---

Proceedings of the Standing Senate Committee on
National Security and Defence

Issue 3, Evidence - Meeting of May 2, 2016

---

OTTAWA, Monday, May 2, 2016

The Standing Senate Committee on National Security and Defence met this day at 1:02 p.m. to examine and report on Canada's national security and defence policies, practices, circumstances and capabilities; and to study security threats facing Canada, including but not limited to (a) cyber espionage; (b) threats to critical infrastructure; (c) terrorist recruitment and financing; and (d) terrorist operations and prosecutions.

Senator Daniel Lang (Chair) in the chair.

[English]

The Chair: Welcome to the Standing Senate Committee on National Security and Defence for Monday, May 2, 2016. Before we begin, I would like to introduce the people around the table, starting with myself. My name is Daniel Lang, senator for Yukon. On my immediate left is the clerk of the committee, Adam Thompson. On my right, Senator Kenny.

[Translation]

Senator Dagenais: Senator Jean-Guy Dagenais from the province of Quebec.

[English]

Senator Mitchell: Grant Mitchell, Alberta.

[Translation]

Senator Carignan: Hello, I am Senator Claude Carignan from Quebec.

[English]

Senator Beyak: Lynn Beyak, Ontario. Welcome.

Senator White: Vern White, Ontario.

The Chair: Thank you, senators.

Colleagues, today we'll be meeting for three hours as part of our general mandate and as part of our look at threats to the security of Canada.

Joining us on our first panel is Colleen Merchant, Director General, National Cyber Security Directorate; Mark Matz, Director of Policy; and Patrick Clow, Chief, Cyber Operations of the Canadian Cyber Incident Response Centre, Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber events.

Ms. Merchant, Mr. Matz and Mr. Clow, welcome to the committee. Ms. Merchant, I understand you have an opening statement. Please begin. We have one hour for this panel.

Colleen Merchant, Director General, National Cyber Security Directorate, Canadian Cyber Incident Response Centre: I'd like to start by thanking Mr. Chair and the honourable members of the Standing Senate Committee on National Security and Defence for inviting Public Safety Canada to speak about the role and work of the Canadian Cyber Incident Response Centre in the context of Canada's critical infrastructure.

As the chair has mentioned, my name is Colleen Merchant. I'm Director General of the National Cyber Security Directorate at Public Safety Canada; and I'm joined by my colleagues Mark Matz, who is Director, Policy and Issues Management Division, with the National Cyber Security Directorate, and Mr. Patrick Clow, who is Chief, Cyber Operations, with the National Cyber Security Directorate.

My opening remarks will provide an overview of the centre's mandate and the current threats and challenges faced by Canadian critical infrastructure partners, and an outline of some of the new initiatives that we have under development.

In terms of the overview, in support of Public Safety Canada's mission to build a safe and resilient Canada, the Canadian Cyber Incident Response Centre — which for brevity I'll call CCIRC from now on — contributes to the security and resilience of the vital cybersystems that underpin Canada's national security, our public safety and our nation's economic prosperity. CCIRC is Canada's national coordination centre for, as the chair mentioned, the prevention and mitigation of, preparedness for, response to and recovery from major cyber events.

CCIRC provides authoritative advice and support and coordinates information sharing and incident response in conjunction with domestic and international partners. CCIRC serves as a single point of contact for owners and operators of Canadian critical infrastructure to report cyber incidents to the government. CCIRC also has a mandate to coordinate the national response to significant cyber incidents.

The Government of Canada originally created CCIRC in 2005 to be the focal point for monitoring federal government systems, providing advice on mitigating cyber-threats to critical infrastructure and coordinating the national response to cybersecurity incidents. Prior to 2010, CCIRC had fewer than 10 employees performing mainly incident-handling duties and publishing technical reports.

In 2011, the responsibility for cybersecurity incident response for government networks was transferred from CCIRC to the Communications Security Establishment's Cyber Threat Evaluation Centre. CCIRC's mandate was then refocused to provide national-level cybersecurity coordination for systems outside of the federal government, especially Canadian critical infrastructure organizations. In 2013, the Cyber Incident Management Framework for Canada established CCIRC as the first point of contact between non-federal entities and the federal government.

With investments received since 2010 under Canada's cybersecurity strategy, CCIRC has been able to strengthen its legal, policy and process foundations to ensure management frameworks are in place to deliver on its mandate, to engage with internal and external partners, to improve cyber incident response and coordination, and strengthen its analytical capabilities.

Last year, with the approval of additional funding to support the security strategy, CCIRC received incremental resources to increase its capacity and continue its work with Canadian critical infrastructure to better protect networks from cyberattacks. This includes enhancing its focus on industrial control systems security, and augmenting predictive analytics — in other words, looking at trending; if this is occurring to a particular partner on a particular network, then they might want to watch out for that. It also includes improving vulnerability evaluations and developing more robust engagement with external partners.

Since its establishment, CCIRC has grown from seven cyber duty officers to a multidisciplinary team of 43 cyberanalysts, engineers, data specialists and engagement officers providing expertise focusing on the financial, energies and utilities, and information and communications technology sectors. With the resources received last year, CCIRC will continue to grow to over 80 employees in the next two years.

In terms of our current operations, in 2016-17, CCIRC will be a $7.2 million per year initiative. There's $2.1 million for operations and maintenance, and another $5.1 million for salaries. CCIRC works to understand the national cyber- threat picture by receiving cyber-threat information from partners. This occurs via phone and email contact with CCIRC's cyber duty officers. CCIRC is on duty 15 hours a day, 7 days a week on-site, and 24-7 via an on-call duty officer. There are regular discussions with critical infrastructure and international partners through sector-specific engagement activities.

CCIRC has also developed the capability to share some kinds of threat information in an automatic fashion. This capability is already being used to share with some international partners, such as the U.K. and Australia, and is being tested with Canadian critical infrastructure organizations, the provinces, telcos, the financial sector and electrical organizations.

CCIRC also analyzes technical information and develops mitigation advice using commercially available and CCIRC-designed tools for reverse engineering and automated analysis of big data. CCIRC also leverages multi- sourced expertise from within, from domestic partners, international computer security incident response teams and cybersecurity researchers.

Finally, CCIRC shares analyzed threat information with partners through automated victim notification, the CCIRC community portal, community teleconference calls and technical and executive product distribution lists.

In 2015 alone, CCIRC handled 1,762 incidents, about a quarter of which were reported to CCIRC by the affected organization. The remainder were discovered by CCIRC or reported by a third party, such as an Internet service provider, a software security company or an international partner.

CCIRC released 198 technical products, which included 130 advisories, 27 alerts, 32 flashes, two information notes and seven technical reports. They published 24 executive reports, including regular biweekly, monthly, quarterly and annual Cyber Operational Reports and Spotlights On, which highlight emerging issues in cybersecurity.

CCIRC ingested 67 million new malware samples and studied more than 30 million within its isolated analysis facilities, and it sent 13.66 million victim notifications containing actionable cyber-threat advice.

CCIRC works to innovate and improve the understanding of cybersecurity issues in Canada through research and development activities with partners. This past year, we held a collaborative event called Geek Week with our private sector partners. This event invites industry into CCIRC to improve understanding of the data holdings, advance the development of specialized cybersecurity tools, and enriches partnerships to improve information sharing between government and industry. The 2015 event was well attended, and we're already planning for this year's Geek Week.

In terms of partnerships and engagement, CCIRC partners with individual organizations from all 10 critical infrastructure sectors, as well as industry associations. Today, we have grown our CCIRC partners to just about 1,300, from a pool of 1.2 million businesses in Canada.

Critical infrastructure organizations who notice unusual activity on their systems, discover a malware infection, or experience other kinds of cyber incidents can report these incidents to CCIRC 24 hours a day. CCIRC acts as a trusted partner who can leverage its partnerships with federal government departments, industry experts, and international Computer Security Incident Response Teams to assist Canadian owners and operators of critical infrastructure in times of need.

CCIRC engages regularly with other federal government departments who have a mandate that includes cybersecurity. Most often this includes the Communications Security Establishment, the Canadian Security Intelligence Service, the Canadian Radio-television and Telecommunications Commission, the Department of National Defence, the Royal Canadian Mounted Police, and Shared Services Canada.

Most importantly, CCIRC receives and disseminates threat information from intelligence agencies in order to help constituents protect their systems. The information is shared at the unclassified level with CCIRC's partners, usually in the form of technical indicators, such as a domain name or IP address that's associated with malware. CCIRC threat information is focused on prevention and mitigation, not attribution.

Finally, CCIRC regularly collaborates with our partner CSIRTs, Computer Security Incident Response Teams, around the world on cyber-threats affecting Canadian infrastructure. Similarly, when CCIRC comes across information regarding malicious activity which originates in other countries, we share that information with the appropriate country's CSIRT.

In terms of the threat landscape, 2015 was an eventful year for cybersecurity in Canada and abroad. It was a year marked with significant data breaches, interesting emerging research on how technology interfaces with our day-to-day lives, the effects of ransomware, and distributed denial-of-service attacks. Several cyber events featuring physical effects were widely reported in 2015, for example, the outage of the electrical grid in the Ukraine, Ashley Madison, and the Office of Personnel Management in the United States.

Some of the most common and concerning threats CCIRC observes regularly include the theft of Canadian intellectual property by infiltration of networks. The sophisticated techniques employed by these actors are of a level generally associated with nation-states. We see a proliferation of crimeware, especially ransomware, affecting Canadian critical infrastructure organizations. Ransomware encrypts all the information on an infected system, demanding a ransom be paid in exchange for the key to decrypt the information. These attacks can lead to a loss of productivity and potentially permanent loss of business information. These attacks are likely to increase in frequency as the payouts are lucrative for the malicious actors behind this activity. Some open sources have suggested this funding goes to organized crime or even terrorist groups.

We also see hacktivist activity or politically motivated cyberattacks. Online activist groups use a variety of tactics to draw public attention to a certain cause or to embarrass a public figure or organization. These tactics typically include denial-of-service attacks, website defacements, or finding and posting private information on public message boards.

Looking forward, and with the incremental funding received last year, CCIRC will continue to develop new capabilities and expand capacity. We'll create and implement new tools to improve business practices and enhance information sharing with partners, including tools to assist partners with automated information sharing, and systems to track our own incident handling.

We're developing and deploying portable tools to enhance our ability to understand cyber incidents and assist in the provision of tailored advice to Canadian partners. We're compiling a federal operational policy framework, building on the Cyber Incident Management Framework released in 2013, which will help Canada respond to a national-level incident should it occur.

There is continued improvement in engagement activities, including implementing a robust pan-sector engagement program, expanding Geek Week events, and enhancing the capability for national and sector-specific cybersecurity exercises with our partners. We're enhancing and renewing the tools that we're currently using to provide threat information to partners, including the capacity to analyze operational information and emerging technology, including process control systems, which are important in critical infrastructure. We're also continuing to build strategic partnerships, which are critical to support our mandate.

CCIRC is developing new tools in support of its operations, such as big data infrastructure to store and process millions of cyber-threat artifacts, such as malware and email addresses associated with malware; automated frameworks to document and process these artifacts in real time; automated tools that share actionable information with constituents and partners; and, finally, analytical methods to assess the world's and Canada's cyberhealth, as well as the impact of CCIRC's work. This includes a statistical analysis of baselining and trending.

I thank you very much for this opportunity to speak with you today. Mark, Patrick and I look forward to any questions you might have.

[Translation]

Senator Carignan: Can you tell us about the types of attacks and their degree in terms of quantity? My question is specifically about typical ransom demands, where there is an attempt, via a cyber-threat, to lock or infect the computer system or even to obtain information to use it maliciously if a ransom is not paid. Can you tell us about the nature of this threat in terms of statistics as well as substance?

[English]

Ms. Merchant: I do not have specific statistics on ransomware and what percentage of the malware consists of ransomware. That's something we can provide in writing. We deal with ransomware within Public Safety in approximately the same way as all malware. We ingest, we analyze, and we study it so that we can provide mitigation, and we provide that to all the partners that we have.

Patrick Clow, Chief, Cyber Operations, National Cyber Security Directorate, Canadian Cyber Incident Response Centre: What we've observed over the last several years is an evolution of ransomware and its use as a tactic to get money out of a particular victim. This move from a traditional and simple pop-up message, trying to get a scary message in front of someone, to actually encrypting files, and in some cases fairly important files to the organization, has really changed over the last couple of years. It's quite prevalent in the number of incident reports we've been receiving over the last little while, simply because it's very sensational in its impact to the organization.

The message to our constituency is one of resilience and making sure you're prepared for the eventuality and socializing the user or employee base about the threat and what it looks and feels like.

[Translation]

Senator Carignan: What to do? Your organization talked about not paying ransom, but in October 2015, a member of the FBI's counter-espionage program suggested paying it. That could create a contradiction as to what should or should not be done. Can you give us your opinion on the subject of ransoms?

To supplement my previous question, I was talking from a statistical point of view. Can you also specify the types of businesses or people who are especially at risk? Are there more vulnerable individuals, such as seniors or people with intellectual disabilities?

[English]

Ms. Merchant: For the first question, we recommend not paying the ransom. It's usually not effective, and there are ways in which companies, organizations or individuals can protect themselves, namely by having a good backup of your information. The ransom won't have to be paid and you'll still have the information that you can pull up from the backup.

As for who is targeted, I don't think we're seeing any particular trend. Obviously the health care industry is very visible because people's lives are impacted, but we're seeing that ransomware is popping up everywhere, and we do encourage organizations, businesses and individuals to protect themselves as much as they can.

We have our Get Cyber Safe program, which you can find on our website. It provides basic information on protecting individuals, families and small and medium-sized enterprises. This is a very good resource to start protecting against all sorts of malware, including ransomware.

The Chair: Do you have the technical ability to follow up on those who are bringing forward ransomware propositions? Do you have the ability to follow up and apprehend these people? If you do, have you actually laid charges in cases here in Canada, or maybe you can talk about the United States?

