Safety and Security Science and Technology: Perspectives from Practice 303121529X, 9783031215292

Citation preview

Advanced Sciences and Technologies for Security Applications

Anthony J. Masys   Editor

Safety and Security Science and Technology Perspectives from Practice

Advanced Sciences and Technologies for Security Applications Editor-in-Chief Anthony J. Masys, Associate Professor, Director of Global Disaster Management, Humanitarian Assistance and Homeland Security, University of South Florida, Tampa, USA Advisory Editors Gisela Bichler, California State University, San Bernardino, CA, USA Thirimachos Bourlai, Lane Department of Computer Science and Electrical Engineering, Multispectral Imagery Lab (MILab), West Virginia University, Morgantown, WV, USA Chris Johnson, University of Glasgow, Glasgow, UK Panagiotis Karampelas, Hellenic Air Force Academy, Attica, Greece Christian Leuprecht, Royal Military College of Canada, Kingston, ON, Canada Edward C. Morse, University of California, Berkeley, CA, USA David Skillicorn, Queen’s University, Kingston, ON, Canada Yoshiki Yamagata, National Institute for Environmental Studies, Tsukuba, Ibaraki, Japan

Indexed by SCOPUS The series Advanced Sciences and Technologies for Security Applications comprises interdisciplinary research covering the theory, foundations and domain-specific topics pertaining to security. Publications within the series are peer-reviewed monographs and edited works in the areas of: • biological and chemical threat recognition and detection (e.g., biosensors, aerosols, forensics) • crisis and disaster management • terrorism • cyber security and secure information systems (e.g., encryption, optical and photonic systems) • traditional and non-traditional security • energy, food and resource security • economic security and securitization (including associated infrastructures) • transnational crime • human security and health security • social, political and psychological aspects of security • recognition and identification (e.g., optical imaging, biometrics, authentication and verification) • smart surveillance systems • applications of theoretical frameworks and methodologies (e.g., grounded theory, complexity, network sciences, modelling and simulation) Together, the high-quality contributions to this series provide a cross-disciplinary overview of forefront research endeavours aiming to make the world a safer place. The editors encourage prospective authors to correspond with them in advance of submitting a manuscript. Submission of manuscripts should be made to the Editor-in-Chief or one of the Editors.

Anthony J. Masys Editor

Safety and Security Science and Technology Perspectives from Practice

Editor Anthony J. Masys Defence Research and Development Canada (DRDC) Centre for Security Science (CSS) Ottawa, Canada

ISSN 1613-5113 ISSN 2363-9466 (electronic) Advanced Sciences and Technologies for Security Applications ISBN 978-3-031-21529-2 ISBN 978-3-031-21530-8 (eBook) https://doi.org/10.1007/978-3-031-21530-8 © The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG 2023 This work is subject to copyright. All rights are solely and exclusively licensed by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. The publisher, the authors, and the editors are safe to assume that the advice and information in this book are believed to be true and accurate at the date of publication. Neither the publisher nor the authors or the editors give a warranty, expressed or implied, with respect to the material contained herein or for any errors or omissions that may have been made. The publisher remains neutral with regard to jurisdictional claims in published maps and institutional affiliations. This Springer imprint is published by the registered company Springer Nature Switzerland AG The registered company address is: Gewerbestrasse 11, 6330 Cham, Switzerland

Foreword

Unexpected events often audit our resilience everything that was left unprepared becomes a complex problem, and every weakness comes rushing to the forefront (Weick and Sutcliffe 2007)

Canada is faced with both domestic and international safety and security threats and risks impacting lives and livelihoods. Global shocks such as that resulting from the Russia/Ukraine war, the COVID-19 pandemic or the increasing frequency of natural disasters has a direct impact on the safety and security of Canadians. As reported in Masys and Lin (2017), over the past four decades there have been a growing number of small- and medium-scale disasters which have resulted in a total global loss of over US$1.15 trillion. The impact of the COVID-19 pandemic has laid bare systemic vulnerabilities in global societal systems (UNDRR 2022). Likewise, extreme weather events are shaping the security calculus across multiple dimensions such as health security, economic security, food security, water security, environmental security, human security and energy security. All combined, these interrelated developments lead to a safety and security landscape best described as complex (Masys 2022). Defence Research and Development Canada’s (DRDC) Centre for Security Science (CSS) provides S&T leadership for public safety and security partners both within Canada and internationally. DRDC CSS works toward a long-term outcome where Canada’s public safety and security systems are evidence-based, interconnected and resilient. In accessing innovative solutions, it supports immediate and future safety and security capabilities viewed as critical to mitigate, prepare for, respond to and recover from a litany of threats and hazards. With that in mind, CSS supports innovation across the public safety and security ecosystem through competed and targeted investments predicated on multi-agency/institutional collaboration and support to policy and operations Imperatives. This book focuses on ‘Perspectives in Practice’ associated with contributions to the thought leadership and innovation within the safety and security ecosystem. It highlights how federally supported R&D pertaining to the application of science and technology significantly strengthens Canada’s resilience in the face of acts of v

vi

Foreword

terrorism, crime, natural disasters and serious incidents. The key to the success of the program of research lies in fostering the collaboration space between industry, government and academia. Ottawa, Canada

Dr. Mark Williamson Director General Centre for Security Science

References Masys AJ, Lin L (ed) (2017) Asia/Pacific security challenges-managing black swans and persistent threats. Springer Publishing Masys AJ (2022) Non-traditional security: a risk centric view. In: Masys AJ (ed) (2022) Handbook of Security Science. Springer Publishing UNDRR and UNU-EHS (2022) Understanding and managing cascading and systemic risks: lessons from COVID-19. Geneva, UNDRR; Bonn, UNU-EHS https://www.undrr.org/publication/und erstanding-and-managing-cascading-and-systemic-risks-lessons-covid-19 Weick KE, Sutcliffe KM (2007) Managing the unexpected: resilient performance in an age of uncertainty, 2nd ed, Wiley, San Francisco, CA

Contents

Innovation in Context Science Technology and Innovation: Transforming the Complex Safety and Security Multi-level Landscape . . . . . . . . . . . . . . . . . . . . . . . . . . . Andrew L. Vallerand and Anthony J. Masys

3

Design Thinking for Safety and Security: Support to Vancouver 2010 Olympics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Anthony J. Masys, Vijitharan Vivekanandarajah, and Louis Chiasson

17

Applications of Innovation A Systems Approach to Critical Infrastructure Resilience . . . . . . . . . . . . . Paul Chouinard and Jason Giddings

37

Emergency Planning—A Tool for Rural and Remote Community Resilience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Anet Greenley and Zachary Towns

53

Applications of Foresight for Defence and Security: The Future of Crime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tasha Van Dasselaar, Jason Giddings, and Sydney Stewart

75

Early CSS Innovations in Risk Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103 Shaye K. Friesen Exercises to Support Safety and Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Ray Wong, Kelly Morris, and Anthony J. Masys The Practice of FATE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Gitanjali Adlakha-Hutcheon Cross Border Collaboration Models to Support Innovation in Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 G. Jonkmans, K. Wyckoff, and C. Murray

vii

viii

Contents

Paramedic Portfolio Innovation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165 Doug Socha, Michel Ruest, and Gregory Furlong Science and Technology to Enable Mobile Wireless Communications for the Safety and Security Community . . . . . . . . . . . . . 199 Joseph Fournier, Philip Dawe, and Claudio Lucente Innovation—Way Ahead Information Mesh Concepts in Support of Multi-organizational Interoperability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Daniel Charlebois, Glen Henderson, Fraser Moffatt, and Bruce Carruthers Information as a Strategic Asset: A Safety and Security Perspective . . . . 245 Fraser Moffatt and Daniel Charlebois

Innovation in Context

Science Technology and Innovation: Transforming the Complex Safety and Security Multi-level Landscape Andrew L. Vallerand and Anthony J. Masys

Abstract The Science Technology and Innovation (STI) domain must evolve with emerging risks and threats that characterize the new defence, safety and security landscape. From CRTI to CSSP programs, starting with the crucial counterterrorism approach after 9/11, and evolving to an all-hazards approach, DRDC CSS’ STI community continued to look ahead as the current and future defence, safety and security landscape is now exponentially more diverse and complex. Indeed, it is now characterized by such issues as: mass migration and refugee crisis, economic slowdowns in emerging markets, ever-rising numbers of terrorists, activists, extremists, cyberattacks, pandemics, active shooters, climate related disasters, global water shortages, energy security and food security. These regional national and global risks have been in the headlines particularly in the last few years and pose significant security challenges both nationally and globally: in fact, national security is no longer just national. Non-state actors, cyber NGOs, rising powers, hybrid wars and crimes in strategic areas pose complex challenges to global security. The recent COVID 19 pandemic and the Russian invasion of Ukraine illustrate the dramatic spillover effects across borders. Further, CSS with a In this chapter, the safety and security “landscape” is loosely defined as a view representing Threats

as well as Risks (including Systemic Risk management), Partners, National Exercises, Capabilities, the Operational Deployment of such Capabilities and finally the impact/uptake of the related STI investments. International elements of DRDC CSS associated for instance with DHS (S&T), the “Quad”, the “5RD”, etc., are covered in a subsequent chapter and not discussed here. b DRDC defines itself as “Canada’s Science, Technology and Innovation (STI) leader, trusted advisor, collaborative partner, and knowledge integrator for defence and security” (https://www. canada.ca/en/defence-research-development.html).

A. L. Vallerand (B) Defence Research and Development Canada (DRDC), Former Chief Scientist, Centre for Security Science (CSS), Ottawa, ON, Canada e-mail: [email protected] A. J. Masys Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, ON, Canada © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_1

3

4

A. L. Vallerand and A. J. Masys

its large, capable and responsive community of partners continue to foresee, adapt and respond to newer incredibly difficult challenges such as pandemics, climate emergencies, highly “contagious” extremism/ polarization/ radicalization and fastspreading mis-/dis-information campaigns across the globe. This chapter presents an overview of the complex safety and security landscapea and illustrates how the uptake/exploitation/impact of DRDC CSS’ STIb , within a remarkable culture that also embraced a Whole of Government approach, evolved over 20+ years into an era-defining program that is postured to continue to close otherwise extremely difficult-to-close Safety and Security gaps in Canada. Keywords S&T innovation · Public safety · National security · Nontraditional security

1 Introduction Developed and developing nations, economies, societies and cultures are influenced and integrated through globalized communication, transportation, and trade. Emerging and enduring trends include increasing energy demands, disease propagation, environmental degradation, cross-cultural interactions, new political alliances and political instability. National security threats that result from these trends include failed and failing states, proliferation of weapons of mass effect and global terrorism (Masys 2016). These now shape global insecurity and influence the defence and security priorities of nations. National and International terrorism and the emergence of radicalized, polarized or extreme elements within societies of developed nations demonstrate that countries can be vulnerable to such threats. Like other nations, Canada is not immune to a multi-faceted, unpredictable and dynamic terrorist threat environment which includes CBRNE terrorism.

2 9/11 Turning Point In 1998, Osama bin Laden, the infamous leader of the Al Qaeda extremist terrorist network organization, announced to the world that acquiring and using Weapons of Mass Destruction (WMD) was his Islamic duty—an integral part of his Jihad. Over several years, he relentlessly sent his leaders to try to purchase or develop nuclear and biochemical WMD all over the world (Mowatt-Larssen 2010a, b). When Ayman al-Zawahiri ‘s Egyptian Islamic Jihad (EIJ) merged with Al Qaeda, Zawahiri and his Jihad group brought technological know-how about CBRN weapons to the more ideologically-oriented Al Qaeda. When promoted as Al Qaeda’s deputy chief, Zawahiri rapidly took charge of nuclear and biological weapons development for the entire worldwide network. (Mowatt-Larssen 2010a, b). In a 2007 video, Osama bin Laden restated his promise to “use massive weapons to upend the global

Science Technology and Innovation: Transforming the Complex Safety …

5

status quo, destroy the capitalist hegemony, and help create an Islamic caliphate”, and that “Acquiring [WMD] for the defense of Muslims is a religious duty.” AlQaeda networks have always sought CBRN WMD capabilities to attack the West and Middle East. To further this goal, Al Qaeda recruited scientists from around the world and organized training camps in Afghanistan to perform basic training courses in chemical, biological, and radiological weapons for hundreds of extremists (Mowatt-Larssen 2010a, b). On September 11, 2001, 19 terrorists from Al-Qaeda struck with four coordinated attacks in the USA using an unthinkable weapon of mass destruction that changed the world as we know it. Nearly 3000 died in that quad attack. Canada immediately responded with a forward-looking program that changed the Canadian STI landscape and over the following 20 years, steered the evolution of that program into an era-defining program that stayed ahead of evolving, emerged and emerging threats and risks and the related requirements of new capabilities, to ensure a Resilient Canada.

3 Government of Canada PSAT Funds CRTI This first strategic engagement of a Research Technology Initiative to counter terrorism was triggered in 2001 and started as a five-year federal budget Public Security and Anti-Terrorism (PSAT) initiative to immediately begin to counter CBRN WMD from a Federal Whole of Government approach, in establishing World Class capabilities in partner Federals Organizations. The original CRTI mandate was “to strengthen Canada’s preparedness for, prevention of, and response to potential CBRN attacks by fostering new investments in research and technology”. At its inception, the CRTI was expected to generate knowledge and technology, and support their application through the following activities: • “creating science clusters of laboratories that build S&T capacity to address the highest-risk terrorist attack scenarios; • funding research and technology to build capacity in critical areas, particularly those identified with chemical, biological and radiological attacks; • providing funds to areas where national S&T capacity is deficient because of obsolete equipment, dated facilities, or inadequate scientific teams; and • developing and sharing CBRNE S&T expertise and knowledge through symposia, exercises, workshops and studies” (DRDC CSS 2011; DND CRS 2011). The development of laboratory science clusters provided the fundamental building blocks to strengthen the coordination and collaboration of CBRN capacity, capabilities, research and technology plans and strategies in Canada. CRTI also concentrated on building interdisciplinary, cross-jurisdictional laboratory clusters that would leverage existing S&T expertise and facilities, and develop relationships between government, industry, academia and first responders.

6

A. L. Vallerand and A. J. Masys

4 Evolution of CRTI The CRTI was initially comprised of a Chemical Cluster, a Biological Cluster and a Radiological-Nuclear (RN) Cluster. In 2005, a Forensics Cluster was added to provide the forensic capability to incident response and in 2006, an Explosives Cluster was added. The “CRTI” acronym remained the same, but its definition evolved to become the CBRNE Research and Technology Initiative. A Psychosocial Cluster was subsequently added in 2008. In October 2006 approval was given for CRTI’s original five-year mandate to be renewed for an additional five years, through to FY 2011/12 (DRDC CSS 2011; DND CRS 2011). Through the development of federally-led science cluster networks and later Communities of Practice (COP), the CRTI has brought federal, other levels of government, public, non-profit, academic, and private sector science together to assess the risk of various scenarios involving CBRNE events, to produce solutions for emerging CBRNE issues, and to deliver S&T capacity and capabilities through investments (and partner co-investment) in products and services. As the nation’s CBRNE capabilities improved, it was recognized that Canada needed to expand its S&T efforts into under-funded areas. This recognition led to the creation in 2006 of DRDC CSS, one of nine DRDC research centres, which took over responsibility for CRTI. An evolution of the strategic posture was performed to further develop program engagement with first responders and a concomitant move towards an all-hazards approach to public safety and security priorities. Recognizing the requirements of the First Responder and First Receiver communities, while being no longer focused solely on terrorist-initiated CBRNE events, the four key CRTI activities have evolved beyond a strict counter-terrorism focus (DRDC CSS 2011; DND CRS 2011): • “through scientific clusters, building S&T capacity to address the highest allhazards risks; • funding S&T to build capability in critical areas, particularly those identified through a capability-based planning approach that looks at all-hazards risks; • providing funds to those areas where national S&T capacity is deficient owing to obsolete equipment, dated facilities, or insufficient resources; and • accelerating uptake of technology into the hands of the responder communities and other operational authorities.” (DRDC CSS 2011; DND CRS 2011)

5 New Governance, Programs, Challenges CRTI evolved to operate within a new governance structure and augmented focus in addition to CBRNE to include preparing for, responding to and mitigating the consequences of a wide range of hazards including criminal activities, accidents and natural disasters.

Science Technology and Innovation: Transforming the Complex Safety …

7

Led by DRDC’s Centre for Security Science (DRDC CSS), in partnership with Public Safety Canada1 (PS Can), the CSS came to manage the Canadian Safety and Security Program (CSSP) as a federally managed set of programs each with its own (fenced) separate federal funding from Treasury Board Secretariat (TBS) which includes the CRTI, the Canadian Police Research Centre2 (CPRC) and the Public Security Technical Program3 (PSTP). All programs implemented their respective activities as directed by specific federal government budget plans and in accordance with TBS direction, until they were harmonized into a single unified program, the PSST later renamed CSSP (DRDC CSS 2011; DND CRS 2011). CBRNE Threat With respect to the CBRNE threat, a CBRNE Resilience Strategy (2011) was published indicating that “the threat of CBRNE events is a global challenge. Terrorist attacks are increasingly focussed on Western interests and Canada has been specifically identified as a target by terrorist organizations. Canada is also at risk from domestic sources such as radicalized individuals, extremists and criminals” (DND CRS 2011). To respond to the CBRNE threat,4 the CSS was involved in the drafting of the CBRN Resilience Action Plan for Canada and it was based on five key strategic objectives labelled as essential to acquire CBRNE resilience: • • • • •

“provide leadership for coordinated policy and program development; integrate CBRNE into an all-hazards risk management approach; use capability-based planning to inform policy, program and investment decisions; build and effective and interoperable workforce; and optimize information and knowledge management” (DND CRS 2011).

Other Challenges In addition to addressing CBRNE threats, the CSS leadership recognized that the STI community had to evolve/expand to support under-funded gaps/deficiencies

1

“A Department of National Defence and Public Safety Canada Memorandum of Understanding (MOU) established the DRDC CSS as the coordinating body for federal public security S&T responsive to policy direction from Public Safety Canada”. 2 “The Canadian Police Research Centre (CPRC) has been supporting R&D relevant to the demands of law enforcement since 1979 and became part of DRDC CSS in 2007, at which time its mandate was expanded to include fire and emergency medical services”. 3 “The Public Security Technical Program (PSTP) was established in March 2006 to broaden the scope of safety and security S&T to address critical infrastructure protection; surveillance, intelligence, and interdiction; emergency management systems and interoperability”. 4 Though the threat of a CBRNE attack against Canada’s safety and security is presently assessed as low, the consequences of such incidents however could be high. The weaponization of CBRNE agents can potentially include the following: chemical (such as nerve, blister, choking, blood agents, etc., disseminated with explosives or aerosols); biological (such as smallpox, anthrax, plague, etc.); and radiological-nuclear (such as a “dirty bomb” which uses conventional explosives to scatter radioactive material). The ability to prepare for, prevent and respond to these types of events require national-level direction, coordination, and collaboration.

8

A. L. Vallerand and A. J. Masys

related to Emergency Management, Critical Infrastructure, Surveillance Intelligence Interdiction and First Responders challenges. As such, new Subject Matter Expertise was required to support Canada’s capabilities in the following areas: Risk Assessment, Operational Research, Interoperability, Cyber-security, Critical Infrastructure Protection (CIP), Emergency Management, Surveillance, Interdiction, Psycho-Social, Biometrics, Knowledge Management, etc. Therefore, at the federal level the following federal partners engaged (or continued to engage): PS Can, Public Health Agency of Canada (PHAC), Health Canada (HC), Privy Council Office (PCO), Finance Canada (FIN), TBS, Natural Resources Canada (NR Can), Transport Canada (TC), National Research Council of Canada (NRC), Environment Climate Change Canada (ECCC), Atomic Energy of Canada Ltd (AECL), Canadian Border Security Agency (CBSA), Agriculture and Agri-Food Canada (AAFC), Canadian Security Intellligence Service (CSIS), Innovation Science and Economic Development CanadaC (ISED), Canadian Food Inspection Agency (CFIA), Department of National Defence (DND), Canadian Armed Forces (CAF), Department of Fisheries and Oceans (DFO), Canadian Nuclear Safety Commission (CNSC), Royal Canadian Mounted Police (RCMP), Communications Security Establishment of Canada (CSEC), Communications Research Centre Canada (CRC), Infrastructure Canada (INFC). The leadership of DRDC CSS together with PS Can also firmly believed it was imperative that all such STI efforts would be first and foremost logically anchored in key Canadian Policy documents. As such, over the years, CSSP efforts have been documented as supporting any of the following key strategic national documents: • • • • • • • • • • • • • • • • • • • • •

Securing an Open Society: Canada’s National Security Policy, Strong Secure and Engaged: Canadian Armed Forces (CAF) Defence Strategy, US-CA Joint Border Threat and Risk Assessment, CA-US Action Plan for Critical Infrastructure, National Crime Prevention Strategy, All Hazards Risks Assessment Methodology, Beyond the Border Strategy, National Border Strategy, CBRNE Resilience Strategy, National Critical Infrastructure Protection Strategy, National Cyber Strategy, CSSP Strategic Planning Guidance, Strategy for Countering Radicalization to Violence, Emergency Management Strategy, Canadian Urban Search and Rescue (USAR) Guide, National Communications Interoperability Strategy, National Disaster Mitigation Strategy, Emergency Management Services (EMS) Strategy, Canadian Association of Fire Chiefs (CAFC) Strategic Plan, Canadian Association of Police Chiefs (CAPC) Strategic Priorities, Mobilizing Science and Technology for Canada’s Advantage,

Science Technology and Innovation: Transforming the Complex Safety …

9

• Canada First Defence Strategy, etc. As a result of this continued evolution, the integrative role of DRDC CSS, the strong and empowered governance as well as the horizontal, multi-departmental, multijurisdictional nature of public security and STI programs, the STI Landscape around the Canadian Safety and Security Program presented the following integrated posture (DRDC CSS 2011): • • • • • • • • • • •

Strong Governance and Oversight, ~$40 M/yr, excluding the mandatory co-investments from partner projects, ~80 DRDC CSS employees, more than 20 federal partner departments and agencies, numerous municipal and provincial partners, including 1st Responders and Receivers, numerous Workshops, Exercises (Simulated and Live), Training activities, numerous published Reports, Annual Reports, Annual Summer Symposia, numerous partners in Academia, Industry and Allies, several formal international agreements and collaborative working groups to further elevate any leveraging of STI community and related interoperability, a Logic Model where, with its partners, DRDC CSS developed a series of strategic outcomes with which all its activities are visibly aligned to maximize transition/ impact, overall, a total of about +1000 active participants, established a formidable dedicated and responsive ‘external’ STI capability.

6 Acquisition Program, National Exercises, Operational Deployment In relation to safety and security capabilities, it was understood that “a capability gap implied that a task cannot be completed with current resources, whereas a capability deficiency indicated that a capability exists, but is insufficient to meet the target level” (DND CRS 2011). Therefore, an acquisition program was created to support Public Safety and Security Capabilities gaps or deficiencies since it was understood that capabilities may also include plans, procedures, personnel, equipment, infrastructure, and knowledge and technologies. Of note, CRTI/CSSP managed acquisition investments that significantly enhanced public safety and security capabilities including eight mobile CBRNE laboratories that were operationally deployed to Exercises and Major Events. When on-site, these mobile CBRNE laboratories were conceived to eliminate the need to transport samples, and save time critical for incident management activities such as medical countermeasures, site decontamination, public health investigations, and quarantine implementation. The mobile CBRNE laboratory initiative is a pan-cluster activity and a great example of the collaborative efforts and outcomes achieved through the CRTI/CSSP as a pan-departmental program. The initiative represents the full range

10

A. L. Vallerand and A. J. Masys

of science cluster activities, investments and knowledge generated since the 9/11. The laboratories were to-be maintained by designated departments and are designed as deployable assets to enhance the public safety and security capabilities of the Government of Canada. To support the development of such mobile capabilities, strategic efforts were required. Several National Exercises were performed, and 3 notable examples are mentioned below. Bronze, Silver, and Gold Exercises strategically and incrementally augmented (and field-tested) new required interoperable capabilities. Such Exercises were designed to strengthen capabilities, improve readiness, and reduce the risk prior to the formal live deployment to Vancouver BC and Whistler BC for the 2010 Olympic and Paralympic Games, and their subsequent deployment in June 2010 to the G8 Summit in Huntsville ON, and to the G20 Summit in Toronto ON. All above activities demonstrated how CRTI/CSSP investments provided S&T operational capabilities to First Responders. Further, DRDC CSS was prominent during the planning for the above international events at the federal, provincial, and municipal levels.

7 ‘MECSS’ System: Its Exploitation in Canada and Abroad CSS conceived and developed a pioneering and highly innovative large-scale System to markedly reduce the risk to the security of International Events via the ‘Major Events Coordinated Security Solutions’ (MECSS) project (Murray et al. 2010). Coupled with the support of CRTI clusters and focused STI investments, MECSS was critical to the security success of Major Events. Formal sponsors of the landmark MECSS System project included the RCMP Major Events Section, V2010 Integrated Security Unit, BC Integrated Public Safety, Canadian Forces Joint Task Force Games and PS Can Government Operations Centre (GOC). It needs to be mentioned that to reduce the risk to Major Events such as V2010, DRDC scientists made major contributions to numerous areas other than CBRNE, including the planning and operations in key areas such as: • • • • • •

“Command and Control, Blast effects, Vehicle and Personnel screening, CIP, Exercises, and Marine surveillance”.

This has led to the creation of an enduring Security Framework to support interoperability between partners at multiple levels of government both prior to and during a major event (Murray et al. 2010). The MECSS project and the mobile laboratory capability (the basis of what was known as ‘Science Town’, whereas its manager from the RCMP was cordially known as “The Mayor”) enabled “the leveraging of national S&T resources to strengthen the

Science Technology and Innovation: Transforming the Complex Safety …

11

Government of Canada’s Major Events security architecture. The project’s focus was clear: reduce risks associated with major events through the coordinated application of deployed S&T tools, support, and services, while providing key input to the broader major events security architecture being developed by the RCMP” (Murray et al. 2010). After the 2010 Olympics, the MECSS was requested and activated for the G8 and G20 meetings. The framework developed under MECSS has endured, as some elements were activated during the Canadian government response to the 2011 earthquake and tsunami in Japan. Members of the CSS were embedded into the GOC to enable reach-back to the science clusters. Post-event reports documented that S&T contributed significantly to the overall reduction of security risks associated with international events. The development and success of the MECSS and “Science Town” deployed capabilities received national and international recognition. After advice was provided, a comparable capability was replicated by UK authorities for the 2012 Olympics in London (DND CRS 2011). Organized in the context of the Counter-Terrorism Task Force (CTTF) of the Asia–Pacific Economic Cooperation (APEC), Canada led Major Events Security Framework workshops, including one in Santiago, Chile in October 2013. 35 participants from 14 APEC economies participated, including security planners from a range of departments and counter-terrorism officials from ministries of foreign affairs (Masys 2013). A representative from the United Nations Interregional Crime and Justice Research Institute (UNICRI) also participated in the workshop, with the objective of sharing information about the Organization of American States InterAmerican Committee against Terrorism (OAS CICTE) IPO Americas Project. The objective of the workshop was for APEC economies to finalize and test the Canadadeveloped Major Events Security Framework (MESF), for use by APEC economies. (Masys 2013). The outcomes from the workshop included a verification and validation of the MESF and the distribution of the MESF to participants to be leveraged by their national authorities.

8 Continued Evolution into Transnational Challenges In recent years, CSSP’s primary goal had continued to evolve to helping Canada become more resilient to global and domestic safety and security threats, including natural disasters, major accidents, crime and terrorism through the convergence of Science and Technology (S&T) with policy, operations and intelligence. The continued evolution to transnational challenges was evident in the Call for Proposal Challenges identified in 2019 (PWGSC 2019): • “To mitigate the effects of Climate Change: STI was needed in Community Resilience and Risk Reduction, Health Consequences of Climate Change;

12

A. L. Vallerand and A. J. Masys

• To mitigate National Risk: STI was required in Securing Soft Targets, Detection, Forensics, Attribution and Non-Proliferation for CBRN Threats, Intelligence for National Security, Understanding the Threat from Disruptive Technology, Security, Privacy and Identity Management, Border Security, Protection from Drones; • To Protect and Connect Safety and Security Professionals: STI was sought in Enabling DND/CAF Operations Alongside Safety and Security Partners, Strengthening Communications Systems and Situational Awareness, Supporting Next Generation 911.” Furthermore, in 2021, the Defence & Security S&T (DSST) Program included the following Call for Proposal challenges for the CSS-related Theme on “Enable Safety and Security”. This Theme was also focused on “Resilience in a post-Pandemic World” and it included some of the following challenges that needed to be addressed (PWGSC 2021): • “Expecting the Unexpected: Understanding High-Impact, Low-Frequency Events (HILF) • Tech ready and enabled for Disasters: Specific Technology innovations to deal with HILF Events • Protecting and connecting in a Virtual world: Innovating Contactless, Virtual and Automated Operations • The Weakest Link: Bolstering supply chain resilience”

9 In Conclusion While the CRTI/CSS evolution was remarkable, the next series of challenges that Canada is already facing going forward, are equally daunting. Some national, regional and global risks have been in the headlines in the last few years and pose significant security challenges both nationally and globally, suggesting that national security is simply no longer just national. Non-state actors, extremists, cyber NGOs, rising powers, hybrid wars and crimes in strategic areas pose complex challenges to global security. The recent COVID 19 pandemic and the violent Russian invasion of Ukraine illustrate the spillover effects across borders. The traditional siloed conceptualization of security is being challenged by the notion of systemic risks (UNDRR 2022) and non-traditional security. As described in Saha and Chakrabarti (2021) ‘COVID-19 has firmly established itself as the single largest security disrupter of this century in the non-traditional sense. It has necessitated a recalibration of securitization framework…’. The impact of the COVID-19 pandemic stress tested national and global mental models of safety and security revealing inherent vulnerabilities that ‘set fire to’ our national and global societal systems. As described in Masys (2016), the security calculus that is emerging

Science Technology and Innovation: Transforming the Complex Safety …

13

is one characterized as ‘non-traditional security’. Masys (2022) argues that ‘Traditional security thinking fails to capture novel type of threats that transcend statebased conflicts (CSIS 2021; Mintz and Wallace 2022; NSICOP 2021; Wark and Shull, 2021). According to Saha and Chakrabarti (2021) non-traditional security is characterized as ‘…more transnational, non-military and required extra-statist, along with non-statist, approach to meet the new challenges, which included epidemiological diseases, human rights violation, terrorism, illegal migration, climate change, cyberterrorism/crime and the like’. Over an incredible 20+ year—perhaps an era-defining journey—the leadership of the Safety and Security STI Programs managed by CRTI and then CSS have demonstrated that they have always been in relentless pursuit of at least 3 notions. First, they have directed a constant evolution of S&T capabilities to influence Operational Capabilities, to match emerged as well as emerging threats. Secondly, they have been unyielding in shaping their STI work so that the work outputs would have the highest probability of being exploited, transitioned, or operationalized by the end-users, First Responder or First Receiver communities, to influence outcomes that matter. Finally, from their most recent Call for Proposals, they have suggested that to bring Resilience to Canada, Safety and Security ought to be addressed in a way that also involves Defence. To that point, Fig. 1 represents one perspective of the new unified Defence & Security S&T Program (DSSP) of DRDC and it suggests that the intersection of Defence, Safety and Security could bring about the capabilities that a Resilient Canada requires vis-a-vis new emerging transnational challenges mentioned earlier. As one example, recently the Prime Minister’s Office (PMO) announced that Canada would host and lead a new NATO Center of Excellence (CoE) on Climate Change, under a banner of “Strengthening Transatlantic Defence & Security” (PMO 2021). It turns out, as mentioned above, that CSS already has had the foresight to invest in preparing for the impact of Climate Change with investments, with partners (ECCC to name one), and with capabilities. Therefore, CSS could continue to contribute but now in a way that could help to ‘re-imagine’ Defence, Safety and Security posture with the outcome of strengthening Canada’s and perhaps NATO’s readiness and crisis response capabilities. Defence, Safety and Security scientists may benefit in organizing globally on such grand transnational challenges, as Climate Change Scientists have done. Such a ‘re-imagining’ of the Defence Safety and Security posture is suggested as essential to efficiently and effectively address other looming transnational landscape challenges that Canada is facing, such as mass migration and refugee crisis, economic slowdowns in emerging markets, ever-rising numbers of terrorist and cyberattacks, pandemics, active shooters, climate related disasters, global water shortages, energy security, and food security (Saha and Chakrabarti 2021; Mintz Wallace 2022). Further, this next series of challenges may require a further evolution of the Defence, Safety and Security landscape, perhaps including a greater reliance on Private Public Partnerships (PPP). PPP are established as great opportunities in Critical Infrastructure cooperation in Canada. Co-Investments are performed, risk is reduced and transferred to Industry and a steady source of revenue is evident. There are numerous PPP examples in Critical Infrastructure and in Transportation sectors.

14

A. L. Vallerand and A. J. Masys

Defence

Security

Safety

Fig. 1 The Venn diagram intersections of defence, safety and security domains could be considered the key to address the big transnational challenges of tomorrow efficiently and effectively. The evidence presented here strongly suggests that, from its STI perspective, DRDC CSS is uniquely postured to foresee, recognize, and act on the new challenges of tomorrow at each domain intersection shown above, where capabilities are shared

There are some in health, in schools, in crime prevention, cyber,5 border trade (Cuifo et al. 2015; Busch and Givens 2012; World Bank 2021; World Bank 2022; Lawson 2010; USA DoJ 2005; Beutel and Weinberger 2016; Allied Universal 2021; Pearkes et al. 2019). Considering PPP for Safety, Security and Law Enforcement may be viewed just as important for the next pandemic or the next disaster (World Bank 2021). In conclusion, this chapter presents an overview of the complex Defence, Safety and Security landscape in and around CRTI/CSSP and illustrates how the application of Science Technology and Innovation and their uptake/exploitation/impact have created the conditions for success while developing the right lean and forwardlooking posture to face the next series of formidable emerging challenges facing Canada. Whether it concerns Defence, Safety, Security, First Responders, business, or others, DRDC CSS continues to employ its knowledge, technology and advice to create innovations on a regular basis for Canadians as well as for people who are safeguarding our peace, safety and security.

References Allied Universal Inc. (2021) Public-private security partnerships are essential to public safety. https://www.aus.com/security-resources/manufacturing-security-best-practices-5-critical-con siderations

5

As one concrete example, CSSP-2013-TI-1045 has provided a vehicle for partnership with the USA-based National Cyber Forensics Training Centre (NCFTA; www.ncfta.net) which is a PPP used to help identify and evaluate options for countering cyber-crime and enhancing cyber forensics capabilities. This PPP offered extraordinary leveraging with International and USA Intelligence, business and law enforcement organizations (Hales et al. 2014). Other examples exist.

Science Technology and Innovation: Transforming the Complex Safety …

15

Beutel A, Weinberger P (2016) Public-private partnerships to counter violent extremism: field principles for action. Final Report to the U.S. Department of State. College Park, MD: Study of Terrorism and Responses to Terrorism (START) Busch, NE, Givens AD (2012) Public private partnerships in homeland security: opportunities and challenges. Homel Secur Aff J 8(18):1–24 Canadian Security Intelligence Service. CSIS Public Report 2021 Ciufo G, Bhatia K, Mehany M (2015) Trending PPP: the evolving role of value-for-money analysis in support of project delivery selection. Deloitte LLP Report DND Chief Review Services (2011) Evaluation of the chemical biological radiological and nuclear research technology initiative (CRTI). DND CRS 1258-190 (CRS) DRDC CSS (2011) From concept to capability: collaborative science and technology for public safety and security. DRDC CSS Report D2-277 Hales D, Howes R, Cooper E, Porter-Greene M, Vallerand AL (2014) Security portfolio overview, analysis of value-added, and way ahead. DRDC Report DRDC-RDDC-2014-R113 Lawson WF (2010) Missouri public private partnership (MOP3). Missouri department public safety—office of homeland security Masys AJ (2013) Workshop report of the Asia-Pacific economic cooperation (APEC) CTTF major events security framework workshop Santiago, Chile October 2013, (DFATD sponsor of CSSP2013-TI-1040) APEC CTTF 01-13A Masys AJ (ed) (2016b) Exploring the security landscape- non-traditional security challenges. Springer Publishing Masys AJ (2022) Non-traditional security: a risk centric view. In: Masys AJ (ed) Handbook of security science. Springer Publishing Mintz J, Wallace R (2022) The global energy transition confronts East vs West ‘realpolitik’: Why Energy Security matters? Macdonald Laurier Institute Report Mowatt-Larssen R (2010a) Al Qaeda’s pursuit of weapons of mass destruction the authoritative timeline. Foreign policy. https://foreignpolicy.com/2010a/01/25/al-qaedas-pursuit-of-weaponsof-mass-destruction/ Mowatt-Larssen R (2010b) Al Qaeda weapons of mass destruction threat: hype or reality? Harvard Kennedy School Belfer Center for Science and International Affairs Murray C, Wood D, Chouinard P, Genik L, MacLatchy J, Dixson M, Dooley P, Funk R, Guitouni A, Masys AJ, Sykes T (2010) Major events coordinated security solutions technical report closeout: the application of science and technology to reduce risk for V2010 and G8/G20 summits. DRDC CSS TR 2010-13 Pearkes T, de Haas E, Owman L (2019) Achieving safety and security in an age of disruption and distrust: Why collaboration between the public and private sectors is a prerequisite for a safe, secure and prosperous society. PWC Report Prime Minister of Canada. Strengthening Transatlantic Defence and Security. https://pm.gc.ca/en/ news/backgrounders/2021/06/14/strengthening-transatlantic-defence-and-security PWGSC (2019) Defence research and development Canada (DRDC) Innovation call for proposals (CFP) 2019 PWGSC W7714-19DRDC, 2019 PWGSC defence research and development Canada (DRDC) innovation call for proposals (CFP) PWGSC W7714-217869/A, https://buyandsell.gc.ca/cds/public/2021/03/16/d367e51decb1938 0d5820dac5d37753e/en_drdc_innovation_call_for_proposals_2021.pdf National security and intelligence committee of parliamentarians (NSICOP) (2021) NSICOP Annual Report to Prime Minister of Canada Saha S, Chakrabarti S (2021) The non-traditional security threat of COVID-19 in South Asia: an analysis of the Indian and Chinese leverage in health diplomacy. South Asian Surv 28(1):111–132 UN Office for Disaster Risk Reduction (UNDRR) (2022) United Nations University—Institute for Environment and Human Security (UNU-EHS) Understanding and managing cascading and Systemic Risks: lessons from COVID-19. UNDRR and UNU-EHS Report, UNDRR Bonn GER, UNU-EHS

16

A. L. Vallerand and A. J. Masys

USA department of justice (2005) Engaging the private sector to promote Homeland Security: law enforcement-private security partnerships. USA Department of Justice—Office of Justice Programs—Bureau of Justice Assistance Report NCJ 210678 Wark W, Shull A (2021) National Security threats are changing but Canada is mired in Conventional Thinking. https://www.cbc.ca/news/opinion/opinion-national-security-1.6003674 World Bank (2021) COVID-19 and public private partnerships practice note: assessing operational PPP portfolios. World Bank group—infrastructure finance PPPs and Guarantees. World Bank Report World Bank (2022) Climate Smart PPPs. World Bank group public-private partnership legal resource center. https://ppp.worldbank.org/public-private-partnership/energy-and-power/ climate-smart-ppps-1

Design Thinking for Safety and Security: Support to Vancouver 2010 Olympics Anthony J. Masys, Vijitharan Vivekanandarajah, and Louis Chiasson

Abstract The safety and security challenges that permeate our current threat and risk landscape transcend jurisdictional and organizational boundaries (Horton et al. in International Security Management: New Solutions to Complexity. Springer, Berlin, (2021)). Major events such as sporting events and entertainment concerts draw large crowds in a small area making it vulnerable to threat actors. Events such as the bombing in Manchester at the Ariana Grande concert in 2017, Las Vegas active shooter in 2017, Boston Marathon in 2013 represent the inherent vulnerabilities and security challenges that reside within major events (sporting, cultural, religious, musical). As described in (Masys in Science Informed Policing. Springer, Berlin, p. 237 2020), ‘…the post 9/11 security landscape has seen a fundamental shift in security planning, organization and management across the national and global security domain. This shift is particularly evident with regards to special events’. Security planning for such events cannot exist within a silo but must be part of an integrated event planning approach that brings together various stakeholders from the event planners, safety planners and security planners. This chapter presents how design thinking was employed to support the development of the Major Event Security Framework (MESF). The MESF was part of a larger research program: The Major Events Coordinated Security Solutions (MECSS) project, a multi-agency collaborative partnership, established to reduce the security risk associated with the Vancouver 2010 Winter Olympics and Paralympics, and the G8/G20 Summits. Keywords Major event security planning · MESF · Knowledge management · Security threats

A. J. Masys (B) · V. Vivekanandarajah Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, Canada e-mail: [email protected] L. Chiasson Retired Royal Canadian Mounted Police (RCMP), Ottawa, Canada © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_2

17

18

A. J. Masys et al.

1 Introduction Major events such as the US Super Bowl, FIFA world cup and entertainment concerts draw large crowds in a small area making it vulnerable to threat actors. Events such as the bombing in Manchester at the Ariana Grande concert in 2017, Las Vegas active shooter in 2017, Boston Marathon in 2013 represent the inherent vulnerabilities and security challenges that reside within major events (sporting, cultural, religious, musical). As described in Masys (2020:237), ‘…the post 9/11 security landscape has seen a fundamental shift in security planning, organization and management across the national and global security domain. This shift is particularly evident with regards to special events’. Security planning for such events cannot exist within a silo but must be part of an integrated event planning approach that brings together various stakeholders from the event planners, safety planners and security planners. Over the past four decades Canadian authorities have planned for, and executed, complex operations in support of major events accounting for both the security and safety dimensions. Such major events include: • • • • • • • • • • • • • • •

1976 Montréal Summer Olympic Games 1986 Vancouver World’s Fair (Expo 86) 1987 Vancouver Commonwealth Heads of Government Meeting (CHGM) 1988 Calgary Winter Olympic Games 1993 Vancouver Clinton-Yeltsin Peace Summit 1994 Victoria Commonwealth Games 1996 Vancouver Asia Pacific Economic Conference (APEC) 1999 Winnipeg Pan American Games 2001 Québec City Summit of the Americas 2002 Kananaski, Alberta G8 Summit 2008 Sommet de la Francophonie à Québec City 2010 Vancouver Winter Olympics 2010 G8/ G20 Summits 2012 London Olympic Games 2015 Pan Am Games (Toronto).

2 Overview of MESF The MESF was part of a larger research program: The Major Events Coordinated Security Solutions (MECSS) project. MECSS was a multi-agency collaborative partnership, established to reduce the security risk associated with the Vancouver 2010 Winter Olympics and Paralympics, and the G8/G20 Summits. It was implemented as a formal project within the Public Security Technical Program (PSTP), under Defence Research and Development Canada (DRDC) management through the Centre for Security Science (CSS).

Design Thinking for Safety and Security: Support to Vancouver 2010 … Fig. 1 Integrated planning for major events

19

Event planning Safety planning

Security planning

The objectives of the MECSS project were to: a. Assist the functional authorities in reducing the security risk associated with V2010 and the G8/20 through the coordinated application of science and technology, and b. Contribute to the establishment of an enduring Major Event security architecture that can be applied to future Major Events in Canada. A Major Event is defined as an event of national or international significance, where the overall responsibility for the security rests with the federal government of Canada. Examples of such major events include major summits, conferences, and meetings when the participants are heads of states/governments (G8) and international sporting events (Vancouver Olympics). Given the high-profile nature of these events, natural and man-made disruptions to these events can have significant safety and security implications that can cross local, national and international boundaries. The management of the safety and security of these events is a multidisciplinary, multi-jurisdictional issue that necessitates an integrated planning and response mechanism to ensure seamless operational management in the event that a safety and security issue would arise. Major events both nationally and internationally have illustrated opportunities for a stronger alignment of planning activities across the event, safety and security domains (Fig. 1). Siloed planning is not an option given the interdependencies that exist across the event, safety and security domains. Planning decisions in one domain affect the other domains. Hence the requirement for integrated planning, communications, and interoperability across the domains. For example, the Olympics is not a security event with sports, but is a sporting event with security. That subtle distinction makes all the difference.

2.1 Security Planning The planning and execution of major events security operations is not a new discipline.

20

A. J. Masys et al.

Major events vary in scope and thereby shape the requirements for resources and planning. For example, the resources and planning required for a local sporting event or musical festival is much different from the resources and planning required for an international event such as an Olympics. The scope of the events with respect to resources and planning are well articulated in Johnson (2006). Of note: The security operation for the Athens Summer Games of 2004 had to protect more than 11,000 athletes who came from 201 National Olympic Committees and who participated in 296 events. The Games sold more than 3.2 million tickets; only Sydney sold more with 5 million in 2000. There were more than 21,500 media representatives in Athens. The US NBC network had more than 3000 people. Media representatives were spread across 19 sports venues, 102 hotels and 7 media villages. The Games were broadcast to a worldwide television audience of up to 3.9 billion. Protecting these potential targets requires enormous resources. Athens was the most expensive Games costing approximately e9 billion ($11.6bn; £6.3bn)…. security arrangements are estimated to have cost the Greek government more than e1bn (Johnson 2006).

The complexity associated with planning for major events safety and security resonates with those of high-hazard organizations such that they cannot learn by trial and error in the same way as can those in other organizations because the risks of error are too high. Hence comprehensive collaborative planning requires stress testing, exercise development and red teaming to refine and generate lessons learned.

3 Major Events Security Framework Given the inherent complexity associated with planning for major events, the Major Events Security Framework (MESF) was developed. The MESF is an ‘integrated’ generic planning process that is ‘tailorable’ with regards to the scope of the major event. The framework facilitates a logical, analytical problem-solving process that results in the development of products, leading to a synchronized plan that addresses both security and safety dimensions. The Major Event Security Framework focuses on 3 key deliverables: • Integrated planning capability for major events in Canada across federal departments and agencies; • Institutionalization of Science and Technology (S&T) support within the public security domain pertinent to major event security; and • Resiliency-Based Public Security Capabilities, facilitated through Strategic Safety and Security Capability-based planning.

4 Characteristics of the Framework The strategic vision of the “Whole of Government’ Major Events Security Framework was to further enhance the preparedness of the Canadian Government through

Design Thinking for Safety and Security: Support to Vancouver 2010 …

21

its security and safety stakeholders by formally establishing a standard and comprehensive approach to major event security and safety planning. With this in mind, the framework was defined by its purpose in: • Facilitating an overarching guide for Major Events Security Outcome Management • Providing standardized planning process • Ensuring control of strategic & operational planning • Enabling strategic goals to be translated to operational level security objectives • Enabling stakeholders to guide development of the plan, and to synchronize & integrate joint operational security functions • Maximizing effective and efficient use of resources The development of the framework was based on 2 key requirements: information sharing and collaborative planning in order to realize sufficient situation awareness and operational efficacy. The planning process was designed such that it was: orderly, analytical, and consisted of logical steps to identify a mission or requirement; develop, analyze, and compare alternative courses of action; select the best course of action (COA); produce a plan and test and validate the plan. With this in mind, the MESF encompasses: • ‘whole of government’ forum that guides the collaborative planning and execution of security capabilities; • knowledge management system that identifies best practices, captures lessons, effects change, and champions innovation; • repository of value-added tools and technologies; and • Governance, with the authority to link ‘policy, legislation and mandates’ with ‘functions, tasks, and expertise’, within the business planning cycle. The MESF high level planning process is rooted in the military Operational Planning Process (OPP) consisting of 5 phases (Fig. 2). Each one of these phases has several sub-steps that interconnect the other phases creating an inherent feedback and feedforward across the phases. To facilitate a whole of government approach, an on-line Government of Canada wiki was used (GCPEDIA) as the development platform thereby providing access and editing rights to all stakeholders. As described in Tapscott and Williams (2008:18), ‘the new promise of collaboration is that with peer production we will harness human skill, ingenuity, and intelligence more efficiently and effectively than anything we have witnessed previously. …Collective knowledge, capability and resources embodied within a broad horizontal network of participants can be mobilized to accomplish much more. …the ability to integrate the talents of dispersed individuals and organizations is becoming the defining competency for organizations’. The web 2.0 environment thereby created and facilitated opportunities for team building across organizations, collective visioning, collaboration, co-creation and information sharing.

22

A. J. Masys et al.

Initiation

Orientation

Concept of Operations

Plan Development

Planning Test and Evaluation

Fig. 2 MESF planning process

5 Discussion The development of the MESF utilized several nested methodologies as depicted in Fig. 3. The design thinking approach was pivotal to move the MESF through concept to prototype to operational deployment. The overall project was rooted in an Action Research paradigm.

6 Action Research Action research was selected as the foundational methodological approach, as the design of the MESF required a participatory and collaborative approach across the safety and security stakeholders. Action research focuses on solving practical problems in real world settings through stakeholder engagement. The power of action research emerges from its solution-oriented approach and participatory engagement strategy. As described in Koshy et al. (2010)

Design Thinking for Safety and Security: Support to Vancouver 2010 …

23

Action Research

Systems Thinking

Design Thinking

DNDAF

Fig. 3 Nested methodologies supporting the development of the MESF

• Action research is a method used for improving practice. It involves action, evaluation, and critical reflection and—based on the evidence gathered—changes in practice are then implemented. • Action research is participative and collaborative; it is undertaken by individuals with a common purpose. • It is situation-based and context specific. • It develops reflection based on interpretations made by the participants. • Knowledge is created through action and at the point of application. • Action research can involve problem solving, if the solution to the problem leads to the improvement of practice. • In action research findings will emerge as action develops, but these are not conclusive or absolute. The Action research cycle is depicted in Fig. 4. Key features of action research are: • Action research is a collaborative process between researchers and people in the situation • It is a process of critical inquiry • It places a focus on social practice • It is a deliberate process of reflective learning (Flood 1999:54)

24

A. J. Masys et al.

Fig. 4 Action research cycle

Plan

Reflect

Act

Observe

The steps in the action research process are not static but rather represent moments in the action research spiral. An essential quality of operationalizing action research is to ensure that the stakeholders and researchers are co-interpreters and co-creators of the systems of meaning constructed in the process of action research. This iterative process of reflective learning inherent within the action research approach refines the research product in order to meet the organizational and stakeholder requirements. This participatory quality of action research has empowering characteristics that encourages collaboration, sharing and dialogue. Action research can be thought of as a way of engaging, reflecting, sharing and creating. These four terms certainly capture the essence of the action research approach applied in support of the MESF.

7 Systems Thinking The holistic nature of major event planning with its inherent interdependencies and interconnectivity required a systems thinking paradigm in order to move away from a siloed approach to planning. Jackson (2003:65) defines systems thinking paradigm as’…a discipline for seeing the ‘structures’ that underlie complex situations, and for discerning high from low leverage change…Ultimately, it simplifies life by helping us to see the deeper patterns lying beneath the events and the details’. Systems thinking thereby emerges both as a worldview and process in the sense that it informs ones understanding regarding a system and can be used as an approach in problem solving (Edson 2008:5). Peters (2014) argues that ‘…at its core, systems thinking is an enterprise aimed at seeing how things are connected to each other within some notion of a whole entity. We often make connections when conducting and interpreting research, or in our professional practice when we make an intervention with

Design Thinking for Safety and Security: Support to Vancouver 2010 …

25

an expectation of a result. … rather than relying on implicit models, with hidden assumptions and no clear link to data, systems thinking deploys explicit models, with assumptions laid out that can be calibrated to data and repeated by others’. For the MESF, this was an essential worldview to embrace. Systems thinking emerges as a key sensemaking approach to view inherent vulnerabilities in major event plans that lie dormant, waiting for a trigger event to unleash a cascading disaster across communities. Understanding system vulnerabilities and the nature of system risks is well described in UNDRR (2022). System mapping and the application of Influence diagrams depicting decision making and capabilities across the stakeholders were critical in understanding the dynamic nature of major event safety and security planning. As shown in Fig. 1, a decision in any one of the 3 domains has effects across the whole system. Tabling assumptions during planning helps to better understand opportunities and vulnerabilities in our mental models associated with major event security. Some assumptions are correct and some are incorrect. Some assumptions are volatile and will reveal themselves as such when stress tested. Hence within the design of the planning process (Fig. 2) is the application of Assumption Based Planning (Dewar et al. 1993).

7.1 Design Thinking Moving through the action research framework we employed a design thinking methodology to support the development of the operational MESF. As articulated by Gheerawo (2018) ‘Design Thinking (DT) has gained significance and importance in using the principles and practice of design to address issues, problems and challenges across a variety of sectors and situations—from healthcare to education, from urban to rural, from local to global. It has proven to be an effective method for harnessing the creative, innovative, and a people-centered approaches enshrined in the design process and applying them across organisations drawn from the private sector, public sector, government and education’. Design is an activity, which aims at the production of a plan, which plan—if implemented—is intended to bring about a situation with specific desired characteristics without creating unforeseen and undesired side and after effects (cited in Lee 2016). Design Thinking is a solution-oriented methodology used by designers to solve complex problems. It draws upon logic, imagination, intuition, and systemic reasoning, to explore possibilities of what could be, and to create desired outcomes. As described in Pourdehnad et al. (2011) ‘…designers have specific abilities to produce novel unexpected solutions, tolerate uncertainty, work with incomplete information, apply imagination and forethought to practical problems and use drawings and other modeling media as means to problem solving. He further argues that designers must be able to resolve ill-defined problems, adopt solution-focusing strategies, employ abductive/productive/appositional thinking and use non-verbal, graphic and spatial modeling media’.

26

A. J. Masys et al.

Ideate

Empathize Define

Prototype Test

Fig. 5 Design thinking process

A design mindset is not problem-focused, its solution focused, and action oriented. It involves both analysis and imagination. Design represents a process that embraces innovation, creativity, opportunity analysis and problem framing and solving. Through the phases of Inspiration, Ideation and Implementation, Design Thinking is operationalized through an iterative (not linear) 5 step process (Fig. 5). This process is described in detail (http://dschool.stanford.edu/redesigningtheater/ the-design-thinking-process/). As highlighted in Masys (2016:300–301): • EMPATHIZE Work to fully understand the experience of security planning for major events. This was accomplished through stakeholder engagement, observation, interaction, and immersing ourselves in their experiences. • DEFINE Process and synthesize the findings from the empathy work in order to consolidate the various perspectives from our stakeholder engagement. • IDEATE Explore a wide variety of possible solutions through generating a large quantity of diverse possible solutions, allowing you to step beyond the obvious and explore a range of ideas. Through this iterative process we ‘played’ with conceptual models in our MESF web 2.0 sandbox and evaluated them with input from stakeholders and subject matter experts. • PROTOTYPE Transform the ideas into an operational form so that we and our stakeholders can experience and interact with them and, in the process, learn and develop more empathy. • TEST Try out high-resolution concepts and use observations and feedback to refine prototypes, learn more about major event security planning.

8 DNDAF: Architecture Framework Methodology The logical design of the MESF required an approach/methodology that captured and allowed transparency into the inherent interdependencies and interconnectivity across stakeholders. The Department of National Defence Architecture Framework (DNDAF) was selected as that methodology. DNDAF was developed in Canada based

Design Thinking for Safety and Security: Support to Vancouver 2010 …

27

Fig. 6 Perspectives of a system/enterprise (Masys 2016)

upon the US DOD Architecture Framework (DODAF). The DODAF has become the defence industry touchpoint as recognized in the development and application of the United Kingdom (UK) Ministry of Defence Architecture Framework (MoDAF), the North Atlantic Treaty Organization (NATO) Architecture Framework (NAF), and Australian Defence Architecture Framework (DAF). An architecture can be viewed as a set of blueprints that depict or represent relationships of the overall capability being managed. The IEEE defines architecture as “the structure of components, their interrelationships, and the principles and guidelines governing their design and evolution over time”.1 Architectures provide a disciplined approach to structuring information and understanding the complexity inherent within the relationships of a system. As such they can be used as a common language across various stakeholders. Through the structured approach, Architecture Frameworks for MESF provide the means to describe roles and relationships, organizational, policy and legislative drivers, to articulate operational concepts and to model critical ‘business’ processes. They provide an integrated depiction of an enterprise and allow for the creation of multiple, tailored perspectives (Fig. 6). Through DNDAF, the capability requirements are traced and supported from a top-down mapping of major event strategic guidance to capability development plans. Like DoDAF, DNDAF is organized into basic sets of prescribed Views. Operational and System Views are the most frequently developed Views; they lie at the core of all the Architecture Frameworks cited. Also considered are the technical specifications, standards and conventions that drive interoperability. DNDAF was chosen for this project due to its robustness, the familiarity of the research community with it (through application in support of Vancouver 2010 security design, G8/G20 Security Design, Parliamentary Precinct security design) and the tools that have been developed to aid in its application. DNDAF structures the complexity of people, processes and tools within and across systems. This framework presents data as various views: Strategic View (StratV), Capability View (CapV), 1

Institute of Electrical and Electronics Engineers, Inc. (IEEE) Standard 610.12.

28

A. J. Masys et al.

What is the vision and mission of the MESF?

What do I need to accomplish my strategies?

What activities do I need to do to deliver the capabilities?

What physical assets do I need to make the activities happen?

Fig. 7 DNDAF for MESF

Operational Views (OV), and Systems Views (SV) (Fig. 7). These views are used to fully document the current state, or the proposed future state, of a system or capability. For the MESF the application of DNDAF captured the tasks and activities, operational elements, and information exchanges required to support Vancouver 2010 Olympics in the form of OV architecture products as defined by DNDAF. Each view is supported by a number of sub-views. The sub-views are composed of specific architecture data elements and are depicted via graphic, tabular, or textual products. DNDAF Views applied to MESF (as described in DNDAF 2013).

9 Strategic View StratV-1 Business Strategy and Motivation: This sub-view describes the vision, goals and objectives or end state that the leader would like to achieve. The end state, itself, is a response to fulfill a given mandate, while adhering to identified values, ethics or principles. The mission is achieved through courses of action.

10 Capability View Capability View-1 (CapV-1): Capability Taxonomy is used to provide a hierarchy of capabilities. It contains a list of all of the capabilities that are referenced throughout

Design Thinking for Safety and Security: Support to Vancouver 2010 …

29

one or more architectures. These capabilities may be presented using textual, tabular or graphical methods.

11 Operational View The OV-1 conveys what the architecture project is “about” by giving an overview of the concepts, major factors and interactions between the factors. In general, OV-1 will describe the missions, high-level operations, organizations, and distribution of assets. The OV-1 will frame the operational concepts in terms of: • • • • •

What needs to be accomplished i.e. high level functions, Who does what i.e. organizations, actors, Utilizing what assets and resources, Why and for what purpose i.e. motivation, and Where will this activity occur i.e. interactions to the environment and other external systems?

12 OV-2 Operational Node Connectivity Description The Operational View-2 (OV-2): Operational Node Connectivity Description graphically depicts the operational nodes (organizational units such as a standing org, co-ordination cell, committee, matrix org, a commander, etc.) and needlines (for example, information exchange requirements). The graphic includes nodes that are both internal and external to the scope of the architecture project. It is important to note that OV-2 depicts logical connectivity and not the physical connectivity between the nodes. This means that the role of the OV-2 is not to identify a solution but to identify the requirement.

13 OV-4a Organizational Relationship Chart The Operational View-4a (OV-4a): Organizational Relationships Chart illustrates the organizational structure and relationships. The OV-4a answers the questions: who is who? Who is responsible for whom and for what? The main purpose of OV-4a is to depict an overall picture of the organization relationship structure. OV-4a intends to address the questions “who are the organizations?” and “which organizations are responsible for what?” The OV-4a can also be used for other organizational analysis and reconfiguration.

30

A. J. Masys et al.

14 OV-5a Functional Model The Operational View-5a (OV-5a): Functional Model further defines the operation requirement scope to the desired level of operational activities or business functions. Through decomposition, the OV-5a focuses exclusively on “what must be done”, leaving “how it is done to be further developed in the Operational Process Model (OV-5b) and other supporting sub-views. The OV-5a describes the hierarchical relationships and dependencies among operational activities, business functions or services.

15 OV-5b Operational Process Model The OV-5b creates an Operational Process Model that focuses on “how” the architecture project’s objective is accomplished. The Operational Process Model includes the sequence of the activities. The sequence of the process is often based on the approach to accomplishing the mission. By separating the function i.e. what has to be done (OV-5a) from the process flow i.e. how the organization accomplishes its mission (OV-5b) the architect is free to specify the approach to implementing the business functions in the most appropriate fashion. Emerging from the application of design thinking with DNDAF was a web 2.0 environment that operationalized the MESF. Figure 8 depicts an early prototype page of the MESF highlighting the drop-down menu navigation that opened up guidance and templates for all phases of major event security planning. Figure 9 depicts another prototype view that shows the additional material and capability within the framework providing products and guidance on: how to guidance and best practices for Pedestrian Screening Area (PSA) and Vehicle Screening Area (VSA). As shown in both Figs. 8 and 9, the MESF serves as a knowledge management repository. The growing importance of knowledge as a critical resource has encouraged all organizations in the public sector and private sector to pay greater attention to knowledge management and large organizations around the world have implemented knowledge management strategies, policies, and programs (Seba and Rowley 2010:611). With the diversity of stakeholders involved in major event planning (Fig. 1), design thinking and in particular ‘Empathy’ was key in understanding the organizational culture and associated beliefs, values and attitudes. As cited in Seba and Rowley (2010:616), ‘De Long and Fahey (2000) suggest that culture plays a key role in shaping assumptions about which knowledge is important, determining the relationship between organizational structure and knowledge sharing, creating the context for the social interaction associated with knowledge sharing, and, influencing the creation and adoption of new knowledge’. Luen and Hawamdeh (2001) (cited in Seba and Rowley 2010) discuss the implementation of knowledge management principles and practices in police work and

Design Thinking for Safety and Security: Support to Vancouver 2010 …

31

Fig. 8 MESF prototype on GCPEDIA web 2.0 environment

their implications for policing in Singapore. They suggest that with the increased adoption of information technology and the increasing overall quality and IT competence of its police officers, the police organization is well positioned to leverage knowledge management principles and practices to better equip its officers with the necessary knowledge to discharge their duties. The participative and solution-oriented approach of action research, with the systems thinking paradigm and design thinking process resulted in a fully operational MESF rooted in design principles and enterprise architecture views of DNDAF.

