COMMENT ON THIS ARTICLE
A simulated exercise to assess the federal government's ability to adequately respond to national emergencies has revealed several shortcomings.
An "anti-hacker" exercise – dubbed Cyber Storm – tests a country's communications, policy and procedures in the face of cyber attacks. The mock crisis also evaluates how a government responds to emergencies, on its own, as well as in tandem with other countries.
Canada – along with the United States, Australia, New Zealand, and the United Kingdom – participated in the five-day simulation – conducted by the U.S. Department of Homeland Security.
While the exercise itself was conducted last February, detailed reports analyzing this country's response were published by Canada's Public Safety and Emergency Preparedness Department (PSEPC).
The exercise mimicked a sophisticated cyber attack, which included scenarios, such as a leak of social insurance numbers, an aviation control meltdown, and tampering with government Web sites.
The PSEPC reports highlighted several weak spots in the federal government's response. In particular:
• National and international secure communications channels are insufficient;
• Coordination with international counterparts has not been established; and,
• Some officials have trouble accessing secure documents in times of crisis.
In addition, it was noted that the mandate of the National Emergency Response System (NERS) had not yet evolved from concept to reality, despite its creation in 2003.
An "all hazards" response unit, NERS was established to co-ordinate federal responses to emergencies of national significance. Developed by PSEPC, it is staffed by PSEPC and other federal departments.
Highlighting NERS' lack of progress in these reports is a good thing, says Michelle Warren, senior research analyst with Info-Tech Research Group in London, Ont. "It will really help light the fire under NERS to get them moving. I wish this had come out a little sooner, actually."
She says although most people like to think NERS had made more progress, the reality is that government agencies typically move at a slow pace. "Getting an association of that sort mobilized and moving forward can be very time consuming, given multiple layers and various influencers trying to steer the organization," says Warren.
As a government agency, NERS is not alone in the category of slow-movers, agrees Joe Greene, vice-president of IT security research with analyst firm IDC Canada Ltd. in Toronto.
The same reasons underlie the recent reports of a lack of coordination with international counterparts, he says. "Coordinating any government, let alone several governments, is usually quite difficult, given procedures and red tape."