Ms. Merchant: No, that is not within Public Safety's mandate. We leave law enforcement to the law enforcement agencies. I think a good analogy I've heard is that we are first responders. You can think of us as the medics who come in the ambulance once someone has been shot and is lying on the sidewalk. We don't really care right then who shot with what type of gun; we're more concerned with making sure the individual is stabilized and can recover quickly.

The Chair: But you pass that information on to the RCMP, obviously.

Ms. Merchant: Any information that we have, we share.

Senator White: Thanks for being here today. I appreciate it.

I'm actually going to zero in on what you just talked about. Why is your organization not directly connected to a law enforcement agency? I think the FBI does the majority of cybersecurity investigations in the United States, correct?

Ms. Merchant: Yes, they do.

Senator White: Rather than having a separate arm that would do the first examination or the first call, I'm trying to figure out why instead you aren't seated in CSIS or the RCMP or another agency. Why are you not sitting directly in one of those agencies instead of a policy centre, which is what Public Safety is?

Ms. Merchant: The organization of government is not within my purview. In terms of how we look at cyber, the RCMP has a dedicated cybercrime unit now that it's getting in motion, and they deal a lot with cybercrime.

There's a way to look at cyber, which is technology as a tool or an instrument to conduct I'd say traditional crime, and then also what we're more focused on, which is technology as a target. So when things are targeting our use of networks and infrastructure, that's when we become more interested.

Senator White: He doesn't agree with you.

Ms. Merchant: He wanted me to elaborate on the fact that we coordinate very well with law enforcement and intelligence. That's not in question at all. It's not that it would enable us to work in a more effective fashion, I don't think. I think we work very effectively as a community.

Senator White: Thank you for that. I guess that would now lead me from an infrastructure security perspective, because really you're saying it's not just about the call for service; you're also trying to educate people on what the risks are, I take it.

How is the work going with the provinces and territories on helping prepare them for what many would believe we are on the cusp of, which is an increase in cybersecurity threats, when we talk about the infrastructure and whether the provinces and territories are up to speed? I know some are not, for sure.

Ms. Merchant: We work closely with the provinces and territories. As a matter of fact, out of our almost 1,300 partners, 31 of those are in the provincial and territorial governments. That includes all ten provinces and three territories. We're very well coordinated with them. We actually have partnerships with 60 municipalities within seven of the provinces.

Senator White: Specifically who in those governments? It's obviously not to a policy centre; it must be operational, so somebody is heading up critical infrastructure security. Exactly who in those provinces and territories?

Ms. Merchant: We work with critical infrastructure owners and operators, but within the governments themselves, we work with the CIOs, the chief information officers. We work with the security officers in some cases, and we also work with the deputy minister levels that are responsible for security and public safety.

Senator Mitchell: Thanks, Ms. Merchant, for your presentation. I have several questions. One is about EMP. We had witnesses from the United States at our last meeting on electromagnetic pulse. They were quite exercised about how vulnerable the U.S. system of electrical networking and so on is to EMP, almost extreme, in their view. Could you give us some assessment of our vulnerability to that? Is that within your purview?

Ms. Merchant: Yes. Not necessarily technically, but in terms of preparing for an outage and being resilient to these things, yes. Is that something on the policy side that we deal with?

Mark Matz, Director, Policy and Issues Management Division, Canadian Cyber Incident Response Centre: Generally, no. In terms of the resilience of an organization, yes. We're looking for systems to maintain availability for public safety reasons. For electromagnetic pulse or something that would take down systems, we would be concerned about the impact on cybersystems, but at that moment you're probably moving more into a physical response where the Federal Emergency Response Plan would kick in. There are a number of other structures beyond our specific cyberstructure that would be responsible for maintaining continuity of services and potentially bringing in other folks like the military if you need aid to the civil power or anything like that.

Senator Mitchell: You mentioned you have a big data infrastructure store and process millions of cyber-threat artifacts. Immediately, "big data" conjures up privacy issues, and people get nervous. Could you tell us to what extent that threatens the privacy of individual Canadians who may be scooped up in that big a net, and how do you deal with that?

Ms. Merchant: First, all the information that we share is anonymized in terms of whom it is provided by and who it is about. It's only shared with the permission of the affected organization. We do not collect personal information. We had a privacy impact assessment conducted and it was approved by the Office of the Privacy Commissioner. We're mainly sharing information that's related to malware, to IP addresses, and to other networks that we know are associated with bad business on the Internet.

Senator Mitchell: You've made the point that you've gone from 7 to 43 people. What you presented and the work you are doing is very impressive; there's no question about that. However, even 43 people doesn't seem like a lot of people consulting with the breadth of the private sector on critical infrastructure. How are you sure that there aren't areas falling through the cracks or that you are dealing with the breadth and the depth of this issue in the private sector adequately?

Ms. Merchant: Anyone will tell you that more is usually better, but with what we have, we are doing quite an impressive job. A lot of that is due to the fact that we do have excellent collaboration and coordination internally to government, with provinces and territories, with critical infrastructure owners and operators and internationally.

It's really a force multiplier when you look at the collaboration that we have. Again, when you talk about big data, analytics and trying to gain partnerships with the 1.2 million businesses that we have in Canada, yes, that's obviously something that we would like, and we're obviously increasing the numbers beyond the 43.

We're headed in the right direction, and I think with what we have, it's going very well.

[Translation]

Senator Dagenais: I would like you to tell us which three main Canadian infrastructures could be targeted by a cyberattack. At the same time, could you tell us what would be the consequences and costs of such an attack on the Canadian economy?

[English]

Ms. Merchant: The three major infrastructures that we have concern with are the financial systems, obviously; the telecommunications or information and communications technologies; and also the energy sector. I'd say they underpin a lot of the functionality of our economy as well as our national security.

I do not have data on the financial ramifications of an attack on these. I guess it would depend upon the attack, how widespread it was and how quickly the recovery was made. We can certainly look for some data if it's available and send that to you.

[Translation]

Senator Dagenais: As far as security measures are concerned, do you believe that they could be improved for certain infrastructures? Could you make recommendations to our committee about that?

[English]

Ms. Merchant: Yes. As I had mentioned we do have some information available on our website regarding the basic things that industries and organizations can do to help protect themselves. Also, as you may know, our minister was given a mandate in his mandate letter to review the existing measures to protect Canadians and critical infrastructure from cyber-threats. What we're planning to do through the course of that review is to look to see what gaps exist and how we might mitigate those gaps. Any assistance that we would have from the senators would be very much appreciated.

Senator Beyak: Thank you for an excellent and thorough presentation. You've answered most of my questions already, but could you characterize the threat currently facing North America's critical infrastructure? Is it measured on a regular basis? Do you have steps to do that?

Ms. Merchant: We do produce annual reports and do trending, in terms of what's going on in not just Canada but the global infrastructure, because obviously we're very interconnected. One of the things we'll be doing with the increased funding that we get is doing a lot of statistics on being able to baseline where we're at now, gather information such that we can see the impacts of the mitigation measures that we put in place, the collaboration measures, the work that we're doing with our partners.

That's something that we would like to pursue in more depth, and we are working on that right now.

Senator White: Thanks again. Great questions, great answers.

We talk about some of the risk when it comes to critical infrastructure. This country is so vast, and I would argue our idea of critical infrastructure security has been around people. I look at our nuclear industry and the fact that in the last 15 years we've expanded and put in place spectacular armed units that would certainly be as up to speed as any other country out there.

I'm not so convinced that we've done the same with those types of facilities and industries. When it comes to cybersecurity, we have seen some countries attacked — the Ukraine is one example, but there are others. Where would you put us on our risk from a risk factor for future attacks in this country when it comes to taking down a critical infrastructure facility like a nuclear industry or one of our other power grids or something like that, without fear mongering, of course?

Ms. Merchant: I don't want to fear monger. One thing that is important to note is that nothing that's connected to the Internet or that uses a network capability is invulnerable, but there is a wide range of capabilities that organizations tend to put on their systems to protect them.

I'd also like to mention that when you look at cybersecurity — and I think you touched on it, senator — it's not so much looking at protecting your network, it's protecting everything that is around the network as well.

There is operational security — that is, in terms of how you access the system, who gets to access the system. There's also physical security, in terms of who can even get in to get close to a system that's being used.

The risk factor varies a significant amount depending upon the organization that you look at and what measures they've put in place, not just on their networks but around their networks and with the people that have access to those.

Senator White: Are the organizations in this country taking this seriously, or are they making or taking the steps that they need to take to better assure Canadians, or are we waiting until there's a bad day?

Ms. Merchant: We're not waiting until there's a bad day.

Senator White: Not you personally.

Ms. Merchant: We're focusing on small and medium-sized enterprises because small and medium-sized enterprises, in many cases, don't have the capacity to put measures in place, whether it's expense or additional resource through personnel or otherwise.

We focus quite a bit on them. A large part of the Canadian economy — I've heard upwards of 80 per cent of the Canadian economy — is driven by small and medium enterprises. This is an area that I think we should continue to focus on.

Senator White: Thanks for that, but I look at post-9/11 and the nuclear industry in Canada, and it went from being unarmed security personnel around facilities that we thought would never be in jeopardy to full onslaught of security agents that are fully trained and emergency response officers that are trained certainly to the level of any police agency in the country, and in some cases actually more so. In my previous job in Durham Region, as the police chief, I saw how that transition took place.

Even then, in 2005-06, the discussion was that the biggest concern they should have was in physical security. It should be a concern, but it wasn't the biggest one because it's the one you can see, but it's the one you couldn't see. What we're talking about here is the one you can't see.

I'm just trying to feel some type of comfort that organizations like OPG and others like that are actually taking the steps to try and secure their facilities, and I realize you're not saying they are but you're not really saying they're not taking it seriously. I'm trying to get at which side of that fence you're going to fall on.

Ms. Merchant: In terms of the nuclear industry in particular, a Chatham House report came out a few months ago that looked at a spectrum of nuclear industries globally — I think they looked at eight of them — and when we looked through the report it was a fair relief to see that Canada was actually doing very well comparatively. Canada is one of the few nations that have cybersecurity standards within their nuclear industry, so that is good news.

Senator White: Would those standards be approved by you?

Ms. Merchant: No.

Senator White: Do you look at those standards and say they meet the requirements?

Ms. Merchant: No, these are standards that are set by the —

Senator White: By the nuclear industry itself.

Ms. Merchant: That's right.

Senator White: So no oversight?

Ms. Merchant: No, not by us.

Senator White: No oversight by anyone?

Ms. Merchant: Well, the Canadian Nuclear Safety Commission.

Senator White: CNSC. Thank you very much.

Senator Beyak: You mentioned in your presentation about the intellectual property theft. Would you be able to divulge the nation-states that are involved in that?

Ms. Merchant: No, I would defer that question to my colleagues in the intelligence community. As I mentioned, attribution is not part of our mandate.

Senator Beyak: I also wondered if your organization advises the government and private organizations about these insider threats from nation-states. It sounds like you probably can't.

Ms. Merchant: Not on particular nation-states, no. What we will do is analyze the malware that's being used to make sure we understand it, that we can notify our partners should we see it propagating or if they have a vulnerability which makes them vulnerable to an attack that uses that particular malware.

In terms of the actual actors or adversaries, no.

[Translation]

Senator Dagenais: I know that you will provide information to us about software-related extortion, but I would like to follow up on Senator Carignan's question about ransoms. Could you give us examples of amounts paid by Canada or other countries?

[English]

Ms. Merchant: I do not have that information. But, again, we can look for statistics for you.

[Translation]

Senator Dagenais: I would like to come back to the sharing of information. When Paul Stockton testified before our committee, he said that it was crucial to share information in real time. My understanding is that it is not always the case with other allied countries. In general, which obstacles could prevent or slow sharing information? Do you give more intelligence to other countries than you receive?

[English]

Ms. Merchant: I'm going to ask Patrick to answer this as he's front line in terms of the information sharing.

[Translation]

Mr. Clow: We are finding that there is more and more data to share. Therefore, the amount of data to share, the ability to digest that information and to understand the context linked to it are certainly obstacles when, for example, trying to determine which software will be impacted and which activities are linked to that information.

We share intelligence automatically and try to support our partners by working with them, so that they can understand the information that is important to them, and to help them process it and apply it to the context of their environment.

[English]

The Chair: Does anybody have any other questions?

I'd like to follow up on a couple of areas, if I could, before we finalize this.

First, Senator Mitchell asked about the electromagnetic pulse, which is starting to have a public conversation here in Canada. It's been a matter of concern in the United States for quite some time.

Ms. Merchant, you referred to it as a concern but that you really had no authority, one way or the other, in respect to that particular threat that's facing cyber and our energy responsibilities here in Canada.

I'd like to ask you, in that particular area, how much of a concern is that to you from the point of view, if this is a real threat, it has to be of a major concern to you if there's a possibility that either a ballistic missile or a natural force such as a solar flare could take place and basically, as in some terminology, fry the energy system, which would be a terrible event for North America. Could you elaborate more from your perspective and your knowledge?

Ms. Merchant: In terms of the EMP, if it were to have a significant effect on the Canadian infrastructure, it would be very important for us to have a plan at hand to respond and understand roles and responsibilities of the federal government, provinces and territories, first responders and the critical infrastructure owners and operators.

As I mentioned in my opening remarks, this is something that we're working on right now. We have a national incident management framework, and we're detailing that such that the roles and responsibilities and actions to take are more clearly identified.

As Mark mentioned earlier, we are putting everything in place that we can to help with the resilience of the infrastructure. We work very closely with the energy sector, in particular the electrical grid, and we are doing everything we can in terms of collaborating, providing information and instilling best practices within the industry to recover should something like that happen.

The Chair: Going forward and looking ahead, the concern has to be that if this threat is as concerning as it is being talked about in the United States and starting to be talked about in Canada, it's to get the necessary preventive hardware in place so that we can withstand, at least in part, that type of a situation arising.