16 Conclusions The requirement for integrated, multi-perspective, multijurisdictional, multidisciplinary security planning is more the norm given the complexity of the current threat and risk landscape pertaining to major events. Such a planning paradigm is rooted in proactive and collaborative engagement to support co-creation of security and safety approaches. In preparation for the 2010 Winter Olympic Games in Vancouver (V2010), security partners have made great advances toward national integrated security solutions under the leadership of the Privy Council Office (PCO), Royal Canadian Mounted

32

A. J. Masys et al.

Fig. 9 MESF prototype highlighting support guidance

Police (RCMP), Public Safety Canada, Department of National Defence, and Emergency Management British Columbia (EMBC). The level of effort and the degree of investment in establishing an effective security posture for V2010 warrants serious consideration into how the new knowledge, practices, and protocols can be captured and institutionalized to support an enhanced degree of national resiliency as a function of a more robust ‘whole of government’ approach to future security events in Canada. Embracing a design thinking approach within an Action Research framework allowed the research team to co-create the MESF with key stakeholders thereby resulting in a fully operational and validated product.

References Dewar JA, Builder CH, Hix WM, Levin M, Planning A-B (1993) A planning tool for very uncertain times. RAND Corporation, Santa Monica, CA Gheerawo R (2018) Design thinking and design doing: describing a process of people-centred innovation. In: Masys AJ (ed) Security by design. Springer Koshy et al (2010) What is action research? Sage Publications. http://www.sagepub.com/upm-data/ 36584_01_Koshy_et_al_Ch_01.pdf Lee AJ (2016) Resilience by design. Springer

Design Thinking for Safety and Security: Support to Vancouver 2010 …

33

Long D, Fahey L (2000) Diagnosing cultural barriers to knowledge management. Acad Manag Exec 14:113–127 Luen T, Hawamdeh S (2001) Knowledge management in the public sector: principles and practices in police work. J Inf Sci 27:311–318 Masys AJ (2016) Counter-terrorism and design thinking: supporting strategic insights and influencing operations. In: Masys AJ (ed) Disaster forensics: understanding root cause and complex causality. Springer Masys AJ (2020) Science informed major event security planning: from vulnerability analysis to security design. In: Fox B, Reid D, Masys AJ (ed) Science informed policing. Springer Peters DH (2014) The application of systems thinking in health: why use systems thinking? Health Res Policy Syst 12:51 Pourdehnad J, Wexler ER, Wilson DV (2011) Systems and design thinking: a conceptual framework for their integration. Working Paper #11–03, University of Pennsylvania. http://repository.upenn. edu/cgi/viewcontent.cgi?article=1009&context=od_working_papers Seba I, Rowley J (2010) Knowledge management in UK police forces. J Knowl Manag 14(4):1367– 3270 Tapscott D, Williams AD (2008) Wikinomics: How mass collaboration changes everything. Penguin Books Ltd., London UNDRR & UNU-EHS (2022) Understanding and managing cascading and systemic risks: lessons from COVID-19. Geneva, UNDRR; Bonn, UNU-EHS https://www.undrr.org/publication/unders tanding-and-managing-cascading-and-systemic-risks-lessons-covid-19 DNDAF (2013) DND/CF Architecture Framework Version 1.8.1 Volume 2: DND/CF Views and Sub-Views 25 January 2013 Edson R (2008) Systems thinking. applied: a primer. ASysT Institute http://www.anser.org/docs/ systems_thinking_applied.pdf Flood RL (1999) Rethinking the fifth discipline: learning within the unknowable. Routledge, London Horton KE, Jacobs G, Bayerl PS, Suojanen I (2021) Towards sustainable solutions in international security management-an introduction. In: Jacobs G, Suojanen I, Horton KE, Bayerl PS (eds) International security management: new solutions to complexity. Springer Jackson MC (2003) Systems thinking: creative holism for managers. John Wiley & Sons Ltd., West Sussex Johnson CW (2006) A brief overview of technical and organisational security at Olympic events. Available at: http://www.dcs.gla.ac.uk/~johnson/papers/CW_Johnson_Olympics.pdf

Applications of Innovation

A Systems Approach to Critical Infrastructure Resilience Paul Chouinard and Jason Giddings

Abstract Critical infrastructure (CI) is sometimes viewed as the physical and cyber systems so vital that their incapacity or destruction would be debilitating for a community. However, it can be viewed more broadly as people, processes and equipment—or as defined by Public Safety Canada the “processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government”. A focus on assets can lead to difficulties for assessing cascading CI risks—detailed asset information being unavailable especially if it is proprietary, or without the context of overarching business processes, inferring the implications of the asset loss may be challenging. The National Critical Infrastructure Interdependency Model (NCIM) approach is one based on this broader perspective of the ‘people, processes and equipment’ required to provide vital goods and services. The core of the model is a network of functions that capture key business processes across all critical infrastructure industries. A benefit is that the NCIM provides a comprehensive risk evaluation framework can be applied rapidly to a variety of contexts as demonstrated in several case studies presented in this paper. Another benefit is the ability to assess the implications of policy decisions related to critical infrastructure. The paper describes one such policy decision related to 5G communications technology. Keywords Critical infrastructure · Risk · Risk assessment · Network · Capability-based planning · Critical infrastructure dependencies

1 Introduction The common perception of critical infrastructure (CI) is that it consists of physical assets, such as key buildings, roads, bridges, and power supplies. More recently P. Chouinard (B) · J. Giddings Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, Canada e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_3

37

38

P. Chouinard and J. Giddings

with increasing cyber risks, informational assets have also been included.1 A focus on physical and informational assets is understandable with a concern for protecting targets from malicious threats seeking maximum disruption. However, disasters, such as floods, hurricanes, earthquakes and tsunami have shown that a wider, systems perspective have value as well as a shift from protection of CI physical and cyber assets to the resilience of CI systems or functions.2 Canada’s National CI Strategy3 (Public Safety Canada 2009) defines CI as follows: Critical infrastructure refers to processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government.

This wider, systems or functional, definition of CI is consistent with that of other nations.4 One of key objectives of the Canadian National CI Strategy5 is to promote: The application of risk management and sound business continuity planning. While there are many acceptable approaches to the discipline of risk management, in the context of this Strategy, risk management refers to the continuous, proactive and systematic process to understand, manage and communicate risks, threats, vulnerabilities and interdependencies across the critical infrastructure community.

A focus on CI resilience is consistent with this objective—i.e., with “the application of risk management and sound business continuity planning” for those industries, organizations and agencies that provide essential goods and services. From the definition, it should be clear that CI resilience is a key component to community resilience. This chapter describes the efforts by CSS to model risk to CI systems using a systems or functional approach and the application of this approach to potential 1

For the United States, Critical infrastructure describes the physical and cyber systems and assets that are so vital to the United States that their incapacity or destruction would have a debilitating impact on our physical or economic security or public health or safety. The Nation’s critical infrastructure provides the essential services that underpin American society (Cyber and Infrastructure Security Agency 2021a). 2 The United States Cyber and Security Agency also evaluates risk to critical functions, which are defined as follows - National Critical Functions (NCFs) are functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof (Cyber and Infrastructure Security Agency 2021b). 3 Public Safety Canada, National Critical Infrastructure Strategy, Government of Canada, 2009, https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/srtg-crtcl-nfrstrctr/srtg-crtcl-nfrstrctr-eng.pdf. 4 The United Kingdom uses the term ‘Critical National Infrastructure’ which is defined as “those facilities, systems, sites, information, people, networks and processes, necessary for a country to function and upon which daily life depends” (Centre for the Protection of National Infrastructure 2021). The Australian government’s definition is that “critical infrastructure provides services that are essential for everyday life such as energy, food, water, transport, communications, health and banking and finance…A disruption to critical infrastructure could have serious implications for business, governments and the community, impacting supply security and service continuity” (Department of Home Affairs 2020). 5 Ibid.

A Systems Approach to Critical Infrastructure Resilience

39

real world problems such as floods and earthquakes. The chapter concludes with future research challenges for implementing the CI risk modelling results for the improvement of CI and community resilience.

2 The CSS National Critical Infrastructure Interdependency Model (NCIM) In order to support the National CI Strategy, Public Safety Canada—in collaboration with its provincial and territorial counterparts as well as key CI sector stakeholders6 — publishes an action plan for four periods. A major component of the action plan is to implement an all-hazards risk management approach. In the 2014–2017 Action Plan,7 one of the deliverables was to: Public Safety Canada will work with the critical infrastructure sector networks to model dependencies within and across sectors at the national level. Public Safety Canada will also work with interested provincial and territorial counterparts to implement the model at the provincial and territorial level.

Subsequently, Public Safety Canada proposed that this CI interdependency model be developed under the Canadian Safety and Security Program (CSSP) managed by DRDC’s Centre for Security Science. The NCIM was the result of this initiative. Initially, there was no identified CI problem or context for the requested interdependency model. Through discussions with Public Safety representatives, it was agreed that the model would be intended to support CI risk reduction planning prior to a disaster or incident—as opposed to supporting decision making to contain and eliminate a hazard or threat while disaster or incident response was on-going. However, the NCIM would need to be able to address CI dependency issues for any type disaster or incident in any region of Canada. Consequently, it was agreed that the best approach would be to develop a ‘networked model’ of generalized, key functions for CI industries across all ten (10) CI sectors.8 DRDC CSS would work with lead Federal departments and industry experts to develop the sub-model for each industry, which would consist of the inputs (i.e., goods, services and information) needed by the industry, the outputs (i.e., goods, services and information) provided of the industry and internal functions required to process inputs into outputs as well as to sustain the industry’s capability to do so. In essence, each industry sub-model would provide a succinct business model for that industry. The need for CI industry business models in order to understand the criticality of assets had been an identified,

6

Sector stakeholders would consist of lead Federal departments for each sector and prominent industry representatives, such as industry associations and major organizations or companies. 7 Public Safety Canada (2014). 8 The ten CI sectors are, Energy and Utilities, Finance, Food, Transportation, Government, Information and Communications Technology, Health, Water, Safety and Manufacturing.

40

P. Chouinard and J. Giddings

Fig. 1 Example of CI industry business model

analytical requirement.9 Figure 1 is a pictorial example of the business model for electricity generation and transmission. DRDC has published ten reports documenting the business models developed for all ten sectors.10 A generic business model of ‘networked’ functions, even if they link all CI industries in all ten CI sectors, is only a starting point for analyzing risk for real world problems. This requires instantiating the set of ‘networked functions’ within the context of a real world, ‘planning scenario’. Then the set of functions can be filtered for which are relevant in the context of the scenario; the assets associated with the relevant functions can be identified; the likely threats and hazards in the scenario’s context can be identified; and the potential ‘worst case’ impact on the functions can be estimated. The result is a model tailored for the specific scenario—i.e., for the specified threats and hazards in a specific situational context (e.g., a geographical context)—in other words, the NCIM is a structured template that allows the rapid development of a contextually specific model.

9

Schaefer (2009). The ten sector reports are: Chouinard and Hales (2020a), Chouinard and Hales (2020b), Chouinard and Hales (2019a), Chouinard and Hales (2019b), Chouinard and Hales (2021), Chouinard and Hales (2020c), Chouinard and Hales (2020d), Chouinard and Hales (2020e), Chouinard and Hales (2020f), Chouinard and Hales (2020g).

10

A Systems Approach to Critical Infrastructure Resilience

41

The next section of the chapter summarizes the application of the NCIM to six different real world ‘scenarios’—each developed in consultation with emergency management planners to identify CI risks for their jurisdictions.

3 Application of the NCIM Subsequent to its development the NCIM was applied to several case studies that assessed CI related risk in the context of likely hazards or threats faced by real world communities. This section briefly describes each of the case studies in terms of the hazard or threat, context, scope, sponsor, purpose and results.

3.1 A Regional Flood11 Hazard or Threat: This case study evaluated a major flood with the potential to cause damage at least as great as “once in 50 years” flood. Context: The region was Hastings County, Ontario and included the separated municipalities Belleville and Quinte West. Scope: The scope of the study involved emergency management and other response functions in the face of floods affecting the Trent and Severn, SalmonNapanee and York-Madawaska watersheds over a two month period. Sponsor: The sponsor of the study was Emergency Services Department, Hastings County. Purpose: The study had a dual purpose which were to validate that the NCIM could be used for emergency management planning and to identify risk reduction opportunities for regional stakeholders. Results: The study demonstrated that the NCIM could be used effectively with reasonable resources to provide timely results. In addition, the study provided evidence in support of regional risk reduction initiatives—such as the integration of emergency information services across the three jurisdictions (i.e., Hastings County proper and the two separated municipalities). There was a follow on study12 to this study which examined the return on investment with providing emergency responders with drones with varying levels of capability. This follow-on study used the above study as a baseline for comparison with the overall risk reduction provided by the drone capabilities.

11 12

Chouinard et al. (2017). Chouinard (2018).

42

P. Chouinard and J. Giddings

3.2 The Resilience of a Military Base13 Hazard or Threat: This study involved two hazard or threat scenarios—a major winter ice storm and cyber-attacks directed at the military base. Context: The base chosen for the study was Canadian Forces Base Trenton. The ice storm was assumed to occur during routine operations while the cyber-attack was in the context of the Canadian Forces deploying to an international operation. Scope: The scope of the study involved base functions. External functions were considered only with respect to their impact on base resilience. Sponsor: The sponsor of the study was Assistant Deputy Minister (Infrastructure and Environment), Department of National Defence. Purpose: The study was a pilot study to determine if the NCIM functional approach would be suitable for informing long-term infrastructure planning with respect to improving base resiliency. Results: The study did demonstrate the potential for using a functional approach and the NCIM to support resiliency planning and inform departmental priorities and programs. The analysis of the specific base suggested that self-sufficiency options (e.g., energy self-sufficiency) are worth investigating and it underscored the importance of maintaining awareness of supply chain vulnerabilities.

3.3 Disruption of Natural Gas to a Major Metropolitan Area14 Hazard or Threat: The hazard for this study was a winter long disruption of natural gas. Context: The area affected by the disruption of natural gas was the entire British Columbia Lower Mainland with natural gas being shut off with only a few days notice, potentially in December, and restoration requiring a couple of months (i.e., for the duration of the winter months). Scope: The scope of the study was focussed on the effects of the natural gas disruption on the municipalities of the District of North Vancouver and the City of North Vancouver. Sponsor: The sponsors of the study were North Shore Emergency Management and Natural Resources Canada. Purpose: This study was in response to a potentially, real world imminent event due to challenges in repairing a major natural gas pipeline rupture in northern British Columbia that occurred in October, 2018.

13 14

Chouinard and Hales (2019c). Chouinard and Hales (2019d).

A Systems Approach to Critical Infrastructure Resilience

43

Results: The study identified major CI functions at risk due to cascading effects from a natural gas disruption as well as the need for resilience planning to consider potential extended disruptions for any of the CI sectors.

3.4 River Bank Erosion in a Prairie City15 Hazard or Threat: The hazard for the study was river bank erosion for a major prairie river—the South Saskatchewan River. Context: The context of the study was on-going river bank erosion along the South Saskatchewan River within the City of Saskatoon. Scope: The scope of the study considered the effects of river bank erosion on CI assets. It did not include non-CI businesses and private residences. Sponsor: The sponsor of the study was Public Safety Canada. Purpose: The study’s purpose was to identify CI assets within the City of Saskatoon that were vulnerable to river bank erosion and the potential impact on CI functionality. Results: The study provided an overview across all ten sectors that could be affected by river bank erosion damaging or destroying vulnerable assets.

3.5 An All Hazards Risk Approach for a Regional Hospital16 Hazard or Threat: This study built upon an all-hazards risk assessment conducted by hospital staff and provincial emergency management staff. Context: Western Hospital is located in Alberton, Prince Edward Island (PEI). It provides emergency, inpatient, ambulatory and palliative care services. Scope: The study focuses the hospital’s internal functions and the risks posed by the disruption of external CI services across all hazards considered in the prior risk study conducted by the hospital. Sponsor: The sponsor of the study was Provincial Emergency Management, PEI. Purpose: The purpose of the study was to demonstrate the value of the NCIM approach in identifying the vulnerabilities to the hospital’s ability to provide health care services across all relevant hazards. Results: The study demonstrated the value of the NCIM by producing a riskranked list of sources of vulnerability to the hospital’s ability to provide health care services. This provide additional information that augmented the prior hazard and risk assessment study conducted by the hospital.

15 16

Chouinard and Hales (2020h). Chouinard and Hales (2019e).

44

P. Chouinard and J. Giddings

3.6 An Earthquake Affecting a Major Metropolitan Area17 Hazard or Threat: The hazard for this study was an earthquake affecting the British Columbia Lower Mainland. Context: The study had two phases—the first focussed on the disruption of CI services to the City and District of North Vancouver while the second considered the entire Metro-Vancouver area. Scope: The scope of the study was the response and recovery of the region in the aftermath of a major earthquake. Notionally this was a two year time frame but, it should be noted that some aspects of recovery could take longer. Also, while the effects on a major, west coast port would have national and continental implications, the study focussed on regional impacts. Sponsor: The sponsor of the study was Natural Resources Canada. Purpose: The study was part of a collaborative study lead by Natural Resources Canada. The purpose of the overall study was to: • Increase capabilities to model systemic risk and disaster recovery; • Enable an evidence-based approach to disaster resilience planning; and • Strengthen risk governance through knowledge exchange and community engagement. With the overall study, the purpose of NCIM component of the study was to extend the NCIM developed to represent system (CI) functions at regional scale and to assess the vulnerability of those functions. Results: The study provided detailed information for the two scenarios, the North Shore scenario and the Metro-Vancouver scenario, on cascading risk due to the disruption of CI functions as well as timelines for the recovery of those functions. In addition, the study demonstrated that the NCIM could usefully examine longer term disaster recovery and thereby aid in recovery planning.

4 Communicating CI Risk The NCIM has demonstrated through a number of case studies that a functional approach can usefully assess risk related CI dependencies and interdependencies in the context of day-to-day operations, across all hazards or in response and recovery planning for major incidents or disasters. However, there still remains the challenge of communicating the results to the wide spectrum of stakeholders with varying degrees of knowledge and experience with respect to risk assessment and planning for risk reduction or business continuity. It is doubtful that a single approach would serve all stakeholders; more work is needed to build tools to present results from a model like the NCIM in a variety of meaningful ways depending on the stakeholder group. 17

Chouinard (2022).

A Systems Approach to Critical Infrastructure Resilience

45

5 The Challenge of Collaborating to Improve CI Resiliency Having assessed risk due to CI dependencies and interdependencies and communicated that risk to relevant stakeholders, the required risk reduction planning will involve not just one stakeholder group but a number of groups that must collaborate to agree on a plan and to implement that plan. This type of collaboration will likely involve some partners that are not used to working together. This type of collaboration can be referred to as a cause-based partnership in that the motivation for the partnership arises not internally to the partner organizations but from an external driving factor—such as a common hazard or threat. A number of issues can arise from cause-based partnerships: Collaboration is defined as “a temporary social arrangement in which two or more social actors work together toward a single common end requiring the transmutation of materials, ideas, and/or social relations to achieve that end”. The partners intend to retain organizational autonomy while joining forces with one or more other organizations to achieve shared goals. The tensions between autonomy and allying lead some authors to discuss the “ambiguity and complexity inherent in collaborative structures.”18

The challenges of cause-based partnerships is one of a group of problems sometimes referred to as “wicked problems’. Horst W. J. Rittel and Melvin M. Webber first articulated the characteristics of wicked problems in the 1973 paper, “Dilemmas in a General Theory of Planning”.19 While wicked problems give the impression of being intractable the Australian Public Service Commission articulated three strategies for tackling these problems—authoritative, competitive and collaborative strategies.20 The Commission warns against a narrow approach; and it is likely that any practical strategy will involve a mix of approaches. More work is needed to identify useful risk-reduction strategies and how an ability to analyse CI systemic risk can support these strategies. Of course, the challenges of wicked problems are often not confined to a single jurisdiction but can involve multiple jurisdictions. The next section documents a real-world case study on the challenges in agreeing on the risks associated with 5G technology providers and on how to deal with the risk (or perceived risk).

6 International Dimension for CI—A Case Study 6.1 What is 5G? 5G wireless network technology represents the largest breakthrough in communication since the first wireless services were introduced in the 1980s. For a point of 18

Parker and Selsky (2004). Rittel and Webber (1973). 20 Australian Public Service Commission (2007). 19

46

P. Chouinard and J. Giddings

reference, the move from 4 to 5G represents a quantum leap in capability. Regarding latency, the delay between sending and receiving information, 4G operates at a rate of 200 ms, for 5G the latency rate is 1 ms which is 100 times faster than the blink of an eye.21 5G can also provide faster downloads as it can move up to speeds of 10 gigabits a second whereas 4G tops out at 100 megabits per second, meaning that 5G is 100 times faster than current 4G technology.22 Thus while downloading a 2 h movie would take 26 min on 3G and 7 min on 4G, on 5G this can be done in less than 10 s.23 Perhaps most importantly 5G will boost connectivity significantly, supporting up to 1 million connections per square kilometre, compared to 4G which can support 2000 devices in the same area.24 This will allow for massive amounts of real-time data sharing between IOT devices. This could usher in an era of smart cities with autonomous vehicles able to communicate with traffic lights to ease traffic flow, a smart grid monitoring energy distribution and management, virtual reality to aid first responders navigating a building on fire or autonomous tractors and smart farming mechanisms to boost crop yields.25 In short, 5G could completely revolutionize critical infrastructure across all 10 sectors. Thus the companies and countries at the forefront of this technology will have an unprecedented level of leadership and leverage for the foreseeable future.

6.2 Huawei and the West From an early stage in the development of 5G, Huawei, a Chinese multinational technology corporation, emerged as a global leader.26 Ericsson, Nokia and Samsung are among Huawei’s main competitors in the 5G field.27 Between the three companies, Huawei’s market share of the telecoms equipment market has seen the sharpest increase over the past decade.28 Huawei’s greatest advantages over its peers are cost,29

21

“5G Technology and Networks (Speed, Use Cases, Rollout).” Thales Group. Accessed October 9, 2021. https://www.thalesgroup.com/en/markets/digital-identity-and-security/mobile/inspired/5G. 22 Ibid. 23 Duffy, Clare. “5G Explained: What It Is, Who Has 5 g, and How Much Faster Is It Really?” CNN. Cable News Network. Accessed October 9, 2021. https://edition.cnn.com/interactive/2020/ 03/business/what-is-5g/. 24 “5G-Connection Density—Massive IOT and so Much More.” CIO, November 2, 2017. https:// www.cio.com/article/3235971/5g-connection-density-massive-iot-and-so-much-more.html#:~: text=5G%20is%20expected%20to%20support,much%20faster%20than%204G%20LTE. 25 Moore (2020). 26 Webb, Alex. “Finland’s Champion Nokia Is Letting the Side Down on Huawei and 5G.” Bloomberg.com. Bloomberg. Accessed October 9, 2021. https://www.bloomberg.com/opinion/art icles/2020-12-29/in-huawei-5g-battle-finland-s-champion-nokia-is-letting-the-side-down. 27 Ibid. 28 Ibid. 29 Deng (2019).

A Systems Approach to Critical Infrastructure Resilience

47

expertise and intellectual property.30 Not only does Huawei offer the cheapest prices among major telecom manufacturers, the company owns the most 5G related patents, more than 18% of those being essential to 5G technology.31 However Huawei’s growth and position as a 5G leader has caught the eye of Western leaders and led to security concerns particularly due to its CEO’s membership in China’s Communist Party and two pieces of Chinese legislation that would compel Huawei to cooperate with the government in handing over intelligence if requested.32 While the US has banned its own companies from using Huawei networking equipment in 2012,33 as 5G implementation came on the horizon America began to act with greater hostility towards the Chinese telecommunications company. Late in 2018, tensions rose significantly with the arrest of Meng Wanzhou, the CFO of Huawei at Vancouver International Airport by Canada Border Services Agency on an extradition request from the United States.34 Shortly afterwards two Canadian nationals, Michael Spavor and Michael Korvig were arbitrarily detained in China pushing relations between the two countries to their lowest point since the establishment of diplomatic relations in 1970.35 A few months later, the Trump administration placed Huawei on the Entity List preventing it from conducting business with any American company.36 These events added an additional layer to Canada’s decision on 5G.

6.3 Canada’s Decision Prior to the 2019 federal election Public Safety Minister Ralph Goodale stated that a formal decision on whether Huawei would be allowed to be involved in Canada’s 5G implementation would not be provided until after the election.37 This came amidst pressure within the Five Eyes alliance and the leader of the Official Opposition to take immediate action to ban the Chinese multinational from having any role in Canada’s 5G rollout.38 Beyond the political tensions at play, there were also economic considerations to factor in. Both Bell and Telus, two of Canada’s largest telecommunications companies had worked with Huawei for years, most notably 30

Kharpal (2021). Ibid. 32 Kharpal (2019). 33 Keane, Sean. “Huawei Ban Timeline: Detained CFO Makes Deal with Us Justice Department.” CNET. Accessed October 9, 2021. https://www.cnet.com/tech/services-and-software/huawei-bantimeline-detained-cfo-makes-deal-with-us-justice-department/. 34 Proctor (2018). 35 “Canadian Michael Spavor Detained in China as Huawei Row Continues.” BBC News. BBC, December 13, 2018. https://www.bbc.com/news/world-asia-china-46548614. 36 Shepardson and Freifeld (2019). 37 Blanchfield (2019). 38 Aiello (2019). 31

48

P. Chouinard and J. Giddings

in the implementation of the 3G and 4G LTE wireless networks.39 Furthermore, according to a statement made by Telus in 2019, a ban on Huawei would both delay the rollout of 5G in Canada and make the process more costly.40 This echoes sentiment in the UK, with experts affirming that the Huawei ban would delay the UK’s 5G rollout by two to three years and result in an economic hit of almost 7 billion pounds with rural areas being most affected.41 Huawei also made significant research and development investments in Canada with well over 261.6 million invested in 2019 alone alongside partnerships with many of Canada’s top universities.42 Canada must also be mindful that a ban of Huawei could trigger a lawsuit as the corporation could claim that Parliament acted in violation of Article Four of the Canada-China Agreement for the Promotion and Reciprocal Protection of Investments signed by the Harper government in 2012.43 Article 4 outlines that “fair and equitable treatment and full protection and security” must be applied to investments from Chinese multinationals.44 Akin to the UK, a ban on Huawei in Canada could result in a multi-billion dollar hit to the Canadian economy based on the varying degrees of repercussions that would be at play. At the time of writing, both Telus and Bell have both opted to move forward on 5G without Huawei, instead partnering with Nokia and Ericsson respectively.45 The 2019 election came and went, with another fall election this year and yet a formal decision on Huawei has yet to be made. However, action appears to be on the horizon. On September 24th 2021 Meng Wanzhou was released after reaching a deal with the US Department of Justice and within hours the two Michaels were also released.46 With this new twist in the Huawei saga a decision from the federal government is expected to come soon. There are signs that Canada’s allies have grown weary of indecision including the establishment of the new AUKUS intelligence alliance between Australia, the UK and the US which conspicuously doesn’t include Canada,47 the only Five Eyes partner that has failed to ban Huawei from its 5G implementation. 5G will incorporate almost every element of critical infrastructure in the coming decades. Neoliberal sensibilities would suggest that corporations and states would look for the most efficient route in developing such an essential component of critical infrastructure but the Huawei episode is a key reminder that such decisions are 39

Gollom (2018). The Canadian Press (2019). 41 Sabbagh (2020). 42 Canada NewsWire. “Huawei Canada Ranks 18th Overall in Corporate R&D Spending in Canada.” Bloomberg.com. Bloomberg. Accessed October 9, 2021. https://www.bloomberg.com/press-rel eases/2021-01-15/huawei-canada-ranks-18th-overall-in-corporate-r-d-spending-in-canada. 43 McGregor (2019). 44 Ibid. 45 Solomon (2021). 46 “Huawei Executive Meng Wanzhou Freed by Canada Arrives Home in China.” BBC News. BBC, September 25, 2021. https://www.bbc.com/news/world-us-canada-58690974. 47 McCarten (2021). 40

A Systems Approach to Critical Infrastructure Resilience

49

often highly political. In an era of shifting geopolitics, Canada must weight many of its critical infrastructure decisions with larger North American security concerns in mind. Greater collaboration can and should be expected between Public Safety Canada and the Department of Homeland Security in Washington D.C. Following the release of Meng Wanzhou the Chinese foreign ministry said that Canada should “draw lessons” from this experience.48 As digital technologies occupy an ever-increasing element of Canadian critical infrastructure and lacking the local industry to satisfy domestic demands, our relationships with our allies are as crucial as ever to maintain the resilience of our critical infrastructure. This is the lesson Canada can draw from its 5G experience thus far.

6.4 A Role for CSS? In 2000, it seemed Canada was destined to play a leadership role in the development of future wireless networks via one of the world’s largest technology companies based in Ottawa, Nortel Networks Corp. At that time the corporation “dominated the market for fibre-optic data transmission systems”, and held thousands of patents in the field. Accounting for up to 35% of the TSE 300 at its peak, it was virtually ‘too big to fail’.49 Nevertheless, beginning in the late 1990’s the Canadian Security Intelligence Service noted a serious uptick in activity from hackers located in China attempting to steal data from the company.50 Those attempts were not only successful but continued for well over a decade.51 By 2009, Nortel went bankrupt.52 That Nortel’s decline coincided with Huawei’s rise is not a fact that has gone unnoticed, however the latter denies any wrongdoing.53 In Nortel’s final years, Huawei hired 20 of its scientists that had been laying the groundwork for 5G.54 The Canadian Security and Safety Program (CSSP) within Defence Research and Development Canada (DRDC) is uniquely positioned to help Canada prepare navigate the challenges that will be associated with 5G and prepare for the emergence of 6G technology. Through its capabilities in Critical Infrastructure Interdependencies and Foresight, CSSP can act as a leader to inform both NSPS partners and end-users. By analyzing past and current trends to develop a series of plausible futures, foresight will allow stakeholders to understand mistakes that have been made in the past, current blind spots and future scenarios that could develop based 48

Crossley and Goh (2021). Pearson, Natalie Obiko. “Did a Chinese Hack Kill Canada’s Greatest Tech Company?” Bloomberg. Accessed November 29, 2021. https://www.bloomberg.com/news/features/2020-0701/did-china-steal-canada-s-edge-in-5g-from-nortel. 50 Ibid. 51 Ibid. 52 Ibid. 53 Ibid. 54 Ibid. 49

50

P. Chouinard and J. Giddings

on these trajectories. Through the Critical Infrastructure Interdependencies team, trusted experts can analyze all 10 sectors of CI to offer both a framework and a roadmap for resiliency today and preparedness for tomorrow. These lessons should have a universal application, the lesson of 5G should serve as a somber case study.

7 Summary This chapter has described how the DRDC CSS has extended the capability to model systemic risk related to critical infrastructure. However, further work is required to better communicate the results of the risk modelling and how technology can support cause-based relationships that seek to reduce such risk.

References Aiello R (2019) Scheer vows to de-politicize military procurement, Ban Huawei from 5G. CTV News. CTV News, May 11, 2019. https://www.ctvnews.ca/politics/scheer-vows-to-de-politicizemilitary-procurement-ban-huawei-from-5g-1.4417813 Australian Public Service Commission (2007) Tackling wicked problems: a public policy perspective. Australian Government, Contemporary Government Challenges Blanchfield M (2019) No decision on Huawei and 5G before fall federal election: Goodale. CBC News. CBC/Radio Canada, July 31, 2019. https://www.cbc.ca/news/politics/goodale-huawei-5gelection-1.5230734 Centre for the Protection of National Infrastructure (2021) Critical national infrastructure. United Kingdom Centre for the Protection of National Infrastructure, 20 April 2021. https://www.cpni. gov.uk/critical-national-infrastructure-0 Chouinard P (2018) Assessing the cost-effectiveness of unmanned aerial vehicles (UAV) in incident response. Defence Research and Development Canada, DRDC-RDDC-2018-L324 Chouinard P (2022) Critical infrastructure resilience in the aftermath of an earthquake: disaster risk reduction pathways project. Defence Research and Development Canada, DRDC-RDDC-2021D189 Chouinard P, Hales D (2019a) The National critical infrastructure interdependency model—Volume III: characterizing the food sector. Defence Research and Development Canada, DRDC-RDDC2020-D134 Chouinard P, Hales D (2019b) The National critical infrastructure interdependency model—Volume IV: characterizing the food sector. Defence Research and Development Canada, DRDC-RDDC2020-D142 Chouinard P, Hales D (2019c) Canadian forces base Trenton, infrastructure interdependency study. Defence Research and Development Canada, DRDC-RDDC-2019c-R191 Chouinard P, Hales D (2019d) Assessing the vulnerabilities of Vancouver’s North shore communities to a disruption of natural gas supply. Defence Research and Development Canada, DRDC-RDDC2019d-L254 Chouinard P, Hales D (2019e) Assessing the vulnerability of Prince Edward Island’s Western Hospital. Defence Research and Development Canada, DRDC-RDDC-2019e-L097 Chouinard P, Hales D (2020a) The National critical infrastructure interdependency model—Volume I: characterizing the safety sector. Defence Research and Development Canada, DRDC-RDDC2019-R223

A Systems Approach to Critical Infrastructure Resilience

51

Chouinard P, Hales D (2020b) The National critical infrastructure interdependency model—Volume II: characterizing the energy sector. Defence Research and Development Canada, DRDC-RDDC2019-D028 Chouinard P, Hales D (2020c) The National critical infrastructure interdependency model—Volume VI: characterizing the health sector. Defence Research and Development Canada, DRDC-RDDC2020c-D063 Chouinard P, Hales D (2020d) The National critical infrastructure interdependency model—Volume VII: characterizing the information and communications technology sector. Defence Research and Development Canada, DRDC-RDDC-2020d-D046 Chouinard P, Hales D (2020e) The National critical infrastructure interdependency model—Volume VIII: characterizing the manufacturing sector. Defence Research and Development Canada, DRDC-RDDC-2020e-D097 Chouinard P, Hales D (2020f) The national critical infrastructure interdependency model—Volume IX: characterizing the transportation sector. Defence Research and Development Canada, DRDCRDDC-2020f-D099 Chouinard P, Hales D (2020g) The national critical infrastructure interdependency model—Volume X: characterizing the water/wastewater sector. Defence Research and Development Canada, DRDC-RDDC-2020g-D040 Chouinard P, Hales D (2020h) City of Saskatoon River Bank erosion: critical infrastructure interdependency—initial study. Defence Research and Development Canada, DRDC-RDDC-2020hD039 Chouinard P, Hales D (2021) The national critical infrastructure interdependency model—Volume V: characterizing the Government sector. Defence Research and Development Canada, DRDCRDDC-2021-D004 Chouinard P, Hales D, O’Donnell J, Latter L (2017) Hastings county focus group: validating the national critical infrastructure modelling approach. Defence Research and Development Canada, DRDC-RDDC-2017-R037 Crossley G, Goh B (2021) China says Canada should ‘draw lessons’ from Huawei Exec case. Reuters. Thomson Reuters, September 27, 2021. https://www.reuters.com/world/china/huaweiexecutive-release-offers-chance-reset-bilateral-relations-global-times-2021-09-27/ Cyber and Infrastructure Security Agency (2021a) Infrastructure security. United States Department of Homeland Security. https://www.cisa.gov/infrastructure-security Cyber and Infrastructure Security Agency (2021b) National critical functions. United States Department of Homeland Security. https://www.cisa.gov/national-critical-functions Deng I (2019) Developing markets like Huawei gear as it is cheap, reliable. South China Morning Post, January 15, 2019. https://www.scmp.com/tech/big-tech/article/2182005/huaweis-5g-gearseen-bargain-many-european-capitals-even-though-polish Department of Home Affairs (2020) Critical infrastructure resilience. Australian Government, 23 April 2020. https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/securitycoordination/critical-infrastructure-resilience Gollom M (2018) Banning Huawei from building 5G network unlikely to seriously hurt Canada’s Big Telcos, analysts say. CBC News. CBC/Radio Canada, December 19, 2018. https://www.cbc. ca/news/business/huawei-ban-government-bell-telus-5g-1.4950521 Kharpal A (2019) Huawei says it would never hand data to China’s Government. Experts say it wouldn’t have a choice. CNBC. CNBC, March 5, 2019. https://www.cnbc.com/2019/03/05/hua wei-would-have-to-give-data-to-china-government-if-asked-experts.html Kharpal A (2021) Huawei to start charging royalties to smartphone makers using its patented 5G tech. CNBC. CNBC, March 16, 2021. https://www.cnbc.com/2021/03/16/huawei-to-charge-roy alties-to-smartphone-makers-using-its-5g-tech-.html McGregor J (2019) As if Canada’s Huawei decision isn’t tricky enough: a 5G ban risks a lawsuit. CBC News. CBC/Radio Canada, February 17, 2019. https://www.cbc.ca/news/politics/huaweicanada-china-fipa-1.5021033

52

P. Chouinard and J. Giddings

McCarten J (2021) Nothing to see here, Canada says of five eyes alliance despite absence from sub deal. CTV News. CTV News, September 16, 2021. https://www.ctvnews.ca/politics/nothing-tosee-here-canada-says-of-five-eyes-alliance-despite-absence-from-sub-deal-1.5588072 Moore D (2019) How 5G will power smart cities of the future. The Globe and Mail, May 19, 2020. https://www.theglobeandmail.com/featured-reports/article-how-5g-will-power-smartcities-of-the-future/ Parker B, Selsky JW (2004) Interface dynamics in cause-based partnerships: an exploration of emergent culture. Nonprofit Volunt Sect Q 33(3):458–488 Rittel HWJ, Webber MM (1973) Dilemmas in a general theory of planning. Policy Sci 4:155–169 Proctor J (2018) Everything you need to know about Huawei, Meng Wanzhou and her possible extradition. CBC News. CBC/Radio Canada, December 13, 2018. https://www.cbc.ca/news/can ada/british-columbia/huawei-meng-extradition-questions-fraud-1.4943162 Public Safety Canada (2014) 2014–2017 Action plan for critical infrastructure. Government of Canada. https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/archive-pln-crtcl-nfrstrctr-2014-17/ pln-crtcl-nfrstrctr-2014-17-eng.pdf Schaefer R (2009) CI related modeling & simulation in Germany. Paper presented at the workshop on modeling and simulation of critical infrastructures. JRC Ispra, Italy, 4–6 May 2009 Shepardson D, Freifeld K (2019) China’s Huawei, 70 affiliates placed on U.S. trade blacklist. Reuters. Thomson Reuters, May 15, 2019. https://www.reuters.com/article/us-usa-china-huawei tech-idUSKCN1SL2W4 Sabbagh D (2020) Huawei decision ‘may delay 5G by three years and cost UK £7bn’. The Guardian. Guardian News and Media, July 14, 2020. https://www.theguardian.com/technology/2020/jul/14/ huawei-decision-may-delay-5g-rollout-by-three-years-and-cost-uk-7bnSolomon H (2021) Canada doesn’t have a ‘Huawei problem’, says report, it has a 5G strategy problem: it world Canada news. IT World Canada, May 29, 2021. https://www.itworldcanada. com/article/canada-doesnt-have-a-huawei-problem-says-report-it-has-a-5g-strategy-problem/ 439371 The Canadian Press (2019) Possible Huawei ban would have ‘material’ impact on Telus timeline to roll out 5G network. CBC News. CBC/Radio Canada, February 14, 2019. https://www.cbc.ca/ news/business/telus-huawei-earnings-1.5019946

Emergency Planning—A Tool for Rural and Remote Community Resilience Anet Greenley and Zachary Towns

Abstract Resilience is at the core of rural and remote Indigenous communities in Canada. For generations, these communities have leveraged strengths such as traditional knowledge and community cohesion to survive. The increase of occurrence and intensity of disasters due to climate change, especially in rural and remote areas where infrastructure is as isolated and at risk as the populations that it supports, necessitates adaptation and is driving attention to community resilience. Community resilience requires a strong social fabric that is made up of people, places, culture, traditions, institutions and knowledge. Over the past 15 years, DRDC CSS has made Science and Technology investments that enable rural and remote communities to adopt emergency management tools and strategies in the face of evolving public safety and security. In line with Canadian policy that has been evolving to support diversity and inclusion, and climate adaptation, the investments are also grounded in social innovation, and enable DRDC CSS to have a transformative impact that is both holistic and bottom up by increasing response efforts within the community, supporting regional and national collaboration, and equiping the communities with the capacity to influence public safety and security policy and operations. Lessons learned from the COVID-19 response have demonstrated that the act of creating an emergency response plan increases preparedness and response to emergency events, regardless of the applicability of a completed plan to a specific event, thus strengthening community resilience. Keywords Resilience · Emergency management · Innovation

1 Introduction One of the priority areas for Defence Research and Development Canada Centre for Security Science (DRDC CSS) is preparedness and resilience. The CSS Community A. Greenley (B) · Z. Towns Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, Canada e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_4

53

54

A. Greenley and Z. Towns

Resilience Research (CRR) portfolio collaborates with community stakeholders and their partners to identify, source, and deliver safety and security solutions to build community resilience in rural and remote areas with the goal to develop capabilities that support public responses to emergencies and strengthen whole-of-society resilience. In 1851, about 90% of Canadians lived in rural Canada. Fast forward to 2021, 6.6 million, or 17.8% of the Canadian population lived in rural areas of Canada, of which 12% lived in remote areas which make up approximately 93.9% of Canada’s land mass (Charbonneau et al. 2022) (Fig. 1). Rural and remote communities contribute to Canada economically and socially. These communities provide natural resources such as food, energy and drinking water, as well as other ecological amenities that support all Canadians, while also generating approximately 30% of Canada’s gross domestic product (Vodden et al. 2019). Rural and remote areas of Canada represent a large and integral part of the country. The majority of the population living in southern Canada indentify with a Canada that is cold, rugged and wild, even though only 5% of Canadians actually have been to the Yukon or Northwest Territories and only 1% have been to Nunavut (Exner-Pirot and Huebert 2020). Canadians are already experiencing the devastating impacts of climate change, such as extreme weather, flooding, wildfires, and coastal erosion. This has been witnessessed by arctic researchers like Peter Kikkert who argue that: “The risks

Fig. 1 Rural and Urban Canada in 2021. Source Charbonneau et al. (2022)

Emergency Planning—A Tool for Rural and Remote Community …

55

are amplified by the presence of remote and isolated communities in austere environments, with small populations, vulnerable and aging infrastructure, limited emergency resources, and minimal access to rapid external assistance” (Kikkert 2021). The costs of emergency response go hand in hand with the increase of emergency events. Severe weather events in 2021 caused CAD $2.1 billion in insured damage in Canada and CAD $355 billion globally, leaving many vulnerable and in need of disaster risk reduction (Insurance Bureau of Canada 2022). Indigenous Services Canada’s (ISC) Emergency Management Assistance Program (EMAP) provides support to communities on reserves and has experienced an increase in support requests over the past 10 years. In addition to physical damages, response and recovery efforts are also disruptive to economic activity and well being; statistics on wildland fire and flood evacuation show that more than 90,000 First Nations people on reserves faced temporary evacuation between April 1, 2013 and March 31, 2022 (ISC 2022) (Fig. 2). Scientific data is providing the evidence for an increasing need for emergency management capacity to meet the challenges of adapting to climate change. Natural disasters such as flooding or wildfires can continue to exacerbate the risk posed by “a broad spectrum of natural and human-made hazards” in rural, remote and coastal communities if robust emergency management plans do not incorporate components of climate change in Northern communities (Kikkert 2021). Many rural and remote communities often lack full time emergency management resources to coordinate emergency management plans (Amaratunga 2013). However, individuals who live in these communities are more often able to confront disasters than urban residents

Fig. 2 Response and recovery expenditures over 10 years—historical trend of costs reimbursed by the Emergency Management Assistance Program (EMAP) (ISC 2022)

56

A. Greenley and Z. Towns

due to the reality of living in isolated areas, and their direct interface with the natural environment, local hazards and emergency events for multiple generations (Fournier and Cooper 2022). Innovation relies on being open to new processes and new ways of organising activities to transform outcomes. Social innovation is “a driver of interdisciplinary and transdisciplinarity in scientific research” utilising “innovative forms of organizing across traditional boundaries of geography, cultures, and politics…chang(ing) the way society evolves, how its structures are modified, its ethical norms revisited, etc.” in a way that can be summarised as a “changing dynamic in efforts to improve the quality of life” (Moulaert et al. 2013). Social innovation can have a transformative impact and improve organizations, communities, regions, or systems through a variety of means, including new processes and the use of new tools and technologies (ESDC 2021). Improving outcomes for wellbeing is at the heart of social innovation, therefore, it is useful to apply a social innovation lens to look at knowledge generation for community resilience and thus emergency response planning. Moulaert proposes that in order to make significant impact, social innovation analysis must embody (1) pragmatic, community-led engagement, (2) action research, (3) a collaborative and inclusive approach, and (4) context driven solutions. (Moulaert 2013). Moulaert presents social innovation as an alternative to technology-based and business-oriented discourses that have long dominated innovation and development policy—particularly in the context of the ‘knowledge economy’—and to develop an analytical framework which connects precepts, concepts, theories and strategies” (Moulaert et al. 2013). Identifying formal activities and relationships through an emergency management plan that is grounded in improving the wellbeing of a community at large, generates a collective action response that mobilizes a wide range of stakeholders who may normally have very different goals and respond to a very different sets of incentives. The new dynamics enables empowerment, improves social relations and steers approaches to be more inclusive. The fact that communities have existed in rural and remote locations since time immemorial reveals that social strengths are important assets in the absence of formal processes and activities and that facing the day-to-day challenges that come with living in more isolated environments leads to disaster resilience—defined as “the ability to survive and thrive in the face of uncertainty” (Amaratunga 2013). Disasters do not simply result from the occurrence of a potentially harmful agent (e.g., explosion, toxic spill, weather-related event), but from the intersection of that hazard with historically produced patterns of vulnerability (Oliver-Smith 1998). This suggests that “resilience is socially constructed, inviting a consideration of how access to resources (social, economic, cultural, material), decision-making power, and the capacity to influence policy (e.g., land use, resource management) influence and shape resilience” (Amaratunga 2013). In 2007, DRDC CSS invested in exploring how rural and remote communities tackled the challenge of building resilience, specifically in the context of emergency management. The investment aligned with the goal to advance its overarching objective—to deliver innovative solutions and insights derived from scientific research, analysis, and new technologies, in support of efforts to strengthen and measure

Emergency Planning—A Tool for Rural and Remote Community …

57

community resilience in diverse contexts. DRDC CSS funded the “Rural Disaster Resilience Project”, led by the Justice Institute of British Columbia (Amaratunga 2013). Between 2009 and 2013, government, industry and academic partners collaborated to conduct research to better understand the gaps and unique challenges that rural and remote communities face within resilience frameworks. A key output of this project was the development of the Rural Disaster Resilience Planning (RDRP) tool. The RDRP was leveraged and reframed into a second tool, the Aboriginal Rural Disaster Planning (ARDP) tool, during 2014–2019. The ARDP was tailored to the specific context of Indigenous communities from the RDRP with funding from Indigenous Services Canada (ISC). Following the development of the ARDP, DRDC CSS invested in a second project, entitled “Building Resilience and Capacity with Canada’s Remote Indigenous Communities” (BRC) which was conducted between 2017 and 2020. The Conference Board of Canada led the BRC collaborative project team with an aim to improve community planning processes in four remote Indigenous communities. Together with collaboration from ISC, the BRC project developed community resilience and readiness plans for each community. Present in both projects is the concept of resilience for rural and remote communities in relation to being engaged and taking specific actions to face the challenges presented during and after emergency events. The RAND Corporation defines community resilience as “a measure of the sustained ability of a community to utilize resources to respond to, withstand, and recover from adverse situations”; resilient communities have the “capability to anticipate risk, limit impact, and bounce back rapidly through survival, adaptability, evolution, and growth in the face of turbulent change” (RAND 2001). The research conducted by the Conference Board of Canada highlights that although there is contested understanding associated with community resilience, some recurring themes and elements understood to contribute to community resilience are: • • • • • • •

Local knowledge Community networks and relationships Effective and credible communication Health and wellbeing Good governance and leadership Resources and economic investment Mental outlook (health) and preparedness.

(Fournier and Cooper 2022) Both the development of the RDRP and the execution of the BRC involved literature reviews on emergency management and community resilience in the face of disasters. The United Nations International Strategy for Disaster Risk Reduction (UNDRR) summarizes disaster resilience as “the ability of individuals, communities, organizations and states to adapt to and recover from hazards, shocks or stresses… and is determined by the degree to which individuals, communities and public and private organizations are capable of organizing themselves to learn from past disasters and reduce their risk to future ones” (UNDRR 2005). The RDRP outlines that disaster resilience is a community’s ability to survive and thrive in the face of uncertainty

58

A. Greenley and Z. Towns

during and post hazardous events. Another important aspect that was highlighted within the literature from the RDRP was the need to transition away from describing disasters only in terms of “hazard occurrence.” Simply describing physical disasters fails to account for an understanding of the ways in which “vulnerability, risk and, ultimately, resilience are socially constructed”; this social constructionist approach to disasters is significant because it can account for the intersection between the potentially harmful agent (explosion, toxic spill, weather-related event) and the historically produced patterns of vulnerability caused by colonisation (Amaratunga 2013).

2 Investments in Emergency Response Planning Tools This section analyzes projects focused on community resilience that stemmed from DRDC CSS investments. The purpose of highlighting these projects is to demonstrate the ongoing initiatives in emergency planning and outline the significance of the planning process on community resilience.

2.1 Rural Disaster and Resilience Planning Project DRDC CSS invested in research to explore and develop processes and tools for an integrated community and hazard, risk and resilience model for use in rural and remote communities in 2009. Working with government, industry and academic partners, DRDC CSS collaborated with the JIBC, Public Health Agency of Canada, Royal Roads University, Pearces 2 Consulting, and Natural Resources Canada to develop the RDRP framework. The RDRP was initiated to provide rural specific tools to counter the urban bias that was evident in emergency management. The lack of attention to the rural and remote areas creates a triple jeopardy: “fewer professional and financial resources, less emergency measures infrastructure and unique challenges created by geography, isolation and demographics” (Amaratunga 2013). Each year communities across Canada are impacted by hazardous events that result in personal, economic and structural harms, and produce instrumental harms to both the economy and the environment. The preliminary research by the RDRP project team highlights that many of these harms were predictable. The lack of adequate planning and understandings about disaster resilience by the most atrisk communities results in them being disproportionately impacted by hazardous events (Amaratunga 2013). Recognising the social inequities inherent in emergency management at the time, the RDRP project team, lead by JIBC, set out to design, evaluate and disseminate a suite of pragmatic and effective indicators, tools and processes that can be used in an integrated community as a hazard, risk and resilience model in rural and remote communities.

Emergency Planning—A Tool for Rural and Remote Community …

59

As a shift to disaster emergency management paradigms that embrace community consultation and capacity over risk-based approaches was occurring, this methodology was incorporated into the RDRP framework, recognising that community articulation of their strengths and needs is the building block for preparing and responding to disaster. Leaders in small communities are often double or triple hatted, fulfilling multiple roles due to smaller budgets and resource constraints. In the absence of dedicated “emergency planning staff”, they rely on community members who are aware of the hazards and risks and have the skills and access to resources to deal with risks (Amaratunga 2013). The involvement of community members in the research increases disaster response capacity as they grow their awareness of actions that can be taken on the ground to “reduce the vulnerabilities of people and critical assets, and to promote the safety, security and longer-term vitality of communities exposed to the impacts of existing and/or emerging hazard threats” (Amaratunga 2013). The RDRP project research process understood that “building resilience at the community level for rural, remote and coastal communities needed to start from the ground-up” and started with “building upon the knowledge and capacities of residents and community leaders” (Amaratunga 2013). Leveraging societal resilience, the involvement of the community in the development of the RDRP framework was essential. The research was designed using a whole-of community participatory approach to elicit and integrate citizens expertise and insights, acknowledging that “communities know best when it comes to preparing and responding to disaster” (Amaratunga 2013). The research was conducted in five phases. Data collection methods included systematic reviews, community-based research activities, interviews and focus groups, surveys and website statistics, as appropriate for each research phase: Phase 1 included a comprehensive review of resilience literature and a systematic, thematic analysis of extant community resilience assessment instruments; semi-structured interviews that focused on local concepts and understanding of resilience and indicators of resilience that informed the development of the Rural Resilience Index (RRI) and RDRP framework; and a focused literature analysis to develop the criteria for the hazard, risk and vulnerability models that formed the basis of the Hazard Risk Assessment (HRA) and Hazard Resilience Index (HRI) tools and processes. The HRA and HRI tools and processes were derived from principles and criteria for assessment of hazard, risk and vulnerability in remote rural and coastal communities. Phase 2 included the piloting of tools developed in Phase 1 during which the researchers gathered data and information to develop the guides for community engagement and planning, consolidated resources pertaining to hazard identification and generated a list of strategies that future users could leverage to develop their action plans for increasing community resilience. Phase 3 included the gathering of data from the implementation of paper-based versions of the RDRP tools through observation and participation by communitybased researchers in workshops and townhall meetings, informal gatherings, interviews and surveys as well as through artifacts and products created during the

60

A. Greenley and Z. Towns

process. In addition, the project hosted a national policy forum with participants from multiple levels of government, academia and industry to explore the principles, goals and objectives of disaster risk reduction and climate change adaption. Phase 4 included the adaptation of the paper-based processes and tools used in Phase 3 to web-based delivery. Phase 5 included the implementation the RDRP process and tool in a new community. During this phase, data was collected through community workshops, focus groups and interviews, the review of artifact production, surveys and website statistics. (Amaratunga 2013) The RDRP framework was formulated using the concept of building resilience at the community level from the ground up, starting with and building upon the knowledge and capacities of residents and community leaders. “The ethos of this research project call(ed) for the design of tools and processes that are both relevant to the rural, remote and coastal community context and flexible enough to be responsive to the imperative that rural, remote and coastal communities be able to identify and decide which specific factors or indicators are relevant to their community and their vision of community resilience” (Amaratunga 2013). This approach engages multiple partners—including community planning and development sectors and the general populace—not only to plan for and mitigate risks, but also to work at the local level to prevent disasters from occurring and/or escalating in their communities. Unlike more urban contexts, smaller communites are less likely to have dedicated emergency planning staff so a key to success in these communities is “the engagement and ownership of this plan and procedures throughout the community” (Amaratunga 2013). The RDRP framework and its RRI, HRA and HRI tools combine to (1) identify potential hazards/threats; (2) assess various forms of exposure and vulnerability to these hazards; and (3) comprehensively assess resilience (social, physical, economic, cultural, political and systemic resilience) to these hazards. The RRI, HRA and HRI are an invaluable inclusion in the toolset and with them, the interplay between risks and hazards in the context of rural and remote communities is embedded in the framework. This interplay—captured through the toolset—is pivotal to understanding how “risk factors influence the level of vulnerability of an object, system of individual/community to hazards and threats. For instance, poor infrastructure (a risk factor) increases community vulnerability to extreme weather (a hazard/threat)” (Fournier 2020). Over the course of the project, the tools of the RDRP framework were implemented in 20 communities as part of the pilot and field testing. The project team guided the communities as they actively worked to adopt resilience-based practices and developed “practical and doable goals that built on core strengths” which were linked to outside support for local resilience (Amaratunga 2013, 29). The outcomes of implementation of the RDRP was not limited to the development of the plans themselves. Additional comprehensive, practical and doable goals were built on core

Emergency Planning—A Tool for Rural and Remote Community …

61

strengths identified during the project contributed to raise the level of resilience. The outcomes were specific to each community’s needs, and included continued community engagement and education for example, through public education, the development of a safer road network and local search and rescue capacity, signage for evacuation centres etc., a registry of vulnerable persons, increased volunteer firefighters and stocking of a comfort centre. Participation in the project also helped augment the communities to reach out for outside support from provincial and regional authorities in their efforts of increasing resilience (Amaratunga 2013). It was interesting to note that the RDRP project found that longer term residents are more likely to be prepared for disasters based on equipment, skills, and basic knowledge of nature that are likely to help in natural disasters. New residents in these communities often only have anecdotal information of others surviving in harsh weather conditions and no relevant personal experience or skills. The transience of rural communities that sees different migration patterns of people also plays a role on the implications of resilience because “of the increased potential that they bring with them the urbanites habitual reliance on formal structures and services that may be less available or not available at all in rural and remote communities” (Amaratunga 2013). Population flow also was found to have an impact on culture of a community as it affects the social cohesion that is often a strength in isolated areas. The implementation of the RDRP project has had significant reach and impact at the local, regional, national and international levels. The processes, tools and resources have been examined and by a number of emergency management stakeholders. Academic institutions and emergency management professionals have implemented the RDRP for training the next generation of emergency management practitioners as well as to conduct research and support for communities, and community leaders across Canada and internationally as a basis for disaster resilience planning. Interest in the project has fostered related initiatives with government departments at all levels, NGOs (such as the Canadian Red Cross). The online toolkit received international recognition, awarded triple bronze in the Horizon Interactive Awards. Emergency events are dynamic, and they occur and evolve differently in every community, as do the responses to them. In addition, it is well documented in the RDRP project that not every community has had the same experiences with, or exposure to emergency management planning, and nor the same comfort level with collaborating with external stakeholders. Therefore, one of the main findings of the project is that there is a recognized need to continue to adapt the RDRP as it is implemented, and to broaden its application to communities across Canada and internationally.

62

A. Greenley and Z. Towns

2.2 Aboriginal Disaster Resilience Planning Project A significant number of Indigenous peoples live in remote areas of Canada—their population distribution is very different than other population groups in Canada (Statistics Canada 2021). Despite that a large percentage of the Indigenous population of Canada live in rural and remote communities, a weakness of the RDRP was that the toolset was more aligned with rural communities in general, and did not recognize the uniqueness of the Indigenous context or explicitly address the needs of Indigenous communities, which are often more remote. Representatives from Indigenous groups were involved in the RDRP project, however, at the time of funding, there were no groups identified to be formal partners in the project. Therefore, Indigenous Services Canada (ISC) engaged with JIBC to develop a planning tool that would apply the RDRP more effectively in an Indigenous context. Disaster resilience – the ability to survive and thrive in the face of uncertainty and threats – is already a key dimension of Aboriginal communities. It is also the cornerstone of effective emergency management across all phases of a disaster, from mitigation to preparedness through response and recovery. There is much to learn about resilience from Aboriginal communities; this resilience is one of Canada’s biggest assets. At the same time, the emergency planning capacity of Aboriginal communities is often constrained by a lack of resources, historical legacies and access to user-friendly risk mitigation planning tools and processes. (Murphy et al. 2016).

With funding from ISC, JIBC engaged with approximately 20 national Indigenous stakeholders, both at local and national levels, as well as with community and advocacy groups from 2014 to 2019, in order to leverage the RDRP and create a separate Aboriginal Disaster Resilience Planning (ADRP) tool. Central to the development of the ADRP framework was community involvement. This included engaging community members through storytelling and talking circles. In addition, community-based research teams were established to facilitate the sharing of traditional knowledge about non-structural mitigation and preparedness to develop “culturally appropriate methods with which to establish a dialogue amongst traditional knowledge holders, their communities and local emergency management practitioners about past disasters, existing risks and wise practices to mitigate and prepare for emergencies” (Murphy et al. 2016). Due to the close relationship with the land, long-term observations and oral histories, traditional knowledge can offer valuable insights about disaster resilience. By incorporating a holistic perspective, traditional knowledge can also help us understand the various practices and lifeways that make a community strong and resilient, including the use of traditional foods, language, and cultural traditions. From a disaster management perspective, traditional knowledge can be used to: • identify hazards, • place the hazards within a culturally relevant context, • explain the hazards in relation to what is at risk,

Emergency Planning—A Tool for Rural and Remote Community …

• • • •

63

provide specific information about risk exposures, communicate information, inform effective coping activities to reduce risk, and monitor and evaluate ongoing activities.

(Murphy et al. 2016). Leveraging engagement of the Indigenous communities as building blocks for increased resilience, the ADRP toolkit, was developed from the RDRP. The ADRP is focused on helping rural and remote Indigenous communities in assessing and building their resilience during and after disasters and emergencies (Fig. 3). The ADRP framework is supported by a series of web-based/paper tools and involves a four-step planning process that must be outlined to fully understand the strength of the framework: 1. Getting Started: Introducing the key steps in preparing for disaster resilience planning, including the establishment of a community resilience team and workplan.

Fig. 3 Steps for aboriginal disaster resilience planing (Murphy et al. 2016)

64

A. Greenley and Z. Towns

2. Resilience Assessment: Assessing what disasters are likely to take place and your community’s current state of resilience. This includes identification of community vulnerabilities and strenghths. 3. Building Resilience Plan: Identifying strategies and goals for building resilience in your community. This step ideally employs a strength-based approach to developing strategies. 4. Plan Implementation: Developing an Action Plan to help your community increase its overall resilience and adopt strategies to help the community survive a disaster. (Fournier and Cooper 2022). The ADRP website was constructed to incporporate Indigneous related princples. The ADRP was accompanied by a traditional knowledge toolkit, as well as a “train-the-trainer program” that enabled the extension of the project to engage with and train 80 communities its use. External stakeholders, both within Canada and internationally, now had two tools to leverage, the RDRP and the ADRP.

