security (ISPS) code, in addition to detailed records of all materials taken off or loaded onto a ship, the movement of people (visitors and crews) leaving and returning to a ship, is also recorded.

I was interested in assurances from Paulson that containers from his port that may now be parked in my home town of Toronto are of little security threat. “Consider a container ship leaving Shanghai with 500 containers bound for Prince Rupert. The details of every container are transmitted to the Canada Border Service Agency in Ottawa, along with a list of the crew, before the ship leaves Shanghai. When they arrive here, CBSA may ask us to set aside a container for further inspection if they don’t fit established CBSA profiles.”

I learn that even established shippers, such as high-profile retailers, are subjected to random screening to ensure continuous compliance with accredited security procedures. A container for a new client with a manifest that shows unusual cargos will also be targeted for further inspection by CBSA after it is unloaded at Prince Rupert.

Traditionally, U.S. Customs has maintained its own inspection priorities and protocols for containers crossing the Canadian border into the United States. Container trains leaving the Port of Prince Rupert into the United States are stopped for inspection by U.S. border officers, whereas trains destined for Central Canada can head off directly to Toronto or Montreal without further delay. Noting that in Prince Rupert’s case, this situation is changing, Paulson says “Our port has been selected as the port of entry to test out the Beyond the Border trial where U.S. Centres for Disease Control, U.S. Customs and Border Control, and Department of Homeland Security got together with CBSA and agreed [that] cargo entering Prince Rupert would be inspected once and allowed to go forward, within reason. These arrangements are a joint operation between Canada and the U.S., from a security and an intelligence perspective.”

All containers give off a unique radiation profile which relates to their content, Paulson explains, “We have state-of-the-art radiation screening equipment in place, and conducts 100% radiation survey of all containers before they leave the port. If a radiation reading does not match the profile expected, the container is X-rayed. If anything suspicious appears, the container is set aside for further examination by CBSA.”

The knowledge and insight (intelligence) gathered from these activities is consolidated at the Esquimalt Maritime Security Operation Centre (MSOC). A recent FrontLine Security article on the Niagara-on-the-Lake MSOC (Watching Over Inland Waters: Vol. 6 No 3), describes how it and the MSOCs in Esquimalt and Halifax provide a national picture of activities in Canada’s maritime domain. Domestic intelligence about criminals and possibly homegrown terrorists who are set on exploiting Canada’s maritime domain to achieve their goals would also be processed through these Centres.

Transport Corridor Security
Efficiently moving cargo from Prince Rupert to the U.S. and Central Canada necessitates the creation and maintenance of a secure transportation corridor. The logistics from ship to train can be quite complex but must be in perfect harmony to expedite the transport of the container to its destination.

Maher Terminals of Canada, an independent private company, is the terminal operator at Prince Rupert. They have an agreement with the Port Authority for managing the logistics of placing the right container on the right rail car and ensuring it gets to its destination on time. The Canadian National (CN) intercontinental railway network transports the containers directly to transportation hubs such as Toronto, Montreal, Chicago, and Memphis (CN’s North American headquarters), within hours of them arriving at the port. From these locations they are taken to local markets by train or road. The Port Authority, Maher Terminals and CN, along with Transport Canada have formed a partnership that is dedicated to ensuring that the movement of containers through some of the most pristine regions of Canada is safe, secure and environmentally friendly.

Approximately 500,000 ­containers arrive annually at Prince Rupert; about 40% of these are then transported to markets in central Canada, with the remainder going primarily to eastern U.S. destinations.

The CN railway is built along an efficient path through the Canadian Rockies, making the journey to the mid-Northeast U.S. as economical as trains traveling east from the Long Beach port in California and weaving through urban areas. Speaking to this efficiency, Paulson boasts: “We can have a container in Chicago before they have unloaded it off the ship in Long Beach.”