The question that I have is this: What time frame are we on in order to meet with our territorial and provincial governments and their energy agencies to ensure that there is a standard set up and that they're going to adhere to that standard so that we can withstand such an unfortunate attack or natural disaster?

Ms. Merchant: Here in Canada there is not any legislation or standardization that any of the critical infrastructure sectors have to implement. We don't have any legislated authority to identify a particular level of security that they have to meet.

We do have a responsibility to help the sectors in terms of defining more robust technologies that will help them. We do promote research and development. We're promoting the development of mitigating technologies, if these incidents were to occur.

We do have sector lead departments. For instance, if we're talking about the electrical grid in the energy sector, it's Natural Resources Canada who would take the lead in this area to look at the electromagnetic pulse issue and try and drive some resilience within the energy sector for an EMP.

The Chair: In your opening remarks, you gave us a list of concerns within the cyber-sphere and the threats it holds for the economy.

Do you have any annual statistics for what the effects are of these various concerns, such as the theft of Canadian intellectual property, the proliferation of crime, hacktivist activity? Obviously, the banks and financial institutions are always under siege. What is it costing the economy annually in a general sense?

Ms. Merchant: I don't have facts and figures on the cost, but I do have percentages in terms of the total incidents by sector.

For instance, 54 per cent of the incidents in 2015 were toward the information and communications technology sector, 14 per cent against finance, and provincial and territorial was 4 per cent. We have quite a detailed breakdown, but those are the big ones.

The incidents by type: 42 per cent were a malicious code or compromise; 24 per cent were phishing or targeted emails; 17 per cent were advanced persistent threats, which are usually fairly sophisticated, things you don't see that can affect you for quite some time. Again, there's more detail on that as well.

The Chair: Thank you very much for attending.

Joining us on our second panel is Bob Paulson, Commissioner of the RCMP. He is accompanied by Mike Cabana, Deputy Commissioner, Federal Policing; Daniel Dubeau, Deputy Commissioner and Chief Human Resources Officer; and Peter Henschel, Deputy Commissioner, Specialized Policing Services.

This committee believes it's important for Canadians to receive a regular update from our national police force, and we're pleased that you're joining us to speak not only to us but to Canadians, along with core members of your team.

In our correspondence, we have a long list of issues you're dealing with daily, and hopefully we'll have enough time to deal with that.

Bob Paulson, Commissioner, Royal Canadian Mounted Police: Thank you for the opportunity to come here with my team and take up this discussion. I don't have any opening comments, other than to say I did correspond with the chair, and I see you have a lengthy list of interests. That's why I brought my friends with me; I want to make sure we give you the best possible answers to your lines of inquiry. With that, I'll just be quiet and take your questions.

The Chair: Thank you very much, commissioner; we very much appreciate that. I want to deal with an issue that's facing not only Canada but the globe, and that's the terrorist threat. Could you update us on the number of identified radical Canadian jihadists you're tracking currently, both in and outside of Canada?

If you could update the committee on the question of terrorism financing, the fact that there were 130 references related to charities linked to terrorism financing in the last five years, which became known to our committee over the course of our hearings. Have those had been referred to you? Perhaps you could tell us why no charges were laid, with that information being provided.

The third area is the question of the recent changes to the Anti-terrorism Act brought in last year. Can you tell us which areas you're using, and do you consider those changes essential to your policing responsibilities, especially in the face of the ongoing terrorist threat Canada faces?

Mr. Paulson: That's what happens when you don't have opening remarks.

The Chair: We like this.

Mr. Paulson: I'll defer the first two questions to my colleague Mr. Cabana. Let me speak briefly to your comments about the anti-terrorism law. By that you're referring to Bill C-51, in terms of our use or reliance on those new provisions. I came before this committee and lobbied or identified the need for a lowered threshold in respect of peace bonds, and that is exactly what the law included. That is what we have been availing ourselves of in circumstances where the Attorney General consents. We have been using those provisions to bring forward applications for peace bonds, conditions on people's freedoms that are reasonable in the face of the case that we make to suggest that they are a risk. In that sense, it's been useful and has been relied upon in several incidents.

With respect to the people we are following who have radicalized themselves, either domestically or internationally, and similarly with respect to terrorism financing, I'll ask Deputy Cabana to speak to your question.

Mike Cabana, Deputy Commissioner, Federal Policing, Royal Canadian Mounted Police: It is a broad question. I can speak to our utilization of some of the new provisions. We currently have 20 individuals under charge using the new provision, section 83. Since 2001, we have had 22 different convictions in the country.

I suspect that this would be of interest to the committee: There are provisions that have not been utilized yet. Some of those could be fairly drastic in the sense that the impact on the individuals is quite significant. I'm thinking here of preventive arrests, for example, which makes it almost a tool of last resort. The tools are there. If law enforcement in Canada is not in a position to apply, investigate or prevent anything from happening, there are tools that were put in place as a last resort, to make sure we had the ability to move in and prevent any arrest.

The peace bond was the subject of some media attention earlier this year and late last year because of the increase in the use of the peace bond following the reduction of the burden of proof. The peace bond applies when the individual in the proceeding agrees to sign the peace bond. We have a number of those in place. There are three that I can think of that are currently outstanding, and there are hearings that are scheduled to occur.

Our role as a law enforcement agency is not strictly the RCMP. Our role is to investigate, to secure as much evidence as we can and to present the package for approval to the prosecutors to be taken forward. There's always a discussion that occurs with the prosecution, and the best case goes forward.

There are some provisions — for example, promotion of terrorism — where packages have been submitted, but in the end the prosecution proceeded under different sections of the Criminal Code.

The Chair: There are two questions, sir.

Mr. Cabana: You're talking about numbers of high-risk travellers currently abroad. The Director of CSIS, Michel Coulombe, testified in front of this committee to the effect that there were approximately 180 high-risk travellers currently outside of Canada. I believe, Mr. Chair, you and I have had discussions on this previously. That's the number that we go with because it includes the RCMP numbers.

The Chair: The numbers of Canadian jihadists that have returned?

Mr. Cabana: There are approximately 60. It's the same number that the service uses.

The Chair: The other statistic put to this committee was the number of Canadians that had been radicalized that were making efforts to leave the country. Is that number staying consistent? I believe it was approximately 93 a year and a half ago.

Mr. Cabana: All of these numbers, Mr. Chair, fluctuate almost daily. This is why it gets difficult to provide accurate numbers, because the numbers I had last week are probably different today; but essentially it is fairly stable currently.

The Chair: And on the question of Canadian terrorism financing?

Mr. Cabana: Unfortunately, I don't have the material here, but from memory, last year there was one charity from the Toronto area that was charged. This is still in front of the courts, so I'm limited in what I can share.

Mr. Paulson: Mr. Chair, perhaps in the 130 referrals, you're talking about FINTRAC referrals which identify suspicious transactions, and sometimes they are lumped under possible terrorist financing. Those suspicious transactions are referred to us, and while they are suspicious, that doesn't necessarily lead to a prosecution in every case.

There are huge challenges to securing sufficient evidence to bring prosecutions from those referrals, most of which happens to occur abroad in terms of securing the evidence that the terrorist purpose is the underlying connection to the money.

Mr. Cabana: If our relationship with FINTRAC is of interest to the committee, maybe I can spend a minute or so just outlining, because it has evolved significantly over the years, where now we have very much a symbiotic relationship with FINTRAC.

FINTRAC is limited in its ability to share all the information that they acquire through their regulatory authorities, but we're not. As law enforcement, we're not limited in our ability to share with FINTRAC. We've put processes in place where our national threat assessment is shared with FINTRAC for their information, so that when they actually examine information that they receive from the financial sector in relation to suspicious transactions, they have the backdrop of the law enforcement priorities in Canada and some of the intelligence that Canadian law enforcement agencies have in their possession, which enables them to make a better determination on which information should be shared with the law enforcement community.

Actually, as of last year, FINTRAC also sits at the table of the Canadian Integrated Response to Organized Crime, which is a multi-law enforcement agency committee that is seized with the national threat assessment in Canada. The goal or the mandate of the committee is to ensure a coordinated approach in attacking the different criminal organizations that are operating in Canada and abroad. FINTRAC now sits at that table to have a better overview of what's going on.

Senator Kenny: My first question relates to the discrimination and harassment class action brought by Constable Merlo. We're hearing talk that progress is being made in this area. If that's the case, could you comment on it?

Mr. Paulson: I think it would be inappropriate, senator, to offer any comments on that. We have, as I've shared with this committee, resolved to make sure that we treat our employees, particularly those who have complained of harassment or abuse of authority, fairly and appropriately, and we continue to pursue that avenue. I'm hopeful.

Senator Kenny: It's an active file?

Mr. Paulson: It is an active file.

Senator Kenny: The last RCMP Pay Council report talked about salary alone, first-class constables ranking fifty- seventh out of 62 Canadian police services. Our understanding is that you're taking steps to address that. Could you talk to the committee about RCMP pay and its relationship with your recruiting challenges?

Mr. Paulson: Sure. Perhaps I can invite my colleague Deputy Dubeau to give you a finer point on that.

Daniel Dubeau, Deputy Commissioner and Chief Human Resources Officer, Royal Canadian Mounted Police: Thank you for the question. Currently, what you quoted from our Pay Council report would have been just on pay alone. We go by total comp in the organization. That's how we factor ourselves in. That's now look at our comparative police forces.

Total comp is based on base pay. It includes all kinds of benefits, leave, pension, the whole nine yards. We are actually now 11 per cent behind from the top three, which is very concerning for us.

We have been talking to our colleagues, the employer at Treasury Board, about trying to resolve that issue, putting forward some proposals, which I can't share because it is under cap and comps at this point as we're dealing with our colleagues and with our minister to try to narrow that gap.

That is very concerning for us. That is something that I know our commissioner is keenly aware of and something our members are asking for: more equitable pay. That is something we're approaching with the employer right now to see if we can resolve one way or the other.

Senator Kenny: Can you help us with the timing?

Mr. Dubeau: Unfortunately, I can't say about timing because it is up to the employer, and there are all kinds of other factors, including negotiations they are currently having with their unions, which have an impact across government. We have to see when we can get in there.

We are, right now, talking to them. We have been talking to them for the last six, seven months, actually, about this issue and the concerns it's causing us.

Mr. Paulson: If I could add a comment, senator, to say that the chair had listed in the correspondence to me a question about morale within the membership. I think if there's any consistent observation that I get raised to me from the members when I meet them is that very issue of equity in the pay area of other police forces.

The committee should remember that we work in a very integrated environment in Canada. In other words, many of our officers are side to side, shoulder to shoulder with other police officers from many other police forces, and every two weeks they get a chance to share notes and compare pay stubs. So it's not lost on our members that there is a growing difference.

Senator Kenny: I have one final question. I don't expect an answer to this now, commissioner, but it's a request for information. In the past, the RCMP have provided documentation on employment equity statistics for regular members, broken out by rank, gender, people with disabilities, Aboriginal people and visible minorities. In addition, it included information on Depot enrolment targets with figures for women, people with disabilities, Aboriginal people and visible minorities, and also included attrition figures.

Could you please provide to the committee this information dating from 2004-05 through to 2014-15?

Mr. Paulson: I don't know, but for the last four or five years we have that data, because we're using it all the time. We'll give you the best data that we have, as far back as we can.

Senator Kenny: We have it back to 2003-04, so we're assuming you have it all the way through. We'd like a chance to review the progress.

Mr. Paulson: Very good, Mr. Chair.

Senator Mitchell: Thanks, commissioner, for being with us. We're all aware of the case of senior leaders in the Canadian Police College Explosives Training Unit in Ottawa, who paraded around an RCMP office with nothing on, naked.

As bad and reprehensible as that behaviour is, what does it say about the culture of the senior leadership in the RCMP that dealt with that case, that they would think it was sufficient penalty to dock these people seven and five days' pay respectively and put them back in their jobs? What kind of organization would actually be considered healthy that would do that? Doesn't that underline a serious cultural issue at the senior-most levels in your organization?

Mr. Paulson: Mr. Chair, I think the best way to answer that question is to say that we've undertaken, with an external authority, a comprehensive review of the decision making around that. Although my question wasn't perhaps in a league with your question, it was not too dissimilar to say, "How could this have happened?" in the way that we understand it to have happened. In that sense, I'm confident we'll have a full understanding of that.

There is some element of the former discipline regime and the transition to the new discipline regime, and there is some sort of way in which you might see this as being what happens when extremely specialized people feel excluded, perhaps, from the mainstream of the culture, but I'm talking prematurely. I think we will have an answer to that question, or at least my version of that question, and we'll be able to have a full understanding of what happened there.

Senator Mitchell: When you made the pitch for Bill C-42, you were quite clear that one of the problems you had in dealing with the organization was you didn't have enough power to fire the bad apples. You look at this, and I think this was reviewed after Bill C-42. I'm re-asking the question by saying, "How bad an apple do you have to be if you don't get fired, dismissed, perhaps even put in jail, for going naked in an RCMP office?" Who are you firing?

Mr. Paulson: Senator, I have a full appreciation of what that incident at the police college did certainly to the public understanding of the progress that we've been making in the RCMP. It's not lost on me just how bad this is. But let me say this about the new regime under Bill C-42: The discipline that fell to one of the individuals there, as I said to this committee, in the old regime, we didn't have a line of appeal for management. In other words, if something happened in the field and one of our supervisors just said, "That's not too serious; here's a reprimand," there was nothing we could do about it. In this case, it's not a silver lining. I don't even like talking about what happened there, it's so shocking. However, that was under review. The second bit of discipline which was administered under the new regime was being reviewed by our professional responsibility sector. That is an illustration of the utility of the new approach to discipline.

Now, it doesn't mitigate the senseless, unbelievable behaviour that we've heard about, but it does demonstrate that this new approach to discipline is the way to go.