2.3 Building Resilience and Capacity with Canada’s Remote Indigenous Communities Project In 2017, DRDC CSS and ISC provided financial support to the Conference Board of Canada to lead a multiyear project which aimed to improve community planning processes in four remote Indigenous communities. The project entitled “Building Resilience and Capacity with Canada’s Remote Indigenous Communities” (BRC) was designed to: • Capture the evolving theory and thinking associated with community resilience and emergency management. • Describe the unique contexts facing remote Indigenous communities, and what they mean for resilience building and emergency planning initiatives. • Identify tools that are designed to assess and enhance community resilience, with an emphasis on understanding their effectiveness within the context of remote Indigenous communities. (Fournier and Cooper 2022). The Conference Board of Canada collaborated with Indigenous Services Canada (ISC), the Government of the Northwest Territories (NWT) Department of Municipal and Community Affairs, Nishnawbe Aski Development Fund and Keewaytinook Okimakanak Research Institute to conduct the project. Community partners were Whati and Kakisa (Ka’geetu First Nation) in the NWT, and Webequie First Nation and Poplar Hill First Nation in Ontario. The BRC project set out to address a community resilience planning gap that the Conference Board of Canada had recognised within the previous literature. This gap was created by a tension that was building between “the desire to engage in broad

Emergency Planning—A Tool for Rural and Remote Community …

65

resource-intensive comprehensive planning processes, and the desire to produce quick, actionable outcomes” (Fournier and Cooper 2022). The BRC report highlights that over the past two decades, there has been a lot of interest in emergency response processes for Indigenous communities, and this has created a new challenge for Northern communities as some “now have so many plans that coordination and implementation are a significant challenge” (Fournier and Cooper 2022). While the RDRP and then the ADRP both highlighted the lack of available resources, there is also another challenge facing other communities: overwhelming processes and procedures. After evaluating the previous literature on multidisciplinary approaches to understanding resilience, the Conference Board research team sought to investigate frameworks to meet the need for a more targeted approach to “efficiently complement larger plans by addressing specific pressing needs” for Indigenous and remote communities. The BRC project was conducted in four interrelated components: 1. A comprehensive literature review to understand current theory associated with the field of resilience. This phase informed the community-based work and ensured an approach to the overall project that was rooted in best-thinking and practice. 2. A review and evaluation of resilience assessment and planning tools to determine what leading approaches are available to communities and emergency management practitioners for enhancing community resilience. 3. Fieldwork undertaken in partnership with the communities to develop Community Resilience and Readiness Plans (CRRPs) that support them in their efforts to manage threats and risks, cope with change, and seize opportunities. 4. The development of a Monitoring and Evaluation Framework that enables communities to monitor and evaluate the impact and outcomes of their CRRPs. (Fournier and Cooper 2022). From the existing literature, the research team identified 6 strengths and challenges that influence Indigenous community resilience as well as 5 challenges and vulnerabilities (or risks) that degrade their resilience: The six key strengths common to many remote Indigenous communities that nurture resilience are: 1. 2. 3. 4. 5. 6.

self-organization (through formal or informal community practices) learning and adapting connections to the land increased self-determination and rights recognition expanding opportunities for economic development and own-source revenue social capital (relationships, bonds and communications channels between community members).

The challenges and vulnerabilities (or risks) that degrade resilience in remote Indigenous communities are: 1. environmental change and degradation

66

A. Greenley and Z. Towns

2. inadequate physical infrastructure 3. social infrastructure challenges, such as poor or limited education and training opportunities and challenges to health and well-being 4. a lack of economic diversity 5. ineffective support and coordination on the part of key jurisdictional partners and governments. (Fournier and Cooper 2022). With this insight, the research team then conducted a tool review. Of a total of 36 tools that were identified for resilience planning, a subset of 10 tools were reviewed, and evaluated against four guiding principles developed from the literature review. Informed by both the literature review and the tool review, the Conference Board team determined that the best toolset for guiding their fieldwork was the ADRP framework. The ADRP had been developed for the context of rural and remote Indigenous communities and was best aligned to the BRC project’s four guiding principles: 1. Inclusive. The ADRP encourages wide community participation and allows all the stakeholders who are interested to contribute. 2. Flexible. The ADRP recommends a mixed methods approach, combining multiple lines of qualitative and quantitative evidence, such as interviews, focus groups, surveys, community meetings, direct observations in the community, government statistics, etc. A Traditional Knowledge Toolkit is provided to support gathering input from Elders and other community members through culturally appropriate methods such as storytelling and talking circles. 3. Comprehensive. The ADRP Hazard Risk Analysis and Hazard Resilience tools are built around a comprehensive list of 17 categories of hazards. The Aboriginal Resilience Index takes a broad look at resilience, including employment and economic health of the community, governance structures, and locally available skills and knowledge. 4. Iterative. The ADRP process is envisaged as a repetitive cycle of planning, implementation, evaluation and continued planning. (Fournier and Cooper 2022). The execution of the ADRP framework through community-based practices was executed in a 4 step process. • Step 1 centred on a visit to the Indigenous pilot community to meet the community members and to get a basic understanding of the community context. This was a crucial step because it was important to build relationships and garner trust so that it would ensure success of the assessment and planning processes. • Step 2 was the planning phase that selected and adapted the tools and processes that would best meet the needs of the communities’ contexts. Part of this step was to analyze what parts of the ADRP framework were going to be adopted, and altering certain survey and interview components of the toolset. • Step 3 involved 2 to 4 follow up visits back to the community that were structured to work through the resilience assessment and planning processes. These visits

Emergency Planning—A Tool for Rural and Remote Community …

67

are summarized as “…initially focus on identifying, discussing and assessing the community’s hazards, risks and vulnerabilities. They would then move onto assessing its resilience to these hazards and risks” (Fournier and Cooper 2022). This helped in identifying the assessment of the community’s level of resilience, which was rooted in identifying what strengths, resources and assets they had at their disposal. Once this was complete, resilience strategies were adopted which would build on the previous community strengths. • Step 4 included a meeting with the community to discuss their feedback on the draft resilience strategies and community resilience and readiness plan. The feedback from the community was then implemented in the final versions of the plans. (Fournier and Cooper 2022). The ADRP and a community-based process allowed the researchers to support Indigenous communities in gaining a better understanding of their risks, vulnerabilities and strengths so that these communities could develop resilience strategies and plans that were appropriate for their specific contexts, needs and objectives. The fieldwork with the four pilot communities provided significant insights into the real world applicability of the ADRP framework. It provided the researchers with valuable feedback on a number of successes. The foundational 4 step principles were validated and proved to be effective—assessment and planning processes should be simple, inclusive, comprehensive and iterative (Fournier and Cooper 2022). However, “best practices, or successful approaches, will incorporate not only the four core resilience principles, but also the principles of efficiency and pragmatism… Communities may prefer—and are more likely to implement—simple plans and strategies that are efficient and practical” (Fournier and Cooper 2022). Although Northern communities tend to lack infrastructure, capacity and resources in comparison to rural towns and cities, the findings of the BRC report show that Northern communities do have assets and resources that they can work with. Atypical to many urban and even rural settings, Northern communities have pre-existing strengths that can be incorporated into context and planning initiatives. These include things like strong cultural heritage and traditions, mixed economies, social bonds and networks, and distinct skill sets (land based and first response skills) all of which are extremely important for surviving and prospering in rural and remote communities (Fournier and Cooper 2022). The BRC report constructed their community resilience and readiness plans (emergency management plans) from the conceptual starting point of understanding the unique strengths that Northern Indigenous communities have. This is a starkly different approach from previous literature on emergency management planning, which dogmatically views Indigenous communities as victims stemming from colonialism. Another important finding for Indigenous resilience is the importance of socioecological systems. These systems combine both ecosystems (in terms of nature and non-human life) with human life. They capture the importance of the interaction/interdependence between Indigenous people and their important relationship

68

A. Greenley and Z. Towns

to the land. The BRC report outlines the need for understanding socio-ecological systems because “Land-based activities, such as hunting and the gathering of country foods, can be pivotal to community well-being, cultural vitality, and mental and physical health” (Fournier and Cooper 2022). It is important to incorporate these socioecological systems into emergency management planning because they can play a direct role in the available knowledge, expertise and skills of Indigenous communities. The significance of incorporating the systems into emergency management plans is that they can bolster backcountry safety and survival skills, food security, search and rescus capacity, and the ability to manage diverse weather and environmental conditions (changing snow or ice conditions, storms, etc.) (Fournier and Cooper 2022).

3 Discussion While the lack of disaster resilience capacity in rural and remote communities was highlighted in the projects discussed above, they demonstrate that the urban bias in emergency management can be overcome by using a wider lens and different angles. It is also apparent from the analysis that the process that is applied for the creation of an emergency response plan contributes to community resilience. The elements of a successful planning process are similar to elements that are key to successful approach to social innovation. In our current climatically changing environment, the evolving nature of emergencies and the uncertainty of what the future will present requires dynamic processes and tools. Social innovation can provide significant insight for determining on what is technically appropriate and for the distribution of resources in areas that have become much more complex “due to the deepening of mutually reinforcing socioeconomic, socio-political and socio-ecological” challenges we face (Swyngedouw 2009). When social innovation constructs are embedded within the emergency planning process, this invaluable process equips communities with tools and capacity to evolve and apply in times of need. The problemization approach for social innovation analysis suggested by Moulaertto mobilize transformation, consists of four elements that we have summarised as: (1) pragmatic, community led engagement, (2) action research, (3) a collaborative and inclusive approach, and (4) context driven solutions (Moulaert et al. 2013). These four elements are in alignment with the findings of the DRDC CSS investments discussed above in terms of what factors need to be considered for increasing community resilience when rural and remote communities engage in emergency planning processes:

Innovative methodology in emergency planning for community resilience

(continued)

• Place the communities in the drivers seat Pragmatic community led engagement • Limit the amount of technical jargon and complex processes Community developed relationships and processes derisk uncertainty and enable holistic design and bottom up analysis that make sense of complexity • Exercise regional/national emergency management plans to spread knowledge about how they work or how they are relevant to address local capacity constraints • Foster trusted relationships “Without trust and the existence or development of genuine relationships, the process is less likely to be meaningful, candid or effective” (Fournier and Cooper 2022) • Be cognisant of who defines resililence Bottom up processes embedded in the social fabric of a community and more context specific are more meaningful for and therefore more likely to be adapted by the community and result in successful implementation and execution at the time they are needed.Top-down definitions of resilience produced by outside experts were found to focus more on resilience theory and planning in technical terms, tending to “promote understandings and applications of resilience that can be generalized across communities” in contrast to bottom up process that “collect qualitative data and effectively engage with, and integrate, community perceptions” (Fournier and Cooper 2022)

Social innovation analysis elements

Emergency Planning—A Tool for Rural and Remote Community … 69

• Engage with local leaders who want to learn and improve • Explore alternative ways of effectively achieving community buy-in • Promote phased engagement to accommodate social, economic and cultural characteristics Allow for a flexible schedule that recognizes the seasonal events that set the pace of work and life.” (Amaratunga 2013) Incorporate economies that are mixed with “a blend of wage based economic activity supplemented by traditional land-based activities and practices”(Fournier and Cooper 2022) • Enable evolution as awareness of needs grow or threats change and articultate contributions to the larger body of knowledge and understanding The concept is clearly demonstrated by the evolution of the RDRP to ADRP to the current Community Disaster Resilience Planning (CDRP) framework. In 2019, JIBC received funding from the Vancouver Foundation to integrate the two frameworks, the RDRP and the ADRP, into one inclusive CDRP framework. This evolution is indicative of the increase in the consciousness of diversity and inclusion and the value placed on the role of iteration and embracing change

Action research Transformative change relies on iterations of action and research with transdisciplinary critical reflection

(continued)

Innovative methodology in emergency planning for community resilience

Social innovation analysis elements

(continued)

70 A. Greenley and Z. Towns

Innovative methodology in emergency planning for community resilience • Ensure diverse perspectives are heard and represented • Bring community members together with regional or national stakeholders • Improve the understanding of where different knowledge bases, such as traditional knowledge and western science based evidence, can add value to each other and be integrated • Ensure that the exchange of information and knowledge is a two way street, building capacity across stakeholders on both sides of the engagement—within and external to communities Considerable insight and understandings emerged from engaging with individuals, communities, and networks from rural and remote communities across researchers and stakeholders. The BCR community partners “were instrumental in teaching us about emergency management and capacity development in a remote Indigenous community context, and in helping us to better understand the challenges and opportunities for increasing resilience within this context”(Fournier and Cooper 2022) • Meet rural and remote communities where they are at • Address unique needs • Build on existing strengths and core competencies harnessing the existing resilience that has enabled the community to thrive and survive in the face of unique challenges that are not experienced in southern, more urban environments “many if not most longer-term residents of small, rural, remote or coastal communities are self-reliant people whose relationship with the outdoors, which may have brought them to these locations, has equipped them with the knowledge, skills, and experience to be self-sufficient when it is required” (Amaratunga, 2013)

Social innovation analysis elements

Collaborative and inclusive approach Collaborative and inclusive approach ensures that dynamics and gaps are identified and understood

Context driven solutions Context driven solutions are reflective and coherent, leading to sustainable solutions and overcome constantly evolving complex socio-political worlds

(continued)

Emergency Planning—A Tool for Rural and Remote Community … 71

72

A. Greenley and Z. Towns

4 Looking into the Future Policy development in many areas is recognising the need for resilience, especially in northern Canada, as the warming climate is making the arctic more accessible. The region has become an important crossroad where issues of climate change, international trade and global security meet. As melting sea ice opens shipping routes, it is also putting the wealth of natural resources in the arctic an northern regions of Canada within reach. Increased commercial and tourism interests also bring increased safety and security challenges that include search and rescue and human-created disasters (CIRNAC 2019). Having recognized that these changes will put new pressures on the resilience of existing communities, Canada has committed to increasing search and rescue measures for Arctic residents and visitors. The challenges presented by COVID-19 for emergency management and the potential for rural and remote communities to meet these challenges have called attention to the fact that although “contingency planning is long term, lacks immediacy and ‘wow factor’ and so may not always enjoy high political priority, and thus is often neglected”, emergency response planning increases the ability of communities to mitigate and reduce effects of public safety and security events (Timmis 2020). Planning also helps to have a broader perspective, to not just prepare for the last disaster and to overcome the availability bias that is inherent in decision making.1 During COVID-19, communities found that reviewing emergency plans enabled a more focused and efficient response as demonstrated by early research: “A key step in our community pandemic planning was having emergency response documents in place. This provided a rallying document for the public health team and community leadership. It also provided a sense of preparedness and confidence that the community was ahead of the pandemic with an implementable plan” (Kyoon-Achan 2020). The COVID-19 pandemic presented similar challenges for rural and remote Indigenous communities who have had to manage local responses to the pandemic. The BRC report highlights that despite much attention to the planning process in recent years, many Indigenous communities did not have emergency management plans to leverage to help them counteract the challenges presented by the pandemic. However, anecdotal reports suggest that even though pandemics may not have been “featured as a high risk in existing plans,” the communities that did have some form of an emergency response plan “hit the ground running” when COVID-19 descended upon their community, in comparison to communities who had no experience with emergency management planning (Fournier and Cooper 2022). Taking lessons learned from COVID-19 and the recent increase in significant weather related disasters, it is apparent that we need to step up to adapt and prepare for the impacts of 1

In problem solving, many decisions that are made are based on systematic bias that are formed by the availability of information as it is not always poassible to consider all information. Therefore, many decisions are made based on judgements that are influenced by the frequency one is exposed to information and its relevancy to the decision maker The phenomenon of illusory correlation is explained as an availability bias, (Kahneman 1973).

Emergency Planning—A Tool for Rural and Remote Community …

73

climate change, not just take action to reduce greenhouse gas emissions. In December 2020, the Government of Canada committed to developing Canada’s first National Adaptation Strategy (NAS). Disaster Resilience and Security has been included as a theme area for the framework for action and investment that will ultimately help to identify measures to increase the resilience of communities, including protecting public health and safety, natural ecosystems and biodiversity (ECCC 2021). Adaptation “is itself linked to learning, agency, renewal and collaboration on the part of individuals, groups and organizations” (UNDRR 2015 quoted in Fournier 2020; Fournier and Cooper 2022). “This understanding of adaptation is especially relevant for Indigenous communities as they move towards self-determination, reconciliation and renewed relationships” (Fournier and Cooper 2022). As more attention is focused on the needs of meeting the challenges of climate change, especially in remote regions of Canada, the lessons learned and best practices gained from investments in emergency response planning will provide insight for continuous work in this area, and inform future iterations of planning. The work presented here is not limited to the emergency plans that were created. The efforts undertaken have improved communities with awareness of top down structures and processes and increased local capacity that enables them to contribute more fully to future policy development and grow their emergency management relationships and skills while participating in and influencing the larger Canadian discussion on community resilience.

References Amaratunga C et al (2013) Building resilience and rural health system capability for pre-disaster planning and preparedness, final report. Defence Research and Development Canada, DRDC CSS CR 2013-030. https://publications.gc.ca/collections/collection_2016/rddc-drdc/D68-3-0302013-eng.pdf Charbonneau P, Martel L, Chastko K (2022) Population growth in Canada’s rural areas, 2016 to 2021. Government of Canada, Statistics Canada. https://www12.statcan.gc.ca/census-recens ement/2021/as-sa/98-200-x/2021002/98-200-x2021002-eng.cfm Crown-Indigenous Relations and Northern Affairs Canada (CIRNAC) (2019) Canada’s Arctic and northern policy framework. Government of Canada, Crown-Indigenous Relations and Northern Affairs Canada. https://www.rcaanc-cirnac.gc.ca/eng/1560523306861/1560523330587 Employment and Social Development Canada (ESDC) (2021) About the social innovation and social finance strategy. Government of Canada. https://www.canada.ca/en/employment-socialdevelopment/programs/social-innovation-social-finance.html Environment and Climate Change Canada (2021) Adapting to the impacts of climate change in canada: an update on the national adaptation strategy. Government of Canada. https://www.can ada.ca/content/dam/eccc/documents/pdf/reports/report-update-national-adaptation-strategy.pdf Exner-pirot H, Huebert R (2020) Arctic security: the Canadian context (Chapter 12). In Gjørv GH, Lateigne M, Sam-Aggrey H (eds) Handbook of arctic security. Routledge, NY Fournier S (2020) Assessing resilience with remote indigenous communities. The Conference Board of Canada, Ottawa Fournier S, Cooper J (2022) Building resilience and capacity with Canada’s remote Indigenous communities. The Conference Board of Canada, Ottawa. https://www.conferenceboard.ca/e-lib rary/abstract.aspx?did=11839

74

A. Greenley and Z. Towns

Indigenous Services Canada (ISC) (2022) Graph of costs reimbursed. Government of Canada; Indigenous Services Canada. https://www.sac-isc.gc.ca/eng/1560363002018/1560363016109 Insurance Bureau of Canada (IBC) (2022) Severe weather in 2021 caused $2.1 billion in insured damage. Insurance Bureau of Canada. http://www.ibc.ca/ns/resources/media-cente/media-rel eases/severe-weather-in-2021-caused-2-1-billion-in-insured-damage Kahneman D, Tversky A (1973) Availability: a heuristic for judging frequency and probability. Cogn Psychol 207–232 Kikkert P (2021) Emergency management must be central to climate change response in the North. The Hill Times. Retrieved May 02, 2022, from https://www.hilltimes.com/2021/12/08/emerge ncy-management-must-be-central-to-climate-change-response-in-the-north/332910 Kyoon-Achan G, Write L (2020) Community-based pandemic preparedness: COVID-19 procedures of a Manitoba First Nation community. J Commun Saf Well-Being 5(2):45–50. Retrieved April 28 from https://doi.org/10.35502/jcswb.131 Moulaert F, MacCallum D, Hillier J (2013) Social innovation: intuition, precept, concept, theory and practice. In: Moulaert F, MacCallum D, Mehmood A, Hamdouch A (eds) The International handbook on social innovation: collective action, social learning and transdisciplinary research. Edward Elgar, Cheltehham, United Kingdom, pp 13–24 MurphyB, Chrétien A, Pearce L, Gunson B, Ursuliak D, Restoule C, Nicholas W, Pelletier T, Dokis First Nation, ON, Tobique First Nation, NB, Prince Albert Grand Council, SK (2016) Aboriginal disaster resilience planning (ADRP) knowledge sharing toolkit: final report to indigenous and northern affairs Canada. Justice Institute of British Columbia. Office of Applied Research & Graduate Studies. School of Public Safety. https://cdrp.jibc.ca/wp-content/uploads/2016/04/ADRP_Knowledge_Sharing_Toolkit1.pdf RAND Corporation (2001) Community resilience. RAND Corporation. https://www.rand.org/top ics/community-resilience.html Statistics Canada Can (2021) Population growth in Canada’s rural areas, 2016 to 2021. https://www12.statcan.gc.ca/census-recensement/2021/as-sa/98-200-x/2021002/98-200x2021002-eng.cfm Swyngedouw E (2009) The political economy and political ecology of the hydro-social cycle. J Contemp Water Res Educ 142(1):56–60. https://d1wqtxts1xzle7.cloudfront.net/39976697/Integr ating_WaterQuality_into_a_Water_Re20151113-11185-vqpay3-with-cover-page-v2.pdf?Exp ires=1657386337&Signature=VZFVzELYquAXvsxaab6oQNda8~DZZfvcm2hBfQ1EMqB7 lWyI025UInSYFkbjooe7xy4NjEaFXMT-ZYExQLD6IvJOlxQVOrZcbKJR1b82ute-eQgiP3sLf tkwng9Oklp5RUtz3v0im0vtF8Q1kxAeoAiQ3mk7YybzgyU8mvj4JavklNtj5tIIIq8qvrm2Io8O Nzlt~9P2P7NazrHTMgWI9qAlbr88DHzpmqX5JCU26P-ov~9h9lFROdlFXEUU1jjssYJmFY JtJl-UZuRrtpO~xa6fnyk4-FrXMaaeFlt3LnQk16fF-FqXQRQP4IyQ9HxBCkHqdh-AuXVeJ ODBXxHHyg__&Key-Pair-Id=APKAJLOHF5GGSLRBV4ZA#page=60 Timmis K, Brüssow H (2020) The COVID-19 pandemic: some lessons learned about crisis preparedness and management, and the need for international benchmarking to reduce deficits. Environ Microbiol 22(6):1986–1996. https://doi.org/10.1111/1462-2920.15029 United Nations Office for Disaster Risk Reduction (UNDRR) (2005) Hyogo framework for action 2005–2015: building the resilience of nations and communities to disasters. https://www.undrr.org/publication/hyogo-framework-action-2005-2015-buildingresilience-nations-and-communities-disasters United Nations Office for Disaster Risk Reduction (UNDRR) (2015) Sendai framework for disaster risk reduction 2015–2030. In: UN world conference on disaster risk reduction, 2015 March 14– 18, Sendai, Japan. United Nations Office for Disaster Risk Reduction, Geneva. https://www.pre ventionweb.net/files/43291_sendaiframeworkfordrren.pdf Vodden K, Douglas D, Minnes S, Markey S, Reimer B, Breen S (2019) Conclusions: implications for policy and practice. In: Vodden K, Douglas D, Minnes S, Reimer B (eds) The theory, practice, and potential of regional development: the case of Canada. Routledge, London, United Kingdom, pp 212–234

Applications of Foresight for Defence and Security: The Future of Crime Tasha Van Dasselaar, Jason Giddings, and Sydney Stewart

Abstract The nature of crime is continually evolving, and as nefarious actors take advantage of emerging trends across the economic, political, environmental, social and technological landscapes the threats they pose become augmented, and emphasizes the need to think strategically and anticipate for longer-term drivers of change and conceivable future scenarios. A foresight project entitled the “Future of Crime” was undertaken to present changes across the domain of crime and illustrate how these shifts could alter our crime landscape and impact defence and security. The project is used as a case study to demonstrate the need to apply strategic foresight methodologies on different levels of decision-making from strategic to tactical. This chapter explores the ability for foresight methodology to inform strategic planning and operational capabilities in the domain of defence and security. Keywords Foresight · Defence · Security · Scanning · Scenarios · Strategic · Operational · Tacticial · Decision-making · Testing · Planning

1 Introduction Foresight is a method of systematically thinking about the future. It serves to identify risks that could prevent a preferred future from transpiring; and, it challenges the assumption that trends will progress uninterrupted. The goal of foresight is not to provide predictions, but to generate knowledge of alternative futures and possible

T. Van Dasselaar (B) · J. Giddings · S. Stewart Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, Canada e-mail: [email protected] J. Giddings e-mail: [email protected] S. Stewart e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_5

75

76

T. Van Dasselaar et al.

courses of actions.1 It can be used to challenge organizational assumptions, contemplate how emerging trends may interact, and assess possible futures.2 Today’s era is marked by uncertainty with rapid advances in technology, deteriorating environmental conditions, a proliferation of social movements, and unpredictable international relations. Foresight prioritizes the integration of the sociocultural and technological aspects that define these challenges, and as such, it can anticipate adverse developments.3 With an ability to identify preferred futures, foresight is a valuable tool in the face of emerging challenges. But how can futurists study something that doesn’t exist? It can be helpful to compare the field of foresight to history. Historians also analyze a time period outside of the present day– but they focus on the past. They study artifacts and analyze trends to fill in the missing pieces that explain an environment that exists in the past. Comparably, a foresight analyst must use available information and trend analyses to study an environment that could exist in the future. However it’s the rigour in the methodologies used that enable both futurists and historians to defend their work. Much like many formal review, risk and planning functions, foresight relies on multiple lines of evidence to inform and recommend program and policy development, and required investments, only with a different time horizon. It is important that foresight is not conflated with forecasting as they have an important difference: whereas traditional forecasting focusses on a probable, “mostlikely” future, foresight seeks to present a series of plausible futures. Its goal is not to predict the future, or even to suggest which direction might be most desirable. Rather, the goal of foresight within the domain of national security and public safety (NSPS) is to offer decision-makers key insights on how best to prepare for all possible scenarios, what they might do to shift towards a more preferred future, and how to recognize and adapt to events and trends that may point toward a specific future. Instead of thinking of foresight as a method of predicting the future, it is essential to see foresight as a creative, long-term dialogue. Foresight is about framing, informing, and opening up new pathways and ideas about possible futures and how one might plan for and approach these futures. NSPS is acutely impacted by the challenges of the twenty-first century. The uncertain nature of today’s political and social climate, compounded by a technological revolution, demands NSPS practitioners to be nimble and flexible. As a policy tool, strategic foresight enhances resiliency by generating awareness about various scenarios.4 In the 2000s, the foresight discipline was critiqued for its lack of influence on policy formulation, regulating it to an academic exercise.5 Governments preferred risk management strategies to protect against security threats.6 Risk 1

Schatzmann et al. (2013). Wilner and Roy (2020). 3 Riedy (2009). 4 Sissel et al. (2018). 5 Riedy, “The Influence of Futures Work on Public Policy and Sustainability,” 42. 6 Sissel, Inger-Lise, and Victoria, “The Contribution of Foresight to Improve Long-Term Security Planning,” 68. 2

Applications of Foresight for Defence and Security: The Future of Crime

77

management produces predictions of plausible scenarios, thereby relying on a linear perspective on the evolution of trends. Foresight, however, is founded in an understanding that the future is not predetermined and accounts for such unknowability in its methodology. In recent years there has been an uptick in the use of foresight by the Canadian government with the creation of foresight units across several departments and agencies. Within the Director General, Policy and Advice at Defence Research and Development Canada (DRDC) the Defence and Security Operations and Analytics team undertook a foresight project entitled the “Future of Crime”. The Future of Crime project is explored in this chapter to demonstrate the ability of foresight to inform strategic planning and investment among NSPS partners. First, this chapter will provide the background knowledge that informed the Future of Crime project. Next, an overview of foresight methodologies, and the methodology used for this particular case study, will be provided. This will be followed by a discussion of the project’s results, and the possible implications for the NSPS community. Finally, this chapter will conclude with a discussion of foresight’s ability to deliver desirable outcomes amid a rapidly changing security landscape.

2 Background While the use of foresight methodologies within the Federal Government has been growing in popularity, it is still a novel field. In order to carry out the Future of Crime project, DRDC Centre for Security Science (CSS) expanded upon its foresight function. Ongoing projects were engaged in the monitoring and scanning of disruptive and emerging technologies. However, foresight necessitates a broad consideration of Social, Technological, Economic, Environmental, Political and Legal (STEEPL) categories. DRDC CSS is responsible for leading the Canadian Safety and Security Program (CSSP). Launched in 2012, CSSP is endowed with the mission of strengthening Canada’s ability to anticipate, prevent, mitigate, prepare for, respond to, and recover from natural disasters, serious accidents, crime and terrorism through the convergence of science and technology (S&T) with policy, operations, and intelligence.7 The Future of Crime project was tightly aligned with this mandate, combining DRDC CSS’s existing expertise on technological foresight with the social, political, legal and environmental trends that will shape Canada’s future national security and public safety landscape. The Future of Crime project employed established best practices in the field of foresight, beginning with a baseline analysis of Canada’s NSPS domain. DRDC CSS is mindful that for the foreseeable future, NSPS stakeholders will continue to be challenged by hostile state actors, cyber-threats, emerging disruptive technologies, violent extremism, climate change as well as a myriad of national security priorities including money laundering and terrorist financing activities, human trafficking and 7

Government of Canada (2016).

78

T. Van Dasselaar et al.

migrant smuggling. All of this is on the horizon at a time when overall community confidence and trust in public safety and other institutions is waning. Emerging trends in crime are positioned to disrupt governments, economies, and societies, should legal frameworks, policies, and law enforcement capabilities not be in place to allow for agile, informed, and timely actions. The baseline analysis was informed by two keystone documents. Canada’s 2020 National Security Strategic Overview highlights the increasingly sophisticated nature of criminal networks and techniques that pose a significant threat to Canada’s NSPS, and the implications for economic stability.8 The report identified the following main trends: Hostile Activities by State Actors; Cyber, Space and Emerging Technologies; Countering Violent Extremism and Terrorism; Border Security; Environmental and Health Security; Crime-National Security Nexus; and Connecting with Canadians.9 The Royal Canadian Mounted Police (RCMP) 2020 Environmental Scan identified six mega-trends to guide their strategies and investments: the 4th Industrial Revolution; Protecting Human Rights; Climate Change; Demographics & Society; Trust, Confidence & Transparency; National Security & Transnational & Serious Organized Crime.10 Guided by these reports, the Future of Crime project conducted a comprehensive literature review to identify trends within the domain of crime. Primary and secondary sources, such as government documents, organizational publications, peer-reviewed articles, and international and domestic media reports were consulted. The literature was organized by its relation to historical events in Canada’s NSPS domain, emerging trends and legislative and regulatory considerations. A descriptive and diagnostic analysis of historical disruptive events and emerging crime was carried out to identify six major intersecting trends: 1. Disruptive events can trigger other disruptive events. A clear relationship exists between the occurrence of disruptive events and the scapegoating of minority groups. This was witnessed in the aftermath of the 9/11 terrorist attacks with increased hate-crimes experienced by Muslim individuals or in Muslim places,11 and again today with rising hate crimes towards Asian Canadians surging amidst the COVID-19 pandemic.12 2. Insufficient communication and collaboration among NSPS partners lead to intelligence shortfalls. Since its confederation Canada has experienced disruptive events that were augmented by a breakdown in intelligence, communication and response. The first of these occurrences were the Fenian Invasions (1866– 1871), as Canadian officials found themselves dealing with a barrage of information and challenged in their ability to adequately decipher between fact and fiction.13 Intelligence gaps were also noted with the Winnipeg General Strike, Air 8

Department of National Defence (2020). Ibid. 10 Royal Canadian Mounted Police (2020a). 11 Nagra (2018). 12 Liu (2021). 13 Whitaker et al. (2012). 9

Applications of Foresight for Defence and Security: The Future of Crime

79

India attack, and 9/11 as Canada’s decentralized intelligence networks failed to adequately communicate anticipated threats. While efforts were made following these occurrences to reform Canada’s intelligence framework and capabilities, including the creation of the Canadian Security Intelligence Service (CSIS) prior to the Air India attack,14 there are still signals that national security agencies struggle with this enigma. This was illustrated by a 2011 case in which the head of the FBI’s counterintelligence department informed the RCMP about a spy in the Canadian Navy that was known to CSIS, but the information was kept in-house.15 3. Meeting recruitment ideals is an organizational obstacle. After the Air India Flight 182 attack, a Special Commons Committee was established. It determined that CSIS’s recruitment standards were insufficient and that the service needed recruits, “who can grasp the social, cultural, political and economic contexts from which the changing threats to the security of Canada emerge”.16 Since then, NSPS agencies in Canada have made strides towards meeting recruitment ideals with recruits representing a more diverse range of backgrounds; however, shortfalls persist. Today, the Canadian public service faces challenges in recruiting cybersecurity talent. A 2018 study revealed that up to 1/3 of Canadian tech graduates are leaving the country for positions that offer more opportunities and higher wages.17 With the demand for cyber talent increasing at roughly 7% per year,18 having the right people recruited and retained in Canada’s NSPS agencies will continue to be a priority that is difficult to meet. 4. Challenges in defending Canada’s borders and asymmetries in Canada-US responses. Canada has one of the largest borders to defend and survey in the world.19 While the United States has been a longstanding ally and poses no military threats to Canada’s national security there are still many issues and considerations. During the aforementioned Fenian Invasions, a newly confederated Canada lacked the resources to adequately defend the southern border. As climate change rapidly makes the Arctic more accessible to investment and exploration, this concern has resurfaced due to low Canadian presence along our Northern border. 5. The term “terrorism” and its political significance. The Air India Flight 182 bombing was not initially referred to as a terrorist attack by the Canadian government, with important implications for responding to the event.20 After 9/11 and the launch of the global “war on terror” there was a discursive shift surrounding the Air India attack with the government now referring to the event as an act of

14

Ibid. Bronskill (2021). 16 Whitaker, Kealey, and Parnaby (2012). Secret service. 17 Spicer et al. (2018). 18 Rashotte (2021). 19 Central Intelligence Agency (2021). 20 Seshia (2012). 15

80

T. Van Dasselaar et al.

terror against Canada.21 This had the impact of resituating the victims as Canadian and prompting the launch of a commission of inquiry. Today, defining an event as an act of terror still remains contentious. Domestic terrorism and violent extremism are distinct under Canadian law. However, right-wing extremists have shown an increasing ability to mobilize and commit or incite violence for political purposes, which aligns with the definition of terrorism. The application of this designation is subjected to political forces with recent right-wing extremist attacks not charged with terrorism. The Government of Canada has started to label far-right groups as terrorist entities including groups like Atomwaffen Division, The Base and Blood & Honour.22 This indicates a potential shift in how terrorism is conceptualized in the modern era; however, the rate, implications and discourse surrounding this shift hinges on the occurrence of a disruptive event. 6. Social unrest has implications for policing and its perceived legitimacy. While Canada has remained a relatively moderate country throughout most of its existence, there have been a few cases of societal unrest, such as the Winnipeg General Strike and the October Crisis. However, such occurrences are not only confined to the past, they are also taking place in the present. In recent years, events including the Idle No More, Wet’suwet’en, Black Lives Matter, Fairy Creek and Every Child Matters protests have demonstrated a deep discontent in society towards traditional security institutions for both past and present actions. Addressing and rectifying societal concerns will be crucial in order to prevent future disruptive events and to develop trust in our security institutions. These trends provided the baseline upon which the Future of Crime project could be carried out. It informs predictive analysis, which is used to identify what is likely to happen given the knowledge obtained on previous and current trends. It is important to note that the goal of this study is not to predict the future of crime. Rather, the goal is to offer decision-makers key insights and information on other plausible and unknown crimes and shifts to Canada’s NSPS environment. To accomplish this, rigorous foresight methodology was employed.

3 Methodology Methods and approaches to foresight continue to evolve and adapt to the needs of a stakeholder. The need for strategic foresight has been acknowledged as a necessity amongst many senior officials within defence and security and can help in building a safe and secure future for Canadians. Applying and adapting methods from the University of Houston, leading Canadian futurist Dr. Wilner at Carleton University, and Horizon’s Canada, a comprehensive method that aimed to meet the needs of Canada’s defence and security agencies was developed. Although still in progress and maturing, the Future of Crime project serves as an example of the methodologic 21 22

Ibid. Public Safety Canada (2019).

Applications of Foresight for Defence and Security: The Future of Crime

81

approach taken and what it could mean in the application of foresight for defence and security. In conducting foresight, the who, how, when and where are all questions that must be considered so that foresight analysis is integrated and applied in the decisionmaking of an organization from at strategic and tactical level. • Who is the audience of a foresight product? Which can change from within an organization. • How will the foresight product be delivered? • When will the foresight product be delivered? • Where will the foresight product be made available? These questions need to be considered from the onset of a foresight study and re-assessed periodically throughout the process. Firstly, it is important to note the difference between situational awareness and domain awareness, given the term “domain awareness” is being used more frequently and with great urgency by Canadian defence and security agencies. Situational awareness is real time analysis used for rapid reaction and decision-making. Whereas domain awareness is understanding how things are operating and interacting within an environment and how it could potentially impact the security, safety, economy, or environment. The method used for Strategic Foresight Analysis and outputs resulting from it, is essentially domain awareness. The data and observations used for situational awareness informs the domain to an extent; however, by establishing broader domain awareness as a baseline, defence and security agencies are better equipped to conduct situational awareness. The methods used to conduct foresight research include participatory research, scanning and outreach. The participatory research used was in the form of a workshop which invited multiple participants with varying subject matter expertise in the realm of defence and security, for example cyber security and organized crime. The output from these workshops was a domain map that highlighted drivers of change and the interconnection between various sub-drivers. This information informed the scanning of trends. Scanning took place over an identified period of time to avoid an overload of information given the exorbitant amount of information that comes from the Internet of Things (IoT). The scanning process included reviewing literature, collecting relevant news and media sources, and conducting briefings with academic experts with a range of expertise including organized crime, terrorism, virtual reality, Arctic security, and right-wing extremism. The scanning resulted in the identification of trend cards, which are a tool for ideation and prioritizing ideas. They are visual and textual descriptions of trends created based on data generated in the first phase of a foresight study. Trends cards are often used to analyze the changes occurring within a particular subject and its potential STEEPL impacts. In the case of the Future of Crime, analysis of the metatrends of right-wing extremism, cyber security, traditional arctic security, human arctic security, and quantum computing was conducted and further divided into sub-trends. The first sub-trend was megatrends, which is the long process of transforming that has an impact across dimensions and can be observed

82

T. Van Dasselaar et al.

over decades. The second sub-trend was general trends, which are typical patterns that are expected to continue in absence of a disruptive event. The third sub trend was weak signals, which are early signs of current small changes and/or shifts that might hold permanency. Finally, wild cards which are high impact, low probability events that are the product of thinking creatively about how trends could develop. These trends cards can then be applied by our defence and security partners to craft scenarios to test their strategic planning, programs and policies, and assist in operational, tactical and technical planning. Scenarios can be presented as simulations of table top or red teaming exercises, or they can take advantage in investing in synthetic reality opportunities for such testing. The methodological approach employed in the Future of Crime study serves as an example for how foresight projects could be conducted in the NSPS domain. The findings of this study are summarized in the following sections.

4 Findings The Future of Crime study led to the identification of four final drivers of crime: economic crisis, climate change and public health, emerging technology, and political and social instability. The sub-drivers of each category are detailed below.

5 Economic Crisis 5.1 The Concentration of Wealth and Rise in Inequality Threatens American’s Social Fabric Capitalism, which brought about privatization, and placed profits and wealth in the hands of individuals rather than the state, was further accelerated during the first industrial revolution. Over the past few centuries, we have seen capitalism as an economic benefit creating wealth and prosperity, innovation, and a competitive marketplace. On the other hand, capitalism has created a disproportion of wealth, with the richest 1% of the world’s population owning 43% of the world’s wealth, which resulted in greater inequality and damage to our society, amongst other effects.23 The notion of “after capitalism”, for which capitalism will end, has been emerging given the world’s economic shifts being observed, as demographic values and beliefs change, and with the rapid advances in technology. With recent developments in science and technology, more specifically automation, there are concerns and considerations about the role of human workers in the

23

Credit Suisse (2020).

Applications of Foresight for Defence and Security: The Future of Crime

83

future workforce. During the COVID-19 pandemic there has been a climb in businesses and governments using AI technology to perform a work task that was once carried out by a human worker. Aggregated data by Statistics Canada suggest that 10.6% of Canadian workers were at high risk of automation-related job transformation in 2016, while 29.1% were at moderate risk. Although the percentage in 2021 is not available, we can assume with the advances made in technology and job shifts during the pandemic, these numbers are in fact higher.24 This type of job transformation can lead to major socio political inequalities; conversely, it can also lead to efficiencies, innovation, and can address human resource shortages. Law enforcement faces challenges and opportunities when it comes to automation of jobs. If an elite class is formed the strength of Canada’s social and political order will be tested and will pose a challenge to law enforcement by driving the rest of the population to hostile protests and engaging in criminal activities. At the same time, while the demand for regular members in the RCMP has gone up, the number of applicants to the RCMP has gone down. This human resource challenge can be solved by automating certain jobs within law enforcement. Furthermore, the use of Artificial Intelligence (AI) to process the increase in information available during an investigation, can lead to better efficiency in convictions.25 As inequality becomes more prevalent in Canada, the ratio of marginalized Canadian citizens would increase, which would make Canada more vulnerable to violent radicalization and extremism. In oppressed communities, mainly within the large urban areas, people are more susceptible to being victimized and recruited into local gangs and terrorist groups. An increase in exploitation of the most vulnerable threatens Canada’s NSPS, magnifies the rate of incarceration, and strains our already overcrowded prison system. Moreover, incarceration of gang members or members of terrorist groups generates a larger threat—as prisons themselves are a fertile recruiting ground for radicals and terrorists, furthering these members’ causes creating more violent attacks to Canada’s NSPS.26 If, hypothetically, an elite group in Canada rises to power, there is a possibility of disregarding laws that aim to punish those who commit a “white collar crime.” Although the direct output of white collar crimes typically are non-violent, the rippleeffect could have a devastating effect on our economy and become the originator of violent acts, due to further marginalization of people. North America’s economy is still in a period of transition, therefore, a consideration should be given to the economic threats to Canada’s NSPS, and their implications.

24

Frenette and Frank (2020). Royal Canadian Mounted Police (2020b). 26 Wilner (2010). 25

84

T. Van Dasselaar et al.

5.2 Globalization Threatens Canada’s Economic Sovereignty An emerging trend for economic downturn in Canada can be anticipated given a number of signals and predictive indicators that have been documented during our research, such as the pandemic, political instability, new world leaders, and either the collapse or acceleration of globalization. The concern over Canada’s economic sovereignty in our increasingly globalized world is an emerging trend sparking apprehension in policy makers and citizens alike. The COVID-19 pandemic has brought many challenges and uncertainty about the future, mixed with new world leaders like China increasingly asserting their influence on the international scene given the country’s rapid economic growth. This is transpiring alongside political instability in our southern neighbour and largest trading partner, the United States. Furthermore, as tensions rise between China and the West there has been increasing pressure on American allies to take an assertive stance. This has ranged from large-scale decoupling with China currently occurring in Australia to the more balanced approaches being taken in Germany and Canada.27 ,28 ,29 China’s role as both a 5G leader and “the world’s factory” make these decisions incredibly complex.30 ,31 Now more than ever, the interconnected nature of the Canadian supply chain within the greater web of global trade has been laid bare and as other world leaders come to this realization concerning their own countries, conversations have begun regarding nationalizing supply chains. Notwithstanding the direction Canada and other major economies take on this issue, the future of globalization will be fraught with challenges and difficult choices. Beyond supply chain concerns, discussions on Canadian economic sovereignty must also take foreign direct investment into consideration. As one of the world’s most stable democracies Canada is a highly attractive country for foreign investment. However, the effects of this phenomenon have implications across every aspect of Canadian society. Prior to the 2021 federal election, Adam Vaughan a Liberal MP working in the ministry responsible for housing admitted that Canada is “a very safe market for foreign investment, but not a great market for Canadians looking for choices around housing”.32 During the campaign, every major party made commitments to address foreign investment in housing.33 As we slowly transition to a postpandemic world and pursue economic recovery, with real estate comprising a vital component in nationwide spending, such decisions made to assuage societal worries may involve economic concessions. Among all these issues climate change may pose the greatest threat to Canadian economic sovereignty in the twenty-first century. Rising temperatures and natural 27

Westcott (2021). Casey (2021). 29 National Post View (2021). 30 The Economist (2020). 31 Strumpf (2020). 32 Todd (2021). 33 Hughes (2021). 28

Applications of Foresight for Defence and Security: The Future of Crime

85

disasters will have aftershocks both domestically and internationally with the potential to cause unprecedented, forced migration and considerable damage to critical infrastructure. Countries, provinces, and cities could also experience a downgrade in their credit scores as they become increasingly risky areas of investment due to their climate vulnerabilities.34 The World Economic Forum has already forecasted that credit scores encountering “climate induced downgrades would add $137–205 billion to countries annual debt service payments by 2100.”35

5.3 Globalization Gives Opportunities to Organized Crime The global flow of goods has opened borders and increased the international connectivity of supply chains. These economic shifts have created opportunities for organized crime. Transnational organized crime knows no borders or rules, it is an everchanging industry and continues to adapt to markets and create new forms of crime. It involves all serious profit-motivated criminal actions of an international nature where more than one country is involved, and undermines the economic, social, cultural, political, and civil development of societies around the world.36 The trafficking of goods and people, propelled by globalization, is closely intertwined with organized criminal activity. The increasing vulnerability of Canada’s northern border, which is discussed further under climate change and public health (Sect. 7.3), will present opportunities for trafficking, thereby inviting organized criminal activity. Other drivers, such as advances in 3D printing and the effects of climate change, will introduce economic incentives for the trafficking of certain goods. According to some, lenience on organized crime in Canada makes it an attractive country for mobster and cartel activity. Indeed, a former DEA agent part of the task force tracking El Chapo noted the cartel leader’s “deep infiltration” in Canada, taking advantage of Canada’s tolerance.37 Canada’s expansive border, coupled by a lack of policing resources, increases our vulnerability to organized economic crime. The intertwinement of Canada’s economy with the global economy also has implications for transnational organized crime. The ability for organized crime groups to infiltrate global supply chains has been witnessed during COVID-19 with the proliferation of counterfeit health goods.38 Canada’s real estate market has also proven to be ripe for the laundering of money by organized criminal groups. A confidential police study of over 1200 luxury real estate purchases in British Columbia revealed that over $1 billion was laundered through the real estate market in 2016.39 Much of

34

Reuters Staff (2021). Ibid. 36 United Nations Office on Drugs and Crime (2021). 37 Russell (2019). 38 INTERPOL (2020). 39 Cooper et al. (2018). 35

86

T. Van Dasselaar et al.

this activity was linked to a Chinese-based gang profiting enormously from fentanyltrafficking: The Big Circle Boys. A globalized economy will continue to influence the economic incentives for profit-motivated criminal activity with serious impacts on Canadian NSPS.

5.4 Canada Becomes Increasingly Urban and Aged Canada has a population that is becoming increasingly urbanized, which has important implications for crime and policing. The steady incline in Canada’s urbanization has been observed over some time: in 2011 18.9% of people lived in a rural area, which is marginal compared to 1861 when 84% of people lived in a rural area. The migration of people from rural to urban areas occurred from the early 1900’s to mid-1900.40 This historical shift could be attributed to the economic downturn in the era of the great depression and the influx of immigration to Canada that settled mostly in the cities, driving forces that remain prevalent in the twenty-first century. The concentration of people in urban centres introduces logistical challenges for police forces including the policing of mass protests and other large gatherings, as well as the complications of mass urban evacuations in the event of a natural disaster or terrorist attack. Moreover, a dispersed population in rural regions obstructs the ability for police to respond rapidly to emergency calls.41 Another demographic shift underway in Canada is its population aging. A consequence of the baby boom post WWII, the percentage of Canada’s population over the age of 65 has been steadily on the rise. In 2020, 17.5% of the population was over 65 and it is projected that this number will rise to 25% by 2060.42 Older adults are particularly vulnerable for certain crimes. In 2018, 1/3 of victims older than 65 were victimized by a family member43 highlighting their risk for family violence. With COVID-19 sparking concerns on rising rates of domestic violence under lockdowns and stay-at-home orders, specific attention must be given to the victimization of older adults. Furthermore, financial scammers often specifically target older targets in fraud and confidence schemes.

40

Martel (2018). Nelson (2020). 42 Employment and Social Development Canada (2014). 43 Savage (2019). 41

Applications of Foresight for Defence and Security: The Future of Crime

87

6 Emerging Technology 6.1 Advances in Technology Move Faster Than Organizational Readiness and Capacity to Respond Emerging technologies pose a series of opportunities and challenges for the Canadian government and its citizens. The dual-use nature of these technologies to act as tools to either benefit or harm societal welfare will continue to have a push–pull factor that will influence public discourse. While technological advances are changing the way Canadians live, work, and interact with each other, information and communications technologies (ICT) along with their related functions have become a crucial element of Canadian critical infrastructure. As such they have also become a high-value target for nefarious actors and protecting them is paramount to maintain economic stability and sovereignty while also preserving trust in the state. From a national security standpoint, the speed at which technology is advancing has become a deep concern as government agencies attempt to address the evolving threat landscape. Both the frequency and magnitude of cybercrime have increased exponentially in the past decade. While cybercrime has registered thousands of reported incidents in Canada for almost a decade now, only in recent years public investment to address the issue has increased exponentially. Budget 2018 has pledged $201.3 million over 5 years and $43 million per year after that to address cybercrime including initiatives like funding for the Canadian Centre for Cyber Security and the creation of the National Cybercrime Coordination Unit.44 The capital available to government agencies to address cybercrime has dramatically increased but it is a decade overdue. The RCMP’s National Cybercrime and Fraud Reporting System will not be operational until at least 2023, six years after the Director General for Federal Policing Cyber Operations at the time in the RCMP publicly expressed concerns regarding a resource shortfall to tackle cybercrime.45 Unlike traditional security threats like counterterrorism, attribution has proven to be intrinsically difficult in the cyber realm with hostile states often operating via sponsored yet legally unaffiliated hackers. Due to the dependence of other critical infrastructure sectors on ICT including energy and utilities, finance, health, water and manufacturing cyber-attacks have increasingly shown an ability to threaten key segments of the economy with deep societal implications. In 2021 alone, North America has suffered major cyber-attacks on meat plants, a water treatment plant, an oil pipeline, and hospitals to name a few. The economic toll from cyberattacks has already far surpassed that of all terrorist attacks combined.46 Both the opaque nature in which cyber criminals operate and the embryonic state of norms in the cyber realm create difficulties in holding offenders accountable and retaliating if necessary.

44

Public Safety Canada (2018). Solomon (2021). 46 Panetta (2021). 45

88

T. Van Dasselaar et al.

The traditional rules of deterrence and compellence as understood in prior fields of warfare do not apply well in the field of cyberspace.

6.2 Emerging Technologies Introduce Novel Security Threats With the rapid re-emergence of the space industry as an area of increased investment by public and private entities, conversations concerning resources, cooperation, legislation, and militarization in space have also been amplified. With Canada spending the least on space exploration among G8 countries in actual dollars and the second lowest per-capita,47 the country must be cautious not to lose a seat at the table in what is shaping up to be a crucial era of research and development in space. Quantum computing is another field that will have serious national security implications and is experiencing aggressive investment from states and corporations alike. The ability for quantum computers to decrypt data and facilitate espionage has long been considered to be decades away as it was believed that a quantum computer would need one billion qubits to perform that job. However, a recent report has demonstrated that such decryption capabilities could be accomplished by a quantum computer with 20 million qubits,48 making such a feat possible far sooner than previously expected. Criminal organizations have also maximized the use of new technologies to augment their abilities including the usage of online fraud, ransomware, malware and extortion as highly profitable enterprises. These crimes pose serious risks to every stratum of Canadian life, from hospitals losing access to patient files due to a ransomware attack to a loved one falling victim to a Canadian Revenue Agency (CRA) email scam. While such crimes will almost certainly remain pertinent threats, emerging fields such as synthetic biology and 3D printing will open new avenues to be exploited by criminals. These include, but are not limited to, illegal gene-editing kits, synthetically produced drugs, 3D printed drugs and 3D printed firearms and firearm components. From the larger national security concerns like space and quantum computing, to more localized threats resulting from budding spheres like 3D printing and synthetic biology a proactive response from federal agencies will prove crucial. The incredible proliferation of cybercrime this century has demonstrated that in the domain of emerging technologies what may begin as a nascent problem can grow exponentially to become a threat that cannot be contained by our national security partners. Working alongside academia and industry in this endeavor will be a necessary component if government actors are to achieve a strategic advantage.

47 48

Senger (2018). Emerging Technology from arXIV (2019).

Applications of Foresight for Defence and Security: The Future of Crime

89

6.3 Legislation and Policy Hinder the Ability of NSPS Actors to Take Advantage of Existing and Emerging Technologies As societal values shift, legislation is often slow to follow. This is particularly true in the field of emerging technologies. While the use of the internet and social media has become ubiquitous elements of life for most Canadians, there have been increased calls to provide greater privacy online. This benefit to the consumer may come at the price of limiting surveillance opportunities for law enforcement. This also extends to other areas, as noted with the RCMP’s use of Clearview AI’s facial recognition which was deemed to have violated the Privacy Act.49 With the possibility of mass surveillance growing in scope, there has been societal pushback. Citizens in Toronto recently expressed deep privacy concerns regarding a project by Sidewalk Labs, a subsidiary of Alphabet, to transform 12 acres of the downtown waterfront into a sensor-laden smart city. This all comes amidst a national conversation on big-tech companies and their data collection, particularly where it is stored, how it is protected and most importantly who it is shared with. Thus, even when technological capabilities exist to mitigate crime, shifting societal norms and legislation may encroach against it. Beyond legislation, political will and adequate investments are crucial elements that will be required for law enforcement to take advantage of emerging technologies. Even when legislation does provide space for law enforcement to utilize newer capabilities in facial recognition, augmented reality and other technologies, insufficient funding has the potential to prevent national security partners from modernizing their departments and training programs.

7 Climate Change and Public Health 7.1 A More Accessible Arctic Invites Layered Security Challenges As the environment and our natural resources continue to change because of climate change, and global warming continues to impact our Arctic making it more accessible, our security challenges will be tried and there will be a need for cutting edge science and technology. As the Arctic becomes more inhabitable and thinning ice opens the Northwest Passage, nation states and tourism are rushing into Canada’s Arctic region calling for Government action. The Canadian Armed Forces within the North American and Arctic Defence and Security Network (NAADSN) addresses three core policy challenges—the Defence role in the Arctic, NORAD modernization and the future of North American defence, 49

Office of the Privacy Commissioner of Canada (2021).

90

T. Van Dasselaar et al.

and the evolving role of major powers in global strategic competition. A few key outcomes are—to increase CAF presence in the Arctic, examine and anticipate emerging threats, and assess and consider changes in the global security environment and major competitors, particularly with Russia and China.50 Amongst the need for increased intelligence and surveillance in Canada’s northern regions there is also a need to expand and reinforce Canada’s first responders responsible for public safety in Canada in these regions. Increased movement through Canada’s North creates emerging threats to NSPS, with northern Indigenous communities being exposed to potential trafficking of their people, tourist related crimes, trafficking of illegal items, and poaching and over consumption threatening their livelihood. Furthermore, given the threats to Canada’s Arctic sovereignty and the present geopolitical issues the Government of Canada is urged to invest in science and technology that can assist our CAF and first responders so that they can efficiently and effectively respond to the emerging threats.

7.2 The Impact of Infectious Disease, Addiction, Mental Health and Other Public Health Epidemics Forces the Government to Take Pre-emptive Measures to Protect Canadians In Canada, there were 144 reported cases of Lyme disease in 2009 in comparison to 2636 of reported cases in 2019, although most cases are being reported out of the provinces of Manitoba, Nova Scotia, Ontario, and Quebec, all provinces of Canada are seeing an increase. Lyme disease is a serious and debilitating bacterial infection that can result from the bite of an infected tick. This moot disease is on the rise, and it is believed by many Canadian scientific and medical professionals to be underreported. As reported by Dr. Vett Lloyd and Dr. Ralph Hawkins they are estimating that only between 3 and 4% of cases are being documented in Canada, which is worrisome to the scientific and medical field given the importance of early treatment for Lyme disease.51 Lyme disease is but one disease that has the potential to become a serious growing and recognizable threat to the health of Canadians. With Canada reporting record numbers of opioid deaths, and increase in emergency calls and hospitalizations, medical communities across our nation are urging Governments at all levels to do more. This increase is fueled by both illegal and prescription opioid use, with fentanyl and analogues contributing to the rise in opioidrelated deaths. In 2017, the number of deaths for accidental overdoses for the most common categories of substances, including opioids, narcotics, and hallucinogens and for the category that includes unspecified drugs reported in total 2705 compared to 2020 which reported 3255 deaths. The reported increase in accidental overdoses 50 51

North American and Arctic Defence and Security Network (2021). Lloyd and Hawkins (2018).

Applications of Foresight for Defence and Security: The Future of Crime

91

can be partially attributed to the pandemic, nevertheless, there has been an upward trend for the past decade. There has been a lot of progress in Canada to recognize, inform and support mental health and social well-being. Mental health is affected by a few factors in your daily life, including the stress of work and relationships. According to the Canadian Mental Health Association 1 in 5 people in Canada will personally experience a mental health problem or illness and by age 40, about 50% of the population will have or have had a mental illness. The RCMP has reported that in 2018 they had responded to more than 118,323 mental health calls, compared to 51,910 calls in 2017, reporting an approximate increase of 127%.52 The number of mental health calls has been increasing steady over the past 10 years, but a significant jump was noted from 2017 to 2018.53 The response to mental health calls, by first responders, continues to be questioned and there are growing concerns by Canadians to reform our police services. Given the COVID-19 pandemic is still soaring globally, pushing regions of the world to 3rd and 4th waves of infectious outbreaks and economic downturn—this juncture is a period for which capabilities and investments for emergency response and preparedness could be modified and improved using lessons learned from each wave. These results can then be interpreted and adjusted to address the twenty-first century epidemics Canada is facing around other infectious diseases, addiction, and mental health.

7.3 Shifting Climate and Environmental Patterns Threaten Canada’s Natural Resources and Communities Both Domestic and Global Melting glacier ice poses a new threat to public health and security. The research in this area is relatively new, but scientists who are studying glacier ice and the level of contaminated microbes and viruses recently found genetic codes for 33 viruses when they analyzed the 15,000-year-old ice. These viruses are noted to thrive in extreme weather, and some could still infect modern organisms.54 When exposed to frozen viruses over a millennium ago the affects that this poses to Canada’s health and security posture, and immediate risks presented to northern Indigenous communities is open to question. As climate control becomes a priority for Governments at all levels, the position Canada will take on climate migrants remains vague. Whereas countries such as New Zealand, Australia, and the United States have reported to officials that they have begun to formulate a position on how to identify climate refugees and the protection and support they could provide. The World Economic Forum defines climate refugees 52

Tunney (2020). Royal Canadian Mounted Police (2020c). 54 Bressan (2021). 53

92

T. Van Dasselaar et al.

as migration and cross-border mass movements of people caused partly by weatherrelated disasters. In 2019, it was reported that the five countries with the most people displaced by disasters were India (5,018,000), Philippines (4,094,000), Bangladesh (4,086,000), China (4,034,000), and the United States (916,000).55 On top of weatherrelated disasters being a factor and contributor to obtaining climate refugee status, there are also the factors of political and security instability of a country. With an increase in weather-related disasters, including rising sea levels, drought, forest fires, Canada’s NSPS can be expected to respond and act to migration and mass-movement of people both refugees and within Canada’s communities. Given that Canada is a country often referred to as rich with natural resources and contributes significantly to Canada’s total wealth and economic prosperity, imaginable threats to Canada’s NSPS emerge given the global effects of climate change. Canada could become a target of looting essential natural resources by other nation states or non-state actors, such as water and forestry, or could become the victims of economic disparity if they aren’t able to sustain the resources they offer. Furthermore, there is an accelerated need for Canada to innovate and explore other earth material and minerals Canada has to offer, such as rare earth elements (REE). REE is used in a variety of industrial applications, including electronics, clean energy, aerospace, automotive and defence, with China being the largest producer of REEs, accounting for over 60% of global annual production, followed by the United States, Burma, Australia and India.56 Canada however has some of the largest known reserves and resources of REE, and if able to produce these, it could reinforce our economic sovereignty and potentially boost Canada’s international profile.

8 Social and Political Instability 8.1 Online Platforms Present Security Challenges and Threats to Canada’s National Security and Public Safety The number and nature of social media platforms have proliferated since the creation of Facebook in 2004. Besides serving as a form of social interaction, they are also at the core of the security threat posed by the dissemination of mis/dis/malinformation.57 While misinformation is false, it is not created to intentionally inflict harm. The distribution of misinformation on social media escalated during the COVID-19 pandemic with the circulation of false information regarding the nature of the virus, effectiveness of preventative measures, and the safety of the vaccine. This epidemic of misinformation has posed a serious obstruction to government efforts 55

Ida (2021). Natural Resources Canada (2021). 57 Kujawski (2019). 56

Applications of Foresight for Defence and Security: The Future of Crime

93

to combat COVID-19. Disinformation is also false information, but it is posted with the intent to cause harm. The security threat disinformation presents was illustrated in the 2016 US election when Facebook became the setting for election interference with targeted disinformation campaigns sponsored by foreign adversaries. The threat of disinformation is heightened when considered alongside emerging AI technology such as deep fakes. Malinformation, on the other hand, is information that is true but wielded to inflict harm. It encompasses complex legal challenges such as revenge porn and cyberbullying. Social media and other online platforms—such as search engines, apps, and websites—allow for the mass collection of personal data by the Canadian government, foreign state actors, and non-state actors such as private corporations. Companies, such as Facebook and Amazon, have long practiced mass data collection on consumer/client behavior in order to customize their services. While this has been generally accepted by the public, security concerns surround the ability for foreign adversaries to use social media and apps as tools for surveillance. These concerns have been raised regarding the Russian developed app, Faceapp, and China’s viral social media platform, TikTok. NSPS actors looking to collect personal data face ethical and legal constraints that foreign and private platforms are not restricted by. Online platforms also provide new avenues for radicalization, gang recruitment and organized crime activity. An emerging field of research highlights how Canadian gang members and drug dealers are importing street codes into the virtual world of new media platforms.58 Further, the online activity of extremists suggests increasing intersections between hate crime and online platforms. The online activity of nefarious actors as well as the dissemination of mis/dis/mal-information raises pressing questions on government versus company responsibility for the regulation of cyber threats on social media.