The Honourable Lisa Raitt, Minister of Transport, in her speech to members of the Association of Canadian Port Authorities (18 August 2014) provided an update on how her Department supports the marine industry in global trade and securing the movement of cargos around Canada. The Minister said that two months earlier she initiated a review, headed by David Emerson, of the Canada Transport Act, providing all industry stakeholders with an opportunity to examine the legislation and policy framework to ensure they are relevant and up to date. Maritime security is a work in progress, as illustrated by recent amendments to the Marine Transportation Security Regulations. The Minister acknowledged that these changes aim to meet mandatory requirements set by the International Maritime Organization and reflect changes made to the International Convention on Standards of Training, Certification and Watchkeeping for Seafarers.

A Vision of Canada as a Maritime Nation
When I mentioned to people in Toronto and Kelowna that I was going to Prince Rupert to research an article on maritime security there was a look of bewilderment. The perception was that Prince Rupert is one of the most “laid-back,” faraway places in Canada and of no national security concern. However, while the threat may appear low to the average citizen, complacency is not an option for governments entrusted with our safety and security. The protocols in place serve as a deterrent to persons with ambitions to disrupt Canadian society or possibly attack the U.S. using Canada as an access route. Early in the summer, when I equated people who make improvised explosive devices and weapons of mass destruction to those likely to try and transport similar devices into Canada, I encountered a certain degree of complacency among regular Canadian folk. Perhaps with the rise of ISIS in the headlines these past few months, and the Canadian-soil attacks on soldiers and Parliament itself, there is greater understanding that Canada may be a target for a terrorist attack. The lack of appreciation among Canadians of the need for a national maritime security infrastructure may be symptomatic of the lack of appreciation for recognizing Canada as a maritime nation.

In addition to Canada’s achievements in global maritime trade with Asia on the West Coast, plans are also coming to fruition on the East Coast for the creation of a similar container terminal at Nova Scotia’s Strait of Canso. Cargo ships travelling west from Asia to North America through the Suez Canal must pass the Strait of Gibraltar, and this Canadian landmark is the shortest distance between North America and the Strait of Gibraltar.

Between the Port of Prince Rupert on the West Coast, and the Strait of Canso on the East, Canada not only bridges the Pacific and Atlantic Oceans but has the potential to serve as a funnel, feeding the North American consumer market. Organizations like the ACPA could help Canadians (who are outside the “maritime echo chamber”) become more aware of Canada as a maritime nation. Such a vision needs to be seen more through a national lens and demonstrate how activity in Prince Rupert influences the lifestyle preferences of those living in central Canada. A national maritime vision of Canada would portray how the East and West Coasts are positioned to facilitate global trade in a changing geopolitical world for Canadian products, resources and energy, in all its manifestations.

Tim Lynch is an independent freelance journalist based in Toronto.
© FrontLine Security 2014



Fraud: The Battle Intensifies
© 2014 FrontLine Security (Vol 9, No 2)

The Aite Group has published a new research report on consumer fraud around the world. The two-part report questions confidence that consumers have in their financial institutions. The first report, which focuses on attitudes toward fraud, found that 23% of fraud victims changed financial institutions due to dissatisfaction after experiencing fraud.

Global trends

  • In 2014, 21% of Canadians reported being victims of credit/debit/prepaid card fraud in the past 5 years (compared to 25% who reported being ­victims in 2012).
  • By comparison, 41% of Americans stated they had been card fraud victims in the past 5 years (behind the UAE and China, and tied with India). The Swedes reported the fewest instances of fraud, with only 10% of its citizens reporting being victimized.
  • In an examination of risky behaviours, the study showed that Canadians have become more protective of their personal information in the last 3 years
  • In 2014, 12% had thrown documents containing personal financial information in the trash (compared to 18% who reported doing so in 2011).
  • In 2014, 12% shopped online using non-secured sites or on a public computer (compared to 24% in 2012).