Senator Mitchell: I do not doubt your sincerity, but I'm not convinced that whatever you've implemented is actually working. I've had a case recently referred to me with a female officer who had a target drawn on her. There was another case of a woman in the force for 15 months. It was all she ever wanted to do. She has PTSD and unrelenting migraine headaches. There's something wrong.

When I see Chief Superintendent Angela Workman-Stark, who was the head of your RCMP Gender Respect and Action Plan, say that the RCMP needs help from the outside to deal with this problem, I look at why doesn't the RCMP go outside and bring in a public review board, people who will deal with this in a transparent and open way? It's just destroying the credibility and the faith that Canadians have in that organization.

Mr. Paulson: There are a couple of things that are destroying the faith that Canadians have. One is the irresponsible representation of facts from within the organization, without the benefit of a proper hearing, to establish the facts. That is not helpful.

With respect to the externality of our work, in respect to harassment and discipline, we do have external assistance. We do rely on external assistance. In fact, one of the features of Bill C-42 is the direct line of access to the external review committee by harassment complainants. As we've seen with respect to the CPC, we bring in people who are experts and are completely detached from the organization to help populate the facts so that informed decisions can be made without the speculation, without the misrepresentation, and without the sort of unfair accusations that sometimes are made.

Senator Mitchell: Is it perhaps the fact that you had an internal, non-objective SRR process that means that these facts aren't being established properly? What will you do under the new act, the new proposal for unionization, if harassment and behaviour standards and an open grievance processes aren't even within the collective bargaining process defined by that?

Mr. Paulson: Senator, there are all sorts of external avenues for complainants. One of the ironies of the public discussions around behaviours within the RCMP is the fact that people are saying that they're muzzled. Well, I have no path to an external voice. I can't remember the last time anybody has been muzzled.

The avenue for external review and the avenue for access to fair and established means of reconciling conflict and establishing evidence, or taking evidence and establishing facts, are all available. It's just unfair to describe the situation in the manner in which you've described it, senator.

Senator White: Thanks to all of you for being here. Someone touched earlier on recruiting numbers. I was looking on the website today at the changes in recruiting, for example no longer requiring citizenship. I believe it's 10-year landed immigrant status. As another example, applicants no longer have to write the entrance exam if the applicant has a diploma. I wonder if you can walk us through the challenges you have right now and where you think we're going to be when it comes to recruiting over the next one, three or five years.

Mr. Paulson: We've been working on that for the last little while. Obviously you've seen some reporting on that. Perhaps Dan could speak to that.

Mr. Dubeau: Our old recruitment process was cumbersome. It would take a long time to do our old recruiting process. There was a 12- to 18-month average processing time. In an organization of this size, that is not sufficient to meet our needs. The changes you have recently read in the media and that were sent to internal broadcasts are focusing on quick changes we've done. Over the last two years we've done a lot of changes. It's to streamline our process. The last two years have been looking at processing times. How can we process our files faster, so that we're chipping away at 12- to 18-month process to bring it down so we can get our people in quicker to training at Depot? It's still another six months at Depot, and then they're out on the road.

What we did in the past was change the processing itself. We actually did quite an evidence-based approach where we looked at who was failing and where they were not succeeding in the process. We realized quickly that our university graduates were doing very well in the process, and really the testing they were going through was to make sure they had the educational standards so that they could pass at Depot. The intent is for them to succeed at Depot, so we made the decision to allow university graduates to go to phase two, which is the application process. We've now extended that to our college graduates.

At one point there was a discussion about who we want in the force. We are trying to bring the level of education up in the force. That's one way of doing it. We're allowing post-secondary graduates to come in and apply and they are going right to the applicant stage.

The permanent residency discussion was as a result of the challenges right now of getting people to apply. Our organization, as the honourable senator said, is 11 per cent behind in pay right now. We have such uniqueness in our organization. You have to be mobile and willing to serve anywhere in Canada, as you did, senator. Some of them are isolated posts. That is not for everybody. You have other organizations, such as great police forces, metro and Vancouver, where they're able to offer —

Senator White: Ottawa.

Mr. Dubeau: — and then Durham, where they're able to attract a lot of people because they can stay in their hometown and they don't have those challenges. How do we attract more people into the organization, knowing we have challenges? If you asked me the number one challenge, it's mobility in the force. People are willing to come to this organization. They think it's a great organization, and it is a great organization, but you will be moved somewhere else in Canada. We went to permanent residence, not to increase our representation. We're hoping from these communities we're policing that we're able to attract new applicants that we have never seen before in the past.

We recently changed the PARE, the physical aptitude test. We looked at that. On average most of our people were coming in in really good shape. They know what the organization wants. You can gauge that during the process. A lot of times where these kids are applying from, they don't have access to PARE sites. We'll be able to gauge you in the process. When you go to Depot, you know you have to pass the physical test. Start getting in shape, and we encourage that. You're trying to join a police force, go for lifestyle changes.

Our commissioner has made the decision that if you apply and want to stay in B.C., Alberta, Manitoba or Saskatchewan, where our biggest contracts and our biggest needs are, we will say we will put you back there. That's where our vacancy is the highest and where we have to put our people. We're going to try that as a recruiting tool. It's on the website now. If they're interested in going back, we will guarantee a posting in B.C. We'll put you back in the province for a period of time, keeping in mind they have to sign on in Canada, but we will attract people that way. We are trying different things to get applicants to apply and become members.

Senator White: What will our numbers look like this year from recruiting?

Mr. Dubeau: We're trying to put 34 troops of 32 through Depot, a thousand through Depot. We're trying to align ourselves 34. We were at 32 last year. We're 34 writing now, and we're working our way up towards 40 troops.

Senator White: Will that meet our gaps?

Mr. Dubeau: Right now, no. I can be honest, no. Thirty-four will not meet the gap. With the attrition rates at about 800, the new growth happening, especially in the west, it will not meet our gap. That's why we have changed the process as well as looking at increasing the processing capacity, increasing the size of Depot, more facilitators, but Depot will cap out at 40 troops. There's no infrastructure for more than 40 troops at that point.

Senator Day: Could we have clarification on the attrition rate, just before you go on?

Mr. Paulson: The attrition rate does favour a forecasting of about 750 to 800. I will give you the exact numbers, senator. We do have those numbers I will get you. So we've gone up a little higher, and that's just because most of us are getting near to retirement age, so people are going to a well-deserved retirement and going onto a pension.

Senator Day: That's 1,000 in and 800 out.

Senator White: I know in the National Police Services there's been a gap for about a decade, commissioner. I'm wondering financially where NPS is today. I think it's called something else now. I'm wondering where they are now and what that gap looks like.

Mr. Paulson: I'll invite Deputy Commissioner Henschel to speak to that.

Peter Henschel, Deputy Commissioner, Specialized Policing Services, Royal Canadian Mounted Police: We've done a lot of work over the last four or five years around the governance and mandate of National Police Services. One of the things we've intentionally done is to try to manage it as a separate mandate and a separate business line within the organization so that funding stays within there and we're not taking funding from another area of the organization into National Police Services or vice versa.

We had some success around renegotiating the biology casework analysis agreements with the provinces and territories in all jurisdictions except Ontario and Quebec, which have their own lab. We actually, through that process, now get vote net revenue where, if costs go up, then we are able to get more funding. We get that funding. We've addressed some of our funding shortfalls there.

The bigger problem or the bigger challenge is that National Police Services is a suite of services that are evolving over time. As new things come along and things change, then as a police community we need to react to that and adjust to that. They're not going to be a static group of services. Some things may fall off the table, and new ones come along.

As an example, we have a National Police Services Advisory Committee that passed a resolution last November to look for the creation of a national cybercrime coordination centre, which is fundamental to coordinate and de-conflict around cybercrime.

That's an up-and-coming service that probably needs to be a national police service, and I've taken that to the FPT committee that our committee reports to, or provides information and advice to, and so we're looking to governments across the country to work with us on how do we go about particularly funding such a new centre.

Senator White: March 31, 2016: negative or positive?

Mr. Henschel: That's hard to say. We have a budget, and we're impacted by things like the operating budget freeze, just like everybody else was, so we live within our budget.

[Translation]

Senator Carignan: My question is about RCMP investigations outside the country. An anonymous source in the RCMP made us aware recently that an investigation into the murder of a Canadian hostage had been opened. First of all, can you confirm this?

I would also like to know how many resources the RCMP has outside the country to investigate not only murders that have been committed, as in the case of the recently murdered hostage, but also throughout all terrorist networks, be they combatants or funders of these groups committing criminal acts.

Mr. Paulson: First of all, I need to specify that we do not usually confirm which investigations we are conducting or not. However, sometimes, it is pretty clear. Under the Criminal Code, we have the authority to proceed with investigations abroad, under anti-terrorist provisions, for example. In the case that you mentioned, an investigation is being led by our investigators here in Canada, from the National Division.

I will invite my colleague, Mr. Cabana, to tell you more about it.

Mr. Cabana: You described it very well, Mr. Commissioner. However, it is important to understand that the RCMP, despite the fact that it deploys investigators to lead investigations into certain files, has no authority in countries other than Canada. Our powers are here, in Canada, and they are entrenched in the Criminal Code or provincial laws. When we deploy people abroad to conduct an investigation, we do it jointly with local authorities. And so, if we do not obtain the authorization from local authorities, our ability to investigate is significantly reduced.

Now, when it comes to ongoing investigations, it would not be appropriate for me to discuss the scope of these investigations or the number of resources that we deploy. Suffice it to say that our deployments are constantly re- evaluated based on the expertise required outside the country, and that those deployments are made to meet those needs.

Furthermore, there are resources deployed as peacekeepers. As we speak, 95 members of the RCMP are on international deployments. We also adjust that number regularly. We study the cases and we prepare deployments in other parts of the world that could benefit from our police officers' services.

We also have 57 liaison officers or analysts deployed in 30 countries to help Canadian investigators in the RCMP, as well as those in other police forces, other government agencies and local agencies in those countries. Among those 57 officers, we have also deployed criminal analysts who, in some cases, work within the intelligence services of foreign agencies to promote the exchange of information between different police forces, always in order to support ongoing investigations.

Senator Carignan: Do you believe that you have enough resources abroad to do this work?

Mr. Cabana: As my colleague stated in his answer, we use the resources that we have available. We are regularly asked that question when we are invited to Senate committee meetings. We would certainly like to have more resources, but we use those that are made available to us.

Senator Carignan: Would having more resources allow you to be more efficient, or do you believe that the lack of resources is currently detrimental to investigations?

Mr. Paulson: Currently, we are reviewing the resources available for the federal investigation section. I believe the government understands that we face challenges in our work and that we have now started this study. I am looking forward to finishing the study so that we can know what we need to do and what we need to conduct investigations, and so we can set priorities. Investigations have changed significantly over recent years. The laws and the challenges are complex, and I hope that we will be well placed to tell the government what the RCMP needs to do its work in the 21st century.

Mr. Cabana: I agree with the commissioner. Over the past three years, we have developed a series of tools that allow us to more easily determine the number of investigators needed to deal with the important files that we are currently processing. At the end of the month, we will make these tools available to all of our units across the country in order to standardize the way we conduct investigations, so that the necessary resources are allocated to each file.

[English]

Senator Kenny: About 10 years ago, a B.C. university put out a study that listed the number of hours it took to perform different tasks. Have you done anything to update that and make that information available to the public?

Mr. Cabana: Yes.

Senator Kenny: It was quite intriguing to see how the paperwork that's required by different pieces of legislation multiplies the number of hours that are involved.

Have you updated it, and can you make it available to the committee?

Mr. Paulson: We haven't updated it. As I was indicating to your colleague, we are engaged currently in an ambitious review of our federal policing mandate in terms of the kind of responsibilities we have and how we are executing on those, which will require a resourcing methodology which will be built upon the same sort of framework that the Plecas study was built on.

One of the more famous cases there demonstrated that whereas it used to take a half an hour or an hour for an impaired driver, it takes a whole shift now. Those kinds of impacts on resourcing — it's not just laws, it's jurisprudence and it's the evolving environment in which we find ourselves. Those things will all be factored in and should provide an instructive case to go forward.

Senator Kenny: It was much easier to understand when it was translated into the number of hours that were involved.

Mr. Paulson: Indeed.

[Translation]

Senator Carignan: I would like to pursue the discussion about investigations conducted abroad. Recently, an international consortium of journalists made public some information about the Panama Papers. This information suggested that there were cases of tax evasion, but it was also suggested that certain companies might be used for money laundering or the financing of terrorism. Have RCMP officers had access to the information of this consortium of journalists? Are there investigations under way or have investigations been started following the publication of the Panama Papers? Furthermore, are you aware of the information that will be published on May 9, the date on which the consortium says it will be publishing even more information, notably about Canadian companies?

Mr. Cabana: As soon as we learned that these documents existed, we undertook discussions with our foreign partners in order to obtain copies of the documents. These discussions are under way, but we have received confirmation that we will be receiving all of the documents. We are also working with our partners in Canada, such as the Canada Revenue Agency, the Financial Transactions and Reports Analysis Centre of Canada, and other government agencies, so that, as soon as we receive all of the documents, we will be able to analyze them rapidly. As I am sure you can understand, there appear to be a lot of documents.

Senator Carignan: What was Panama's involvement in this case?

Mr. Cabana: Currently, we are not having any particular discussions with Panama. We are in discussion with other countries and other agencies.

[English]

Senator Day: Commissioner, thank you very much for being here, along with your team of deputies. I'm sorry it took so many exchanges of letters back and forth before we were finally able to settle on your appearance here.

You've been here before. We've had good cooperation and I got the sense that maybe there was a concern or distrust involved here possibly in our line of questioning. I thought to myself that perhaps — and now I'm sharing this with you — we could have a more regular meeting. That is, not a meeting when perhaps there's some political issue that we want to bring you in and talk on, but have a regular meeting where we can understand what your challenges are and understand what each of you are going through to meet your demands and to get beyond that public statement that we do the best job we can with the resources we have.

