NEW GardaWorld Prestige offer for AAA commercial properties in Toronto, Ontario
GardaWorld is pleased to welcome Luciano Cedrone, CPP, CPD!
As our AAA commercial properties security expert, Luciano will lead our Prestige offer in Toronto. Luciano’s knowledge of the Toronto commercial security market is unparalleled.
PRESTIGE WILL PROVIDE CUSTOMIZED SECURITY SERVICES TO HIGH-PROFILE BUILDINGS THROUGH:
• An optimized management style
• Exceptional customer service
• Best practices sharing (intelligence reports, consulting & investigations, risk assessments), and more!
AAA-class buildings can now attain a level of services that merges global trends with local market specificities.
Discover more: garda.com
DEPARTMENTS
The
The
NEIL SUTTON
From the Editor
By Neil Sutton
New look for 2022
Publishing a magazine is a group endeavour.
T he writing, editing, art design and advertising all come together to produce each issue — not to mention the printing, mailing and support systems behind the scenes. Without all of these elements working together, we simply wouldn’t be able to do this, and you wouldn’t be reading this right now.
S upporting the Canadian Security brand are also websites, e-newsletters, events, award programs, video production, and other multimedia pursuits, each of which require dedicated and skilled people.
We’re also one brand amongst more than 65 owned by our parent company. To make this all work, we talk to each other (or email, text, message, Zoom, etc.) a lot.
S ecurity teams are also intertwined with the organizations that they serve, collaborating with HR, IT, legal and sometimes even marketing. For this issue, we asked several senior leaders to articulate who they collaborate with in their organizations and why.
T he responses indicate a network of relationships that gives the security department a voice in many different conversations. The pandemic has
EDITORIAL ADVISORY BOARD
Jason Caissie: Profile Group
Ken Close
Ashley Cooper: Paladin Security
David Hyde: Hyde Advisory & Investments
Sherri Ireland: Security Exclusive
only amplified these discussions and broadened some of these roles. I think ADP security leader Marti Katsiaras said it best: “There is no way you can sit in your own world and put up any barriers... There’s got to be collaboration. There’s got to be communication.”
“The responses indicate a network of relationships that gives the security department a voice in many different conversations.”
You should also take Tim McCreight’s advice and book some coffee meetings with other departments in your organization (read his column on building a security culture on p.10). I think most of us would agree that change is more palatable after a hot beverage.
This issue of Canadian Security also features a collaboration with another publication.
Wings editor Jon Robinson and I met last year (virtually) with several stakeholders in the aviation industry, including Ottawa International Airport and the Canadian Air Transport Security Authority (CATSA), to discuss security procedures and policies during COVID-19.
Mark LaLonde: Simon Fraser University
Bill McQuade: Final Image
Carol Osler: TD Bank
Tim Saunders: G4S Canada
Sean Sportun: GardaWorld
In a roundtable discussion, we talked about the incredible upheaval experienced by the air travel industry in the last few years, and how airports had to quickly adapt, particularly in the early months of the pandemic.
We also took a longer view of airport security systems and procedures, all of which changed radically just over 20 years ago following the 9/11 terrorist attacks. Anyone who remembers what travel was like prior to 2001 can testify how much has changed since then.
I ’m sure we’ll continue to see more change in air travel in the years to come, some of it as a direct result of the lessons learned from the pandemic.
As I mentioned, producing a magazine is a team effort. And you can definitely see the results of that collaboration in this issue. We have a bold new logo and new format.
This came together as the result of several meetings, many adjustments, and some generous co-workers who patiently answered all of my questions and indulged a few requests.
I hope you like the new look as much as I do and I welcome your feedback. | CS
Winter 2022 Vol. 44, No. 1 canadiansecuritymag.com
READER SERVICE
Print and digital subscription inquires or changes, please contact
Barb Adelt, Audience Development Manager
Tel: (416) 510-5184
Fax: (416) 510-6875
Email: badelt@annexbusinessmedia.com
Mail: 111 Gordon Baker Rd., Suite 400, Toronto, ON M2H 3R1
EDITOR
Neil Sutton
nsutton@annexbusinessmedia.com
ASSOCIATE EDITOR
Madalene Arias marias@annexbusinessmedia.com
GROUP PUBLISHER
Paul Grossinger pgrossinger@annexbusinessmedia.com
ASSOCIATE PUBLISHER Jason Hill jhill@annexbusinessmedia.com
MEDIA DESIGNER
Brooke Shaw
ACCOUNT COORDINATOR
Kim Rossiter krossiter@annexbusinessmedia.com
COO Scott Jamieson sjamieson@annexbusinessmedia.com
Printed in Canada
I.S.S.N. 0709-3403
Publication Mail Agreement #40065710
SUBSCRIPTION RATES
Canada: 1 Year $43.00 + Taxes; U.S.A. (payable in CAD dollars): 1 Year $95.55; International (payable in CAD dollars): 1 Year $110.00
EDITORIAL AND SALES OFFICE
111 Gordon Baker Rd, Suite 400, Toronto, ON M2H 3R1 (416) 442-5600 • Fax (416) 442-2230 canadiansecuritymag.com
Canadian Security is published four times per year by Annex Business Media. Annex Privacy Officer Privacy@annexbusinessmedia.com Tel: 800-668-2384
Canadian Security is the key publication for professional security management in Canada, providing balanced editorial on issues relevant to end users across all industry sectors. Editorial content may, at times, be viewed as controversial but at all times serves to inform and educate readers on topics relevant to their individual and collective growth and interests.
