Canadian Security Magazine

Toronto attack leaves unanswered questions

Ellen Cools   

News Public Sector alek minassian annex ASIS barriers bollards bruna mariano CSIS hospital security iahss mark folmer martin green phil gurski radicalization satyamoorthy kabilan security implications sunnybrook health sciences centre toronto attack van attack

In the wake of the Toronto van attack on April 23, which killed 10 people and injured 16 others, Phil Gurski, president and CEO of Borealis Threat and Risk Consulting, and former senior strategic analyst at CSIS, maintains that “there’s nothing to suggest it is a terrorist attack.”

Members of Sunnybrook’s security team: Katrina Lambino

Canadian law defines an act of terrorism as violence that is carried out for political, ideological or religious motivation, he explains, and nothing suggests those motivations apply here.

The suspect, identified as Alek Minassian, 25, of Richmond Hill, Ont., has been charged with 10 counts of first-degree murder and 16 of attempted murder.

“The police haven’t laid terrorist charges because they have nothing to suggest terrorism, so we can’t go down that pathway,” Gurski notes.

In the weeks following the attack, the City of Toronto has come together in support of the victims. But in retrospect, a number of questions have arisen — most notably, what can be done to prevent a similar attack in the future?


“A double-edged sword”

Unfortunately, Gurski says, “nothing” can be done to mitigate such vehicular attacks.

Although cities can install barricades outside public areas such as sports stadiums, parks and city hall, the question then becomes where do you draw the line.

“If you want to say, okay, Yonge Street was hit, we’ll just barricade Yonge Street. Well, good luck with that, because Yonge Street’s pretty big. So first of all, you couldn’t do it. Second of all, you could try, but it would be incredibly expensive. Thirdly … if you did it, you’d basically be building ‘Fortress Toronto,’ which nobody wants. And fourthly, the bad guys just move onto the next block,” he explains.

Satyamoorthy Kabilan, director of national security and strategic foresight at the Conference Board of Canada, agrees that bollards and barriers can pose difficulties.

“The challenge with barriers and bollards is, one, it costs money [and] two, you also have to be careful with what restrictions they then create,” Kabilan explains. “For example … what if you needed to park an emergency vehicle on the sidewalk, or the sidewalk was part of your access to get through to another major area?”

Bollards can thereby restrict access for first responders in specific situations, making them “a little bit of a double-edged sword.”

Nevertheless, Kabilan finds bollards and barriers can be beneficial, as long as the benefits outweigh the risks. He advises cities to take a risk-based approach when determining whether to implement these measures.

“If you’re going to put these barriers in, given the cost, given the potential restrictions, are they creating more problems than they solve? I think that’s a question that everyone needs to ask,” he says.

Additionally, Kabilan says choosing the right type of barrier is paramount, so as not to “give the perception that everyone is in danger and the entire area is somehow locked down, because that then heightens the perception that this is a high-risk area.”

Many cities, he adds, try to make such barriers blend in with the area, to avoid generating such a heightened perception.

Vehicular attacks are “stupid simple”

But despite these potential mitigation measures, Gurski says the attacks are “stupid simple.”  

“Who’s going to stop you from driving into a crowd? The answer is nobody, unless you’re already under surveillance [or] under investigation, and even then it’s problematic,” he adds.

Yet he cautions against treating vehicular attacks as a trend in Canada.

While an attack occurred in Edmonton, Alta. last year and in Saint-Jean-sur-Richelieu, Que. in 2014, that’s “less than one [attack] a year. So do we really want to start [saying], ‘Oh, this is a trend?’” he says.

Kabilan agrees, noting, “We should keep an eye on it as a threat,” but that these attacks remain very rare in Canada.  

In many cases, as in the attacks in Edmonton and Saint-Jean-sur-Richelieu, “[the attackers] were going after very specific targets, they had very specific motivations. There are some insights around dealing with this,” he adds.

“So certainly we should keep an eye on global developments in this space and we should then understand what this might mean for Canada,” he elaborates. “That does not mean jumping up and saying, ‘Okay, we’re going to protect everything.’ We do have to look at the risk to Canada and we have to, again, going back to what I said earlier, make a risk-based judgement.”

Security awareness is key

Despite the challenges of preventing such an attack, there are still several security implications, particularly in terms of public safety.

“This type of attack is alarming, as is … the potential that every street corner in the country is … a ‘soft target,’” Mark Folmer, TrackTik’s vice president, security industry, and SRVP of ASIS Canada, wrote in an email to Canadian Security.

The attack “shakes the foundation of what we value as Canadians — safety and the sense of safety.“

[It] reminds us that regardless of [the] attacker’s motivation, we as security professionals, as people, need to be aware of this as a possibility,” he adds.

Therefore, situational awareness is critical, although Folmer qualifies that “even the most situationally aware person can be at the wrong place at the wrong time due to the actions of one.”

As a result, situational awareness should go hand in hand with prevention and security awareness training, he says.

Although prevention is not a 100 per cent achievable target, Folmer believes private security entities must collaborate with each other, as well as with public security agencies.

Additionally, following an event like this, security directors must be able to determine the safety of their staff as quickly as possible, he adds. Preparing and training for these types of events should tie in with a Threat Risk Assessment (TRA) process.

Kabilan agrees that situational awareness is very important, but finds there’s not much that people can do to prepare for a vehicular attack.

“That might make people feel very nervous, but the risk of something like that happening is still actually pretty low,” he says. “It’s the same thing if you are crossing the street. Are you guaranteed that every vehicle is going to stop at a red light or stop at that pedestrian crossing when you go? You’re not.”

Given that these types of attacks are “quite random,” and “incredibly rare,” he continues, “you should not let the fear of these types of incidents stop you from…doing what you would normally be doing in the city.”

