The ITRR controversy in Pennsylvania raises important questions about protesters, free speech, free assembly, the relationship between protesters and threats to critical infrastructure, and the quality of contractor support to government entities. An argument can certainly be made in this instance that the Governor threw out the baby with the bathwater. The provision of intelligence services to protect critical infrastructure and key resources is essential, but so is a fundamental understanding of the types of threats and the risks that they pose, including being able to distinguish threats from opportunities.
The collection and publication in one report of protesters and demonstrators with terrorists by the ITRR was certainly going to be viewed poorly if it was ever made public, which in this day and age is inevitable. Do certain protests and protest groups come with some form of risk? Absolutely. Do some protesters pose a threat to CIKR and law enforcement operations? Again, absolutely. Does that mean that every protest comes under the classification of terrorist? Not even close.
Protesters and demonstrators with a DIRECT ACTION agenda pose a criminal, not terrorist, threat to CIKR operations. Why is this important? It is important because the modus operandi of terrorists and that of direct action protesters are completely different from one another, and law enforcement and company security, legal, operations and media relations departments must be suitably prepared for both.
Placing terrorist awareness concerns together with intelligence related to the whole spectrum of protesters from direct action through non-violent/non-cooperative to completely peaceful and legally compliant without comment or context is deeply unhelpful and has led to this unnecessary public controversy. Effective analysis beside each reported group would have made clear which groups have a track record for criminal behavior through direct action, which groups have a track record for non-cooperative, non-violent direct action, and which groups simply demonstrate, and why each group has significance for inclusion in the report.
For instance, of critical significance for law enforcement in the report was the CrimeThinc convergence that rated a schedule of events mention but no explanation for law enforcement or others. CrimeThinc Convergences are where the lessons learned about direct action protesting from the previous year since the last Convergence are discussed and disseminated, and networking is conducted in anticipation of this year’s events. The past 12 months have included significant advances in the exploitation of social media for tactical purposes and disinformation against the police. This is partly due to the class of protester who can afford to spend their lives protesting internationally; trust-fund babies and the like.
Nowhere is an alternate justification being proffered for the use of the protester information in the reports, which is to maintain situational awareness for police departments for unusual but scheduled events where there may or may not be some form of collection or confrontation, effectively the OHS wringing value from every contractor dollar spent.
The reported ITRR information is useful as an event to understand and prevent or minimize police presence, or to have police warned and briefed as to what is happening in case there is a confrontation that escalates. The police’s responsibility to support and promote the Rights to Assembly and Free Speech is as important as their responsibility to counter terrorist and criminal threats and civil disturbances. It is a pity that the relationship between the police and protesters is all too often confrontational, as seems to be the assumption for the base case in Pennsylvania.
What is notable is the amount of CIKR-related information that should have been in the report for that period but was not – and here I provide a list that took an analyst whose specialty is international relations, not CIKR, 20 minutes to compile:
1. Public Health: Ongoing H1N1. Low media profile, but ongoing concern over salience of virus at Center for Disease Control in July/August.
Over 11,000 cases in PA by Spring 2010 suggests preemptive action on public awareness and vaccination stockpiling for fall flu season should have been on the radar in August, particularly in CIKR entities.
2. Telecommunications: New Healthcare Facilities Infrastructure Cabling Standard issued by Telecommunications Industry Association: “TIA-1179 specifies requirements for telecommunications infrastructure for healthcare facilities (e.g. hospitals, clinics). It specifies cabling, cabling topologies, and cabling distances. Additionally, pathways and spaces (e.g. sizing and location), and ancillary requirements are addressed. Telecommunications cabling specified by the new standard is intended to support a wide range of healthcare facilities and systems. In addition to telecommunication systems, the telecommunications cabling specified is intended to support a wide range of clinical and non-clinical systems (RFID, BAS, nurse call, security, access control, pharmaceutical inventory, etc.), particularly those which utilize or can utilize IP-based infrastructure.”
Although slightly esoteric, these reorganizations are going to have an effect on the relationship between hospitals and users, affecting interoperability between emergency medical providers, their supporting entities and others.
3. Agriculture and Food: Multi-source Salmonella Enteritidis outbreak: over half a billion eggs recalled. In mid-August, wholesalers in 16 states received infected stock. State health agencies, in conjunction with the FDA tracing supply chain etc: “The Agency has activated its emergency operations command center with scientists, investigators, epidemiologists, and communication experts. … If consumers are unsure about the source of their eggs, they are urged not to eat them and to discard them immediately.” FDA Release, August 19, 2010.
It has been contained now, and we know its contamination dynamics, but in August, it was very high on the public health agenda with many supply chain unknowns. A recommendation about being prepared for significant absences would have been appropriate, as would preparations for potential stress on medical facilities.
4. Water: $550 million low interest loans and grants for water infrastructure in Pennsylvania. The state is offering $411 million in low-interest loans and $119 million in grants to pay for the work, through the Pennsylvania Infrastructure Investment Authority’s first round of federal stimulus money. Most projects due to begin in August, including
a. The Pittsburgh Water & Sewer Authority received a $10.8 million loan to improve its water treatment plant and water storage and distribution system. The authority received another $10.3 million loan to replace or fix more than 4 miles of sewer lines.
b. The Allegheny County Sanitary Authority received an $11.8 million loan to upgrade the McKees Rocks pump station and install nearly a mile of storm sewers to keep rainwater from overwhelming the system. This follows an EPA January 2010-report saying $203 billion is needed for wastewater infrastructure across the U.S. In an August 03, 2010 release, the EPA issued a new guide to improving the effectiveness of urban storm water permits in the Chesapeake Bay watershed and the mid-Atlantic Region.
This should have driven early coordination between emergency services and the water providers to ensure that there are contingency plans in place to cover both continuity of service during construction, emergency support during construction, and to manage access to the pump station and the water treatment plant, which are vulnerable to terrorist infiltration or attack.
5. Commercial Nuclear Reactors, Materials and Waste: A mixed oxide (MOX) fuel fabrication facility cleared a significant regulatory hurdle, setting an industry wide precedent for infrastructural safety and security in this area. The plant will convert ex-military plutonium into fuel for nuclear power reactors. The draft Safety Evaluation Report (SER) by the US Nuclear Regulatory Commission (NRC) is an important step in the licensing process, and documents the NRC’s technical safety review of Shaw Areva MOX Services’ application for an operating license for the facility, under construction at the Department of Energy’s (DoE) Savannah River site in South Carolina. Basically, unlike projects to build new nuclear power reactors, for which the NRC will issue combined construction and operation licenses (COLs), the MOX facility is being licensed through a two-part process, firstly authorizing construction of the plant and secondly licensing MOX Services to operate it. Operations are set to begin at the plant in 2016.
Regardless of whether it was on people’s radars, this significant milestone has created the likelihood of construction of a “to be approved” nuclear facility. Infiltration, disaffected employees, protester groups with a track record of CIKR effect, such as Greenpeace, and similar risks should all be being addressed now around the security of the infrastructure.
Government bodies should be clear in their minds as to what the result of intelligence support is and maintain a critical eye on ensuring that they are being provided with it. The political controversy around the ITRR reports is unfortunate but useful in that it will prompt a more aggressive examination of what intelligence is needed, how it should be provided and what goals it should be supporting. Surely, it is fundamental that all documents must be able to pass the Wall Street Journal and Capitol Hill test; regrettably, this one did not, but the experience can teach us much.
