Phillips has been with Bell for three years but in his career he has
conducted comprehensive security audits for major events. Prior to
joining Bell, he spent 28 years in operations with the RCMP as a first
responder in detachments for many years. He served as incident
commander during floods, was present during the Swiss Air disaster and
spent a lot of time in the office of the RCMP commissioner deploying
resources all across Eastern Canada during the ice storm. He was
involved as a site commander and motorcade commander during the 1988
Calgary Olympics and served as executive officer for retired
Commissioner Philip Murray and spent two years travelling the world
with him.
“If you want to know what can go wrong, I’ve got plenty of time to tell
you,” he says. “When things go wrong they really go wrong and it’s
never just one thing — it can be pandemonium.”
He says the RCMP’s new point man for the security project, Bud Mercer,
has identified three stages of planning for the Olympics: strategic,
conceptual, and functional. Despite reports from critics to the
contrary, Phillips says planning for the big event is at the functional
stage. Realistically speaking, they should still be at the strategic
planning stage, but things have advanced quickly.
“They usually give about five years to go through all three stages but
right now it’s at functional planning stage. It’s risk based, which is
good because you’ll never have enough resources to secure everything,”
says Phillips.
About 80 per cent of the solutions on the technology side are going to
come from the private sector. IT provider Atos Origin has outfitted
every Olympic venue since Barcelona in 1998 and they will be
transferring that template to Vancouver.
“They are taking it from Beijing and coming here,” he says.
Phillips says he is more optimistic about the state of security
planning than what has been reported. “I am cautiously optimistic about
where they are today,” he says.
“The beauty is that we’re working with companies that have done this
before. I remember where things were in Calgary in 1988 about this time
and our planning period was a lot shorter. Now, it’s a lot longer."
Bell has been involved from the beginning in projects such as the new convention centre venue in Vancouver.
“If you’re going to design security in, isn’t it nice to design it
upfront? The convention centre is a huge project and it’s a lot easier
to design it at the front end rather than bolt on after the venues are
complete,” he says.
Phillips is considered a subject matter expert within Bell, dealing
with VANOC, the Integrated Security Unit of the RCMP and RCMP
headquarters. First responders, police and fire are also part of the
plan.
“I know the lay of the land very well there,” he says.
He also spends a lot of time with sponsors and technology partners such as Atos Origin.
“It’s not just about the actual security people but those providing solutions for them,” he says.
Emergency management
When he’s not focused on the Olympics, Phillips works with other
corporations to harden their security footing. “If you look at the
surveys that have come out over the years they show not everybody is on
board,” he says.
One of the biggest issues Phillips says he deals with is the Principles
for Effective Response. One of the most critical ones is having an
effective governance structure.
“It doesn’t matter if we’re dealing with the Olympics or dealing with a
university or critical infrastructure like Hydro One or Hydro Quebec —
the big issue is, who do you deal with when you go talk to these
organizations? Under governance is this notion of leadership and
accountability — the one throat to choke. And the other is, who has the
mandate and who gets the resources? You end up talking to a whole bunch
of folks.”
For example, universities are asking about deploying specific tools
such as rapid notification/communication software packages that can
push out information to any device during emergencies.
But Phillips says contact databases must also be kept up to date.
“There’s nothing worse than these lists that are past their best-before
date with so many people that have changed on the list,” he says.
Resource commitment and technical expertise combined with ongoing
maintenance is also a challenge at universities. “They don’t really
bolster the CIO shop with really high-end people — they always seem
stretched for resources,” he says.
What universities and many other large corporations also don’t have a handle on is who in their organization controls what.
“If I went to a university and wanted to talk to them about improving
their security posture, they usually have their own police force and
often they have a facilities person and . . . you may also have to talk
to health services. You have to pull quite a large group together. One
of the things I find in security is a distinct lack in effective
governance around that. Who is the leader, who is accountable?” he says.
“Security, safety and risk management all come from the organizational
chart. One of the questions I always ask is when was the last time the
CIO, CISO, the corporate security person and the risk person went out
and had a coffee? Some of these people don’t ever talk to each other.
If you can facilitate having coffee with those people they may find
they have a lot to share. If you have that, you probably have a better
chance for success.”