Some bad habits remain
Some risky behaviours have not improved. For instance, 3% of Canadians admitted to responding to calls or emails asking for bank details (compared to 7% globally), 12% left their smart phones unlocked when not in use (20% global), and 6% say they wrote down their PIN and carried it with them (11% is the “admitted” global norm). Additionally, about 17% of global users say they have shopped on unprotected internet sites or with an unprotected computer. A shocking 24% of respondents admitted to throwing unshredded bank paperwork or account information in the trash.

A lot of fraud can go undetected. An easy way to keep tabs on your credit is to check your credit report at least once a year. Early detection of fraud can save hours of time and hassle later.

Overall though, the improvement is significant
“Canadians are finally starting to protect themselves – and seeing results,” says Jeff Schwartz, executive director of Consolidated Credit Counseling Services of Canada. “It’s exciting to see that behaviours are changing and criminals are having a harder time finding victims.”

Eric Spence represents Consolidated Credit Counseling Services of Canada, a national non-profit credit counselling organization that teaches consumers about personal finance.
© FrontLine Security 2014



One Last Thing
Understanding the threat is the first step in defeating it
© 2014 FrontLine Security (Vol 9, No 3)

Like beauty, a covert security threat is often defined through the eye of the beholder. As such, it’s probably time to modernize what we consider as threats, and recognize that traditional statesponsored ‘espionage’, wherein military or political secrets are acquired, no longer uniquely defines the issue.

“Perceived increased corporate profit is not a substitute for public security.”

That’s not to say this traditional model no longer exists; Jeffrey Delisle taking cash to scoop up the badly protected naval plans of Canada and our allies for the Russians is undeniable proof of that reality. The same thing is true of the remarkable coincidence in similarity of design between the newly revealed Chinese fighter jets and their ­gazillion dollar US-developed counterparts. Hack and Steal is clearly China’s version of Research and Development when it comes to military equipment development.

Canada can expect these foreign state-led efforts to obtain confidential security-related government information to continue and even increase from both Russia and China as the global geopolitical situation remains in flux. Add to this, the interests of both of these countries in the newly relevant Arctic domain (or the North China Sea as the Chicoms like to call it) where they will clearly gain a strategic advantage if they know our plans, our deployments and our vulnerabilities.

What has changed, however, is the breadth of information that is now being sought, why it is viewed as being of importance, and who is seeking it. Additionally, the covert security threat to Western nations like Canada now includes more than learning about government plans, it includes influencing them and in some cases domestically subverting them from within.

Consider first the types of information that are being targeted by espionage and outright theft. Revelations of intellectual property theft from companies based in the U.S. or Canada (or both) have become a common occurrence which, although it usually gets prosecuted, seems to be shrugged off as a strategic security issue. When you’re dealing with a country like China, which deliberately creates and uses de facto stage agents dressed up as ‘state owned enterprises’, that’s not a good idea. Perceived increased corporate profit is not a substitute for public security.

Compounding the intellectual property and data theft issue is the total cyber dependence that now exists. This has created unprecedented security vulnerabilities which we are only just beginning to acknowledge. By working to dominate the cyber market so that they build, or are implanted into, the very systems they will use to steal what they want, our adversaries are several steps ahead.

Change your password as often as you want; it’s not a solution.

China has, of course, taken things even further by setting up a spidery network of dual country ‘business associations’ within Western countries, including Canada, whose purpose is to provide cover for the activities of state agents as they pursue the self interested goals of the Motherland. They also understand that, for us, signing a treaty with supposed obligations is a big deal which they happily sign onto with no intention whatsoever of restricting their actions as a result. They also understand that having achieved the ‘success’ of concluding such an agreement, like the recent Foreign Investment Promotion and Protection Agreement, the last thing a career-focused Canadian bureaucrat or self-promoting politician wants to hear about is the fact that the Chinese are violating its terms.

