It would be an understatement to say that public safety and emergency preparedness, with respect to protecting critical IT infrastructures, is huge. It affects every single sector – from health care to finance – and it can often be unclear as to who’s in charge of what.
What is clear, however, is that major events and disasters – like the blackout in Ontario in August 2003 – have led to new undertakings, like the Canadian Telecommunications Emergency Preparedness Association. Combine that with existing agencies like Public Safety and Emergency Preparedness Canada (PSEPC), Industry Canada Emergency Telecommunications (ICET) and provincial organizations committed to improvement and collaboration, like the New Brunswick Emergency Measures Organization, and you’ve got an unprecedented level of awareness and preparedness.
Government departments and agencies know what they need. And service providers are able to step up to the plate and offer solutions that could see Canadians through the next disaster, with little or no damage done. There’s still a long way to go, but the progress that has been made – and is continuing to be made – is impressive.
While some solution providers may be profiting from a climate of fear, there seem to be more and more advances and products cropping up, ensuring all will be well in the area of IT in the face of a national emergency or disaster.
Protecting critical IT infrastructures
Clearly, companies are listening to the concerns governments are voicing. Malicious codes or worms could effectively shut down an entire government, which would have an unacceptable impact on the economy.
One of the more recent developments in cybersecurity is Microsoft Corp.’s Security Cooperation Program (SCP), announced by Bill Gates last month at Microsoft’s Government Leaders Forum in Prague.
The goal of the SCP is to work with governments addressing threats to national security, economic strength and public safety more efficiently and effectively, through co-operative projects and information sharing, according to Zuwena Robidas, departmental spokesperson for Canada’s PSEPC, a participant.
John Weigelt, national technology officer with Microsoft Canada, said the company sat down with the PSEPC because they felt there was a need to look at where they could help each other in responding to broad incidents, sharing information and building awareness about these activities.
Weigelt said there are always “hiccups” when you try to implement a new program such as the SCP. In particular, sharing information between the public sector and private sector can be a challenge in terms of data classification and what type of information can be shared.
The U.S. appears to be a little ahead of the game, judging by a recent report in Voices Of America News on a week-long test of the country’s cyber security.
Dubbed Cyber Storm, the $3-million initiative was a co-ordinated effort among more than 100 public, private and international agencies, corporations and governments.
George Foresman, Undersecretary for Preparedness in the U.S. Department of Homeland Security, described cybersecurity as “an essential part of our preparedness efforts.”
“Information technology systems can connect so many aspects of economy and society, including transportation, finance, telecommunications, health care and most importantly, national security,” Foresman said.
Who are you going to call?
Telecommunications is a critical infrastructure. Telecos ensure that government systems remain up and running in the event of a disaster.
Rob Moffat, president of Wallace Wireless, an Ontario-based company with a subsidiary in the U.S., said technology has presented advantages to emergency preparation.
“As you start to roll out wireless technologies,” said Moffat, “you start to give people access to information in terms of responding to an incident or event, from wherever they are, which is a key factor.”
An application that may help overcome those communication hurdles is the Wallace Emergency Locator (WEL), developed by Wallace Wireless and deployed via BlackBerry.
“If you were looking for people in the field, or trying to find key people when you’re responding, you can actually use the wireless infrastructure to locate them, send them messages and confirm their ability to respond,” said Moffat.
A lot of Canadian governments are looking to store their emergency plans on the device, keep them up to date, have all the contact information and get notified about events, he said.
In keeping with awareness and notification, Industry Canada Emergency Telecommunications (ICET) plays a key role in ensuring that all things telecom run smoothly in an emergency. Michel Milot, manager of emergency telecommunications at ICET, said their role is providing support and advice to the federal department, provincial departments and the telecom industry, mainly to ensure continuity in a time of crisis.
A major crisis that ICET played a key role in was the ice storm of 1998, which mostly affected Eastern Canada but paved the way for change for future disaster management.
“That was quite a learning experience, and in every emergency we have, we’re using new technology, using new tools,” said Milot “What we realized was how well we worked with those in the telecom industry.”
It’s not just about working well together, as with the Microsoft SCP initiative, it’s about meeting needs, and officials report that those needs have been steadily increasing since 9/11.
Brantz Myers, director of enterprise and industry marketing for Cisco Systems Canada Co., agreed that there is increased interest in government in changes in service requirements, especially in light of recent events.
“Every time these things happen, they lead to investigative work by towns, cities and provinces to make their infrastructures more resilient,” he said.
One of the provinces that did just that is New Brunswick. Although a small group with just 10 employees, the New Brunswick Emergency Measures Organization (NBEMO) has invested a lot in infrastructure and technology.
NBEMO has robust systems for the management of information in an emergency and for interoperability with others, according to the organization’s director, Ernest MacGillivray.
Lloyd Ellam, director of crisis management for Bell Security Solutions Inc., which provides network and IT security for communications networks to Canadian business and government, agreed on the importance of interoperability.
“That’s also a huge issue with all first responders at this moment in time,” Ellam said. “Even with something as simple as a fire, if you have more than one agency responding to that, you find that frequencies that people talk on, their radios, don’t match,” said Ellam.
MacGillivray said an all-hazards approach means something different in the post-9/11 world, covering cyberthreats as well as physical issues.
The security issue looms large, given that malicious codes and viruses could result in major problems, and as a result, Myers says Cisco is making its networks as self-healing as possible.
“The difference between a self-defending network and a network security approach is traditionally the only things you would harden would be the edges of your network,” said Myers. “But that wasn’t good enough because many threats can happen within an organization.”
For example, someone might bring a notebook into the office that they had been using at home, where children may have been using it to play a game and accidentally downloaded a malicious code.
“That code could unleash itself on someone’s network, unless that network is capable of being self-defending, and that would be done through building security into every single network element, so that threat gets nipped immediately,” Myers said.
Out of chaos comes change
One of the biggest lessons from events like the ice storm and the blackout of 2003 where wireless networks were affected was that carriers need to harden their cell sites.
What was seen in the ice storm was that if the main power source is cut to the towers, then a hardening of a cell site requires carriers to come in with back-up infrastructure. So carriers put in a generator and have contracts for fuel to be delivered in the event of another outage.
The problems encountered in the ice storm led to the formation of the Canadian Telecommunications Emergency Preparation Association (CTEPA), composed of emergency planners representing wireline, wireless and satellite facility-based telecommunications companies in Canada.
“The telcos got together in Canada, and they signed a contract with each other that they’d share services and help to fuel each other’s sites,” said Moffat.
Another important innovation for the telecom industry came in November 2004, when the federal government introduced WPS (Wireless Priority Service) for emergencies.
WPS provides selected wireless users (public safety officials) priority access to the network despite congestions. Additionally, backup power and transport issues are addressed nation-wide, as emergency authorities are provincial responsibilities. Industry Canada is supporting discussions to set up these arrangements.
But both the service providers and government officials conceded that interoperability is the key to ensuring system sustainability. With the many government departments and agencies now in operation, it’s more important than ever that each be aware of the other’s contingency plans – and more importantly, be capable of carrying them out if necessary. 061580
Lisa Williams (lwill[email protected]) is senior writer with InterGovWorld.com.