The contents of Canadian Security are copyright by ©2022 Annex Publishing & Printing Inc. and may not be reproduced in whole or part without written consent. Annex Business Media disclaims any warranty as to the accuracy, completeness or currency of the contents of this publication and disclaims all liability in respect of the results of any action taken or not taken in reliance upon information in this publication
By ASIS Canada
ASIS International global structure reflected in new regional boards
Globalisation is not a recent phenomenon.
The security industry has been affected by the world coming together just like other industries, whether it’s from a threat perspective or through a resourcing lens.
ASIS International, the world’s largest security industry association, began a strategic initiative a few years ago to ensure it is best structured for the future of the security industry. In 2019, the Board of Directors approved a plan to review “a strategic global direction and unified management system that maintains longterm organizational integrity and allows us to use best practices for global associations such as ours.”
As Canadian security professionals, we are impacted by this change in governance. The good news is, we are well represented at many levels of the new global structure.
Governance and continued globalisation
Beginning January 2022, ASIS will stand up the North American Regional Board of Directors and the European Regional Board of Directors. Part of the new governance structure includes seats at the Global Board of Directors for the chairs of these regional boards.
Canadians are out in front and leading this change
Starting with the Global Board of Directors, Canada is represented by Tim McCreight, CPP, a long serving Board member with experience on the strategic planning committee, investment, budget, finance and audit committees and sponsorship of Enterprise Security Risk Management (ESRM). McCreight has recently been appointed president-elect for 2022, meaning he will become ASIS president in 2023.
The seating of new North American
and European Regional Boards of Directors is the next major step in the association’s transition to a global governance structure that allows ASIS to better serve its members at local, regional and global levels.
Sitting on the first ever North American Regional Board of Directors are: Susan Munn, CPP, Marti Katsiaras, PSP, and Mark Folmer, CPP. These amazing Canadian security professionals ensure the North American board will view issues and opportunities from both sides of the 49th parallel.
The nominating committee had a strong Canadian presence from Jason Caissie, PCI, PSP, CPP. Caissie’s knowledge of the new governance structure and the goals of the North American board led to the selection of Munn, Katsiaras and Folmer to be part of this inaugural Board.
Opportunities ahead
The new regional board structure allows ASIS to increase member engagement at the local level. The lessons learned from these first two regional boards will help ASIS grow globally, embracing each region and creating more opportunities for engagement, growth and member involvement. | CS
North American Regional Board of Directors
Chair: Donna M. Kobzaruk (U.S.)
Vice Chair: Mark J. Folmer, CPP (Canada)
Secretary/Treasurer: Craig S. Russell, CPP (U.S.)
Maria G. Dominguez, CPP (U.S.)
Richard L. Duncan, CPP (U.S.)
Marti Katsiaras, PSP (Canada)
Rachelle Loyear (U.S.)
Loye A. Manning CPP, PSP (U.S.)
Leonard Moss, Jr., CPP (U.S.)
Susan E. Munn, CPP (Canada)
Jason M. Sikora, CPP (U.S.)
Jeffrey A. Slotnick, CPP, PSP (U.S.)
European Regional Board of Directors
Chair: Erik de Vries, CPP, PSP (The Netherlands)
Vice Chair: Stephanie M. Bergouignan, CPP (France)
Secretary/Treasurer: Torsten Wolf, CPP (Switzerland)
Christina Alexander Alexandropoulou (Greece)
Samuele Caruso, CPP (Italy)
Radek Havlis, CPP (Czech Republic)
Glenn Cornelis Schoen (The Netherlands)
Andrew Williams, CPP (United Kingdom)
Trending
Former CSIS operative explains the spy life
A former Canadian Security Intelligence Service (CSIS) field operative has written a book about his career with the agency, partly, he says, to give Canadians a better appreciation of what the organization does and how it helps to keep us safe.
Andrew Kirsch originally began his career in the finance industry in London, U.K., until a terrorist attack in the city spurred him in a different direction, he says. He applied to CSIS online, moved back to Canada, and began a 10-year journey with the service, first as a policy analyst, then as an intelligence officer. After leaving CSIS, Kirsch spent two years working for the Ontario provincial government before establishing his own Toronto-based security firm, Kirsch Consulting Group, almost three years ago.
Kirsch’s new book, I Was Never Here, offers some insights, he says, into what is largely an overlooked branch of government for most
Canadians.
“One of the reasons I wanted to write this book is because I wanted to say, there’s this organization in Canada that does neat things that no one knows anything about,” he says. “I think it’s to our detriment that we aren’t more aware about the challenges and the people who are doing this stuff.”
Kirsch says his book isn’t about policy or politics, but more of a “very personal story about what it was like to commit to this area of public service.”
A preview page on Kirsch’s website promises the book will lift the veil (to the extent that he’s allowed to) on his former life: “If you’ve ever wondered whether spies can have real dating lives, how they handle family responsibilities, or how they come up with cover stories or aliases, you’re in luck.”
I Was Never Here will be available on March 1. | CS
Survey: Most targeted firms paying ransomware demands
According to a new survey conducted by Toronto IT firm Novipro and Leger Survey, more than half (56 per cent) of the Canadian organizations that fall victim to malware attacks are paying ransomware demands.
“If organizations invested even a fraction of the potential cost of an attack, they could easily put systems in place to guard against such fraud,” said Yves Paquette, co-founder and CEO, Novipro, in a prepared statement.
The data indicates that about a third of these organizations utilized negotiation services.