This internal ‘look the other way’ approach has a long history when it comes to Canada’s dealings with China. Arguably it began in the mid 90s with the suppression of the joint RCMP-CSIS Sidewinder Report which uncovered and reported on Chinese espionage, organized crime and corruption activities within Canada. That self imposed myopia was largely lifted ­several years ago when then CSIS Director Richard Fadden spoke bluntly… and publicly… about the Chinese espionage and security threat to Canada. Coming to grips with this is an ongoing challenge, but understanding why China acts as it does will help us appreciate both how and where they do it.

We are also now aware, thanks largely to Wikileaks and Edward Snowden, that our friend and ally to the south also likes to listen in on conversations, or acquire supposedly secret information from its friends and allies. While this snooping may lack the hostility or malevolence of other state actors, it is a fact of life that needs to be appreciated and dealt with to the best of our abilities. Ironically, one of the consequences of these revelations is to largely deprive the U.S. of the ‘white horse’ from which it accurately leveled cyber spying/hacking accusations against state actors like China and Russia.

The final piece in the changed covert security world is the presence of non state actors who use increasingly sophisticated techniques to achieve their goals. These groups include the nose-ringed ‘we know best’ issue activists as well as anarchist ‘hacktivists’ intent on causing havoc just to prove they can.

Of even greater concern are the purposeful ideological actors in pursuit of  subversion from within an Islamist agenda. For Islamists abroad, acquiring tactical opportunities by hacking critical infrastructure is an ordained mission. For those already here, the objectives include influencing government policies and operations through infiltration and deception, and trying to segregate the Islamic population away from the secular, rule of law, tolerant and integrated society that is Canada. Once again, understanding and acknowledging the security threat motivation will help inform the awareness of how it is being carried out.

The security threat environment is not static and, as such, our proactive and preventive counter measures must also be informed, targeted and adaptive. Anything less will not get the job done.

FrontLine Advisor Scott Newark is a former Alberta Crown Prosecutor who has also served as Executive Officer to the Canadian Police Association and a Security Policy Advisor to the Governments of Ontario and Canada.
© FrontLine Security 2014



Synthetic Identity Fraud
© 2014 FrontLine Security (Vol 9, No 2)

You’re a hard-working, tax-paying citizen who has never been in trouble with the law. You have always paid your bills, and used credit wisely. Moreover, your employment record is solid. As a result, you think you have a good credit rating. In fact, you don’t, but not because of anything you’ve done or neglected to do. A fabricated person, someone who has never existed except in government and credit bureau databases, has damaged your credit record without your knowledge. What connects you to the fake individual is your government-issued identity number (e.g., SIN in Canada, SSN in the U.S.) which, unbeknownst to you, was stolen. When you apply for a credit card or mortgage, your application is rejected. You’re one of many victims worldwide of synthetic identity fraud.

According to the Royal Canadian Mounted Police’s online National Identity Crime Strategy document, synthetic ID fraud is “the combination of fake and real consumer identifying information or all false information to create a new fictional or partially fabricated identity. This type of identity crime is challenging to detect.”

Synthetic identity fraud has reportedly been growing at an exponential rate. Earlier this year, John Russo, vice-president and legal counsel for Equifax, one of the largest credit agencies in North America, told CBC News that the crime is the “top one thing to worry about” as far as his employer is concerned. The CBC also noted that a few years ago, “there may have been 100 to 200 synthetic identity fraud investigations a month [in Canada]. Now it’s thousands.”

Toronto Police Detective Constable Mike Kelly, who has investigated synthetic identities and related criminal activities since 2009, told Canada’s public broadcaster: “The term we’ve been using is infinite mischief. There’s literally no limit to the types of things, the amounts of things, the amount of damage that can be caused to each sector that you can possibly think of – banks, government bureaucracies, police agencies, insurance, car lenders. Everybody.”