I'm glad to hear that there are other discussions going on here. My suspicion is that they're with Treasury Board and you're talking to Treasury Board — there are other people pulling and pushing for funds as well. We want to know how you can do the best possible job for the people of Canada and how we can help you get there.

We vote on appropriations. If we know that you're not getting your fair share to do the job we expect of you, then we can deal with that.

The Chair: Is that a question?

Senator Day: No, it's an introductory remark. I'll just let the translators catch up with me.

I have two questions, and the first one is why we are always focusing on the return — perhaps it's because it's a security concern — of individuals from Canada who have gone abroad, been involved in terrorist activity abroad and return to Canada. We always seem to be focusing on that number.

What about those that return disillusioned, that come back and say, "That was a silly thing that I did." If you could single out some of those people and get them to talk about the bad experience and why it's not as glorious as it perhaps would at first appear or was made to appear to them before they went, I think that could go a long way to preventing others from joining in on this trip abroad.

Mr. Paulson: Mr. Chairman, senator, if I could maybe seek to reassure a bit, the RCMP, in its national security context, has no better partner than CSIS. We have come a long way in managing our relationship and de-conflicting our work. That strong relationship has extended, largely to my colleague's credit to my right, as we responded to the increased threat in the last couple of years by building a joint operations centre to respond specifically to those kinds of situations — that is, where people have come back or have been identified as wanting to go or have expressed some radical ideas to the point of concerning people, such as they would make complaints.

We have done just that, with other government agencies, with our close partner CSIS. We've gotten together and we look to risk assess and deploy responses which vary — as you've described — from going to have conversations and working with the family members and the loved ones of individuals, to doing 24-hour-a-day surveillance, to wiretaps, to arrests, to peace bonds.

That ability to be with all of the other authorities and people who have authority in the government has offered us tremendous advantage in managing the threat. As we go forward, of course, you'll know that Public Safety will be building some capacity in terms of the counter-radicalization initiative. We, too, are in the crime prevention business and in national security. That means counter-radicalization.

Those opportunities to seize those individuals and to have those individuals represent their experiences is part of a broader government engagement that I think will bear some fruit in the very near term.

Senator Day: You're confirming that that is taking place now. We don't hear as much of that. We hear a lot of the focusing on the other numbers. I'm glad to hear that.

Mr. Paulson: The media is shy.

Senator Day: The other question I have flows from the recruiting question that you heard earlier. I'm reading articles and hearing stories about the graduating classes from training at Depot in Regina who are all coming to Ottawa for the first six months. They're all expected to do that. We've always understood that training at Depot is just the very beginning and that the indoctrination and the learning of the culture is done on the job, and a lot more on-the- job training than perhaps other jobs. How does this group coming to Ottawa fit in with your training program that has worked fairly well for you?

Mr. Paulson: One of the strengths of this organization when we face new challenges like we have with integrating the parliamentary security service, which we have done to the great credit of a number of agencies, is our ability to support the transition and get to a point where they can be steady state on their own. Some troops have come to help support the transition to the new reality, and that's on the verge of being discontinued. Years ago, when I was going through Depot, every couple of troops would be sent to Ottawa to work the embassies because there was a challenge with guarding embassies in the day.

I think that's a very good experience for them. They get to see the reality, and it's only for a short period of time, up to about six months. Frankly, that has helped socialize them into the law enforcement reality. It's not something we rely on for the longer term; it was just a transition device.

Mr. Dubeau: For the record, it's six to eight weeks. It's not six months.

Mr. Paulson: I stand corrected.

Senator Day: We read the same articles.

Mr. Dubeau: As the commissioner said, it was a temporary measure to help with on the Hill, and so they were coming here for six to eight weeks and then transferring back to their detachments. The intent was that it be short term. While they were here we had people to mentor them to ensure that they were keeping up their skill sets. We were able to carbine train some of them who were coming here. We were able to send them to our Connaught Range and do the carbine training course.

We've leveraged as much as we can to keep their training up, but it was only a short term of six to eight weeks. That's why you heard about so many troops coming, because we released them back into the field to start their field coaching program. You are correct, senator, that is the on-the-job training. We wanted to get them out there as quickly as possible.

I can tell you that the cadets, the new members, were volunteering to come when they heard what happened on October 22, and there was a discussion about this. They were actually volunteering, and some troops were very upset that they couldn't come. They said they wanted to do this because they thought it was important. So that shows the level of professionalism and dedication of our members who wanted to come here and do the job because they knew it was a time of need for all Canadians.

[Translation]

Senator Dagenais: I have to warn you I have three questions, but I will try to be brief. I would like to come back to the question of RCMP staffing. Commissioner, you mentioned that there are around 500 police officers who were transferred as part of anti-terrorism efforts. It is important to note that these police officers come from other units. I remember well that, during the Oka crisis, there were 2,000 of us police officers from the Sûreté du Québec on Mohawk lands. We had to put in a lot of overtime, but only occasionally. Then we were sent back to our units. All of this is to say that these people who are fighting terrorism will have to do so on an ongoing basis, because terrorism is not going to disappear overnight. Can we then conclude that, in order to respect your mandate, you may be short of staff, but that the government will have to provide additional funding if you are to have enough police officers to continue fighting crime?

Mr. Paulson: Precisely. That is why we are currently conducting a study to demonstrate the operational impact of deploying these 500 police officers, although the number is now down to around 470. Our current priority is fighting terrorism, and that is what we are focusing on. I am sure that the study will demonstrate the impact this has had.

Senator Dagenais: Could you explain to the committee why evidence presented to judges to request the right to monitor individuals who are radicalized or who may become radicalized is kept filed and sealed and not made available to the public or to the media? I understand that this is an investigative file.

Mr. Paulson: Yes. There are reasons for keeping evidence filed and sealed. I will ask my colleague to explain. The intention is certainly to not hinder the investigation or to not have to disclose the identity of one of our informers.

Mr. Cabana: It is exactly what the commissioner said. In many cases, most of the time, it is rare that a person works alone. When it comes to requests for surveillance, I understand that your question concerns intercepts and things of that nature, but not physical surveillance as such. There may be aspects of the investigation that would make the investigators' work much more complicated and difficult if that information were to be made public. So that is the reason.

I would also like to clarify something. The decision to keep these requests filed and sealed is not made solely by the police officers. It must be approved by the prosecutors and by the judge. There must be valid reasons to keep those documents filed and sealed.

Senator Dagenais: Thank you. I will ask my last question. I do not want to go back to my former role as a union leader, but I would like to come back to the issue of the unionization of RCMP members. Normally, to form a proper union, a majority of police officers would need to vote to do so. Do you have the impression that the majority of police officers would be favorable to the idea of unionization? Do you have a strategy to inform them of the advantages and disadvantages of having a union to improve their working conditions?

Mr. Paulson: We conducted a poll to find out what our members thought. It is fairly clear that the majority of our members would like to be unionized, but we have not developed a strategy in that regard. It seems to me that this would cause more problems. There is no strategy, but it is interesting to note that our members' representatives are professional and serious when it comes to defending the rights our members.

Senator Dagenais: It is unfortunate that I am a senator, because otherwise I could help you.

[English]

Senator White: It's one thing to say you're interested in unionizing until you find out the dues are $1,700 a year, or $2,500 a year. What happens if they choose not to unionize and the SRR program is gone? What's our strategy there?

Mr. Paulson: I'll invite Dan to put the finer touch on it, but the SRR program, while it's discontinued, has been replaced by what we're referring to as a workplace representative program. In fact, I just met with them last week, and they're rocking and rolling towards representing members' interests.

That program will be there, and all of the statutory requirements that we have to engage our members in occupational health and safety committees, workplace safety committees, equipment committees and so on, to represent members in discipline, they will be acting in that regard. That's for the interim. So it's not really that the SRR is gone. There is a clearly management supported and funded program for the interim. But if no certification happens, they will be there as long as there's no certification. Once there's a certification of a bargaining agent, that's that. Have I got that right, Dan?

Mr. Dubeau: Yes, the commissioner is right. The difference is these are individual representatives now, versus the SRR, which represented the collective; they were the voice of the membership. They will be individual representation, but they will still have health and safety committees. All the legislative committees will still run and they will represent the membership. Where we will have to change our way of doing business is for the collective voice. Management will have to reach out using different things — focus groups, employee advisory groups, surveys — to get the information from our membership.

Senator White: If certification doesn't happen.

Mr. Dubeau: If certification doesn't happen. Once certification happens, you have a collective group that can represent.

The Chair: There's a fundamental issue here that I don't think is being debated, and that's the question of whether the rank-and-file RCMP members can form their own representative union or they come under the public service. Is that not correct?

Mr. Paulson: No, it's not. That's why Bill C-7 will be coming before you. It contemplates making significant changes to the Public Service Labour Relations Act to accommodate the unique operating environment which is the RCMP, but permitting a prospective bargaining agent to be certified, and then a bit of a division as to whether or not grievances pursuant to terms and conditions of employment, such as pay, benefits and so on, go off to the Public Service Labour Relations Board for adjudication, but some of the other discipline and harassment goes off to the existing appeal process, and in the case of harassment, the external review committee, where people are being dismissed. That's the understood feature of Bill C-7.

The Chair: I want to raise an issue that was raised in the Subcommittee on Veterans Affairs with Minister Goodale and Mr. Dubois, and that has to do with the Auxiliary Constable Program, and there was an undertaking to review it. Since then, as the senator for Yukon and also my representation on this committee, I've had numerous representations not just from Yukon but across the country in respect to the diminishing of the authority and the recognition of the Auxiliary Constable Program as it exists in those provinces that have contracts with the RCMP.

I want to make sure the record is correct. I believe there are 1,600 people who are part of that organization across the country. The largest number of them are in British Columbia. The reality is these individuals are volunteers; they don't get paid. Their costs are covered by the provincial or territorial government, not by the RCMP; so that's not a cost to the RCMP from the point of view of their agreements.

Second, a question was raised about liability. I have found out that the Workers' Compensation Board represents these individuals, if they do get hurt as first responders in the workplace. I've heard today how short-staffed the RCMP is, and I believe they are way understaffed in terms of what we're asking you to do. At the same time, we're taking the ride-alongs away, and the checkstops; the uniform is coming into question, and there's the question of whether they will keep their peace officer status.

Other municipal police forces are looking at implementing or expanding their programs. If you look at the United States, it is similar; they're looking at community policing, encouraging people to be part and parcel of their forces so that they can deal with the day-to-day issues of crime in their communities.

I would like an undertaking that, in view of those facts, the RCMP and the department sit down with the provinces and territories to review the future of this program and confront the question of liability, instead of running away from it, so that we can continue with the program and maybe strengthen it. That's my dissertation.

Mr. Paulson: Thank you, chair. It is a very electric issue in those jurisdictions where we rely on and use auxiliary constables. It is an invaluable service. It has come under review as a result of one of our auxiliary officers being shot. There's been an evolution of the program over time, where first they were armed and then they weren't and then they were going in a police car unarmed. There are questions and considerations to be routed out in order for an organization to go forward.

I have undertaken with solicitors general and other representatives from the various jurisdictions who are interested, and I tell you solemnly that we will meet with all of these people. We're doing that. We're consulting extensively on the very issues that you've identified. Ultimately, it's not just a question of liability; it's a question of responsibility and doing the right thing, and we will do the right thing.

When I was a young constable deployed in my first posting, I couldn't find some of the areas I was dispatched to, and there's no greater assistance than having a local person who knows the roads, the people and the circumstances, so we get all that. We have to make sure we are doing that. Now the organization is being charged, often. Every time we have a member hurt or killed, we have an ESDC review immediately of our practices, policies and behaviours, and in the Moncton case, we're before the courts on a labour-related matter. It's more than simply liability.

The Chair: I'm going to leave it as an undertaking, but I want to reinforce how important this program is, especially to rural Canada, and to diminish the number of officers or people involved in community policing from being within the community is not a wise decision to make, believe me.

Mr. Paulson: That's understood, chair.

Senator Beyak: Thank you, gentlemen. It's always informative when you're here.

I worked in the United States from 2008 until I was called to the Senate on issues that included national security and defence. I have dear friends in Canada and in the U.S. who are Muslim. They are Muslims Facing Tomorrow here in Canada and the American Islamic Forum for Democracy in the United States. That's Dr. Zuhdi Jasser, a retired lieutenant commander of the United States Navy, and he testified before the House of Commons committee.

He says it's critically important that we differentiate between good Muslims and bad Muslims — his words. How do we do that in light of the United Against Terrorism handbook that was part of the RCMP — and you did distance yourself from that — produced out of Winnipeg, so that we have good leaders coming forward, and we're talking to the people who mean us no harm and who love Canada and the Constitution? The Muslim, Christian and Jewish faiths are synonymous. It's the Islamic terrorist political movement that's the problem. How do you differentiate when you're talking to those groups in your work in the communities?

Mr. Paulson: The first thing to underscore is that our success and our policing efforts in the national security or any other context rely extensively on the trust and the confidence that the people have in our ability to police them.

In that sense, we don't distinguish on the basis of any visible or articulable differences other than the evidence. We have focused and purposeful approaches to engaging with communities, to making sure that our responsibilities and our limitations are understood and trusted by citizens, and we go to great lengths to do that in all our communities.

The fair and consistent reliance on evidence as the basis upon which we act and to be able to share that with our communities gets us a long way.

Senator Beyak: There were three or four incidences in that United Against Terrorism handbook that you pulled away from because they were not good people. How have you learned to not have that happen again?

Mr. Paulson: I'm not going to dispute the premise of your question, except to say that our purpose for engaging in that handbook was to talk about what we do.

Let's get out of the national security context for a second and let's talk about garden-variety crime. We have to sit down with people who do crime, and we talk to them about the dangers of doing crime. Sometimes we're talking to criminals, and sometimes we're talking to people who are probably predisposed to be criminals.

