Safety and Security Science and Technology

The Science Technology and Innovation (STI) domain must evolve with emerging risks and threats that characterize the new defence, safety and security landscape. From CRTI to CSSP programs, starting with the crucial counter-terrorism approach after 9/11, and evolving to an all-hazards approach, DRDC CSS’ STI community continued to look ahead as the current and future defence, safety and security landscape is now exponentially more diverse and complex. Indeed, it is now characterized by such issues as: mass migration and refugee crisis, economic slowdowns in emerging markets, ever-rising numbers of terrorists, activists, extremists, cyberattacks, pandemics, active shooters, climate related disasters, global water shortages, energy security and food security. These regional national and global risks have been in the headlines particularly in the last few years and pose significant security challenges both nationally and globally: in fact, national security is no longer just national. Non-state actors, cyber NGOs, rising powers, hybrid wars and crimes in strategic areas pose complex challenges to global security. The recent COVID 19 pandemic and the Russian invasion of Ukraine illustrate the dramatic spillover effects across borders. Further, CSS with its large, capable and responsive community of partners continue to foresee, adapt and respond to newer incredibly difficult challenges such as pandemics, climate emergencies, highly “contagious” extremism/ polarization/ radicalization and fast-spreading mis-/dis-information campaigns across the globe. This chapter presents an overview of the complex safety and security landscape^a and illustrates how the uptake/exploitation/impact of DRDC CSS’ STI^b, within a remarkable culture that also embraced a Whole of Government approach, evolved over 20+ years into an era-defining program that is postured to continue to close otherwise extremely difficult-to-close Safety and Security gaps in Canada.

The safety and security challenges that permeate our current threat and risk landscape transcend jurisdictional and organizational boundaries (Horton et al. in International Security Management: New Solutions to Complexity. Springer, Berlin, (2021)). Major events such as sporting events and entertainment concerts draw large crowds in a small area making it vulnerable to threat actors. Events such as the bombing in Manchester at the Ariana Grande concert in 2017, Las Vegas active shooter in 2017, Boston Marathon in 2013 represent the inherent vulnerabilities and security challenges that reside within major events (sporting, cultural, religious, musical). As described in (Masys in Science Informed Policing. Springer, Berlin, p. 237 2020), ‘…the post 9/11 security landscape has seen a fundamental shift in security planning, organization and management across the national and global security domain. This shift is particularly evident with regards to special events’. Security planning for such events cannot exist within a silo but must be part of an integrated event planning approach that brings together various stakeholders from the event planners, safety planners and security planners. This chapter presents how design thinking was employed to support the development of the Major Event Security Framework (MESF). The MESF was part of a larger research program: The Major Events Coordinated Security Solutions (MECSS) project, a multi-agency collaborative partnership, established to reduce the security risk associated with the Vancouver 2010 Winter Olympics and Paralympics, and the G8/G20 Summits.

Critical infrastructure (CI) is sometimes viewed as the physical and cyber systems so vital that their incapacity or destruction would be debilitating for a community. However, it can be viewed more broadly as people, processes and equipment—or as defined by Public Safety Canada the “processes, systems, facilities, technologies, networks, assets and services essential to the health, safety, security or economic well-being of Canadians and the effective functioning of government”. A focus on assets can lead to difficulties for assessing cascading CI risks—detailed asset information being unavailable especially if it is proprietary, or without the context of overarching business processes, inferring the implications of the asset loss may be challenging. The National Critical Infrastructure Interdependency Model (NCIM) approach is one based on this broader perspective of the ‘people, processes and equipment’ required to provide vital goods and services. The core of the model is a network of functions that capture key business processes across all critical infrastructure industries. A benefit is that the NCIM provides a comprehensive risk evaluation framework can be applied rapidly to a variety of contexts as demonstrated in several case studies presented in this paper. Another benefit is the ability to assess the implications of policy decisions related to critical infrastructure. The paper describes one such policy decision related to 5G communications technology.

Resilience is at the core of rural and remote Indigenous communities in Canada. For generations, these communities have leveraged strengths such as traditional knowledge and community cohesion to survive. The increase of occurrence and intensity of disasters due to climate change, especially in rural and remote areas where infrastructure is as isolated and at risk as the populations that it supports, necessitates adaptation and is driving attention to community resilience. Community resilience requires a strong social fabric that is made up of people, places, culture, traditions, institutions and knowledge. Over the past 15 years, DRDC CSS has made Science and Technology investments that enable rural and remote communities to adopt emergency management tools and strategies in the face of evolving public safety and security. In line with Canadian policy that has been evolving to support diversity and inclusion, and climate adaptation, the investments are also grounded in social innovation, and enable DRDC CSS to have a transformative impact that is both holistic and bottom up by increasing response efforts within the community, supporting regional and national collaboration, and equiping the communities with the capacity to influence public safety and security policy and operations. Lessons learned from the COVID-19 response have demonstrated that the act of creating an emergency response plan increases preparedness and response to emergency events, regardless of the applicability of a completed plan to a specific event, thus strengthening community resilience.

