Part 5: Assessing the Capability to Respond

Managing Threats to Domestic Security.

5.1
It is important that agencies know what level of threat they are expected to prepare for, and the type of incidents they are expected to respond to – and that the Government knows and monitors agency capability from each of these perspectives. It is also important that any capability gaps are known and communicated.

5.2
We looked at capability from two perspectives:

  • Capability to perform day-to-day functions – generally a pre-emptive and preventative capability that includes the functions of the border agencies, AvSec and the MSA.
  • Capability to respond to particular events – a capability that includes contingency planning and encompasses the ability to respond to and mitigate the consequences of particular situations and events.

5.3
We examined:

  • the extent of expectations about capability;
  • monitoring the extent to which agencies were meeting those expectations;
  • the training for and testing of responses, and contingency planning for anticipated incidents; and
  • monitoring of capability across agencies and functions.

Key Findings

5.4
The security environment and the need for New Zealand to keep pace with international expectations and obligations largely drive day-to-day capability expectations for preparedness to meet security threats. Agencies individually monitor these expectations and assess what additional resources they require to meet them.

5.5
There is no central monitoring of key capabilities and preparedness across agencies. Monitoring (to varying degrees) takes place through agency accountability reporting, but this is mainly from an individual business perspective. Similarly, there has been no overall ‘stock-take’ of all capabilities that contribute to domestic security. This increases the risk of duplication of effort or capabilities.

5.6
Agencies’ testing of their own systems and capabilities is variable. AvSec and the NZDF have extensive capability testing, but the majority of agencies are currently still designing their procedures, and they still need to establish procedures to measure their effectiveness.

5.7
Multi-agency exercises and simulations conducted to test the whole-of- government response to particular events provide an effective method to test systems and build relationships. A continuous, co-ordinated programme for all agencies to test their own systems and capabilities would further enhance the effectiveness of these exercises. Depending on the nature of the particular exercise, they could also usefully be extended to include front-line providers.

5.8
Multi-agency and individual agency exercises both currently focus on the response phase, with little emphasis on recovery. Substantial work is currently being undertaken to incorporate recovery into future exercises.

Setting Day-to-day Capability Expectations

5.9
In the light of Resolution 1373 (see paragraph 2.19 on page 27 and Appendix 1 on pages 84-87), the Government asked agencies to review their procedures and resources to assess whether they were sufficient to respond to the new terrorist and security risks. The agency reviews identified areas that needed to be strengthened – including:

  • legislative changes to give effect to the new international requirements;
  • improved intelligence capability – especially for GCSB, the NZSIS, Customs, and the Police;
  • changes in certain procedures – such as screening of export consignments (including mail) and examination of containers; and
  • implementation of additional systems – such as an Advanced Passenger Processing System to obtain data on all passengers on participating airlines.

5.10
Since their initial review, agencies have continued to monitor the security environment and the additional resources they require in order to keep pace with

  • international expectations; and
  • obligations to trading partners.

International Expectations

5.11
International expectations and the related security initiatives are being driven through agency membership of international organisations as well as a variety of forums, Conventions and Protocols (that often include standards and recommended practices), and memoranda of understanding between countries.

5.12
These international obligations are also reflected in New Zealand’s membership of international organisations. For example, Customs participates in the WCO, which is currently undertaking to:

  • standardise information for identifying high-risk cargo;
  • develop guidelines for electronic submission of customs data; and
  • in conjunction with the International Maritime Organisation (IMO)20, identify measures to support increased supply chain security and secure containers.

5.13
Requirements for baggage screening and advance passenger information also arise through New Zealand’s membership of the International Civil Aviation Organisation (ICAO)21. Members must comply with standards and recommended practices in Annex 17 to the Convention on International Civil Aviation, and these have been incorporated into our National Aviation Security Programme (see Figure 6 on the next page). For example, passengers on all domestic flights seating more than 90 passengers are required to be screened prior to boarding, and additional screening procedures required by 1 January 2006 for hold baggage will have a large impact on the aviation sector.