Understanding radicalization

Although, at press time, the police have not officially announced the suspect’s potential motive for the attacks, they did reveal that he posted a reference to the ‘Incel [involuntarily celibate] Rebellion’ on Facebook just before the attack, and reports have surfaced that he may have been radicalized by online incel groups.  

In Gurski’s opinion, incel seems more like “misogynist hate” than ideology. But he cautions that “we still don’t know enough about Mr. Minassian to state he was influenced by either [Facebook] or Reddit. We need to await the results of the police investigation.”

But how does radicalization spread over the internet and, in particular, social media?

“Radicalization is an inherently social phenomenon and can take place anywhere, including online and via social media,” Gurski explains. “It is important to remember that radicalization is not a passive process whereby an individual absorbs material but rather an interactive one with questions, doubts, challenges, etc. Any platform can be used and those that are encrypted (e.g., Whatsapp) create major problems for those (spies and police) trying to keep track of those radicalizing.”

Yet “the field of stopping radicalization is still in its infancy.” Social media companies can remove material, but agencies like CSIS and the RCMP need that material to stay online for investigative and prosecutorial reasons, he says.

Regardless of the motive or means of radicalization, Gurski says that in the future, reporting potential signs of an attack is paramount.

In this case, he believes someone likely noticed signs but did not say anything, out of fear, uncertainty, or any number of reasons.

“All my work on radicalization when I worked for the service [CSIS] indicates quite categorically that there are always signs and that the challenge is not that there aren’t signs, but …what do you do about them?” he asks. “You’ve got to call somebody.”  

Training for health-care emergencies

Mass casualty attacks such as the one in Toronto not only impact public safety, but also test the security of the hospitals receiving the victims.

Security training and protocols are important for hospitals in general, but in a large-scale incident, preparation and training is instrumental to ensuring the safety of patients, staff and visitors.

“All hospitals have an emergency disaster plan, or emergency manual, that deals with a variety of different emergencies, and one of those is the Code Orange, for an external disaster,” explains Martin Green, past-president of the International Association of Health Security Services (IAHSS) and manager of security, telecommunications and emergency preparedness for Baycrest Health Sciences in Toronto.

“A hospital should always make sure that their disaster plan is reviewed at least on an annual basis, that it’s tested on an annual basis and that staff are familiar with their roles and responsibilities for that type of event,” he adds.

In this case, the main receiving hospital, Sunnybrook Health Sciences Centre had practiced a table top exercise just two weeks prior to the attack, says Bruna Mariano, Sunnybrook’s manager, security services. The hospital also ran a mock exercise last fall to test its Code Orange readiness. This training helped ensure all operations ran smoothly that day.

“When we get notified, it’s a mass communication through our emails and through a text,” she explains. “[Then] everyone reports to their department.”

On April 23, Mariano met with her security team, which then assessed the emergency department. By the time the hospital began receiving victims, her team had put the emergency department on lockdown.

Locking down the emergency department is “for the safety of our staff and patients and visitors, because we had overwhelming visitors coming in,” Mariano elaborates. “All of our doors in emerg can be locked down…After that, everyone [is] put on a hold and gets screened going anywhere.”

Green says that the ability to go on lockdown is a key aspect in a hospital’s disaster planning and training.

“In some cases, [there’s a] continuation of a crime scene, but in other cases, it’s just to make sure that you don’t have unnecessary people getting into the area,” Green explains.

“Unnecessary people” could include the media, family members and curious onlookers.

During a lockdown, the security officers may be assigned to stand at a door, check IDs and only allow access to authorized people.

The most important aspect is to secure the perimeter and ensure that “all access points to the emergency department [are] staffed by a security person.”

Security staff should be positioned at doors that are not automatically locked, Green clarifies, since locking all doors would require too much manpower.

This is key not just on the day of a mass casualty incident, but also in the days and weeks following, as victims may stay in the hospital for a prolonged period of time.

At Sunnybrook, Mariano says, six security officers were working that day, and another five came to work within 20 to 30 minutes after activating their “disaster fan out list.”

“We redeployed our staff in the emerg and we had two of our officers in the waiting room to control the crowd that was in there because we were already working at 111 per cent occupancy,” she says. “We had our officers ready by the trauma bay doors as the victims were coming in.”

The hospital also activated its family information centre and hospital emergency operations centre, where the security team, other hospital departments and Toronto Police Services met throughout the day. Officers were redeployed to the hospital’s main entrance with Sunnybrook’s family information team.

“From there we basically worked as a team with all the support services,  the physicians, the senior leadership and clinical staff. It was great support; it was a team effort and it went really smoothly,” Mariano adds.

Dealing with the aftermath

“One of the challenging situations we’re having now are reporters sneaking in and trying to interview families,” Mariano explains.

A key security protocol to follow in the aftermath is debriefing all departments “as soon as is practical,” Green says.

At the time of this article, written the week of the attack, Sunnybrook was in the process of debriefing staff through their “employee assistance program.”

“The employee assistance program is going to go on for quite a while here at Sunnybrook because everyone is starting to come out now and starting to grieve,” Mariano shares.

“When we were all involved in the crisis, everybody was doing their job and reacting to the crisis. Now, as the aftermath is taking place, it’s actually coming to reality to everybody that this happened in our city of Toronto, and I think a lot of people are grieving right now.”  

Ultimately, “we always assume it can never happen to us, but we always have to be prepared for the possibility that it can,” Green says.

“Quite often these events happen when there’s no one around, and then it’s a scramble to get the appropriate resources. But if anything was fortunate in this, it was that it happened on a Monday afternoon and there were lots of staff at the hospital able to respond and assist.” 

This article originally appeared in the May/June 2018 issue of Canadian Security. Photos courtesy N. Sutton and R. Francoeur.

Print this page


Stories continue below