It is also impossible to prevent all serious hazards
EDITOR’S NOTE: In December, 2011, The Macdonald-Laurier Institute published study by Andrew Graham, from Queen’s University, called Canada’s Critical Infrastructure: When is Safe Enough Safe Enough?, which outlined the security risks to Canada’s critical infrastructure. The following essay, the first of five, will look at the means that the federal government might employ to reduce the country’s exposure to harm. It is written by Stuart Farson, an adjunct professor of political science at Simon Fraser University.
Troy Media – by Stuart Farson
The central question facing those who want to make Canada’s critical infrastructure safer concerns how one should look at the issue.
Most federal government departments and agencies naturally see the policy dilemmas they face as national ones. Consequently, they seek to develop strategies, plans and programs that satisfy national aims rather than specifically regional or local ones.
In most instances this “one-size-fits all” approach, with the federal government taking the lead, is a sensible one. It helps keep costs down and its offers the possibility of equality in the provisions of services to the various regions of Canada, both important policy criteria.
Planning should be at the regional level
It is not, however, appropriate for Canada’s critical infrastructure. Earlier research suggests it may even cause resentment at the local level.
Two factors help to explain this. The first concerns who owns, who is responsible for, and who is accountable for the various elements of Canada’s critical infrastructure. Ownership is extremely diverse. More than 80 per cent is not in the hands of the federal government. While provincial and local governments own some, the vast majority is in private hands. Furthermore, responsibility and accountability for critical infrastructure is frequently split between several different parties, with no consistency between provinces.
The other concerns perceptions of threats and risks. While an “all hazards” approach is appropriate as a starting point for critical infrastructure security, not all regions of the country face the same concerns to the same degree. What may cause severe damage in one part of the country and have long-term consequences will be of little import in another.
These factors suggest that the federal government should recognize that its planning and emphasis should be concentrated – to a significant degree – at the regional level.
The idea that critical infrastructure can be protected has limited conceptual utility. Just as it is impossible to avoid intelligence failures all the time, so too is it impossible to prevent serious hazards from eventuating and sometimes having devastatingly unexpected consequences for critical infrastructure. The standards that were thought yesterday to offer sufficient safeguards against particular dangers will be supplanted as more extreme events occur. There will always be “new normals.”
Planning primarily for resiliency, therefore, rather than protection will arguably offer greater long-term benefits. Such an orientation fits well with the needs of private-sector strategic planning. While protecting assets and thwarting known threats is of course a key and routine objective, determining how to be up and running as quickly as possible when faced with a disaster is essential to corporate success, even survival.
Resiliency also means concentrating on emergency preparedness and focusing on the provision of emergency services. Just as critical infrastructure is widely owned by the various levels of government and the private sector, so too are emergency services. In large part, responsibility for such services rests with provincial, municipal and private sector entities. It is critically important that such services are housed in structures that will survive projected catastrophic events.
Needed upgrades to respond to the “new normals” will be expensive and may exceed what local authorities can realistically afford without adopting a scheduled approach.
Equally important, however, are back-up plans to provide such services should local authorities be unable to cope. Such plans need a coordinated approach that encompasses all levels of government, the private sector and non-governmental organizations. The various levels of governments have critical roles to play in these regards, particularly concerning the regulation of response requirements to such events as hazardous spills and setting building codes.
It would be wrong, however, to assume from this context that the federal government should perform a mainly secondary role. Where events exceed the capacity of a provincial government to respond, the federal level has a crucially important practical role to play in providing aid to both the civil power and the civil administration.
In this regard it will also have an important coordinating role between the entities involved and between the various elements of the federal government that can provide the necessary assistance.
Arguably, the federal government also has a significant part to play in collecting and disseminating the latest thinking about critical infrastructure protection and resiliency. Equally important is the service it can provide regarding the collection, analysis, and dissemination of information and intelligence about the threats and risks that Canada’s critical infrastructure potentially faces.
Initially, most of this information was produced by ITAC – then called the Integrated Threat Assessment Centre – and disseminated to the various owners of critical infrastructure by the RCMP in a sanitized form. This strategy had much to commend it. ITAC brought together personnel from across Canada’s security and intelligence networks to collate and assess the information to create an all-source product. The RCMP was the logical disseminator, because it has a wider variety of regular contacts than any other federal institution and, besides being the federal police force, it operates under contract to several provinces and numerous municipalities. More recently, ITAC was renamed the Integrated Terrorism Assessment Centre, which indicates its current emphasis.
It is important that the information disseminated to the owners of critical infrastructure does not merely focus on the threats and risks that come to the top of minds today, but adopts a truly all-hazards approach that engages in “over the horizon” scanning.
Even in its early days, ITAC’s product was considered to be of limited value to consumers of critical infrastructure. It was perceived as being too tactical and not sufficiently strategic to aid in their annual planning cycles. And, significantly, it built no feedback loops into the process to help guide what consumers actually needed. In several instances, more useful information came from critical infrastructure counterparts south of the border.
The federal government also has to concern itself with the protection and resiliency of its own institutions. Not only does it need to ensure that it has appropriate planning in place to cover the security of its various entities across the country, but it also has to plan for the transfer of governance from Ottawa should that be necessary.
What happens in the U.S. affects us
There is evidence that much critical infrastructure is interconnected with that of the United States. Consequently, what happens to their infrastructure can have immediate consequences across Canada. The federal government has an important leading part to play in developing and forming formal critical infrastructure agreements with the United States.
But other parties, such as the various individual Canadian provinces, their tangential U.S. border states, and the cross-border associations representing infrastructure owners, will also be involved in developing such arrangements. While it is necessary to be cognizant of, and responsive to, the threats that the United States faces, it should not be presumed that these will be replicated to the same degree throughout Canada.
What perspective should the federal government adopt regarding critical infrastructure security? It needs to establish a bifurcated federal agency with much greater presence and resources than currently exist. One part should be decentralized and focus on the regions of Canada and the problems they potentially face. Approaches to critical infrastructure resilience and protection should be developed at this, not the national level, and in close conjunction and cooperation with regional parties. The emphasis should be: “How can we help?” Feedback loops will be essential. The other part should focus on key federal government responsibilities: the security of federal assets, negotiations and development of arrangements with the United States, and how to respond to events beyond provincial capacities.
Stuart Farson is an adjunct professor of political science at Simon Fraser University. He served as research director for a parliamentary committee reviewing the Canadian Security Intelligence Service Act in 1989-90, has worked with research institutes in Europe, North America and the Pacific Rim, testified before numerous parliamentary committees, and acted as an adviser to Canadian government and NATO task forces and workshops. This essay was originally written for the Macdonald-Laurier Institute.