Evidence of meeting #17 for Public Accounts in the 39th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was contracts.
A recording is available from Parliament.
12:15 p.m.
Liberal
Mark Holland Liberal Ajax—Pickering, ON
I know that Mr. Wrzesnewskyj is itching to ask questions. I think I have a minute or two left, if he can continue.
There you go.
12:15 p.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
Thank you, Mr. Holland.
Mr. Hines, has the NORAD facility been compromised, or is it secure?
12:15 p.m.
MGen Glynne Hines
To the best of our knowledge, the facility has not been compromised. We would not be conducting the operations we are conducting from that facility if we had any doubt as to the operational and technical integrity of the above-ground facility.
12:15 p.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
Let me read you something from page 25 of the Auditor General's report. She states that “National Defence does not know whether information or the building itself has been compromised”.
I'm trying to square what I'm reading in the Auditor General's report with what you're telling us. You're telling us that it has not been compromised. And what the Auditor General is telling us in the report is that your officials don't know whether that facility has been compromised.
12:15 p.m.
MGen Glynne Hines
We've conducted extensive physical and technical inspections of the North Bay facility, both during the construction and subsequent to the construction but prior to the commissioning of the facility. We continue to have procedural and technical means to ensure that the integrity of the facility is such that it can be used for its intended purpose.
12:15 p.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
So you are absolutely secure in your knowledge that the integrity of this facility has not been compromised.
12:15 p.m.
MGen Glynne Hines
Absolutely.
12:15 p.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
That doesn't match what the Auditor General has stated in her report. And that means we have some sort of problem. Also, in your previous answer you said that some of these processes were evolving, but the Auditor General's report clearly states that on this project, officials circumvented. This wasn't a situation of evolving procedures; it was a circumvention.
How do you respond to that?
12:20 p.m.
MGen Glynne Hines
When the construction contract was awarded, a threat risk assessment was done to determine whether or not the facility required people with security clearances to work on the initial construction phase of the building. It was deemed by the operational authority of the day that it was not required.
12:20 p.m.
MGen Glynne Hines
There was no circumvention at that point. Subsequently, during the construction of the facility, it was determined that the security measures had to be in place. Security measures were put in place to either have cleared contractors working on the facility or have those contractors working on the facility under escort. As the construction of the facility went on and we got ready to install systems, additional security measures were put in place.
It was a phased approach from the standpoint of starting from bare ground, where there were no security concerns, threats, or risks identified, to the point where systems were installed and the facility became secure and sensitive.
During these processes we continued to do testing through a variety of technical means, and we continued to do physical security inspections to ensure that the integrity of the building was maintained throughout.
12:20 p.m.
Liberal
The Chair Liberal Shawn Murphy
Thank you very much.
I believe Ms. Fraser has a comment on this issue.
12:20 p.m.
Auditor General of Canada, Office of the Auditor General of Canada
I hate to do this, but as you are aware, we did a report in May 2007 that commented on the NORAD project. When we did that audit--as we mention in the text box on page 25--there were serious concerns raised by National Defence about the security of that project and the ability to close the below-ground project. They were not sure at that time if they could move all the systems up. I'd be interested to know if that below-ground complex has actually been closed, because that was what the above-ground one was for.
We have summarized in this text box the concerns about whether it could be used for the intended purposes and the access that contractors, both Canadian and foreign, had to the site. When we completed this audit, they indicated that they could, with certain modifications, use the building for the intended purpose.
We had asked for details on what those modifications were. As you will see here, at the time of our audit we did not receive any detailed plans or schedules. All of this text, as is our standard process, has been agreed with by National Defence, and they have agreed with the validity of the facts.
So there seems to be a little confusion here, but certainly when we did that original audit there were concerns about the use of that building.
12:20 p.m.
Liberal
The Chair Liberal Shawn Murphy
Just to bring closure and square the circle here, I'm going to ask Mr. Stevenson to respond to those very serious statements by the Auditor General. I think the committee is owed a response, and I put the onus on you, sir.
12:20 p.m.
Acting Assistant Deputy Minister, Infrastructure and Environment, Department of National Defence
As I stated in response to one of the earlier questions, the department has accepted the findings. That is clear and is normal practice. I would also say that we have accepted the responsibility for resolving any of the shortcomings and weaknesses that are there.
On the specific question as to whether we can prove with 100% certainty, I think that's akin to proving the negative. On that basis we continue to do ongoing security assessments. I think that is a part of the overall approach to security, which is more of a risk management process. To arrive at a position of zero risk is the objective, but it is not necessarily an attainable one.
Mr. Chairman, I'm sorry if I haven't gone as far as what you're looking for.
12:20 p.m.
Liberal
February 26th, 2008 / 12:20 p.m.
Conservative
Pierre Poilievre Conservative Nepean—Carleton, ON
On page 10 there is reference to the security and management contracting standard. What is the link between this standard and the government's security policy? How does one relate to the other?
12:20 p.m.
Chief Information Officer, Treasury Board Secretariat
The government security policy lays out the broad elements of security that departments need to follow. The standard goes in and looks specifically at what is required when we're looking at the contracting of resources. It is a much more focused piece of material. It goes deeper into that information and talks about the requirements departments have to--
12:25 p.m.
Conservative
12:25 p.m.
Chief Information Officer, Treasury Board Secretariat
Yes. They must identify if there are security requirements, so that responsibility is clearly with the departments. They need to complete a checklist, if they are going to Public Works, to have Public Works do the contracting for them. If they're doing their own contracting they don't necessarily need to complete a checklist, but they're still responsible for identifying security requirements.
So that's really what it does. It just narrows that and focuses in on that aspect.
12:25 p.m.
Conservative
Pierre Poilievre Conservative Nepean—Carleton, ON
On page 11 we have: “As an Industrial Security Program client, it accounted for about 37 percent of the contractual and pre-contractual agreements processed by the Program between 1 April 2002 and 31 March 2007.”
Who are the other 63% of the clients?
12:25 p.m.
Deputy Minister, Department of Public Works and Government Services
The Public Works workload is generated by Public Works. I would have to assume that the differential between 100% would be coming from other departments to Public Works for assessment.
12:25 p.m.
Conservative
Pierre Poilievre Conservative Nepean—Carleton, ON
So these are client departments that have come to Public Works. Are they coming to Public Works to have the entire procurement done? Or are they coming to Public Works to have the security component?
12:25 p.m.
Deputy Minister, Department of Public Works and Government Services
Security requirement. So essentially what they are asking us to do is this. A requirement is identified, and we carry out either the clearances or the screening and we provide them with the clause that is required in order to cover the requirement that is identified.