Figure 6
New Zealand Aviation Security

Annex 17 to the Convention on International Civil Aviation – International Standards and Recommended Practices – Security – Safeguarding International Civil Aviation Against Acts of Unlawful Interference contains standards and recommended practices to be followed by contracting states, including:
• organisational aspects such as the establishment and implementation of a national civil aviation security programme and designating an appropriate authority to be responsible for the programme, airport operations, aircraft operators and quality control;
• preventative security measures relating to aircraft, passengers and their cabin baggage, hold baggage, cargo, mail and other goods, special categories of passengers, access to the aircraft, and restricted areas of airports; and
• responding to acts of unlawful interference – including prevention, response and exchange of information and reporting.

The Convention and standards are given legal effect by the Civil Aviation Act 1990, Aviation Crimes Act 1972, Civil Aviation (Offences) Regulations 1997, and Civil Aviation Rules.

New Zealand has drawn up a National Aviation Security Programme that incorporates the standards and recommended practices. The Security Manual for Safeguarding International Civil Aviation Against Acts of Unlawful Interference, an ICAO advisory document, was also used as guidance by the CAA in drawing up the National Aviation Security Programme.

5.14
A similar framework is being adopted for Maritime Safety. The IMO introduced new security measures, which will come into force on 1 July 2004, to prevent the introduction of unauthorised weapons or dangerous substances and devices to ships22 or port facilities (see Figure 7 on page 69).

Figure 7
New Zealand Maritime Security

IMO guidance recommends screening and/or searching of people, their possessions, vehicles, ships’ stores and cargo entering a port facility, where such activities have been identified as necessary through the risk assessment and port facility plan process. There is a growing expectation in the cruise ship industry that similar screening measures to those adopted in air travel will be implemented for cruise ships.

The principal requirement for governments is to regulate ship and port facility regimes by assessing risks at port facilities that service international traffic; approving and auditing ship and port facility security plans; and setting the security (threat) level at which ships and ports operate. The MSA is the regulatory authority responsible for administering and ensuring compliance with the new security measures.

The MSA has established a number of representative bodies:
• A National Port and Ship Security Committee – comprising representatives of the border control agencies including MoT, Police, Customs, MAF, Food Safety Authority, Immigration Service, as well as the security and intelligence agencies – has been established to ensure a whole-of-government approach. This Committee, among other things:
– considers requirements for and outcomes of port facility security assessments;
– considers MSA’s recommendations on which ships and port facilities will be rewired to prepare security plans; and
– determines procedures for moving from one security level to another.
• A National Port and Ship Consultative Committee – to enable effective consultation with the maritime community and includes representatives from port and shipping companies, port and shipping users, maritime employee organisations, shipping agents, stevedores and Cruise New Zealand.
• Local Security Committees – convened at each port to replicate the National Consultative Committee and have a key role in establishing security measures at each port facility.

Legislation has been introduced in the Maritime Security Bill to give effect to the new measures.

Obligations to Trading Partners

5.15
Improving supply chain security (in particular, container security) is increasingly emerging as a requirement of international trade. The initiatives have so far been driven by the USA, and the requirements being imposed are analogous to New Zealand’s established arrangements for biosecurity checks on passengers and goods entering the country.

5.16
Figure 8 on the opposite page describes two USA initiatives that have required changes in procedures for cargo bound for, or passing through New Zealand to, the USA, including cargo remaining on board.

Figure 8
Obligations of Exporters to the United States of America

Container Security Initiative (CSI)
This initiative (which has been endorsed by WCO) involves US Customs officers working with counterparts in foreign ports to identify high-risk containers and search them before they are shipped to US ports. It uses X-ray and gamma ray technology for rapid pre-screening, and promotes the use of more secure types of containers.

The initial goal is to work with 20 ports that jointly account for a large proportion of the containers that enter the USA. Speed and predictability for container movements will increase because pre-screened containers may be released immediately on arriving at the US seaport. High-risk containers that have not been screened will be delayed until US Customs screens them.

The procedures require exporters to:
• have cargo at the port of departure at least 24 hours prior to the vessel arriving at the port; and
• submit cargo declarations to US Customs at least 4 working days prior to the vessel arriving at the port of discharge.