8.2 Surging Mistrust in Our State by the Canadian Public and International Allies Diminishing trust in the Canadian state by its citizens introduces security challenges. While Canadians historically maintained a high degree of trust in their government and its police, these trends witnessed a long-term decline starting in 1970. A slight rebound in public trust during the 2000s has been severely compromised by the COVID-19 pandemic, with just 41% of Canadians expressing a high degree of trust in the federal government.59 Trust in police among Canadians also diminished amid anti-racism protests sparked by the murder of George Floyd by police officers in Minneapolis.60 Mistrust in police and their ability to protect visible minorities introduces challenges to NSPS agencies. These are particularly acute in the policing of 58

Urbanik and Haggerty (2018). Graves (2021). 60 Berthiaume (2020). 59

94

T. Van Dasselaar et al.

protests. If the legitimacy of the state and its security apparatus is called into question, its ability to act swiftly and confidently to maintain public safety and order is hindered. A lack of confidence in the Canadian state can also be found among our international allies. Canada’s loss of its United Nations Security Council Seat bid brought to light Canada’s diminishing power on the world stage. Once viewed as a trusted and reliable middle-power, Canada’s allies are increasingly wary of our reluctance to respond, contribute and invest in global security matters, and to appropriately handle sensitive information. Canada’s most recent exclusion from a strategic defense partnership between the UK, US and Australia signals that our unclear China strategy, and what is perceived as “free rider” behavior in security and intelligence partnerships, are unappreciated by our Five-Eyes partners.61 Losing the confidence of crucial allies challenges Canada’s ability to collaborate on evolving international threats, impeding defence preparedness.

8.3 Unresolved Indigenous Issues Heightens Animosity, Threatens Indigenous Communities and Deepens Mistrust in the State Historical and emergent issues affecting Indigenous communities in Canada have gone unresolved and threaten the security of these communities. The legacy of Residential Schools continues to profoundly affect Canadian Indigenous people. Intergenerational trauma caused by Residential School experiences have been linked to higher suicide and addiction rates, as well as physical health impacts including higher rates of chronic and infectious diseases.62 The recent identification of unmarked graves at Residential Schools across Canada highlights the need for the implementation of the Truth and Reconciliation Commission’s 94 “calls to action”. Poor physical and mental health rates among Indigenous communities in Canada are compounded by poor living standards on most reserves. Lack of access to clean drinking water, overcrowded housing, housing in need of repair, as well as high costs of living in Northern communities impact public health within these regions. These forces, coupled by a lack of employment opportunities within reserves, drive youth out migration. Foster care practices, now under reform, are another mechanism by which youth are removed from their communities. Processes that disconnect indigenous youth from their communities contribute to the youth seeking a sense of belonging and becomes a driving force in their involvement in street gangs.63 The socioeconomic factors that have been noted, alongside systematic issues within policing practices, result in heightened interaction between police and Indigenous individuals. Indigenous peoples remained overrepresented in correctional 61

Carvin and Juneau (2021). Wilk et al. (2017). 63 Sinclair and Grekul (2012). 62

Applications of Foresight for Defence and Security: The Future of Crime

95

institutions with Indigenous adults accounting for 31% of admissions in provincial/territorial custody and 29% of those admitted to federal custody, despite only representing 4.5% of the Canadian adult population.64 Indigenous individuals, especially women, are also disproportionately represented as victims of crime. This was evident in the final report published by the National Inquiry into Missing and Murdered Indigenous Women and Girls which outlined 231 “calls to justice”.65 Inadequate government responses to this array of issues, and its role in new issues such as those that sparked the Wet’suwet’en solidarity protests, can serve to deepen mistrust in the state.

8.4 Growing Ideological Extremism Drives Division Within Canada’s Citizens and Communities Populism, the political ideology that looks to empower “the people” in the face of powerful elite, has been on the rise globally. This phenomenon has coincided with growing polarization in North America as right-left and rural–urban divides become more pronounced. The forces of populism and polarization were encapsulated in the 2016 election of US President Donald Trump and have only been exacerbated by the pandemic. These effects have been felt in Canada as well. In the most recent federal election, the People’s Party of Canada—a party that propagates populist rhetoric— captured over 5% of the vote, a significant jump from the 1.6% of national votes it secured in the 2019 election.66 Already divided, Canada’s society is at risk of further social fractions due to ideological extremism. Hate crimes, ideologically motivated violence, and domestic terrorism are related to numerous complex factors. COVID-19 has demonstrated the ability of disruptive events to influence these factors with growing online right-wing extremism, surging reports of Anti-Asian hate crimes, and extremists capitalizing on the pandemic to raise money, encourage violence and attract followers.67 ,68 ,69 Research conducted on the impact of the “refugee crisis” in Germany found that the influx of immigration served as a trigger for hate crimes.70 This relationship has important implications as political instability abroad and the effects of climate change could lead to higher rates of refugees coming to Canada. The violence perpetrated by right-wing extremists also has legal implications as such crimes are largely tried under hate speech legislation rather than being designated as terrorism offences, with 64

Malakieh (2020). National Inquiry into Murdered and Missing Indigenous Women and Girls. Reclaiming Power and Place. June 2019. Available at: https://www.mmiwg-ffada.ca/final-report/. 66 Hristova (2021). 67 Liu (2021). 68 Thompson (2021). 69 Bell (2020). 70 Piatkowska et al. (2020). 65

96

T. Van Dasselaar et al.

significant impacts on degree of punishment (70). To combat further divisions within the Canadian public, it is pertinent that the complex determinants of extremism are addressed. The political and social divisions in Canada are further exposed by the rise and proliferation of social movements. Mass mobilization surrounding social and political ideas have remained peaceful in Canada, with the majority of activism occurring online. With the economic recession apt to follow COVID, and the pandemic’s deepening of inequalities, it is likely that social and political movements will become even more popular.71 It remains possible that mass movements—and fringe political groups—could revert to violent extremism.

8.5 Shifts in the Court of Public Opinion Influence Canadian Legislation The evolution of laws in Canada largely reflects the evolution of social values. The Canadian legal system emulates evidence-based decision-making in its creation and utilization of legislation; however, it is not immune to the court of public opinion. This relationship between the legal courts and public opinion reflects the definition of a crime as an act that the public and institutional stakeholders share sufficient agreement on its violation of values. The influence of shifting values on legislation can be witnessed in the evolution of several Canadian laws, including laws around sex work, abortion, the legalization of marijuana, and environmental laws. The law is rarely a proactive tool, and as such, legislation surrounding novel crimes is slow to be adopted. Instead, old laws are applied to new crimes, or created in the wake of a disruptive event. Lastly, it is tempting to assume that progress is linear, however, other democratic nations have witnessed the repeal of progressive laws. For example, Texas recently passed restrictive abortion legislation that bans abortions after 6 weeks of pregnancy.72 There are also contemporary Canadian political parties that advocate for the revisiting of firearms, abortion, and environmental legislation. Increasingly polarized views on these legal topics introduce uncertainty on how laws will evolve in Canada.

9 Discussion There are numerous potential innovative applications for the findings of the Future of Crime study, and other foresight projects. As previously discussed, trend cards were one of the tools produced by the study. One of the key benefits of trend cards is that they can be tailor-made for a client in any field that pertains to futures work. 71 72

Pinckney and Hidalgo (2021). Reuters (2021).

Applications of Foresight for Defence and Security: The Future of Crime

97

They can explore the potential implications of a future pandemic for a national health department or the likely impacts of climate disasters on a city for the local administration. This would allow stakeholders to plan for various contingencies and move towards a preferred future. Defence and security agencies can apply foresight by continuing to procure an experienced third-party vendor, or build in-house expertise, to plan and execute wargaming simulations. Having the expertise in simulations, designing and facilitating scenarios can allow for the administration of war-gaming exercises in a variety of domains. During these war gaming simulations game players with a variety of expertise and occupations (public and private) should be invited to play. Additionally, present-day news feeds and open source intelligence allow for a realistic experience and relevant scenarios. Using an immersive multiplayer approach which takes place over a period of time can stimulate a powerful discussion and promote the development of decision-making skills. Foresight studies and practices, in the application of defence and security, need to explore the scenario testing possibilities and technology options, such as virtual reality in a synthetic environment. Using VR in a synthetic environment will allow scenarios to be played out in a highly realistic and immersive environment. Particularly useful in forensics, the use of VR can allow for scenarios to be created for training purposes or to re-create a crime scene in order to gather more evidence. Furthermore, the pairing of augmented reality provides an opportunity for forensic experts not present at the crime scene to aid the reporting officers during the investigation process, through the use of body cameras sending footage to the necessary advisors and a smartphone or head-mounted device to guide the user.73 In short, existing technologies must be leveraged to provide law enforcement the tools to manage the threat landscape of the twenty-first century. Applying the findings of foresight in engaging and innovative ways can inform everyday decision-making within defence and security agencies. By understanding likely shifts in trends and what possibilities are at play, decision-makers are able to plan short-term goals and objectives with a greater degree of confidence that they are sufficiently equipped to handle future threats. The ability to plan for growth and sustainability is very different from planning for survival and being reactive in nature. Strategic planners and decision-makers alike need to understand the plausible changes in the domain that impacts and influences them at a global level; and must be able to identify potential disruptions and gaps, including within their capability development, resource allocations, human resources, operations, and budget planning. The strategies developed to mitigate any threats or risks need to be future-driven, flexible, and have an adaptive approach that pays attention to shifts within their domain. Defence and security agencies equipped with an effective Foresight capability will be able to make sense of, and respond to, the emerging pattern of threats and opportunities, and to use this understanding to both see potential disruptions and capitalize on opportunities that may be in their blind spot.

73

Revell (2016).

98

T. Van Dasselaar et al.

10 Conclusion While becoming more popular, the tools of foresight are not leveraged to their full capabilities within the domain of NSPS. This chapter has demonstrated the ability of foresight to better equip decision-makers with the ability to prepare for and prevent future threats while moving to engender the most preferred scenarios. The ability to foster this future-oriented thinking is illustrated in the case of the Future of Crime project. By exploring the methodologies, findings and results of this project, this chapter has illustrated the advantages of utilizing foresight to inform the decisionmaking of NSPS actors. Football, as an analogy, describes the application of foresight, and how it can advance and transform defence and security institutions in an offensive position. If these institutions want to lead in molding the future of Canada’s NSPS they need to take possession of the ball, and control the ball and the play with the objective of meeting our goals. When a good offensive strategy is planned and executed, a defensive strategy becomes secondary. The most successful football franchises are continually evolving and planning for the unknown and anticipating their opponents next play call. Teams that are constantly on defence and are forced to react are exhausted, frustrated, and always playing from behind. In the world of NSPS today, as in football, a strong offense is what leads to success, and so, Canada’s defence and security institutions need to decide if they are serious about fielding a competitive team or not.

References Bell S (2020) Neo-Nazis, extremists capitalizing on COVID-19, declassified CSIS documents say. Global News, December 6. https://globalnews.ca/news/7501783/neo-nazis-extremists-capitaliz ing-coronavirus-covid-19-csis Berthiaume L (2020) Trust in Canadian police drops amid George Floyd protests: poll. Global News, June 16. https://globalnews.ca/news/7070091/trust-in-police-poll/ Bressan D (2021) Glacier ice reveals previously unknown viruses. Forbes, June 21. https://www.for bes.com/sites/davidbressan/2021/07/21/melting-glaciers-reveal-previously-unknown-viruses/? sh=1df3945b1604 Bronskill J (2021) RCMP, CSIS modelling new collaboration efforts on lessons learned from Britain. Global News, March 14. https://globalnews.ca/news/7695582/csis-rcmp-collaboration/ Carvin S, Juneau T (2021) Canada’s exclusion from ‘Three Eyes’ only confirms what was already the case. The Globe and Mail, September 17. https://www.theglobeandmail.com/opinion/articlecanadas-exclusion-from-three-eyes-only-confirms-what-was-already-the/ Casey R (2021) In Germany, debate on trade with China grows as Merkel nears exit. Al Jazeera, September 17. https://www.aljazeera.com/news/2021/9/17/in-germany-debate-ontrade-with-china-grows-as-merkel-nears-exit Central Intelligence Agency (2021) The World Factbook. Central Intelligence Agency. https://www. cia.gov/the-world-factbook/countries/canada/ Cooper S, Bell S, Russell A (2018) Fentanyl: making a killing. Global News, November 26. https:// globalnews.ca/news/4658157/fentanyl-vancouver-real-estate-billion-money-laundering-policestudy/

Applications of Foresight for Defence and Security: The Future of Crime

99

Credit Suisse (2020) Global Wealth Report 2020 Department of National Defence (2020) National security strategic overview. Government of Canada. Emerging Technology from arXIV (2019) How a quantum computer could break 2048-bit RSA encryption in 8 hours. MIT Technol Rev. https://www.technologyreview.com/2019/05/30/65724/ how-a-quantum-computer-could-break-2048-bit-rsa-encryption-in-8-hours/ Employment and Social Development Canada (2014) Action for Seniors report. Government of Canada. https://www.canada.ca/en/employment-social-development/programs/seniorsaction-report.html Frenette M, Frank K (2020) Automation and job transformation in Canada: Who’s at risk? Statistics Canada. https://www150.statcan.gc.ca/n1/pub/11f0019m/11f0019m2020011-eng.htm Government of Canada (2016) About the Canadian safety and security program. https://science.gc. ca/eic/site/063.nsf/eng/h_D6358D2D.html Graves F (2021) Polarization, populism, and the pandemic: implications for Canadian outlook on the world. In: Political turmoil in a tumultuous world. Palgrave Macmillan, Cham, pp 165–188 Hristova B (2021) Rise in people’s party support ‘very concerning’ even if its future is uncertain, expert says. CBC News. https://www.cbc.ca/news/canada/hamilton/ppc-results-1.6183876 Hughes S (2021) How the three top Federal Parties plan to tackle Canada’s housing crisis. Financial Post, September 9. https://financialpost.com/news/election-2021/how-the-three-federal-partiesplan-to-tackle-canadas-housing-crisis Ida T (2021) Climate refugees—the world’s forgotten victims. World Economic Forum, June 18. https://www.weforum.org/agenda/2021/06/climate-refugees-the-world-s-forgotten-victims/ INTERPOL (2020) Global operation sees a rise in fake medical products related to COVID-19. INTERPOL, March 19, https://www.interpol.int/en/News-and-Events/News/2020/Global-operat ion-sees-a-rise-in-fake-medical-products-related-to-COVID-19 Kujawski M (2019) Misinformation vs. Disinformation vs. Mal-information. [Online blog]. https:// medium.com/@mikekujawski/misinformation-vs-disinformation-vs-mal-information-a2b741 410736 Liu S (2021) Reports of Anti-Asian hate crimes are surging in Canada during the COVID-19 pandemic. CTV, March 17, https://www.ctvnews.ca/canada/reports-of-anti-asian-hate-crimesare-surging-in-canada-during-the-covid-19-pandemic-1.5351481 Lloyd VK, Hawkins RG (2018) Under-detection of Lyme disease in Canada. In Healthcare, vol 6, no 4. Multidisciplinary Digital Publishing Institute, p 125 Malakieh J (2020) Adult and youth correctional statistics in Canada, 2018/2019. Government of Canada. https://www150.statcan.gc.ca/n1/pub/85-002-x/2020001/article/00016-eng.html Martel L (2018) Canada goes urban. Statistics Canada. https://www150.statcan.gc.ca/n1/pub/11630-x/11-630-x2015004-eng.htm Nagra B (2018) Securitized citizens: Canadian Muslims’ experiences of race relations and identity formation post–9/11. University of Toronto Press, Toronto National Post View (2021) NP view: Canada is soft on China and the U.S. knows it. National Post, September 26. https://nationalpost.com/opinion/np-view-canada-is-soft-on-china-and-theu-s-knows-it Natural Resources Canada (2021) Rare earth elements facts. Government of Canada. https://www. nrcan.gc.ca/our-natural-resources/minerals-mining/minerals-metals-facts/rare-earth-elementsfacts/20522 Nelson J (2020) High rural crime rates and slow emergency response times leave Alberta residents feeling vulnerable. The Globe and Mail, January 24. https://www.theglobeandmail.com/canada/ alberta/article-wheres-a-cop-when-you-need-one/ North American and Arctic Defence and Security Network (2021) About Us. https://www.naadsn. ca/about-us/ Office of the Privacy Commissioner of Canada (2021) News release: RCMP’s use of clearview AI’s Facial Recognition Technology Violated Privacy Act, investigation concludes. Government

100

T. Van Dasselaar et al.

of Canada, June 10. https://www.priv.gc.ca/en/opc-news/news-and-announcements/2021/nr-c_2 10610/ Panetta A (2021) The U.S. now likens cyberattacks to terrorism. Here’s what that could mean. CBC News, June 5. https://www.cbc.ca/news/world/us-cyberattacks-randsomewear-computershackers-1.6054114 Piatkowska S, Hövermann JA, Yang T (2020) Immigration influx as a trigger for right-wing crime: a temporal analysis of hate crimes in Germany in the light of the ‘refugee crisis.’ Br J Criminol 60(3):620–641 Pinckney J, Hidalgo ED (2021) 2021 Will see more global protest: can it remain peaceful? United States Institute of Peace, January 21. https://www.usip.org/publications/2021/01/2021-will-seemore-global-protest-can-it-remain-peaceful Public Safety Canada (2018). National Cyber Security Strategy: Canada’s vision for security and prosperity in the digital age Public Safety Canada (2019) Currently listed entities. Government of Canada. https://www.public safety.gc.ca/cnt/ntnl-scrt/cntr-trrrsm/lstd-ntts/crrnt-lstd-ntts-en.aspx Rashotte R (2021) The critical shortage of cybersecurity expertise. Policy Options, March 28. https:// policyoptions.irpp.org/magazines/july-2019/the-critical-shortage-of-cybersecurity-expertise/ Reuters Staff (2021) Study: global warming could cut 63 countries’ credit ratings. World Economic Forum, April 6. https://www.weforum.org/agenda/2021/04/global-warming-countries-credit-rat ings-economics/ Reuters, T. (2021). “Texas passes one of the most restrictive abortion laws in the U.S.” CBC News. https://www.cbc.ca/news/world/texas-abortion-law-1.6033453 Revell T (2016) Dutch police use augmented reality to investigate crime scenes. New Scientist. https://www.newscientist.com/article/2113450-dutch-police-use-augmented-rea lity-to-investigate-crime-scenes/ Riedy C (2009) The influence of futures work on public policy and sustainability. Foresight: J Futures Stud Strategic Thinking Policy 11(5):40 Royal Canadian Mounted Police (2020a) Environmental scan Royal Canadian Mounted Police (2020b) Integrated assessment of regular member recruitment. Government of Canada. https://www.rcmp-grc.gc.ca/en/integrated-assessment-regular-memberrecruitment Royal Canadian Mounted Police (2020c) RCMP occurrence report. Government of Canada. https://www.rcmp-grc.gc.ca/transparenc/police-info-policieres/calls-appels/occurenceincident-eng.htm Russell A (2019) El Chapo’s Sinaloa Cartel made nearly $3M a day in Canada, Former DEA agent claims. Global News, January 9. https://globalnews.ca/news/4829936/el-chapo-sinaloa-canadadea-agent-claims/ Savage L (2019) Section 3: Police-reported family violence against seniors in Canada, 2018. Statistics Canada. https://www150.statcan.gc.ca/n1/pub/85-002-x/2019001/article/00018/03-eng.htm Schatzmann J, Schäfer R, Eichelbaum F (2013) Foresight 2.0-definition, overview & evaluation. Eur J Futures Res 1(1):2 Senger E (2018) Is Canada’s space program slipping out of orbit? Maclean’s, December 10. https:// www.macleans.ca/society/science/is-canadas-space-program-slipping-out-of-orbit/ Seshia M (2012) From foreign to Canadian: the case of Air India and the denial of racism. TOPIA Can J Cult Stud 27:215–231. https://doi.org/10.3138/topia.27.215 Sinclair R, Grekul J (2012) Aboriginal Youth Gangs in Canada:(de) constructing an epidemic. First Peoples Child & Family Review: an Interdisciplinary Journal Honouring the Voices, Perspectives, and Knowledges of First Peoples through Research, Critical Analyses, Stories, Standpoints and Media Reviews 7(1):8–28 Sissel HJ, Inger-Lise F, Victoria HL (2018) The contribution of foresight to improve long-term security planning. Foresight: J Futures Stud Strategic Thinking Policy 20(1):80

Applications of Foresight for Defence and Security: The Future of Crime

101

Solomon H (2021) New RCMP cyber co-ordination unit won’t be fully operational until 2023. IT World Canada, May 29. https://www.itworldcanada.com/article/new-rcmp-cyber-co-ordinationunit-wont-be-fully-operational-until-2023/416561 Spicer Z et al (2018) Reversing the brain drain: where is Canadian STEM talent going? Brock University. [Online] https://brocku.ca/social-sciences/political-science/wp-content/uploads/sites/153/ Reversing-the-Brain-Drain.pdf Strumpf D (2020) U.S. vs. China in 5G: the battle isn’t even close. The Wall Street Journal, November 9. https://www.wsj.com/articles/u-s-vs-china-in-5g-the-battle-isnt-even-close-11604959200 The Economist (2020) China is the world’s factory, more than ever. The Economist Newspaper, June 23. https://www.economist.com/finance-and-economics/2020/06/23/china-is-the-worldsfactory-more-than-ever Thompson E (2021) Canadian right-wing extremism increased online during the pandemic, report says. CBC, July 20. https://www.cbc.ca/news/politics/right-wing-extremism-report-1.6108958 Todd D (2021) Douglas Todd: Canadian real-estate market better for foreign investors than locals, admits housing secretary. Vancouver Sun, April 15. https://vancouversun.com/opinion/column ists/douglas-todd-canadian-real-estate-market-better-for-foreign-investors-than-locals-admitshousing-secretary Tunney C (2020) RCMP says members have responded to more than 88,000 mental health calls this year. CBC News, October 30. https://www.cbc.ca/news/politics/rcmp-mental-health-calls-1. 5783529 United Nations Office on Drugs and Crime (2021) Transnational organized crime: the globalized illegal economy. https://www.unodc.org/toc/en/crimes/organized-crime.html Urbanik M, Haggerty KD (2018) ‘#It’s dangerous’: the online world of drug dealers, rappers and the street code. Br J Criminol 58(6):1343–1360. https://doi.org/10.1093/bjc/azx083 Westcott B (2021) China’s ‘political pressure’ on Australian economy isn’t working, treasurer says. CNN, September 6. https://www.cnn.com/2021/09/06/economy/australia-china-economy-tradeintl-hnk/index.html Whitaker R, Kealey GS, Parnaby A (2012) Secret service: political policing in Canada: from the Fenians to Fortress America. University of Toronto Press, Toronto Wilk P, Maltby A, Cooke M (2017) Residential schools and the effects on indigenous health and well-being in Canada—a scoping review. Public Health Rev 38(1):1–23 Wilner A (2010) From rehabilitation to recruitment. The Macdonald-Laurier Institute for Public Policy Wilner A, Roy M (2020) Canada’s emerging foresight landscape: observations and lessons. Foresight: J. Futures Stud. Strategic Thinking Policy 22(5):551

Early CSS Innovations in Risk Analysis Shaye K. Friesen

Abstract This chapter summarizes innovations in security risk and capability assessment frameworks and methodologies to directly support dynamic decision making, forge a convergence with S&T, operations, intelligence and policy, and inform investment priorities of the Canadian Safety and Security Program (CSSP). Using a thematic approach, this paper reviews how multiple innovations were adopted as “best practices” into the conceptual design, development and implementation of security risk assessment frameworks and methodologies in the CSSP. These include the: use taxonomies to foster key stakeholder ‘buy in’; leveraging architecture frameworks to drive tools, methods and rating schema; the formulation of scenario based approaches for assessing high consequence all hazards risks; and, the application of an integrated risk and capability gap assessment model to guide investment in public safety and security S&T. In the CSSP, the innovations in security risk assessment identified best practices and common tools that supported numerous strategies and S&T portfolios (e.g., CBRNE, Critical Infrastructure Protection, all hazards safety and security; defence infrastructure/military bases), where risk assessment expertise/capability improvements that were adopted by practitioners, interdisciplinary teams and decision makers. Underpinning these innovations were strong partnerships and community-based approaches that enabled a credible risk-informed decision support environment, with consistent/scalable approaches to analysis and decision making under conditions of uncertainty. Keywords Security risk assessment · Vulnerability

1 Introduction Nations from around the world have acknowledged the increasing importance of identifying, assessing and tracking/monitoring risks as a significant factor in building S. K. Friesen (B) Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, ON, Canada e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_6

103

104

S. K. Friesen

whole of society resilience to disasters and emergencies.1 The Canadian Safety and Security Program (CSSP) represents a joint, national and horizontal commitment to collaborate in science and technology (S&T) across federal, provincial/territorial and municipal boundaries to address the risks posed by all hazard events. One unique features of the CSSP is that it is required to conduct risk assessments as an integral part of its program mandate. In the Centre for Security Science (CSS), the development of risk assessment methodologies, tools, methods and frameworks was done in close partnership with safety and security partners as part of coordinating federal safety and security functions and across jurisdictions. This provided CSS with an unprecedented level of insight into the decision support challenges facing end-users, and informed the adoption of risk assessment practices on a consistent basis as part of S&T program formulation and delivery. The CSS experience in risk assessment provided a solid analytical foundation for understanding the requirements of risk assessment and the scientific dimensions for creating a programmatic series of risk assessments that, when combined, were used as a basis for strengthening the evidence-based in support all hazards emergency management planning and response. The goal of this paper is to provide a thematic overview of key high level deductions/takeaways on what worked well in CSS in developing risk assessments that forged a convergence between S&T, operational, policy, emergency management, Tri-Services and intelligence specialists, concentrating specifically on the 2012–17 timeframe. The paper focuses on examining early innovations: the use of taxonomies to foster key stakeholder ‘buy in’; leveraging architecture frameworks to drive tools, methods and rating schema; the formulation of scenario based approaches for assessing high consequence all hazards risks; and, the application of an integrated risk and capability gap assessment model to guide investment in public safety and security S&T.

2 Security Risk Assessment in DRDC—Formative Years Prior to the formation of the CSSP, the defence science (DS) community in DRDC led the development of a number of security-based risk assessments under predecessor programs, the Chemical, Biological, Radiological and Nuclear (CBRN) Research and Technology Initiative (CRTI) and, later, the Public Security Technical Program (PSTP). In the CRTI, a Consolidated Risk Assessment (CRA) process and methodology were used to identify S&T targets and investment priorities for CBRNE.2 The PSTP, established in October 2003, served as the lead forum for bi-national collaboration in S&T to advance public safety and security with the United States (U.S.). Under the PSTP, four Mission Area working groups in Critical Infrastructure

1 2

Hales (2016). Friesen (2017).

Early CSS Innovations in Risk Analysis

105

Protection (CIP), Disruption and Interdiction (D&I), CBRNE, and Systems Integration Systems Analysis (SISA) were stood up to establish a baseline for Canada/U.S. risk assessments as a method for framing joint S&T investments in public security. The knowledge gained from the CRTI and PSTP played a crucial role in informing the execution and management of CSSP investment planning in terms of how risk assessment methods were utilized for prioritizing S&T and allocating resources. In support of the renewal of CRTI, PSTP and harmonization with the Canadian Police Research Centre (CPRC) under the CSSP, central agencies (e.g., Treasury Board) recognized the need to address risk and underscored the importance of having a structured approach to framing S&T investments. The 2012 TB Submission stated that funding for CSSP program areas is to be “…enabled by a capability and risk based investment model…” that includes “…prioritizing and matching S&T investment responses according to the assessment of risk.”3 The TB Submission informed DND/CAF Departmental Plans and Priorities, which further stated that “Gaps are identified through risk and vulnerability assessments in consultation with experts in the Canadian Safety and Security Program (CSSP) science and technology domains and entities that develop policy, deliver safety and security operations, and synthesize intelligence.”4 Under the harmonized CSSP, risk assessments were used as a key mechanism to engage stakeholders, from responders to emergency managers, and identify S&T priorities and gaps that would be used to support development of Focus Area Narratives and Call for Proposals. Additionally, risk and capability-based planning was an integral component of the CSSP operating model, and provided an evidence based approach to strategic planning and priority setting.5 The harmonized CSSP had a stronger mandate to support first responders given operationally oriented CPRC mandate and momentum generated from Olympics and G20. The TB Submission provided direction and guidance in establishing risk and research into analytical methods as a core competency for DRDC CSS, and to further develop and implement all hazards risk assessment methodologies and frameworks in support of federal partners. The requirement for incorporating risk assessment into the CSSP program framework was directly related to the need for developing systematic approach to manage the scale, complexity and cost of the all hazards security environment. To paraphrase Allan Douglas, who served in the Operational Research and Analysis (OR&A) team in CSS, it was broadly understood that the choices in risk assessment (i.e., which techniques to apply and which risk formulas were designed) very much reflected a choice about the nature and purpose of the CSSP. Generally, CSS risk assessments were not only an analytical problem, but set the stage for senior management discussion concerning strategic S&T priorities to address national problems that were not embedded or resolved with risk formulas or calculations alone.6 3

Treasury Board Submission, February 21, 2012. Department of National Defence/Canadian Armed Forces (DND/CAF) 2016–17 Report on Plans and Priorities (Ottawa: Department of National Defence, 2016), p. 50. 5 Treasury Board Submission, February 21, 2012, pp. 24–25. 6 Douglas (2006). 4

106

S. K. Friesen

2.1 The CSS Risk and Capability Portfolio There were several research internally and externally-driven S&T projects, managed jointly between the Operational Research (OR) team and Risk Assessment/Capability Integration (RACI) section in DRDC CSS, that were implemented in direct response to the challenges being faced by partner organizations and end-user groups in supporting decision-making under conditions of risk and uncertainty. The focus of the OR and RACI teams concentrated on assessing the risks across multiple domains, reflecting the expansion in scope, to an all hazards model, and expanded reach to first responders and emergency management practitioners. The primary roles included: • Sponsorship of studies, concepts around threat/hazard, vulnerability and risk; • Advancing all hazards risk assessment methodologies, including risk communication and visualization; • Advice related to threat, vulnerability, risk and international initiatives; • Risk assessment preparation, delivery and production (e.g., CRA); • Introducing and promoting CBP in public safety and security (i.e., a capabilitybased investment model—CBIM); • Integration of intelligence analysis and judgement, analysis and threat proliferation monitoring (e.g., CBRNE); • Support/promote a toolbox approach to decision support tools; and • Foresight and future security visioning.7 The above roles highlighted a shift from in focus away “closed loop”, single topic risk assessments to a much broader approach where risk was used to inform policy development, prioritize CSSP engagements with Tri-Services and EM leadership, and institutionalize linkages safety and security communities. Table 1 provides a representative summary of CSSP risk sponsored projects and activities. The table is not meant to be exhaustive, but rather illustrative of CSS’s knowledge base and expertise in risk and CBP, resulting from over a decade of S&T conducted in close collaboration with the U.S., the North Atlantic Treaty Organization (NATO), United Kingdom (UK) and Australia. This expertise has allowed DRDC CSS to serve as a risk/CBP resource centre for key federal stakeholders, other government departments (OGDs), central agencies, interdepartmental working groups, Provinces/Territories, municipalities (F/P/T/M) and international partners. CSS risk assessment efforts were closely aligned to F/P/T/M partner requirements. In many cases, CSS staff were integrated into cross-departmental or local working groups such that risk assessment was a standing item on the committee agendas with, for example, CSS being identified as a co-chair by PS Canada on the AHRA spiral development cycles. CSS guided the development of the agenda because of the number of active projects and depth of experience. CSS earned a reputation as a “trusted advisor” and “honest broker” for security risk assessment across partner communities, notably through the Intelligence Experts Group (IEG), the Federal Risk Assessment Working Group (FRAWG) and later the Integrated Risk 7

Goudreau (2009).

Early CSS Innovations in Risk Analysis

107

Table 1 Examples of CSSP-sponsored risk and CBP projects and initiatives Title

Project

Outcomes/Deliverables

All Hazards Risk Assessment (AHRA) Transition Project

CSSP-2012-TI-1108

Multi-year, AHRA methodology “spiral” 1 and 2 development; Sharepoint application for collaborative scenario development, risk scoring and analysis; prototype for gap analysis; architectures for the federal national context

Atlantic Gateway Capability Based Planning Project

CSSP-2013-CD-1094 Leveraged previous risk assessment work that was conducted in the region. Addressed an important requirement in examining the Atlantic Gateway (an area that is of vital economic importance), using the application of risk/CBP tools, techniques and best practices

Critical Infrastructure (CI) Assessment Tool for Local Governments in Canada

CSSP-2014-TI-2038

Toolbox and approaches to support CI assessment, community resilience and risk management. Project examined three communities: two in BC (Fraser Valley and Port Coquitlam) and 1 in Saskatoon

Development of a National Critical Infrastructure Interdependency Model (NCIM)

CSSP-2012-TI-1142

Resulted in the development of a high level CI cross-sector interdependency model. The NCIM built three foundational components: 1. descriptions of the 10 CI sectors; 2. a relational database; and 3. supporting software applications

Establishing a Risk & Capability CSSP-2015-TI-2130 based framework for Assessing CSSP Investments in Science and Technology (S&T)

Risk compendium/10 “capability profiles” across the CSSP Portfolios; risk assessments in targeted domains (e.g., Chemical, Biological, Radiological/Nuclear and Explosives (CBRNE) Consolidated Risk Assessment); interoperable architecture linking risk assessment to the CSSP planning cycle; “Risk App” to facilitate enterprise-level data analytics (continued)

108

S. K. Friesen

Table 1 (continued) Title

Project

Outcomes/Deliverables

National Enterprise Risk Management (ERM) Initiative in the Public Sector

CSSP-2013-CP-1024

Yukon built a web-based ERM system that provides a central database for the capture and management of risks by participating departments within the Province. This project expanded this capability to other Provinces

Piloting Canada’s National Risk Profile Project

CSSP-2016-TI-2236

Multiple risk assessment and scenario evaluation workshops, focusing on natural hazards; Canadian Core Capability List (CCCL) assessment exercise used to validate list of 25 capabilities for hazard scenarios during pilot phase

Regional CBP Planning Effort

N/a

The CBP framework adapted for regional emergency management stakeholders (local, municipal, provincial) in a series of regional pilots. This included a set of Resource Typing, a “Canadianized” Target Capabilities List-Canada (TCL-C), and Regional CBP Methodology Guidelines

S&T-Informed, Structured Approaches for Improving Emergency Management Capabilities (EMBC Project)

CSSP-2012-TI-1102

Focus was on risk assessment and critical Infrastructure, with pilot projects with Pemberton Valley, TransLink, and the cities of Nanaimo and Parksville

Fire Risk and Evacuation Capabilities in Isolated Communities

CSSP-2018-TI-2406

High resolution fire risk maps for isolated, forest dependent communities with an analysis of mitigation measures and community specific evaluation trigger points

Threat/Risk Assessment (TRA) Implementation Plan Concept

CSSP-2015-TI-2202

Comparative literature review, local “Design Basis Threat,” recommended TRA methodology, and procedures for the selection and prioritization of DND/CAF installations

Incorporating Wildfires to CSSP-2019-TI-2417 ER2—A Web-based Multiple Hazard Risk Assessment Platform

Incorporate a wildfire risk assessment capability to the “Evaluation Rapide du Risque” (ER2) platform by accessing functionalities from fire-behaviour software and risk maps (continued)

Early CSS Innovations in Risk Analysis

109

Table 1 (continued) Title

Project

Outcomes/Deliverables

Mapping Current and Future Wildfire Risk in Canada

CSSP-2016-CP-2286

Canada-wide risk maps for wildfire risk accounting for climate change; predictive maps of current and future burn probability (hazard); and maps of wildfire risk

Assessment WG (IRAWG). For the AHRA, CSS held risk assessment training and professional development sessions to ensure common understanding of the process and methodology, and were regarded as national leaders across the federal family. CSS assumed a lead role in co-authoring and providing analysis for the AHRA Final Report, at the request of PS Canada. As well, CSS was invited to table the proposal for the NRP pilot project to ADM EMC, and was invited to attend other executive level communities. Most of the S&T analysts, portfolio managers and DS’s in CSS were deeply integrated into the subcommittees of various associations and at the P/T level, and were regarded as scientific leaders of the networks for the CSSP. In addition to sponsoring projects and obtaining CSSP program funding assigned to risk projects, CSS scientific and engineering staff were consistently brought into consultation meetings and unsolicited calls for support to provide guidance/advice and validate OGD approaches to risk assessment. Unspecified requirements and unsolicited RFIs were hugely beneficial, as they provided opportunities for CSS to propose alternative concepts, conduct ideation sessions and test out new solutions for public safety and security communities, federal partners and the interagency partners involved in emergency management and national security. These requests for information and support came from all levels and were testament to the ‘demand signal’ for risk assessment and decision analytic support services across safety and security communities.

2.2 Applying Schema (or ‘Lenses’) to Risk Assessment Arguably, the CSS approach to risk assessment was unique in the sense it deviated from well-recognized risk management standards. Unlike International Organization for Standardization (ISO) 31000, Risk management—Guidelines, which contains generic guidelines for defining risk along organizational lines as “uncertainty on objectives,” risk in the context of public safety and security was viewed more holistically from different strategic analysis perspectives and time horizons (or ‘lenses’). Each risk assess methodology was designed with a specific goal/objective in mind (i.e., CSS analysts frequently asked ‘what is the research question?’ or ‘what is central decision problem you are trying to solve?’). A hazard-based risk assessment such as the CBRNE Consolidated Risk Assessment was not the most acceptable analytical

110

S. K. Friesen

method for assessing the risks to critical infrastructure because the focus is largely on the capturing the effects of threat agents (i.e., CBRNE materials) and the target (i.e., people, agro-systems, consumer products, infrastructure) was treated generic (i.e., not specific). In evaluating the risks to critical infrastructure, CSS analysts tended to apply a ‘vulnerability’ lens, and the threat was determined to be more generic (similar to the design basis threats used in the nuclear industry where there is concern about access and vulnerabilities of site facilities).8 Other risk assessments conducted by CSS were more concerned about impacts/consequences, and the goal was to project back to see what combination of threat/hazard and vulnerability may lead to or precipitated the type of impacts and ultimate consequences.9 Instead of assessing the risk of a specific hazard, the risks to an installation or impacts on a specific installation or critical infrastructure sector, risk itself was seen as a larger collection or network (architecture framework analysts refer to this as the “as-is” condition). If adopting a generally accepted definition of risk (Society for Risk Analysis), CSS ended up relying with the three terms described above where: ‘Risk = f (threat/hazard, vulnerability, consequence)’. CSS analysts found that this is a more useful description than the traditional ‘R = P × C’, where P is for probability (difficult to establish for random events like terrorism) and C is for consequence.10 Over the course of implementing a comprehensive S&T program in risk assessment, CSS analysts dealt with the added dimension of jurisdictions. In military circles, this is referred to as strategic, operational and levels. Conversely, public safety and security communities typically referred to risk in the context of their operating environment, within a specific geographical or organizational construct along international, national, regional/Provincial or Federal/Provincial/Territorial.11 CSS scientists and engineers looked at risk from any one of these vantage points. One of the lessons CSS discovered was to state assumptions and avoid the conveyance of false precision by capturing uncertainties in risk estimates for scenarios. There was an ‘analytical sweet spot’ between probabilistic risk assessment (PRA) and consensus ratings derived from qualitative language ladders; the insights yielded from strictly quantitative approaches did not necessarily yield better or timelier decisions insofar as informing emergency management plans or S&T investment priorities were concerned. Therefore, CSS analysts were very much cognizant of the need to balance academic rigour with practicality and usability required by end-users. An important lesson was that, as the risk assessment findings/results became elevated to the strategic level, where the implications and “so-what’s” were discussed by senior managers, the methodologies tend to become more varied. To address requirements of senior leadership, CSS analysts employed a variety of approaches, including ‘soft-systems,’ systems dynamics, or architecture frameworks, in order to explain a risk-based methodology. Such approaches were most useful at the front-end of a project, when there was no clear guidance or evidence base, there were gaps in 8

Chouinard et al. (2016). Friesen et al. (2015). 10 Gratt (1989). 11 Personal correspondence Alain Goudreau. 9

Early CSS Innovations in Risk Analysis

111

understanding the strategic context, and the implementation of risk practices required considerable coordination, leading to opportunities for data capture and collection. Moreover, when risk results became elevated to the strategic level, the information tended to get less quantifiable and more qualitative. Concepts of time and space were other key elements that factored into the CSS approach to S&T risk assessment. Risk assessment and risk management typically operate in a short-term duration, with a span of influence within a zero to three year time horizon. Business quarterly reporting, risk compliance and governance initiatives found in industrial Enterprise Risk Management (ERM) systems reflect a reactive, control and audit-based approach to risk assessment.12 Roadmapping focused on the five year + time horizon, but typically remains within a boundary of 10–15 years. Lastly, technology foresighting, forecasting, futures studies or vision exercises have a time horizon of greater than 15 years. It is important to note that CSS risk assessment normally operated in the 3–5 year time horizon, yet had to account for longer-trends, intelligence judgement, threat assessments and S&T developments (by virtue of the events being reviewed), normally reserved for long-term, foresighting exercises.

3 Outline of Innovations Examining risk from a variety of different perspectives in terms of how the government functions was apparent in the development of the framework and methodology for the AHRA with Public Safety Canada. The AHRA was implemented in 2011–2014 in a spiral development mode as part of the emergency management planning process. CSS developed the process and methodology during a three-year pilot and went through multiple cycles of scenario development and risk ratings. CSS conducted exploratory research, moving to leverage the repertoire of nominal scenarios that spanned the malicious and non-malicious risk domains that provided a shared view of (relative) risks across the domains, and then used the lessons, expertise and templates as a basis for preparing and delivering a National Risk Profile (NRP) for Canada.13 CSS developed internal subject matter expertise in risk assessment, including an understanding of what not to do/what practice(s) to avoid and the limitations of risk assessment (risk assessment is not a panacea). Adopting a ‘systems-of-systems’ perspective, CSS core competencies included expertise in architecture frameworks, systems engineering, risk assessment process and methodologies, ratings and metrics. This allowed CSS to serve as a ‘risk support centre’ for federal OGDs and other partners at the P/T level, leading to opportunities to discuss projects and explore potential

12

Committee of Sponsoring Organizations (COSO) (2004). There are guidelines that are kept on the Public Safety Canada website and can be accessed at: https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ll-hzrds-ssssmnt/index-en.aspx. 13

112

S. K. Friesen

for collaboration in S&T. Early involvement with public safety and security community partners allowed CSS to understand the research question, critical information needs and leverage/refine analytical methods. The sound baseline practices in risk assessment became a key condition of the CSSP investments. A number of lessons are identified to document and describe the CSS contributions to leading risk sciences with diverse partners in the safety and security communities. These include: • Establishing high level taxonomies to illustrate the scope and diversity of the risk landscape, seeking senior level ‘buy-in’ to the process and stakeholder engagement; • Leveraging enterprise architectures and systematically using multiple strategic and operational views as the basis to navigate through the risk environment; • Employing a scenario-based approach as the design basis for advancing risk assessment frameworks, tools and methodologies; and • Transitioning from risk to a broader capability-based assessment, particularly by identifying gaps in policies, plans and programs along the continuum of response, reflecting local, regional and national perspectives. Each of these topics is discussed in greater detail below. 1. Taxonomies An effective taxonomy has three key attributes: it provides a classification scheme; it is semantic; and it can be used as a map to navigate the domain.14

There were very few risk assessments developed by CSS analysts that did not rely on the production of a taxonomy to facilitate communications among stakeholders and define the key parameters of ‘the problem space.’15 A taxonomy was used as both an analytical and communications tool for mapping the risk environment so that the necessary stakeholders and communities of practice could visualize all of the relevant factors that comprised the strategic risk assessment context. Given the potentially large number of factors used for grouping threats, hazards, vulnerabilities, consequences and sectors within a given risk categorization exercise, there was a need balance completeness and comprehensiveness with a product that easily understood, explainable to senior leadership and intuitive. The scope was defined (i.e., size of the sandbox) and adjusted as required. Risk domains, issues and hard problems were added along the way, and organized and grouped into a structure using taxonomies. Risks were mapped against the taxonomy, and reporting and visualization options were explored. Taxonomies were also used as a filter to help identify relevant rating criteria and metrics. Some of the techniques used by CSS analysts to support the development of taxonomies included: common lexicons, brainstorming, problem

14 15

Lambe (2007). For discussion, see: Bayne et al. (2013)

Early CSS Innovations in Risk Analysis

113

Fig. 1 All hazards risk event categories

structuring and community mapping.16 Employed at the front-end of a risk assessment, taxonomies ensured key stakeholder ‘buy-in’ and ownership to the process. The results of taxonomy creation had the advantage of satisfying partner requirements while meeting the threshold for scientific rigour. Taxonomies required CSS analysts to provide advice on problem structuring across multi-stakeholder groups, ensuring cross-functional team awareness, and shift to a proactive posture that included surveys and bilateral meetings to produce deliverables that reflected the unique perspectives of collaborative partners. Taxonomies often led to the emergence of new perspectives that reflected a strategic, national views of risk versus one that were locally-oriented, parochial or institutional in nature. In other words, risk-informed taxonomies transcended corporate risk profiles and organizational boundaries. The AHRA taxonomy (Fig. 1) provided a structured approach for discussing human-induced and non-malicious threats and hazards, and illustrated the interconnected nature of Canada’s risk environment. Malicious and non-malicious characterizations were used as high-level categories to shape the taxonomy and to bring the diverse risk communities together. New challenges in the NRP included scalability, especially looking at impact scales at various jurisdictional levels, where the concept of regional taxonomies and regional risk profiles was explored. The innovations in taxonomies allowed CSS to develop robust tools for partitioning of all of the factors of a risk assessment into logical categories, and provided a “blueprint” for further methodology development, refinement and analysis.17 16 17

Verga (2007). Verga (2012, p. 6).

114

S. K. Friesen

2. Architectures ‘Architecture’ is a systematic approach that organizes and guides design, analysis, planning, and documentation activities.18

Enterprise architectures (EA) are not new. They have been widely adopted and promulgated in the Department of National Defence/Canadian Armed Forces (DND/CAF) as a standardized methodology for describing, understanding and managing complex relationships.19 Architecture framework products are easy to maintain and update using a relatively intuitive user interface. Architectures provide a systematic and repeatable format for depicting how the various components of risk assessment were interrelated, including the inputs, hierarchy, functions, departmental functions/mandates, processes, outputs, interfaces, etc. The emphasis within the DND on using architecture frameworks as a means of embracing system complexity and technical diversity of interrelated systems led to its application in the public safety and security in the context of risk assessment. For instance, a high level architecture model was developed by DRDC CSS (using QualiWare) to support the piloting of Canada’s National Risk Profile (NRP) project.20 A CORE architecture model (developed with Vitech) was used to identify information or process “need lines”, communication interfaces and other interdependencies between organizations to gain an understanding of the risk requirements for the AHRA (Fig. 2). An architecture developed to inform evidence-based decision-making in the CSSP is another example of the value of this approach to risk assessment. CSS analysts worked with a contractor team to develop an architecture that presented the CSS strategic views and functions that were developed using a model-based method to visualize important factors for risk assessment and risk-informed decision support. This architecture linked risk assessment to the CSSP Continuous Planning Cycle, Formal Objectives, stakeholders, Performance Measurement and Program Outcomes. In this case, architectures allowed the creation of a more coordinated approach to risk-based planning for policy, program and operational contexts (Fig. 3). This effort included a review of software applications support for all hazards risk analysis within the CSSP and illustrated the value of architectures, especially navigating between Strategic View (StratV-1) with Operational (OV-5a) and Capability Views (CV-1), resulting in the identified of gaps/deficiencies and opportunities for interoperable risk assessment across the Centre.21 18

See “Glossary of Terms,” QualiWare Center of Excellence. Accessed May 2022: https://www. google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwik vJKN3sj3AhXCkIkEHbYyBSsQFnoECAgQAQ&url=https%3A%2F%2Fcoe.qualiware.com% 2Fresources%2Fea3%2Fanintroductiontoea%2Fglossary-and-abbreviation-list%2F&usg=AOv Vaw2v2-_pJWagqwtHsW0ZzN619 DAOD 2011-0, Enterprise Architecture. Accessed May, 2022: https://www.canada.ca/en/dep artment-national-defence/corporate/policies-standards/defence-administrative-orders-directives/ 2000-series/2011/2011-0-enterprise-architecture.html. 20 Friesen (2016). 21 Dube (2017).

Early CSS Innovations in Risk Analysis

Fig. 2 Architecture operational node diagram

Fig. 3 Architecture: interoperable modelling for risk assessment

115

116

S. K. Friesen

The application of architectures in context public safety and security forced CSS analysts and partner organizations to consider the goals/objectives of the risk assessment and critical information requirements for defining the methodology. Architectures ensured that the underlying data model supporting the risk assessment— i.e., inputs, outputs, processes, functions, interfaces, roles and responsibilities—was taken into account. For the most part, CSS analysts leveraged architectures using a complementary, “top-down”, systems engineering-type approach. CSS analysts normally started with the highest definition required from an architecture and then drilled down into greater detail. A key feature in the CSS approach to architectures was to capture the requirements and protocols for federal interdepartmental operations and departmental roles and responsibilities in strategic emergency management planning and risk management. This allowed CSS to perform a key assumptions check and clarify the boundaries/objectives/criteria of the risk assessment framework. A common misunderstanding was that a metrics-based framework is only concerned with the risk assessment. The reality is that risk assessment is part of a larger end-to-end process with continuous feedback-loops, where emergency response measures, treatment options and mitigation actions are assessed for effectiveness. Architectures allowed the relationships between risk assessment, strategic emergency management and response planning, and risk tracking/monitoring functions to be explicitly represented as well as clearly understanding the flow of information across institutions in support of implementing emergency management functions.22 3. Scenario-Based Analysis In addition to providing the contextual backdrop, planning scenarios typically describe a chain of events. More than anything scenarios provide the means to capture assumptions about context (e.g. political, social and economic conditions), challenges and capabilities.23

Scenario-based analysis encompasses anything from alternate futures—i.e., longterm future trends—to small, high-fidelity vignettes. For planning purposes, scenarios cover generic threats or hazards that could occur within the near future and capture assumptions about context (e.g., political, social and economic conditions) as well as capabilities. Scenarios also include a notional situational description and a timeline. The final product is an account or synopsis of a projected sequence of events, or description of a course of action. DRDC CSS did not have the benefit of leveraging a standardized set of national planning scenarios for use in emergency management risk assessment or gap studies. A public safety and security Planning Scenario Framework was developed that included a set of scenarios that spanned the range of public safety and security capabilities from preparedness to recovery (i.e. −3 to +3 time horizon); these “full spectrum scenarios” provide context for planning, training and analysis.24 This drove CSS analysts to consider a broad range 22

Joyce (2010, p. ii). Alexander (2000). 24 Hales and Race (2010). 23

Early CSS Innovations in Risk Analysis

117

Fig. 4 PSS planning scenario framework dimensions

of plausible, realistic and relevant scenarios as the basis for most, if not all, risk assessments. The focus on a robust set of dimensions were key in helping define, access and select scenarios for security risk assessments (Fig. 4). In the context of malicious threats, there was significant uncertainty due to limited historical data with heavy reliance on the intelligence community to estimate threat actor capability and intent. This is one of the reasons why the CRA methodology used (and continues to use) characteristic CBRNE attack scenarios. The CRA methodology, based on the RAND Delphi Method, employed a comprehensive, bottom-up process that engaged experts from S&T, operational, law enforcement, and intelligence communities. Since 2002, the CRA has been conducted frequently through workshops, where a representative set of scenarios are rated for vulnerability (relative technical feasibility, impact) and likelihood, resulting in a risk rating achieved through consensus. The goal is to make these scenario assessments explicit and repeatable.25 An analogous approach was adopted in collaboration of regional experts to assess the probability and impact of disastrous scenarios within a local, regional, provincial or national risk environment to provide the regional context.26 An illustrative example of the widening scope of the scenario analysis work performed in CSS was the design basis threats (DBTs) for the Threat/Risk Assessment (TRA) implementation project for supporting the physical security of CAF/DND infrastructure.27

25

S. K. Friesen, op cit. See, Verga and Chouinard (2013). 27 See Baingo and Friesen (2020). 26

118

S. K. Friesen

Fig. 5 Scenario mapping

The AHRA allowed for the selection of scenarios that had the highest probability of occurrence and the highest consequence, and included mission areas that spanned the range of capabilities, from mitigation and preparedness through to response and recovery. ‘Nominal’ planning scenarios (and variants) allowed for the exploration of boundaries around extreme consequence low likelihood, and high likelihood low consequence (Fig. 5).28 CSS innovations included the development of automated tools related to all hazards risk assessment, including a scenario management library and capability assessment in the form of relational databases and web-based applications. The Risk and Capability Integration section tool suite comprised: the CRA database (db), Vignette Management System (VMS), and Full Spectrum Scenario Management Systems (FSSMS), with capability to search, present and access scenarios from a repository.29 The federal AHRA SharePoint application is an example of a webbased repository and on-line application that allowed CSS to develop scenarios with distributed teams in a collaborative environment, including risk ratings, dashboards and analysis graphs (Fig. 6).30 In developing and selecting scenarios for risk assessment, CSS analysts learned that scenarios were not detailed contingency plans or emergency response plans that attempted to predict an inherently unpredictable and unknowable future. Also, scenarios were not a ‘silver bullet’ for understanding the future but a tool that, through developing challenging, relevant and plausible situations in which the Government 28

For discussion, see: I. Bayne, et al. Giroux and Friesen (2014). 30 Friesen et al. (2013a). 29

Early CSS Innovations in Risk Analysis

119

Fig. 6 AHRA sharepoint landing site

of Canada (GoC) might have to act, and helped emergency planners make informed decisions about what requirements might be needed in future incidents. The use of scenarios for risk assessment does not justify acquisition decisions, provide detailed and specific planning instructions, nor does it afford ‘perfect’ knowledge of disasters or potential adversaries, capabilities, intent, etc. Ultimately, scenario development is a creative, interactive and iterative process that relies on human ingenuity and on accessing, generating, integrating and applying information / SME partner knowledge using a variety of methods (qualitative and quantitative), including: historical case studies, trend analysis, extrapolation, brainstorming, strategic studies, concept papers, departmental reports, “red-teaming”, lessons learned, exercise reports and after action reviews, risk modelling, simulation data, etc. The type of scenario and depth of information was dependent on the objective of the risk assessment. A rule of thumb is that a scenario outline should allow for enough detail to capture the assumptions/circumstances and inform risk ratings. The detail within each scenario will vary to account for the various natures and complexities of the risk events. Scenarios offered a consistent and complimentary approach to the rigorous analysis of lessons learned gleaned from real operations, in that they provided a ‘level of abstraction’ without necessarily forcing safety partners/end-users to go through what could have been perceived as a departmental forensic audit or performance evaluation.

120

S. K. Friesen

4. Capability Assessment Capability assessment involves summing the various elements of the capability against the capability goals developed at various times in the future. The assessment should be derived from the most suitable method available, which could include analysis, outcomes from real operations and expert judgement.31

A key element of the CSS approach to risk assessment was the effective use of “Capability Based Planning” (CBP) processes in the safety and security domain space, drawing from experiences from the US and other countries. Capability assessment is a measurement of the difference between the target capabilities and the existing capabilities, revealing gaps and deficiencies. A fundamental principle of CBP is that it is a process/method to optimize risk treatment options within a known resource envelope.32 Gaps can be structural and relate to either shortfalls in either capability or capacity, including the inability to achieve the desired effect to perquisite standards under prescribed conditions. A capability gap implies that the task cannot be completed with the current capabilities. A capability deficiency indicates that a capability exists, but is insufficient to meet the target level of capability. Capabilities can be any number of diverse elements, including plans, procedures, personnel, equipment, activities, infrastructure, knowledge and information. Capability gaps and deficiencies form the basis of S&T investment priorities. Implicit in the process is that it offers a credible alternative to threat based planning and a means to address uncertainty using a risk-based approach.33 For safety and security, the approach has to be generic enough to apply or adapted to a variety of conditions (e.g., policies, region, etc.). Numerous innovations were delivered in applying CBP for public safety and security, including a sample Target Capability List—Canada (TCL-C) edited by professionally-based working groups inclusive of local, regional, territorial, provincial, First Nation, NGO, private sector and academic representatives; a review of eight Resource Types (e.g., Fire and Hazardous Materials Resources) including two new ones (e.g., Fatality Management); modified terminology—approximately 750 “new” terms related to CBP embedded in Termium Plus®; the adoption of principles of CBP in certain Provinces; the development and testing of a process and methodology for local and regional all hazards Risk Assessment, with associated templates as an important element of CBP; and, exploration of a Capability Inventory and Gap Analysis (CIGA) technique in certain Provinces.34 Moreover, a Capability Assessment Management System (CAMS) was developed to support risk assessment and systemize capability assessments, allowing SMEs to: • Characterize scenarios and maintain an inventory of “master events” and scenarios; • Catalogue tasks and maintain a historical record of assessments; and 31

The Technical Cooperation, JSA TP 3 (2003). Goudreau et al. (2012). 33 For discussion, see: Hales and Chouinard (2011). 34 Defence Research and Development Canada (2013). 32

Early CSS Innovations in Risk Analysis

121

• Capture SME judgement and facilitate comparison and analysis (Fig. 7).35 CSS developed a unified and comprehensive Capabilities-Based Investment Model (CBIM) that was federated (as opposed to sequential or linear), whereby each element of the CBP process can be conducted in relation to the others (i.e., link

Fig. 7 Screenshot of the capability assessment management system

35

Friesen et al. (2013b)

122

S. K. Friesen

Fig. 7 (continued)

an investment to a threat, a capability gap to a risk, etc.).36 A range of planning techniques—e.g., scenario planning, functional planning, operational planning—were accounted for in the CBIM. The flexibility comes in the freedom to execute each step according to different tools and techniques (Fig. 8).37 The goal of the CBIM was to deliver national capabilities to prevent, protect against, respond to and recover from hazards while balancing risk with resources. It allowed the consideration of multiple and diverse issues, hazards, and threats, captures the common and unique capabilities, and directs funding to close any gaps. The CBIM also provided feedback loops to optimize and evaluate the process, as well as establish an audit trail for accountability. The notion of linking risk assessment with other forms of analysis is particularly relevant in the context of public safety and security, which is characterized by a shared (decentralized) model of accountability for managing risks down to the lowest (e.g., state/Provincial Territorial, municipal) levels. In actuality, this can be scaled up to support regional, national and international cooperation, the purpose of which would be to identify and assess the interdependencies of emerging risks that do not occur independently, but cut across institutions and capability owners different points in 36 37

Goudreau et al. (2012b). Friesen (2020).

Early CSS Innovations in Risk Analysis

123

Fig. 8 Generic capability-based investment model

time. By applying a combination of tech foresighting, risk and CBP techniques, CSS was in a position to collaborate on analyzing the implications for emerging dualuse S&T—i.e., how to exploit and apply S&T for socio-economic benefit, improve global performance of mandated missions, and accelerate technology adoption.

3.1 Exercise PERSEVERENCE—Capability Assessment at a Glance A Table Top Exercise (TTX)/pilot was held in Ottawa in June 2013 to trial the capability assessment and to solicit SMEs to identify capability requirements and gaps relating to the Health Portfolio (HP). In preparation for the TTX, a methodological approach was agreed upon and a Users’ Guide was drafted and distributed to key stakeholders in the emergency management and population and public health communities. The approach was based on a Strategy-to-Task, Mission/Function/Task decomposition. A capability framework based on the Government of Canada (GC) emergency management pillars was employed and a task library drawn from the TCLC, existing plans, and recent lesson learned reports was generated. A full-spectrum scenario—based on evolving global pandemic/viral outbreak—was developed to

124

S. K. Friesen

provide context and invoke capability requirements and, to facilitate assessment and to seed the discussion, observations from some previous after-action reports were related to capabilities and tasks. The scenario was parsed into Prevent, Prepare, Respond and Recover segments, corresponding to the four emergency management pillars. At the end of each segment, an examination of the setting, identification of triggers and discussion of illustrative tasks was conducted. Participants were then invited to individually complete an assessment of tasks and asked to record comments explaining their rationale. Worksheets were collected, individual assessments collated, and ‘scorecards’ generated using a Green/Yellow/Red stoplight rating scale. Although neither validated nor definitive, the results were instructive and insightful. While there were some areas of variance, in general, there was a broad consensus among the representatives who took part. The preponderance of capabilities was assessed to be adequate yet, the methodology allowed for a number of concerns to be noted and the findings documented.38 The TTX provided an enormous opportunity to trial the capability assessment methodology and illustrated the value of adopting a structured analytical technique to assess capability requirements and gaps.

4 Conclusion CSS knowledge, experience and scientific leadership informed multiple collaborative risk assessment projects with cross-functional teams of SMEs, and enabled S&T advice for executive decision-makers in Federal OGDs, Provinces/Territories, municipalities and international partners to inform risk and mitigation decisions. CSS innovations were derived directly by interacting with end-users, capturing stakeholder requirements from safety/security partner organizations, and establishing systematic, rigorous and transparent risk-based frameworks and methodologies that were, to the greatest extent possible, fully integrated into decision structures, strategic emergency management plans and program prioritization mechanisms. By 2017, in addition to developing hazard-based risk assessments, CSS was fully capable of preparing and delivering multi-dimensional multi-stakeholder, and multi-jurisdictional risk challenges that met partner requirements. The compounding and cascading effects of low probability, high consequence events drove CSS analytical innovations in risk analysis, particularly through the adoption of ‘mixed method’ approach. Through its activities, DRDC CSS was the forefront of innovation in public safety and security risk assessment, and positioned itself to exercise scientific leadership in this domain, which frequently guided follow-on collaboration on S&T projects, with local, federal and international partners. DRDC CSS earned a great deal of credibility among its peers and postured itself as a ‘risk support centre’ in terms of its SMEs in

38

Hales et al. (2013).

Early CSS Innovations in Risk Analysis

125

this domain by serving as a knowledge integrator for multi-stakeholder, all hazard whole-of-government risk analysis.