Vancouver police seized hundreds of IDs and credits cards in various names from a Surrey apartment on 19 March 2014. (CTV)

True name vs. Synthetic identity fraud
The website of the U.S. Office of Victims of Crimes describes identity theft and fraud as “crimes in which an impostor gains access to key pieces of personal identifying information such as a Social Security number and driver’s license number and uses them for personal gain or to commit other criminal activities. In the case of true name identity theft, the thief goes beyond stealing the victim’s assets and actually assumes his or her identity. Identity theft may begin with a lost or stolen wallet, pilfered mail, a data breach, a computer virus, [e-mail] phishing, a scam, or paper documents thrown out by an individual or a business and retrieved by a thief (dumpster diving).”

The difference between true name fraud and synthetic identity fraud is existence; the fictitious identity doesn’t exist. With true name fraud, the victim can complain to the police. For example, as Russo explained to the CBC, “I’m able to look at my credit report and see [that] something suspicious is on my credit report that doesn’t belong to me. Whereas the fictitious identity is more lucrative because there’s no one there to complain.”

Frauds costing billions
How lucrative is synthetic identity fraud? According to experts, the amounts can run “up to a billion dollars a year” in Canada. The Federal Bureau of Investigation declined to comment about the financial impact of the crime in the United States, when contacted by FrontLine Security, but in December 2013, Business Insider, a news publication based in New York, reported that “identity theft cost Americans $24.7 billion in 2012.” In Britain, The Guardian online reported that the overall expense of stolen ID’s to the country is £1.7 billion (CAD$3.1B).

According to Stephen Coggeshell, Chief Technology Officer of San Diego-based ID Analytics, 85 to 90% of fraud stemming from identity theft is synthetic in nature.

Bankers’ concerns
FrontLine Security asked the Canadian Bankers Association (CBA) about the impact synthetic ID fraud has on the organization’s 59 members, including foreign bank subsidiaries and branches. Maura Drew-Lytle, CBA media relations and communications director, said in an e-mail: “Synthetic identity fraud is nothing new and has been around for a long time. What is new is people recognizing that it is an issue. Keep in mind, people use synthetic ID for many reasons: to hide from the authorities/police, creditors or family, or to commit a crime.”

Drew-Lytle pointed out that “there are no bank customers victimized by synthetic identity fraud; the banks themselves are the victims.” She also explained that “there could be any number of victims of this sort of fraudulent activity. Someone may create a false identity to take out a credit card or a loan, but they may also do so to obtain health care services, in which case the provincial government is the victim, or get a cell phone at the expense of the cell phone company.”

Federal regulations oblige bank employees to accept certain documentation such as a driver’s license when customers say they want to open an account. “When a bank employee is presented with these genuine government-issued identity documents,” Drew-Lytle wrote, “they have no way of determining if the individual is legitimate or attempting to commit some sort of crime.”

Not hard to get fake ID
In March 2014, the CBC reported that “thousands of driver’s licenses with fake names are circulating in Ontario.” Detective Constable Kelly revealed that “if you talk in hushed corners and ask people honestly what they think, people will give you numbers from the tens of thousands to the hundreds of thousands.” His own ballpark estimate of bogus driver’s licenses in the province was 200,000.

Last October, RCMP officers in Surrey, B.C. raided a house which was described in a detachment news release as “a credit card and identity theft ‘factory.’” The online document said that inside the residence, Mounties found “hundreds of stolen and fake cards and pieces of identification, including credit cards, gift cards, SIN cards, BCID cards, BC Driver’s Licenses, Care [provincial health system] Cards, birth certificates, and Canadian passports. Investigators also seized stolen mail, cheques, and identification, as well as documents that contained stolen personal identification and information on them.”

A CBC News report in December 2012 said that “a sophisticated fake ID market is openly thriving in Canada’s largest city [Toronto], with shops selling cards as novelty items that are just different enough from government-issued identification to evade police scrutiny.” Many websites market “fake IDs” and “novelty identification.”