Customs-Trade Partnership Against Terrorism
This is a joint government-business initiative to strengthen overall supply chain and border security. It involves US importers – and ultimately carriers and other businesses – entering into voluntary agreements with US Customs to enhance the security of their global supply chains and those of business partners. In return, US Customs will agree to expedite the clearance of the members’ cargo at US ports of entry. Trading partners of the importers involved in this initiative will have to make changes to enable the importers to fulfil their agreements.

Publication of Day-to-day Capability Expectations

5.17
Capability expectations for day-to-day activities are set out in agencies’ purchase agreements with their ministers. They are also articulated in their departmental Forecast Reports and Statements of Intent.

5.18
The capability expectations set out in these documents have been variable between agencies, and often non-specific. These shortcomings have been identified and agencies are beginning to address them.

5.19
We reviewed five departmental Forecast Reports or Statements of Intent for 2003-04.23 Each included improving national security (or biosecurity in relation to MAF) as an outcome. Customs, in particular, noted a shift to a strong active border security to provide assurance that goods, people and craft arriving in New Zealand do not pose a threat to this country; and security of the export supply chain to provide assurance to both New Zealand and our trading partners.

5.20
The departmental documents also linked the outcome to specific actions or intermediate outcomes. However, except in relation to Customs, there was still a need to explain links to agencies’ outputs.

Monitoring Against Day-to-day Capability Expectations

5.21
Agencies are required to report against the objectives in their Statements of Service Performances in their Annual Reports. In addition, each border agency undertakes some preparedness monitoring from an individual business perspective. Some use the ISO framework for this purpose, and accreditation against ISO standards provides a useful and systematic framework.

5.22
With regard to new and recent expectations, most agencies are currently still developing or working through processes for addressing them. Agencies that are by the nature of their responsibilities more mature in respect of domestic security provide examples that others can follow. For example, AvSec has relatively well advanced arrangements with clear procedures and standards, obligations to a range of stakeholders, and audits by a number of organisations – including:

  • the (USA) Federal Aviation Administration and other international authorities;
  • the (NZ) Civil Aviation Authority (of which AvSec is a separate function);
  • the BVQI (the Bureau Veritas Quality International)24;
  • the (NZ) Ministry of Transport; and
  • airlines (which rely on the work of AvSec).

5.23
Screening tests covering AvSec’s operations include aircraft searches, metal detector and X-ray searches, and physical search procedures. The results are reported monthly to the agency’s General Manager.

5.24
Few25 agencies undertake systematic “stock-takes” of their day-today capabilities. In most cases, such stock-takes would be very large exercises, and some agencies have undertaken reviews of key parts of their processes – for example, in September 2002, MAF published a review of biosecurity surveillance programmes operated by itself and other government departments. The aim of the review was to establish a framework for prioritising surveillance programmes, and an economic model to help determine appropriate funding levels for surveillance.

5.25
In our November 2002 report Ministry of Agriculture and Forestry: Management of Biosecurity Risks, we recommended that MAF and the other departments involved in biosecurity matters consider the need for a wide-ranging review of biosecurity capability (including preparedness for one or more major incursions)26. Even a single review such as this would be a large undertaking. Such reviews therefore need to be part of a planned programme of capability reviews. And given the interdependence of many of the agencies, they need to plan the reviews together, so that in due course the results of a range of reviews can be added to the total knowledge that is available to assess overall capability for domestic security.

5.26
Capability reviews along these lines will require sophisticated measurement techniques to be developed to test key security elements. For example, the US Transportation Security Authority uses ‘fake’ contraband items (including bombs and weapons) to test detection systems and procedures. In New Zealand, AvSec uses similar techniques, and MAF tests systems at ports of entry on a random basis by having people attempt to bring in restricted items.

5.27
These kinds of tests could usefully be routinely operated across all border security agencies. They are particularly helpful in assessing the level of ‘risk tolerance’ that needs to be accepted, what level of further resource investment is needed to keep risk below acceptable levels, and what systems and procedures need to be strengthened. For example, it would be possible to assess what percentage of weapons illegally coming into the country would be picked up by current procedures, and to do further work to estimate the extra cost of increasing the percentage of weapons that are identified.