The nature of crime is continually evolving, and as nefarious actors take advantage of emerging trends across the economic, political, environmental, social and technological landscapes the threats they pose become augmented, and emphasizes the need to think strategically and anticipate for longer-term drivers of change and conceivable future scenarios. A foresight project entitled the “Future of Crime” was undertaken to present changes across the domain of crime and illustrate how these shifts could alter our crime landscape and impact defence and security. The project is used as a case study to demonstrate the need to apply strategic foresight methodologies on different levels of decision-making from strategic to tactical. This chapter explores the ability for foresight methodology to inform strategic planning and operational capabilities in the domain of defence and security.

This chapter summarizes innovations in security risk and capability assessment frameworks and methodologies to directly support dynamic decision making, forge a convergence with S&T, operations, intelligence and policy, and inform investment priorities of the Canadian Safety and Security Program (CSSP). Using a thematic approach, this paper reviews how multiple innovations were adopted as “best practices” into the conceptual design, development and implementation of security risk assessment frameworks and methodologies in the CSSP. These include the: use taxonomies to foster key stakeholder ‘buy in’; leveraging architecture frameworks to drive tools, methods and rating schema; the formulation of scenario based approaches for assessing high consequence all hazards risks; and, the application of an integrated risk and capability gap assessment model to guide investment in public safety and security S&T. In the CSSP, the innovations in security risk assessment identified best practices and common tools that supported numerous strategies and S&T portfolios (e.g., CBRNE, Critical Infrastructure Protection, all hazards safety and security; defence infrastructure/military bases), where risk assessment expertise/capability improvements that were adopted by practitioners, interdisciplinary teams and decision makers. Underpinning these innovations were strong partnerships and community-based approaches that enabled a credible risk-informed decision support environment, with consistent/scalable approaches to analysis and decision making under conditions of uncertainty.

Complex safety and security events can stress test societal systems and reveal ‘latent risks’ such as the lack of preparation, insufficient vulnerability analysis and response. Weick and Sutcliffe (Managing the unexpected: resilient performance in an age of uncertainty, 2nd edn. Wiley, San Francisco, 2007: 2) highlight how such an event can be ‘…considered as an abrupt and brutal audit: at a moment’s notice, everything that was left unprepared becomes a complex problem, and every weakness comes rushing to the forefront’. A Chatham House report, ‘Preparing for High Impact, Low Probability Events’, found that governments and businesses remain unprepared for such events (Lee et al., A Chatham House report, 2012). To support the full cycle of disaster management: Mitigation, Preparedness, Response and Recovery, exercises are conducted to support design of strategies and verify and validate them under controlled and observed conditions. This chapter examines the key features of exercises and how they have been applied to design and test plans, processes, people and organizations in preparation for disruptive shocks.

From a philosophical perspective and in practice, it is important to take FATE in ones hands and shape the way forward. With this introductory line I wish to raise awareness of a method which goes by the acronym FATE. It is a method developed through research conducted within the auspices of the NATO Systems Analysis Studies Research Task Group 123 (NATO SAS-123; Adlakha-Hutcheon et al., Futures Assessed alongside socio-Technical Evolutions (FATE) Final report NATO SAS-123. Canadian DRDC Publishing, DRDC-RDDC-2021-N242, 2021a) where FATE stands for Futures Assessed alongside socio Technical Evolutions. The acronym also lacks the S from socio in its fold. This was an intentional omission, primarily to highlight the fact that most foresight-related studies develop scenarios and/or list technologies that will be disruptive. In so doing, they miss out on the input from practitioners and society at large, that enable adoption or dismissal of a technology, be it emerging and/or disruptive. In defence circles, studying emerging and disruptive technologies is a must for obvious reasons, yet their extension to a larger context for securing our world demands the inclusion of variables from a wider societal lens. FATE can be used to anticipate how technologies evolve in just such a context. This chapter will examine what can happen when FATE is put into practice, and by contrast what may be missed in its absence.