References Alexander D (2000) Scenario methodology for teaching principles of emergency management. In: Disaster prevention and management, vol 9, no 2 Baingo D, Friesen SK (2020) Threat risk assessment implementation project: a summary of the methodology supporting the physical security of Canadian armed forces. Department of National Defense (CAF/DND) Infrastructure, DRDC-RDDC-2020-L226 Bayne I, Duncan J, Mills B, Friesen SK, Goudreau A (2013) The federal all hazards risk assessment framework body of knowledge, vol 1: establishing an information baseline and way forward. DRDC CSS TR 2013-014 Chouinard P, Masys A, Hales AD (2016) National critical infrastructure interdependency model: Way ahead. Defence Research and Development Canada, Centre for Security Science, Ottawa ON (CAN), DRDC-RDDC-2016-B010. Report date: 26 Apr 2016 Committee of Sponsoring Organizations (COSO) (2004) Enterprise risk management—Integrated framework executive summary Defence Research and Development Canada (2013) Regional capability-based planning methodology guidelines. Center for Security Science Dr. Douglas AJ (2006) Quantification issues in the consolidated risk assessment. In: Internal working paper 2006/AJD1. Operational Research Team, DRDD CSS Ottawa (Unpublished manuscript) Dube G (2017) Architecture contribution to risk and evidence informed decision making within the Canadian safety and security program (CSSP) (U). DRDC Contract Report (CR) DRDC-RDDC2017-C085 Friesen SK (2016) National risk profile architecture development (U). DRDC CSS Reference Document, DRDC-RDDC-2016-D069 Friesen SK (2017) The chemical, biological, radiological/nuclear explosive (CBRNE) consolidated risk assessment (CRA) rating tool guide (U). DRDC Reference Document, DRDC-RDDC-2017D001 Friesen SK, Giroux G, Villeneuve A (2013a) Overview of the federal all hazards risk assessment (AHRA) automated application and capability assessment management system (CAMS) (U). DRDC CSS Technical Note TN 2013a-031 Friesen SK, Giroux G, Villeneuve A (2013b) Overview of the all hazard risk assessment (AHRA) automated application and capability assessment management system (CAMS). DRDC CSS TN 2013-031 Friesen SK, Bayne I, Donovan IR (2015) Developing a money laundering & terrorist financing risk assessment framework in Canada. Centre for Security Science Support for the process and methodology. Defence Research and Development Canada, Centre for Security Science, Ottawa ON, DRDC-RDDC-2015-R037 Friesen SK (2020) Incorporating a capability-based investment model to the emerging risk matrix for public safety. DRDC-RDDC-2020-B028 Giroux G, Friesen SK (2014) All hazards risk assessment transition project: report on capability assessment management system (CAMS) automation. DRDC-RDDC-2014-C35 Goudreau A (2009) Section head—Risk assessment & capability integration risk assessment & capability integration, CAFC visit—01 April 2009, unclassified presentation Goudreau A, Chouinard P, Friesen SK (2012a) Capability-based model for public safety and security (U). Presentation to Public Safety Canada Executives, Ottawa, ON Goudreau A, Chouinard P, Friesen SK (2012b) Capability based investment model for public safety and security. Unclassified presentation to Public Safety Canada, Ottawa ON

126

S. K. Friesen

Gratt LB, Chairman IWG Corporation (1989) The definition of risk and associated terminology for risk analysis. Prepared by the Society for Risk Analysis (SRA) Committee for Definitions, San Diego, CA. https://link.springer.com/chapter/10.1007/978-1-4684-5682-0_73?noAccess= true. Accessed May 2022 Hales D (2016) Emergent best practices in national risk assessment practices and process (U). DRDC Contract Report (CR) DRDC-RDDC-2016-C325 Hales D, Race P (2010) Public security technical program planning scenario: final report. Defence R&D Canada, Centre for Security Science DRDC CSS CR 2010-10 Hales D, Chouinard P (2011) Implementing capability based planning within the public safety and security sector: Lessons from the defence experience. Defence R&D Canada, Centre for Security Science, Technical Memorandum, DRDC CSS TM 2011-26 Hales D, Avis P, Friesen SK (2022). Exercise perseverance: capability assessment table top exercise after action report. DRDC CSS Technical Report TR2013-010. Accessed May 2022. http://cra dpdf.drdc-rddc.gc.ca/PDFS/unc140/p538062_A1b.pdf. Accessed 24 Feb 2016 Joyce H (2010) Thoughts on AHRA requirements and architecture. Unpublished Technical Note Lambe P (2007) Organising knowledge: taxonomies, knowledge and organisational effectiveness. Chandos Publishing, Oxford (quoted from Verga 2012) The Technical Cooperation, JSA TP 3 (2003) Guide to capability-based planning, p 11. Accessed May 2022. https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved= 2ahUKEwjfu7bR68j3AhWDPM0KHUqVCzsQFnoECBAQAQ&url=https%3A%2F%2Fwww. hsdl.org%2F%3Fview%26did%3D461818&usg=AOvVaw0mEo50UcVl9NBcDponvgrD Verga S (2007) Intelligence experts group all-hazards risk assessment lexicon. DRDC-CSS-N-2007001 Verga (2012) A holistic, cross-government all hazards risk assessment. Defence Research and Development Canada, Centre for Security Science (DRDC CSS), Ottawa, ON, Canada, 2012. Accessed May 2022. D69-26-2013-eng.pdf(publications.gc.ca) Verga S, Chouinard SP (2013) Preliminary results of the consolidated risk assessment to inform capability based planning in support of emergency planning for the Metro-Vancouver region. Defence R&D Canada, Centre for Security Science, Ottawa ONT (CAN), DRDC-CSS-LR-2013047

Exercises to Support Safety and Security Ray Wong, Kelly Morris, and Anthony J. Masys

Abstract Complex safety and security events can stress test societal systems and reveal ‘latent risks’ such as the lack of preparation, insufficient vulnerability analysis and response. Weick and Sutcliffe (Managing the unexpected: resilient performance in an age of uncertainty, 2nd edn. Wiley, San Francisco, 2007: 2) highlight how such an event can be ‘…considered as an abrupt and brutal audit: at a moment’s notice, everything that was left unprepared becomes a complex problem, and every weakness comes rushing to the forefront’. A Chatham House report, ‘Preparing for High Impact, Low Probability Events’, found that governments and businesses remain unprepared for such events (Lee et al., A Chatham House report, 2012). To support the full cycle of disaster management: Mitigation, Preparedness, Response and Recovery, exercises are conducted to support design of strategies and verify and validate them under controlled and observed conditions. This chapter examines the key features of exercises and how they have been applied to design and test plans, processes, people and organizations in preparation for disruptive shocks. Keywords Exercises · Safety and security · TTX · Planning

1 Introduction As described in Masys (2012), Black swans represent the unpredictable. They represent ‘… our misunderstanding of the likelihood of surprises’ (Taleb 2007: 2) A black swan is described by Taleb (2007) as that which is an outlier, that which is outside the realm of regular expectations which carries with it an extreme impact such as natural disasters, market crashes, catastrophic failure of complex socio-technical systems and terrorist events such as 9/11. These “surprising events” reflect an organizations inability to recognize evidence of new vulnerabilities or the existence of ineffective countermeasures (Woods 2006: 24) This necessitates the requirement to readjust to their existence and thereby the need to consider the extremes (Taleb 2007: xx). R. Wong · K. Morris · A. J. Masys (B) Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, ON, Canada e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_7

127

128 Fig. 1 Integrated planning for major events

R. Wong et al.

Event planning Safety planning

Security planning

Disruptive shocks and black swan events can be catastrophic to societal systems. Hosting a major event such as the Olympics requires integrated planning across the event, safety and security pillars (Fig. 1) in the event a catastrophic shock should occur. In support of such major events as the Olympics, government, first responders and military officials work together in exercises that simulate emergency scenarios such as natural disasters, health threats and terrorist attacks to validate plans, training, etc., and identify areas for improvement. Beyond the requirement for test and evaluation of event safety and security plans, there exists a requirement for national planning and preparation for major disasters. Public Safety Canada provides oversight and guidance in the setting of exercise priorities and co-sponsors key activities with lead departments as per the National Exercise Program. The National Exercise Program’s objective is to continuously improve emergency management in Canada through the coordination of comprehensive whole-of-government all-hazards exercises of national interest. The program includes: • domestic and international exercises addressing all-hazards and major international events; • establishment and implementation of a federal government lessons learned process to track ongoing capability and response activities improvement, and • education and training related to exercise development methodology through a variety of means. Training and Exercise programming contributes directly to strengthening the capability across all regions to respond to incidents of all types. The promotion of a common approach to emergency management, including the adoption of standards and best practices, aims to enhance the capabilities of Canada’s emergency management community.

Exercises to Support Safety and Security

129

2 Disaster Planning Through Exercise Support The Defence Research and Development (DRDC) Centre for Security Science (CSS) was created in 20061 as a joint endeavor between the Department of National Defence (DND) and Public Safety Canada (PS). The mission of CSS is to provide scientific and technical (S&T) advice and analysis support to PS and the broader public safety and security community. CSS also enables the contribution of collaborative research networks and collaborators toward public safety and security S&T innovation to support national public safety priorities. The capability to conduct exercises flows from CSS’s mission. This capability includes the responsibility to plan, develop, coordinate, and facilitate the conduct of exercises. In general, exercises are focussed practice activities that place participants in simulated situations requiring them to function in a capacity that would be expected of them in a real event. Exercises are designed to promote preparedness, response and recovery, through validation of policies, plans, procedures and equipment. The development of the CSS Exercise Program was in response to lessons learned from several years of exercise engagement across the S&T community and to reflect the traditional and emerging safety and security domains. CSS’s support to the 2010 Winter Olympic and G8/20 Summit Exercise Programs also informed the establishment and formalization of exercise support mechanisms provided by the S&T community. Although PS remains CSS’s primary “client”, a separate Memorandum of Understanding signed in 20082 expanded CSS’s support role, including for exercises, for PS and for the following organizations: • • • • • • • • • • • • • • 1

Agriculture and Agri-Food Canada Atomic Energy Canada Limited Canadian Border Services Canadian Food Inspection Agency Canadian Nuclear Safety Commission Canadian Security Intelligence Service Communications Security Establishment Canada Department of Fisheries and Oceans Environment Canada Health Canada Industry Canada Infrastructure Canada National Research Council Canada Natural Resources Canada

In 2006, PS and DND DRDC signed a MOU (DND identification number: 200604332) for the Collaboration in Science and Technology related to Public Safety and National Security, dated 16 August 2006. 2 In 2008, DND among various OGDs (which includes PS as a signed Participant) signed a MOU (DND identification number: 2008040021) concerning the Centre for Security Science and Public Security Science & Technology, dated 4 July 2008.

130

• • • • • •

R. Wong et al.

Public Health Agency of Canada Public Services and Procurement Canada Royal Canadian Mounted Police Privy Council Office Transport Canada Treasury Board of Canada.

CSS may also support exercise requests from municipalities, provincial governments, as well as engage in bi-national exercises. Building upon the relationships established under the 2006 and 2008 MOUs, in 2012 the Canadian Safety and Security Program (CSSP) was established. This federally funded program is led by CSS, in partnership with PS. The mission of the CSSP is to strengthen Canada’s ability to anticipate, prevent, mitigate, prepare for, respond to, and recover from natural disasters, serious accidents, crime and terrorism through the convergence of science and technology (S&T) with policy, operations, and intelligence. Essentially, the CSSP provides a more detailed framework and expansive mandate for the provision of CSS support to PS and other government departments. CSSP’s collaborative model fosters, through different mechanisms, innovative science and technology advancements that contribute to the safety and security of Canadians. In order to sustain growth in our fields of interest, increase capabilities and respond to a changing environment, CSS works domestically and internationally in partnership with government, industry, and academia. Typically, exercises are convened by the CSS Technical Authority (TA) and follow a building-block approach in which participants are led through a logical series of training events and exercises that escalate in complexity. Each subsequent exercise are designed to build upon the previous one, in scope and complexity. Types of Exercises Exercise are purpose driven across a spectrum from planning to training to validation. As such the complexity (and costs) of exercises are linked to their desired outcome and capabilities being tested (Fig. 2). Exercises can be categorized as: • Orientation Seminar. These are used to provide an overview or introduction to a plan, procedure, function or organization. They are typically conducted in a classroom or presentation format. • Seminar Exercises. Seminar exercises are generally low cost activities and inform participants about the organization and procedures which would be invoked to respond to an incident. The emphasis is on problem identification and solution finding rather than decision making. Those involved can be either new to the job or established in their role. This type of event will bring staff together to inform them of current developments and thinking. These events may take place within the framework of a seminar which also includes and/or panel discussions and are primarily designed to focus on one particular aspect of the response. • Drill. A coordinated, supervised exercise activity normally used to test a single, specific operation or function.

Exercises to Support Safety and Security

131

Tabletops Workshops Seminars

Full-Scale Exercises

Capability

Drills Games

Functional Exercises

Planning / Training Fig. 2 Spectrum of Exercises with inceasing complexity

• Training. CSS often takes a leadership role in arranging practical, hands-on training for first responders and other operational communities. While the scope of this contract does not include formal classroom training, it does include organizing hands-on training specific to one of the identified Scientific Areas. In particular, this training may require the preparation of samples, or simulation environments and may require specific safety oversight. Often S&T expertise is used to conduct the training • Table Top Exercise (TTX). A TTX is a facilitated analysis of an emergency situation in an informal, stress-free environment. Although often conducted in the form of a roundtable discussion, they may also involve limited simulation and breakout groups for added interest and training value. TTXs are cost effective and efficient methods of testing plans, procedures and concepts of operations. They can be difficult to run with large numbers, but those players who are involved are provided with an excellent opportunity to interact with and understand the roles and responsibilities of the other agencies taking part. They can engage players imaginatively and generate high levels of realism. Participants will get to know realistic key procedures along with the people with whom they may be working in an emergency. Those who have exercised together and know each other will provide a much more effective response than those who come together for the first time when a disaster occurs. • Command Post (CPX)/Functional Exercise (FX). These are interactive exercises that test the capability of an organization(s) to respond to a simulated emergency using real-world emergency response facilities, equipment, communication channels, etc. in as realistic a manner as possible without actual deployment of field personnel and/or equipment. During CPXs/FX’s the team leaders (and communications teams) from each participating organization are positioned at the command posts they would use during an actual incident or live exercise. This tests communication arrangements and, more importantly, information flows between remotely positioned team leaders from participating organizations.

132

R. Wong et al.

These exercises are cost effective and efficient in testing plans, procedures and key people. • Live Play/Full Scale Exercise (FSX). These exercises simulate a real emergency as closely as possible, involving the deployment of real assets and designed to evaluate operational capability in a highly stressful environment. Activity play may include a small scale test of one component of the response, like evacuation ranging from a building or “incident” site to an affected community—through to a full scale test of the whole organization’s response to an incident. These exercises provide the best means of confirming the satisfactory operation of emergency communications and the use of ‘casualties’ can add to the realism. Live Play/FSX provide the only means of testing fully the crucial arrangements for handling the media. A live exercise would not normally be undertaken until there was an adequate level of confidence in those involved. The following are examples of ongoing exercises supported through CSS: • National Capital Region Critical Incident Response Structure (NCR CIRS). This Project seeks to enhance the crisis management framework of the multijurisdictional policing forces responding to a critical incident in the NCR. This includes development of proper strategic, operational and tactical guidance, promotion and enhancement of intelligence and information sharing, and addressing emerging safety and security issues facing police and protective services within the NCR. The Project will test response capabilities through a series of Table Top Exercise involving the RCMP, Ontario Provincial Police, Ottawa City Police, Sûreté du Québec, Gatineau City Police, Municipalité Régionale du Comté (MRC) des Collines-de-l’Outaouais, and Parliamentary Protective Service, that will gradually increase in complexity. • Exercise Maritime Integration. This Project seeks to test various Federal and Provincial Nuclear Emergency Response protocols and capabilities. Lead agencies include Canadian Nuclear Safety Commission, Health Canada (Radiation Protection Bureau) and the Department of National Defence (Director Nuclear Safety). Primary stakeholders include the Royal Canadian Navy, Canadian Joint Task Force Atlantic, Canadian Joint Operations Command, the Nova Scotia Emergency Management Office and the Halifax Regional Municipality Emergency Management Office. The exercise component will culminate in a Live Play Exercise exercise. Exercise Tiers In addition to the Exercise Type, Exercises are also described by Tiers, which essentially relates to the organizational level of the activity, as follows: • Tier 1. Exercise is considered comprehensive with full participation right up to the federal level. The focus is often at the strategic and policy level but can include other elements to address local needs;

Exercises to Support Safety and Security

133

• Tier 2. Exercise will simulate many elements that are not formal players. The focus is still on strategy and policy; • Tier 3. Exercise is a simulation and will have a tactical or organizational focus, and • Tier 4: Exercise strictly engages local resources. Scientific and Technical Scope of Exercises CSS programs have invested in the mobilization of S&T expertise and capabilities from across departments, agencies, industry and academia, thus creating a uniquely collaborative community of Canadian S&T expertise in the domains of safety and security, enabling a convergence of the scientific and responder communities, and setting conditions for integrated S&T support to operations. CSS contributes to key mission areas across the safety and security domain and thus provides exercise support spanning this domain, which includes the following: • • • • • • • • • • • •

Biometrics Border and Transport Security Chemical, Biological, Radiological/Nuclear and Explosives (CBRNE) Critical Infrastructure Protection Cyber Security Emergency Management Systems and Interoperability (EMSI) Emergency Medical Services First Responder Forensics Law Enforcement Psychosocial Surveillance, Intelligence, and Interdiction (SI2).

Evolving or emerging technologies or operational imperatives may occasionally dictate the need for CSS to provide S&T support to scientific or technological domains other than those specified here.

3 S&T Support to TableTop Exercise (TTX) Design and Conduct Table top exercise are ‘low hanging fruit’ that can allow organizations and planning committees opportunities for understanding the problem space associated with, for example, hosting a major event. The TTX is designed and conducted to show the viability or fragility of mitigation, preparedness, response and recovery plans through a scenario-based exercise. As such one of the features and goals of the TTX is to challenge mindsets and perspectives with regards to ones understanding of a disaster scenario and how to manage it. With that in mind, the TTX can provide the planning team with enhanced understanding and experience with regards to business

134

R. Wong et al.

continuity, societal impacts and contingency action plans in disaster simulations. In addition, a well designed TTX can train and improve an organizations capabilities with respect to roles and responsibilities in managing a crisis or disaster. The strength of the TTX lies in the facilitated open discussion that ensues amongst the participants. TTX can be done at anytime along the planning and training spectrum. By doing so it enhances teamwork and communication across the different participating organizations. This was demonstrated during the exercise regime for Vancouver 2010 Olympics.

4 Exercise Design to Support Safety and Security Over the period of planning for the Vancouver Olympics, DRDC supported a number of exercises ranging from table tops to command post exercises to live exercises. As described in detail in Murray et al. (2010): Privy Council Office (PCO) Exercises. The PCO (through the Office of the Coordinator for the 2010 Olympics and G8 Security) mandated that a series of exercises be conducted to support the “whole of government” approach to safety and security preparations for the Olympics. The Exercise series was composed of three complimentary exercises: BRONZE, SILVER and GOLD.

• BRONZE was intended as a mechanism “To Explore” the C2 relationships between the groups. – Exercise BRONZE was a table top exercise with a regional focus. DRDC provided analysts to participate as controllers for the exercise as part of the Director Land Synthetic Environment (DLSE) assessment team. Other Subject Matter Experts (SMEs) were provided through MECSS to assist the discussion groups with technical expertise such as in CBRNE and psychosocial. ii. • SILVER was intended “To Practise” the established relationships and procedures – Exercise SILVER was a command post exercise with some live play elements that continued to develop the C2 relationships within the safety and security pillars, expanding the exercise beyond the region to include Federal and international level stakeholders. DRDC supported the assessment for the Canada Command Joint Command Centre (JCC), the V2010 ISU and, for the first time, the Provincial Regional Emergency Operations Centre (PREOC). Within the ISU, analysts were present in the Theatre Command Centre (TCC) and the co-located Vancouver Area Command Centre (VACC). DRDC data collection methods involved in-situ observations and questionnaires. • GOLD was planned as a way “To Confirm” the readiness of the safety and security structure.

Exercises to Support Safety and Security

135

– Exercise GOLD was the final opportunity for the security and safety pillars to test and practise the C2 structure and procedures that had been developed and put in place. DRDC deployed S&T advisors as assessment support teams across the V2010 operations centres. Support methods involved in-situ observations and the administration of questionnaires and also included the use of the Confirmation Architecture Framework (CONAF) metrics “scorecard” at the request of the ISU exercise planners. At the tactical level, exercise support was provided to design and validate the V2010 ISU’s Vehicle Screening Area (VSA) and Pedestrian Screening Area (PSA) through a dedicated exercise campaign. This consisted of three exercises: Ex MOCKASIN, Ex BLUE, and Ex ICE. The results of DRDC’s exercise analyses provided an empirical, quantitative basis for ISU’s planning efforts, decision making, and discussions with VANOC. The resulting insights and advice spanned all aspects of VSA and PSA operations and helped prompt a paradigm shift in the ISU’s VSA concept. For example • Ex MOCKASIN. The Mock Area Screening Exercise (Ex MOCKASIN) was conducted at the RCMP Pacific Region Training Centre in Chilliwack, BC during June, 2008. From a VSA perspective, the exercise explored the relative performance and requirements of a conventional design versus promising alternatives that arose from DRDC’s modeling and analysis efforts. Time and motion studies were also conducted regarding the V2010 ISU’s evolving PSA and Remote Vehicle Screening Site (RVSS) concepts. DRDC made essential contributions during the exercise planning phase by providing one member of the core, three-person planning team; advising on scheduling, resource, execution, and logistical issues; and designing the data collection plan. During the exercise’s execution phase, DRDC provided key personnel, including the exercise’s controller, its three-person data collection team, and one of two classroom instructors for participant training. DRDC also analyzed the exercise data and delivered its results to the V2010 ISU’s Physical security section via a letter report as well as formal and informal briefings. The exercise methodology and data collection plan devised by DRDC proved to be highly effective and influential. The rigorously obtained results clearly illustrated (both quantitatively and qualitatively) that the alternative VSA approaches proposed by DRDC outperformed the conventional one during the exercise. Moreover, a strong stakeholder consensus regarding the relative suitability of each VSA option was engendered by enlisting many V2010 ISU and Vancouver 2010 Organizing Committee (VANOC) members (who would otherwise have been passive exercise observers) as vehicle occupants. The strength and clarity of the results and broad participant consensus fostered a paradigm shift within the V2010 ISU’s VSA concept such that the conventional approach was supplanted by those proposed by DRDC. Consequently, the exercise strongly impacted all aspects of Game-time VSAs including their manning, spatial requirements, internal configurations, tent quantities and specifications, etc. Observations

136

R. Wong et al.

made during the PSA and RVSS portions of the exercise also prompted the V2010 ISU to revisit certain aspects of those planning efforts. • Ex BLUE. Exercise BLUE (Ex BLUE) consisted of four real-world field trials: two VSA trials (held in Whistler, BC and Vancouver, BC) and two PSA trials (also held in Whistler, BC and Vancouver, BC). The exercise represented a larger scale, higher fidelity follow-on to Ex MOCKASIN whose participants included members of the V2010 ISU, VANOC, and the general public. During the exercise, the V2010 ISU’s VSA and PSA concepts were tested under winter conditions at or near Olympic venues to identify potential gaps, improvements, and Games-time requirements in detail. Ex BLUE’s scale, locations, and high degree of realism also provided an excellent preview of numerous challenges that would confront Games-time VSA and PSA personnel during the following winter. Such foreknowledge was invaluable to ISU planners and DRDC personnel during the final planning and execution phases of V2010. • Ex ICE. The V2010 ISU conducted the Instrument Configuration and Evaluation Exercise (Ex ICE) at its Richmond, BC headquarters during June, 2009 as a more comprehensive follow-on to Ex BLUE. • Pegasus Guardian (PG) Series. – The PG series of command post exercises began in Nov. 2007, prior to MECSS, and resulted in four exercises in the series (PG1, 2, 2.2 and 3) leading up to V2010. Apart from PG1, the series was held in conjunction with the BRONZE, SILVER and GOLD exercises. – PG1 investigated the processes required for information sharing in an integrated security unit in charge of public security for a major event. While conducted outside of the MECSS project, PG1 laid the foundation for follow-on integrated exercises that would call on MECSS for support. – PG2 was focused on the security pillar. Its aim was to examine and test information flows into, within and out of the ISU’s Integrated Command Centre (ICC) while affording participating organizations the chance to gain experience with operating together. DRDC provided the simulated C2 infrastructure for JTFG as well as analytical support to the ISU – PG2.2 was generated as a way to implement changes and also as a “warm-up” for SILVER which ran the week after. DRDC provided direct assessment and analysis support for PG2.2 to the ISU Exercise Planning Team. This success set the trend for all subsequent DRDC support to the V2010 Exercise Program. From PG2.2/SILVER on, the ISU drew its lessons learned and ways forward for the exercises almost completely from the reports DRDC supplied. iv. PG3 was the ISU’s preparatory exercise for Ex GOLD. It was intended as a security exercise only in that the safety and games operations pillars were not heavily played or were played by surrogates. It was intended as the ISU’s confirmatory exercise and was larger than GOLD in terms of the ISU’s commitment of resources and effort.

Exercises to Support Safety and Security

137

– Marine Security Tabletop Exercises. In support of the ISU’s Marine Security Planning Team, members of the OMOC and the Federal Marine/Surface Technical Working Group, DRDC designed, developed, facilitated and assessed three carefully structured tabletop exercises (14–15 Oct. 2008, 13–14 Nov. 2008 and 16–17 Jun. 2009) known as Force Protection Matrix Game (FPMG) Marine One, Two and Safety/Security Matrix Game—Marine Three. These were all held at HMCS Discovery in Vancouver. Although each was unique in scale and scope, they were all aimed at improving the stakeholder’s awareness of capabilities, resources, Standard Operating Procedures (SOPs), and areas of responsibility.

5 Red Teaming As part of the exercise regime, plans supporting the major event security often require a level of verification and validation to ensure that the requisite security posture is appropriate and in place. One technique that has been successfully employed both within security and defence domains is Red Teaming. As described in Masys (2012: 323), the process of Red Teaming has long been used as a methodology to serve as a devil’s advocate, offering alternative interpretations and challenging established thinking within government and commercial enterprises in order to identify and reduce risks. Red Teaming has a history of application within both industry and the military domain. Within the military domain in particular, Red Teaming has an outstanding record of success as described in (DSB Task Force 2003). Within this domain and others, red teaming is used as a way to challenge planning assumptions, established mental models, feasibility, vulnerability, risk, and operational value and as a tool to assist organizations to avoid the common fault of group think (Janis 1972). As such, Red Teaming can facilitate insights into otherwise ‘hidden’ catastrophic surprises. Red Teaming can be used to conduct peer review of plans and policies to detect vulnerabilities and present alternative scenarios to challenge the problem space. Applied to the domain of security, Mateksi (2009: 35) reports that ‘…Red Teaming is considered the best tool for raising security awareness in an organization and as such can facilitate the discovery of security holes for which known fixes, configurations, or patches have not been applied or where compensating security procedures are not in effect or not being enforced. Similarly red teaming is useful for ensuring that correct security configurations are maintained for the system…’. Red Teaming can be used at multiple levels within an analysis effort in order to examine the: • Strategic level to challenge assumptions and visions; • Operational level to challenge plans, mental models, designs and decisions • Tactical level to challenge operators in training or to examine the characteristics of interoperability

138

R. Wong et al.

Through these various strategies Red Teaming facilitates breadth and depth of understanding regarding issues of uncertainty and system behaviour as well as supporting organizational learning. It is an essential part of exercise planning in particular when employed during a tabletop exercise.

6 Conclusion The scope and complexity of planning for and executing a major event such as Vancouver 2010 Olympics is manifest. The security costs alone for V2010 was upwards of $1 billion. Given the threat landscape (Masys et al. 2023), planning and preparation for the event required a high degree of exercise support and scientific integrity. Exercises are a practical, efficient, and cost effective means: to verify and validate security plans for a major event; to foster and maintain preparedness for emergencies; and to train those that will have specific security roles and responsibilities. An exercise program serves to assess and clarify: 1. 2. 3. 4. 5.

Operational plans; member readiness; coordination internally and externally with partner agencies; roles and responsibilities; and awareness of threats and hazards.

Exercises generate lessons learned and best practices, which can be used to revise operational policy, plans, processes, and procedures, and provide a basis for training to improve upon our response proficiency. The value garnered from the exercise program in support of Vancouver 2010 Olympics and continued support to the Canadian Government highlights the impact CSS is having.

References DSB (Defence Science Board Task Force) (2003) The role and status of DoD red teaming activities. Defence Science Board Task Force, Washington, DC Janis I (1972) Victims of groupthink. Houghton-Mifflin, Boston, MA Lee B, Preston F, Green G (2012) Preparing for high-impact, low-probability events: lessons from Eyjafjallajökull. A Chatham House report. https://www.chathamhouse.org/sites/default/files/pub lic/Research/Energy,%20Environment%20and%20Development/r0112_highimpact.pdf Masys AJ (2012) Black swans to grey swans—Revealing the uncertainty. Int J Disaster Prevent Manage 21(3):320–335 Masys AJ, Vivekanandarajah V, Chiasson L (2023) Design thinking for safety and security: support to Vancouver 2010 Olympics. In: Masys AJ (ed). Safety and Security Science and Technology: Perspectives from Practice. Springer Mateski M (2009) Red teaming: a short introduction 1.0. Available at http://redteamjournal.com/pap ers/A%20Short%20Introduction%20to%20Red%20Teaming%20(1dot0).pdf. Accessed 4 Sept 2009

Exercises to Support Safety and Security

139

Murray C, Wood D, Chouinard P, Genik L, MacLatchy J, Dixson M, Dooley P, Funk R, Guitouni A, Masys AJ, Sykes T (2010) Major events coordinated security solutions technical report closeout (MECSS): the application of science and technology to reduce risk for V2010 and G8/G20 summits. Technical report DRDC CSS TR 2010-13. December 2010 Taleb NN (2007) The black swan: the impact of the highly improbable. Penguin Books Ltd., London Weick KE, Sutcliffe KM (2007) Managing the unexpected: resilient performance in an age of uncertainty, 2nd edn. Wiley, San Francisco Woods DD (2006) Essential characteristics of resilience. In: Hollnagel E, Woods DD, Leveson N (eds) Resilience engineering: concepts and precepts. Ashgate Publishing, Aldershot, Hampshire, pp 21–34

The Practice of FATE Gitanjali Adlakha-Hutcheon

Abstract From a philosophical perspective and in practice, it is important to take FATE in ones hands and shape the way forward. With this introductory line I wish to raise awareness of a method which goes by the acronym FATE. It is a method developed through research conducted within the auspices of the NATO Systems Analysis Studies Research Task Group 123 (NATO SAS-123; Adlakha-Hutcheon et al., Futures Assessed alongside socio-Technical Evolutions (FATE) Final report NATO SAS-123. Canadian DRDC Publishing, DRDC-RDDC-2021-N242, 2021a) where FATE stands for Futures Assessed alongside socio Technical Evolutions. The acronym also lacks the S from socio in its fold. This was an intentional omission, primarily to highlight the fact that most foresight-related studies develop scenarios and/or list technologies that will be disruptive. In so doing, they miss out on the input from practitioners and society at large, that enable adoption or dismissal of a technology, be it emerging and/or disruptive. In defence circles, studying emerging and disruptive technologies is a must for obvious reasons, yet their extension to a larger context for securing our world demands the inclusion of variables from a wider societal lens. FATE can be used to anticipate how technologies evolve in just such a context. This chapter will examine what can happen when FATE is put into practice, and by contrast what may be missed in its absence. Keywords Emerging and disruptive technologies · Socio-technical system

Futures Assessed alongside socio Technical Evolutions. G. Adlakha-Hutcheon (B) Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, Canada e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_8

141

142

G. Adlakha-Hutcheon

1 Introduction The FATE method is modular and consists of four steps. Adlakha-Hutcheon et al. (2021b) describe these four steps as “In Step 1, the initial problem or research question is scoped as a socio-technical system, i.e. it is described using the OPPPTI ontology (Organization, People, Processes, Policies, Technology, Infrastructure) for STSs within the multi-level framework composed of niche, regime and landscape levels proposed by Geels (2002), and Geels and Schot (2007). A small set of at least two pre-defined future scenarios is explored in Step 2. The scenarios are transformed into the TEMPLES scheme (Technological, Economic, Military, Political, Legal, Environmental and Social) for each scenario if not already laid out as such in the scenario. Step 3 is centred around interactions between future scenario(s) and the STS, focusing on determining the evolution of the STS from its baseline in the present to its transitions in to future states. The accompanying assessment includes both individual and group insights. The cumulative output and insights from these three steps are assessed for impact and relevance for defence and security in Step 4. The impact assessment in this step can be conducted on a set of capabilities, (i.e. what influences the client’s desired end state and what has to be done to reach it?) following which actionable options are derived to respond to the client questions. FATE is conducted in a participatory workshop style.” Why practice FATE? In the chapter, the reader is introduced to the four steps supplemented with examples in the following section. Examples of practicing FATE are provided in the third section and by contrast what may be missed in its absence is documented in the fourth section. The chapter concludes with the benefits of FATE.

2 Examples of Practicing FATE The FATE method is a way to examine emerging or disruptive technologies relative to future scenarios in order to develop insights for the socio-technical evolutions of such technologies. It is a recent operational research method that is conducted through facilitated group work. FATE was used to address client questions such as: Last Mile Delivery using Autonomous Transportation, used at Trial, see Maltby et al. (2020) and How could wearables affect urban operations? The contrasts in the FATE findings for these two examples will be used to guide salient features of the 4 steps of FATE. Their comparison was published in the proceedings of the NATO Operational Research and Analysis Conference 2020 (Adlakha-Hutcheon et al. 2020). The use of FATE for these two examples is expressed in its four steps, namely: Step 1: The question/problem is scoped as an STS Step 2: Pre-defined future scenarios are transformed into the TEMPLES

The Practice of FATE

143

Step 3: Evolution(s) of STS from its baseline to future states are determined from the analysis of the interaction between the STS and the scenarios Step 4: Impact of the evolutions in the STS is assessed for relevance (e.g. on a set of capabilities). Each step is described below in relevance to these examples. Additional methodological details including a Guide for the use of the Facilitators carrying out FATE are available in Adlakha-Hutcheon et al. (2021a).

2.1 Step 1—Socio-Technical System Centric In Step 1, a client’s question is explored through the lens of a socio-technical system or STS. The FATE development team examined several STS’s. These ranged from Production systems/manufacturing, Education to non-invasive worn smart devices. As a result it became apparent that the extent of the technical versus the social component varied relative to the topic. For instance, the subject of Education had a predominance of people and policy perspectives while the STS for Electricity had more technical ones. When emerging technologies are considered at the niche level, they were found to most often have an impact on regimes with an expansive development around all parts of the OPPPTI ontology. A list of all the Socio-Technical Systems (STS) that were either trialled, or were client questions is available in Adlakha-Hutcheon et al. (2021a). Should the reader want to get a deeper understanding of STS and conduct only Step one, then the 2018 book on Societal Transformation is a useful source of STS for 100 anticipated radical technologies (Linturi and Kuusi 2018).

2.1.1

Example of a Security-Relevant Topic Where FATE Should Be Applied

The question “How would Personal Identification through electronic means (social media, so a person’s presence or lack thereof on social media may identify them) affect operations, particularly intelligence operations?” is topical. It would benefit from an assessment through FATE.

2.2 Step 2—Scenario Centric The second step enables the user(s) to project themselves into a future timeframe through the use of a minimum of two pre-described states of the future or scenarios. In of itself, conducting step 2 may not be sufficient, nonetheless it enhances an understanding of the possible scenarios, and thus the context for the question at

144

G. Adlakha-Hutcheon

hand. It also enables everyone to arrive at a common understanding of the scenario. This step is facilitated by the use of the rich pictures technique.

2.2.1

Example of Scenarios with Relevance to Security for Use in the Application of FATE

In the development of the FATE method, the team made use of the Future World™ scenarios, (Maltby et al. 2014) that were readily available, and also because these were already described in the format of the TEMPLES scheme. Scenarios such as Future World™, are an input for the method. These are not intended to predict the future. Every four years, the Office of the Director of National Intelligence in the US publishes the global trends (Global Trends 2040 as Scenarios 2021) which are accompanied by an array of possible futures. Whilst their scenarios are not scoped out into TEMPLES, they provide a regularly updated source of scenarios which are easily useable for the purposes of FATE.

2.3 Step 3—STS and Scenario Interaction Centric The third step is a critical step where using at least two scenarios, the interactions between the STS and futures are analysed. It is this step which exposes/divulges how an STS may evolve into the future. Furthermore it also sheds light on why a component(s) of an STS is transitioning. This step is carried out through facilitated discussions. The user/working group investigates the linkages between the components of the STS in relation to the scenarios within, and between the multiple layers of niche, regime and landscape levels. Through this step, the STS components most likely to transition from the baseline relative to different future scenarios are identified. For obtaining optimal outputs, the analysis should cover individual and/or combined components of the STS with TEMPLES bullets from the scenarios. The end result of this step is an identification of effectors of change, that is, the drivers and resistors of change to the STS components, as well as any transitions. In addition to drivers and resistors of change, insights or the “so what’s” associated with the client question are revealed. These insights are in general new knowledge with relevance to defence and security (D&S). The two outputs of Step 3 include: the effectors of change (drivers and resistors associated with transitions) and insights. It is the latter that come about when the working group understands the complex relationships associated with transitions in several variables, in the context of an unknown future. A determination of the relevance of transitions to defence and security, is critical given the overall complexity and forms the next and final step or step 4 of FATE.

The Practice of FATE

145

2.4 Step 4—Impact for Relevance to Defence and Security Centric The impact of the evolutions in the STS for relevance to defence and security is determined in this step. This involves considerable assessment and is often carried out relative to capabilities on issues most pertinent for the client. The analysis of impact could be conducted as an aggregated analysis on effectors and issues, which occur in the STS for several scenarios or individually for each STS-scenario combination. The outputs of analysing impacts in terms of insights informs development of options for an organization to address negative consequences or take advantage of possibilities to influence drivers, resistors and component activities within the STS. A disruption calculus (Holland-Smith 2015) is a good option for presenting the impact analysis visually since it is represented by the time to respond on the Y axis and whether or not the assessed capability is a game-changer on the X axis.

3 Examples of Practicing FATE 3.1 Two Client Question as Examples to Illustrate the Practice of the FATE Method The two questions from clients shared earlier are used to demonstrate the FATE method in action. Each case of the application of FATE started with a dialogue with the client to determine assumptions about the desired end state stemming from the client’s question, how the results were intended to be used, as well as their perspectives on a future socio-technical system. For the facilitator’s benefit this interaction with the client prior to conducting FATE is essential and may be regarded as may a ‘pre-FATE Step’. The contrast between the applications of FATE to the following two client questions is presented in Table 1. These were also presented at the NATO Operations Research and Analysis Conference, 2020 (Adlakha-Hutcheon et al. 2020). The output of Steps 3 and 4 for the example on delivery to front lines through autonomous transportation is expressed in Fig. 1. This figure is a copy of a slide from the author’s presentation (Adlakha-Hutcheon 2021b). Illustrated in this figure is the fact that scenarios with varying degrees of uncertainty in the power dynamics or geopolitical nature provide a good measure of context for observing transitions in components of STS. The differences between the scenarios becomes very apparent and as a consequence can be used to inform the mitigation measures that an organization can take in respect to each Future World scenario. It should be noted that the results for the second client question trialled in Denmark at the time of writing were not available for publication.

146

G. Adlakha-Hutcheon

Table 1 Two client questions contrasted through the application of FATE Question

What is the impact of delivery to front lines by autonomous means? Alternatively cited as last mile delivery using autonomous transportation

How could wearables* affect urban operations? *Wearables refer to smart devices

Trial at

Trialled at the Defence Science and Technology Laboratory (Dstl) in UK in 2018

Trialled at the Institute of Military Technology at Royal Danish Defence College in Denmark in 2020

Relevance

1. Direct relevance for defence and militaries 2. An example of a traditional military operation with automated delivery of supplies to the front lines adding a contemporary flavour

1. The relevance extends beyond defence to the world of security and civil society writ large 2. An example of an urban operation with contemporary equipment being used to collect data facilitating near real time decision making

Impact (in general terms) Reducing number of soldiers in harm’s way

Minimizing risks for both soldiers and civilians

Fig. 1 The differences in effectors of change and impacts revealed upon the application of FATE using Future Worlds™ scenarios 4 and 5, drawn from the author’s presentation (Adlakha-Hutcheon 2021a)

The Practice of FATE

147

Adlakha-Hutcheon et al. (2020) state that “the type of analysis of impact enabled by FATE allows more effective anticipation of the future possibilities and what resilient responses entail, and the consequences of not planning for them.” This is true. Furthermore, the practice of FATE performs an integration function in that it incorporates/ brings together the benefit of known methods within defence such as SWOT (strengths, weaknesses, opportunities, threats) analysis and the defence capability management frameworks (DOTMLPF(I) (Doctrine, Organisation, Training, Materiel, Leadership, Personnel, Facilities, (Information) used in the US and NATO respectively) to the realm of safety and security. To gain optimal benefits from these methods it may be an idea to combine the sophistication of FATE with the visual simplicity of SWOT.

4 Consequences of not Practicing FATE or a FATE like Process Today’s future is hybrid. It will have an emphasis on both social and technical, and by extension will require skills in the two. Working from home (WFH) is a case in point. A basic access to technical infrastructure is a must for WFH which comes with consideration of social equity associated with telecommunication bandwidth. Giving it it’s just due requires the use of operational research methods that go beyond an assessment of technologies alone. The near, mid and long-term futures are all crowded with information, especially mis and disinformation; spurring a need for sifting fact from fiction. In the climate of such possible futures, it is imperative that one looks for not just technical solutions but also the social context which is the enabler and potentially the ultimate decision-maker. Applying all four steps of the FATE method, one gets an insight into drivers and resisters associated with evolutions in the STS of upcoming technologies, and thus the conditions to inform investment decisions when planning ahead for their use. The knowledge of unintended consequences of the introduction of a technology which in of itself may not be disruptive could go unnoticed without the use of FATE like holistic methods. Since, by and large, most foresight studies or assessments associated with the use of Emerging and Disruptive Technologies (EDT) tend to focus on the technology or the scenario set in the future, they tend to miss out on knowledge of effectors of change. The practice of FATE provides the added value not obtained by examining either single component of a client’s question alone, i.e., societal or technical. It is recognised that FATE complements assessment results obtained through the use of other methods and thus as a consequence adds weight to evidence informed decisionmaking. It is also intended to help policymakers see what may lie beyond the immediate horizon and therefore is a facilitator for proactive policy making.

148

G. Adlakha-Hutcheon

5 Conclusion To conclude why does applying FATE matter at all? Because the centre of gravity has shifted from Defence toward security. That is to say from known ways of working within spheres of defence toward building capabilities to the unknown ways of securing our spaces, especially with the hybridization of physical and cyber realms. FATE enables a multi, and an inter-disciplinary examination of transitions of technologies through a process that can be utilized by personnel wanting to get an answer to complex questions on technological developments and/or their diffusion. As a consequence the client has the foresight of where there may be need to react to desired developments. It provides insights into complex interactions that enable transitions, enables an awareness of Drivers and Resisters, which in turn facilitate our understanding of how disruptions may occur, how to plan for them, how not to have regret. FATE advances the body of knowledge; amplifies the policy-relevant research and improves the defence and security literacy of its users. It is also noted that the application of FATE may be considered laborious by some, since FATE involves systematic reflection, discussion and interactions, it is however exactly such workings that lead to a better understanding of complexities and associated insights (Hoffman et al. 2017; Klein 2018). It is also its modularity that facilitates an exploration of intended and unintended consequences, beneficial or other. Having a systematic assessment method that allows one to observe the amplification of a potentially insignificant change within a large complex system can be invaluable. Lastly the reader’s attention is drawn to a couple questions that merit exploration via FATE are: How would digitalization of personal and sensory data, its processing and AI affect operations? How would a world divided along possession or lacking access to technology with the potential of trade war and one comprised of technophiles and technophobes affect the adoption of AI technologies? The use of FATE in securing our futures is possible and worth trying. Ultimately FATE is unique to each circumstance.

References Adlakha-Hutcheon G (2021a) Is invoking FATE* strategic? (*Futures Assessed alongside socioTechnical Evolutions). In: Keynote address at the international defence and security conference 2021 on assessing strategic environment Adlakha-Hutcheon G et al (2021b). Futures Assessed alongside socio-Technical Evolutions (FATE). Final report NATO SAS-123. Canadian DRDC Publishing, DRDC-RDDC-2021-N242. ISBN 978-92-837-2322-6 Adlakha-Hutcheon G, Bown K, Lindberg A, Nielsen TG, Romer S, Maltby JFJ (2020) The use of FATE for illuminating disruptions. In: Proceedings of the 14th annual NATO operations research and analysis conference. Canadian DRDC Publishing, DRDC-RDDC-2021-P230 (Unclassified)

The Practice of FATE

149

Geels FW (2002) Technological transitions as evolutionary reconfiguration processes: a multi-level perspective and a case study. Res Policy 31(8–9):1257–1274. https://doi.org/10.1016/S0048-733 3(02)00062-8 Geels FW, Schot J (2007) Typology of sociotechnical transition pathways. Res Policy 36(3):399– 417. https://doi.org/10.1016/j.respol.2007.01.003 Global Trends 2040 as Scenarios (2021) Office of the Director of National Intelligence, Global Trends (dni.gov) Hoffman RR, Mueller ST, Klein G (2017) Explaining explanation, part 2: Empirical foundations. IEEE Intell Syst 32(4):78–86. https://doi.org/10.1109/MIS.2017.3121544 Holland-Smith D (2015) On the risk from high-impact, high-uncertainty technologies. In: NATO IST-135 Lecture series, Lecture 7 Klein G (2018) Explaining explanation, part 3: The causal landscape. IEEE Intell Syst 33(2):83–88. https://doi.org/10.1109/MIS.2018.022441353 Linturi R, Kuusi O (2018) Societal transformation 2018–2037: 100 anticipated radical technologies, 20 regimes, case Finland. Committee for the Future, Helsinki Maltby JF, Di-Placito J, Strong P, Kirlew M (2014) FutureWorlds™ narratives: global scenarios for evidence-based long-term analysis. Dstl Policy and Capability Studies, Portsdown West Maltby JF, Bown KJ, Adlakha-Hutcheon G, Lindberg A, Molder C, Peters CE, Rizzo G, Roemer S (2020). FATE method trial: trial of the method developed under the Futures Assessed alongside socio-Technical Evolutions (FATE). NATO SAS 123 Research Task Group within the British Dstl Publishing DSTL/TR112178

Cross Border Collaboration Models to Support Innovation in Security G. Jonkmans, K. Wyckoff, and C. Murray

Abstract This Chapter presents a model of collaboration between Canada and the U.S. in the development of knowledge, trusted advice and innovative technology solutions to address shared, bi-national, public safety and security issues. We outlined how we built a collaborative framework from the Canadian-U.S. treaty for Cooperation in Science and Technology for Critical Infrastructure Protection and Border Security, to accelerate the development of these science and technology solutions. We also outlined distinguishing principles that require particular emphasis in the security landscape, i.e., the necessity of building trust, consensus and agility. This approach has allowed us over the years to push the boundary of our cooperation to the level of an institutionalized binational relationship as we synchronize requirement cycles, investment planning, stakeholder engagement, risk and foresight approaches, and related programs and processes. Keywords Public safety · Security · Cross-border collaboration · Maturing partnership · U.S.—Canada

1 Introduction 1.1 Scientific Cooperation Imperative The world is confronted with ever-increasing and intertwined challenges. These challenges include an erosion of social cohesion, the impacts of climate change, and a volatile global economy. International scientific collaboration is critical to tackle complex, global challenges in a resource and capacity strained environment. Science has vaulted into the forefront of our societies as global leaders grapple with G. Jonkmans (B) · C. Murray Centre for Security Science, Defence Research and Development Canada, Ottawa, Canada e-mail: [email protected] K. Wyckoff Department of Homeland Security, Science and Technology Directorate, Washington, D.C., USA © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_9

151

152

G. Jonkmans et al.

unchartered complexity and recognize that pathways forward demand a quality of scientific evidence that is unachievable from within a single organization, government or society. Urgently needed collaboration requires traditional and yet-to-be imagined frameworks. The need and opportunity for science collaboration is unprecedented. The benefits of research collaboration are well documented in the scientific literature per Wagner (2002), and references therein. Beside noticeable gains from accessing new knowledge, resources and facilities, scientific and technical collaborations also create an environment that encourages greater creativity, and can serve as a springboard of mutual influence within the societal context (innovation eco-system, policy environment, etc.)

Planning for interconnections at the local, national, regional and international levels, rather than thinking strictly about a ‘national’ system, will have the greatest pay-off in terms of providing demand for development. C. Wagner, in “International collaboration in science and technology: promises and pitfalls”. (https://www.dhs.gov/sites/default/files/publications/ 2021_0205_csac-jack_rabbit_ii_factsheet_2-5-2021_pr_508.pdf)

1.2 Safety and Security Landscape This book argues (Chaps. 1 and 2) that the safety and security landscape includes unique features. Such as: (a) a highly dynamic environment where the threat environment often outpaces the science and technical solution space and emerging technology solutions can also comprise the threat; (b) involves a number of disciplines and actors be it scientific or operational that include academia, private and public sector, and cut across a spectrum of safety and security decision-makers and operators; and, (c) bounded by national security concerns that require trusted partnerships. This unique landscape warrants further review of scientific literature to advance understanding of how science and technology organizations can position themselves to fully benefit from the advantages of international scientific collaboration.

1.3 Approach This chapter explores one partnership’s approach to build binational organizational collaborative capacity to discover and inspire innovative outcomes that address shared risk within the domains of safety and security. First, it offers a description of the partnership organizations, enabling context for the follow-on discussion. It then looks at the foundational framework used to institutionalize interorganizational

Cross Border Collaboration Models to Support Innovation in Security

153

collaboration in the long-term. This is followed by insights into the applied principles and practices used to incentivize and manage science cooperation and collaboration to achieve outcomes that are relevant to policy and operational end-users.

2 The Partnership The international partnership explored in this chapter is between the United States Department of Homeland Security Science and Technology Directorate (DHS S&T) and Canada’s Defence Research and Development Canada (DRDC), an agency within the Canadian Department of National Defence. Each organization holds a mandate to provide S&T support to national partners across domains such as border security, critical infrastructure protection, law enforcement, emergency management, cyber security, aviation security, and Chemical, Biological, Radiological, Nuclear and Explosive (CBRNE) Security.

The United States and Canada share the world’s longest international border, 5525 miles with 120 land ports-of-entry, and the bilateral relationship is one of the closest and most extensive. (https://www.state.gov/u-s-relations-with-can ada/) Canada and the U.S. share one of the largest trading relationships in the world, with over $1 trillion in bilateral trade in goods and services in 2021. That year, Canada was the largest U.S. trading partner in goods and services. Canada-U.S. trade is built on long-standing binational supply chains, whereby roughly 79% of Canadian goods exports to the U.S. are incorporated into U.S. supply chains. (https://www.international.gc.ca/country-pays/us-eu/relations. aspx?lang=eng) DHS S&T, as the research and development arm of DHS, enables DHS operations through science and technology investments and evidence-based scientific and technical advice with a mission to “enable effective, efficient, and secure operations across all homeland security missions by applying scientific, engineering, analytic, and innovative approaches to deliver timely solutions and support departmental acquisitions” (https://www.dhs.gov/science-and-technology/about-st). DRDC is the research arm of the Canadian Department of National Defence, and through the Centre for Security Science is mandated, in partnership with Public Safety Canada, to invest in science and technology to address the most pressing public safety and security issues facing Canada with the ultimate goal to provide Canadians with a greater resilience to global and domestic public safety and security threats (see, for example, Department of National Defence and the Canadian Armed Forces 2017–18 Departmental Plan, Minister of National Defence Canada, ISSN 2371-7327, 2017). Both organizations have unique approaches to identify safety and security S&T needs and priorities, source S&T solutions to include funding to address those needs, and

154

G. Jonkmans et al.

deliver those S&T solutions to stakeholders. Hence, both organizations depend on an efficient exploitation of the innovation ecosystem to meet their safety and security mission. A vision that implicitly depends on partnership as an accelerator.

3 The DHS S&T/DRDC Cooperative Framework 3.1 Background The partnership between the U.S. and Canada in safety and security research and development is rooted in decades of cooperation. The partnership transitioned to a more formal structure after 9/11, creation of the U.S. Department of Homeland Security, and subsequent S&T collaboration to support both countries’ involvement in the war on terror and homeland security. In 2004, the Governments of Canada and the United States signed a treaty for Cooperation in Science and Technology for Critical Infrastructure Protection and Border Security (CIPABS) that serves as the foundation for current S&T cooperation, with a co-governance framework shared between the Undersecretary of DHS S&T and the Assistant Deputy Minister of DRDC. The Agreement seeks to ensure that our critical infrastructure and border security are trustworthy and resilient through a vigorous program of science and technology including research, development, testing, and evaluation. This foundational agreement provides a blueprint for a cooperative program of research and development that tackles unique aspects of the safety and security landscape. The broad reaching scope of the treaty is a key enabler to the partnership, empowering the two organizations to address existing risk as well as threats not imagined when the treaty was drafted. Types of cooperative activities within the Treaty include, but are not limited to: • • • • • •

Threat, vulnerability and risk assessments; Interdependency analyses; System protection and information assurance; Detection and monitoring; Recovery and reconstitution of damaged or compromised systems; Education, training, and exchange of scientific and technical personnel, equipment and material in science and technology areas including Research, Development, Testing, and Evaluation (RDT&E); • Emergency management (including emergency preparedness, response and consequence management); • Security best practices, standards and guidelines; and • Security of automated infrastructure control systems.

Cross Border Collaboration Models to Support Innovation in Security

155

3.2 Expansion Between 2004 and 2012, the Treaty supported a series of collaborative projects largely focused on advancing science within the CBRNE domains. In 2012, DRDC adopted the new Canadian Safety and Security Program, which broadened the scope of DRDC’s mandate to include law enforcement and a broader range of emergency management threats such as fires, floods, and extreme weather. With a broader scope, and further funding to incentivize innovation, the DHS S&T and DRDC mandates and capacity became further aligned and levels of cooperation and collaboration expanded significantly. An example of this maturing relationship was five CANADAU.S. Resiliency Experiments (CAUSE) conducted from 2010 to 2016 that embraced a collective of bilateral S&T activities in support of the President and the Prime Minister’s partnership aspirations through Beyond The Border: A Shared Vision for Perimeter Security and Economic Competitiveness. This level of activity led to the approval of a personnel multi-year exchange arrangement in 2016. The positioning of executive-level personnel within the chain of command in each organization created conditions for a more robust interorganizational cooperative framework, aligned to the strategic priorities of the organizations, and positioned to be informed by strategic bilateral policy governance bodies. Figure 1 highlights stages the organizations are traversing to further leverage our respective science and technology capabilities for safety and security outcomes.

3.3 Challenges As DHS S&T and DRDC positioned for more creative and bold collaboration, ambitions were hampered by bureaucratic processes and protocols that discouraged staff from pursuing collaborative arrangements. While partnership benefits are significant, they require time and resource commitments. Creating and maintaining effective partnering mechanisms (in the form of skilled staff, legal arrangement processes, collaboration tools) and routinizing basic processes allows organizations to realize full benefits of partnership and reduces burden on individual subject matter experts allowing more time for research and development outcomes.

3.4 Organizational Collaboration Theory The leadership team turned to organizational theory to understand and guide new approaches to enable collaboration. Organizational collaboration has received much attention in academic literature over the past half century, and is often discussed interchangeably with collaborative terms such as ‘multiagency’, ‘partnership’, ‘interagency’, and ‘inter-sectoral’ (Warmington et al. 2004). The focus of theories and

156

G. Jonkmans et al.

Fig. 1 Maturity model

associated research spans the spectrum of organizations to include private industry, non-government organizations, and public institutions and offers a comprehensive look at a spectrum of theoretical perspectives on collaboration and presents a thorough explanation of what motivates organizations to pursue collaborative opportunities even when collaboration leads to a forfeiture of independence in favour of dependency with no formal control. The capacity to collaborate is defined by Hocevar, et al. as, “the ability of organizations to enter into, develop, and sustain inter-organizational systems in pursuit of collective outcomes.” The authors posit that collaboration specifically within the safety and security landscape often occurs in the context of under-designed institutional relationships. They state that leaders and teams must create novel processes, systems, and protocols to mitigate any institutional barriers resulting from unique and partially conflicting missions, goals, and incentives. An interagency design framework can facilitate this process (Hocevar et al. 2006). The Organizational Domains and Factors created by Hocevar et al. that leverage Galbraith as illustrated in Fig. 2, serve as a roadmap for DRDC and DHS S&T to prioritize our collective capacity by aligning and improving processes and systems to reduce barriers and risk and inspire cooperation.

Cross Border Collaboration Models to Support Innovation in Security

157

Fig. 2 Hocevar organizational design

3.5 Binational Framework: Results Oriented The organizational design theory informed a Cooperative Framework captured within a logic model construct. The Cooperative Framework supports oversight and implementation of the CIPABS Agreement and defines activities and outputs needed to achieve immediate and intermediate outcomes that enable a robust, enduring binational program. Efforts are prioritized and supported within the Framework to drive timely, credible, and impactful results that are integral to the safety and security of our respective nations. As illustrated in Fig. 3, the DHS S&T and DRDC Cooperative Framework comprises three streams of effort centered on (1) understanding and validating binational policy and operational stakeholder needs; (2) incentivizing and enabling collaborative or complementary investments in solutions; and (3) navigating solution transition and exploitation with our stakeholders. The approach balances science collaboration with key activities such as lateral processes to ensure flexibility and adaptability to enable the organizations to pivot and address emerging and pressing safety and security challenges (i.e., COVID-19). This Cooperative Framework drives organizational goals that promote stronger alignment as we pursue R&D outcomes aligned with U.S. and Canada safety and security priorities: • Position our organizations as trusted science advisors and key resources for domestic and bilateral policymakers, decision-makers, and operators on issues of significance.

158

G. Jonkmans et al.

Fig. 3 Cooperative framework

• Institutionalize binational relationships by synchronizing DHS S&T and DRDC international agreement management, requirement cycles, investment planning, stakeholder engagement, risk and foresight approaches, and related programs and processes. • Advance Joint RDT&E capacity through the integration of core science capabilities and infrastructure such as innovation programs, academic programs, T&E capabilities, laboratory research, etc.

4 Framework Implementation: Applied Principles and Practices Implementation of the Cooperative Framework requires regard for the social, behavioral and cultural influences within each organization. The Cooperative Framework is only successful if scientists and skilled program staff are incentivized and nurtured to support implementation. The following sections outline the principles, practices, and approach employed to encourage the uptake and sustainment of a DHS S&T and DRDC Cooperative Framework: • Principles: Trust, Consensus & Agility • Practices: Building on Success • Expansion: Bilateral and Multilateral.

Cross Border Collaboration Models to Support Innovation in Security

159

4.1 Partnership Principles: Trust, Consensus and Agility Outlined here are underlying principles of cross border collaboration: building trust, building consensus, and building agility. These principles contribute to an environment founded on communities with a shared vision and appreciation of the security environment, be it at the political, operational, or research community level.

4.2 Building Trust Networks of communities have existed since the dawn of time. Simply put, they are informal or formal social constructs of individuals who share common goals. Over the last few decades, social scientists are deciphering the structural elements of these communities and their ability to empower and inform more structured and official organizations (Wenger 1998, 2000; Constant 1987; Orr 1990). They repose on a mutual engagement of, in our case, the safety and security communities, and span a wide range of competencies, from operators to academics and policy makers, that seek to inform the science and technology investment in public safety and security (Fig. 4). In addition to their dynamic attributes to provide access to knowledge and expertise wherever it resides, whenever it is needed, these networks of communities play a key role in building relationships and trust and seeding Canada—U.S. cross border collaboration to support innovation in safety and security. This was achieved through the legitimate peripheral participation of extra-national subject Fig. 4 Evolutive principle of our partnership

160

G. Jonkmans et al.

matter experts (Canada to U.S. and U.S. to Canada) in key areas that are foundational to research and development that include risk, operational (i.e., Novichok nerve agent analysis), and policy analysis, investment decisions, sharing of operational data and shared deployment at major international events (Quayle 2010). Hence, we see how networks through mutually beneficial collaborative activities build trust over time among Canada—U.S. subject matter experts and operators and create an environment that allows confidential consultation, broaden the appreciation of the threat space, and increases dynamic access to expertise.

4.3 Building Consensus Over the last decades Canada and the U.S. safety and security pool of informal subject matter expert networks (cyber-security, CBRN, first responders, intelligence, etc.) have helped produce an environment to form consensus. As noted in the scientific literature (see for example (Wenger 1998)), the knowledge creation of constellations of interconnected communities of practice can ultimately form transformative and strategic relationship to official organizations, if they are exploited and nurtured by organizations. The work of Wagner gives hints to that effect (see for example (Wagner 2006)) but agnostic to the topical areas. In the safety and security landscape, DRDC and DHS S&T recognized underlying informal consensus around key research and development needs and established a shared vision and plan to catalyze and further enable these nascent informal bilateral connections.

4.4 Building Agility As discussed previously, the security landscape presents a highly dynamic and multidisciplinary environment that, in response, requires an agile stance. In many ways, building agility in addressing binational S&T issues shares many of the organizational objectives of a national program: assure timely decision in the development and implementation of joint initiatives, provide timely support to ensure efficient transition of technical solutions, accelerate access to innovation platforms, and keep pace with the rapid evolution of technology, are but a few examples. What differs here, however, is the duality that exists between the supporting bodies (DRDC and DHS S&T in this case): both organizations have their own programs, built up their own specific entities, and have different political/policy instruments. To address this and break down those barriers, our organizations have sought a more integrated partnership that take us beyond the support of independent initiatives. As we contemplate actions required to break down organizational barriers to increase agility and trust, it became evident that we needed to tackle this dichotomy. We therefore are taking actions grounded in interorganizational collaborative theory that

Cross Border Collaboration Models to Support Innovation in Security

161

will position us to integrate and institutionalize bilateral processes so we can more easily leverage our resources. The next sections explore more specifically how DHS S&T and DRDC seek to build upon decades of partnership founded on trust and consensus to improve the collective ability to more quickly and effectively collaborate on issues of bilateral significance.

