Unprepared: Canada lacks plan to protect critical infrastructure

that the departmental Web site still carries the old Liberal government’s promise that the strategy will be in place by “fall 2005”).

McLeod writes that despite the ominous message, the department has no all-hazards national CIP strategy to reduce those risks, to define who does what when disaster strikes or to manage the consequences. There is no mandatory, standardized definition of what constitutes critical national infrastructure, raising questions about what is in need of protection and how to prioritize limited public security resources, including the military, if and when something happens. There is no accepted plan about how responsibilities between governments and operators are to be determined, though industry has the primary responsibility for the protecting corporate assets “from the gate in.” There is no national, cross-sector consensus on what redundancies and resilliencies should be built into systems to mitigate disruptions and restore services quickly, or how much public money should be spent fortifying or expanding what are for the most part private assets. “It’s fair to say that the unit is about as useful as a screen door on a submarine,” says Martin Rudner, one of Canada’s leading critical infrastructure experts, Distinguished Research Professor Emeritus at Carleton University and founding director of the Canadian Center of Intelligence and Security Studies. The policy vacuum leaves provinces and private owner-operators largely responsible for protecting the country’s critical assets. Most notable is Alberta, with an extensive crisis management program in place for about five years. New Brunswick is designing another impressive provincial master plan.

Industry is split on the need for the federal plan. The petroleum producers say years of security and emergency preparedness work with the provincial and federal governments has left it well organized. “So I don’t think a new federal strategy would change those outcomes,” says Dave Pryce, of the Canadian Association of Petroleum Producers. The Canadian Electricity Association differs. A coherent CIP strategy that clearly outlines the roles and responsibilities of the different departments, levels of government and industry is “essential … something we’ve been engaging players on in the federal government for quite some time,” says the association’s Francis Bradley. Meanwhile, plans for a national cyber-security task force and a separate Cyber Infrastructure Protection Strategy, both also promised in Securing An Open Society, are equally murky. The government says it is “conducting research and analysis and holding consultations with stakeholders to develop policy options for a National