This Chapter presents a model of collaboration between Canada and the U.S. in the development of knowledge, trusted advice and innovative technology solutions to address shared, bi-national, public safety and security issues. We outlined how we built a collaborative framework from the Canadian-U.S. treaty for Cooperation in Science and Technology for Critical Infrastructure Protection and Border Security, to accelerate the development of these science and technology solutions. We also outlined distinguishing principles that require particular emphasis in the security landscape, i.e., the necessity of building trust, consensus and agility. This approach has allowed us over the years to push the boundary of our cooperation to the level of an institutionalized binational relationship as we synchronize requirement cycles, investment planning, stakeholder engagement, risk and foresight approaches, and related programs and processes.

This chapter summarizes the innovation and provides a summary of the Paramedic Program Management activities under the Defence Research and Development Canada’s Center for Security Science (DRDC CSS). The content is organized around collaborative activities with federal government departments, international partners, and DRDC CSS supported projects. All activities align with specific Science and Technology (S&T) requirements of DRDC CSS as well as the Paramedic Community of Practice S&T research priorities. This document is meant to be illustrative and provides a general overview of the diverse activities of the Paramedic Portfolio Manager since its inception. The document serves as a historical record of activities and it is anticipated that it will be utilized as supporting documentation for future operational, logistical, human resource, and community resilience S&T endeavours that will address future Paramedic Community of Practice identified gaps and inform policy.

The dramatic growth of mobile broadband wireless networks worldwide has massively transformed the way society communicates, and accesses and exchanges information anytime, anywhere. This certainly is the case in Canada, where “as of 2020 there were 36.1 million mobile subscribers who used 3.4 GB of data per month on average” (Radio-Television, Canadian in radio 2014Canadian (2022)). Mobile broadband communications are at the foundation of a vast ecosystem that allows users (users includes human users and machine users) to ubiquitously connect to the Internet and the seemingly limitless information, applications and services contained therein, while using a variety of devices ranging from smartphones, tablets and laptops, watches, drones, the Internet of Things and autonomous vehicles to name a few. Despite the wide proliferation of broadband mobile wireless in global industries and society, the safety and security community has unique requirements related to reliability, interoperability and security that have resulted in the need for mobile networks designed specifically to address these requirements. This chapter will describe the DRDC Center for Security Science’s (DRDC CSS) contributions to Canada’s efforts to enable wireless mobile broadband communications for the safety and security community while addressing their distinct and essential needs, with interoperability at the forefront of these. This will include describing how CSS contributed to the Communications Interoperability Strategy for Canada, established the Communications Interoperability Research, Test and Evaluation Centre (CIRTEC), studied implementation and service delivery models for the Public Safety Broadband Network (PSBN) in Canada, developed the reference architecture and design, enabled important wireless communication advancements with the US in the area of safety and security, conducted sophisticated experimentation, and in doing so, delivered key science and technology (S&T) advice in these areas. The goal of each of these elements was, and remains, to offer advice and best practices on approaches and methodologies to enable effective wireless communications for the safety and security community. This chapter will also describe the CSS initiatives moving forward, including the delivery of a series of reports on the future of wireless communications for public safety and security while considering emerging technologies, the establishment of a next-generation wireless communications test and evaluation platform anchored by 5G mobile technology  (5G is the fifth generation of mobile communications as specified by the Third Generation Partnership Project (3GPP), the global standards body that develops the specifications for mobile communications), and upcoming experiments that demonstrate the near unlimited capabilities enabled by next-generation wireless technologies.

Information is central to the decision making processes that allow organizations to meet their strategic objectives. Organizations types span public and private industry, military, public security and safety, as well as academic. In most organizations, information sources can be internal but are generally external and include a stakeholder community that impose information handling requirements that can affect the exploitation of the information. Over the years, many protection mechanisms have been implemented. These mechanisms generally rely on cryptographic solutions applied by end-users. An information mesh provides a framework within which access management, protection, trust and chain of custody can be achieved. In addition, such a framework addresses authorship, ownership, custodianship and sovereignty challenges. This chapter provides an introduction to the concept of information mesh that abstracts away information technology and introduces information management in the context of a multi-organizational information sharing ecosystem.

Safety and security organizations are custodians of unique and vitally important information that supports society’s goals for safety and security. These organizations often struggle with managing their information in a way that ensures reliability and usefulness of this information at many organizational scales, from local to national. These struggles have been persistent over the last few decades. We assert that safety and security organization tend not to treat their information holdings as strategic assets but more as basic resources dependent on individuals’ capacities to manage resulting in fragmented approaches to information management at multiple scales. We examine a number of factors why this is the case and refer to a range of defence and security information management projects in which we have been directly involved in generating innovative solutions to these persistent problems. We advocate for a capability-based approach to mature information management practices in safety and security organizations and present a number of potential areas of research and development to further these concepts.