So our objective and our narrow focus is to be representative of what we do and who we are. I think in that sense, having our activities represented in that handbook or in others is part of our effort to let people know what we do.

Senator Mitchell: I wanted to ask another question about the harassment thing in Bill C-42. Do you have any stats — they may be difficult to get, of course — on how many people you've fired for harassing other people, for being harassers, since Bill C-42 allowed you to get rid of the bad apples, versus the number of PTSD victims?

Mr. Paulson: Recently, senator, we publicly put out a bit of an update to our work on transforming the culture, understood more broadly than simply how we're doing on harassment. We've updated a number of features to the cultural transformation, which is our objective. In that sense, we've had a serious uptick in our conduct cases for early intervention, and we've also had a serious uptick in our dismissal-seeking decision making there.

Senator Mitchell: I'm interested in the interim process that you've implemented to replace the SRR and the implications if the force doesn't unionize for what that will become. I think you're saying that essentially this interim process would become an established process. How does that differ from the SRR in achieving greater objectivity and in convincing constables they will be represented in a way that's at least —

Mr. Paulson: Thank you. First, let me say that it's not intended to be permanent. I think we all recognize that somebody is getting certified someday. It was never intended to be a permanent fix. But as my colleague pointed out earlier, their responsibilities are put to the individual representation.

In terms of how we canvass members more broadly as a collective, that's going to fall to management to be more engaged through invitations to comment on questionnaires and so on. But those big organizational issues will have to be canvassed in a new way while these members in this new interim body will be more individually representative, if that makes sense.

The Chair: We're running a little bit over in time. Do you have a few more minutes, commissioner?

Mr. Paulson: Yes.

Senator Mitchell: I'm not sure you can comment too broadly on this, but I'd like to elevate the Azer case from Alberta, the father who is illegally holding his children. Is there anything you can tell us about that?

Mr. Paulson: I think there is. I'll invite my colleague Deputy Cabana to fill you in.

Mr. Cabana: There is and there isn't. I think I have to be somewhat circumspect on what information I share. This is still a very significant and troubling matter that is currently unfolding. What I can do is share with you our role, if you want.

We have our liaison officers in the Middle East. We have a number of liaison officers that are engaged in that particular case, through Interpol as well, to try to secure the release of the children. We are working very closely with Global Affairs. They have the lead on this in terms of discussions with Iran.

We actually obtained an arrest warrant against Mr. Azer for kidnapping the children. A red notice has been entered into the Interpol system. A yellow notice has also been entered into the system for the missing children.

We are fully engaged. We have a member assigned to provide support to Ms. Azer in these difficult times. We are following this case very closely.

[Translation]

Senator Carignan: My last question is on the Official Languages Act. There have been a few incidents, some of which involve the Official Languages Commissioner, and in particular with regard to a complaint he received. I also read some messages on Twitter, including in Manitoba, that should have been tweeted in French. I tried to understand these tweets, but I could not. So as you can imagine, that was frustrating for me.

What do you do in this type of situation? How is it that this kind of thing is still happening in 2016? The situation is a bit embarrassing for the organization. What measures are you taking to prevent this kind of thing from happening again and to ensure that our two beautiful languages are respected and used properly by your services?

Mr. Paulson: First, with regard to the complaint that was made here on the Hill, it might have been due to our cadet assignment strategies. In my view, it is not reasonable to expect that 100 per cent of members be bilingual. However, at the very least, those who are not bilingual should understand what they need to do when they receive questions or comments in the other language. But that is not what happened during that incident.

Our National Division commanding officer assured me that all of our members received instructions, and almost 90 per cent of our personnel is bilingual. It is very important that this issue be addressed in a way that is fair for everyone.

With regard to the Manitoba Twitter message, I am not aware of it. However, I will look into it. I also send out tweets, and I sometimes find it difficult to express myself in both languages. However, that is not an excuse, and I will look into it, because it is absolutely important that both languages be respected.

Senator Carignan: It is also a matter of security.

Mr. Paulson: Yes.

Senator Carignan: It is clear that messages, especially those sent via Twitter, are often urgent and deal with things that have to be addressed quickly. It would be unfortunate if incidents were to occur. Do you understand?

Mr. Paulson: I hope we will not receive any complaints — at least, I hope not.

[English]

Senator Kenny: Commissioner, after pay, the next most difficult problem to me appears to be moving away from a common health plan. Could you comment on that and whether it's a worthwhile endeavour?

Mr. Paulson: I'll invite my colleague Dan Dubeau to speak to that.

Mr. Dubeau: Thank you, commissioner. The common health plan became provincial health plans, the movement about three or four years ago when we had changes to the Canada Health Act and we went under provincial plans.

Keep in mind that provincial plans are there to cover non-occupational injuries, the same as every other Canadian in that province. We were finding as we were drilling down and talking to our staff relations program, we were assured that those plans would cover our members for just non-occupational, run-of-the-mill illnesses; if you have a cold, you go see a provincial doctor, which they were already doing. The organization is not like DND; we don't have a massive health infrastructure. We actually use provincial doctors.

What we were finding in some provinces — I won't point any provinces out — since we were not under the provincial health plans, they were charging us as non-residents, and so the province and Canada were paying twice or three times the rate, depending on what the province would charge for the same service that their spouse or husband would go to. We did go to provincial health plans.

However, what we did put in place is we still have our occupational health. That is another structure that we do run internally that's still there. That still covers all our members if they're injured on duty. That's still running, being funded internally. It's a supplemental on the plan. Our commissioner's always said that where a member is injured on duty, we will cover him 100 per cent. We have not changed that.

You might have heard some debate around C-7, where we talked about going under the Government Employees Compensation Act and having access to workers' compensation boards, and that was taken out of the bill. That was part of the plan, saying we need to have access to independent boards. Now we'll be building that internally.

We already have an internal process to watch, so when somebody gets hurt on the job, or they say that it's duty related and they apply for the benefits under our occupational plan, we determine it to go that way, and then we pay 100 per cent. So there's no loss to them at all.

That's the thing to reassure our members that if they're injured on duty, document it, and we will cover them. We have covered everyone. They have appeal processes internally right now to the organization if they feel they were not adjudicated properly.

Mr. Paulson: The feature that was attractive to that was the availability of a consistent cohort of professionals experienced in the management of cases. Obviously, it's taken off the bill. It sounded as though there was some downloading to provinces. It was not. It was relying on these arm's-length, external, privacy-respecting, proven institutions that manage health care. It is what it is.

Senator Kenny: Are you saying that I'm misinformed and it's not a morale problem anymore? It appeared to be, and it still seems to be a matter that's discussed from time to time.

Mr. Paulson: I think it's a misunderstanding, respectfully, senator. It's a misunderstanding around the erosion of health care benefits. That's something that we should inform the committee on, on the scope and scale of our available health benefits, which is considerable and remains considerable.

Senator Kenny: Would you please go ahead and inform us? Do you have anything that indicates that this isn't, in fact, a morale problem in the force?

Mr. Dubeau: Is it a morale problem? You have to realize that when this was happening it was the same time as all the deficit reduction was happening. Our members would see this as another take-away. There was health care; there were no pay raises. So when you factor it all in, yes. To say that it was not, it almost seemed like everything was being taken away from them. I think that's part of the issue.

We had to go out and educate the members: Here's what the changes are on the provincial plans. There's an occupational and a non-occupational plan that also covers our members. We were able to put that out.

We'll provide you the details of what that meant. We did a full analysis of what that meant to our total comp package when we made these changes, and it was minimal, because most of the members were not choosing the plans to that extent. There's still extensive coverage, and we will provide you a list of what the coverage is.

Mr. Paulson: I think there was also a certain cachet of going to the doctor with your separate form that said, "I'm in the RCMP," rather than having to sit there with your health care card. Whether that translated into the firm and articulable removal of benefits is not at all clear to me.

Being a member myself, I want to have the best health care I possibly can. Apart from having a health care card, I don't see the difference.

Senator White: I've asked the question of the Minister of Veterans Affairs, the Deputy Minister of Veterans Affairs, the Minister of Public Safety, and now I'll bring it here, about veterans' benefits and the fact that it still sits only with an MOU.

Do you see the necessity of having more than an MOU where service is provided and having a direct responsibility from Veterans Affairs to manage the benefits of veterans?

Mr. Paulson: I know time is tight. We did an analysis of the benefits that accrue to our members in our circumstances as compared — and I don't want to single anybody out — to the other people that avail themselves of that. Frankly, they're stronger over here. You just need to understand how they're delivered. Dan himself did this study, and he can speak briefly to that.

"No," is my answer. I don't see the need for that. I think the articulation of the benefits, as Dan is about to do, would be helpful.

Mr. Dubeau: Yes. We can give you the analysis.

Senator White: I would like to see it, please.

Mr. Dubeau: We did do an analysis of RCMP members versus RCF colleagues. Unfortunately, it has to be on someone who is killed on duty. We were able to pull it down, saying, "Here's what it means." We have different benefits, including, as they would call it, the pension. We have pension and all kinds of other benefits that kick in.

Having said that, notwithstanding, we have talked to our veterans' groups, our vets association, about whether an MOU suffices. Now we're engaging with them through a subcommittee and saying, "Okay. Do we want more? What does that mean? Do we have to go more into a legislative change or not?" and to really have our veterans contribute to this discussion, because they're sitting around the table. As you know, some of our veterans will say, "We want it all." Others will say, "We want some of it." We're trying to get from them, "What would you like to see in coverage?" And we include our membership, because someday we're all going to be veterans. What do we want to see?

That's currently a work-in-progress, so we're able to inform our commissioner and have a discussion at senior executive.

Senator White: If I could have the analysis, please.

Mr. Dubeau: Yes. I can share that analysis with you, sir.

Senator Beyak: Thank you, Commissioner Paulson. I appreciated your answer very much and the delicate nature of the question, but my Muslim friends are united in their belief that we're still talking to groups that are affiliated with Hezbollah, Hamas and other terror organizations.

I'm not sure you were clear what evidence you look for when you go into these communities and decide who you will trust.

Mr. Paulson: We go into those communities to establish bonds of trust and confidence in our policing. That's why we go in there, to inform people what to look for, perhaps early indicators of radicalization, what in the court system they can expect, how the police work. Those are the reasons we go into those communities.

In terms of the evidence I was talking about, we don't go into community outreach hoping to get evidence of criminal proceedings. We go into community outreach trying to persuade them that we are driven by a respect for evidence and not for a sort of prejudgment or an expectation that some Muslims are bad and some Muslims are good.

We're looking for criminal behaviour, and we do it on the basis of evidence. In terms of our outreach, it's to establish trust and confidence in our business.

The Chair: To conclude this, commissioner, on that issue, one of the recommendations in our interim report was that there be a communication on an ongoing basis with CSIS and other agencies to make sure the individuals you are consulting with from a regional point of view, maybe in a small community, they know who they're talking to. Have you gone into a protocol with CSIS on this to make sure things are done in that manner?

Mr. Paulson: In respect of outreach activities?

The Chair: Yes, to identify and make sure that the individuals you're working with are the people they say they are. That's the only question that's being asked.

Mr. Paulson: I see. In terms of the representatives of communities that are working with us, yes.

The Chair: I'd like to thank our witnesses for coming and their patience. We certainly appreciate your being here. Thank you.

Joining us in our third panel are three representatives from the Canadian Electricity Association: Colin Penny, Senior Vice-President of Technology and Chief Information Officer of Hydro One Incorporated and Hydro One Networks Inc.; Francis Bradley, Chief Operating Officer; and Geoff Smith, Director of Government Relations.

Gentlemen, welcome to the committee. Mr. Bradley, I understand you have an opening statement on behalf of the association. Please proceed.

[Translation]

Francis Bradley, Chief Operating Officer, Canadian Electricity Association: Thank you for giving us the opportunity to take part in your study. Our association, which is celebrating its 125th anniversary this year, is the national voice for the electrical energy sector in Canada. Our members represent the complete electrical energy value chain, including its production and its transmission to residential, commercial, institutional and industrial clients across the country.

[English]

I am joined today by Mr. Colin Penny, Chief Technology Officer of Hydro One. Hydro One owns and operates 29,000 circuit kilometres of transmission lines which power Ontario, including 1.3 million distribution companies. I am also joined by Geoff Smith, our Director of Government Relations.

The electricity sector is a core component of one of Canada's 10 critical infrastructures as defined by Public Safety Canada. Ensuring the long-term security, reliability and stability of the electricity system in Canada, considering its key role in powering other critical infrastructure sectors essential to the economy and quality of life, is a key function of our association. CEA's critical infrastructure protection activities address physical security policy, IT security policy issues, and emergency preparedness, and all from an all-hazards, all-threats perspective. We are also the industry's interface with Canadian and U.S. federal, security, intelligence and policy officials.

We appreciate the opportunity to provide you with the electricity perspective. We will address the focus areas of your study and provide you with eight specific recommendations we hope you will consider including in your eventual recommendations to government.

We'll begin with cybersecurity. For the electricity sector, cyber-threats constitute a critically high priority. We crossed a cyber Rubicon of sorts last December when for the very first time, a cyberattack resulted in the loss of electricity service to customers — in this case, as you heard previously, 200,000 customers in Ukraine. This of course is elevating our concern.

CEA engages with key partners in Canada, on a North American basis, and we've been doing this on cyber issues since 1998, when we began preparing for Y2K.

In Canada, we work very closely with Natural Resources Canada on a broad range of security issues, including cyber. They have proven to be a very effective window into what is occurring in the rest of the energy sector. They have undertaken training initiatives specific to cybersecurity in the energy sector.

Both the RCMP and CSIS are key partners for security and intelligence information sharing, effectively providing situational awareness information to our members, and for those with security clearances, classified briefings are provided twice a year.