In the U.S., countless young Americans reportedly use fake driver’s licenses in order to get into drinking establishments. The National Minimum Drinking Age Act of 1984 stipulates that the legal drinking age is 21, and yet, a 2007 University of Missouri study found that nearly one in three undergraduates in the U.S. Midwest owned ­falsified identification by the end of their second year.

Threat of terrorists using synthetic ID “ignored”
The potential for terrorists to use synthetic IDs is of particular concern to law enforcement officials. Det. Const. Kelly explained such fraud in relation to terrorism to the CBC as follows: “Think of the potential of having an apartment and a vehicle and a phone, all registered in different names. You can come and go as you please. You have the ability to open businesses and transport large volumes of materials in trucks with appropriate permits and license designations. And then at the end of the day, when people like myself and police agencies go to investigate who’s behind it all, there’s a puff of smoke and there’s nobody there.”

As Dr. Kalyani Munshani, an expert in financial crime who has taught at York University’s Osgoode Law School in Toronto, told CBC News earlier this year: “Using ­synthetic identities, safe houses can be established, cars can be rented, heavy vehicles can be bought, international travel can be facilitated, restricted goods can be bought without any flags being raised. This is not a conventional crime. This is more towards terrorism, I believe, not just merely revenue generation.”

Dr. Munshani emphasized that synthetic ID fraud in the sphere of terrorism is a “game changer” that “requires immediate attention. This is extremely serious, and it’s been ignored for way too long.”

With no comment from the FBI about U.S. efforts to combat this level of crime, FrontLine Security approached the RCMP about what Canada has been doing about synthetic identity fraud from a counter terrorism perspective. Corporal Laurence Trottier responded in an e-mail that the force “routinely meets with its international and domestic partners to facilitate the cross-border cooperation and sharing of information in respect of identity crime.”

Blair Watson is a FrontLine contributing editor based in Calgary.
© FrontLine Security 2014



One Last Thing
Intelligence-led Enforcement is the Right Approach
© 2014 FrontLine Security (Vol 9, No 2)

Since 2006, FrontLine Security magazine has promoted the concept of intelligence-led enforcement in a variety of operational applications including matters related to border security. The success of that approach is detailed in this edition with the article regarding the deployment of the Accipiter Radar automated, analytical surveillance systems in the St. Lawrence and Great Lakes. Not only does this mean informed and targeted interdiction efforts, which improve public security, but it is also a significant force multiplier and a cost effective solution rather than just the traditional ‘more security is better security’ approach.

Credit is due here not only to the innovative technology providers but also to the RCMP, USCG and Defence Research and Development Canada (DRDC) and its Canadian Safety and Security Program (CSSP) who chose to embrace this operationally driven and intelligence-led approach. Because of these collective efforts, we now have a proven model for effective inland marine (and low flying aircraft), coastal and Arctic surveillance which are essential security challenges to be met going forward.

That same intelligence-led enforcement strategy is also obviously needed to deal with the immediate and real security concern regarding the growing Islamist terrorist threat including who is coming and going from our country.

No one really questions the need to screen who’s trying to seek entry to our country as it’s recognized that the border is an artificial geographical “line” that creates a very real opportunity to enhance public safety and security. Indeed – as FrontLine Security has advocated for years – in Canada, and elsewhere, we are finally moving to deploy modern technology so as to increase the odds of detecting and ­pre­venting the entry of people who intend us harm and are even… gasp… prepared to use phoney documents to do so.

Thanks to the continuing efforts of a number of groups, and the informed and operationally focused leadership of the CSSP, there is now a pilot project underway to design and deploy a face recognition biometrics ‘bad guy’ lookout system. This project, which is led by CBSA, and supported by the RCMP and Transport Canada, will dramatically enhance our ability to detect and prevent entry of previous deportees, inadmissible criminals, and known security risks. While previously deported, non-citizen criminals seeking re-entry pose a long-standing challenge, this last category of security risks is especially important these days for a number of reasons.

