Evidence of meeting #17 for Public Accounts in the 39th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was contracts.
A recording is available from Parliament.
11:35 a.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
Mr. Shuster, this is probably one of the most highly secure projects you would have been involved in. Why was there no security checklist completed?
11:35 a.m.
Director, Deputy Provost Marshal Security, Department of National Defence
If I can, I'd like to pass that question over to Major-General Hines, who is actually our subject matter expert on the above-ground complex.
11:35 a.m.
Major-General Glynne Hines Chief of Staff, Assistant Deputy Minister, Information Management, Department of National Defence
Mr. Chair, as far as the above-ground complex in North Bay goes, the original design was conceived in the late 1990s and the tendering process went on in the 2002 and beyond timeframe. For the initial construction activity that took place, there was an original threat risk assessment done relating to that facility, and it was determined at that time that a security requirements checklist was not required to initiate the construction of the building. During the construction of the building, as is normal, a security review was conducted, and it was determined that additional security would be required, as the building envelope had been constructed, and as we were getting ready to do the fit-up of equipment, which would cause the building to go from an unclassified, no-clearance-required nature to a classified, clearance-required nature. At that time, when the security requirement became evident during the construction, and prior to installing the systems, contractors with security clearances were required to be on site or workers on site were required to be under escort.
11:35 a.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
So by the time this audit was done, sir, there still wasn't a security checklist. Either the Auditor General's statement is misleading, or you didn't get the job done in terms of the security checklist. It's one or the other.
11:40 a.m.
MGen Glynne Hines
There was not a security requirements checklist required at that point of the construction. Appropriate security measures were taken once the building envelope had been completed and the building became a sensitive area from an operational standpoint. The contractors—
11:40 a.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
If I may, because we are short of time, I'll just jump back to Mr. Shuster.
Mr. Shuster, you are in charge. You are the officer in charge, and in paragraph 1.73 the Auditor General says that since 2002, out of 8,500 projects, 99% have not provided security checklists.
How did that slip by you, or will you refer this back to Mr. Hines?
11:40 a.m.
Director, Deputy Provost Marshal Security, Department of National Defence
I'd actually probably refer it back to Mr. Stevenson to refer specifically to those 8,500 files.
Now, I'm in charge of administering the security program for the department, and whether or not the project-initiating authority actually submits a security requirements checklist is at the discretion of the project-initiating authority. So in some cases we don't necessarily know in my office that a project is even ongoing at a small base, if it's a maintenance project—
11:40 a.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
Mr. Shuster, you said at the discretion, I guess, of those below you in the hierarchy, and in 99% of the cases they used their discretion and decided that for these particular defence contracts it wasn't necessary to do these security checklists. The Auditor General referred to willingness on the part of Defence officials to circumvent. You use slightly different terminology. Could I get clarification on that?
11:40 a.m.
Acting Assistant Deputy Minister, Infrastructure and Environment, Department of National Defence
Mr. Chairman, if I may respond to that and help put the question and the observation about the 8,500 contracts between 2002 and 2007 into context, National Defence has more than 20,000 buildings, more than 13,000 works, and more than 5,000 kilometres of roads, so the construction and upkeep of those are what generates the volume of contracting.
A fraction of that has a security requirement, and I can tell you, sir, that as part of the action plan to follow up on the audit, we're reviewing those contracts to determine where there may have been any weaknesses in terms of security procedure and in fact in terms of security impacts, and so we're following up on those.
11:40 a.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
It's encouraging to hear that there's follow-up, but these numbers are incredibly discouraging, and the previous answers are somewhat discouraging as well because they didn't seem to indicate an acceptance of responsibility, especially in the case of this NORAD contract and what should have been one of our most secure facilities.
I understand that the facility required additional contracting and modifications so that it could be used for its intended purposes. What is the cost now of those modifications since proper security did not occur? It also says that there were foreign contractors involved in this. Who were some of the foreign contractors? Do we know?
11:40 a.m.
MGen Glynne Hines
I can answer that, or at least the first part of that question, Mr. Chairman.
The NORAD facility is currently being used for its intended purpose, without any restrictions. As far as the cost of the building goes, it is my understanding, and I would have to refer to Mr. Stevenson--
11:40 a.m.
Liberal
11:40 a.m.
MGen Glynne Hines
There are no additional costs for the security lapses. There were additional security measures taken in that building that are consistent with the evolving threat. If we go back to when this building was designed in the late 1990s, subsequent to the contracting for that facility and the commissioning of that facility as a NORAD air defence centre, the threat has changed. The threat to North America, the threat that NORAD is responding to, has changed, and that has required some additional measures to be taken from an operational perspective, not related to the security of the building.