However, our most critical partnership is with Public Safety Canada. It's on two levels. First, we engage on policy issues, such as the development and implementation of the government's national strategy on cybersecurity. On this I would note our first recommendation, the need for the federal government to review the national strategy on cybersecurity.

The Chair: Which they are doing.

Mr. Bradley: We are looking forward to engaging in that process.

Second, on the operational level, through its role as Canada's cyber emergency response team, or CERT, Public Safety Canada's Canadian Cyber Incident Response Centre, or CCIRC, whom you met with a little earlier today, plays an integral role in the preparedness, prevention and response to cyber events through research, their facilitation of information sharing and their partnerships.

Our second recommendation is that the federal government increase CCIRC's capacity and capability. This is a request we've included in our recommendations for the previous two federal budgets.

In 2015, over $200 million over five years was pledged to Public Safety cybersecurity initiatives, but in our view this is insufficient for the challenges that we face as a country.

I'll now turn to Mr. Penny to continue with the opening statement.

Colin Penny, Senior Vice-President of Technology and Chief Information Officer of Hydro One Inc. and Hydro One Networks Inc., Canadian Electricity Association: On the North American front, the electricity sector collaborates with the North American Electric Reliability Corporation, or NERC, on a number of fronts, most notably in the development and implementation of mandatory cybersecurity standards.

These standards govern a wide set of actions related to system planning and operation and underpin the security of our shared North American electricity system. Of note, we are the only sector with mandatory cybersecurity standards.

Our third recommendation is the implementation of mandatory cybersecurity standards for federally regulated sectors.

Through its Electricity Information Sharing and Analysis Centre, E-ISAC, NERC disseminates threat information across the sector and every two years conducts a continent-wide simulation known as GridEx to test utility's ability to respond to security threats. While there was a substantial Canadian presence at the most recent simulation, our fourth recommendation is that Canadian security agencies introduce a tabletop exercise in Canada of similar scale.

These exercises are highly effective means to test readiness, to increase understanding of roles and responsibilities of the interdependent critical infrastructure sectors, government and law enforcement, and to produce learnings that can enhance incident prevention response and be applied to business continuity plans and practices.

Another key continental forum is the Electricity Subsector Coordinating Council, or ESCC, an independent industry CEO-led body that engages the highest levels of the U.S. government on cyber and physical security challenges.

We would like to highlight the participation of Public Safety Canada and Natural Resources Canada, whose participation is critical to ensuring Canadian representation on this important continental forum. An overarching theme in all these forums and the most important function and outcome of these interactions is information sharing.

Turning from cyber, I'll now address threats to physical infrastructure. While widespread system digitization and automation has been prominent in our sector, the operation of these systems is still largely performed by utility professionals who are also our first line of defence on all fronts. Ensuring access to timely and standardized background checks for utility personnel is critical.

Our fifth recommendation is that the federal government establish standardized background checks for Canada's critical infrastructure sector.

An emerging threat we would like to address is the threat to the electric grid posed by geomagnetic disturbances or GMDs, casually known as solar storms. These occur when the sun ejects charged particles which interact with and alter the earth's magnetic fields. Depending on the magnitude of the GMD event, the grid can be vulnerable to disruption or outages due to the currents caused by the GMD which flow along electric transmission lines.

While awareness of the threat posed by GMDs is rising, the science is still evolving with many gaps left to be filled. Canadian utilities seek assistance in building the knowledge and tools necessary to protect the grid against this threat.

Our sixth recommendation included in CEA's pre-Budget 2016 submission is that the federal government fund research, transformer testing and other activities to enhance understanding of the impacts of GMDs on the electric grid and to assist utilities in mitigating these impacts.

Geoff Smith, Director, Government Relations, Canadian Electricity Association: Our seventh recommendation relates also to interference with physical infrastructure. For our sector, that most commonly occurs through theft of copper from our electricity facilities. Copper theft from electricity infrastructure is a growing problem that is dangerous, expensive and a threat to system reliability. Tragically, since 2006, nine people have been killed and many more have sustained injuries as a result of these incidents, and most a result of facilities becoming lethally energized when copper grounds are removed from an electrified infrastructure.

In addition to recommendations related to tightening various aspects of financial transactions with metal recyclers, and enhanced local collaboration between law enforcement, Crown prosecutors and utilities, CEA is calling for Criminal Code amendments to create new sentencing provisions more proportional to the impacts of copper theft. At present, the offence most commonly applied, theft under $5,000, is based solely on the market value of copper components stolen and fails to reflect the significant downstream impacts and costs associated with these crimes.

Our seventh recommendation is that the government address this gap in the Criminal Code and introduce legislation to make penalties for interference with critical infrastructure, which would include copper theft, more proportional to the serious impacts of these crimes.

Mr. Penny: The final issue we will raise are airborne-related incidents and the need for balanced regulation for drone use. The recent "consumerfication" of drones has raised concerns across a number of sectors in terms of security of physical sites, but also the need to strike a balance in terms of regulation. For example, Hydro One's service territory is larger than most countries, and in many instances drone technology is a safer and lower-cost alternative to using helicopters to monitor transmission infrastructure in remote areas of our province.

Our final recommendation is that federal regulation in this regard considers all applications of this technology and strikes the appropriate balance.

Mr. Bradley: With that, Mr. Chair, we'll conclude.

[Translation]

Once again, we would like to thank you for the invitation to appear before you today, and we would be happy to answer any questions you might have.

[English]

The Chair: Thank you very much. That was very clear and concise, and I want to commend you on bringing forward some very definitive recommendations that could be considered.

[Translation]

Senator Dagenais: I would like to thank our witnesses. My question is very simple, but nevertheless important, especially when the time comes for us to draft our report, which will focus on the substance of the matter. In your view, what are the main weaknesses in our country's hydroelectric system?

I would then have a second question, Mr. Chair.

[English]

Mr. Bradley: Probably the biggest challenge for Canadian utilities — it isn't unique to Canada, but it is a little more pronounced in this country because of our geography — is the challenge of protecting long linear infrastructure, frankly. We talked a lot about cyber in our earlier presentation, but the biggest gap and the biggest challenge we face is essentially just the fact of transmission systems that often have to bring electricity sometimes thousands of kilometres away from where it's generated to where it's actually consumed.

You can protect a site, you can protect a control centre, you can protect a plant, but protecting every kilometre of transmission line will always be a gap and always be a challenge. We can put into place what is required on a facility- by-facility basis, but in terms of a gap that always will exist, it is simply the nature of extended infrastructure.

It's the same challenge our colleagues in the oil and gas sector face. They can put in protective measures for their specific facilities, but it's that transportation.

[Translation]

Senator Dagenais: From a policy point of view, are there any legislative or regulatory measures that we could quickly take to improve the way we protect our system?

[English]

Mr. Bradley: Specifically on cyber, there are, I would suggest, some things that could be done and could be done fairly rapidly. We note in our opening comments about funding for CCIRC. That is certainly one area. We, as a country and as a government, could and should be doing a lot more to prepare, predict and prevent cyberattacks, for example. And to be able to do that, we need to improve and increase our capacity.

I know there's been talk about the increase already that's taken place at CCIRC. They have grown quite considerably. One of my colleagues reminded me that in the past year they have doubled in size. My response to that is, "Good, they're probably about halfway to where they need to be," certainly from a funding standpoint.

Some things can be done in terms of promoting information exchange. We've already seen some action that's been taken over the past decade in terms of providing protection to access to information requests with respect to information about a critical infrastructure. That's one piece in terms of protecting what we do share, but clearly there needs to be more promotion of the sharing of information, and part and parcel of that I think is what we've been saying with respect to standards. I'm not saying that standards result in more information sharing, but the process that we go through in the electricity sector to develop the standards that apply across North America are developed through a collaborative process with industry and regulators and so on that forces us to actually exchange a great deal of information just so we can arrive at what effective standards are to begin with.

I would suggest that looking at standards for other sectors, mandatory standards for other sectors, will of necessity force an additional amount of information exchange.

Mr. Smith: I could add quickly on the proposal around the Criminal Code that in the previous Parliament two members of Parliament introduced private members' legislation, one from the then government Conservative caucus, the other from the New Democratic Party. So I would say that there's some broad consensus from a political perspective on a need to address that gap on the Criminal Code as it relates to interference with critical infrastructure.

The work we've done on that issue and the consensus that we found in the other house we think would also potentially put that issue as being something that could be done relatively in short order.

Senator Day: On that last point, just to clarify the gap, the Criminal Code addresses the issue, but you feel that the penalty isn't as large as it should be when you take into consideration the activity that is being prohibited? Is that what you mean by the gap?

Mr. Smith: Yes, and I could give you an example. The words "critical infrastructure" are not in the Criminal Code. We had a member — I won't name them — who had $1,800 worth of copper stolen from a transmission facility. It resulted in $30 million in damage due to the instability as a result of removed copper grounds, a flashover that would have killed instantly any living anything had it been on site. Luckily there were no personnel or civilians at the facility at the time. Furthermore, $1,800-theft is theft under $5,000, according to the Criminal Code. As a result of all those downstream impacts, not to mention power outages that may be affected by businesses and households, theft under $5,000 was really the only offence in the Criminal Code that applied. We're saying don't use a hammer but make it proportional.

Senator Day: At this stage, you're not recommending any other charges in the Criminal Code other than to make the penalty larger.

Mr. Smith: A couple of those private members' bills dealt with that in a different way, some under the mischief element. There are different ways to look at that. We are looking for a more proportional fix.

Senator Day: I don't think the Senate got to see those private members' bills. They didn't arrive. That's new information to us, so I appreciate you explaining it. It's been helpful that you provided us with your list of recommendations so that we have a take-away here that you focus your remarks on. We thank you for your presentation. I agree with the chair. It was well prepared and well presented.

Can you do a little free promotion for the Canadian Electricity Association and tell us how many members you have? It's a volunteer association, Mr. Bradley?

Mr. Bradley: Yes. The Canadian Electricity Association is celebrating our one hundred and twenty-fifth anniversary. We represent electric utilities from coast to coast to coast.

Senator Day: Generators?

Mr. Bradley: Generators, transmitters, distributors, Crown corporations, investor-owned utilities, large municipals. It's the thirty-six largest utility companies in the country. We've been around for a long time.

For the past two decades, the association has focused on being an advocate for the industry. When the association first started, it was kind of a club for people who were dabbling in this new industry, but now we are clearly focused on being an advocate for an industry that's facing huge challenges. We talked about some of the physical and cybersecurity challenges. As an industry, we're trying to roll out about $350 billion of investments over 20 years that will be required to ensure the replacement and renewal of Canada's electricity infrastructure, which is, of course, critical and the backbone, we think, of Canada's economy.

Senator Day: Mr. Bradley, you are the full-time chief operating officer of the association?

Mr. Bradley: I am.

Senator Day: You don't have another position in addition to that?

Mr. Bradley: Believe me, being chief operating officer of the organization is more than a full-time job. Both Mr. Smith and I are full-time with the association. Mr. Penny has a full-time job. Sometimes he lends us some of his expertise on files.

Senator Day: Regarding most of your members, if not all, it's a provincially regulated membership?

Mr. Bradley: Correct, yes. With respect to most areas — not all areas — electricity falls under provincial jurisdiction. Of course, there are certain windows of federal jurisdiction with respect to nuclear power, but environment, cross-border trade, and we're still trying to figure out exactly how this whole security and critical infrastructure protection thing fits in from a federal-provincial-territorial standpoint as well.

I sit on the National Cross-Sector Forum for critical infrastructure established under the national strategy. Even there, there is still a bit of a dance that takes place to ensure that we have alignment from a federal-provincial- territorial standpoint so that we're all rolling in the same direction.

Senator Day: For example, I represent New Brunswick. There's a major transmission line crossing the border into Maine, but the transmission lines all within the province are provincially regulated. Is that crossing dealt with separately through federal legislation?

Mr. Bradley: It is indeed. It falls under the National Energy Board Act from a Canadian perspective. In terms of the trade that takes place across the border, from a Canadian perspective, it falls under the NEB. From a U.S. perspective, there are presidential permits for cross-border transactions in trade.

Senator Day: That's helpful. I have a couple of clarifications. One is the theft of copper. Locally, I hear many stories and I read many articles about the theft of copper lines and some active copper lines, as you were talking about earlier. Copper is way down in pricing right now, so that's probably not as big a problem as it has been. However, you're anticipating there will be a rebound here?

Mr. Bradley: Yes. The price of copper is historically relatively low, but it has not stopped copper thefts. They're not as high as they once were, but copper thefts still continue and still impact the reliability and safety of our system.

Senator Day: I'm using my position of privilege here to ask you a question and to clarify something for me. I know electromagnetic disturbances; then there are geomagnetic disturbances. Can you explain the differences?

Mr. Penny: I can provide colour, if you want to start.

Mr. Bradley: Geomagnetic disturbances are disturbances that are caused by solar storms, essentially. There's a far more technical explanation for it, but geomagnetic disturbances and the ones we refer to in the document are the ones caused by solar storms. They impact not just electricity transmission systems, but they have an impact on electricity transmission systems. We've seen significant impacts over the years as a result of some of these — 1989 is an event that's frequently pointed to where there was a significant outage in Quebec as a result of geomagnetic disturbances. Companies have been taking mitigating actions on geomagnetic disturbances ever since because it's cyclical in nature in terms of how those storms occur. Hydro One has been a leader in this field.

Mr. Penny: Geomagnetic disturbance is actually a predictable event in some ways. There are certain seasons they apply. There's a certain cycle to them. We can get an early warning that a solar storm may be coming our way. We also can monitor the transmission system and the impacts that a solar storm could have on the grid. We look at things like temperature variations in our transformers or a certain gas content that will come out of our station. There is a way that we can predict it. We're now monitoring to determine certain solar storms and what type of impact they have to be able to provide that situational awareness for the people who monitor the transmission grid and are responsible for its resiliency and reliability.