First and foremost, Western countries, including Canada, are the subject of direct threats from the newest iterations of Islamist whackos who have taken time off from doing what they do best... killing each other... to urge would-be jihadis to wreak havoc “chez-nous”. They’ve even created a recruiting video ­tailored to Canadians. This threat is significantly compounded by the disturbing fact that, somehow, Canadians who have embraced jihad have managed to leave Canada and now, suitably trained and experienced, are returning ‘home’. Not good.

Another reality is that this same ‘returning jihadi’ phenomena is being experienced by several EU countries, the UK, the US and Australia… all of whom enjoy visa (advanced screening) exempt status for their citizens that come to Canada. This means that while all of us individually need to develop and deploy the bad guy biometric lookout system, we also need to fully share the digital images of each others’ suspected citizen jihadis. The same must apply to a common a jihadi ‘No Fly’ database. If we do it right, they’ll have to try and get ‘home’ from their new Islamic State… by bus.

But, doing a better job of detecting returning jihadis is an after-the-fact solution to a situation that calls for intelligence-led prevention. This leads us to the awkward question facing the RCMP and CSIS today… how did these radicalized people manage to leave Canada in the first place?

Consider the cases we know about… the three young guys from London Ontario, at least a couple of people from Calgary, one from Burnaby, two from Windsor, another from Timmins, one from Ottawa and, perhaps most egregiously, convicted Toronto 18 ­terrorist Mohamed Ali Dirie (who was supposedly under a special supervision order, with an arrest warrant outstanding). In all of these cases, it appears that authorities had some information that these guys were on the path to overseas jihad, yet, somehow, they got on a plane and went off to accomplish their ‘mission’ for Allah.

Could it really be that a convicted terrorist was not on the No Fly list, or was he simply able to defeat it with phoney documents? Either way, we clearly need to make targeted improvements… right away.

Although looking the other way as these wannabe ‘martyrs’ go to find their deaths has a certain allure to it, the hard reality is that such an approach inappropriately puts others at risk abroad and there is no guarantee the jihadis won’t return even more radicalized, and trained to harm Canadians.

After rational and self-interested reflection, it is clear that this new fanatical threat requires a targeted, intelligence-led rethinking of what’s necessary. It also needs to focus on exactly who is doing the radicalization and recruitment here in Canada, and what we need to do to stop it. That’s a complex issue which may require tweaking a few laws and developing a thicker skin to the inevitable ‘Islamaphobia’ accusations, but… it needs to be a priority. This rethink also needs to include a ‘de-radicalization’ component, which won’t be easy but is critical for long-term success.

This strategy needs to be carefully targeted on persons intent on jihadi violence rather than, for example, people who have decided they want to leave secular Canada for life in an Islamist society. Who could object if the Khadr family decided to move back to Afghanistan if their Taliban friends take over after the Americans leave? Thinking ahead, however, let’s also include Canadian citizenship revocation just in case the Afghan Welfare Program turns out not to be as generous as Canada’s.

This proactive security approach has thankfully been launched with the Harper Government’s commitment to the Entry-Exit initiative in the Beyond the Border Action Plan, as well as through Criminal Code amendments passed in April 2013 in S-7, which specifically criminalize leaving Canada to engage in terrorist activity or assist terrorist entities. What’s needed now, however, are specific operational reforms that result in an integrated Canadian and international jihadi database supported by face recognition biometric technology and full use of the s. 810.01 Criminal Code supervision order that authorizes the use of electronic monitoring. Breaching the conditions of the order, by the way, is itself a criminal offence with up to two years in jail as a punishment. For the unrepentant thugs who continue to ignore the law, I like to think of it as life imprisonment… on the instalment plan.

This admittedly new threat calls for an intelligence-led proactive detection and interdiction strategy that uses all the tools available. And it needs to happen… now.

Scott Newark is a former Alberta Crown Prosecutor who has also served as Executive Officer to the Canadian Police Association and a Security Policy Advisor to the Governments of Ontario and Canada.
© FrontLine Security 2014