Additional survey findings include:
• 43% of respondents said their breach concerns have increased since the introduction of hybrid work
• 53% of cyberattack victims said their employees are the main source of cyberthreat
• 45% of organizations have struggled to attract skilled IT talent
• 40% of companies said they have more confidence in the security abilities of their IT teams in the wake of the pandemic | CS
Coming Events
MARCH 22-25, 2022
ISC West Las Vegas, Nev. www.iscwest.com
APRIL 12, 2022
Retail Loss Prevention Forum Online www.retailcouncil.org
APRIL 20, 2022
Security Canada East Laval, Que. www.securitycanada.com
MAY 10, 2022
Security-Police-Fire Career Expo Vaughan, Ont. www.emergencyservicesexpo.ca
MAY 16-18, 2022
IAHSS Annual Conference & Expo Reno, Nev. www.iahss.org
MAY 17-20, 2022
OACUSA Annual Conference Collingwood, Ont. www.oacusa.ca
MAY 31, 2022
Advance: Women in Security Online www.canadiansecuritymag.com
JUNE 22, 2022
Security Canada West Richmond, B.C. www.securitycanada.com
JUNE 27-30, 2022
IACLEA Conference & Expo Las Vegas, Nev. www.iaclea.org
SEPTEMBER 12-14, 2022
GSX Atlanta, Ga. www.gsx.org
OCTOBER 5-6, 2022
Sector Toronto, Ont. www.sector.ca
OCTOBER 19-20, 2022
Security Canada Central Toronto, Ont. www.securitycanada.com
Window on Security
By Kevin Magee
The economics of ransomware
Long gone are the days of the fullstack cybercriminal sole proprietor, or as Hollywood would say the “lone hacker.”
Today, organizations face not just individuals or small, unorganized criminal gangs phishing for random victims and conducting virtual smashand-grabs, but an entire cybercriminal industrial complex buoyed by thriving darknet marketplaces peddling criminal-to-criminal products and services. A shadow global economy has emerged, complete with verticalized supply chains and skill specialization, all of which are simultaneously normalizing and commoditizing cybercrime, making attacks cheaper, easier, and more numerous. Its engine of growth is ransomware.
Ransomware originally began as a nuisance cybercrime more akin to a virtual pickpocket than the alarming national security threat that it is today. Back then, it was sheer volume, not sophistication, that was the key to success for cybercriminals who sent out thousands upon thousands of generic and low-quality phishing emails hoping to lure a small percentage of us into clicking on a malicious link.
For the few who did click, rogue code would immediately encrypt the files on their computer and lock up their system, accompanied by a splash screen demanding a standard ransom amount. It was essentially a low-margin
“Ransomware gangs now act more like professional intelligence operations.”
retail operation with limited ability to scale. And all of this could theoretically be defeated by simple anti-virus technologies (assuming they were installed and kept updated) and fundamental security awareness because the basic economics of ransomware at scale essentially still favoured the defender.
Today, however, the ransomware racket has evolved beyond its consumer-focused roots to become a low-cost, high-margin, immensely scalable and automated cybercriminal business model with very low barriers to entry and incredible ill-gotten profits to be made. The tools, techniques
and procedures have also become much more sophisticated, and cybercriminals are increasingly targeting businesses, government agencies, and critical infrastructure victims to maximize profits.
Ransomware gangs now act more like professional intelligence operations than their common criminal predecessors. Once they gain access, rather than immediately mounting an attack, they perform detailed research on their target victims including reviewing financial documents and insurance policies to determine an optimal ransom demand and then use exfiltrated data as extra leverage
or for additional extortion opportunities and profits.
While the complexity of ransomware attacks has increased, the associated costs and barriers to entry have actually fallen to next to nothing. Today, an aspiring cyber-criminal mastermind whose lack of technical skills is holding them back can simply tap into the booming criminal-to-criminal market where the average price of a compromised PC is only $0.13 to $0.89 and passwords are a steal (pardon the pun) at just $0.97 per 1,000 or $450 for a bulk purchase of 400 million, as detailed in our latest Microsoft Digital Defense Report.
Kevin Magee is the chief security officer at Microsoft Canada (microsoft.ca).
Ransomware has become so easy and so lucrative that many cybercriminal gangs now operate with budgets similar in size to that of nation states.
Some are even rumoured to be so flush with cash that they are acting as illicit venture capitalists, investing in new cybercriminal startups and business models.
So, what is the best way to stop ransomware? Its success is driven by economics that favour the attacker, therefore the best way to stop it is to change the economics.
A great place to start for any organization is by implementing Zero Trust, which is a
security strategy that has gained considerable adoption and momentum since the start of the COVID-19 pandemic and can be implemented rapidly and effectively leveraging cloud-based platforms along with proven frameworks and maturity models.
It includes three main principles:
Verify explicitly. Make it harder and more expensive for cybercriminals to get in by always authenticating and authorizing based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.
Use least privileged access. Limit cybercriminal returns by restricting user access with just-in-time and justenough-access. Apply and enforce risk-based adaptive polices and data protection to help secure both data and productivity.
Assume breach. If and when cybercriminals do get in, minimize the damage they can do by segmenting access and verifying end-to-end encryption as well as using analytics to provide better visibility, drive threat detection and improve defences.
Implementing a Zero Trust strategy immediately begins to impact cybercriminals where
it hurts the most — their own bottom lines. When augmented by a highly skilled and aptly trained security team as well as a cyber-aware leadership and a cyber-vigilant workforce, a Zero Trust strategy can significantly increase the security posture of an organization, making it more difficult, time-consuming and expensive for an attacker to attempt a breach. As more and more organizations begin to adopt this model, the pickings become slimmer and slimmer for cybercriminals which in turn begins to change the fundamental economics of cybercrime to favour the defender once again. | CS
By Tim McCreight
The power of the coffee meeting
One question that’s come up in almost every discussion about Enterprise Security Risk Management (ESRM) is, how do I gain the commitment from this new approach to security?