Those changes in the operational posture of that building, as a result of the post-9/11 environment that we're working in, warranted a number of both physical and technical means to be put in place to ensure the continued integrity of that facility. Those means were put in place before the building was commissioned for use by NORAD and the Canadian Air Defence Sector, and they continue to be in place and monitored today.
11:45 a.m.
Liberal
The Chair Liberal Shawn Murphy
Thank you very much, Mr. Wrzesnewskyj.
Monsieur Laforest, pour sept minutes, s'il vous plaît.
11:45 a.m.
Bloc
Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC
Thank you, Mr. Chair.
Good day to you all.
Madam Fraser, on page 3 of your report, in the section entitled “What we found”, it is stated that:
They also include thousands of contracts for national defence construction and maintenance projects across Canada awarded by Defence Construction Canada [...] It is not known to what extent government information and assets may have been exposed to risk and who is accountable for that risk.
What is stated in that paragraph is quite significant. If you do not know the extent of the risk, that means that Defence Construction Canada and the defence department were not able to give you the information that would have allowed you to assess whether there were risks or not. My predecessor spoke about the construction of a NORAD centre in North Bay. This all appears to be of some concern.
From the responses you have received to date, what has led you to conclude that there was no risk? Are there still risks out there? Is that something you can eliminate?
11:45 a.m.
Auditor General of Canada, Office of the Auditor General of Canada
Thank you, Mr. Chairman.
In the course of the audit, we noted that for the majority of construction contracts, the check list or security control list had not been completed. That was not a requirement. We believe that an analysis must be done and that there needs to be some form of assurance that an analysis was conducted. However, someone decided that additional security measures were not needed. In fact, we do not know why there is no check list; it could be because additional security measures are not needed or because of an oversight.
There was some confusion between the roles and responsibilities of Defence Construction Canada and those of the department. Who is truly responsible? Today, the corporation indicated that the responsibility to determine the security needs rested with National Defence, and that they, obviously, build according to the plans and requirements set out by the department.
We recommend that the check list be completed for all projects and that, even in those cases where there are no additional or heightened security needs, that be clearly indicated, in order to ensure that someone has reviewed the project and then come to that conclusion.
We reviewed the action plans and they seemed to be appropriate. If the measures are taken, they will satisfy our recommendations. Of course, we will have to conduct an audit at a later date to ensure that the actions have indeed been implemented.
11:45 a.m.
Bloc
Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC
Can you exclude the possibility that security was breached?
11:45 a.m.
Auditor General of Canada, Office of the Auditor General of Canada
In our opinion, there is a risk that security was breached.
11:45 a.m.
Auditor General of Canada, Office of the Auditor General of Canada
We have no assurance for projects that were carried out in the past. For example, we see that work has started on a number of contracts, even with contracts classified “secret”, without all the clearances having been completed. We are talking about several months of work. In other cases, there was no security assessment. Needless to say, in such cases, security might have been compromised.
11:45 a.m.
Bloc
Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC
My next question is for National Defence officials.
In the same report, the auditors indicated that National Defence was concerned that the lengthy security authorization process might delay the awarding of contracts, and therefore their completion. That is what some people told the Auditor General. You can read that in section 1.77. What is the policy at the Department of National Defence? Should security not come before everything else? National Defence officials say they fear it might delay the work, but it seems to me that every means available should be used to ensure that things are done in a very secure manner, even if that means project delays.
Earlier, Ms. Fraser indicated that Canadian and foreign workers had had access to plans as part of the NORAD project, among others. Are there other similar examples? Could it be that, in other cases, people were not asked to submit to security checks, and that they were able to gain knowledge of National Defence plans?
11:50 a.m.
Acting Assistant Deputy Minister, Infrastructure and Environment, Department of National Defence
Mr. Chair, as I said earlier, the Minister of National Defence has accepted all of the Auditor General's findings, whether regarding the North Bay project or those of a more general nature. We are taking this very seriously.
The paragraph you mentioned, Mr. Laforest, states that the other security measures were taken. Security guards escorted those contractors who had not received clearances. So, all other measures were taken. We did take good note of these issues, however, and our action plan states that measures are being taken to correct the problem.
11:50 a.m.
Bloc
Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC
I'll take your word for future projects, but can you state beyond any reasonable doubt that for projects carried out in the past, including the NORAD site in North Bay, there were absolutely no security problems? Can you assert that?
11:50 a.m.
Acting Assistant Deputy Minister, Infrastructure and Environment, Department of National Defence
We are reviewing all those contracts as part of our action plan. We have begun to...
11:50 a.m.
Bloc
Jean-Yves Laforest Bloc Saint-Maurice—Champlain, QC
I am not talking about the action plan for the future, but about past events.