Senator Day: The technology is available, then. Your recommendation is that all grids make sure they use the known technology to prevent surges, transformer burnouts and all the other things that could possibly happen?

Mr. Penny: Yes. We've taken a certain step, because of some of the expertise we have in-house, to try to provide better situational awareness for our staff. We're recommending further studies to complement the work we're providing to Natural Resources Canada and to others who are looking at this phenomenon.

The sample set of data isn't big enough to say we can absolutely predict the impact of the power system of a certain storm. We're gathering a lot of data. I think we're giving our operators what they need to deal with a situation if it should arise, but there's still a work we can do to predict.

Senator Day: Why wouldn't you just recommend preparing for the worst scenario, not trying to predict it's going to happen in six months? It's going to happen sometime, so let's protect against this by putting all the equipment on the line to prevent the burnout of transformers and surge problems.

Mr. Penny: To this point, and to all the risks that our power system faces, whether on the transmission or distribution side, the way I articulate it is, to reference an event in 1989, they're not frequent. Their impacts to date have been limited. In the risk universe that we deal with, when I look at outages caused by trees or by weather, those have a much greater impact to the grid. The work we do and the money we spend is proportional to the risk we face.

Senator Day: The technology is there, but it may not be economical. It's worth taking the risk at times.

If I had the opportunity to ask another question, I would have asked about manmade electromagnetic surge.

The Chair: We'll get you on the second round.

Senator White: Thank you very much for being here.

The discussion around sentencing penalties, what you're really talking about is having an aggravating factor for penalty determination for theft under because of the greater impact it has. It's not just the theft of $2,200 worth of equipment, it's theft of $2,200 of equipment that has great impact overall. That's what you're talking about, right?

Mr. Smith: That's correct.

Senator White: Thanks for that.

The second question is around intelligence briefings. One of you spoke about an intelligence briefing that we couldn't have, to be fair. This committee could not have that briefing because we're not security cleared to the right level. Do you see a need for a committee such as this to have a security level high enough so that we can actually hear some of the discussions you're referring to, for example, nuclear security or other pieces of infrastructure security that, to be fair, we couldn't sit in the room?

Mr. Bradley: I wouldn't be able to comment on what would be appropriate.

Senator White: The answer is yes, by the way, sir.

Mr. Bradley: Oh, the answer is yes; I see.

Senator White: I'm trying to influence the chair and vice-chair to get us top secret security clearance so we can have those discussions.

Mr. Bradley: What I can tell you though, senator, is that the information and the situational awareness that we are able to get as a result of these security briefings, because people have appropriate security clearances, are very useful.

Senator White: Do you have a top secret security clearance?

Mr. Bradley: No. We have secret clearances — a couple of our folks will have top secret — but for most of the people who operate in the security function and utilities for whom we've security clearances it's at the secret level, and so far that has been sufficient here in Canada, and we've also attended some briefings in the United States. They have proven to be very helpful in providing situational awareness, but it also helps in making management decisions.

Senator White: Mr. Chair, if I may, this is not a question but maybe a comment to both you and Senator Day. I think we need to revisit the security clearance levels of members of this committee so that we can have briefings, if not at a committee meeting then a briefing similar to what these folks are actually able to have. Although I appreciate them coming, the questions I'd like to ask they can't answer in this room right, so thanks for that.

Senator Day: It's all a question of our role as senators. We communicate with the public, and if we have secret information we can't communicate that to the public.

Senator White: I understand.

Senator Day: That's the issue.

Senator White: But if I may, the challenge we have now is that we don't know what we don't know. We could be asking questions that aren't relevant because we don't know that. It's the same in our discussion with the previous witness. It would have been helpful if we could have briefings so that when we get in that room the questions are more finely tuned in some cases.

Thank you for that, though.

Senator Beyak: Thank you, gentlemen. As our chairman said, that was one of the most organized and excellent presentations. I think you answered everything I had to ask. However, I believe your former president was associated with a bipartisan group in the United States, the think tank that wrote four excellent recommendations on cybersecurity. Would you be able to elaborate on the progress of those initiatives?

Mr. Bradley: That's an excellent question. That's something on which we can get back to you in terms of the status of those initiatives. We're not as plugged into them right now because, as you pointed out, it was the previous president and CEO of the organization. But that group is carrying on and moving forward with their recommendations, and we can certainly get that information back to you. Sure, we're happy to.

The Chair: Senator, if I could follow up on that. Does that particular report apply to Canada as well, and will you be looking at implementing the series of their recommendations?

Mr. Bradley: I wouldn't be able to say at this stage. I'd have to go back and revisit the report.

The Chair: Go back to where?

Mr. Bradley: Go back and consult the report itself. But this was a bipartisan, non-governmental organization, a development of a series of recommendations on cyber.

The Chair: I'd like to explore something, if I could, colleagues, following up on Senator Day. He referred to your recommendations here on the fund research, transformer testing and other activities, understanding of the impacts of geomagnetic disturbances, which my understanding is one you referred to as solar flares and more of a natural type of disaster that may occur to the grid.

However, you don't speak of the electromagnetic pulse that has been a matter of conversation on the American side for quite a number of years and becoming more and more of a topic in some cases, in some quarters. Perhaps you could comment on that particular risk that our grids might face and what steps we would take to minimize any effects of something like that, similar to what we would with the geomagnetic disturbance.

Mr. Bradley: Sure. I've been engaged with and following the discussions on EMP now a half decade or more, particularly in the United States. I know of the interest of a number of people who have come before this committee. It's certainly something that is in the mix of threats that we look at and that we consider. I actually think it has a little bit less traction these days than it did about five years ago in Washington. It was certainly getting a little more press previously.

They're different, of course: GMDs versus EMPs. On geomagnetic disturbances, we can actually do some research and study, when solar flares are taking place, what impact that actually has on the grid. We can't do the same thing during a nuclear attack. So, frankly, there was a lot that's been written and said about electromagnetic pulse, but a lot of it is theoretical. It is not, like GMD, based upon actual measures, actual experience that we've seen.

The typical utility company has to look at all of the risks and threats that they're facing and then make decisions with respect to which ones they move upon in a priority manner. At this stage, not enough yet is known about EMPs, and so it isn't at the top of the list of what utility companies are addressing.

In terms of what is going to impact the continued supply of electricity to customers in the end, at the top of the list — you may find it surprising — it isn't a security issue, it isn't cybersecurity, it isn't geomagnetic disturbances; it's weather. The top of the list will be weather, number 2 on the list will be weather and number 3 on the list will be weather. As you then go down the list and look at what your threats are, you need to determine, based upon the probability of these things occurring, where you are going to make investments.

At this stage, it's not really clear what the actual mitigation would be for EMP. I know many people have been proposing different solutions for EMPs, but we don't really know what the impact would be if such a thing occurred, and the probability, of course, is relatively low for something like that to occur. Frankly, it would mean a third world war was just begun and we would have bigger concerns. Then second, in terms of the actual mitigation, there are different solutions out there, and when a solution was being proposed, and there was a solution being proposed a number of years ago by somebody in the United States, it was the billion-dollar solution. That would be a couple of dollars for every customer in the United States. But in the end that winds up going on somebody's electricity bill.

If we're having a hard time understanding it in this room, we would have a very difficult time going in front of a regulator and trying to sell the regulator on putting this kind of investment on a system when it is fairly speculative.

The Chair: If I could follow up on Senator Day, let's go back to the solar flare that you have accepted as fact. We've already experienced in part, at least, the repercussions of a solar flare in 1989 and the ramifications of that. It would seem to me that it's not a possibility; it's going to occur sometime. The question then has to be, what do our utility companies, energy agencies and government do to make sure we've done everything we can to mitigate against the day it happens?

My understanding is the electromagnetic pulse is not unlike that, that there would be some effect on your whole grid and it could well put you in a situation where it would be a real disaster. At that time, you wouldn't want to be thinking about mitigation; you'd just be trying to survive.

So what should we be doing? We look to you as an organization to bring in the necessary mitigated steps over a period of time to try to put ourselves in a situation where we're not as vulnerable as we are today. I understand there's money involved. We all understand that. I noticed you recommend the government maybe spend some money or help by spending some money.

I would submit that in order to do that, you have to convince us there are steps. Will you use a more insulated wire? Will it be a bigger transformer or a different type of transformer, and over 10 years will we replace what we have? Those are the physical things I would envisage happening over a period of time as we evolve so that we can put ourselves in a situation where we're at less risk. Perhaps you could comment.

One other thing while I'm thinking about this: In the Ukraine, my understanding with the cyberattack that took place there and the electric grid going down, one of the reasons they were able to cope with what would have been a disaster if they wouldn't have been able to turn it back on is they could manually turn the system back on. I don't know how accurate that is. Perhaps you could comment on that. If that is the case, do we have the ability within our systems to manually turn the electric grid back on?

Senator Day: Sounds like circuit breakers were blown.

The Chair: Perhaps you can comment on that.

Mr. Bradley: Sure. To begin, with respect to GMDs and EMPs, yes, our recommendation is that the government do some additional work on geomagnetic disturbances, but the industry is investing as well. The industry has continued to invest as we learn more and more about it.

You're quite right; there is inevitability about geomagnetic disturbances. The sun will continue to shoot off solar flares, and they are inevitable. That is something we are mitigating, that we continue to look at how we can operate in such a manner that we can absorb these. It isn't as though there haven't been solar flares since 1989. We've been learning and we've been changing our operations and putting mitigation on the systems.

EMP is different. I would not agree that an EMP is inevitable. I don't want to live in a world where I would say it's inevitable that we will get into a nuclear war. We're working towards what we do know. We know what is inevitable, and that is geomagnetic disturbances. As I say, it isn't simply a matter of asking the government to do certain things. The industry itself has been doing and continues to work to mitigate the impacts of these GMDs. We haven't seen a significant outage in decades, and that isn't because there haven't been geomagnetic disturbances; it's that we've learned and we continue to learn on an ongoing basis how to address those things.

The Chair: Perhaps in real terms, what have you done? When you talk about mitigation, it doesn't mean much to me. Did you put in different transformers, or what have we done to cope with that?

Mr. Bradley: Specifically with respect to Hydro-Québec, I know they have put in equipment following 1989, specific hardware.

In terms of operation and how one operates to mitigate these sorts of things, Colin might want to touch on it a bit because Hydro One is a company that has been at the forefront of this.

Mr. Penny: I mentioned a few of the mitigants we have put in place. We have ways to monitor things going on in our station and power system that are now advised by what a geomagnetic disturbance would cause and around what a current looks like that's induced by a disturbance of that sort.

At our grid operating centre, we also have a tool wherein the operators sit at the tables and monitor the grid for us. There's actually now something they can look at that will show them how the grid is reacting to any particular storm. They're also now getting warnings when a storm is coming. I think it's about an eight-minute heads-up that something is on its way and the magnitude of it. Those are all new mitigants we have in place, particularly for solar storms and how they may impact the grid.

The Chair: We're coming to a conclusion here, but maybe you could inform the committee about your participation with the NERC, the North American Electric Reliability Corporation. What's Canada's participation?

You spoke about the fact that you regulate and there's enforcement of standards. Maybe you could tell us if you've had significant increases in the standard. If those increased standards are put into effect, is there a period of time and then everyone across Canada has to put them into effect? Perhaps you can elaborate on that.

Mr. Bradley: Sure. The current construct for reliability standards and our critical infrastructure protection standards, but just the base reliability standards as well, they really came about as a result of the 2003 power outage. That was the real impetus. We and others had for quite some time been talking about — because we had standards before that but they weren't enforceable.

In 2005, the first piece was legislation that was brought in by the United States, and then there were agreements among U.S. officials and Canadian governments and Canadian regulators that set this whole process up.

So we have standards that are developed through this North American body, the North American Electric Reliability Corporation, which is indeed a North American organization. There are a guaranteed number of Canadians on all of the standing committees. I'm a member of the Critical Infrastructure Protection Committee. Mr. Penny has been a participant of the NERC. The previous chair of the Member Representatives Committee is a Canadian. The previous chair of the board of trustees is a Canadian. We have Canadians seated throughout this organization.

They develop the standards. The standards are then provided essentially as regulatory backstop from regulators in the United States and Canada. In the U.S. it's nationally through the Federal Energy Regulatory Commission. In Canada, the regulatory backstop comes from the provincial regulators, and this is through a trilateral agreement among Canada, the U.S. and Mexico.

So a cybersecurity standard or a reliability standard will come into force, and it will be enforced in Ontario by the Ontario Energy Board and the Independent Electricity System Operator. In British Columbia, it will be the BCUC. In Alberta, it will be the Alberta Utilities Commission. In Quebec, it will be the Régie de l'énergie.

The reason we've gone that approach is because of the interconnected nature of electricity, wherein you can't have two different operating procedures and operating standards to a connected system. It would be like building a house and downstairs would be at 60 cycles and upstairs at 50 cycles; it just doesn't work. So we have to have the same standards across North America, but we've managed to construct something so that we have a regulatory backstop that is respectful of the jurisdictions in Canada and the United States and ultimately Mexico, as their system starts to get integrated into the North American electricity grids.

The Chair: That was a pretty clear description of how this works.

The question I would go back to is the enforcement to ensure that we're meeting those standards. What body oversees that to make sure that's being done? It's one thing to say it's going to be done; it's another thing to have it done, which is in everybody's interest, including your own.

How do you know that enforcement is taking place? Do you have a report every year? How does this work?

Mr. Bradley: Yes, there's a cycle of NERC audits that take place on an ongoing basis, and my members assure me these are very thorough, though not always pleasant. They take a lot of time to complete, but the individual NERC members will go through a rigorous audit process to ensure they're meeting their requirements.

The Chair: Colleagues, I see the clock has moved on. Are there any other questions of our witnesses?

I want to thank you very much for your patience and for appearing. We appreciate the concise nature of your presentation with the recommendations. They will be given serious consideration.

We are now adjourned.

(The committee adjourned).