Month: January 2020


This article posits a dynamic approach to security for critical infrastructure (CI). It adheres to recent science, pressing the edges on how we think about security.

Critical infrastructures are ‘complex systems’. The human threats to CI manifest in two broad categories. Exogenous [outside the system] threats include acts of terror and other crime attacks by predators. Endogenous [inside the system] threats include technical vulnerabilities arising from human error, occupational fraud, internal theft, corruption, workplace sabotage and workplace violence.

These two broad areas can be inter-related as is the case with corruption.

About Complex Systems

“All complex systems, whether they are biological ecosystems like the human body, natural ecosystems like a rain forest, social ecosystems like an open-air market, or socio-technical ecosystems like the global financial system, or the Internet are deeply interlinked. Individual units within these ecosystems are interdependent, each doing its part and relying on the other units to do their part as well. This is neither rare nor difficult, and complex ecosystems abound.  

Bruce Schneier, Liars and Outliers (2012)

Transformative Security Practice

“Transformative security practice”  (TSP) is new language for defining transformation of security to ‘learning cultures’ (Ref: Senge, Peter. The Fifth Discipline: The art and practice of the learning organization. 1994).

A security learning culture is generative. It is a shift of mindset from ‘business as usual’ to one of wonder, discovery and continuous improvement. It is a new way to think about how organizations perceive and practice security. It is adaptive, putting technology in the hands of the right people, doing the right things, at the right time.

TSP challenges security to move beyond the limitations of reductionist (cause and effect) solutions. It accepts and embraces chaos that comes with humanity. It applies ‘system’s thinking‘ to explore the inter-relatedness between parts in the organization, and how changes to these parts influence the whole.

With TSP, we learn how to motivate employees in playing a vital role in security as primary over technology. We recognize the influence and impact of beliefs, mental models, heuristics bias (mental shortcuts) and affect (emotions) on security.

A Generative Approach to Security

Security is dealing with new realities including acts of terror, transnational enterprise crime, and a post-industrial age uncertainty that is increasing stress and anxiety in the work force predicted in 1970 (Toffler, A.,  Future Shock).

TSP takes a behavioral and prevention science approach to security. In factors both the feelings of security and the reality of security (Schneier: Psychology of Security). TSP applies science from multiple disciplines including psychology, neuroscience, social physics, behavioral economics and evolutionary biology to mention a few.

Finally, there are three specific attributes identified for bringing about enduring change:

  • new skills and capabilities
  • new awareness and sensibilities,  and
  • new attitudes and beliefs.

TSP promotes deep cycle learning. It encourages lateral thinking to resolve security problems. It centers around Senge’s five disciplines for creating a security learning culture : i) personal mastery, ii) mental models, iii) shared vision, iv) team learning, and v) systems thinking delivered in practitioner-based, problem-solving ways.

Health Care Fraud: Applying Privacy Legislation to Investigations

The property and casualty insurance industry experiences staged accident injury claims by local gangs. There is also international experience with transnational organized crime bilking the payment systems at more complex levels.  In both cases it can involve physicians in public plans receiving kickbacks for diagnoses leading to the bilking of private insurance plans. 

s a case study, Ontario privacy legislation was reviewed for conditions and limitations on public and private health care exchanges of personal information for cooperating in investigations.

The Ontario Personal Health Information Act, 2004 defers to the Ontario Freedom of Information and Protection of Privacy Act (FIPPA) for these conditions. FIPPA does not prohibit inter-agency sharing of personal information for investigative purposes. What it does do,  is provide for how this information is to be shared.

Part III, Section 42  of FIPPA states: “An institution shall not disclose personal information in its custody or under its control, then details exceptions.

These exceptions allow institutions to disclose personal information to a law enforcement agency, if:  the disclosure is to aid in an investigation undertaken by the institution, or to an agency, with a view to a law enforcement proceeding, or (ii) there is a reasonable basis to believe that an offence may have been committed and the disclosure is  to enable the institution or the agency to determine whether to conduct such an investigation.

The challenge in combating organized crime activity; private insurers generally report potential crimes to the municipal police department where the offences have occurred, resulting in severe limitations on getting at organized crime groups. They are not concerned about their soldiers being arrested, convicted and incarcerated. There are always more soldiers.

One way to coordinate public/private sector effort is through a  centralized strategic and tactical health crimes analysis body coordinating and launching multi-agency intelligence probes and investigations. The public police can use the  extraordinary powers of search and seizure for conducting complex investigations and obtaining additional information, including public and private insurers, police and other sources.

A precedent for an integrated health agency/police cooperation approach has already been established in Ontario. During the Harris administration, the Ministry of Health and Long-Term Care disbanded its internal investigations unit and contracted with the Ontario Provincial Police, Anti-Rackets Branch to conduct criminal and regulatory investigations on behalf of the Ministry.

What would preclude private insurers co-contracting with the Ontario Provincial Police, Anti-Rackets Branch to provide the public and private health care insurers with a strategic and tactical crimes analytical service?  When recognizing an organized crime/gang pattern, an “Anti-Rackets tactical intelligence and investigations team. An alternative for strategic intelligence might be Criminal Intelligence Services Ontario.

The unanswered question is whether the Ontario government and private insurers have the appetite to go after transnational organized crime and provincial level gang activity gaming the public and private health care plans.

Uniform Policing is Complex

Uniform public are among the first to arrive at the scene of social disturbances, violent crimes and catastrophic events. They must make time-sensitive judgments on their personal and the public’s safety, sometimes in fraction of a second, without the benefit of conversation.

Mood influences perception of events. Like everyone, the uniform police officer’s brain is processing sensory information below conscious awareness. The brain draws on beliefs, mental models and prior emotions-laden memories to make immediate sense of the world.

Add another complexity to the uniform police officer’s job. They must control their emotions, even in trauma inducing situations, all while rational thought of the people they are engaging has been high-jacked by emotions.  There aren’t many movie stereotype police out there…always rational hero’s. In high risk situations they face the a Perfect Storm…emotions dealing with emotions.

How well a uniform officer manages their emotions. How self-aware of and control their mood. How self-aware they are and working on their implicit biases, has profound implications on public safety, problem solving, and the information gathered (sensory and words) has implications on decisions by the courts at civil and criminal proceedings.

Most police services spend 75 – 80% of their budget on people. If one owns a manufacturing plant and this amount of capital is in equipment, would you be taking care of this equipment?

Selecting officers for their emotional intelligence (EI) qualities, helping them determine there strengths and weaknesses in six identified emotional styles, and implementing training on EI practice, serves not only communities well, but also the quality of life for the officer and their families.