Planning and Monitoring the Capability to Respond to Events

Whole-of-government Response Through DESC

5.28
In March 2002, the Government adopted the DESC structure to facilitate a whole-of-government approach to national crises and circumstances affecting security. As described in paragraphs 2.37-2.38 on page 31, DESC has two main components that work closely together – one to develop high-level whole-of-government approaches and policy, and the other to concentrate on crises as they arise.

5.29
When a crisis or event occurs, one agency takes responsibility for leading the operational response – normally the agency with the statutory responsibility and/or specialised knowledge for managing the particular crisis – such as the Police in relation to a terrorist emergency, or MAF in relation to a foot and mouth disease outbreak. The lead agency establishes an operational group to help manage the crisis, which includes assistance from other relevant agencies.

Exercises and Simulations to Test Whole-of-government Response

5.30
Exercises and simulations provide important information on the capability of participants, and feed back into planning of future responses.

5.31
For example, a half-day simulation based on a foot and mouth disease scenario showed the need for better definitions of structures and roles, and better support. It also illustrated the need for further work by the Reserve Bank and the Treasury into the likely macroeconomic impacts of an outbreak27 – which would be important information for the recovery phase that we consider in paragraphs 5.55-5.56 on page 80.

5.32
The Police, under the guidance of ODESC, are responsible for planning multi-agency simulations of possible terrorist incidents known as Exercise Guardian and Exercise Lawman. These exercises are large and resource-intensive, and the Police attempt to base them on up-to-date knowledge of the most likely terrorism threats:

  • Exercise Guardian is a ‘tabletop’ exercise that has no operational elements deployed, but usually tests the decision-making aspects of an event, and the information and intelligence flows that are essential to a successful outcome.
  • Exercise Lawman utilises the full range of required assets – from co-ordination resources through to ‘on-the-ground’ units. Both exercises involve the participation of Ministers as a key element.

5.33
These multi-agency exercises are central to the domestic security arrangements. However, they take up a large amount of resources and cannot be undertaken with the frequency that would be required to cover all the most likely scenarios. They also have to be planned carefully to achieve maximum coverage of important issues, while at the same time ensuring that single key agencies are not over-burdened with the repeated need to participate, and that agencies with a less central role are not involved so infrequently that they have to re-learn how they should interact with other agencies in each exercise. ODESC is currently reviewing the frequency of the exercises in response to concerns raised in post-exercise reports.

5.34
The exercises have been run as ‘warm starts’ – which effectively means that agencies had advance notice, and systems (such as IT and communications) were set up before the exercise started – and the set-up phase of the exercise was not practised or reviewed. The establishment of a permanently set up National Crisis Management Centre in the Beehive basement is aimed at removing this deficiency.

5.35
We found good examples of contingency planning, exercises, and simulations as part of some agencies’ own operations. They provided an effective method to test systems and build relationships to enhance preparedness. For example, MAF carries out an annual exotic disease simulation exercise to maintain competency for staff involved in responses. Until 2000, the simulations were based on a foot and mouth disease scenario. Since then, there have been simulations based on Nipah virus in pigs and Newcastle disease in poultry, and a simulation based on an Anthrax scenario was carried out in November 2002.

5.36
The MoH recently ran a large simulation on an influenza pandemic – see Figure 9 on page 76. The exercise identified the following capability needs:

  • establishment and maintenance of well-developed communication paths between the MoH and providers (such as general practitioners and rest home operators);
  • databases identifying local providers, resources, and supplies;
  • a Resource Command Centre with appropriate equipment and supplies, and improved communications within the Command Centres; and
  • a review of lessons learned during the exercise.

Figure 9
Simulation – The Virus has Landed 02

An influenza pandemic occurs when a new type of influenza virus emerges and spreads to most countries around the world. Because the virus is new, no one has immunity and many people become seriously ill. The pandemic can cause widespread death and illness, as well as social and economic disruption.

