Securing the Nation
Banking on shared data
Reacting to incidents at critical infrastructure in Canada has historically been done on a localized basis. If something suspicious happened - such as someone taking curious photos of a hydro dam - typically it has been dealt with by corporate security staff that might then pass the concern along to local police. If something similar happened at another hydro installation in a neighbouring province, it was unlikely the information was cross-referenced or forwarded to a centralized database.
With 85 per cent of critical infrastructure in Canada either publicly
or provincially owned, the challenge to make sure everyone involved
shares information about incidents they deem suspicious has been a
challenge, until now.
In April 2008, the RCMP launched the Suspicious Incident Reporting
system for critical infrastructure targets such as transit systems and
oil pipelines. The system, which is still in beta for some sectors,
such as energy, allows pre-authorized infrastructure stakeholders
across Canada to file incident reports in a secure central database.
RCMP intelligence analysts regularly review the reports for linkages
and escalate items accordingly. A test pilot for the program was run
with transit organizations and in July began rolling out to other
sectors, such as the electrical industry.
"There’s never been a good framework for information sharing across any
platform – this is a little bit ground-breaking," says Doug Powell,
manager of corporate security at BC Hydro.
Powell and his team have been working with the RCMP, providing
information from their own incident reporting system to the national
database. Over the course of a year BC Hydro has about 1,000 incidents
reported a year and of those about 400 are considered serious crimes.
"In the past, if we were suspicious about something we would let them
know what it was, but in terms of formalized reporting, no, there
wasn’t really anything in place," says Powell. "Now, everybody is
pushing information to the RCMP on a regular basis so they can assess
it and qualify it as intelligence and put it into one database."
Following a pilot with the urban transportation sector in Vancouver,
Toronto and Montreal, the next group to be enrolled was the electrical
sector. Energy will be next, followed by the nuclear industry.
"Every time we roll out a new sector we’re going to learn something new
and there’s been a tremendous amount of backroom work to be done," says
Wendy Nicol, Officer in Charge, Critical Infrastructure, Criminal
Intelligence in the RCMP’s National Security Criminal Investigations
group in Ottawa.
Nicol points out that the system was not created to address things like
‘my facility is going to blow up,’ but rather to address situations
such as ‘there is some funny stuff going on here; we’re trying to
figure out how to address it.’ We’re hoping to help them with defining
the pattern," says Nicol.
Designated security staff at BC Hydro and other critical infrastructure
locations can log in to the RCMP database and send reports about
suspicious incidents. Those at BC Hydro can also access the system to
see what’s going on in their sector.
It’s something that has been a long time coming, says Powell.
"It’s frightening when you hear statistics from the RCMP that British
Columbia has a higher historical number of incidents of bomb-related
incidents than other provinces, and that is current when you look at
the EnCana Corp. bombings in the northeast," says Powell, referring to
the explosions that damaged natural gas pipeline infrastructure last
Powell says he hopes that by having a centralized depository for such
information, the case can be built for greater resources dedicated to
protecting critical infrastructure in Canada.
"When you get into the realm of extremism and terrorism, we’re not
equipped as a utility to protect against that and currently there is no
mechanism in Canada where we can get police and resources assigned to
critical assets to not only provide the deterrence but the immediate
response to a credible threat," he says. "The most viable way I can see
to dealing with this is to have shared intelligence."
As the various sectors come online, Powell says he can see how the
suspicious incident reporting system will build a significant body of
data to draw on for future threat assessment.
"If everybody across the country is contributing to this database and
the RCMP is getting good, credible intelligence, we can move on things
ahead of a credible threat and at least help mitigate the potential for
impact. Right now it’s really flying by the seat of your pants."
Right now, for example, if something happens around a BC Hydro
transformer it would be reported to the local police jurisdiction and
Powell’s group would investigate it internally and report it to the
RCMP. But what BC Hydro has been doing for a couple months now and in
part due to becoming better aligned with police agencies for the 2010
Winter Olympics, it has been voluntarily reporting to a number of
jurisdictions from its incident database.
"For purely selfish reasons in return we are hoping to get good
intelligence and from my perspective, if we’re not going to get that
level of cooperation we’re not going to get the tools we need to
protect critical infrastructure and it’s in the best interest of the
RCMP to have us reporting in day-to-day on suspicious incidents," says