Public Accounts Committee on June 3rd, 2008

Evidence of meeting #36 for Public Accounts in the 39th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was classified.

A recording is available from Parliament.

On the agenda

Chapter 1, Safeguarding Government Information and Assets in Contracting of the October 2007 Report of the Auditor General of Canada

MPs speaking

Also speaking

Sheila Fraser Auditor General of Canada, Office of the Auditor General of Canada

Robert Fonberg Deputy Minister, Department of National Defence

Ross Nicholls President and Chief Executive Officer, Defence Construction Canada

Walter Natynczyk Vice-Chief of the Defence Staff, Department of National Defence

Scott Stevenson Assistant Deputy Minister, Infrastructure and Environment, Department of National Defence

Dave Shuster Director, Deputy Provost Marshal Security, Department of National Defence

Michael Day Commander, Canadian Special Operations Forces Command, Department of National Defence

Dan Ross Assistant Deputy Minister, Materiel, Department of National Defence

Glynn Hines Chief of Staff, Office of the Assistant Deputy Minister, Information Management, Department of National Defence

12:10 p.m.

Director, Deputy Provost Marshal Security, Department of National Defence

LCol Dave Shuster

Very early in the process, immediately after a statement of requirements is written, the project authority would assess...and the deputy minister has mentioned that we're actually making the policy a lot clearer for project authorities. The end-of-July policy will give some better instruction on how to actually assess threat and risk. Again, as the Auditor General mentioned, that's looking at the eventual use of the building.

I think a better way to describe this might be to give an example. The threat is fairly simple...well, not simple, but you look at a national threat and a local threat and our intelligence personnel would be able to provide us with that information. Probably a little more complicated is that the project authority has to look at the risk to personnel, information, and assets. Looking at the risk, they would look at the vulnerability of the assets and the information, the consequences of a security incident, and the probability of something happening.

As I said, I'm going to just give a quick example using perhaps a hangar. It's quite probable that in the 30- to 35-year life of that building there will be classified discussions in the hangar. However, it would happen once in a very blue moon. So you look at the probability of somebody putting a bug into the wall, if the threat were espionage, for example. When you look at the probability of that occurring, it's very small. So you could see building the shell of a hangar for fixing airplanes being one example of where unclassified documents would be acceptable and there's an acceptable risk.

If you look at an ops centre where there's a lot of classified discussion on a daily basis, you could see that hostile intelligence services may target a building such as that, and the probability of that happening would be a lot higher. In that case you would probably want to classify the shell of that building.

That's just an example of how we have been looking at threat and risk. As I say, we're going to give clearer instruction to project authorities to look more in detail so that when they make that decision, right after the early stages of that contract, right after the statement of requirements is done, they make the right decision on whether or not a security requirements checklist is indicated.

12:10 p.m.

Conservative

Mike Lake Conservative Edmonton—Mill Woods—Beaumont, AB

For the classified building—because I think this is the issue raised here—where in the process does it actually go from being unclassified to being classified? I think what the Auditor General is talking about here, if I'm not mistaken, is a building, the same building that at one point is unclassified and somewhere along the process becomes classified. Why would it not be classified right from the start?

12:10 p.m.

Director, Deputy Provost Marshal Security, Department of National Defence

LCol Dave Shuster

In the case of a classified building, it would be immediately. We've made mistakes, and I think we've admitted to that. But in cases such as North Bay, that building would be classified almost immediately after the statement of requirements is completed.

12:10 p.m.

Conservative

Mike Lake Conservative Edmonton—Mill Woods—Beaumont, AB

So from here on in, any building that is going to be classified will be classified right from the start?

12:10 p.m.

Deputy Minister, Department of National Defence

Robert Fonberg

May I try to clarify?

The current process is build the shell. Generally, it's essentially seen to not be classified because it's a shell with some plumbing and some wiring. As the vice-chief or Colonel Day suggested, as you move into fitting up or creating classified areas within that building, those parts of the contract or those contracts become classified, require classified contractors, security-cleared contractors.

Basically in the past we have said that there if is no required access to classified information, there is no required access to a classified area, the blueprints or the project are not classified.

Based in large part on the reality but also on the Auditor General's observations, the change we will make is we will now build into the decision at the front end what the DSO is referring to as a much more rigorous assessment of threats and risks, which are life-cycle, end-use issues around the building to determine whether the overall building should be classified.

12:15 p.m.

Conservative

Mike Lake Conservative Edmonton—Mill Woods—Beaumont, AB

Thank you.

12:15 p.m.

Liberal

The Chair Liberal Shawn Murphy

Thank you, Mr. Lake.

Colleagues, that concludes the first round. We're going to go to the second round of five minutes.