The aims of the exercise were to practice and evaluate the New Zealand influenza pandemic plan, and the operational response through District Health Boards’ major incident and emergency plans and public health response plans.

The objectives of the exercise for the MoH were to:
• mitigate, respond to, and recover from a national influenza pandemic;
• test the communication links with the District Health Boards and public health services;
• identify triggers for escalation within the plan;
• gather and analyse information from District Health Boards to provide an action plan; and
• identify the gaps and overlaps within the planning process.

The scenario was devised around the WHO – Pandemic Alert Levels and the New Zealand Influenza Pandemic Plan and had five stages. The objectives not tested were the recovery from the event and preparation for the second pandemic wave.

The participants were: the MoH – Emergency Response Centre, Public Health Services and Communicable Diseases Team; District Health Boards’ public health services; and the National Pandemic Planning Committee.

5.37
Since this exercise the MoH has established a Command Centre (called the Emergency Response Management Centre), which can be set up within an hour or so. This centre was last activated for the SARS response group. The MoH also noted that better communication linkages now exist, and it has a debriefing procedure to review how it handled the response.

5.38
District Health Boards are responsible for their own contingency planning and testing. Information on the capacity of District Health Boards to deal with crises and on the results of their testing is not maintained on a national basis. A similar issue was noted in relation to the MAF exercises, with the need to involve and know more about the capability of veterinary staff from private practice.

5.39
The MoH told us that work is currently being undertaken to address this issue. At the time of writing this report, ODESC was considering a proposal for regularly scheduled national level exercises across a number of government agencies and threats. The agencies currently being considered are at least the MoH, MAF, the Police, and MCDEM.

5.40
Currently, no programme brings together both multi-agency and individual exercises and simulations to ensure that adequate coverage and frequency across all agencies is achieved. Such a programme would also help agencies to identify opportunities for useful involvement in other agencies’ exercises.

Learning from Actual Events

5.41
We found a number of examples of post-operation reports and reviews undertaken after security incidents had occurred. These reviews focused on how agency performance could be improved, and illustrated a willingness among agencies to learn from real events and use them to ensure continuous improvement.

5.42
Two recent examples were post-operation reports from an incident where a suspected lethal chemical device was left on the steps of the Motueka Police Station, and the New Zealand consular response to the Bali bombings.

5.43
Each incident involved a range of agencies and identified key points for improvement in the future. In the Motueka case, there was no laboratory in the South Island with the ability to test the substance in the suspect device. It could not be transported by air to the North Island because the substance was unknown. The responders had to destroy the substance and forgo identifying it.

5.44
Consular staff took on the responsibility to identify bodies in the immediate aftermath of the Bali bombings. Post-operation reports noted that such tasks should have been carried out by specialists (the Police sent specialists within two days of the bombings), and suggested that cross-agency‘early response teams’ be set up for use in such circumstances. These teams would be able to quickly assess specialist needs and arrange for them to be provided. In our opinion, such a team would have been a valuable asset in the Motueka incident as well.

5.45
The MoH used the recent international SARS outbreak to improve its contingency plan for a pandemic outbreak.

Securing Specialist Skills

5.46
Most agencies have specialist skills that may be useful to the agency that is leading a response. For example, the Prime Minister (or if unavailable, the next most senior Minister) may authorise the NZDF to assist the Police to deal with some aspects of a terrorist emergency – such as:

  • storming buildings and retrieving hostages;
  • locating and defusing bombs;
  • land, sea and air surveillance; and
  • personnel trained in defensive cordon or perimeter duties.

5.47
The Ministerial authorisation is based on information supplied by the Commissioner of Police (or Deputy Commissioner of Police) that the Police cannot deal with the emergency without the assistance of members of the Armed Forces exercising powers that are available to members of the Police.

5.48
Where NZDF assistance is sought, the Police remain in charge of the operation and a plan exists covering NZDF assistance to the Police in counter-terrorism operations, and the execution and command and control arrangements throughout.

5.49
The Chief of Defence Force, in support of the Police, may also authorise administrative support – such as transporting Police personnel; and logistic services, such as catering and medical support, that the NZDF is skilled in setting up in locations not specifically designed to accommodate them.