Whether it’s from your team, your peers or your leadership, commitment helps ensure your journey to enabling a risk-based, business-focused security program will face fewer obstacles.
I’ve experienced the benefit of having an organization fully support a risk-based approach, and felt disappointment in other enterprises that didn’t see the value. It’s so hard to understand why an organization can’t appreciate the difference a risk-based approach will bring.
My first reaction early in my career was personal — that it was an attack on me! But I’ve come to a different understanding now that I’ve spent more time in my career and developing myself.
It’s incredibly hard to change the minds of executives in some companies! I’ve run into that wall a number of times, and felt emotionally exhausted trying different tactics and approaches. Years ago, I thought I could force change upon an organization. Sadly, that just left me questioning my skills as a security professional.
I thought I did something wrong, or executives didn’t care about security if they can’t embrace my recommendations. I forgot our profession is about dealing with humans — the buildings they design, the code they write, the products they want to sell. As soon as you bring people into the equation, you have to change your approach and focus on the human element of security.
I enjoyed the greatest success in changing a security culture when I approached the program from the top down, and the bottom up. It meant more work, more communication and more training, but was worth the effort.
“As soon as you bring people into the equation, you have to change your approach.”
I started spending time with peers and supervisors in not only my department, but other teams. I’d book coffee meetings to chat with these folks about their departments, how they interacted with the security team, and what they worried about. During those coffee meetings, I learned so much about their team, their struggles, and what they aspired to achieve.
I’d take that information back to the security team, and begin assessing these risks to look at ways our security organization could help. We were able to find some quick wins to help the other departments — a change in procedure, or engaging the security team earlier in a project. Some problems were more complex, or involved multiple departments.
One option I used for those situations was hosting joint workshops focused on resolving a common risk.
I was always fascinated to see these workshops unfold, and the barriers between teams drop as I watched participants jointly develop a practical solution. I remember some of those sessions being particularly stormy for the first few hours, but the sky would break and reveal something extraordinary. Those sessions were pretty special to me, and I remember participants leaving the workshop with a renewed sense of teamwork.
When I turned my attention to executives, I’d spend time with my leader, describing the value of a riskbased program and how security can become a trusted advisor to leadership. Once I established that trust over time with my leader, I asked for introductions to their peers so I could spread the ESRM message to the executive team — one coffee meeting at a time. This approach took more time and effort, but it meant we found common ground focused on trust instead of fear.
Focusing on the human element of a risk-based security program makes you more vulnerable professionally — but also more human.
Tim McCreight is managing director,
Laval, Quebec April 20, 2022
Richmond, British Columbia June 22, 2022
Toronto, Ontario
October 19 – 20, 2022
Industry View
By Winston Stewart
The trickle-up effect of Ontario’s minimum wage increase
When Ontario’s Progressive Conservative govern-
ment announced in the recent Fall Economic Statement that the province’s minimum wage would increase to $15 from $14.35 on January 1, 2022, labour leaders, workers and many other observers applauded the move.
Advocates had long been calling for Queen’s Park to increase the minimum wage in a drive to help every Ontarian earn a satisfactory living wage. The goal is commendable, but for many security firms — including those deeply committed to their employees’ overall well-being — the timing of the increase is less than ideal.
To say the least, our industry has been heavily affected by the coronavirus pandemic. Office complexes, hotels, retail outlets, commercial properties — and more — reduced their security coverage hours as social distancing measures restricted on-site access. In other cases, security providers saw a spike in demand from customers such as grocery store owners and health-care facility managers who suddenly required an increased presence to help enforce COVID-19 rules and regulations across their properties. As guard demand spiked, staff availability sometimes diminished.
The events of the past two years have created unprecedented challenges for our sector. We largely weathered the storm, but the pandemic’s effects will be felt for some time. Now is not the time to implement a significant increase to the provincial minimum wage.
LABOUR SHORTAGES ACROSS CANADA
Recent studies have underscored sector-specific labour shortages across the economy. That lack of workers has helped push up wages and has resulted in major headaches for owners of some small to mediumsized businesses.
According to Statistics Canada data, national employment vacancies reached 731,905 available jobs in the second quarter of last year — for a vacancy rate of 4.6 per cent — up from 560,215 openings, or a rate of 3.5 per cent, in the fourth quarter of 2020.
Economists have pointed to everything from COVID-19 relief programs such as the now-defunct Canada Emergency Response Benefit to pandemic-related workplace anxieties as contributing to the labour gap.
For service providers such as security firms, the job vacancy rate climbed to 5.5 per cent in 2021. The average hourly wage rose to $22.70 in the first quarter, up from $21.35 in the fourth quarter of
“Economic realities will always shape the financial structure of our industry.”
2020. In other words, market forces have already been driving up wages across industries such as ours, putting downward pressure on organizational bottom lines. Enter the minimum wage increase and the potential for unintended consequences.
THE ‘TRICKLE-UP’ CONUNDRUM
The impact of an increase to the minimum wage isn’t limited to workers’ individual pay packets. It inevitably produces a “trickle up” effect. That’s when supervisors and other longer-tenured staff begin making comparisons between their wages and those of front-line personnel. Let’s say the former group earned $20 per hour prior to the minimum wage increase, or nearly $6 more than their direct reports. After that increase, it’s only logical that those supervisors will expect a pay increase to keep their compensation in alignment with the employees they manage. That supervisor may now expect to earn $21 to $24 per hour, an increase that
Winston Stewart is the president and CEO of Wincon Security (wincon-security.com).
might also account for a rise in inflation, generally.