5 Partnership Practices: Building on Success DHS S&T and DRDC have a history of fruitful collaboration founded on the principles of trust, consensus, and agility honed over decades of executing joint R&D projects. DRDC and DHS S&T seek to further evolve our partnership to fully leverage our bilateral innovation eco-system. Building on the synergies between the two organizations, DRDC and DHS S&T can position RDT&E to mature the partnership and advance the strategic influence of the work. The organizations can take stock of successes and through increased senior-level dialogue and strategic goals pursue stronger R&D organizations individually and collectively. The following highlights demonstrate the depth and breadth of cooperation over the past 15 years that DRDC and DHS S&T will leverage as we move into the next phase of our partnership: • Canadian Safety and Security Program (CSSP) Communities of Practice (CoPs): The CoPs contribute knowledge and S&T in support of the Federal objectives in public safety and security. They also provide guidance during the strategic planning by providing evidence-based advice on programmatic issues. Members of the CoP are not limited to representatives from Federal departments but extend to all subject matter experts (SMEs) who are active in the public safety and security domain, including trusted safety and security partners from the United States. • US—CA Cyber Security Research: Joint development of new tools and techniques to allow for better critical infrastructure protection and mitigation tactics. Several of the technologies, such as the Code Dx, have since been further developed and commercial offerings broadened • 2017—Jack Rabbit II (https://www.dhs.gov/sites/default/files/publications/ 2021_0205_csac-jack_rabbit_ii_factsheet_2-5-2021_pr_508.pdf): A series of nine (9) chlorine field release experiments, including a catastrophic 20-ton chlorine release from an industrial tanker truck vessel, conducted in partnership with DTRA and Canadian government. Over 11 K files will be shared with partner agencies and used to inform and support improvements in industrial safety, hazard prediction modeling, and emergency response in the event of accidental or deliberate large-scale chemical releases. • US- Canada Security Cutter Technology Development (Coast Guard Polar Security Cutter 2019)—Collaborative development, test and evaluation of baseline

162

•

•

•

•

G. Jonkmans et al.

requirements and industry developed designs for the US Coast Guard acquisition of Security Cutters. Canada-U.S. Enhanced (CAUSE) Resilience Experiment Series (https://www. dhs.gov/sites/default/files/publications/IAS_CAUSE-V-FactSheet_170817-508. pdf)—Series of technology demonstrations on a range of first responder technology to enable enhanced, situational awareness along US-CA border with participation of federal, state/provincial, and local first responders and operators. Float Down—Provided, demonstrated, and assessed cost-effective, rapidly deployable, cross-border capabilities for real-time Shared Situational Awareness between Canada and the U.S. to enhance cross-border interoperability, emergency responsiveness and maritime safety. Trace Explosives Detection Systems Standards—provide DHS S&T Trace Standard Set to Canada Border Services Agency (CBSA) to evaluate and validate detector performance of screening systems under evaluation. Improves understanding of the effectiveness of technologies designed for the screening of explosives through the chemical and physical nature of the threats, and it will improve training and evolve best practices for screener performance. The ultimate goal is to increase detection probability of explosives in cross-border traffic and prevent possible terrorist attacks using explosives. Enabling Secure Access of Integrated Multi-Domain Enterprise (IMDE) Data Sharing Technology—support the response to border control operations by allowing for a data sharing mechanism to exchange radar track data that will enhance the Canadians’ ability to secure their border and interdict illicit activities that increased due to the reallocation of Canadian and U.S. border security resources to respond to COVID-19. Evaluating the system’s capability to enhance situational awareness to assist in the detection, assessment and support of coordinated responses to marine security threats or incidents.

DRDC and DHS S&T leverage these experiences to expand our ability to individually provide science and technology solutions and advice to address significant safety and security challenges.

5.1 Next Phase (North Star) DRDC and DHS S&T envision a transformational partnership with a binational S&T program that is integral to U.S. and Canadian domestic safety and security centred on mission relevance, direct linkage to strategic policies and processes, and fully coordinated investment planning (Fig. 1). This acceleration is attributed to the creation of senior liaison positions in 2017. Dedicated staff, including liaison, from each organization provide the ability to focus on practices that work well and highlight and build upon those practices across the organizations. These positions also increase exposure and understanding of overarching Canada and U.S. policy drivers and operational challenges and opportunities to directly connect R&D resources and

Cross Border Collaboration Models to Support Innovation in Security

163

expertise to those challenges to amplify impact and the transition of knowledge and technology.

5.2 Expanded Partnership: Bilateral and Multilateral With a strong bilateral Cooperative Framework, DRDC and DHS S&T are positioned to leverage, influence and contribute to other bilateral and multilateral partnerships. Other partnership mechanisms also provide continual R&D collaboration lessons learned and best practices.

6 Conclusion This Chapter presented an evolving model of cooperation and collaboration between the U.S. and Canada that aims to accelerate the development of S&T solutions for public safety and security. We outlined principles that require particular emphasis in the security landscape, i.e., the necessity of building trust, consensus and agility. This approach has allowed us over the years to push the boundary of our cooperation to the level of an institutionalized binational relationship as we synchronize DHS S&T and DRDC requirement cycles, investment planning, stakeholder engagement, risk and foresight approaches, and related programs and processes. Naturally, this collaboration allows us to do more with the same resources—and expand our reach into the innovation community to address challenges of shared concern, and it allows us to exercise mutual strategic influence over complex safety and security challenges.

References Coast Guard Polar Security Cutter (2019) (Polar Icebreaker) Program: background and issues for congress, congressional research service report, p 14, updated 15 Feb 2019 Constant E (1987) The social locus of technological practice: community, system, or organization? In: Bijker WE, Hughes TP, Pinch TJ (eds) The social construction of technological systems. MIT Press, Cambridge MA, pp 223–242 Hocevar SP, Thomas GF, Jansen E (2006) Building collaborative capacity: an innovative strategy for homeland security preparedness. In: Innovation through collaboration advances in interdisciplinary studies of work teams, vol 12, pp 255–274 Orr J (1990) Sharing knowledge, celebrating identity: community memory in a service culture. In: Middleton D, Edwards D (eds) Collective remembering. Sage Publications, Newbury Park, CA, pp. 169–189 Quayle D et al (2010) Developments in radiological-nuclear support to security through the Canadian CBRNE Research and Technology Initiative (CRTI). In: Third European IRPA congress, Helsinki Finland

164

G. Jonkmans et al.

Wagner C (2002) Science and foreign policy: the elusive partnership. Sci Public Policy 29(6):409– 417 Wagner CS (2006) International collaboration in science and technology: promises and pitfalls, Science and Technology Policy for Development, Dialogues at the Interface published by L. Box and R. Engelhard, Anthem Press, London UK Warmington P, Daniels H, Edwards A, Brown S, Leadbetter J, Martin D, Middleton D (2004) Learning in and for Interagency Working: conceptual tensions in ’joined up’ practice, Paper presented at Teaching and Learning Research Programme Conference. Wenger E (1998) Communities of practice: learning as a social system, published in System Thinker Wenger E (2000) Communities of practice and social learning systems, SAGE social science collection, Organization 2000, vol 7, pp 225–246

Paramedic Portfolio Innovation Doug Socha, Michel Ruest, and Gregory Furlong

Abstract This chapter summarizes the innovation and provides a summary of the Paramedic Program Management activities under the Defence Research and Development Canada’s Center for Security Science (DRDC CSS). The content is organized around collaborative activities with federal government departments, international partners, and DRDC CSS supported projects. All activities align with specific Science and Technology (S&T) requirements of DRDC CSS as well as the Paramedic Community of Practice S&T research priorities. This document is meant to be illustrative and provides a general overview of the diverse activities of the Paramedic Portfolio Manager since its inception. The document serves as a historical record of activities and it is anticipated that it will be utilized as supporting documentation for future operational, logistical, human resource, and community resilience S&T endeavours that will address future Paramedic Community of Practice identified gaps and inform policy. Keywords Paramedic · Innovation · Safety and security

1 Introduction 1.1 Overview The Department of National Defence (DND) and Public Safety (PS) Canada recognize the importance of collaboration with the Paramedic Community in addressing Canada’s national public safety and security objectives.1 In 2013, the Paramedic 1 Foreword by Mark Williamson, Director General, DRDC CSS in Canadian Safety and Security Program: Paramedic Review Report 2012–2017, by Michel Ruest and Elena Nicolinco, unpublished.

D. Socha · M. Ruest · G. Furlong (B) Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, Canada e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_10

165

166

D. Socha et al.

Services portfolio was created by Defence Research and Development Canada, Centre for Security Science’s (DRDC CSS) to help manage paramedicine-focused S&T investments. Through Interchange Canada, the portfolio managers have been recruited from within the ranks of the paramedic community, ensuring that the occupant of the position had first-hand experience working on the front lines as well as in leadership positions in paramedic services. This strategy helped provide an important bridge between the Federal Government and the Canadian paramedic community and ensured the formulation of S&T investment priorities that were relevant and impactful to the operations, programs, and policies of the paramedic community.2 ,3 The Paramedic portfolio comprises research projects that benefit the paramedic community. The portfolio manager oversees the implementation of these projects to make sure that the projects outputs have the required quality, relevance, and coherence with the strategic objectives of the CSSP.4 This chapter outlines projects and initiatives, carried out between 2013 and 2021. While activities during this period fulfills specific Paramedic CoP S&T research priorities, the benefit reaches beyond the paramedic community and contributes to community resilience in Canada.

1.2 Significance for Safety and Security The Paramedic Portfolio Manager position has allowed for the sharing of information between the federal government and the Canadian paramedic community. The position provides opportunities to expose operational, logistics and human resource environments to the key decision makers within DRDC and hence a greater understanding of the priorities of the Canadian paramedic community. The Paramedic Community of Practice (CoP) contributes knowledge and expertise to support advancements in Canada’s ability to: • Ensure the safety of paramedics while maintaining the highest patient care; • Understand new and existing technologies and standards for human health and paramedicine; • Make informed decisions around community health and safety; and • Support the development and transition of new S&T that addresses paramedic service issues.5 2

DRDC-RDDC-2014-C192, June 2014. Canadian Paramedic Services Standards Framework: A Strategic Planning Report. 3 CSSP-2013-CD-1092 Paramedics Research Program Leveraging Guide, March 2013. 4 The current CSSP focus areas are: (1) operator capability; (2) seamless borders; (3) critical infrastructure; and (4) community resilience. 5 CSSP Communities of Practice (CoP) are groups of subject matter experts (SME) who share a common interest in each area of expertise and work together to facilitate knowledge-sharing and collaboration. An essential element of CSSP, CoPs provide access to a rich pool of knowledge and experience to support new or enhanced S&T knowledge and capabilities and provide advice in the development of evidence-based policy, decision-making, and operational and strategic planning. Found at https://science.gc.ca/eic/site/063.nsf/eng/h_D31527CE.html#X-2016091209255011.

Paramedic Portfolio Innovation

167

A key element of the CSSP efforts from its inception was to establish and maintain a strong relationship with the tri-services (Police, Fire and Paramedic). The Paramedic CoP continues to provide the involvement of stakeholders from its’ operational community in order to maintain this strong relationship. The Paramedic CoP representatives are purposefully integrated in the CSS organizational structure to not only provide Subject Matter Expertize (SME) and experience but also to collaborate with representatives from the various other CoPs allowing for linkages between S&T/policy and operators, which ensure requirements are captured and S&T knowledge uptake is sustained.

1.3 Background The Paramedic CoP was formed in late 2012, with an inaugural meeting held in March 2013. The Paramedic CoP is modeled after several other professional/functionbased CoPs and comprises multiple organizations within the paramedic domain. The Paramedic CoP contributes to the public safety and security, and the Canadian National EMS Research Agenda in Canada,6 by performing the following functions7 : • Identify operational and/or policy gaps that warrant research, investigation, scientific analysis, or the building of collaborative networks to develop solutions. • Prioritize the operational and/or policy gaps through an analysis that aligns the needs of the paramedic services within the scope of the annual CSSP Planning process and associated investment instruments. • Influence the development and implementation of solutions to the operational/policy gaps that are relevant to the community and meet operational and/or policy requirements within the scope of the project charter. • Disseminate/Transition the program outputs to the national stakeholders to ensure the full potential of the new knowledge or technology is realized; and • Assess the impact of Program outputs upon the community, in line with CSSP established values and metrics, and use the assessment results to inform future planning. The Paramedic CoP’s mission is “to further Paramedic research within the context of CSSP research priorities” and its mandate is “to develop professional specific research priorities and to contribute to the CSSP and the achievement of their goals and objectives”.8 6

The National EMS Research Agenda identified recommendations for paramedic research. See: national-research-agenda-non-ineractive.pdf (paramedicchiefs.ca). 7 As per the DRDC Centre for Security Science: Organizational Roles, Responsibilities and Accountabilities (2013) and found in the reference document: Developing the CSSP Planning Process, March 2017, DRDC-RDDC-2017-D018, authored by Brian W. Greene, DRDC—Centre for Security Science. 8 The Paramedic CoP Mission and Mandate statements obtained from the Terms of Reference vented through the CoP in 2017.

168

D. Socha et al.

The Paramedic Portfolio Manager is a member of the Paramedic CoP and acts as a liaison between DRDC CSS and the Paramedic CoP. The research priorities of the Paramedic CoP evolve over time and are re-evaluated to reflect current and emerging gaps. Several sources have provided strategic direction to priority setting and review including: • Paramedic Chiefs of Canada (PCC) 2006 White Paper strategic goals; • Paramedic Association of Canada (PAC) 2016–2018 and 2018–2020 strategic goals and mission statement9 ,10 ; • National Research Agenda for Emergency Services in Canada (2012)11 ; • Canadian Paramedic Services Standards Report: A Strategic Planning Report (2012)12 ; • Gap Analysis for Emergency Medical Services (EMS), Science and Technology Research13 • 2013, 2014, 2015 and 2017 Paramedic Community of Practice priorities14 ; and the • Canadian Safety and Security Program’s four focus areas.15

9

The 2018–2020 strategic plan can be found:https://paramedic.ca/documents/Strategic-plan/PAC 2018-2020StrategicPlan2018November17boardapproved.pdf. The PAC’s 2016–2018 high level strategic goals are: (1) providing member services; (2) improving professional practice; and (3) promoting the paramedic profession. See: http://pac.in1touch.org/document/2346/2016%20Stra tegic%20Plan.pdf. 10 The PAC’s 2018–2020 mission statement is to advance the paramedic profession throughout Canada. The PAC will also promote collegiality and advocate for the professional interests of paramedics. PAC is the national voice of paramedicine which supports paramedics in providing high quality health care to patients. PAC represents over 20,000 paramedics across Canada. See: https://pac.in1touch.org/document/4862/PAC2018-2020StrategicPlan2018November17board approved.pdf. 11 The National EMS Research Agenda identified recommendations for paramedic research. See: national-research-agenda-non-ineractive.pdf (paramedicchiefs.ca). 12 The final report of CSSP-2012-CD-1044 EMS National Standards Strategy, the Canadian Paramedic Services Standards: A Strategic Planning Report was the result of bring together experts from the Canadian Paramedic Community to develop a roadmap and strategic direction for the coordination and development of the standard. The goal of the document is to provide a comprehensive report to advance the standards environment to meet the current and future needs of the Canadian Paramedic Community. The standard identified 8 main elements that formed the basis for future research and analysis. 13 CPRC Project #09-1076. 14 The Paramedic Community of Practice has created a Business Plan document that is updated on a regular basis. The document captures past priority setting exercises and outlines current gaps and needs of the paramedic community. 15 The current CSSP focus areas are: (1) operator capability; (2) seamless borders; (3) critical infrastructure; and (4) community resilience.

Paramedic Portfolio Innovation

169

The 2006 PCC’s White Paper strategic goals is currently being updated,16 and there has been an identified need to renew the 2012 Canadian National EMS Research Agenda for Emergency Services in Canada. Work is underway to re-write the Canadian National EMS Research Agenda to take into consideration advancements in technologies while taking into consideration operational, clinical, and the well-being of paramedics as research priorities. Additionally, priority setting is informed through research projects that have been completed for the purpose of understanding and identifying priorities for the Paramedic service in Canada, such as the Gap Analysis for EMS S&T Research17 Through analysis of the gaps in policy and operations, identified through a broad and proactive engagement across the portfolio stakeholders, the Paramedic Portfolio has identified five key categories that served as priority domains over the 2018–20 year cycle.18 These include: • Emerging technologies: identified in the 2012 EMS S&T gap analysis, the everchanging technological landscape is important to the Paramedic CoP. One significant technology includes Public Safety Broadband Network (PSBN), which will support communication requirements in complex operating environments by realizing real-time connection between multiple responder agencies in an array of environments. • Complex operating environments: new technologies can help tackle the increased complexity of paramedicine practice. The paramedic CoP identified the need to prioritize research on the implications of increasingly complex operational environments, examples of which include major events, mass casualty incidents, lockdowns, bioterrorism, pandemics, and climate change realized with natural disasters and extreme weather. • Community paramedicine: first identified in 2014 as a research priority, this topic was reaffirmed in the latest CoP meeting. Community paramedicine shares in a holistic health care model in which paramedics support health promotion to ensure safer and healthier communities. • Evidence-based practice: a research priority in 2013, specifically evidence-based training and clinical protocols, were reiterated with the CoP in the latest meeting. There is a desire to build and deploy a Canadian evidence for paramedicine, including the creation of new operational standards and strategies for monitoring urgent paramedic operations issues. 16

The PCC have engaged Canadian paramedic researchers to revisit and update the White Paper. Calls for nominations to individuals, literature review and environmental scan that informed the content of the white paper were conducted in 2019 (see https://www.paramedicchiefs.ca/paramedicchiefs-of-canada-pcc-white-paper-seeking-nominations/). The result is the “Paramedic Chiefs of Canada White Paper: Discussion on 10 guiding principles for Paramedicine in Canada”. A presentation overview can be found at https://firstwatch.net/paramedic-chiefs-of-canada-white-paper-upd ate-to-pcc-members/ 17 http://www.premergency.com/media/consultancy/GapAnalysisFINALreportDec2012Web.pdf. 18 More detail of each of the research priorities identified below can be found in the Paramedic Community of Practice—Business Plan—2017.

170

D. Socha et al.

• Occupational health and safety: research to understand and mitigate ongoing and emerging occupational health and safety hazards for paramedics was identified by the CoP as a priority in 2015 and reaffirmed in 2017. The context of responding safely to the current COVID-19 pandemic as well as to the Canadian opioid crisis illustrates the need for research in wearable technologies that can increase first responder safety, for example by equipping personal protective equipment (PPE) and uniforms with sensors to assist with pathogen identification or with identification of harmful substances such as Fentanyl. Paramedic mental health is also an ongoing issue in paramedicine health and safety with a lack of dedicated research.

1.4 Strategic Framework to Inform Decision Making and Priorities

Federal Government Collaborations Federally, the paramedic portfolio manager has maintained and/or created relationships with several departments, which led to partnerships on projects in the paramedic services portfolio. Relevant engagements with federal government departments, and some of the projects that resulted from those partnerships, are listed below: • Public Safety Canada (PS) – Working with PS, CSS collaborated on identifying gaps in First Responder Health & Wellness. As a result of this collaboration, Violence Against Paramedics was identified as a topic for a Centre for Security Science Targeted

Paramedic Portfolio Innovation

171

Investment project with the Paramedic Chiefs of Canada as the lead organization. The objective of this research is to develop an understanding of the experience of violence experienced by paramedics, particularly the physical and psychological consequences, as well as understanding what training is currently implemented, frequency with which it is implemented, and perceived efficacy. The new project intends to develop research evidence and share across the sector to inform employers, educators, policy makers, and the public at large, and ultimately translate into a safer, healthier, and better work environment for paramedics across Canada.19 • Transport Canada (TC) – The CSSP-2018-TI-2398 ‘Develop Recommendations for Canadian UAV Operator Competency Requirements for Emergency Services (Tri-Services)’ project involved the partnership of Transport Canada, the Paramedic Association of Canada, and the Canadian Standards Association. The project involves the development of performance-based requirements to inform the Canadian unmanned aerial vehicle (UAV) Operator Competency regulations for first responders with a focus on ‘low altitude, short range beyond visual line of sight’ operations. Emergency services have a mandate to develop these types of operations but are unable due to the lack of federal regulations. This project focuses on operator capabilities and addresses the intermediate outcome of positioning the public safety and security community to use and sustain knowledge and technologies. This will be achieved by providing the community with proposed standards by which to conduct UAV operations safely, thereby leveraging a key new technology to achieve their missions. • Health Canada (HC) – Under the umbrella of the Canadian Standards Association, Health Care & Well-Being, and supported by Health Canada, Substance Use and Addictions Program (SUAP), the Paramedic Association of Canada led the development of the CSA Z1650:21, Paramedic response to the opioid crisis: Education and training across the treatment and care continuum in out-of-hospital and community settings.20 The standard provides a comprehensive framework for the paramedic response to the opioid crisis. The framework helps guide paramedic service organizations in addressing health promotion, prevention, harm reduction, and treatment of opioid use, poisoning, and overdose in out-of-hospital and community settings. • Health Canada (HC) and Public Health Agency of Canada (PHAC) 19

CSSP-2021-TI-2507 Canadian Study of Violence against Paramedics Charter is currently being developed. 20 The CSA Z1650:21 Paramedic response to the opioid crisis: Education and training across the treatment and care continuum in out-of-hospital and community settings is available on the CSA Store at https://www.csagroup.org/store/product/CSA%20Z1650%3A21/?utm_medium= flyer&utm_source=stakeholder&utm_campaign=Z1650-SD-PDF-Z1650-01182021.

172

D. Socha et al.

– A number of Federal Department representatives as well as national emergency response organizations participated in a two-day Health Portfolio AllHazards Risk and Capability Assessment exercise. HC and PHAC representatives reached out to several stakeholders looking for feedback on their current documentation that included (a) Risk Assessment Scales; and (b) Capability Assessment Scales as it relates to Fentanyl Intentional Scenarios. This fentanyl risk and capability assessment forms part of the Health Portfolio All-Hazards Risk and Capability Assessment Methodology. The objective of the Capability Assessment exercise is to provide sufficient analysis to support decisions and inform investment prioritization. • Through the Post-Traumatic Stress Disorder (PTSD) Interdepartmental Working Group made up of representatives from Veterans Affairs Canada, Department of National Defence, Centre for Addiction and Mental Health, Canadian Border Services Agency, Canadian Institute for Health Research, Health Canada and Public Agency of Canada, the Paramedic portfolio manager participated in the development of the National Conference on PTSD: Working together to inform Canada’s federal framework on PTSD, held in Ottawa on April 9–10, 2019. The conference brought together over 200 participants including government representatives and pan-Canadian health organizations, representatives of occupational groups at risk of PTSD, indigenous groups, and individuals living with PTSD.21 The goal of the conference was to engage in meaningful dialogue on issues pertaining to the priority areas identified in the Federal Framework on Post-Traumatic Stress Disorder Act.22 • Ingenious Services Canada – The portfolio manager has established regular liaison with the Ingenious Services Canada Paramedic Chief Lead, ensuring consistent dialog and sharing of information on respective activities. Because the Indigenous Services Canada Paramedic Chief Lead position has only been in existence for eight months, limited collaborative efforts were realized. • Innovative Solutions Canada (ISC) Program 21

The two-day conference was convened by the Honourable Ginette Petitpas Taylor, Minister of Health, in collaboration with the Honourable Ralph Goodale, Minister of Public Safety and Emergency Preparedness, the Honourable Harjit S. Sajjan, Minister of National Defence, and the Honourable Lawrence MacAulay, Minister of Veterans Affairs. 22 Two conference documents were produced by the Government of Canada including “National Conference on PTSD: Working together to inform Canada’s federal framework on PTSD— What We Heard Report” which highlight how the conference provided an opportunity to share knowledge, experiences, and perspectives to help ensure that the federal framework on PTSD will support the needs of those who are most affected. Participants engaged in discussions on sharing best practices, increasing awareness, improving data to address knowledge gaps, and engaging in research to better support those with PTSD. An overview of the conference can be found at https://www.canada.ca/en/public-health/topics/mental-health-wellness/post-traumatic-str ess-disorder/federal-framework.html In addition, the “Federal Framework on Posttraumatic Stress Disorder: Recognition, collaboration and support” found at https://www.canada.ca/en/public-hea lth/services/publications/healthy-living/federal-framework-post-traumatic-stress-disorder.html.

Paramedic Portfolio Innovation

173

– The ISC Program objectives are to the development and adaption of technological innovation in Canada while growing Canadian companies and providing federal government departments with opportunities to develop new capabilities. The hybrid innovation procurement involves a three phased approach that funds (a) proof of concept; (b) proto-type development; and (c) pathway to commercialization. DRDC CSS posted two challenges through the ISC Programs that addressed Paramedic CoP S&T research priorities, specifically: Advanced Decision Support for First Responder Command and Control and the Logistics and Resource Management of Emergency Response Assets.23 The portfolio manager informed the development of the Logistics and Resource Management of Emergency Response Assets challenge statement and acted as the Project Integrator Role for 4 of the funded projects.24 • National Research Council (NRC), Industry Research Assistance Program (IRAP) – In April of 2020, DRDC CSS participated in the DISRUPT COVID-19 rapid response initiative. Led by NRC IRAP, this rapid response initiative involved 167 representatives from 9 federal departments and enabled the Federal Government to quickly come together to accelerate the adoption of technologies from Canadian small and medium sized businesses’ that could help combat COVID-19. The Government of Canada DISRUPT COVID-19 virtual forums’ premier goal was to get technologies on the ground helping patients and health care professionals as fast as possible. • DRDC CSS COVID-19 Response – In parallel to this ‘whole of government’ initiative, DRDC was tasked with identifying Covid-19 related departmental priorities. DRDC reviewed current and proposed COVID-19 projects and reached out to the community to obtain input into the following focus areas:

23

The ISC Program received 39 responses to the Advanced Decision Support for Responder Command and Control. DRDC CSS support 5 proposals through the first phase of the ISC Program Hybrid innovation procurement process. The Logistics and Resource Management of Emergency Response Assets received 25 responses with DRDC CSS supporting 6 proposals. 24 The Project Integrator Role has three main responsibilities including: (a) To be the Science and Technology (S&T) interface for the contractors to help increase their understanding of Public Safety and Security domain; (b) to provide a scientific assessment on each contractual submission; and (c) to provide insight on the S&T advances achieved and how they might be advanced. Logistical responsibilities include (a) integrators being familiar with the specific challenge and the awarded projects; (b) review the contract forwarded by DRDC procurement; (c) after the contract is in place contact the contractor with an introduction e-mail and arrange a kick-off meeting as required; (d) for any meetings with the contractor include the DRDC Procurement authority; and (e) integrators must not redirect, influence the direction, or modify the scope of an innovators project. At the project conclusion, prepare a Science Brief summarizing the advances during the project including recommendations of the assessment of the need for continued funding in Phase 2 (Prototype Development) and where the S&T solution might feed into DRDC and specifically the Paramedic CoP innovations programs/priorities.

174

D. Socha et al.

How might we decontaminate PPEs & field gear for reuse by front line responders? How might we develop processes and methods to sanitize enclosed work environments safely and rapidly with sensitive equipment and sensors? How can Virtual Home and Community Monitoring be enhanced? Feedback from the Paramedic CoP was reviewed to better understand the gaps and create challenge statements that solicited appropriate solutions. The Paramedic portfolio enabled collaboration with several Federal Government departments inclusive of HC, PHAC, ISC, PS, and NRC IRAP to address the COVID-19 emerging issues. Efforts to reach out to the Community of Practice have resulted in several responses for each of the above-mentioned areas of interest.25 Three additional focus areas were included in the COVID-19 discussions within the DRDC and included (a) Surveillance and Mapping; (b) post-COVID-19 mental health26 and (c) SAVE project proposal.

25

Sanitization: Three submissions were received, and the Paramedic Portfolio Office created a fourth submission to inform the challenge statement. The submissions represent specific focus on N-95 decontamination and re-use to general prevision of decontamination as well as both land and aeromedical perspectives. Although there was specific reference to AGMP in the submissions, I have requested that this criterion be considered when creating the challenge statement. PPE decontamination: To inform how the decontamination of PPEs & field gear for reuse by front line responders, three separate submissions were received by the paramedic portfolio office. The submissions included both land ambulance and aeromedical environments. In addition, the paramedic portfolio office created a fourth submission, specifically focusing on N-95 decontamination and re-use. Virtual Monitoring: Four separate submissions were received from our Community of Practice representing programs from the East Coast (NB), Ontario, the West Coast (BC) and finally a PAC proposal, which provided a national perspective. Considering the clearly defined gaps and well-articulated opportunities captured in the four submissions, the Paramedic Portfolio Office did not complete a submission. BCEHS provided a resource document outlining the current efforts in virtual home visits considering the COVID-19 situation (Background information also available from Telus Media release at https://www.canhealth.com/2020/04/29/telus-expands-home-healthmonitoring-solution-in-bc/). 26 To prepare for future federal government Mental Health research opportunities, I have reached out to our SME experts (Nick Carleton, Renee MacPhee, Elizabeth, and Amid Yazdani) to create recommendations on behalf of our Community of Practice. The following research questions were identified for review and consideration: • Investigate the impact of COVID-19 on the physical and mental demands of Canadian FR and strategies to mitigate adverse effects and outcomes. • Improve resiliency and capacity of FR organizations to effectively respond to public health crisis. • Develop a unified approach for emergency response systems to effectively respond to pandemic or public health crises.

Paramedic Portfolio Innovation

175

1.5 International Collaboration Efforts Internationally, the portfolio manager has maintained collaborative relationships and participated in engagement opportunities with US partners: • American Pharmaceutical Based Agents (PBA) Workshop – The American PBA Workshop, U.S. Army Medical Research Institute of Chemical Defense USAMRICD, took place at the Aberdeen Proving Grounds, Maryland, on May 7–9, 2018, under the theme “Clinical Response: Opioid Overdose”. The focus of the PBA Workshop was to share current practice in both Canada and the United States of America. The paramedic portfolio manager presented a perspective on an Ontario paramedic response to the opioid crisis that included current response and decontamination capabilities, existing personal protective gaps, and potential future opportunities to collaborate with first responder agencies as well as social and health stakeholders in a coordinated Opioid response effort. • Artificial Intelligence for Paramedics—AUDREY – The U.S. Department of Homeland Security (DHS) Science and Technology (S&T) Directorate partnered with the National Aeronautics and Space Administration’s (NASA) Jet Propulsion Laboratory (JPL), to apply JPL’s artificial intelligence system to first responder capability gaps. The Assistant for Understanding Data through Reasoning, Extraction, and sYnthesis (AUDREY) uses innovative reasoning systems and Artificial General Intelligence (AGI) technologies to perform data fusion and provide situational awareness information for first responders. In June 2019, a field experiment applied AUDREY in series of operational use cases. The AUDREY Hastings Experiment (AHE) was held in Hastings County, Ontario (ON) with the Hastings-Quinte Paramedic Service (HQPS) acting as the principal participating paramedic response agency. The experiment tested the potential for AUDREY to improve patient outcomes by supporting paramedic assessment and treatment during medical calls. AHE was designed to both demonstrate the benefit provided by AI for paramedic emergency response operations and to foster continued cooperation between DHS S&T and DRDC CSS in the development of emergency response technology solutions. • Advanced Decision Support for Public Safety Goals – The First Responder and Detection Collaboration is an effort of DRDC CSS and DHS S&T to identify mutually beneficial activities including: Support Paramedic Services/EMS with simulation technologies; Improve capabilities to manage logistics and allocate resources for response to Mass Causality Incidents (MCI); Distracted driving and safer responder vehicle operations;

176

D. Socha et al.

Sharing S&T research on physiological monitoring of operators; Integrate capabilities to improve urban Search and Rescue (USAR) response; and Integrate capabilities to enhance Wildland Urban Interface (WUI) fire response. Each of these activities are supported by identifying key activities, partners, and resources; value proposition, buy-in support, beneficiaries, transition, budget, and costs and finally mission achievement and impact factors.

1.6 CSSP Paramedic Projects Since 2013 there have been three (3) Paramedic Portfolio Managers integrated with the team at DRDC CSS, the research initiatives are aligned around community development projects with over $8 million allocated to paramedic research investments. The projects managed from 2016 to 2021, completed projects between 2013 and 2016, as well as remaining gaps/challenges are grouped along four themes: • • • •

Evidence based practice/Standards Development; Paramedic Health and Wellness; Community Paramedicine; and Situational Awareness. Evidence-Based Practice/Standards Development

CSSP name

Description of project

Main partners involved Project start and end in project dates

2016–2020 Projects in progress or completed CSSP-2018-TI-2398 Development of UAV Emergency Operator Recommendations

Project will develop recommendations for Canadian UAV Operator competency requirements for ES which will be forwarded to Transport Canada for legislative consideration

Transport Canada, Paramedic Association of Canada, and the Canadian Standards Association Group

This project started April 2019 and was completed in March 2020

(continued)

Paramedic Portfolio Innovation

177

(continued) CSSP name

Description of project

Main partners involved Project start and end in project dates

CSSP-2018-CP-2367 Standards and Taxonomies for Canadian Paramedic information System (CPIS)

Project will develop and validate evidence-informed national Standard(s) to guide the development of a CPIS through a stakeholder consultation and consensus building process; and describe data/knowledge structures and models that are foundational to understanding and informing current and emerging paramedic practice in Canada

British Columbia Emergency Health Services, Justice Institute of British Columbia, Canadian Standards Association Group, Paramedic Association of Canada, and the Paramedic Chiefs of Canada

This project started August 2019 and is scheduled to be completed in December 2021

CSSP-2017-CP-2310 Canadian Work Disability Prevention Standard for Paramedics with Post Traumatic Stress Injuries (PTSI)

Project aims to develop, promote, and disseminate a nationally applicable Canadian Paramedic Work Disability Prevention Standard and related tools to help prevent and manage work disability associated with PTSI of Paramedics

Paramedic Chiefs of Canada, Paramedic Association of Canada, County of Renfrew, Canadian Standards Association Group, Centre of Research Expertise for the Prevention Musculoskeletal Disorders (CRE-MSD) and the Centre for Research on Work Disability Policy (CRWDP)

This project started September 2017 and is scheduled to be completed in March 2022

(continued)

178

D. Socha et al.

(continued) CSSP name

Description of project

Main partners involved Project start and end in project dates

CSSP-2016-CP-2285 Emergency Ground Vehicle & Equipment Standards

Project will develop and promote a Canadian Standard that identifies the minimum human factors/ergonomics design and usage requirements for vehicle and equipment with consideration to paramedic and patient safety and infection control. Objectives include but are not limited to supporting manufactures in design; direct paramedics in safe use of vehicles and equipment; protect H&S, and wellbeing of paramedics; protect the public

Paramedic Chiefs of Canada, Paramedic Association of Canada, County of Frontenac, Canadian Standards Association Group, and the Centre of Research Expertise for the Prevention Musculoskeletal Disorders (CRE-MSD)

This project started February 2017 and was completed in December 2020

CSSP-2015-TI-2180 National Standards for Community Paramedicine

This study created a national full consensus-based standard for community paramedicine. The Standard is designed to provide guidance to enable paramedic services across the country to fully understand the context, key considerations and essential components for community paramedicine program development and planning. It provides a framework and a solid methodology for paramedic organizations who wish to establish such programs within their community

Paramedic Chiefs of Canada, Paramedic Association of Canada, Canadian Standards Association Group, Alberta College of Paramedicine, and the Regional Paramedic Program of Eastern Ontario

This project started September 2015 and was completed in March 2017

(continued)

Paramedic Portfolio Innovation

179

(continued) CSSP name

Description of project

Main partners involved Project start and end in project dates

2011–2016 Completed projects CSSP-2013-CD-1091 Recommended Equipment List (REL) for CBRNE

This project updated and refreshed the CRTI 08-015 RD REL information and knowledge to inform CBRNE practitioners in Canada and the United States through the Department of Homeland Security. There is now a web-based platform to connect the first responder communities in information sharing and established an agreement covering the ongoing support and ever-greening for the REL outputs consistent with the principles of the REL format Hazard Identification and Risk Assessment (HIRA), Capability Based Planning (CBP), and resource typing

Paramedic Chiefs of Canada and the Paramedic Association of Canada

The project was completed in November 2014

CSSP-2013-CD-1092 Paramedic Research Program Leveraging Guide

Summary research levering guiding document of granting agencies, available funding cycles, and priority setting, overall mandate, and project characteristics that may leverage research and funding within the first responder community. The document was intended to serve as a reference for those within the first responder community looking to secure research funding

Paramedic Chiefs of Canada and the Paramedic Association of Canada

The project started in September 2013 and was completed in March 2014

(continued)

180

D. Socha et al.

(continued) CSSP name

Description of project

Main partners involved Project start and end in project dates

CSSP-2012-CD-1044 EMS Standards Strategy

This project worked with the Canadian Standards Association and developed the first strategic framework for standards creation for Paramedic Services in Canada. By identifying the most appropriate areas for future work in terms of standards development, a strategy for implementing standards can be created

Paramedic Chiefs of Canada, Paramedic Association of Canada and the Canadian Standards Association Group

The project was completed in March 2014

CPRC #09-1076 Gap Analysis for Emergency Medical Services (EMS), Science and Technology Research

This project’s identified critical gaps in paramedic practice and specifically provide an insight into both new and innovative knowledge creation. This project consolidated an environmental scan of existing and required inquiry into enhancing and aligning paramedicine in Canada. This project identified gaps, themes and emerging trends in future EMS

Paramedic Chiefs of Canada, the Paramedic Association of Canada, and Preemergency Inc.

The project started May 2011 and was completed December 2012

(continued)

Paramedic Portfolio Innovation

181

(continued) CSSP name

Description of project

This project provides a CPRC Project: roadmap to guide the Canadian National EMS Research Agenda decisions that need to be made on research. The roadmaps can lead to increased teamwork and better communication among various groups of people, which can help the groups plan for the future together. The objective of this project is to develop a national EMS research agenda for Canada that will: (1) explore what barriers to EMS research currently exist, (2) identify current strengths and opportunities that may be of benefit to advancing EMS research, (3) make recommendations to overcome barriers and capitalize on opportunities, and (4) identify national EMS research priorities

Main partners involved Project start and end in project dates Paramedic Chiefs of The project was Canada, Paramedic completed June Association of Canada, 2011 Calgary EMS Foundation, Canadian Institutes of Health Research, and the Nova Scotia Health Research Foundation

• Remaining Challenges27 – Defining competencies for entry-to-practice and measurement for continuing education competence. Education and training practices and protocols, including the effective use of VR/AR modeling and simulation; – Creating standards for aboriginal community paramedicine; – Building and deploying a Canadian evidence base for paramedicine; and – Creation of strategies for monitoring paramedic operations.

27

The first point was captured in the document: Developing the CSSP Planning Process, March 2017, DRDC-RDDC-2017-D018, authored by Brian W. Greene, DRDC—Centre for Security Science.

182

D. Socha et al.

1.7 Paramedic Health and Wellness CSSP name

Description of project

Main partners involved in project

Project start and end dates

2016–2020 Projects in progress or completed CSSP-2021-TI-2507 Canadian Study of Violence against Paramedics

The objective of this research is to develop an understanding of the experience of violence experienced by paramedics, particularly the physical and psychological consequences, as well as understanding what training is currently implemented, frequency with which it is implemented, and perceived efficacy. The project intends to develop research evidence and share across the sector, to inform employers, educators, policy makers, and the public at large, and ultimately translate into a safer, healthier, and better work environment for paramedics across Canada

Public Safety Canada, The project has been the Paramedic Chiefs of approved to start in the Canada, and the fiscal year 2021–2022 Paramedic Association of Canada

(continued)

Paramedic Portfolio Innovation

183

(continued) CSSP name

Description of project

Main partners involved in project

Project start and end dates

CSSP-2018-CP-2366 Canadian First Responder (FR) Fatigue Risk Management Standard

Main objective is to develop an evidence-informed National Standard on First Responder Workplace Fatigue Risk Management inclusive of research related to first responder health and wellness, inform decision-making and policy development, organizational performance and productivity and improved patient outcome. The outcomes of the project will also feed into CSSP-2018-CP-2367: Standards and Taxonomies for Canadian Paramedic information System (CPIS)

Paramedic Chiefs of Canada, Paramedic Association of Canada, County of Renfrew, Conestoga College Institute of Technology and Advanced Learning, Canadian Standards Association Group, and WorkSafeBC

The project started January 2019 and is scheduled to end March 2022

CSSP-2017-CP-2308 Personalized Approach to Mental Health Disorders in First Responders

Pilot study and Randomized Control Trial (RCT) to assess the acceptability and feasibility of a Preventative Pre-screening method & First Responder Mental Health Team on retainer model for Mental Health disorders in First Responders. The objective of the project is to plan, survey and pilot a prevention and treatment program for first responders suffering from mental health disorders

Ottawa Fire Service, Ottawa Paramedic Service, Ottawa Police Service and the University of Ottawa, Department of Psychiatry

The projected started January 2018 and was to be completed December 2019

(continued)

184

D. Socha et al.

(continued) CSSP name

Description of project

Main partners involved in project

Project start and end dates

CSSP-2017-CP-2310 Canadian Work Disability Prevention Standard for Paramedics with Post Traumatic Stress Injury (PTSI)

Aims to develop, promote, and disseminate a nationally applicable Canadian Paramedic Work Disability Prevention Standard and related tools to help prevent and manage work disability associated with PTSI of Paramedics. The objectives include helping prevent psychological harm from workplace exposures and building the capacity of paramedic services to address the psychological health and wellbeing of paramedics

Paramedic Chiefs of Canada, Paramedic Association of Canada, County of Renfrew, Canadian Standards Association Group, Centre of Research Expertise for the Prevention Musculoskeletal Disorders (CRE-MSD), and McMaster University: Centre for Research on Work Disability Policy

This project started January 2017 and was scheduled to be completed in March 2022

CSSP name

Description of project

Main partners involved Project start and end in project dates

2013–2016 Completed projects CSSP-2015-CP-2108 Canadian Paramedic Health and Wellness

This project employed a random sampling survey strategy to document the human resources profile for paramedics in Canada. Over the two-year duration of the project, a survey tool was developed and verified through pilot testing; administered to a random sample of paramedics stratified by province; follow-up focus group meetings and physical fitness testing session to cross validate the survey data, and a final report describing the human resources profile for paramedics in Canada

Paramedic Chiefs of Canada, Paramedic Association of Canada, County of Frontenac, Wilfred Laurier University and Queens University

The projected started June 2015 and was completed in May 2017

(continued)

Paramedic Portfolio Innovation

185

(continued) CSSP name

Description of project

Main partners involved Project start and end in project dates

CSSP-2013-CD-1088 Paramedic Physical Demands Analysis

This was the first National observational study that helped identify and characterize the physically demanding tasks encountered by paramedics that were critical to the profession across Canada. This study helped support future development of evidence based bona fide physical demands for both pre-employment screening tests and return to work initiatives

Paramedic Chiefs of Canada, Paramedic Association of Canada, Wilfred Laurier University and Queens University

The projected started May 2013 and was completed March 2015

• Remaining challenges28 – Mental/Psychological Resilience: Further research is required to support decisions regarding the development and implementation of programs to help prevent, mitigate, and address mental health issues within the paramedic services. – Physical Health: There is a requirement for further research to understand the physical demands and physical health risks associated with paramedic tasks, and how these risks can be mitigated through new technologies, equipment, and evidence based developed protocols or procedures.

28

These two points were captured in the document: Developing the CSSP Planning Process, March 2017, DRDC-RDDC-2017-D018, authored by Brian W. Greene, DRDC—Centre for Security Science.

186

D. Socha et al.

Community Paramedicine CSSP name

Description of project

Main partners involved in project

Project start and end dates

2016–2020 Projects in progress or completed CSSP-2020-TI-2468 Situational Awareness of Vulnerable Populations during a crisis or Evacuation (SAVE) Project

This project objectives Lambton County and include the development of a Interdev Technologies Inc. Vulnerable Population Database that identifies at risk populations during a disaster or evacuation. The project will develop a Required Resource application that will create a list for the emergency management organizations. The tool will be validated by involving each partner agency in hands-on exercises

The project has been approved for the fiscal year 2020–21

CSSP-2016-CP-2287 Situational Awareness of Vulnerable Populations during a COVID-19 Pandemic (SAVE) Project

Over the past number of Lambton County, the County years healthcare agencies of Essex, Grey County, and have been moving towards a Interdev Technologies Inc. “providing healthcare at home” model. For example, while in the past there would be numerous patients in a common assisted living building, under this model, those patients could be living in their homes at different locations. This decentralization of healthcare presents a significant situational awareness problem for emergency management organizations during a crisis or disaster. This project created a series of broadly integrated mapping layers intended to assist medical and emergency response agencies in locating and responding to vulnerable populations during extreme and /or disaster situations

The projected started January 2017 and was completed in December 2018

(continued)

Paramedic Portfolio Innovation

187

(continued) CSSP name

Description of project

Main partners involved in project

Project start and end dates

CSSP-2015-CP-2110 Community Paramedic Point of Care Testing

This project, led by Alberta Health Services in collaboration with Calgary Lab Services and the University of Calgary, examined the accuracy of using point of care testing within the community paramedic environment compared to laboratory processes. The objectives of this project are to ascertain the validity and reliability of blood analysis Point of Care Testing (POTC) devices in the Community Paramedic setting to assist Emergency Medical Services and paramedic leaders in making evidence-based decisions that ensure community safety and to establish the accuracy of POCT blood results compared to those derived from standard laboratory processes. Through healthcare partnerships, knowledge was shared widely to other paramedic and laboratory services across the country

Emergency Medical Services, Calgary Lab Services and the University of Calgary, Cumming School of Medicine

The project started June 2015 and was completed in March 2017

CSSP-2015-TI-2180 National Standards for Community Paramedicine

This study created a national full consensus-based standard for community paramedicine. The Standard is designed to provide guidance to enable paramedic services across the country to fully understand the context, key considerations and essential components for community paramedicine program development and planning. It provides a framework and a solid methodology for paramedic organizations who wish to establish such programs within their community

Paramedic Chiefs of Canada, Paramedic Association of Canada, Canadian Standards Association Group, Alberta College of Paramedicine, and the Regional Paramedic Program of Eastern Ontario

This project started September 2015 and was completed in March 2017

188 CSSP name

D. Socha et al. Description of project

Main partners involved in project

Project start and end dates

County of Hastings-Quinte Paramedic Service, the County of Renfrew Paramedic Service, and Quite Healthcare Corporation

This project started June 2014 and was completed in June 2016

2013–2016 Completed projects CSSP-2014-CP-2017 Economic Value of Community Paramedicine

This project examined the economic benefit of community paramedicine programs in both a rural and urban environment and measured the financial impact of these programs on the global healthcare system. The Economic Value of Community Paramedicine Programs Study was a randomized controlled trial (RCT) in two Eastern Ontario communities—one urban and one rural, and found that Community Paramedicine (CP) can achieve improved quality of life as measured with the (self-administered) EuroQol 5D-3L questionnaire and Quality Adjusted Life Years (QALY) calculations. In addition, the study results suggest that the effectiveness of CP is high sensitive to the degree of integration into a local healthcare system29

• Remaining Challenges30 – Analysis is required to assess outcomes of decisions made by community paramedics regarding treatment choices and redirections to appropriately resourced hospitals; – Research and technology in support of sustainable community paramedic programs that show benefits to the community and the healthcare system; – Technologies that allow paramedics to monitor patients in their home and help paramedics connect with other information sources to maintain a safe and healthy living environment for patients; – Evidenced based and standard development for CP protocols; and – Development and integrate new or existing technologies especially evolving communication technology such as telemedicine and tele-monitoring (remote monitoring), protocols, and policies in support of safe and healthy communities.

29

The Economic Value of Community Paramedicine Programs Contract Program DRDC-RDDC2017-C086. 30 The first three points were captured in the document: Developing the CSSP Planning Process, March 2017, DRDC-RDDC-2017-D018, authored by Brian W. Greene, DRDC—Centre for Security Science.

Paramedic Portfolio Innovation

189

Situational Awareness CSSP name

Description of project

Main partners involved in project

Project start and end dates

Urgences-sante, Montreal, Quebec, Alberta Health Services: Emergency Medical Services, McGill University and the University of Calgary

The project started January 2019 and is scheduled to be completed March 2022

2016–2020 Projects in progress or completed CSSP-2018-CP-2346 Precision prehospital risk-prediction through machine learning applied to healthcare databases

To improve patient outcome, responder satisfaction, and reduce costs by tailoring prehospital care. The project includes how to identify high-risk calls & allocate limited EMS resources and allow use of alternative options for low-risk patients. Emergency medical dispatchers need access to information about the medical history of a patient when they answer 911 calls

CSSP-2017-CP-2305 Situational Awareness Leveraging Wearable Technology—Project STALWART

Apply ‘smart’ glasses to Hastings-Quite Paramedic connect paramedics; send Service and Interdev and receive real-time data Technologies Inc. during operations to ID and monitor patient data; use photos and video to monitor threats and hazardous conditions; and create and transmit voice to text data

The projected started November 2017 and was completed August 2018

CSSP-2017-CP-2314 BrighterSight—Wearables for Paramedics

Design, develop, and implement wearable technologies into the Paramedic environment. Utilizing the “Individual Patient Care” case, three deliverables include: Interface with a cardiac heart monitor: integration of alerts from the monitor to the provider’s wearables; Medication identification: utilizing a “double-check” to assist with the safe delivery of medication to the patient; and Patient Record Integration: patient identification, medical history, and all interactions/treatments with the patient needs to be recorded within electronic medical record

This project started November 2017 and is scheduled to finish June 2022

City of Ottawa Paramedic Service, Rteng Pro, Factor Safe, Carleton University and Algonquin College

190 CSSP name

D. Socha et al. Description of project

Main partners involved in project

Project start and end dates

2011–2016 Completed projects CSSP-2015-TI-2136 Canada-United States Enhanced Resiliency Experiment (CAUSE) IV

Part of a series of experiments based on the Beyond the Border Action Plan, this plan focused on improving cross-border emergency management response capability to a disaster event. CAUSE IV involved border communities between Canada and the U.S. and was a two part experiment, which tested the capabilities of both countries while responding to an incident on the opposite side of the border. The experiment investigated technologies and processes that supported the communications between paramedics and healthcare stakeholders while crossing the border with a patient on board an ambulance as well as a public alerting, notification, warnings, and digital volunteer component focusing on interaction with the public via social media. Many of the results of the exercise were first-time events that occurred over a public safety broadband network and included the following • First-time event in the communication between the Paramedic Services and border and bridge officials while using the 700 MHz PSBN technology • First time Canadian Paramedic were able to transmit over a 700 MHz PSBN simulated 12 lead cardiac patient data and patient records from a Canadian ambulance to a U.S. hospital • First time Canadian Paramedics were able to communicate between Canadian paramedics and U.S. healthcare providers, and examine 3-way video conferencing while traveling across separate 700 MHz PSBN networks; and First time Canadian and U.S. border and hospital stakeholders were able to view in real time ambulance locations on an automatic vehicle locating platform

Public Safety Canada, Department of Homeland Security, FEMA, Lambton County, and St. Clair County

The Project started September 2015 and was completed June 2016

CSSP-2013-CD-1090 Paramedic Electronic Medical Record Integration

This project looks to increase efficiencies within the healthcare system & allow hospitals to provide faster patient care through the creation of a framework to determine how paramedic records were maintained & shared

Paramedic Chiefs of Canada, Paramedic Association of Canada and Preemergency Inc.

The project started in November 2013 and was completed in May 2014

(continued)

Paramedic Portfolio Innovation

191

(continued) CSSP name

Description of project

Main partners involved in project

Project start and end dates

CSSP-2013-CD-1089 Integration of CAE Deploy at Ottawa Paramedic Service

The objectives of this project was to implement CAE Deploy within the operational environment in the Ottawa Central Ambulance Communications Centre. The decision tool was to be used to provide regular unit deployment recommendations to the Communications Officers to support their deployment strategy

CAE and the City of Ottawa Paramedic Service

The project started July 2013 and ended July 2014

CPRC 02-3049 National Emergency Medical Services Database

Research in Paramedic Services is challenging given limited access to paper based data, confidentiality and consent issues, as well as stand-alone Paramedic Service patient information systems. Given this national trend, this project was to create a Mega-national EMS database of all response times, resource deployment, patient injuries and illness descriptions, paramedic treatments, and its outcomes. They also put together a website to analyze the data in a dashboard format that services could connect to and filter data on national services. The primary goal was to increase Paramedic Service operational awareness and use this information to strategically plan for future demographics. This project put into place the systems, process and structure of a Canada wide Mega-database of all Paramedic Services willing to submit their data. In the creation of this database, Paramedic Services were able to develop key performance indicators

Paramedic Chiefs of Canada, Ontario Emergency Medical Services Operators, and Interdev Technologies Inc.

The project started December, 2011 and was completed April, 2014

• Remaining challenges31 – Situational Awareness: Establishing key performance metrics regarding levels of service and deployment and understanding the economic impact; Responding to calls for service including defining response times, better understanding of which patients could benefit from urgent and emergency response, improved measurement data, and communicating targets and performance; and 31

The first three points were captured in the document: Developing the CSSP Planning Process, March 2017, DRDC-RDDC-2017-D018, authored by Brian W. Greene, DRDC—Centre for Security Science.

192

D. Socha et al.

Understanding scalable response phasing and the interoperability efficiencies when dealing with large scale emergencies. – Complex Operating environments Speciality Response capabilities including Tactical Unit, Urban Search and Rescue, Public Order and Chemical, Biological, Radioactive, Nuclear and Explosive (CBRNE); Climate change and the effects of natural disasters & extreme weather such as forest fires and flooding upon regular operations and special operations responses Video applications for mass casualty care for transmitting videos taken onsite at events to command centres; Next Generation 911 using voice-to-text apps for digitally forwarding the content of audio and video 911 calls to dispatchers; Major events applications allowing tri-services to maintain interoperable communication flow.

1.8 Collaboration with Other DRDC CSS Portfolios There are several DRDC CSS Portfolios with direct lines into the Paramedic Portfolio domain, such as First Responder Technology Supports, Wireless Technologies, Emergency Communications Systems, and Community Resilience. In addition to engagements with the Paramedic CoP, other government organizations and international partners, the Paramedic portfolio manager worked with CSS colleagues to better understand past and on-going Science and Technology investments with cross-domain application potential, as well as to formulate future challenges that can benefit their respective partner communities. The Canadian Safety and Security Program (CSSP) creates collaborative forums for CoP members to exchange ideas through meetings, workshops, conferences, and a web portal. Analysis The Paramedic Community of Practice projects have increased in complexity in a number of different perspectives during the last four years. Projects have involved an increased number of diverse stakeholders including municipal, provincial, federal and international entities as well as academia, private enterprise and standards development organizations (see Chart 1: Stakeholder Distribution (A)). The number of projects in 2012 and 2018 were same but the number of stakeholder classifications increased by 100% and the total number of stakeholders increased by 50% (see Chart 2: Stakeholder distribution (B)). In addition, the projects durations become longer, and CSS monetary contributions increased as well (see Chart 3: DRDC CSS Contributions—Projects 2012–2018 and Chart 4: Research Project duration (in mths) 2012–2018).

Paramedic Portfolio Innovation

193

Distribution of Stakeholders 2012-2020 40 35 30 25 20 15 10 5 0

17

15 10

4

37

10 4

3

Distribution of Stakeholders

Chart 1 Stakeholder distribution (A)

2012 vs. 2018 Distribution of Stakeholder Classification, Total Number of Stakeholders, Total Number of Projects 25 21 20 14

15 10 6 5

4

3

4

0 Total Number of Stakeholder Classification Groups Represented

Total Number of Stakeholders

2012

Chart 2 Stakeholder distribution (B)

2018

Total Number of Projects

194

D. Socha et al.

Research Project duration (in mths) - 2012-2018 35

31

30 30 25

22

24

20

20.5

15

15.5

12

10 5

5

4

4

4

0 2011

2012

2013

Number of Projects

4

2

1

2014

2015

2016

Mean duration of Projects

2017

2018

2019

Linear (Mean duration of Projects)

DRDC CSS Contributions - Projects 2012-2018 3000000 $2,704,127 $2,663,655

2500000 2000000

$1,529,500

1500000

1000000

$972,000 $660,000

500000 0 2011

$501,306 $488,000 4 5 1 2012 2013 2014

Number of Projects

4 2015

2 2016

4 2017

4 2018

2019

Total Montary Value of Projects

Linear (Total Montary Value of Projects)

The ability of the paramedic community to respond to Call for Proposals or create Targeted Investment Proposals with increased complexity reflects a maturing collaboration of the Paramedic Community of Practice with CSS. In addition to the project complexity, projects in the more recent years (2018–2020) involve more than one of the previously mentioned four themes: Standards Development, Paramedic Health and Wellness, Community Paramedicine, and Situational Awareness. In addition, the S&T research vision of the Paramedic CoP developed in 2013 continues to be consistent over the years. For example, standards development projects are represented in each fiscal year highlighting the continued need to create a solid foundation for future S&T research initiatives. Situational awareness has

Paramedic Portfolio Innovation

195

moved from back-end to forward-leaning technology projects over the past couple of years, which reflects the ever growing need of the paramedic CoP to position itself to increase its ability to respond to diverse emergency situations including man-made and natural disasters as well as contributing to community resilience. While paramedic health and wellness priorities were first identified in 2015, the growing concerns related to PTSD, fatigue, disability and paramedic violence have become more important to the paramedic community in recent years.

2 Conclusion The Paramedic portfolio manager position allows for sharing of information between the paramedic community across Canada and the Federal Government. Exposure of the paramedic operational environment allows key decision makers within CSS a greater understanding of the priorities of the paramedic community and the confidence that research funding will be directed to mutual beneficial S&T projects. Each of the projects outlined above showcase the CSS support that address priority gaps within the paramedic community. Moving forward, the Paramedic Portfolio manager needs to successfully facilitate the engagement between the CoP and CSS agencies. This success will be dependent in part on the Paramedic CoP diverse membership, which is required in order to identify and prioritize paramedic gaps. CoP membership needs to continue to represent the frontline paramedics, specialist paramedics, paramedic researchers, management, paramedic private enterprise, and standards development agencies in order to be successful. Specific recommendations include the operationalization of a paramedic database based upon the outcomes from the CSSP-2018-CP-2367 Standards and Taxonomies for Canadian Paramedic information System (CPIS). The ability of existing and future paramedic researchers to access accurate, trustworthy and timely data will assist with the ability to address future paramedic gaps and risks. Further exploration of having Stats Canada maintain the paramedic database will allow reliable accessibility to many stakeholders including paramedic and non-paramedic researchers. In addition, health and wellness of paramedics are important not only for paramedics but for to community resilience as well. Research that investigates increased situational awareness with a focus on paramedic safety is required to ensure continued ability to provide reliable service to Canadian communities. With Public Safety and Public Health Agency of Canada holding the lead on first responder PTSI federal policy, the paramedic CoP can contribute to both S&T advice and guidance as well as collaborate on mutually beneficial research opportunities. There is an opportunity to strengthen the relationship with Indigenous Services Canada (ISC). With the creation of a permanent paramedic position within the department, there is an opportunity to explore research collaboration with the CSS and

196

D. Socha et al.

ISC. Regularly scheduled meetings inclusive of the Paramedic Portfolio Manager, the executive directors of PCC and PAC as well as ISC have begun. COVID-19 has created a number of challenges for Canadian society. Specifically for paramedic services, gaps have been identified with situational awareness, paramedic health and wellness, point-of-care testing and continuing paramedic education. Potential S&T contributions include research into real time bio-chemical wearable sensors, touchless patient assessment and care technology, and virtual / augmented paramedic reality training. The activities of the last 4 years have been conducted in collaboration with national and international stakeholders, and reflective of research S&T priorities of the Paramedic CoP. Future paramedic CoP S&T priorities will rely upon continued evidence-informed strategic planning, which will not only advance the profession but also showcase Canadian paramedicine as a leader leveraging S&T to advance the profession. This Reference Document is intended to capture past accomplishments, highlight current activities, and inform future science and technology opportunities for the Paramedic Community of Practice, in the hopes of addressing operational, logistical, and human resource gaps, while informing policy that might be helpful in addressing specific needs in accordance with risk and resilience assessment.

