POINT OF VIEW

Michel Juneau-Katsuya

CEO, The Northgate Group


Paul Pathy, president and co-CEO
of Fednav.

Michel Juneau-Katsuya is one of Canada’s foremost experts in international and national security and intelligence, and economic and industrial espionage. A former senior intelligence officer and senior manager with the Canadian Security Intelligence Service, Mr. Juneau-Katsuya is now CEO of The Northgate Group, an Ottawa-based security consulting firm. He frequently comments on security-related issues for major media outlets in Canada. PortInfo sat down with Mr. Juneau-Katsuya to discuss the leading security challenges that ports face today.

What is the most serious security threat to ports?

Extremism. Note that I don’t use the word ‘terrorism’ but ‘extremism.’ We know that criminals target our ports; this is an immediate threat. But since 2005 we have been observing a trend that has been constantly increasing: the rise of extremism. I am referring to politically motivated groups or individuals that use terrorist techniques to promote their message. These groups or individuals don’t have anything to do with al-Qaeda or jihad, but they still have a political message. They want to be heard, and they have decided to use bombing to get attention.

Unfortunately, the media are not covering these incidents the same way they cover al-Qaeda. Take Canada, for example. Since 9/11, foreign terrorists have not succeeded in mounting a single attack in Canada. And yet in the last eight years, over 30 bombs were exploded by extremists, and close to 20 plots were thwarted. Out of these 30 bombing incidents, none was linked to al-Qaeda or radical jihadists.

These are facts, not hypotheses or scenario-based threat and risk assessments (TRA). A TRA based on an apocalyptic scenario is not serious security work and does not help port management to prepare adequately.

Have terrorists identified ports as strategic targets?

According to international intelligence agencies – and you can interpret that as American agencies – al-Qaeda always has had the intention to mount an attack via a port. This remains a very important part of the general TRA for U.S. authorities, and they continue to be very preoccupied by that threat.

We know that some terrorists have tried to come to the West by hiding in containers, launched attacks in port – USS Cole in Aden, Yemen, in 2000 – or moved weapons and equipment, again by containers or ships. That said, no major or significant attack has been reported against a port in Europe or America. We can probably attribute that to the implementation of a new security system and the ISPS Code (International Ship and Port Facility Security Code)? Probably.

But terrorists preparing for an attack must always think about logistics. Delivering an attack on a port is complicated and will not necessarily lead to as many victims as an attack in a subway or at a major event such as the Boston Marathon. But in return for an attack on a port, extremists could get what they want: disrupting our port system and economy. That is why it is so important to consider this type of threat. Extremists do not seek to necessarily kill or hurt people. They want to create chaos and hurt the system. Hitting ports is a good avenue.

How do you rate security within canada’s port system?

From a general perspective, good. Based on fact, security has been good enough to deter so far any attempt against our port system, and that is very important.

We all know that new security measures post-9/11 cost a lot of money initially and remain a major expense in port operations. But at the same time, they allowed us to fix some important security and safety issues and gaps left unattended for years. So, they have had a positive effect on the overall ports system.

How do ports balance security and the efficient movement of trade?

This always will be the challenge: security, but not at all costs. Ports are commercial operations and vital to our economy.  The only way to find the perfect balance is with good intelligence assessment … including specific assessment about what is really happening and threatening your port.

A good threat and risk assessment allows you to improve security, not only increase it. Improving is qualitative. Increasing is quantitative. You want to optimize the use of your security budget, and the only way to do that is by working on specific issues, not generalities. This also allows you to move from being reactive to becoming proactive by actively working on real issues, not a doom scenario or speculation.

What should ports be doing to be proactive rather than reactive when it comes to security?

The only way to be proactive is by using intelligence. Currently, only government agencies are producing intelligence assessments, for ports. We need a greater exchange of intelligence, not only information and not only when there is a specific threat to a port.

We need to be able to understand the trends and changes in our environment. The Americans created a model – Information Sharing Analysis Centers (ISACs) – that could be implemented in Canada, but geared to Canada. There are 18 ISACs in the U.S. servicing various vertical components of the critical infrastructure system. There is one for the marine transportation system. It has been created and financed by users in cooperation with the government. Their main purpose is to share information, not intelligence. This is where we could be different and bring a contribution to their existing system, too.

Is intelligence gathering the key to a secure port if 100-percent screening of cargo is indeed impossible?

Intelligence gathering and screening cargo are two different issues. I agree that they are linked to one another, but they do not necessarily depend on each other. What I mean is that greater intelligence will allow you to target more efficiently suspicious cargo and probably increase your success rate.

Since 100-percent screening would be very, very expensive, and until we can get the right way and technology to do it, I would argue that good intelligence is the most economic and viable way to do it. In return, good intelligence will also provide you with a great TRA, thus also improving your security. But read me well: I don’t promote to abandon the screening. I say until we get better technology and efficiency in screening cargo, intelligence capability is the best way to protect yourself.

Are there new technologies that ports should be considering to increase and improve security?

I have never been someone to push technology all the time. There is some very good technology out there that can help you if you have a specific problem. But I always return to the fundamental. The greatest security risk is the human factor. Before pushing for any specific technology, I would push for better security screening of people and efficient control at the gates. It is not sufficient to control people coming in; you must also find a way to control their exit.
 
Should ports be concerned about cyber threats?

Intelligence assessments confirm a significant increase in recent years in cyber-attacks against critical infrastructure including ports. There are basically four threat agents:

1.    Government hackers: Foreign governments employ hackers to specifically target critical infrastructures in Canada. They have many objectives, including espionage and intelligence gathering. But more importantly, they test our system. China, for example, has a well-known cyber program that regularly tests our system to see if they can breach it. This knowledge would allow them, in case of major conflict, to disrupt and in some cases completely shut down our computer systems.
 
2.    Organized crime: Some groups have evolved to employ very sophisticated ways to hack computer systems to gather information on the movement of cargoes, security protocol and weaknesses, etc.
3.    Cyber-Activists: More and more attacks are generated by activists and cause significant headaches for port authorities.

4.    Employees: Damage caused by employees is sometimes unintentional. However, disgruntled or, worse, criminal employees can cause major damage to your systems.