The mere perception that a supervisor “should” be earning “X” amount more than non-management employees will drive salary expectations higher.
Those extra labour costs must either be absorbed by the security service provider or be passed along to their clients in the form of higher fees. The trouble is that many clients are facing inflationary pressures across their businesses, as well. A substantial number will be unwilling to accept higher security costs, just as some security providers will keep their rates artificially low, amassing contracts and doing business based on volume rather than adequately pricing their services to deliver the kind of experience that clients expect (and deserve).
This potential race to the bottom bene -
fits no one, while generating additional operational headwinds for a security industry that’s eager for both stability and new opportunities for growth.
We’ve seen this scenario play out before with previous increases to the provincial minimum wage. In some cases, clients — at least in the short term — have reduced their security coverage to account for a rise in fees. Hours are reduced and it’s the front-line security professionals who suffer negative financial outcomes in the end.
MARKET FORCES SHAPE COMPENSATION STRUCTURES
The bottom line at my company, Wincon Security, is that we want the very best for our people. We want them to earn a strong living wage — which explains why we pay above industry standard. Their overall
wellness and professional success is a key focus for our organization. I know other security providers that take the same care to build strong workplace cultures and who genuinely want their employees to thrive.
Economic realities will always shape the financial structure of our industry, from the fees we charge to the wages we can offer team members. The timing of Ontario’s latest minimum wage increase is inappropriate for an economy emerging from the worst of a once-in-a-century pandemic, one still struggling to mitigate the financial burden it’s lowered onto small to medium-sized businesses across the province. That includes security firms. Rather than improving the lives of minimum-wage workers, this increase could leave them (and our industry) worse off. | CS
Airport security during COVID
Experts explain how the aviation industry adjusted to the pandemic. By
Neil Sutton
Just a few years ago, airports were practically synonymous with bustling crowds and long lines.
In 2020, that changed dramatically as people were encouraged to stay at home and travel was massively curtailed in an effort to limit the spread of COVID-19.
Airports are among the hardest hit industries as a direct result of the pandemic, with financial losses assessed to be in the billions of dollars. For security professionals working in Canadian airports, this dramatic shift also presented a new set of challenges.
Canadian Security, in collaboration with Wings magazine, asked some of these stakeholders to participate in a virtual roundtable to talk about the impact of the pandemic, as well as other issues that have affected the practice of airport security, including technology and training.
The roundtable discussion was conducted in the fall of 2021 and sponsored by Securitas Aviation Canada and Smiths Detection.
Onset of COVID-19
There are perhaps two hallmarks of the pandemic that have affected airport security most keenly: severely reduced travel volumes and new screening procedures.
“We went from being a relatively bustling airport of 15,000 to 20,000 people a day to days where we had maybe between 100 and 300 people in the airport,” said Michael Beaudette, vice-president of security, emergency management and customer transportation at Ottawa International Airport. He added, joking, “I think there were some days where we had more birds in the terminal than we had people. That’s how bad it was.”
Airports are known for a strong security culture of “eyes and ears” and a “see something, say something” mentality. Facing staff reductions, Beaudette said he took the opportunity to provide as much security training as possible. “We started increasing our red teaming exercises to keep people on their toes.”
Training exercises extended not only to
airport staff, but to security partners as well, including police and government.
“We had canine teams from the police force [and] counter-terrorism organizations coming in. That physical presence was a good thing to have here as well,” added Beaudette.
The diminished presence of travelers and airport staff did allow airports to hone their focus on security culture, added Chris Phelan, vice-president of government and industry affairs at the Canadian Airports Council (CAC). “We’ve been doing a fair amount of discussion of this at the CAC Security Committee,” he said. “That’s one of the things that’s really come out this year is just how, when people hunkered down, the security culture of the airport has really revealed itself.”
Kelsey MacTavish, senior director of operations at the Canadian Air Transport Security Authority (CATSA), described the sight of empty airports as “a surreal experience… very bustling airports suddenly had very few people, if any, coming through
screening checkpoints.”
An initial focus for CATSA was making sure its screening officers were provided with personal protective equipment (PPE) so they “could continue to do their jobs, and felt safe doing it,” said MacTavish.
The onset of the pandemic was akin to “drinking from a firehose,” in terms of coping with the sheer volume of information, she added, but CATSA has worked through a health crisis before, albeit on a much smaller scale, during the SARS epidemic in the early 2000s. Months before the coronavirus pandemic was declared in March 2020, CATSA was already monitoring the situation and preparing for change.
Denis Perron, senior director, screening technology at CATSA, said that the organization was tasked with deploying body-temperature screening devices early in the pandemic and on short notice. Acrylic barriers were also introduced at screening points, to “add a layer of protection between screening officers and those being screened,” he explained.
“I’m proud to say that CATSA was always there to do its part in terms of deploying tools or whatever was required to support the screening officers and to facilitate that passenger experience.”
Communicating with passengers
With so many business travelers grounded, either due to COVID mandates or restrictions imposed by their employers, the people moving through airports during the pandemic were often leisure travelers, less familiar with airport procedures.
Flight departures were sometimes scheduled into very tight timelines, which tended to create condensed peak periods and thus bottlenecks at security checkpoints, said MacTavish. “We’re trying to work with airports and with air carriers to get the message out to these leisure travelers about how they can come to the
airports better prepared for the screening experience,” she explained.