References Canadian Safety and Security Program (2012) Canadian Paramedic Service Standards Report: a strategic planning report. CSSP-2012-CD-1044. Scientific Authority: April Wollbaum. Available at https://cradpdf.drdc-rddc.gc.ca/PDFS/unc198/p800399_A1b.pdf Canadian Safety and Security Program (2016) Community of practices. Available at https://science. gc.ca/eic/site/063.nsf/eng/h_D31527CE.html#X-2016091209255011 Canadian Standards Association (2020) Z1650:21 Paramedic response to the opioid crisis: education and training across the treatment and care continuum in out-of-hospital and community settings is available on the CSA Store at https://www.csagroup.org/store/product/CSA%20Z 1650%3A21/?utm_medium=flyer&utm_source=stakeholder&utm_campaign=Z1650-SD-PDFZ1650-01182021 DiMonte D (2012) Gap analysis for EMS Science & Technology Research (The Paramedic Research Gap Analysis). Available at http://www.premergency.com/media/consultancy/GapAnalysisFINA LreportDec2012Web.pdf Greene BW (2017) Developing the CSSP planning process, March 2017, DRDC-RDDC-2017D018, Defence Research & Development Canada—Centre for Security Science. Available at https://cradpdf.drdc-rddc.gc.ca/PDFS/unc276/p805389_A1b.pdf Innovative Solutions Canada Funding Opportunity (2019a) Logistics and resource management of emergency response assets. Available at https://www.ic.gc.ca/eic/site/101.nsf/eng/00055.html Innovative Solutions Canada Funding Opportunity (2019b) Advanced decision support for first responder command and control. Available at https://www.ic.gc.ca/eic/site/101.nsf/eng/00054. html Innovative Solutions Canada Program Overview (2020) ISC program overview available from https://www.ic.gc.ca/eic/site/101.nsf/eng/00083.html#s1.2 Jensen JL et al (2013) The Canadian National EMS Research Agenda: a mixed methods consensus study. Can J Emerg Med 15(2). Available at http://www.paramedicchiefs.ca/docs/nra/jensen% 20CJEM%202013%20Cdn%20EMS%20Research%20Agenda%20-%20final%20results.pdf

Paramedic Portfolio Innovation

197

Paramedic Association of Canada (2016–2018) Strategic Plan. Available at http://pac.in1touch.org/ document/2346/2016%20Strategic%20Plan.pdf Paramedic Chiefs of Canada (2006) PCC strategic plan: the white paper. Available at http://www. emscc.ca/docs/EMS-Strategy-Document.pdf Paramedic Chiefs of Canada (2012) Canadian National EMS research agenda. Available at https:// www.paramedicchiefs.ca/nra/ Paramedic Chiefs of Canada (2020) Paramedic Chiefs of Canada white paper: discussion on 10 guiding principles for Paramedicine in Canada. Available at https://firstwatch.net/paramedic-chi efs-of-canada-white-paper-update-to-pcc-members/ PHAC (2019a) Federal framework on posttraumatic stress disorder: recognition, collaboration and support. Available at https://www.canada.ca/en/public-health/services/publications/healthyliving/federal-framework-post-traumatic-stress-disorder.html PHAC (2019b) National conference on PTSD: working together to inform Canada’s federal framework on PTSD—What we heard report. Available at https://www.canada.ca/en/public-health/top ics/mental-health-wellness/post-traumatic-stress-disorder/federal-framework.html Ruest M, Nicolinco E(2017) Canadian safety and security program: paramedic review report 2012– 2017, DRDC-RDDC-2017, Defence Research & Development Canada—Centre for Security Science Socha D (2016) Successful paramedic position within defence research and development Canada— Centre for Security Science, Defence Research and Development Canada, Scientific Letter, DRDC-RDDC-2016-L291. Available at https://hastingscounty.civicweb.net/document/113392/ 7%20c%20Scientific%20Letter%20-%20Dougs%20Report.pdf?handle=FDAA4D260BAD443 E85A4BABED9FB200E Telus Media (2020) Virtual monitoring news release available at https://www.canhealth.com/2020/ 04/29/telus-expands-home-health-monitoring-solution-in-bc/

Science and Technology to Enable Mobile Wireless Communications for the Safety and Security Community Joseph Fournier, Philip Dawe, and Claudio Lucente

Abstract The dramatic growth of mobile broadband wireless networks worldwide has massively transformed the way society communicates, and accesses and exchanges information anytime, anywhere. This certainly is the case in Canada, where “as of 2020 there were 36.1 million mobile subscribers who used 3.4 GB of data per month on average” (Radio-Television, Canadian in radio 2014Canadian (2022)). Mobile broadband communications are at the foundation of a vast ecosystem that allows users (users includes human users and machine users) to ubiquitously connect to the Internet and the seemingly limitless information, applications and services contained therein, while using a variety of devices ranging from smartphones, tablets and laptops, watches, drones, the Internet of Things and autonomous vehicles to name a few. Despite the wide proliferation of broadband mobile wireless in global industries and society, the safety and security community has unique requirements related to reliability, interoperability and security that have resulted in the need for mobile networks designed specifically to address these requirements. This chapter will describe the DRDC Center for Security Science’s (DRDC CSS) contributions to Canada’s efforts to enable wireless mobile broadband communications for the safety and security community while addressing their distinct and essential needs, with interoperability at the forefront of these. This will include describing how CSS contributed to the Communications Interoperability Strategy for Canada, established the Communications Interoperability Research, Test and Evaluation Centre (CIRTEC), studied implementation and service delivery models for the Public Safety Broadband Network (PSBN) in Canada, developed the reference architecture and design, enabled important wireless communication advancements with the US in the area of safety and security, conducted sophisticated experimentation, and in doing so, delivered key science and technology (S&T) advice in these areas. The goal of each of these elements was, and remains, to offer advice and best practices on approaches and methodologies to enable effective wireless communications for the safety and security community. This chapter will also describe the J. Fournier (B) · P. Dawe · C. Lucente Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, Canada e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_11

199

200

J. Fournier et al.

CSS initiatives moving forward, including the delivery of a series of reports on the future of wireless communications for public safety and security while considering emerging technologies, the establishment of a next-generation wireless communications test and evaluation platform anchored by 5G mobile technology (5G is the fifth generation of mobile communications as specified by the Third Generation Partnership Project (3GPP), the global standards body that develops the specifications for mobile communications), and upcoming experiments that demonstrate the near unlimited capabilities enabled by next-generation wireless technologies. Keywords Wireless communications · PSBN · Broadband communications

1 Setting the Stage for Communications Interoperability in Canada The DRDC Centre for Security Sciences is the organization responsible for the Canada Safety and Security Program (CSSP). The program was launched in 2012 by merging three existing Canadian Federal Government Safety and Security programs: the Canadian Police Research Centre (CPRC), the Chemical, Biological, Radiological-Nuclear and Explosives (CBRNE) Research and Technology Initiative (CRTI) and the Public Security Technical Program (PSTP). The first of these was the CPRC, established in 2000, with a mission “to provide leadership and focus for a national program of research, development, evaluation and commercialization in the law enforcement and public safety sectors in Canada” (Canadian Police Research Center 2000). CPRC recognized the importance of interoperability across the first responder community (fire, police and paramedics) and established the Canadian Interoperability Technology Interest Group (CITIG) in 2007 “to improve Canadian public safety and security communications interoperability” (DRDC Center for Security Science 2011). This was done in collaboration with the Canadian Association of Chiefs of Police, Emergency Medical Services Chiefs of Canada1 and the Canadian Association of Fire Chiefs who collectively represent first responder interests across Canada. Up to that point, there was no single organization or entity that had the mandate to investigate and achieve communications interoperability collaboration across and within all organizations. In 2008, CITIG led a voice interoperability workshop with 148 delegates who “represented a wide array of first and second responders and public safety policy agencies from across Canada, related organizations in the United States, and representatives from industry” (Canadian Police Research Center 2008). Based on the cross-section of the 148 delegates, the multi-organizational dimension of communications interoperability was evident as there were participants from all levels of government, international partners, non-government organizations and industry. A key outcome from the 2008 CITIG workshop was “to take concrete 1

In 2012 The Emergency Medical Services Chiefs of Canada organization was renamed as the Paramedic Chiefs of Canada.

Science and Technology to Enable Mobile Wireless Communications …

201

and tangible steps towards developing a National Roadmap for Voice Interoperability” (Canadian Police Research Center 2008). It was decided that the path forward needed to consider multi-dimensions of emerging domains. For example, in the 2008 workshop there were three focus areas: 1. Priorities to advance voice interoperability, 2. Leadership to advance the domain and 3. Enablers to achieve success. The second area was deemed worthy for inclusion since a key gap identified from this workshop was governance and leadership. As stated in the report “input from all groups reflected an understanding of the complexity of the issues and the need for a robust governance structure with the right representation from all key stakeholders to include international partners and industry” (Canadian Police Research Center 2008). A further outcome of the 2008 CITIG workshop was the formation of a working group between Public Safety Canada and CITIG, which led to the development of the Canadian Communications Interoperability Plan (CCIP) that sought the development of a national policy framework, including appropriate regulatory changes and spectrum allocations that would encourage local and regional interoperability. In 2011, the Communications Interoperability Strategy for Canada (CISC) was published (Public Safety Canada 2011), which was a “strategic document that sets goals and identifies key national priorities to enhance governance, planning, technology, training and exercises to promote interoperable voice and data communications” and therefore considered data communications in addition to voice. The CCIP was the key enabler and basis for the CISC and its associated action plan. To deliver on the CISC, a national governance approach as shown in Fig. 1 was established. The strategic direction for CISC was from the Senior Officials Responsible for Emergency Management (SOREM) who represented Federal, Provincial and Territorial (F/P/T) ministers responsible for Emergency Management. The reader is referred to the Communications Interoperability Strategy of Canada for a full explanation of the entire governance structure (Public Safety Canada 2011). Science and Technology advice and direction was integrated into this governance model specifically through the F/P/T Interoperability Working Group. DRDC CSS was a key S&T advisor to CISC and to the direction of the associated action plan. Key to these S&T efforts was the late Jack Pagotto from DRDC CSS, a true visionary, who long understood the importance of communications interoperability and how S&T could contribute to its success. Through Jack’s leadership and passion, an expert team of technical advisors was established that led the development of a multi-year S&T plan that has been key to advancing communications interoperability in Canada, and specifically the Public Safety Broadband Network (PSBN) initiative.

202

J. Fournier et al.

Fig. 1 Governance approach

2 Providing Science and Technology Advice and Investments to Enable Mobile Broadband Communications The CISC and associated Action Plan encompass a wide range of objectives and activities to achieve communications interoperability. However, the focus of this section is on the CISC action plan items related to establishing a Public Safety Broadband Network in Canada. Simply put, the PSBN is a nationwide mobile broadband (cellular) network designed and intended for public safety use. The main objective, as outlined in the action plan, was to “develop a public safety controlled mobile broadband communications network expected to operate in the 700 megahertz (MHz) band” (Public Safety Canada 2013). This high-level objective was used by DRDC CSS to shape specific S&T tasks and the ensuing advice required to advance PSBN. These included establishing test and evaluation capabilities, defining a network architecture and defining interoperability considerations. DRDC CSS also provided S&T advice related to the governance structure, the business case and the exercise framework for the PSBN. All of these DRDC CSS tasks on PSBN were also guided by the national governance approach provided by CISC. In other words, the governance gap that was identified at the 2008 CITIG workshop and addressed in the CISC provided a framework that DRDC CSS could use to provide key S&T advice and make S&T investments.

Science and Technology to Enable Mobile Wireless Communications …

203

The governance structure of the CISC also provided a framework that allowed stakeholders to understand what S&T advice DRDC CSS could provide and also the ability to task DRDC CSS to investigate emerging issues. In 2011, “in response to a request for technical advice by Public Safety Canada on behalf of national public safety stakeholders, the Centre for Security Science conducted a technical assessment of the 700 MHz spectrum requirements for broadband mobile data communications for public safety and security” (Lucente 2011). The goal of this study was to determine the amount of spectrum that would be required by the public safety community to deliver mobile broadband to its stakeholders over a twenty-year time frame. In 2012, this work was used to provide evidence for an Industry Canada consultation on segments of the 700 MHz spectrum band considered for use by public safety. The bands under consideration were the 10 MHz PSBB Band (763–768 MHz and 793–798 MHz) and the 10 MHz D-Block (758–763 MHz and 788–793 MHz), where either the full 20 MHz of spectrum, a partial 10 MHz, or no spectrum at all would be allocated for public safety use. DRDC CSS, in leading this request, worked closely with the Communications Research Center Canada2 who provided technical expertise and oversight on this work. The methodology for this study focused on analyzing the spectrum requirements around three scenarios: • Chemical Plant Explosion and Fire • A Severe Multi-Vehicle Accident • Sports Event Riot These scenarios were used as a basis to determine the bandwidth required in terms of data demand and network infrastructure. The evidence of the study indicated that for such events “the amount of bandwidth required to satisfy the needs of public safety is greater than 20 MHz in the near- to mid-term, and likely to also exceed 20 MHz in the long-term despite advances in technology”. Understandably, the amount of spectrum required for normal day-to-day operations is less than 20 MHz and more to the order of 3 MHz, as detailed in another DRDC CSS report issued in 2017 (Fournier et al. 2017). Although this report is technical in nature, the basis of the study focused on user requirements from the First Responder community and in domains like mobile broadband communications, it is important to have the users’ perspective. As outlined in the report, “the question of how much bandwidth a mobile broadband network requires to meet the needs of public safety is answered by examining how the public safety community would use the technology and what throughput the technology offers.” The other aspect that S&T experts can provide is a future lens on technology trends and directions which is critical in rapidly evolving areas like mobile broadband communications. The DRDC CSS 700 MHz Spectrum Requirements report provided evidence for the Industry Canada3 consultation on 700 MHz spectrum that resulted in 5 + 5 MHz being designated for Public Safety communications in 2012 and an additional 5 + 5 MHz in 2015. This was captured in an important report issued by 2

Communications Research Center Canada is the government of Canada organization focused on providing applied research and development in advanced telecommunications. 3 Industry Canada has since become Innovation, Science and Economic Development (ISED).

204

J. Fournier et al.

Innovation, Science and Economic Development in 2017 (Innovation Science and Economic Development Canada 2017). From the CISC and its associated Action Plan, DRDC CSS was requested to define the National Public Safety Broadband Network architecture, specifically a “technical document detailing the network architecture including the delineation between the national and regional levels” (Public Safety Canada 2013). This resulted in a technical document that “describes the network architecture for a Canadian public safety broadband communications network expected to operate in the 700 MHz band” (Pagotto et al. 2013). To complete this task, a 700 MHz Technical Advisory Group (700TAG) was created by DRDC CSS, which “was composed of a collaborative group of technical experts led by Centre for Security Science and includes scientific authorities from the Communications Research Centre of Canada, Simon Fraser University, and technical experts from Federal/Provincial/Territorial/Municipal agencies” (Defence Research and Development Canada 2011). It was designed to provide an independent, neutral source of technical advice, which is key in any mobile broadband communications effort. DRDC also led three working groups with over 80 active participants that provided comments and feedback to the 700TAG. The working groups were composed of representatives from the vendor community, wireless carriers, consultants, federal government representation, academia, federal/provincial/territorial emergency management officials, and first responders. Among the 700TAG and working group objectives were the establishment of “minimum technical interoperability standards and design principles for the regional and national portions of the PSBN and to encourage the establishment of technical expertise within the various regions of Canada regarding public safety mobile broadband networks” (Lafond and Lucente 2012). For mobile broadband communications initiatives it is key to bring together all stakeholders to obtain a holistic perspective and to have an independent S&T advisory group similar to the 700TAG. Finally, the CISC framework ensured that this request was based on the governance model that was endorsed (at the time) by the senior officials responsible for Emergency Management in Canada (SOREM). (Pagotto et al. 2013). Building on the important work of the 700TAG that was key to advancing the PSBN initiative in Canada, DRDC CSS continued to produce S&T advice that was critical to defining the future PSBN. This advice included a report describing the various implementation models that could be considered for a PSBN, while listing their key attributes and challenges (Fournier and Lucente 2017c). This was followed by a report on service delivery models for the Canadian First Responder community’s and Public Safety Canada’s consideration (Fournier and Lucente 2017a). Since the creation of this report in 2017, it has since become undeniable that it was one of the most important and instrumental pieces of advice in laying the groundwork and defining the path forward for the PSBN, with a goal “to inform the public safety community on different possible service delivery model (SDM) options and their implications on delivering mobile broadband services to emergency responders using Long Term Evolution (LTE)”. These documents were designed to provide independent evidence-based S&T advice to support the policy process underway on

Science and Technology to Enable Mobile Wireless Communications …

205

the national approach to PSBN, and served as the foundational blocks for a series of DRDC CSS technical reports to follow on PSBN. During this same period, DRDC CSS was also a member of many committees and groups up to 2018, including Canada’s Communications Interoperability Working Group (IWG), the Canada-US Interoperability Working Group (CANUS IWG).

3 Advancing Mobile Broadband Communications for Safety and Security in Canada In 2017 the Government of Canada allocated $3 million in funding for two years of activities to advance PSBN (Public Safety Canada 2017). This led to the formation of a PSBN Federal Task Team that included Public Safety Canada, Innovation, Science and Economic Development Canada and DRDC CSS. The purpose of the Federal Task Team was to ensure that S&T advice would provide an evidence base to enable policy decisions on PSBN. This evidence-based S&T advice would be in the form of a series of technical reports. The entire Task Force Team was located in a single physical office space and worked closely to advance several aspects of PSBN. In order to produce the necessary evidence-based advice required of this Federal Task Team on PSBN, DRDC CSS recognized the need to clearly define the PSBN and to establish its boundaries within the broader Public Safety Communications Ecosystem. Without such an analysis, devising the contents of the PSBN technical reports that would constitute the S&T advice would prove very difficult. Figure 2 clearly highlights the elements of the PSBN shown in yellow, which were used as the foundational basis to determine the scope of the reports described later in this chapter. This categorization was also useful to understand the linkages with the wider Public Safety Communications Ecosystem shown in blue. All PSBN components are captured within the yellow boundary in Fig. 2. These include the typical components of a mobile broadband network, such the wireless access infrastructure made up of the core network and the radio access network, service management, network and security management, base network functions and roaming. Specific to a PSBN, the technical reports would also touch upon network functionality less typically seen and captured within the enhanced functions component. Some of these functions include mission critical communication services,4 machine-type communications for the Internet of Things (IoT), PSBN planning and service architecture. In addition to the above, another key focus of the team that was necessary to produce the technical reports was the validation of user requirements for the PSBN, which included a series of eight workshops across Canada with first responders and other stakeholders. Prior to these workshops, DRDC CSS developed a document on PSBN Use-Cases and User Requirements that outlined a series of scenarios on 4

Mission critical services (MCS) include mission critical push-to-talk (MCPTT), mission critical video (MCV) and mission critical data (MCD).

206

J. Fournier et al.

Fig. 2 Public safety communications ecosystem

possible usage of the PSBN (Fournier et al. 2019a). Examples of such scenarios were a wildland-urban interface fire, a response to a collision at an under-served area of PSBN, a sporting event in an urban area. Each scenario represented a use-case from which user capability needs were identified. The sets of user capability needs for each use-case were then consolidated into a singular list of user requirements. For mobile broadband communications initiatives such as the PSBN, using use-cases is an effective way to engage with end users in a structured framework and determine user requirements. Equipped with the public safety user requirements, a clear definition of the PSBN (Fig. 2), and the aforementioned PSBN Implementation Model and Service delivery Model reports (Fournier and Lucenta, 2017b, c) as necessary inputs, DRDC CSS was then able to produce a series of four key inter-related S&T reports. The user requirements were continuously used as a cross-reference to ensure the validity and applicability of their contents. The reports included a PSBN Network Architecture Description (NAD) (Fournier et al. 2019b), which was a revision of the original NAD report (Pagotto et al. 2013), Technical Considerations on Interoperability (TCI) (Fournier et al. 2019c), Technical Considerations on Security (TCS) (Fournier et al. 2019d) and Technical Consideration on Operability (TCO) (Fournier et al. 2019e). In order to ensure that all user requirements were satisfied by the technical reports,

Science and Technology to Enable Mobile Wireless Communications …

207

Fig. 3 Public safety broadband two-tiered network architecture

a traceability analysis was carried out to ensure that all user requirements were addressed. In the case where a certain user requirement was not satisfied, changes were made to the technical reports. Figure 3 is an example of one of three network architectures of the PSBN created by DRDC CSS and described in the NAD report. Following the establishment of the PSBN Federal Task Team, the Government of Canada then decided to establish a Temporary National Coordination Office (TNCO) in 2018 “with a mandate to develop options and recommendations for a Public Safety Broadband Network (PSBN) for first responders and public safety personnel across Canada” (Public Safety Canada 2019). This office, led by Public Safety Canada, included Federal/Provincial/Territorial/Municipal and Non-Government Organizations. The intent of TNCO was to develop a policy paper to “address gaps in analysis, including governance options, expand on current recommendations and findings, and propose a way forward for the establishment of a PSBN in Canada that best delivers on the PSBN Principles while balancing the diverse interests of stakeholders” (Public Safety Canada 2019). The TNCO approach was endorsed by the FPT Ministers Responsible for Emergency Management and the policy outputs from this process would be provided to this group. DRDC CSS was the key S&T advisor to TNCO and provided a wide range of critical advice and direction to support this effort as well as the Canadian First Responder Community on the whole. Although the main objective of TNCO was to advance PSBN policy, the comprehensive body

208

J. Fournier et al.

of knowledge, reports and expertise produced by DRDC CSS was used in this effort, and in most cases was used as the material basis of the TNCO report. For example, the TNCO progress report released in 2020 directly references 11 scientific reports and/or scientific briefs produced by DRDC CSS. The S&T foundational work completed by DRDC CSS since 2012 provides the key evidence base to support this and future policy decisions. For policy initiatives related to mobile broadband communications, it is important to have independent, evidence-based S&T advice but also to integrate this expertise into the decision-making cycle. Over the years, DRDC CSS also produced a number of other key S&T reports including a detailed PSBN use-case in a wildland-urban interface fire (Fournier and Lucente (n.d.), Long Term Evolution (LTE) Interoperability. Across Borders (Fournier and Lucente 2019), and a report on Inter-operator Interoperability of Mission Critical Voice service (Mission Critical Push-to-Talk) for public safety that is in the process of being published. Additionally, the Centre has leveraged the competitive CSSP program to invest in key areas related of PSBN research and development. One project consisted of implementing a PSBN pilot network in the Ottawa-Gatineau region, led by Ericsson Canada and Motorola with Industry Canada as the lead government department. The main purpose of the work was to allow the public safety community to familiarize itself with and plan for a PSBN. From an S&T perspective, inter-network interoperability challenges were investigated and resolved. Another important project investigated the use of temporary deployable PSBN networks during disasters, emergencies and large planned events, as well as to deliver communications to remote and underserved areas of Canada. The lead government departments were the province of British Columbia and Yukon Territory. The main S&T components were to resolve the integration and interoperability of such small network instances with the broader, nationwide PSBN. A third project was carried out by the University of Regina to investigate a framework for a PSBN applications ecosystem (Keshta and Morgan 2018).

4 Public Safety Broadband Network Experimentation As previously mentioned, DRDC had the vision to establish CIRTEC in 2013. The primary function of CIRTEC was to study mobile broadband wireless 4G (LTE) technology for use by the public safety and security community. All mobile broadband technology is specified by the Third Generation Technology Partnership (3GPP) international standards body, whose focus is primarily on commercial mobile (cellular) service as the commercial subscriber base is by far the most dominant user base. Because of this, the needs of specific user groups such as public safety and security are not always at the forefront of consideration by the 3GPP. This can lead to technological and operational gaps in mobile broadband when adapted and applied to safety and security needs. CIRTEC was successfully used to identify such gaps, and in many cases to resolve them.

Science and Technology to Enable Mobile Wireless Communications …

209

An additional but no less important function of CIRTEC was to support hands-on experimentation on PSBN. Without the existence of CIRTEC, such experimentation would have proven very difficult to carry out, and likely cost-prohibitive. The most important of this experimentation was the Canada-US Enhanced Resiliency Experiment series (CAUSE) with five experiments spanning the 2011–2017 timeframe. The experiments resulted from an action item in the Communications Interoperability Action Plan for Canada (Public Safety Canada 2013) in response to both the Communications Interoperability Strategy for Canada (Public Safety Canada 2011) and the Canada-US Beyond the Border (BTB) Action Plan released in December 2011 (Beyond the Border (BTB) Action Plan 2011). The BTB plan stated that “a common goal within this partnership focused on enhancing the coordination of responses during binational disasters. Specifically, the plan states that Canada and the United States will focus on cross-border interoperability as a means of harmonizing cross-border emergency communications efforts.” The purpose of the CAUSE experiments was to enhance multi-agency and multi-jurisdiction cross-border situational awareness (SA) and improve regional resilience through enhanced communications interoperability. As previously mentioned, one of the key features of mobile broadband technology is its ability to enable communications interoperability on not only a regional scale but also a global scale. Logically then, PSBN experimentation in the CAUSE experiments made complete sense. Mobile broadband network technologies upon which the PSBN is based were a key component of CAUSE III (Fournier et al. 2016; Dawe et al. 2015), CAUSE IV (Dawe et al. 2017) and CAUSE V (Fournier et al. 2018; Gusty and Weimer 2018) experiments.5 Each of these experiments leveraged public safety broadband (PSB) technology in an increasing manner. In CAUSE III, the scenario was a simulated expansive grassland fire area along the borders of Saskatchewan, Alberta and Montana where no communications infrastructure existed. The key technical demonstration was the use of PSB to provide coverage to this remote area by establishing LTE networks in both Canada and the US to provide mobile broadband (cellular) coverage for the incident. This demonstrated a range of 100 km radius from an LTE base station (cell) in the payload of a tethered aerostat raised to approximately 180 m above ground level (AGL). Operational capabilities that were demonstrated beyond push-to-talk voice were real-time GIS-based map applications for enhanced situational awareness, real-time video feeds, and video conferencing. Figure 4 is the system level diagram for the CAUSE III experiment. In CAUSE IV, the scenario was a simulated tornado along the border of Sarnia, Ontario and Port Huron, Michigan. The tornado caused the derailment of a train carrying toxic material, which in turn caused a toxic gas plume and damaged the commercial Telecommunications infrastructure. The experiment temporarily stood up public safety grade mobile broadband (cellular) LTE networks in both Canada

5

The CAUSE I and CAUSE II experiments in 2011 and 2013 did not include a PSBN component and CIRTEC was not fully established until 2013.

210

J. Fournier et al.

Fig. 4 CAUSE III system level diagram

and the US in order to provide broadband coverage to the incident area. The key technical demonstration was service continuity, also referred to as session persistence, where ambulances on both sides of the border were able to carry patients between the two countries while seamlessly handing off from one network to the other and continuously maintaining network connectivity. CAUSE IV was the first time that such a capability had ever been demonstrated worldwide. Operational capabilities that were demonstrated included video conferencing, advanced pre-clearance at the border, automatic vehicle location (AVL) systems, real-time GIS-based map applications and the sharing of Electronic Patient Care Records (ePCR), 12 point EKGs and vital signs transfers delivered in real time over the PSB mobile networks. Figure 5 is the system level diagram for the CAUSE IV experiment. In CAUSE V, the scenario was set in lower mainland British Columbia, Canada and northern Washington State in the United States. The incident was the eruption of nearby Mount Baker and the resulting lahar flows that caused massive devastation to the adjacent lower lands and forced a mass evacuation of people. The experiment temporarily stood up public safety grade mobile broadband (cellular) LTE networks in both Canada and the US in order to provide broadband coverage to the incident area. The key technical demonstrations were wide-scale session persistence, or service continuity that was continuously occurring while experiments participants moved between the PSB networks in each country, and congestion-based session persistence. The latter is different than session persistence where a mobile user moves between two networks, in that in this case, the mobile users are stationary but automatically connect to the Canada or US network depending on which is less congested. This is a very novel and effective method of mobile traffic control during a major disaster of incident. CAUSE V was the first time that congestion-based session persistence

Science and Technology to Enable Mobile Wireless Communications …

211

Fig. 5 CAUSE IV system level diagram

was ever demonstrated worldwide. Operational capabilities that were demonstrated included wide-scale deployment of vehicle and foot-mounted mobile users, video conferencing, advanced pre-clearance at the border, the use of drones and real-time IoT devices, real-time GIS-based map applications that could incorporate multiple layers of information from a variety of disparate sources, and the linking of two such GIS-based map applications to provide a very high level of situational awareness. Figure 6 is the system level diagram for the CAUSE V experiment. In addition to the very important and successful CAUSE experiments, DRDC CSS also conducted a number of PSBN experiments with public safety stakeholders such as the a hazardous material hands-on live experiment with the Ottawa Fire Services and an enhanced communications interoperability experiment using PSBN for the Ottawa Paramedic Service.

5 International Collaboration and Activities The important work of DRDC CSS on PSBN has been widely recognized and accepted internationally and is considered to be at the forefront of public safety broadband communications innovation. This has allowed CSS to establish and grow many strategic relationships both within Canada and internationally. These include

212

J. Fournier et al.

Fig. 6 CAUSE V system level diagram

strong ties in the U.S. with the Department of Homeland Security (DHS), FirstNet, the National Institute of Standards and Technology’s Public Safety Communications Research Centre (NIST PSCR), Texas A&M and a number of other stakeholders. Internationally, CSS has established important relationships with Australia, the UK, the European Union’s BroadCom organization currently planning a pan-European public safety broadband network, and the Global Public Safety Operators Group (GPSOC) made up of over 35 countries worldwide. In virtually all cases, the work of CSS has received high acclaim, been used by the above organizations for their own needs, and in some cases used to architect their own public safety broadband networks. CSS is currently a member of the Texas A&M technical advisory board, a special advisor to BroadCom and a member of the GPSOC. CSS has worked very closely with FirstNet for close to a decade now, while sharing information and assisting each other in devising their own country’s public safety broadband network.

Science and Technology to Enable Mobile Wireless Communications …

213

6 Public Safety Wireless Broadband in Canada—The Work Has Just Begun Since 2010, DRDC CSS has played a very key role in laying the groundwork for establishing a PSBN in Canada with a hope that it is soon implemented. However, as like any other mobile broadband network such as commercial cellular networks implemented by mobile network operators (MNO), the evolution of mobile broadband technology for a PSBN is extremely fast and it is just getting faster. While the PSBN will include 3GPP 4G (LTE) technology, like many parts of the world, MNOs in Canada have begun to roll out the fifth generation of technology (5G) and the PSBN will surely include 5G and all other downstream generations of mobile broadband technology. Table 1 provides a high level comparison of 4G and 5G technologies. The current work of DRDC CSS on PSBN technologies mirrors the previous work conducted over the last decade. For example, an Advanced Wireless Innovation Network (AWIN) (Fournier and Meyer 2018), previously referred to as the Communications Innovation Platform, is in the process of being established. It is similar to CIRTEC in that it is an over-the-air wireless network, but it is based on 4G, 5G and advanced WiFi technologies as opposed to only 4G. Figure 7 describes AWIN at a high level. In addition to this, a series of technical reports is being produced where published reports will be available to the public in the 2022–2024 timeframe. A high level report describes the future landscape of wireless broadband communications for public safety and security. While considering this report, a more detailed report on 5G-enabled use-cases and user requirements for public safety mobile broadband communications is being produced. It considers the introduction of the 5G technology era and its enhanced capabilities, advanced WiFi, and the emergence of the Internet of Things (IoT) in a safety and security context. As a result of this user requirements report, DRDC is also producing a report on wireless broadband communications technologies as they apply to the needs of the public safety and security communities. The report describes the use of 5G and advance WiFi within this context. A parallel report to this investigates the wireless communications technologies that are most likely to carry the data and information to and from IoT devices, sensors and actuators. Table 1 A4G and 5G mobile broadband technologies

Capability being compared

4G Capability

5G Capability

Peak data rate/user data rate

1 Gbps/10 Mbps

20 Gbps/100 Mbps

Latency

10 ms

1 ms

Connection density

100,000 devices/km2

1,000,000 devices/km2

Network efficiency/spectrum efficiency

1x/1x

100x/3x

214

J. Fournier et al.

Fig. 7 Advanced wireless innovation network

The report touches upon a wide variety of wireless technologies intended for use with IoT. A third report assesses the use of the overall IoT ecosystem in the context of public safety and security from both a technical and operational perspective. This report is important given that an initial finding of the authors is that public safety and security communities cannot rely on data and information gathered from singular instances of monolithic IoT networks, but rather, must consider the data and information gathered on multiple instances of IoT networks, where the data and information is then aggregated and fused into usable structured information for safety and security purposes. In support of this, DRDC CSS has devised the term Internet of Heterogeneous Things (IoHT) in order to distinguish it from generic IoT. Yet another report that is by far the most important investigates future wireless connectivity and mobility in a diverse wireless broadband landscape while considering the specific communications needs and challenges of public safety and security users versus commercial user needs. More and more, wireless users are connecting to not only a small number of networks instances over the course of a day, but to an ever increasing number of network instances spanning multiple wireless access technologies. In such a complex environment, a critical need of public safety and security users is to be able to connect, and maintain uninterrupted connectivity at all times, regardless of how complex the wireless communications landscape becomes. This is known as service continuity and session persistence, where a public safety user continuously

Science and Technology to Enable Mobile Wireless Communications …

215

moves from one wireless technology to another, and one network to another while maintaining connectivity. This report identifies a number of gaps that will potentially pose challenges to seamless wireless connectivity and mobility, and suggest solutions to these gaps where possible. Finally, in staying consistent with the successful model that DRDC CSS has followed over the last decade, an advanced public safety broadband cross-border experiment is being planned that will make use of the AWIN infrastructure and capabilities. Similar to the previous CAUSE series of experiments, the Advanced Communications Experiment (ACE) will make use of 5G and advanced WiFi technologies to temporarily establish mobile broadband networks in both Canada and the US in response to a major disaster. During the experiment, a wide range of experiment participants will be able to move freely from one country to the other while maintaining continuous, uninterrupted connectivity while moving among multiple networks. The experiment will also feature the use of autonomous vehicles, drones and real-time IoT in order to emphasize the critical importance of session persistence in the emerging mobile broadband build out worldwide. The experiment will take place in the 2024 timeframe.

References Beyond the Border (BTB) Action Plan (2011). [Online]. Available: https://www.publicsafety.gc.ca/ cnt/brdr-strtgs/bynd-th-brdr/ctn-pln-en.aspx. Accessed 3 Jul 2022 Canadian Police Research Center (2000) Canadian police research center 1999–2000 annual report, ISBN 0-662–65060-3. Canadian Police Research Center (2008) Communications interoperability technical report: setting a voice interoperability roadmap: summary report from the Canadian interoperability technology interest group national workshop, TR-20–2008 Canadian Radio-television and Telecommunications Commission (2022) Current trends—mobile wireless, [Online]. Available: https://crtc.gc.ca/eng/publications/reports/PolicyMonitoring/mob. htm. Accessed 15 Jan 2022 Dawe P et al (2015) Canada-US enhanced resiliency experiment (CAUSE III), northeastern scenario after action report, Defence Research and Development Canada/Department of homeland Security Dawe P, Gusty D et al (2017) Canada-US enhanced resiliency experiment (CAUSE IV)—binational after action report, Defence Research and Development Canada/Department of Homeland Security Defence Research and Development Canada (2011) Terms of reference—project management team: 700 MHz Canadian public safety interoperable mobile broadband wireless data communications network, un-published, PS-SP N416271 DRDC Center for Security Science (2011) From concept to capability—collaborative science and technology for public safety and security, ISBN 978-1-100-18599-6 Fournier J, Lucente C (2017a) Implications of service delivery model options on interoperability and operational efficiency in a public safety mobile broadband network, Scientific Report, DRDCRDDC-2017a-R038 Fournier J, Lucente C (2017b) Public safety broadband network use-case—wildland-urban interface fire, Defence Research and Deveo Fournier J, Lucente C (2017c) Implementation models for a public safety broadband network, DRDC-RDDC-2017-L121

216

J. Fournier et al.

Fournier J, Lucente C (2017d) Public safety broadband network use-case—wildland-urban interface fire, Defence Research and Development Canada, DRDC-RDDC-2017-R116, Ottawa Fournier J, Lucente C (2019) Long term evolution (LTE) interoperability across borders, Mission Critical Communications Fournier J, Meyer S (2018) Communications innovation platform for public safety and security, Defence Research and Development Canada, DRDC-RDDC-2018d-L264, Ottawa Fournier J et al (2016) Canada-US enhanced resiliency experiment series (CAUSE III): western scenario—wireless communications interoperability, Defence Research and Development Canada, DRDC-RDDC-2016-R047, Ottawa Fournier J, Lucente C, Pagotto J, Charlebois D (2017) Bandwidth requirements for day to day operations on Canada’s 700 MHz public safety broadband network, Defence research and development Canada, Scientific Letter, DRDC-RDDC-2017-L130 Fournier J et al (2018) Canada-US enhanced resilience experiment (CAUSE) V—public safety broadband wireless communications, Defence Research and Development Canada, DRDCRDDC -2018b-R239, Ottawa Fournier J, Lucente C, Meyer S (2019a) Public safety broadband network—use cases and user requirements, unpublished DRDC Report Fournier J, Lucente C, Skidmore D, Samson L (2019b) Public safety broadband network—network architecture description, Scientific Report, DRDC-RDCC-2018-R236 Fournier J, Lucente C, Skidmore D, Samson L (2019c) Public safety broadband network, technical considerations on interoperability, Defence Research and Development Canada, Scientific Report, DRDC-RDDC-2018-xxxx Fournier J, Lucente C, Skidmore D, Samson L (2019d) Public safety broadband network, technical considerations on security, Defence Research and Development Canada, Scientific Report, DRDC-RDDC-2018-R240 Fournier J, Lucente C, Skidmore D, Samson L (2019e) Public safety broadband network, technical considerations on operability, Defence Research and Development Canada, Scientific Report, DRDC-RDDC-2019e-R024 Gusty D, Weimer G et al (2018) Canada-US enhanced resiliency experiment (CAUSE V)—after action report, Defence Research and Development Canada/Department of Homeland Security Innovation, Science and Economic Development Canada (2017) Decisions on policy, technical and licensing framework for use of the public safety broadband spectrum in the bands 758–763 MHz and 788–793 MHz (DBlock)and 763–768 MHz and 793–798MHz (PSBB Block), SMSE-014-17 Keshta N, Morgan Y (2018) Public safety grade mobile application management framework (PSGMAMF), Defence Research and Development Canada, DRDC-RDDC-2018a-C203, Ottawa Lafond E, Lucente C (2012) 700 MHz project management team—technology track: developing the network architecture for the public safety mobile broadband network, un-published Lucente C (2011) 700MHZ spectrum requirements for Canadian public safety interoperable mobile broadband data communications, DRDC CSS CR 2011-001 Pagotto J, Scribano G, Cayouette R, Braham S, Gurnick J, Auger C, Laflond E, Fournier J, Doumi T, Lucente C, Dixon M (2013) Public safety broadband network architecture description, DRDC CSS TR 2013–009 Public Safety Canada (2011) Communications interoperability strategy for Canada, ISBN 978-1100-17577-5 Public Safety Canada (2013) Communications interoperability action plan for Canada, ISBN 9781-100-22280-6 Public Safety Canada (2022) Government of Canada continues research and targeted engagement on implementation models for a potential Public Safety Broadband Network," 19 May 2017. [Online]. Available: https://www.canada.ca/en/public-safety-canada/news/2017/05/govern ment_of_canadacontinuesresearchandtargetedengagementonimpl.html. Accessed 30 Jun 2022 Public Safety Canada (2019) Progress report on a national public safety broadband network, ISBN: 978-0-660-31614-7

Innovation—Way Ahead

Information Mesh Concepts in Support of Multi-organizational Interoperability Daniel Charlebois, Glen Henderson, Fraser Moffatt, and Bruce Carruthers

Abstract Information is central to the decision making processes that allow organizations to meet their strategic objectives. Organizations types span public and private industry, military, public security and safety, as well as academic. In most organizations, information sources can be internal but are generally external and include a stakeholder community that impose information handling requirements that can affect the exploitation of the information. Over the years, many protection mechanisms have been implemented. These mechanisms generally rely on cryptographic solutions applied by end-users. An information mesh provides a framework within which access management, protection, trust and chain of custody can be achieved. In addition, such a framework addresses authorship, ownership, custodianship and sovereignty challenges. This chapter provides an introduction to the concept of information mesh that abstracts away information technology and introduces information management in the context of a multi-organizational information sharing ecosystem. Keywords Information mesh · Information management · Information sharing · Information protection · Information assurance · Information sharing and safeguarding

D. Charlebois (B) · F. Moffatt Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, ON, Canada e-mail: [email protected] F. Moffatt e-mail: [email protected] G. Henderson · B. Carruthers Cord3 Innovations, Ottawa, ON, Canada e-mail: [email protected] B. Carruthers e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_12

219

220

D. Charlebois et al.

1 Introduction Knowledge is of two kinds: we know a subject ourselves, or we know where we can find information upon it.—Samuel Johnson

When considering the information age, we live in a world of abundance. The prevalence of information, the variety and richness of data sources and the ability to connect to a vast digital infrastructure has turned information into a prime commodity in our daily existence. This is just as true for organizations as it is for individuals, meaning that industry, governments and military agencies must now consider information as a key strategic asset in the attainment of their organizational mandates. Increasingly, an information advantage posture can only be sustained through collaboration with partner agencies and nations. The UK Ministry of Defence’s Integrated Operating Concept (UK Ministry of Defence 2021a) asserts that a whole-ofgovernment response, alongside NATO and like-minded partners, will be a vital part of improving the understanding, and addressing the challenges, of managing conflict escalation. Similarly, the RCMP’s Digital Policing Strategy (Police and (RCMP) 2020) observes that the borderless nature of modern crime emphasises the necessity for cooperation and communication with partners and that more efficient digital methods of exchanging information with law enforcement partners and delivering services are needed. More recently, the COVID-19 pandemic has shown the need for global scientific collaboration. Timely, accurate and coordinated information sharing is emphasized in the International Health Regulations (IHR) (World Health Organization 2021), the overarching international legal agreement guiding response to health emergencies coordinated through the World Health Organization. Faced with universal recognition of the benefits and necessity of multi-agency cooperation, why do effective information sharing practices remain elusive? Encouraging the adoption of multi-national agreements requires a process to build trust that mitigates the potential and perceived risks of sharing information (Lencucha and Bandara 2021). Barriers to establishing sharing agreements that are founded upon trust relationships stem from a range of causes. Barriers to information sharing Political

Information sharing is politically charged, and the international response to contentious issues such as disease outbreaks and social unrest have exposed deeply entrenched politics of fear and national self-interest

Bureaucratic

Organizations of all types have practices and procedures which, intentionally or not, limit the flow of information. In China during the SARS crisis of 2003, bureaucratic norms such as not having personnel authorized to open reports marked “top secret,” purportedly caused a three-day delay in transmitting information to the provincial authorities (Huang 2004)

Technological

There is a challenge to achieving alignment across multi-partner sharing communities in terms of data formats, data exchange mechanisms and data protection methods

Information Mesh Concepts in Support of Multi-organizational …

221

However, the main challenge to effective information sharing is cultural. Historically, information systems have been built upon the perceived need for strong perimeter defences which generate siloed enclaves through which it was difficult, by design, for data to flow. This traditional view placed the value of protecting information over the sharing of data. As a consequence, the digital landscape is represented by innumerable data fortresses separating nations, agencies and departments. While many departments have been able to achieve success in adopting technologies that support the movement of data within and between organizations, the strategic shift to community-based information sharing has yet to be realized. In effect, we have an emerging need for increased data interoperability and are trying, unsuccessfully, to map a new model of information governance onto a technology stack for which it was not intended. Bringing information architectures into the modern age requires a new approach to information governance that balances the often-divergent priorities for protecting information and sharing information. Before envisaging a new approach to information governance, it is necessary to review and refine some concepts in information security to reflect the new and evolving expectations that are being placed on modern information architectures. Information Governance is the obligation of an organization to be accountable for the responsibility that has been conferred as a holder of information assets. Typically, governance is measured at the highest levels of an organization, where compliance with legislation, regulations, procedures, practices and policies must be maintained with a high degree of integrity and visibility. Acting as stewards of public, private or otherwise sensitive information assets, governance is the act of protecting those resources on behalf of stakeholders. Information Assurance is the selection, deployment, configuration, operation and monitoring of tools that support the information governance mandate. While accountability for adhering to governance directives is held at the higher levels of the organization’s structure, practices and processes that impact governance occur throughout the organization. Information assurance tools must ensure that policies enacted by the organization are enforced and auditable in all operations that touch on information assets. The adherence to those policies must be demonstrably provable to provide auditors with evidence to verify organizational compliance. Information management is the practices, procedures and services that support the creation, refinement, sharing and destruction of information assets; that is, the curation of digital assets throughout their life cycle. Information management can be seen through two distinct lenses.

222

D. Charlebois et al.

Operational information management Operational information management supports the efficient use of information through discovery, searching, indexing, linking and analysis of data artifacts. In essence, this form of information management is the answer to the question: “Can I find the information I am looking for?” Security information management

Security information management enforces the controlled access, protection and auditing of digital assets and supports information assurance practices. In contrast to Operational Information Management, this form of information management is the answer to the question: “Am I allowed to see the information I am looking for?”

As will be discussed in this paper, the effective operational information management is primarily a technology challenge with solutions that can be delivered within the information technology (IT) domain. Traditionally, ensuring the security of information has also been deployed through the IT domain. It is one of the key tenets of this paper that meeting the challenges of emerging technological threats requires an approach which delivers Information Management (IM) in a manner that is separate and isolated from the IT domain. In presenting the need for a new approach to information management, specifically an approach that supports improved information governance, enforces information handling requirements, and promotes the sharing of information, it is useful to examine some real-world usage scenarios.

1.1 Use Case: Multi-jurisdiction Policing One such example is policing in multi-jurisdictional environments. For example, the National Capital Region1 (NCR) presents a complex law enforcement challenge due to the involvement of many levels of policing services, international presence in the form of embassies, the city’s role as the host of the nation’s political center and the need to promote a free and open urban space. The geopolitical situation within the NCR means that a significant number of police and protective services are present and each is mandated to do their work close to partners who are each subject to the limits of their respective jurisdictions. To the credit of these policing agencies, cooperation between services in this complex environment has been generally effective when responding to security incidents. This is due in no small part to:

1

The National Capital Region (French: Région de la capitale nationale) is an official federal designation for the Canadian capital of Ottawa, Ontario and is often used to describe the Ottawa–Gatineau metropolitan area.

Information Mesh Concepts in Support of Multi-organizational …

223

• Clear instructions and chain-of-command practices to address issues of jurisdiction; • The establishment of organizational interactions on a foundation of personal relationships; and • Successful interoperability at a technological level using a common set of policing tools and consistent training of officers on how to use those tools The current security environment is characterized by the fact that the usual detection mechanisms are hardly able to anticipate actions carried out by small groups or individuals acting in isolation. As a result, the police response to a Critical Incident (CI) will likely take place in the absence of a full situational assessment from the criminal intelligence community. Responders will, therefore, have to rely on immediate in the field reactions. This was precisely the situation experienced during the armed assault on the Parliament of Canada in October 2014 where traditional intelligence and the use of indicators and warnings were not able to keep up with the speed at which the crisis evolved. When faced with this need for an immediate and coordinated response to an unfolding CI, a multijurisdictional partnership requires a system that supports the dissemination of strategic, operational and tactical information. As previously stated, the barriers to inter-operability are not technical in nature, rather, they revolve around issues of governance and information handling. An information sharing capability that can achieve the needed level of trust, in the same way the current model places its trust in people and personal relationships, will support the strategic objective of collaboration and intelligence sharing. The pace at which CIs unfold, given the speed at which new information is created, must also be commensurate with the tools used to affect a combined response. As stated in the DRDC report: Multijurisdictional Police Operations For Critical Incidents And Critical Incident Response Structure (Tremblay et al. 2021b). Information flows on social media instantly, senior echelons have to be able to quickly communicate with their subordinates, governmental officials, and the public. Then again, this requirement must be fulfilled without placing undue pressure on those actively involved in the conduct and the command functions during the response to a CI.

While it is recognized that an immediate and efficient response to a CI is the primary concern of each police service, the relevant federal and provincial jurisdictions and their accompanying laws and regulations must be respected and considered. In other words, during a crisis there is no time to review sharing agreements and define information exchange requirements. As the crisis unfolds, adding additional processes to support information sharing will have a detrimental impact on the effectiveness of the response and will clearly violate the need to not place undue pressure on response teams. Consequently, a system that supports inter-agency collaboration must have governance models that: • Are defined and agreed upon by all agency partners in advance of a crisis; • Provide the necessary level of trust between partners; and

224

D. Charlebois et al.

• Are directly instantiated into tools that operate at the information management layer. Examples of information management tools that can embed governance models into information flows are: • Electronic Information Sharing Agreements (eISA): formalized expressions of information exchange requirements that describe the conditions under which specific classes of information assets can be shared with partner agencies. • Data Centric Security (DCS): an approach to information security that protects each information asset individually and applies a common set of access control policy rules across all data types and applications. These two IM tools can work symbiotically to provide governance over the flow of information both within an agency and between partners in a multi-agency environment. Recognizing the challenges to attaining an improved level of partnership, policing agencies in the NCR have set a goal to achieve effective interoperability, create organizational and professional relationships, develop a common understanding of challenges, and to continue to build trust. This goal can be achieved through the development of Information management tools that enforce three key themes: • Achieving interoperability at a strategic level as a foundation for sharing partnerships; • Supporting governance and a universal understanding of information handling requirements; and • Establishing and maintaining trust between agencies, members and the public.

1.2 Use Case: Disclosure of Evidence The disclosure to the defence of evidentiary material obtained during a criminal investigation is fundamentally important to ensuring a fair trial. This includes material that the prosecution may or may not use in the pursuit of a conviction. However, the disclosure process has become less effective over time due to: • The sheer amount of information that is generated during a criminal investigation; and • the wide variety in the nature of that evidentiary information. In moving to the digital age, leveraging technology to deliver trial evidence has introduced trust, integrity and comprehensiveness challenges to a key aspect of the judicial process. Cases that collapse or are stayed and convictions that are quashed because of serious deficiencies in disclosure are unfair to the complainant, the defendant and they undermine public confidence in the administration of criminal justice.

Information Mesh Concepts in Support of Multi-organizational …

225

It is clear that investigators and prosecutors are facing an unprecedented challenge in dealing with the ever-increasing amount of digital material presented to them. Modern investigations into major criminal offences like serious fraud, counter terrorism or organised crime have always involved large quantities of data. However, what is being experienced in the most complex cases today is that the volume of relevant data is increasing, forcing the adoption of new capabilities like cloud storage and encryption to keep up with that need. On the investigations side, there is concern that digital forensic work takes too long, resulting in delays in charging decisions and bail hearings. It also means that critical forensic evidence like smartphones or computer analysis does not get reviewed, served or disclosed until close to the trial. This work could be turned around much faster if the investigators and lawyers had a clear, focussed and agreed upon strategy on how digital evidence can be requested and shared. Such a strategy must take into account the information handling requirements, specifically chain-of-evidence assurance, that support the judicial process. In addition, much of the investigation process relies upon lawyers and investigators to be aware of the legal implications of their requests. An information management system with embedded safeguards that ensures that the flow of information is in accordance with governance policies, such as personal data material, will reduce the chance of prosecutorial errors during the investigation phase. Applying governance at the IM level emphasises the importance of ascertaining that informed agreement to disclosure has been given, and that complainants and witnesses are aware that disclosure is to be made before this happens. In effect IM governance details the responsibilities of each party at each stage in the disclosure process to ensure that data material is properly handled and redacted to avoid excessive and collateral intrusion. Disclosure is a systemic issue across the whole of the criminal justice system, and there are important roles for the police, the prosecution, the defence and the court in ensuring it is done properly. An additional concern is the consistency of the disclosure process. In the Canadian justice system, defence counsel must be provided with prosecution packages; that is, a complete set of evidentiary information collected by the investigation and prosecution teams. Currently, these packages are custom created for each legal defence team with each team requesting information its own desired format. This requirement to create customized prosecution packages not only represents a significant work effort but introduces the possibility of errors and omissions, negatively impacting the resulting legal proceedings. In the UK, this challenge has been addressed through the publication of National Disclosure Standards (Council 2018), a formal set of procedures and content schedules to formalize the disclosure process. This standard emphasizes the quality and content of disclosure schedules and a third party material protocol and national forms and correspondence for the handling and recording of third party material. Maintaining public confidence in the judicial process requires an effective approach to evidence disclosure. In the digital age, supporting the disclosure process means introducing a new set of information management tools that can:

226

D. Charlebois et al.

• Deliver evidence packages in a timely manner; and • Achieve the required level of trust, both in terms of: – Chain-of-evidence: A process and record that shows who obtained the evidence; where and when the evidence was obtained; who secured the evidence; and who had control or possession of the evidence; and – Chain-of-custody: The chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Additionally, the proposed information management tools must be able to support the standardization of information exchanges so that the requests for and response to investigation data and trial evidence is done in a consistent manner across all levels of the judicial process.

2 Achieving Interoperability The use cases described above each identify the need for interoperability in the exchange of information to support coordinated action. Interoperability, as a concept, touches upon many aspects of organizational behaviour, from the prioritization of strategic activities to the selection and deployment of core technologies. An examination of the need for interoperability can be performed at many levels (Fig. 1). Strategic level: Every organization has a mandate that justifies that organization’s existence and defines its responsibilities. For an organization such as the RCMP, Fig. 1 Tiered model of security and governance

Information Mesh Concepts in Support of Multi-organizational …

227

their mandate is defined by a need to protect the public and uphold the law. Effectively meeting their mandate in the age of digital policing requires engagement with community and policing partners. Meaningful exchanges with partner agencies provide officers with access to collaboration, situational awareness and support systems that allow the RCMP to become a more effective policing force. Governance level: To meet its mandate, organizations are granted the right to collect, access, hold, distribute and share information. However, legislation and guidelines are imposed upon those organizations to ensure that the information is used responsibly. Interoperability has a role to play: to ensure that information exchanges between agencies can be demonstrably shown to adhere to governance laws. What is more, interoperability tools should proactively work as part of the information exchange process to enforce compliance, thus reducing the opportunity for accidental or malicious disclosure. Policy level: For most organizations, what information needs to be shared changes as events unfold in the real-world. In this respect, the security policy state, that is, the active set of policy rules that determine what information can flow between organizations, is dynamic in nature. Whether discussing medical intervention, policing activities or emergency response, at times the impact of not sharing information can be more detrimental than the decision to protect and limit the flow of data. As a result, any approach to interoperability must take into account the need for real-time changes in the sharing agreements within a partner community. It is important to note, however, that changes to the policy state must still adhere to the controls and monitoring standards required of proper governance. Identity level: In all decisions to share information, there is a critical need to know who is sending or receiving information. Whether this sharing actor is a person or an organization, the ability to verify partners’ identity will determine which sharing policies apply and what classes of information can be shared. Additionally, knowledge of where and how the sharing partner is accessing the information can greatly influence the degree to which an organization can share while maintaining its own governance mandates. For example, a doctor may be able to receive private health records when accessing data through a secured hospital network domain, but under normal conditions that same doctor will have more limited access via a smart phone. Technology level: Interoperability clearly relies upon a technology layer over which information exchanges actually takes place. Facilitating interoperability, therefore, requires the deployment of technologies that can provide information exchange while supporting the high-level drivers of interoperability, for example: • By providing a robust and resilient data delivery mechanism; • By embedding trust into the information exchanges, such as data protection and identity management; and • By supporting standardized data formats and data request/response protocols to establish a common language of expression between sharing partners. Inter-agency information sharing becomes achievable when these five levels of organizational activity are integrated from an interoperability perspective.

228

D. Charlebois et al.

3 Information Technology as Enabler and Disabler Before expanding upon the nature of information sharing and interoperability, it is important to recognize that there are two separate domains in the digital world: Information Technology (IT) and information management (IM). Currently, the delivery of information via technology is so ubiquitous that it can be difficult to consider these as separate concepts. It is not incorrect to say that the information age was ushered in with the advent of new information processing technologies, but the management of information itself far pre-dates the rise of computing and mass communication. Historically, information was a physical asset to be managed, such as filing cabinets and mail systems. As a physical asset, it was much easier to enforce business flow practices over the use and sharing of information. To ease technology adoption, digital applications were often modelled on their physical counterparts: electronic filing systems and email. This transformation from the physical to the digital was exceptionally successful; for the majority of users, business practices such as record management and office communication are now primarily seen through the lens of technology. While the IT domain, composed of computing assets, data services, and communication protocols, is well understood, the IM domain is more nebulous. Simply stated, the IM domain includes two key elements: 1. Effective use of information that allows organizations to meet their mandate; and 2. Governance controlled sharing of information, both inside and outside the organization. Of these two elements, it is the degree to which an organization can secure and share digital assets that determines how inter-agency cooperation and coordination will succeed. Attaining effective information management is expressed as the degree to which an organization aligns with its information governance mandates. Information governance, as previously defined, is the set of rules, regulation, procedures, and practices that must be exerted over the handling of information assets and content. Information governance is typically expressed as formal statements, such as Health Insurance Portability and Accountability Act (HIPAA) (U.S. Department of Health and Human Services 2021) and the Generalized System Preferences (GSP) (Negociator and “GlobalNegociator” 2021), and may be both internally generated and imposed from the outside. To achieve compliance with governance mandates, organizations must impose information management practices to their information technology systems. There are two strategies that can be applied: • Through Information Technology Management, that is to use existing IT capabilities to enforce the required IM governance protections (e.g., firewalls, intrusion protection systems, user behaviors analytics); and • Through Information Management Technology, that is, to deliver new IM capabilities that are deployed in the IT space (e.g., role-based access controls, cloud access security brokers)

Information Mesh Concepts in Support of Multi-organizational …

229

Both approaches present challenges that have resulted in limited effectiveness in achieving proper IM.

4 Harnessing the Dark Web As previously stated, a new approach to information management is needed that can connect a diverse set of partners in an information sharing environment. The tools upon which this community is built must support governance practices and embed trust into the sharing model. Most importantly, these tools must not rely upon untrusted infrastructure to deliver this capability, supporting the separation of information management from the underlying information technology space. Interestingly, a solution that encompasses many of these principles has already been developed: the dark web. One can conceive of the Internet as hosting a number of distinct webs: The Open Web which acts in the public community space and consists of everything that is accessible, searchable and indexable in the public domain. This is the web that most people think of when they envision the World Wide Web.

The Deep Web which is usually accessible through the Open Web but requires authentication to access protected content. For example, when users perform online banking, they are accessing private information which resides in the Deep Web. Deep Web data artefacts are not exposed or shared with the public community. Interestingly, most information accessed through the Internet comes from the Deep Web. The Dark Web is unlike the prior webs in that it is not accessible to the public but rather encompasses a closed community: only those that are able to find the dark web. The dark web is delivered through existing network connectivity but uses technology techniques to establish its closed community. As shown in Fig. 2, the Dark Web is established through virtual traffic tunnels: randomized network infrastructure based on the Onion Router (TOR) project (TOR Project 2021). Sites on the deep web also use TOR or the Invisible Internet Project (I2P) to remain anonymous. In effect the Dark Web becomes a ‘web upon the web’ where hidden sites are only accessible to specialized browsers and people with the

230

D. Charlebois et al.

knowledge of how to use them. The deployed Dark Web services a hidden community that is focused on anonymity and privacy. On the surface, a Dark Web approach to information sharing would seem to provide a solution to the need for infrastructure-independent, closed communities. However, upon closer inspection the Dark Web model fails to provide some key aspects for true IM governance. The perceived strengths of the Dark Web, namely, user anonymity and untraceable services are valued by the Dark Web community, but these strengths are a double-edged sword: the Dark Web can be used to evade censorship and thus can be used for illegal activity. It is home and origin of some of the most pernicious malware and is therefore a dangerous place for the unsuspecting user community. In the age of misinformation, the anonymous nature of the Dark Web makes it the realm of the conspiracy theory. The weakness of the Dark Web is its lack of central management, although ironically participants on the Dark Web would consider that to be one of its key strengths. In looking for an information sharing solution that supports governance models, a lack of management has significant implications to its community. Anonymity implies there is no method to verify the source of information and, hence, the provenance of data assets cannot be established. Without provenance, there is no self-correcting behavior that can reassert confidence in material hosted in the dark web: correct, incorrect, trusted, and untrusted data collects and mixes over time resulting in and

Fig. 2 The dark web

Information Mesh Concepts in Support of Multi-organizational …

231

overall trend that minimizes the value of the Dark Web as an information sharing space. This is not to say the Open Web does not struggle with issues of trust. It is easy to find examples within the Open Web that exhibits the same lack of trust characteristics: • Data may be verifiable and wrong, for example, official government sanctioned statements that turn out to be based on incorrectly applied science; and • Data may be unverified and right, for example, unsourced or anecdotal reports that reveal factual observations Hence, information scientists usually evaluate information based on its: • Veracity: to degree to which a piece of information reflects truth; and • Provenance: the degree to which the origin of a piece of information can be ascertained When organizations must provide provenance over the information they share, they have a vested interest in ensuring that that information is correct and accurate. In this way, sharing environment that mandate a high degree of provenance over the information that is shared have a built-in self-correcting mechanism that, over time, improves the quality of the information shared through this space. The Dark Web, lacking any form of provenance, does not have this self-correcting nature. In summary, an information management approach to information sharing needs to draw upon many of the characteristics described in the web models defined above. An ideal solution will combine the: • searching and discovery capabilities of the open web, • the control over what data is shared in the manner of a deep web; and • the closed community reflected in the dark web. Currently, no information sharing model includes all the identified requirements. That is, no sharing model consistently: • Leverage existing IT without the need to rely upon that IT to ensure the confidentiality and integrity of data; • Mandates provenance over all data that is shared within its environment; • Has a self-correcting nature; and • Has no centralized management or overarching authority. The last point is particularly significant; each sharing partner within the information exchange environment must be able to control access to and sharing of data for which they are the owner. Partners must be free to assert their own governance controls without interference from external authorities in the sharing community.

232

D. Charlebois et al.

5 Turning Away from the Dark Side Trust me, Wilbur. People are very gullible. They’ll believe anything they see in print. (White et al. 1952).

E.B. White presaged the danger of the dark web in his children’s novel Charlotte’s Web. Even in a closed community, an information sharing environment becomes the realm of untrusted data if there is no requirement for data owners to stand behind the information they are sharing. We propose a new information sharing environment which layers additional information protection, governance and assurance features on existing web fabrics. This new web fabric, known as the TrustedWeb in this paper, builds on the strengths of existing sharing models but uses a deployment and assurance model to address the defined need for greater governance. To the information sharing community, the TrustedWeb adds the following capabilities. Harnessing Zero Trust Infrastructure: The granularity and security of the TrustedWeb is at the individual information asset level. This means that all Open System Interconnection (OSI) model layer constructs such as networks, sessions and packets should be abstracted away when viewing the exchange of information within this web fabric. The objective is to protect the information itself rather than the environment over which the information is exchanged. When security travels with the data, rather than being provided as part of the transportation, it no longer becomes necessary to trust the infrastructure that that moves data around. This is the realm of Zero Trust Networking (ZTN) (National Institute of Standards and Technology 2020) and supports the development of robust and resilient information networks. Data no longer need to find the best secure path to its destination because the asset is its own secured object. The TrustedWeb is, therefore, fully able to support diverse links, degraded environments, redundant routing mechanisms and even contested/hostile networks. This represents one of the key concepts of moving towards information-centric sharing communities: the delivery of data is independent and abstracted away from the infrastructure on which the data travels. By separating information management from information technology, the fabric is independent of specific technology implementations. There is still the need for information-level technology that can build and maintain this fabric, although in this case the fabric is less focussed on connections and sessions and is more concerns with the relaying of messages and data between partners. The fabric, in this case, is defined by the following capabilities: • It must work at the message level; • It must support identity management (authentication to join the sharing community); • It must support the flexibility to send messages to individual, group or all community participants; and • It must provide participants with the ability to listen for messages directed to them from other community members.

