MISSISSAUGA, ON – There are plenty of opportunities for vendors to cash in on the ever-growing IT security needs of Canada’s health, law enforcement and critical infrastructure organizations – as long as the solutions offered are built to open standards, perfectly interoperable with everything else under the sun and easily and inexpensively scalable to meet current threats.
That was the consensus of the participants at a panel discussion on the needs of governments, law enforcement and industry held this week as part of the Business and Technology Opportunities in National Security and Public Policy conference.
“Today’s challenges revolve around sharing police records and information management systems between jurisdictions,” said Darell LaFosse, assistant commissioner, community, contract and aboriginal policing services for the RCMP. “The offset to the increase in demand to capture greater amounts of information must come in the form of streamlining as many processes as possible.”
For example, he said, each province and territory uses its own reporting structure for collision reports. That makes it more difficult to standardize reports on a national basis and develop traffic accident reduction strategies. But embedding computer data in provincial identification such as drivers’ licences or health cards would go a long way towards reaching the goal of standardization, said LaFosse, who helps the 700 or so RCMP detachments across the country identify their IT needs.
Canadian law enforcement agencies need to be able to share information easily, not only to catch domestic crooks involved in everyday crime, but to play a role in the global war on terror, he said.
“Information systems must be designed to reuse information wherever possible and provide linkages that connect individuals, places and events, and present this higher level of awareness to the police officer at the side of the road,” he said. “That frees up the officer from the laborious task of re-entering particulars and allows him to concentrate on the investigation at hand. By having timely relevant information, officers can identify individuals and make connections between seemingly non-related events and fight crime more effectively.”
Because vendors are so loath to provide open source code to their competitors, the RCMP has been forced to develop an integrated query tool that enables it to share information with other agencies, LaFosse told ITBusiness.ca after the panel.
“We’re providing that to all law enforcement agencies free of charge and now we’re going to progress to the national integrated interagency information system … and plug it into the border safety agencies and Corrections Services Canada.”
In the health-care sector, there are also plenty of opportunities for IT vendors, but not in the areas typically associated with health care, such as in the development of systems that digitize the current paper-based system.
Wayne Dauphinee, executive director, emergency management branch in B.C.’s Ministry of Health, said Canada’s health-care workers are on the front line of the escalating violence making the news headlines. Gang vendettas and crystal meth labs are just two of the biggest dangers facing ER workers and paramedics, he said.
“Over the last few years there has been a significant increase in violence, particularly in emergency rooms,” he said. “Studies have shown health care workers on the front line are four times more likely to be involved in a violent event than any other worker group. Because of this, we’ve had to invest more in protection around health-care facilities, in surveillance, intrusion alarms and access systems in developing what is becoming a fortification of our facilities.”
The health care system has also had to confront the prospect of terrorism, he added, as well as the potential for a pandemic virus.
“How are we going to address this situation?” he said. “We know we’re working at capacity all the time, so when we talk about increasing capacity for surge, that is an unrealistic expectation. What we have to do is be more intelligent about how we’re going to manage that potential surge and how we can reduce the demand on the fixed system, the fixed beds, and the fixed capacity we have in hospitals.”
That’s where IT comes in, he said. “You can see we are a market for enhanced technology. It’s something we need now, and it’s something the government has to think about, not only about reducing wait times, but to help the health system prepare for and respond to a number of emergencies.”
For critical infrastructure industries such as atomic energy, the reality is that while new and improved IT security will always be welcome, its effectiveness can only really be reviewed “post-event,” said Bradley Perrin, chief security officer and director of emergency and protective services for Atomic Energy of Canada Ltd.
Perrin, who outlined the many layers of physical and cyber security that protect AECL’s 23 sites and four major locations, said he challenges technology suppliers to find upgradeable solutions, “meaning as the threat climate changes and the characteristics of the adversary changes, we’re not stuck with technology we can’t upgrade.”
Keeping up with the “adversaries,” he said, is no easy task in itself, though.
“As we learn more about our adversaries, they are becoming a learned organization. They are advancing at levels far beyond our wildest imagination.”
And while the federal government is “learning from past errors and omissions” and “building on its successes,” said Pierre Boucher, acting senior director at Treasury Board of Canada Secretariat, it still has a long way to go in terms of achieving a consistently high level of IT security across all departments and agencies.
Boucher said his organization was asked to appear in front of the standing committee on public accounts following the Auditor General’s 2005 conclusion that despite its best efforts, the government is still flunking out in the IT security area.
“We concluded we had to equip ourselves with the right management framework,” he said. “We took a fundamental review of the IT security program and decided we need to take actions on well identified problems.”
For example, in June TBS asked each department to file a detailed Management of Information Technology Security plan by the end of 2005.
“As it turns out, this is the most comprehensive collection of information we’ve ever gathered throughout the Government of Canada,” said Boucher. “It allows us to understand the state of the IT security program. The Auditor General’s findings were that there are a great deal of inconsistencies in maturity levels, and we’re also finding common problem areas in the management structure of IT security that require a common set of solutions.”