Beaudette said Ottawa Airport has observed a change in behaviour amongst some passengers as a result of added stress due to the pandemic and a lack of familiarity with airport procedures and etiquette. “They get much more flustered,” he said. “And so things escalate very, very quickly when there are delays or when there’s frustration.”
Security personnel can provide a reassuring presence during these times, said Beaudette. Police patrols
parting passengers. Employees and personnel working in restricted areas were also subject to temperature screening by CATSA. These programs were discontinued in August 2021.
CATSA began implementing a more efficient approach to security screening several years ago. “CATSA Plus” is a screening system that incorporates the latest in available technology as well as streamlined processes that allow four passengers to divest their belongings simultaneously. It officially debuted at Calgary International Airport in 2016 and
“CATSA was always there to do its part in terms of deploying tools or whatever was required to support the screening officers.” — Denis Perron, CATSA
and canine units have “a calming effect,” he said. “People want to see that security is there.”
Police presence “tends to bring the tempers down and help people realize that this is a serious business,” agreed MacTavish. “When we have a calm and orderly processing of passengers, then the screening officers are better able to do their jobs, and to execute the mandate that they have.”
Rapid technology deployment
The onset of the pandemic spurred the security vendor community to quickly supply body-temperature screening devices as a means to test for potential fevers — one of the major symptoms first linked to COVID-positive cases. In July 2020, the federal government mandated a phased rollout of temperature screening in Canadian airports, requiring air operators to conduct temperature screening of all arriving passengers, and CATSA to conduct temperature screening of all de -
has since rolled out to other Canadian airports.
“I’m hoping once you see the passenger volumes come back, you’ll see the benefits of the CATSA Plus concept, which offers enhanced security effectiveness, while also processing passengers at a higher rate,” said Perron.
Nanette Fraser, sales account manager, Canada, at Smiths Detection, a global provider of screening and detection technology, said the company is always working on improved product efficiency and effectiveness. The development of remote monitoring for security checkpoint scanning equipment, for example, would allow operators to work from a standalone room.
“Another item we’re working on is more of an artificial intelligence application or automatic target recognition application (iCMORE) — what we consider deep learning,” said Fraser. The implementation of AI, configured for object recognition, would assist the operators in
their detection duties during the pre-boarding security process.
Smiths Detection also develops CT (Computed Tomography) scanning technology, which, when used at pre-boarding security checkpoints, could significantly improve throughput. The technology is able to generate volumetric 3-D images of scanned carry-on baggage, meaning items like liquids and laptops may not need to be removed from bags.
Beaudette has implemented technology behind the scenes to improve the security posture in Ottawa. He indicated that video analytics technology has been very helpful in monitoring activity. Configured to detect movement, it can alert the security operations centre of any human activity in restricted areas, which helps the airport make the most of its security resources. Likewise, analytics can detect loitering and provide alerts. “It just makes you more situationally aware,” said Beaudette.
Virtual reality technology also plays a significant role at Ottawa Airport, providing a training environment that can be utilized not only by airport staff but by partners including police and fire agencies.
The airport has implemented XVR simulation technology, which can replicate emergencies ranging from crash events to lost dogs on the tarmac.
“We had our airport 3D-mapped and geospatially-mapped,” said Beaudette. “You can deal with just about any incident you could possibly imagine, primarily geared towards air incidents.… Whatever your imagination can come up with, we can reproduce it in a virtual reality environment.”
Constant change
Airport security professionals have had to react quickly to the strictures laid down by the pandemic, making adjustments to screening procedures and in some cases implementing new technology and mandates on short notice. But adaptation is a way of life in this industry.
The roundtable was convened not long after the 20th anniversary of the Sept. 11, 2001 terror attacks—an event that forever
changed air travel globally. CATSA itself was created in 2002, less than a year after the tragedy.
“Transportation has continued to be targeted in the past 20 years in different ways,” said MacTavish, noting that air travel regulations about allowable liquids, aerosols and
gels were implemented in 2006.
“But I think sometimes we forget that aviation security is a day-to-day thing. Its evolution is very incremental. And so a lot of what we deal with every day is about review, refinement [and] modifications to screening measures.” | CS
6,800 kg vehicle brought to sudden halt from 80km/h by one K-12 rated Bollard.
Perimeter Protection Products
Hostile Vehicle Mitigation - HVM
Shallow Foundation: The 275 K12FB bollard only requires a 600mm embedment.
S tand Alone Protec t ion: A single 2 75 K12/FB bollard is certified to K12 standards.
Versatile: Available in fixed and removable mounts.
Aesthetics: Brushed stainless steel or powder coated in any RAL colour.
ännt 275 K12FB
Forging relationships in the enterprise
Security departments are increasingly part of the organizational network — less siloed and more collaborative.
By Madalene Arias
At varying degrees, corporate security teams have always required collaboration with other departments to meet their own mandates.
Now, entering a third year of the coronavirus pandemic, security leaders from various Canadian organizations have reported an acceleration of this trend in collaboration. Security teams are liaising with other departments not only to fulfill their own goals but also to maintain the continuity of the organization or business they serve.
For Thomas Stutler, vice-president of national security operations at Cadillac Fairview, security within this organization has always maintained a high level of engagement with other departments due to the nature of the risks they face each day. According to Stutler, this level of engagement was established incrementally at Cadillac Fairview long before COVID-19 came on to the scene.
“We’re the owner and operator of high-profile offices and office towers and mall properties and those have a tremendous risk,” said Stutler.
A setting like the Toronto Eaton Centre is what he refers to as a linear target — one where the potential for a single individual to carry out a lot of damage is very high.