Before I go to Mr. Bélanger I just want to point out that the full copy of the memorandum of understanding made between the Department of National Defence and Defence Construction Canada has been circulated to all members in both official languages.

Mr. Bélanger, five minutes.

12:15 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

Thank you, Mr. Chairman.

Madam Fraser, gentlemen--I see the military is still a male preserve, judging from the representation around the table--I want to continue in the line of questioning Mr. Lake brought up.

Mr. Fonberg, could one make a presumption that most DND facilities would have some security requirement of some sort, by the very nature of the department?

12:15 p.m.

Deputy Minister, Department of National Defence

Robert Fonberg

I would like to turn to my acting assistant deputy minister, Scott Stevenson, or Mr. Nicholls. My gut feeling is that the vast majority do not require security. Remember, many of these are building sidewalks, building married quarters, building barracks. But I would defer to my colleagues.

12:15 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

But even then, there would be some requirements, would there not, associated with making sure personnel are secure, documentation is secure--no?

12:15 p.m.

Deputy Minister, Department of National Defence

Robert Fonberg

Based overall? I would turn to either Scott or Mr. Nicholls.

June 3rd, 2008 / 12:15 p.m.

Assistant Deputy Minister, Infrastructure and Environment, Department of National Defence

Scott Stevenson

Mr. Chairman, the fraction of the total of more than 22,000 buildings in the Department of National Defence that would have those kind of security implications are the operational buildings, and that is a small fraction. I don't have the specific number, but that's the kind of information I could provide.

12:15 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

The reason I'm bringing it up is that the Auditor General says in her paragraph, which Mr. Lake identified, that although the purpose of the facility remains the same throughout the project, the security may only be considered fairly later.

I want to associate that with the letter Mr. Fonberg sent to the chair of the committee in March in which he says that, for example, approximately $515,000 was spent acquiring, installing, and calibrating special monitoring equipment to mitigate against potential security compromise. And then there's an $84,000 annual recurring cost. These costs have been borne and are continuing to be borne because the facility was not declared, at the outset, to have security requirements. Correct?

12:15 p.m.

Deputy Minister, Department of National Defence

Robert Fonberg

Correct.

12:15 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

Do you have a sense of the amount of money that might have been spent over the years or is still being spent on an annual basis because when we started we failed to declare a facility as having security requirements before we finished it?

This is a public accounts committee, so we're concerned with safety but we're also concerned with public dollars, and here we have a recognition that half a million dollars could have been saved if we'd declared it initially, and $84,000 annually.

12:15 p.m.

Deputy Minister, Department of National Defence

Robert Fonberg

It's a very good question, Mr. Chairman. Again, I would turn back to Scott as to whether there's any evidence that, because of a failure to run a security requirements checklist or to classify a project, we have incurred additional expenses as a result.

Just to make sure, because security does trump here, as we say in our action plan, we have begun a review of all the 8,500 contracts the Auditor General identified in her report to understand whether there have been any breaches. If we determine there have been any breaches, it could--

12:15 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

Excuse me; I have more questions, so could we--

12:15 p.m.

Deputy Minister, Department of National Defence

Robert Fonberg

No, I'm just saying that it could, in that eventuality, actually result in further modifications and further costs.

12:15 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

Then Trenton could be an example.

12:15 p.m.

Deputy Minister, Department of National Defence

Robert Fonberg

Not as far as I know.

12:15 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

So it's not declared safe, or there are no safety requirements, and that's why we have technical plans that can be picked up on Bank Street here? But at some point down the road it's not going to be declared as needing security requirements of any kind?

12:15 p.m.

Commander, Canadian Special Operations Forces Command, Department of National Defence

Col Michael Day

If I may, Mr. Chairman, the concern here is the difference between the unclassified shell, as has been described previously, and the determination that internal to that shell there will be a classified area. That is a separate contract, a separate project, and it's in accordance with the process that Mr. Stevenson spoke to. Its implementation, regardless of whether the whole facility is classified or non-classified, does not incur greater cost. It is a stand-alone issue that has very unique and specific requirements.

12:15 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

But a stand-alone issue is not stand-alone when you have a North Bay facility at $500,000, with $84,000 ongoing, because we didn't classify it at the start. And here with Trenton we have the same thing. If we had no further security classification requirements in Trenton, then I'd agree with you. Otherwise, what we have here is a policy that is driving costs upwards.

So perhaps we want to review that. I'll just leave it at that.

Do I have any more time?

12:20 p.m.

Liberal

The Chair Liberal Shawn Murphy

No, your time is up.

12:20 p.m.

Liberal

Mauril Bélanger Liberal Ottawa—Vanier, ON

I'll come back during the second round, if I may, Mr. Chairman.