Information Mesh Concepts in Support of Multi-organizational …

233

What is proposed is an Information Mesh architecture. In such an architecture, participants are connected as peers and have the ability to route information between mesh participant members. Mesh architectures have been successfully built using the publish/subscribe model adopted by message broker solutions. A message broker is a software-based service that enables applications, systems, and services to communicate with each other and exchange information. In order to provide reliable message storage and guaranteed delivery, message brokers often rely on a substructure or component called a message queue that stores and orders the messages until the consuming applications can process them. Within the message queues, messages are stored in the exact order in which they were received and remain in the queue until receipt is confirmed. Figure 3 shows a deployed mesh architecture in action. Individual information sharing partners connect to the mesh infrastructure via an available message broker. Messages are transmitted to sharing partners via the message brokers and Message brokers work together to provide robust and scalable message delivery. Message brokers can provide a rich messaging environment with a high degree of control over how messages are handled: • Point-to-point, topic-based, publish/subscribe and general broadcast message delivery models; • Durable messages that are retained until the recipient node is online versus transient messages that are dropped if the recipient is not available; • Quality of service (QoS) options to escalate priority of specific messages; and

Fig. 3 Multi-partner information mesh

234

D. Charlebois et al.

• Mandatory or optional message delivery acknowledgement. The robustness of the delivery model supports a highly resilient messaging fabric. Attestation of Actors and Provenance of Data: Two key concepts in Information Assurance (IA) are attestation and provenance. Attestation

Attestation is the formal proof of a statement. When an individual or organization connects to the TrustedWeb, their identity must be certified. Any information requested or returned from the TrustedWeb must be attributable to the specific identity that created it. Conceptually, attestation pertains to users’ interactions with data assets

Provenance

Provenance, in this context, is the ability to determine and verify the record of ownership for digital assets and ensure that the information has not been altered post-disclosure to the TrustedWeb. Conceptually, provenance is a persistent attribute that is bound to and travels with data assets themselves

These two aspects of IA have a significant impact on how data shared within an information mesh can be achieved. Firstly, organizations and individuals must authenticate to the mesh to join the sharing community. This ensures that all data requests/responses can be attributed to a known organization. Secondly, each data asset will be individually protected with its own unique key. When such keys are only available to members of that community, it can be ensured that the data that is shared can only have come from and be read by members of that community. This approach that protects data itself, rather than protecting the transport mechanism over which data is exchanged, is not an entirely new concept. It is, however, a clear demonstration of the shift away from the traditional model of IT focussed information protection. Specifically, it is a perspective on information protection and assurance that attempts to make data safe for the environment rather than making the environment safe for the data. An experienced information security specialist may balk at the notion that protecting data is a novel concept when Public Key Infrastructure (PKI) has been a central element in the security architect’s toolkit for over 25 years. The reality is that PKI suffers from technological and governance issues that remain unsolved and threaten to make asymmetric cryptography unviable as a security solution in the near to mid-term. • The advent of quantum cryptanalysis will render all existing public key cryptographic algorithms (and any information protected with those algorithms) vulnerable to disclosure (Weissbaum 2017); • PKI requires an overarching infrastructure which is cumbersome to manage and exposes its community to potential threats; • PKI, as a model, works best when protecting data point to point. It is less effective at protecting data for dynamic communities where membership is fluid in nature; and • PKI is computationally expensive and incurs performance penalties when exchanging information.

Information Mesh Concepts in Support of Multi-organizational …

235

A proposed approach is to leverage symmetric cryptography to protect information exchanges within and between sharing communities. Symmetric cryptography is resilient in the face of emerging quantum threats and does not incur the performance penalties associated with asymmetric key generation algorithms. However, a mechanism for distributing symmetric keys within and between information sharing partners is needed, specifically, a mechanism that does not require a trusted, hierarchical key distribution infrastructure. Such symmetric Key Infrastructures (SKI) have been developed (Henderson et al. 2018), are ideally suited for multi-partner sharing infrastructures and represent a new direction for post-quantum cryptographic solution. Data Standardization: As identified in the disclosure use case, developing and leveraging agreed upon data standards will simplify the information exchange process, ensure there is no loss of fidelity in the data request/response cycle and ensure that information requests are evaluated in a manner that support the information assurance and data handling requirements. The need for data standardization has been a common theme in the development of inter-operable systems. In the US, the National Information Exchange Model (NIEM) (NASCIO Enterprise Architecture and Governance Committee 2021) was developed in response to a clear need to overcome the challenges of exchanging information across state and city government boundaries. The model is a standards-based approach that provides diverse communities with a set of common, well-defined data elements for data exchange and harmonization to advance their individual missions. A national program, NIEM is supported by and used within all levels of government for a broad set of missions including but not limited to justice, homeland security, international trade, human services, and cyber. Robust communities of practitioners use NIEM to ensure that when information is exchanged between various systems, it is standardized and commonly understood for quicker and more effective use. The NIEM Community includes domains and communities of interest (COIs) that represent a large, diverse user base. NIEM domains are formally established communities with executive stewards to represent the stakeholders, governance, and data model content oriented around their respective business needs. Domains manage reusable, community-specific content in the model and participate in NIEM governance at large. Each domain represents individuals and organizations that cut across all levels of government, industry, and the international community. Additionally, established data standards for security metadata have been developed that can define the security attributes and handling instructions for exchanged data assets. These security metadata standards, such as those developed by NATO for multi-national collaboration environments, define both the syntax and the binding requirements that link security metadata to the data it references (North Atlantic treaty Organization 2017, 2018). The application of data standards in a multi partner sharing environment means that organizations can interoperate with the community without the need to adopt those standards internally. That is, organizations can translate information request received from the partner community into internal representations of that request and

236

D. Charlebois et al.

format the responses into a community recognized form. This freedom to use data standards for interoperability, while maintaining their own local data expressions, provides eases the path towards community engagement. Data Centric Security (DCS) The use cases described in this paper demonstrated the need for governance over how information is created, used and shared. Specifically, the ability to apply protection at the level of data assets themselves and to apply a single unified security policy to how information is handled supports organization requirements for information handling. The core principles of DCS make individual data assets the central focus of policy and protection (Charlebois 2016; Object Management Group 2019). This means that security must travel with the data: each asset is uniquely encrypted with its own unique key and all information needed to retrieve that key travels with the data asset. That asset now becomes decoupled from the infrastructure in which it is stored. A compromised IT administrator cannot access the assets’ content through the use of privileges IT credentials since the data protection is not applied through IT services. Similarly, data cannot be accidentally disclosed by moving it to a more accessible location since the security travels with the data, regardless of whether the asset is stored locally or in the cloud. Another key principle of DCS is that security metadata is bound to individual assets. All security attributes that are needed to make a policy decision on how that information is to be handled can be independently verified and validated. Security attributes such as classification, releasability, privacy and shareability can be encoded within security labels that are bound to each data asset. Since security labels are bound to data assets independently of the nature of the data itself (e.g., a file, an email message, a database cell) it becomes possible to have a single security labelling standard that can be applied to all data assets within the organization. Similarly, it becomes possible to have a single security policy that gates access to information across many data types and applications. Adopting a DCS posture, in support of information assurance, allows organizations to re-evaluate the traditional roles and responsibilities of data management. Data owner

Under a DCS model, the organization is the owner of all information assets. The right to create, access, shared and destroy information is defined and enforced by a security policy under the control of the organization. The organization may delegate the right to manage security policies for specific classes of data to individuals within the organization. Having the organization as the ultimate owner of digital assets, along with the policy control to manage those assets, is commensurate with the organization’s responsibility for information assurance and governance

Data author

Historically, the Data Author is an individual/agency that creates or refines data content to create a new information asset. Under a DCS model, the authorship is no longer tied to data ownership since it is the organization that owns and controls access to all information assets. The organization may, at its discretion revoke user’s access to classes of data which may include content that user created (continued)

Information Mesh Concepts in Support of Multi-organizational …

237

(continued) Data steward

In the DCS model, an individual that has been granted the policy right over a class of information assets, and can manage the community that can access that information, is considered to be a steward for that class of information. Stewardship is a right is granted by the data owner or another data steward. Stewardship rights may be temporary in nature, for example, to ensure business continuity during a crisis. The ability to assign stewardship right to individuals within the organization is an important concept in IM delegation and, when properly managed, supports the governance mandate

Data custodian Perhaps the most significant change in role under a DCS model is the data custodian. A custodian is an individual with the operational right to manage data assets but no rights to access content. For example, the administrator for a Microsoft Exchange Server is provided with privileged access to perform maintenance activities on that service. That does not give that person the right to access the contents of users’ mailboxes. A DCS model separates the IT and IM domains meaning that content is only disclosed to users with the policy right to see that information. Even through malicious abuse of high privilege account, content is secure from inappropriate access This separation of the IT and IM domains applies equally well to the role performed by Cloud Service Providers (CSP). CSPs provide access to and availability of digital assets under their control. However, they cannot use their position as data providers to access content they do not have the right to see. In this way, DCS provides a safe path to cloud adoption

DCS can achieve a high degree of assurance when these two principles are combined: using a single organizational policy to determine when data content can be disclosed and only under those conditions are cryptographic functions applied to the data. By coupling the policy decision and the cryptographic operation, several key advantages are achieved: • Non-bypassable: Cryptographic keys are only brought to the data under conditions of a valid policy check. Without going through the organizational security policy enforcement points, it is not possible to gain access to protected content. • Evaluable: Policy decisions are based on logic that takes into account what is known about the user, the asset, the transaction and the environment. Policy decisions are always performed according to the same decision process and it is possible to subsequently replay the request to determine why information was allowed to flow. • Always-invoked: Every operation against data must traverse through a policy enforcement point (PEP) and be vetted by the policy decision logic. • Tamper-resistant: A PEP operates in a protected processing space that is independent of vulnerabilities in the host, network or application stacks. These four principles, known by the acronym NEAT (Uchenick and Vanfleet 2005), support the assertion that an Information Assurance (IA) trust model can be delivered through a DCS approach to information security. It is also significant to note that this approach represents a major shift in the relationship between the user, the organization and the lifecycle of information.

238

D. Charlebois et al.

Historically, the data author was considered the data owner for information that was created, with ownership determining when and how information is handled within the organization. Under DCS, a new set of tools are available that allow the organization to reclaim ownership and control over its digital asset. For example, changing an employee’s clearance level can immediately (in real time) restrict what information they have the policy right to access, including assets authored by that employee. The final element of the IA model supported by DCS is auditing. When a decision is made to allow the creation or release of information content, it is done in the content of a valid policy decision. This decision was made with the full knowledge of the identity of the user, the nature of the data being acted on, the type of transaction performed and the state of the environment at the time of the transaction. This is the ideal point at which an audit record is generated: a full representation of the transaction at the time the operation on data was performed, including not only the details related to the operating but the policy rationale for why the transaction was permitted (or denied). DCS service, performing this IA function in a protected processing space independent from the underlying IT layer, is also able to protect these audit records using the same data asset layer protection, ensuring: • Chain of evidence: it is clear why information disclosure actions were performed; and • Chain of custody: the audit information is tamper-resistant through the application of blockchain technology for both per-record and contiguous integrity. Community Negotiated Sharing Agreements: DCS can be used not only to control the flow of information within an organization but in its sharing practices with external organizations. The same policy enforcement logic can be applied at the organizational perimeter to ensure that the disclosure of information (both internally generated and requested from sharing partners), are in compliance with the overarching security policy. The decision to release information to sharing partners follows the same information assurance model: who is requesting information and what is the nature of the requested information, but it also draws upon formal sharing agreements that are established between partners. The agreements dictate what classes of information can be shared with partners and what handling restrictions should apply. These sharing agreements support the IA model because: • They draw upon the same security metadata that is bound to individual information assets and, as a result, are enforced at a data asset level; • They can be written in such a manner that they can be directly input into the policy decision logic (a direct mapping between natural language and logical expressions) • They are enacted in real time, in response to an immediate need to share information • They tie into the trust audit mechanism, providing proof of evidence of what information was shared and why

Information Mesh Concepts in Support of Multi-organizational …

239

With this perspective, it is clear that sharing agreements, and the manner by which they control the flow of data, are an integral aspect to the development of the TrustedWeb.

6 TrustedWeb Architecture When combined, the technologies and solution elements described in the previous section establish an information mesh architecture that that connects organizations in a TrustedWeb sharing environment. Two main components, as detailed in Fig. 3, are the Message Brokers and the individual Mesh Integration Points (MIP) deployed by each sharing partner. The Message Broker solution component, and its role to deliver messages resiliently and reliably between sharing partners, has already been described from a technology standpoint. From a governance perspective, the Message Broker Service Provider (MBSP) that hosts the message broker solution are important third parties for the establishment of the information mesh but critically, these service providers do not need to be trusted third parties. Given the use of DCS to protect information at point of origin and ensure confidentiality of this information until its point of delivery, at no point is this information vulnerable to disclosure during transmission. Figure 4 shows this behaviour with a data asset being protected at its point of origin, transiting the information mesh in protected form and content being reconstructed as it is received at multiple sharing partner networks.

Fig. 4 Secure message delivery

240

D. Charlebois et al.

Fig. 5 Message integration point

In short, by leveraging asset-level protections, the MBSP can ensure the delivery of data artefacts without the ability to access to the content held in those assets. The confidentiality and integrity of information is ensured even when data takes a multi-hop path to reach its destination. This information sharing where data protections are independent of the transmission mechanism supports the use of Zero Trust Infrastructure (ZTI). The other key solution component, the Mesh Integration Point, is a set of coordinated services within each sharing partner’s environment that supports mesh-based interoperability and information sharing. As shown in Fig. 5, the MIP has three key services. 1. Connectivity Services: The MIP connects and authenticates organizations to a message broker and from there to the mesh fabric. It both listens for messages from and transmits messages to the participants in the information sharing community. These services support the use of the ZTI communication linkages on which the information mesh resides and provides the attestation needed to prove an organization’s identity within the TrustedWeb. 2. Translation Services: The MIP accepts information requests from the mesh and translates those requests to their local equivalents within the organization. Similarly, information requests destined for the sharing community must be translated from their local expression to the data standard representation used within the mesh community. These services work with local data services to route query requests to the appropriate data store, content management system or supporting web service. These services facilitate interoperability through the use of the data standards for the expression of data objects, security metadata and information requests.

Information Mesh Concepts in Support of Multi-organizational …

241

3. Governance Services: The MIP ensures that all information requests and responses are in compliance with the local security policy and community negotiated sharing agreements. It also transforms and protects data for delivery, using cryptographic keys and algorithms that are shared within the community. These services support the organization’s mission, through the use of DCS and formal sharing agreements, to protect their strategic information assets while remaining a sharing partner. These services allow organizations to balance the conflicting demands of need-to-protect, need-to-share and need-to-inform.

7 Conclusion All organizations, governmental, industry and military, are recognizing the need to effectively share information while maintaining ownership and protection of their digital assets. The sharing of information is seen as critical to helping organizations meet their strategic objectives. As a result, interoperability, improved data access and effective use of a wide range of information sources are becoming policy drivers as organizations attempt to adapt to the modern information age. Technology drivers, such as the desire to leverage the cost reduction and scalability potential of cloud-based services, are also impacting how organizations choose to evolve their information architectures. Changes to how information assets are managed and shared must also take into account organizational governance and information assurance responsibilities. Historically, information security has focussed on protecting the environment, such as firewalls and intrusion detection systems. However, as information management is becoming more central to organizational activities, a new generation of data centric security solutions is needed. In a DCS information protection model, the emphasis is on the data itself rather than the environment in which the data is accessed and shared. Shifting the focus of control, in terms of access control protection and auditing, to individual data assets provides organizations with the needed granularity of control over how its data is managed. Responsible sharing of information in a collaborative environment remains one of the main challenges for organizations. Traditional information exchange mechanisms fail to provide the needed level of assurance to support organizations’ need to be responsible custodians of information. For instance, existing sharing mechanisms cannot provide sufficient attestation, protection, or interoperability to serve as a resilient means by which organizations can safely exchange information. The information mesh model proposed in this paper addresses these concerns by introducing an architecture, based on data centric principles, that advocates separating information technology from information management. This architecture protects information at the data asset level rendering it safe for delivery over zero trust infrastructure, formatted for universal community understanding, and vetted against organizational security policies to ensure compliance.

242

D. Charlebois et al.

The proposed information mesh model for information sharing has the potential to revolutionize how information is handled and shared. It also allows organizations to better meet their respective mandates by providing a new set of information management tools that can: • Support the flow of information in response to changing operational needs and dynamic environmental conditions while still holding information exchange to an organizational policy and governance requirements; • Ease the process of sharing information by reducing the need for humans-in-theloop; drawing upon existing sharing agreements and policy rules; and • Ensure that all transactions, both within and between organizations, are held to a single holistic set of organizationally defined governance restrictions. The information mesh sharing model leverages the best elements of existing data sharing mechanisms and integrates them with enforcement of governance on all data transactions. The information mesh will allow organizations: • to meet their data protection and data sharing mandates; • to safely take advantage of emerging information technologies; and • to be a more effective collaborator in multi-agency partnerships.

References Charlebois D, Carruthers B, Henderson G, Simmelink D (2016) Secure access management for secure operational networks (SAMSON), security concept of operations. Defence Research and Development Canada (DRDC), DRDC-RDDC-2016-R001, Ottawa Global Negociator (2021) GlobalNegociator. [Online]. Available: https://www.globalnegotiator. com/international-trade/dictionary/generalized-system-preferences-gsp/. [Accessed Nov 2021]. Henderson G et al (2018) Symmetric cryptographic method and system and applications thereof. USPTO Patent 10,778,424 Huang Y (2004) The SARS epidemic and its aftermath in Chine: a political perspective. In: Learning from SARS: preparing for the next disease outbreak: workshop summary, Washington (DC) Lencucha R, Bandara S (2021) Trust, risk, and the challenge of information sharing during a health emergency. Global Health 17 National Institute of Standards and Technology (2020) NIST special publication 800–207: zero trust architecture. August 2020. [Online]. Available: https://nvlpubs.nist.gov/nistpubs/SpecialPu blications/NIST.SP.800-207.pdf NASCIO Enterprise Architecture and Governance Committee (2021) An introduction to NIEM. [Online]. Available: https://www.nascio.org/wp-content/uploads/2021/02/NIEM_NASCIO_11F eb2021v2.pdf National Police Chiefs Council (2018) The national disclosure standard. National Police Chiefs Council, London, United Kingdom North Atlantic treaty Organization (2017) Confidentiality metadata label syntax—ADatP 4774. Nato standardization office North Atlantic Treaty Organization (2018) Metadata binding mechanism—Adatp-4778. Nato Standardization Office Object Management Group (2019) Information exchange framework reference architecture. [Online]. Available: https://www.omg.org/spec/IEF-RA/1.0/PDF

Information Mesh Concepts in Support of Multi-organizational …

243

Royal Canadian Mounted Police (RCMP), "Digital Policing Strategy," RCMP, 14 October 2020. [Online]. Available: https://www.rcmp-grc.gc.ca/en/connected-rcmp. [Accessed 11 2021]. TOR Project, "TOR Project," 2021. [Online]. Available: https://www.torproject.org. [Accessed 2021]. Tremblay E, Perron JG, Brassard L (2021b) Multijurisdictional police operations for critical incidents and critical incident response structure (CIRS). Defence Research and Development Canada (DRDC), DRDC-RDDC-2021b-C037, Ottawa U.S. Department of Health and Human Services (2021) Health insurance portability and accountability act. U.S. Department of Health and Human Services. [Online]. Available: https://www. hhs.gov/hipaa/index.html. [Accessed Nov 2021] Uchenick GM, Vanfleet WM (2005) Multiple independent levels of safety and security: high assurance architecture for MSLS/MLS. In: MILCOM 2005 - 2005 IEEE Military Communications Conference UK Ministry of Defence (2021a) Integrated operating concept. UK Ministry of Defence Weissbaum F (2017) The quantum apocalypse. In: About and Beyond PKI, SIGS Special Event in Bern, Bern White EB, Williams G, Wells R (1952) Charlotte’s Web, Harper Collins Publishers World Health Organization (2021) International health regulations. United Nations. [Online]. Available: https://www.who.int/health-topics/international-health-regulations#tab=tab_1. [Accessed Nov 2021]

Information as a Strategic Asset: A Safety and Security Perspective Fraser Moffatt and Daniel Charlebois

Abstract Safety and security organizations are custodians of unique and vitally important information that supports society’s goals for safety and security. These organizations often struggle with managing their information in a way that ensures reliability and usefulness of this information at many organizational scales, from local to national. These struggles have been persistent over the last few decades. We assert that safety and security organization tend not to treat their information holdings as strategic assets but more as basic resources dependent on individuals’ capacities to manage resulting in fragmented approaches to information management at multiple scales. We examine a number of factors why this is the case and refer to a range of defence and security information management projects in which we have been directly involved in generating innovative solutions to these persistent problems. We advocate for a capability-based approach to mature information management practices in safety and security organizations and present a number of potential areas of research and development to further these concepts. Keywords Public safety · Security · Information management · Capability-based planning · Capability maturity

1 Introduction Safety and security organizations are custodians of incredibly unique and vitally important information used support society’s goals and expectations for public safety and security. As a society, we enable and entrust law enforcement, fire and paramedic services, emergency management, intelligence and national security organizations to F. Moffatt (B) · D. Charlebois Defence Research and Development Canada (DRDC), Centre for Security Science (CSS), Ottawa, ON, Canada e-mail: [email protected] D. Charlebois e-mail: [email protected] © Crown 2023 A. J. Masys (ed.), Safety and Security Science and Technology, Advanced Sciences and Technologies for Security Applications, https://doi.org/10.1007/978-3-031-21530-8_13

245

246

F. Moffatt and D. Charlebois

collect, store, protect, use, share and dispose of a wide variety of society’s most intimate information according to societal expectations, standards, ethics, regulations and legislation. Information related to victims and perpetrators of crime, incidents of physical and mental illness, physical safety and national security are kinds of information that no other type of organization in our society is mandated to collect, store, analyse and act upon. Society holds safety and security organizations accountable for the information collected and used for these purposes, to the benefit of society at large. Clearly, this is not a trivial matter. Safety and security organizations, however, often struggle with managing and making the most out of this information for the benefit of society at large. Instead, public safety and security information is often collected, stored and used at local levels and in accordance with local expectations and standards, often with mixed results. Sharing critical public safety and security information between organizations—and with the public—is difficult, risk-laden and sometimes comes with uncertain reward. Maintaining individuals’ privacy and limiting damage to individuals and the state by protecting and classifying information is necessary but introduces unique constraints. Some of this information will never be shared outside of the organization that collected it. In fact, some of this information may never be used by that organization, even for internal purposes. What, then, stands in the way of safety and security organizations using their information to their best advantage, and to the best advantage of society at large? Our assertion is that information is often not treated as a strategic asset in safety and security organizations. While an organization may believe it treats its information as a strategic asset, it is rare that this is formalized at the enterprise level, whether in an information governance or doctrinal framework sense. Furthermore, persistent difficulties in accessing, using and sharing information for both routine and exceptional purposes exposes less-than-optimal organizational behaviours around information management. Information, in these cases, is more often treated as a limited, local resource for limited, local purposes. Information tends not managed as an asset within a system of systems. Rather, information is often managed as a resource specific to one system and is constrained as such. Local use of spreadsheets and desktop databases to collect, store and use information at the local level is an indicator of a resource-based approach as opposed to an asset-based approach. As a result, safety and security organizations can suffer from diluted effectiveness in data-driven decision making ultimately impacting operational and strategic outcomes. Gaps in information can present risks to the state, to safety and security organizations and to the constituents they serve. These gaps can lead to flawed operational and strategic decisions, pertaining to cybersecurity risks. This chapter explores these assertions in more detail and discusses ways to begin treating information as a strategic asset. So, how can an organization begin to know if it treats its information as an asset? Ladley (2010) discusses the nature of information assets in the same context as other organizational assets. He poses questions like these to C-suite executives: • Can this asset be found on the balance sheet? • Can the costs of maintaining this asset be quantified?

Information as a Strategic Asset: A Safety and Security Perspective

• • • • •

247

Do you know where this asset sits? Do you know how this asset is used and/or repurposed? Do you know who claims ownership of this asset? Do you know who holds accountability for this asset? Do you understand the legal, regulatory or compliance aspects of collecting, using, sharing and disposing of this asset?

These simple diagnostic questions uncover ways in which organizations may or may not be treating their information as an asset, strategically and for the enterprise as a whole. Key information management practices such as governance, stewardship and strategic alignment of information with business outcomes may be superficial or completely overlooked in some organizations. Managing information may be a significant expenditure for an organization while, sometimes, little value is created from it. Often, an organization is not able to answer many of these questions in the affirmative. In this context, information can be viewed a resource: a raw material that can be used to help an organization achieve its goals by using information to feed into actionable intelligence from the tactical to the strategic. When an organization is able to extract value from a resource in this manner, this resource becomes an asset. When the resource does not create value, it is a liability. An organization may well define its information holdings as assets but is information really treated as an asset by the organization? A recent Harvard Business Review article reported on outcomes from industry studies that found that less than half of an organization’s information is used in decision making processes, less than 1% of an organization’s structured data is used at all, over 70% of employees have access to information that they shouldn’t and up to 80% of analysts’ time is spent discovering and preparing data (aka “wrangling”) instead of extracting business value through analysis (Dalle Mulle and Davenport 2017). Fragmentation of data, data breaches and outdated technologies were also cited as ongoing challenges. These outcomes are symptomatic of how organizations treat their information as an undervalued resource as opposed to a valued asset. Safety and security organizations are not immune to these symptoms. We will explore these concepts in further detail and uncover how safety and security organizations can overcome the underlying conditions that these symptoms expose.

2 The Current Information Management Landscape First, we offer some definitions for “information management” (IM). In defining “information”, we consider the broadest of interpretations. Venkartraman’s “Data, Information, Knowledge, Action and Response” (DIKAR) model (Ward and Peppard 2002) succinctly describes our perspective on “information”. By taking this broad interpretation, we consider information not just as an artifact of its own (i.e., a report), but the primitives of information (i.e., data), processes that produce information

248

F. Moffatt and D. Charlebois

Fig. 1 Information lifecycle management (after multiple sources)

(i.e., curation, reporting, analysis) and the outcomes of information production (i.e., knowledge) that then fosters action and response by an organization, safety and security organizations included. For our purposes, we consider information to include both data and knowledge. In defining “information management”, we mean the totality of organizational activity concerned with managing the lifecycle of information, from creation, storage, analysis and use through to sharing, archiving and disposal of information. This is commonly referred to as the “information lifecycle”. Organizational IM activities include: planning, processing, structuring, controlling, auditing and investing (Bytheway 2014). This intersection of the information lifecycle and information management, known as “information lifecycle management” (see Fig. 1) is a complex concept and presents numerous challenges for any organizations attempting to make the best use of their information assets. Linking information management to a safety and security organization’s main operational capabilities adds additional complexity. When and how does managing safety and security information become a liability for an organization? Conversely, when and how does information management become advantageous? In our research and development work in the field of safety and security information systems in recent years, we have advised and assisted a number of safety and security organizations, locally, nationally and internationally, to address and overcome their various challenges in the information management space (Moffatt 2021; Moffatt et al. 2021; Charlebois and Moffatt 2018). In this work, we’ve heard from stakeholders, time and time again, that public safety and security organizations are, arguably, “in the business of information management”. We’ve come to understand that the management of critical information is central to outcomes such as national defence and security, criminal justice, emergency management and general public

Information as a Strategic Asset: A Safety and Security Perspective

249

safety for safety and security organizations, regardless of jurisdiction. Information management doesn’t exist for its own sake. Safety and security mandates define an organization’s core capabilities and core operations. Capabilities and operations drive the organization’s information requirements. Information requirements drive technical specifications for information systems. Information systems should support both the tactical and strategic outcomes of the organizations. In a perfect world, at least. While we know that public safety and national security are ultimate outcomes for these organizations and for society at large, we’ve come to understand that realizing—or at least evaluating—these outcomes is difficult without well-managed data and information. Interestingly, many safety and security organizations are able to maintain day-to-day operations even if information management is less than optimal by most measures. Individuals’ information management capacities allow the organization to sustain itself. However, there are significant opportunity costs for an organizations in doing so. Resources that could be dedicated to front line operations or other core safety and security capabilities (for instance, operations, investigations, intelligence analysis, safety and security risk assessments, etc.) are engaged in tasks that do not create much in the way or organizational value or are not necessarily well-aligned with strategic, enterprise level outcomes. Simply put, some information management in many organizations relies on the best-efforts of their workforce and is largely supported by individuals’ capacities to manage information. Those capacities are often uneven from person to person, from unit to unit and from organization to organization. This not ideal for the management of safety and security information at a national level. Data and information are, arguably, the fuel that powers the engine of performance for organization. If the fuel is not reliable, performance suffers. So it goes with information management if information is not useful, accessible, available and reliable, the full range of business outcomes can suffer. While day-to-day operations may not suffer overtly, in the longer term there will be an eventual price to pay. For safety and security organizations, gaps in information management practices can impede safety and security outcomes for the jurisdictions they serve. In front line operations, community expectations for timely emergency response might not be met. In investigatory and intelligence work, critical signals may be missed or misinterpreted and could result in negative outcomes. In joint operations, difficulties in sharing information in a reliable and secure manner may have immediate impacts in response and may have downstream impacts in recovery and future preparation and/or mitigation efforts. At the strategic level, gaps in information management may impact the quality of resourcing (human and/or financial) and evidence-based policy-making for the organization. Expensive mistakes can be made. In the safety and security context, lives could be lost. In our work with major safety and security organizations in recent years (Moffatt 2021; Moffatt et al. 2021; Charlebois and Moffatt 2018), we have observed a range of suboptimal information management practices such as: multiple, competing strategies for information management, fragmented information systems, information use and sharing processes that don’t align with organizational strategies or a focus on

250

F. Moffatt and D. Charlebois

investing in higher end analytics (e.g., business intelligence platforms or data science capacities) while overlooking foundational data and information management principles. Furthermore, most safety and security organizations we examined lack mature forms of data and information governance covering the definition and application of organizational strategy, the establishment of stewardship practices, application of validated standards and ethical guidelines for use of data and information. Often, these types of insufficiencies create an entrepreneurial mindset where local IM solutions are applied to local IM problems where conflicting standards may be used, where fragmentation of information is normal, where interoperability is low and where it becomes exceedingly difficult or expensive to answer even routine questions. The outcome here is an agency that struggles with “multiple versions of the truth” (Dalle Mulle and Davenport 2017). When an organization does not have a strong information management culture or where information management is largely decentralized with weak central governance, these multiple versions of the truth can become problematic. Information will tend to pool around those who immediately produce and consume that information for a specific purpose. This pooled information tends not to percolate into other areas of the organizations—and if it does, this information may not be well understood and may be potentially misused. As such, we have witnessed that effective information management in safety and security organizations can be, at best, a challenge and, at worst, a burden—and a potentially expensive challenge or burden, at that. Information management tends to be relegated to a support function, traditionally embedded within the information technology (IT) part of the organization. Most organizations have intentionally wedded IM and IT into a single entity or have migrated to that model by default. There have been good reasons for this, historically, including the reliance on a small range of specific technical skillsets to manage an organization’s information holdings with the intent of consolidating investment in information systems under one roof. This has become commonplace as operational safety and security data and information became digitized in the past few decades. In fact, in this model, the information system and the information contained in those systems is often viewed as synonymous from the IT perspective. We have directly observed this through the all-too-frequent assertion that because IT “owns” the information system on behalf the organization, it believes it owns the data contained in that system as well. IT staff, by virtue of managing IT hardware, software, infrastructure and services, maintain the ecosystem. This confers on to IT the ability—but perhaps not the authority—to access, restrict access, archive, manage the lifecycle all information assets on behalf of the organization. Authority is the result of delegation. However, this delegation is either not formalized or is implicitly left to IT to manage. This is problematic in that the data is really owned by the organization, or even perhaps the level of government that gives an organization its mandate to operate in the first place, not IT. This situation falls into the realm of information governance and missing in these situations is the concept of information stewardship, including the identification of those in the organization who have been given clear responsibility and accountability for information management. Only the enterprise as a whole can make these determinations,

Information as a Strategic Asset: A Safety and Security Perspective

251

but without a purposeful enterprise-level information governance structure, “ownership” of information often defaults to IT or a specific business unit. This line of thinking began in the 1970s as safety and security organizations began to implement various forms of computerization of processes and digitization of operational data. While this attitude is still somewhat persistent today, a gradual erosion in this type of thinking has begun, largely as a function of more numerous and complex information systems being deployed to support safety and security operations. The ability of IT to manage this growth and change on its own is often quickly exceeded. IT has realized that it cannot sustain this on its own as it had when there were limited number of legacy information systems for them to manage. This, clearly, is not an ideal model at this time or into the future. IT cannot “go it alone” as complexity in information sources, information needs and information solutions supporting business outcomes continues to increase. The role of IT as a support for information management versus a driver of change in information management must be resolved by the organization if information is to be managed as a strategic asset. Furthermore, we have seen the desire for safety and security organizations to undertake IM/IT modernization and/or digital transformation activities. Modernization and digital transformation activities further compound the complexity of information management by introducing new forms of data, new forms of data collection and management, new forms of data analysis and new forms of information and knowledge sharing, many of which are centered on a digital technology. That said, these are not new concepts in Canadian safety and security organizations. Digital transformation has arguably been happening in safety and security organizations for the better part of a generation while IM/IT modernization is (or perhaps should be) an ongoing process. Technology modernization is arguably a significant part of this type of transformation and modernization, perhaps to the detriment of business strategy, business value, information culture and readiness of an organization’s workforce. Take, for example, the digitization of police records (crime occurrence reports, for the most part). The first digital systems were implemented in Canadian police services beginning in the 1970s in the form of mainframe computing systems. The personal computer (PC) revolution in the 1990s resulted in the deployment of more modern PC-based records management system applications. Computerized dispatch systems and mobile data terminals in police cruisers also made their debut, beginning in the 1980s and became ubiquitous towards the end of the 1990s. The relatively slow evolution of these elementary information systems preceded an explosion in use cases and other supporting technologies and information systems that would quickly become prevalent in policing. For instance, global positioning systems (GPS) and geographic information systems (GIS) were readily adopted by police and enabled more locational awareness of public safety issues at tactical, operational, administrative and strategic levels. New policing capabilities were deployed as these technologies arrived. For instance, the profession of crime analysis blossomed at the point where digital geographically-referenced data were enabled in CAD and RMS systems. Bulk and/or semi-automated analysis of trends and patterns in crime and disorder was possible in a way it hadn’t been in the past. In 2022, we are now seeing a wide range of sensors creating largely unanticipated streams of data and information

252

F. Moffatt and D. Charlebois

that continue to challenge the current paradigm of information management in safety and security and exert pressures on the traditional IT-informed approaches to information management. Take for example, body-worn video cameras (BWV) becoming more common in policing. Storage and processing requirements for data generated by these sensors is orders of magnitude greater than that of a crime-occurrence centered digital records management system. Managing this information in the context of the wider criminal justice system is well beyond the purview of a single police service’s IT department. Seizures of devices containing critical digital evidence in criminal investigations creates more storage and information analysis pressures that were largely non-existent even 15 years ago. These use cases are but a tip of the iceberg. A relevant case study—and perhaps a cautionary tale—in safety and security information management modernization exists in the form of the Federal Bureau of Investigation’s (FBI) various exploits in modernizing its case file management system (Virtual Case File, or VCF) and then their Sentinel system in the journey towards making their case-level information a more strategic asset for that organizations (Marchewka 2010). After twelve years, hundreds of millions of dollars invested, cancellation of the VCF project, resignation of multiple Chief Information Officers, complete change in software development methods, several key audits carried out by the Government Accountability Office (GAO), the Sentinel platform was launched in 2012. Yet, only two years later, Sentinel users reported significant problems with the system’s search and indexing functions—both core information management functions (U.S. Department of Justice 2022). While these problems may indicate issues with IT project management in the FBI, this particular outcome points to yet another symptom where information is not treated as a strategic asset. It is this specific problematic outcome that serves as a warning for other safety and security organizations as to potential pitfalls in the various promises of even enterprise-managed digital transformation and modernization initiatives. The lesson learned here is that despite a need to address information management from a top-down strategic perspective, it is as important to ensure user-level functionality from the bottom up in the totality of treating information as a strategic asset. If the front-line finds it difficult to extract value from the organization’s information holdings, perhaps the information is not being treated as an asset after all. As we will discuss in this chapter, information management is more than just information technology. In fact, we argue that the technological aspects of information management are but a sliver of the entire information management ecosystem (Ladley 2010), an ecosystem that we consider to be a capability in its totality. Information management often seems to be an island to itself in the IT domain and thus may not consider, more than superficially, other elements of an organization, namely, business processes and business strategies, workforce readiness and organizational culture. It seems, thus, that when IM is in the domain of IT, evolution of information management practices tends to move at the speed of technological change. To mean, IM moves either slowly or incrementally as legacy systems slowly evolve or IM is forced to move rapidly and unexpectedly as disruptive technologies emerge and are adopted. New, emerging or even obsolete business requirements may not be considered in a fulsome manner, taking into account the non-technology aspects of an

Information as a Strategic Asset: A Safety and Security Perspective

253

information management capability. Oftentimes, information systems are woefully lacking in the ability to provide the right information at the right time as business processes and attendant information requirements change. Conversely, existing business processes are woefully unprepared to manage new information sources as new technologies are deployed. Entirely new business processes may emerge (e.g., law enforcement’s crime analysis capability). It is rare that these changes are managed strategically and at the enterprise level. Thus, information technologies and information requirements are often not well-aligned and therefore create inevitable frictions between IT and the rest of the organizations. What we have found in our recent research is that safety and security organizations have tended to treat data and information as a by-product of their operations rather than an integral, intentional part—as a raw resource instead of as an asset—or as a capacity rather than a capability. Managing a safety or security incident is usually the primary operational activity of this type of organization. Ensuring that appropriate resources are deployed to handle a safety or security incident and that safety and security is restored during and after an incident is an operational goal. This condition appears to be more a function of an organization’s culture and mandate than a function of its technology environment. Information related to these incidents, and the entities involved in these incidents, are collected and stored during operations and are used in various ways after the fact. The manner in which these data and information are collected and stored is largely reliant on the way information systems are designed (be it software, hardware and/or analog information repositories) rather than how the business operates, or how it needs to optimally operate. The use of this information, in analysis for instance, to identify trends and patterns activity or to inform strategic decision-making, is often an afterthought. How to share valuable information contained in these systems—within and between organizations—is often a more distant afterthought. We conclude that information management processes and practices are, in many cases, not well aligned with the strategic intent of many safety and security organizations. Thus information is often not managed as a strategic asset. In policing, for instance, the manner in which a computer-aided dispatch (CAD) and a records management system (RMS) works is very different than how a geographic positioning system (GPS) works and is yet again different from how a body-worn video (BWV) system works, with respect to collection, storage and use of data and information related to operations. Yet, each of these technologies can be used in the same operational context while satisfying different operational requirements. Different and distinct software and hardware platforms, different and distinct data artefacts and often proprietary data “standards” are the norm in this domain. Data and information interoperability is usually not high. Achieving interoperability may take additional layers of technology to satisfy, making already complex information ecosystem even more complex. These types of systems are commonly used in front line policing operations and all contribute to describing various aspects of a real-world incident, collecting systemspecific data points as an incident unfolds. Each of these systems presents an information management challenge to an organization in terms of how any information is

254

F. Moffatt and D. Charlebois

collected, stored, retrieved, used, shared and disposed of. Once the real-world incident has been resolved, what becomes of the data and information that are collected? How is that data used? What, if any, value does it hold for an organization? How does the organization extract value from this information? And how does this value translate into realizing any of the outcomes for which a safety and security organization is responsible? Extracting business value can often be exceedingly difficult, time consuming or resource intensive. In any case, extracting value on behalf of the organizations is an expensive undertaking. It need not be this way. Meanwhile, there tends to be lofty expectations from those in safety and security leadership roles for high-quality information to support any and all types of decisionmaking and that this information should be timely and reliable and applicable to a wide range of core business problems, from the strategic to the operational. These expectations often extend into the public realm: citizens served by safety and security organizations are often surprised at the lack of information integration and interoperability within and between organizations. The expression “the right information for the right person at the right time” has become an axiom in safety and security organizations as an expression of a desired state for an organization’s information. As axiomatic as it has become, this expression reflects an aspiration for an organization’s state of information management maturity. This state is rarely ever achieved or, if it is achieved, it is not sustained for long and/or is an expensive endeavour with difficult-to-measure returns on investment. Why is this the case? Why is organizational information management often fragmented in nature, subject to ad hoc processes, lacking in standards and governance and supported largely by individuals’ skills and capacities? Are IT departments equipped to address the full scope of an organizations information management requirements when focused on IT projects delivering specific technology solutions? At a finer scale, do the IT solutions being implemented actually deliver on the promise of the right data and information being collected, stored and used by the right people at the right time in order for a safety and security organization to realize its desired outcomes? Are an organization’s information strategies aligned with its strategic outcomes? We argue that these conditions are exceptions, not rules, in safety and security organizations.

3 Information Management as Capacity or a Capability? First, let’s define what we mean by “capability”. A capability, in our estimation, is the fusion of “people, processes and tools” that allow an organization to realize its goals. Breaking it down a little further: the “people” elements of a capability include organizational culture and workforce readiness/skills; “process” elements include business strategy and business value; and “tools” elements include information and communications technology (ICT) and data assets. It is the combination of these elements that make up a capability. When information management is viewed— and embraced—as a capability, it is composed of all of these elements. Treating information as a strategic asset requires focus on all three components of a capability

Information as a Strategic Asset: A Safety and Security Perspective

255

in equal measures. This is rarely the case in safety and security organizations, in our experience. Simply put, if an organization seeks to treat its information as a strategic asset, embracing an information management capability mindset is required. Contrast this to an IM capacity: an organizations ability to deliver based on individuals’ inherent competence in information management. IM capacity may rely on a small number of highly skilled individuals that maintain an organization’s information resources, technology included in limited scopes and scales. When those individuals are no longer available to the organization, the capacity may suffer. In our estimation, managing information as a strategic asset requires a capability-based approach versus a capacity-based approach. Ladley (2010) provides a high level framework of the constituent components of an information management capability. Table 1 summarizes this framework. Across the safety and security domain in Canada, we have observed organizations having varying strengths and weaknesses in any of these three capability areas. One organization may have an exceptionally strong analytical capacity but this capacity may be lacking in alignment with the strategic goals of that organization. Business value of information and analysis may not be optimized. Another organization may have best of breed software and hardware tools but the workforce lacks the requisite skills to maximize the use of these tools in business value creation. Another organization may have invested heavily in cloud computing solutions for business processes Table 1 Information management capability components (after Ladley 2010) Capability area Capability element People

Processes

Tools

Capability element descriptions

Organizational IM culture Cultural factors and paradigms denoting how an organization makes decision leveraged by IM (e.g., data-driven, “faddish”, risk-averseness) IM skillsets

IM skills including analytical and technical skills for the full information lifecycle (collection, storage, retrieval, protection, usage, analysis, sharing, disposal)

Business value

All forms of value related to the health and well-being of an organization including economic value, social value and intangibles such as intellectual property achieved through IM

Business strategy

Business objectives, policies and plans relative to the organization’s resources, internal and external operating environment where IM applies

Data assets

Data as abstracts of reality (events, entities, transactions) with a form (structured, unstructured) and attributes measurable on a variety of scales; building blocks of information and knowledge. Enriched by metadata

ICT assets

Information and communications technology; hardware, software, infrastructure on which data and information resides and is used or moved

256

F. Moffatt and D. Charlebois

that are not well defined. These are problems that can be objectively assessed and rectified if an information management capability mindset is embraced. This is only part of a solution; there is a second layer needed to be considered here: the maturity of an information management capability. When a maturity perspective is applied to an information management capability framework, an organization can than self-assess its maturity for any and all of the capability components as well as define a roadmap for technology change (in a “more mature”) direction. This requires an expansion of the information capability framework detailed in Table 1 to include multiple levels of capability maturity. We have begun to employ various iterations of information management capability maturity frameworks in our work advising and assisting our safety and security stakeholders. The capability maturity framework allows one to assess all aspects of an organization’s state of information management in order to identify, diagnose and correct specific problem areas. Our work in this space over the years has uncovered that many safety and security organizations of all sizes are mired in lower levels of information management capability maturity. A low-maturity IM capability can be characterized as: information management practices that are entrepreneurial, idiosyncratic and/or reactive; local units or individuals having authority over data; IT claiming “ownership” of the data; few business rules or management criteria exist for data and information handling; data quality is a continuing challenge; information use tends to be costly; analytics depends on the capacities of a few individuals using esoteric tools; otherwise, spreadsheets are commonplace for collecting, storing, using, presenting and sharing data and information. These issues affect safety and security organizations both large and small. These characterizations may be familiar to many readers. Why is this the case and not the exception? Simply deploying modern or best-of-breed information management tools (e.g., cloud computing, “* as a Service” solutions), using advanced analytics in an entrepreneurial manner or employing data scientists is not sufficient evidence of high information management capability maturity, although they can be important components of such. Pockets of high maturity may exist, but this is not the norm. More often, small pockets of high capacity exist—whether in terms of people, process or tools. There is ample evidence of safety and security organizations employing data scientists, incorporating artificial intelligence and machine learning algorithms into their analysis routines and/or having high-end business intelligence and data storage solutions in place. Despite this evidence, information management capabilities in these organizations is often not very mature, in our estimation. The conclusion that we have arrived at after observing multiple safety and security organizations at multiple scopes and scales is quite simple and stark: safety and security organizations are not well equipped to embrace strategic information management as a core capability, equal to that of core operations and, as such, have a very difficult time attempting to overcome a low maturity state. In basic terms, safety and security organizations have yet to fully embrace information management capability maturity in its full breadth and thus, information as a strategic asset remains elusive.

Information as a Strategic Asset: A Safety and Security Perspective

257

While this conclusion is clear, the reasons for this are less so. As we defined earlier, an information management capability is multidimensional (people, processes and tools). For safety and security organizations, this capability is rarely defined or managed in a multidimensional, holistic sense. Safety and security organizations do have experience in defining and managing other types of capabilities (e.g., emergency response, criminal investigation, national security risk analysis, etc.). For safety and security organization to be equipped to embrace information management as a capability means recognizing the multidimensional nature of information management and making holistic changes across the organization, not unlike what has been done for other core capabilities over time. Furthermore, IM as a core, strategic capability will be difficult to realize if IM is consigned to the domain of IT. The core business needs to not only be involved, but needs to lead. While an IT shop is usually well-equipped to elicit user requirements, specify parameters for and implement information systems, this often happens at a solution level, not an enterprise level. How often does the business analyst incorporate how a change in technology in one information system will impact an operational business process and how the combination of this might impact overall information management capability for an organization? The answer is: “not often”. In a capability context, business objectives should inform business processes while technology and data should support the realization of these business objectives. There should be an explicit, recognized (and possibly documented) symbiotic relationships between the strategic and the technical layers. In an organization with a mature IM capability, this dynamic is central to the concept of a strategic capability and can be considered the “capability architecture”, following the principles laid out by The Open Group in their Architecture Framework (TOGAF) Standard (The Open Group 2022). Figure 2 illustrates this architecture. In policing, for instance, patrol operations is a core, strategic capability; people, process and tools are enabled in such a way that operational goals are met. Purposespecific organizational culture, strategy, policy, funding, training and technologies ensures a “patrol operations mindset, skillset and toolset” critical to achieving desired outcomes (e.g., “getting cars to calls”, “ensuring officer safety” and so on). Criminal investigations is another core policing capability and, similarly, ensuring that the people, process and technology dimensions of the capability are well defined and orchestrated is critical to realizing outcomes in this area (e.g., laying criminal charges leading to criminal convictions). There are a number of other supporting capabilities in a policing environment: traffic enforcement, forensic identification, intelligence operations, to name a few. To be fair, law enforcement organizations have had many decades to build and refine these core capabilities. Not so for information management. Rarely, if ever, is information management considered a true capability alongside these other capabilities. This is a significant shortcoming in policing, at least, and in the wider safety and security domain as well. The notion of information management as a strategic capability is rooted in an organization’s information culture. If an organization is willing to prioritize the strategic management of its data and information assets, it needs to treat it as such. Often, this is not the case and this exposes a lower level of IM capability maturity.

258

F. Moffatt and D. Charlebois

Fig. 2 Capability architecture schema [after TOGAF (The Open Group 2022)]

An organization’s IM capability maturity is a function of the magnitude of the gaps in the existing state of the capability and the ideal state of that capability, expressed as a function of an organization’s particular goals for IM. One organization’s optimal level of maturity might not be the same as another organizations. Therefore IM gaps and the activities required to close those gaps will be specific to a particular organization. The methods to assess these gaps and the strategies that could be used to close those gaps, however, are not unique. There are common threads that run through the concepts of both capability and maturity. At lower levels of information management capability maturity, there is often little to no collective organizational culture (or what some call mindset) in how an organization’s information assets should be managed (Kahn 2018). Lack of doctrine around how an organization manages its information is a root cause. Differences in organizational cultures within the organization (“business vs. IT”) contribute friction in information management. Lack of awareness of how information assets interact with core business processes impedes the possibility of improvement of information management as a capability and optimal realization of business outcomes. The “solution-oriented” mindset tends to be prevalent as an IM strategy. Also prevalent is the inclination towards “shiny objects” in how IM investment decisions are made. These latter issues are symptomatic of information as a fragmented capacity

Information as a Strategic Asset: A Safety and Security Perspective

259

versus information management as a mature capability. Information management governance is lacking—governance that covers the full spectrum of IM. There can also be little thought in how to develop workforce readiness in data and information literacy (or skillsets) in order to fully extract business value from an organizations information assets. An organization’s reliance on individuals’ innate information management capacities and lack of a baseline information management skillset across the workforce can compound these issues. While many organizations do have pockets of exceptional data and information management capacities in the form of highly skilled individuals, including the ability to carry out advanced analytics, these capacities are rarely tied to enterprise level outcomes or even leveraged at the enterprise level. Skilled individuals are often working in an artisanal manner and may have limited, long term impacts on the strategic outcomes of the organization. They may even operate in conflict with other parts of the organization. These individual capacities are difficult to sustain over time as individuals move along in their careers. In a more mature information management capability, these skillsets and expertise are nurtured in a strategic manner—with intent and aligned to the outcomes of the organization in mind. Finally, there often exists a fragmented landscape in terms of data assets and the information management technologies themselves (or toolset). The fragmented nature of data and information management tools and technologies is symptomatic of how legacy systems are maintained and upgraded and how business requirements are interpreted in IT procurement processes. In an organization with low information management capability maturity, data silos and spreadsheets rule. There are often few standards applied and system-to-system interoperability is low. Data collection and storage policies and solutions are not necessarily aligned with strategic outcomes of the organization. Data quality is a persistent challenge and some data assets are never used to create business value. Protection of data assets may be uneven.

4 Information Management Capability Maturity Clearly, we are making a case for, first, embracing information management as a strategic capability and second, advancing IM capability maturity for safety and security organizations. We have laid out the constituent parts of an IM capability (people, processes and tools) centered on activities related to the information lifecycle (create, store, use, share, archive and dispose) with appropriate mechanisms for IM protection enabled for each stage. The final piece of the puzzle is the capability maturity layer. Capability maturity categorizes the behaviours and characteristics of an organization for each part of the capability at various levels of maturity from low maturity to high maturity. Maturity levels for each part of the information lifecycle can be defined in terms of these maturity levels; the entire lifecycle itself may also be defined in terms of maturity. There are many types of capability maturity frameworks currently in existence and in use for a wide variety of domains. There are few information management

260

F. Moffatt and D. Charlebois

capability maturity frameworks and even fewer that are specific or applicable to information management activities in safety and security organizations. There are, however, general approaches that can be adapted to suit these types of organizations. Capability maturity exists as a continuum from low to high. Each level of maturity is described by an organization’s behaviours in a certain context. In the preceding paragraphs we have identified a few examples of maturity characteristics for organizations we have examined. Ladley (2010) provides a useful starting point to characterize information management maturity. Table 2 summarizes these maturity levels and characteristics. Table 2 Information management capability maturity (after Ladley 2010) Capability maturity level Maturity characteristics Initial

The organization is entrepreneurial; individuals have authority over data, so processing is fragmented. Chaotic and idiosyncratic are common adjectives. There are few users, any business rules or criteria for behavior are nonexistent. Obviously, data quality is far from integrated, and data handling is costly

Repeatable

Departmental data becomes the norm. Processes for consolidation and reconciliation may exist to improve the context of data. All data and content are defined internally (vs. using industry standards). Usage is still reactive. Any cleanup or sophistication in usage, such as analysis, is departmental, specialized, and costly

Defined

The organization starts to consider an enterprise view, and looks for some sort of integration across applications and silos. A desire for data accountability evolves. Strategic alignment to the business becomes an activity in IT. Standards are developed, and sharing and reuse become watchwords. Data quality becomes formal and may centralize. Data usage becomes more common, less specialized. Facilities to track usage, meaning, and maintain data assets evolve. Efficiency of data management improves, costs decrease

Managed

Data and content assets are tracked, lineage of all content is understood and documented. Analytical results are used to close process loops. Availability for use may become real time vs. monthly or weekly reporting. Personnel can be interactive and collaborate on content and data. E-mails, documents, and web content are also managed, and can be called up alongside “rows and columns”. Data quality is built into processes vs. corrected post facto. Data and content management is integrated into the company’s culture and value chain

Optimized

There is no need to determine if information assets are managed effectively—they are woven into the fabric of the organization. Real-time innovative use of content is ubiquitous. There are effective measures in place, so allow IM to be continuously improved to support business innovation. The organization can place a value statement on its content, if not the balance sheet. Knowledge bases exist, and the distinction between structured data handling and unstructured data handling dissolves

Information as a Strategic Asset: A Safety and Security Perspective

261

Of note in Ladley’s construct of maturity is how elements of the capability—that is, people, processes and tools—are explicitly embedded in each maturity level’s description. In this maturity context, an organization can situate themselves within any of these levels or, more likely, in two or more of these levels, depending on which facet of information management is being examined. Perhaps, an organization’s analytics part of an IM capability is a more mature area while data management processes are less so. How would an organization then characterize IM capability maturity across the full spectrum of activities? Deconstructing individual parts of the capability aids in this assessment. In our work with a range of local, national and international safety and security organizations, we have begun to develop a framework that intersects information management activities with the IM capability maturity construct. We are in the process of refining this model for specific application within safety and security circles, paying close attention to the legal, regulatory, protection, privacy and ethical concerns that are relevant in this domain. This work is complex and ongoing. For one organization we advised, storage and sharing of critical information were immediate challenges and one with many logistical, policy and operational impacts. There was no clear, single solution that technology alone could provide. While we recommended virtualization, automation and standardization of some business processes, information products and technology platforms, realizing a reasonable solution (or multiple solutions, in reality) required a more multidimensional approach examining a more fulsome information management capability. Our nascent framework provided some key guideposts on how—and how quickly—the organization could mature its capabilities in their specific problem area. More clearly understanding where they currently were in terms of the capability and where they wanted it to be was critical for developing a roadmap towards a more mature information management capability in their specific problem areas. In a second organization, we found that while their information management processes worked adequately in practice, there were multiple points at which effort was duplicated and human error introduced. Clearly, this had an impact on the timeliness and usefulness of information being used for decision-making up the chain of command. Again, our framework was useful for situations where the organization in terms of their problem space(s) enabled them to develop plans and strategies to mitigate their problems. After years of business process changes, leadership changes and changes in personnel and funding, a key problem area for this organization was information governance—the policies and practices that prescribe various responsibilities and accountabilities for aspects of information management in critical business processes. The organization was able to better pinpoint its problem areas and positioned itself to surgically improve these areas, while looking at the broader information management capability as a whole. Lastly, in a third organization, we found a very high level of analytical capacity, that is, very skilled analysts applying methods both simple and complex to a wide variety of business problems for their operational stakeholders. As such, the organization viewed itself as “very mature” in terms of analytics, specifically, and information management in general. In this organization, we assessed that, yes, analytics was a

262

F. Moffatt and D. Charlebois

strength, but overall information management—as a capability—was not mature. Analysis was a very artisanal activity—with local efforts focused on local solutions. Analysts working on similar problems in different parts of the organization had their own analytics methods and their own ontology for various aspects of data management that did not translate well across organizational boundaries. Analytics results were not comparable across the organization. An effort to centralize analytics elsewhere in the organization served to diminish the analytics capacity at local levels, not enhance them. Overall, there was a lack of doctrine for information management and, thus, no real IM capability—mature or otherwise. Our recommendations in this area were to focus on developing common frameworks for data and information—including a common taxonomy for specific data elements and train the workforce around that particular element, rather than develop a monolithic analysis environment. In all of these cases, we have worked with these organizations to develop the necessary technological roadmaps to enable information management capability maturity. In each of these cases, elements of our nascent framework(s) were utilized to help these organizations along their path towards higher levels of maturity, enabling modernization and digital transformation as desired. Each organization’s ultimate roadmap was unique to their challenges and environment. In this work, it has become evident to us that no single solution will fit all organizations struggling with IM challenges. Depending on an organization’s state of maturity in any (or all) IM capability areas, the roadmap to maturity will most certainly differ from organization to organization. What is a problem area in one organization may not be a problem in another organization. It is also evident that there is a dearth of knowledge in how a safety and security organization can set itself up for maturity in this space. This is a knowledge gap we seek to close through the writing in this chapter. The unique nature of how safety and security organizations are entrusted with society’s most sensitive data and information, the legislation, regulations, privacy consideration and ethics around the collection, use and sharing of this information as well as the multi-jurisdictional nature of these organizations suggests that a common, domain specific framework would be of use. Given the local scope of jurisdiction for most safety and security organization in Canada, we recognize that no one organization is positioned to develop, on their own, a framework that could be relevant and useful for all other organizations across the country. While that is the case, a national approach to the development of a safety and security information management capability maturity framework is something that would be of benefit for all stakeholders in this domain. There are a number of organizations working on various discrete aspects of such a framework (e.g., law enforcement analytics maturity framework, national paramedic information standards), but much work remains to be done, particularly when drilling to more detailed aspects of any one capability area. For instance, we have seen an interest in the development of an ethical framework for data use by law enforcement, partially to respond to the public’s negative perception of the use of some here-and-now technologies (e.g., cloud computing, facial recognition, algorithmic policing) but also to proactively prepare policing for the technologies of the future. An ethical framework would be well-suited as a

Information as a Strategic Asset: A Safety and Security Perspective

263

complementary part of an information management capability maturity framework, falling under the governance area of such a framework. However, an ethical framework does not stand alone—it should become a part of a system of systems and address how ethical use of information is framed as a function of organizational culture, workforce skillsets, strategies and business value and finally, tools and data assets. Ethics is one example of many key areas to explore at the intersection of information management capability, information management lifecycle and information management maturity. Much remains to be understood in these domains prior to defining and managing in a more mature manner. It is our vision that the safety and security community in Canada can and should collaborate to jointly define and develop a multidimensional framework of a safety and security-specific information management capability (the people, processes and tools), combined with the intersection of information management lifecycle activities (collect, store, use, share, archive, destroy) and information management maturity (initial, repeatable, defined, managed, optimized). This framework risks become unwieldy given the orthogonal nature of these individual dimensions. Understanding the totality of relationships between each level of each dimension is a significant undertaking. However, if done right, a multidimensional framework can provide any safety and security organization with the means to deconstruct, simplify and understand their current IM capability maturity, then to identify their IM problems, gaps and solutions and, finally, to develop the necessary capability-level roadmaps necessary to overcome these gaps. It may be necessary to develop standards, ontologies and/or taxonomies specific to these information domains. It will require deeper dives into various aspects various components of a capability, such as how ethical use of data impacts law enforcement analytics and eventually, public trust. Or conversely, to identify how existing analytics methods and technologies can help inform ethical standards in the use of law enforcement data. These two examples represent a very small slice of the information management capability “pie”. At this point, there are more questions than answers. The work we continue to engage in is exposing these approaches to key stakeholders in the safety and security domain in Canada and working towards a useful, multidimensional framework that can be used by any safety and security organization to develop and mature IM as a core safety and security capability and to realize the value of treating information as a strategic asset. Our work here includes the continued elicitation of requirements from stakeholders relative to the intent of such a framework (or frameworks as the case may be) and deeper dives into specific challenge areas that present the most pressing problems. It is our intent that this chapter provides an initial step in this direction.

264

F. Moffatt and D. Charlebois

References Bytheway A (2014) Investing in information: information management book of knowledge. Springer Charlebois D, Moffatt F (2018) RCMP federal policing IM/IT roadmap study: initial findings. DRDC-RDDC-2018-L254 Charlebois D, Moffatt F, Youssef R, A roadmap of information management modernization for RCMP’s Federal Policing branch (in press) Dalle Mulle L, Davenport T (2017) Two types of data strategies every company needs. Harvard Business Review Magazine Kahn KB (2018) Understanding innovation. Bus Horizons 61(3):453–460 Ladley J (2010) Making enterprise information management (EIM) work for business: a guide to understanding information as an asset, 1st edn. Morgan Kaufman Marchewka JT (2010) The FBI virtual case file: a case study. Commun IIMA 10(2), Article 1 Moffatt F (2021) DRDC analytics gap assessment: towards a more mature analytics capability. DRDC-RDDC-2021-L124 Moffatt F, Charlebois D, Hales D, Forbes K, Poursina S, Scipione A (2021) United Nations department of safety and security knowledge management project: initial findings. DRDC-RDDC2021-L362 The Open Group. The TOGAF® Standard, 10th Edition. https://publications.opengroup.org/standa rds/togaf/specifications/c220. Accessed 17 Apr 2022 U.S. Department of Justice Office of the Inspector General. Audit Report 14-31. Audit of the status of the federal bureau of investigation’s. Sentinel program. https://oig.justice.gov/reports/2014/ a1431.pdf. Accessed 1 Mar 2022 Ward J, Peppard J (2002) Strategic planning for information systems, 3rd edn. Wiley, Chichester