The shopping mall at the heart of the city is just one of the many commercial properties in the multi-billion-dollar real estate firm’s portfolio. Not only does the mall overlay underground public transit stations and railroads, this downtown attraction never closes. According to Stutler, 51 million people walk in and out of the Eaton Centre in a typical year.
“Here’s the thing with Cadillac Fairview — everyone just had to add COVID to their normal workload. We cannot shut down properties. We just can’t do it,” said Stutler.
For him, everything that has happened since 2020 has been an exercise in resiliency. Security at Cadillac Fairview
operates on a business continuity plan that accounts for everything from pandemics to burst water pipes, according to Stutler.
“I just kept telling my team, ‘This is business as usual, guys. We’re just increasing the pace a little bit and we’re rockin’ and rolling, but this is just business as usual.’”
For organizations like Cadillac Fairview, keeping up with federal and provincial responses to COVID-19 meant engaging with the legal team, human resources and procurement at a much higher frequency than ever before.
Stutler said that in March 2020, security at Cadillac Fairview worked together with HR to ensure security guards were asked to work overtime and schedules were adjusted as necessary.
As lockdowns persisted and security personnel saw an increase in COVID-19 protests, Stutler said HR became the front and centre of mental health as guards experienced lowered morale from their dealings with what he called “activism.”
HR collaborated with security to provide their teams with mental health resources. One such resource was an over-the-phone counselling service, another was the introduction of a buddy system where security employees worked in pairs and asked each
Onsite Guarding Mobile Guarding Remote Guarding Electronic Security
Security Elevated. .
Securitas Integrated Guarding
Balancing the expertise and innovation of two or more core security services – On-site, Mobile, Remote Guarding and/or Electronic Security – to deliver optimal protection to your organization. securitas.ca
other a set of questions to encourage discussion for the duration of their shifts.
According to Stutler, the buddy system has proven most effective in lifting team spirit.
When vaccinations against COVID-19 became available, Cadillac Fairview’s tenants decided they would support a vaccination policy for all employees of the property. Once again, HR became involved to help determine whether the company would have a zero-tolerance policy for unvaccinated persons or whether they would allow for exemptions.
Any communications containing deadlines to meet vaccination requirements were filtered through HR to ensure they respected union rules and provincial legislation.
Finally, Stutler said procurement played a major role at the start of the pandemic when masks became mandatory. The procurement team helped security acquire five million masks in as little time as possible.
Once vaccine passports were incorporated into the day-to-day workload, procurement also obtained for security 400 cellular phones that could support the application needed to present QR codes. According to Stutler, they were procured from a secondary market to minimize costs and get them in the hands of their staff as soon as possible.
Collaboration builder
At Shaw Communications, conservation of resources and efforts has also shaped the way security collaborates with other departments.
James Armstrong, the company’s chief security officer and senior vice-president, data, said security is no longer a process point along a chain of events to getting a project approved. Instead, security is engaged in conversations as a collaborative builder towards the outcome.
As Armstrong explained, the purpose of engaging security early on in a project is to have the department assess for any risks and help the team leading the project avoid unnecessary trips down a path that could prove costly.
“Their success is our success,” said Armstrong.
He said this shift in collaboration needed to happen.
“We can’t do it without every employee working with us,” said Armstrong.
For a telecommunications company like Shaw, threats go beyond traditional forms like thefts and break-ins. Threats change and evolve at the same pace as technological advancements.
The continuous shift to cloud control represents a new set of security challenges for his team as it does for others in the industry. As well, the internet of things (IoT) and introduction of new devices means that his teams must learn the skills to keep those devices secure.
However, he notes that amongst all threats the constant factor is always people.
“Whether it is their entryway into your company, whether they get phished or they’re handling sensitive assets or data, you want them all in the security role processes. The constant factor is all your people,” said Armstrong.
For this reason, talent pools are a source of strength but a vulnerability at the same time. The solution, according to Armstrong, is to collaborate closely with HR to develop a strong security culture.
This means, for example, that staff at all levels of the organization must be trained and continuously updated on the latest phishing scams and hacks.
As Armstrong explained, it is frontline workers in call centres or retail stores who represent the first point of contact for scams.
“Your training and awareness team needs to be well embedded with your HR team and your communications team.”
— James Armstrong, Shaw Communications
“Your training and awareness team needs to be well embedded with your HR team and your communications team. They really need to understand the learning dynamics of the employees you have,” said Armstrong.
In addition to scams, telecommunications companies like Shaw must cope with the global shortage for cybersecurity talent.
Armstrong said someone with a lengthy cybersecurity resume with a lot of skillsets is a highly valued asset. However, cybersecurity teams must continue to develop their skillsets regardless of ability.
Technology teams represent another vital collaborator for cybersecurity. Armstrong described how the technology teams at Shaw have carried out development operations and have proactively built security controls.
Effective communication
Marti
Katsiaras, global public safety, crisis manager and
HR collaborated with security to provide teams with mental health resources. One such resource was an over-the-phone counselling service, another was the introduction of a buddy system.
physical security professional at ADP, also echoed the need for collaboration between security and IT not only at her organization but across various enterprises.
“You’re going to need IT to help with installing the back end, the IP addresses, the backups and making sure that everything is secure [and] not susceptible to any bad actors,” said Katsiaras.
Even before the pandemic, Katsiaras said the security team at ADP had always sustained strong collaboration with other departments.
HR has been a strong partner both before and during the pandemic, Katsiaras added.
In working with various associates of the company, security has required guidance from HR at ADP to know how they can contact associates, what things they can and cannot do, all while managing a crisis.
Katsiaras also said the communications
team has played a significant role in the delivery of new security policies and products at ADP.
“If the communications team explains our reasoning and associates understand it, it makes it better for us to put those policies in place and for people to accept them,” she said.
Katsiaras mentioned that while there is still a lot of siloed work in the industry, she said conversations with colleagues in other security companies have indicated to her a higher degree of collaboration amongst their teams and other departments.
“There is no way you can sit in your own world and put up any barriers and say, ‘We’re going to do this, and you guys do your thing and leave us alone,’” said Katsiaras.
“There’s got to be collaboration. There’s got to be communication.”
Riskmitigationandmanagement
Effective team-building is one of the top skills required in the modern security in-dustry, according to Paul Huston, senior director and chief security officer at BGIS
Huston said people in the security industry need to be able to bring together skillsets from various areas of a corporation to effectively address the different types of risks they face. With this skill, Huston added that security professionals must also develop a better appreciation of risk and move away from what he called black and white “yes or no” responses.
“Corporate security entities today need to have an appreciation for Enterprise Security Risk Management (ESRM), a willingness to not only mitigate risk, but to accept risk rather than striving to always reduce risk to zero,” said Huston. | CS
THE PEACEABLE KINGDOM?
This book is a look at terrorism and counter terrorism in Canada as told by a former Canadian counter terrorism strategic intelligence analyst together with the experiences of dozens of his colleagues with the Canadian Security Intelligence Service (CSIS) and the Royal Canadian Mounted Police (RCMP). It is thus an ‘insiders” story peppered with anecdotes from the women and men tasked with keeping Canada and its allies safe.
Never before have Canadians and others had a look inside the country’s counter terrorism agencies to see what they do and – to some extent (secrecy is still necessary sometimes!) how they do it. A very personalised account of how to stop terrorists from killing and maiming our fellow citizens. The author, Phil Gurski, has already penned five previous books on terrorism and this is his first to be self-published. Former CSIS Director Ward Elcock wrote the introduction to this fast-paced book.
To shop our full selection of security books go to annexbookstore.com/security
Product Focus
Cloud manager
IDIS
IDIS Cloud Manager gives users control of their surveillance operations from any location, using their chosen web browser on desktop, laptop or mobile devices for secure cloud access. Organizations using end-to-end IDIS video can connect their individual facilities or branches to the cloud at no additional cost, and benefit from automatic updates including new features and functions. Once the system is in the IDIS Cloud Manager, users can remotely set up recorders and cameras and check the status of network access for sites and devices, all from an intuitive dashboard. Authorized operators can then securely access the system to view live, playback, receive alarms and push notifications, quickly screen, print or backup, and export video clips. www.idisglobal.com
Mini-domes
Johnson Controls
Tyco Illustra Pro Gen4 2MP, 4MP and 8MP Edge-AI mini-domes provide organizations with the capability respond to incidents faster as AI enhances the speed and accuracy of forensic searches. This is achieved by embedding object classification capabilities directly on security cameras. Events can be narrowed to classes such as a person, car, bus, motorcycle or bicycle. Settings can be adjusted on each camera with a variety of analytic rules that notify security or business owners when people or objects are detected. Smart features such as smart wide dynamic range automatically scans the video scene and adjusts contrasting and overall scene balance without operator intervention or maintenance. www.illustracameras.com
LCD monitor
TRU-Vu Monitors
TRU-Vu Monitors has released a new 21.5” industrial-grade LCD monitor. The VM-21.5UNBS24 monitors provide 1920 x 1080 Full HD resolution and super-wide 178 x 178 viewing angles provide full-colour video images from nearly any angle. The rugged powder-coated steel enclosure and TRU-Tuff treatment offers maximum shock and vibration resistance for demanding applications. The VM-21.5U-NBS24 features HDMI, VGA and Composite BNC video inputs for connectivity to any camera, device or system. They will operate on 12-24VDC as well as 90-240VAC. These monitors are suited for manufacturing plants, refineries, processing plants, OEM equipment, inspection, surveillance systems, and more.
www.tru-vumonitors.com
Video analytics
Milestone Systems
Milestone’s XProtect Rapid REVIEW is an intelligent video analytics solution that allows security operators and investigators to efficiently search through hours and hours of video recordings.
Powered by BriefCam video analytics technology, XProtect Rapid REVIEW is an add-on product that is integrated into Milestone’s XProtect Smart Client. The product is supported on all paid XProtect VMS products. XProtect Rapid REVIEW enables accurate, cross-camera video searches and filtering, based on an expanding suite of classes, attributes, behaviours and visual layers that help investigators pinpoint people, objects and behaviours of interest. VIDEO SYNOPSIS technology gives the operator the ability to visualize objects simultaneously that appeared at different times within the video.
www.milestonesys.com
Retail solution
March Networks
March Networks announced several enhancements to its retail solution that uses AI and cloud technology to help quick-service restaurants and other retailers. A new mobile order pick-up solution for retailers and QSRs alerts operators in real-time to customers arriving for curbside pick-up. The solution uses an AI-powered analytic, available in ME6 Series IP cameras, to detect arriving vehicles. When paired with Searchlight for Retail software, the solution allows businesses to also capture data analytics on curbside deliveries. Searchlight, available as a cloud service, combines video surveillance with point-of-sale transaction data and business analytics for exception-based reporting and faster loss prevention investigations. www.marchnetworks.com
www.smithsdetection.com
Commissionaires offers a complete suite of services including threat-risk assessments, monitoring and response, mobile patrol, guarding and digital fingerprinting.