5.50
The NZDF played an important part in the post-September 11 review of resources and capability. The NZDF had an Improvised Explosive Device Disposal team, but the team had shortfalls in its capability to defuse chemical and biological bombs, and received funding to address the shortfalls. The NZDF was also able to point to a wider shortage of facilities to decontaminate emergency staff or civilians affected by a chemical or biological incident.

5.51
The New Zealand Fire Service has a relatively sophisticated decontamination facility for chemical spillages in the three main centres28 and an anthrax decontamination protocol was drawn up. The NZDF and the New Zealand Fire Service are cooperating to ensure that the capability held between them both is optimised (i.e. duplication is minimised).

5.52
The CTG of the New Zealand Special Air Service reports its preparedness regularly as part of the NZDF’s preparedness reporting system. This reporting covers issues such as the availability and serviceability of mission-critical equipment and the required level of manpower, and provides the Government with assurance that the CTG will be able to perform to the expectations set in its Purchase Agreement. For example, the agreement states that the Government expects the CTG to be available at very short notice, and able to cover certain contingencies. The reporting has clearly described areas of capability that are being improved, and has made it possible to monitor what shortfalls exist and what is being done to rectify them.

5.53
The Police STG, being an operational group continually being deployed against prioritised needs, reports preparedness in terms of total training hours. Since this provides only a very limited indicator, post-operation reports are in practice the key measurement tool for operational preparedness. We examined some post-operation reports and found them to be good examinations of events, including comments on the soundness of procedures and equipment used.

5.54
The STG has been looking into implementing reporting improvements and, given the range of capabilities of the STG and the importance of its role, there would be value in the STG considering the preparedness monitoring system used by the NZDF for the CTG. Such a monitoring system might include:

  • expectations from the Government and within the Police of what the STG is to provide in terms of capability and response times;
  • checks on required manning levels;
  • statements on training completed compared with training planned; and
  • statements on response times to actual events.

Capability to Recover From an Event

5.55
The initial response to an event is of critical importance, but it is widely recognised that the recovery phase is of equal importance if further damage is to be avoided and communities or services are to be restored as quickly as possible. However, little work has been done on capability to recover from a domestic security event, and we identified gaps in a number of areas:

  • whole-of-government and individual agency exercises tend to focus on the response phase to any scenario, with little time spent on the recovery phase;
  • recovery contingency planning for some critical infrastructure has not been undertaken29; and
  • no stock-takes of resources available for recovery from various events have been undertaken to check whether the necessary resources can be obtained when required.

5.56
Agencies have recognised these gaps and related work is in progress. For example, DPMC is looking at how to integrate the recovery phase into future exercises. MCDEM is looking to assessing recovery needs as part of its new National Strategy and Plan. What these agencies are doing would be enhanced by having an overall plan to ensure that the most critical areas are being covered, and to the depth required.

A Stock-take of Capabilities for Responding to Events

5.57
As for day-to-day capabilities (see paragraph 5.24 on page 72), few agencies undertake systematic stock-takes of their capabilities to respond to events. A whole-of-government stock-take would help to identify any overlaps or gaps. It would be a large exercise, but information already exists that could be built upon.

5.58
Stock-takes already in progress include:

  • the Police establishing an ‘agency capability matrix’ that covers 15 different types of chemical and biological threats – selected for review because it is an area where capabilities and responsibilities are spread among a number of agencies;
  • a similar stock-take by DPMC for critical infrastructure – to identify and prioritise critical infrastructure across the country, so that better-quality decisions can be made on matters of security; and
  • what the MoH is doing as part of its influenza pandemic exercise (see Figure 9 on page 76).

5.59
In our view, the DPMC exercise could usefully be extended to take account of contingency planning in the event that critical infrastructure is severely damaged or destroyed.

20: The United Nations agency responsible for international conventions relating to maritime safety and marine environment protection measures.

21: The Civil Aviation Authority is a member of the ICAO Aviation Security Panel.

22: As a minimum, this must include passenger ships on international voyages, international cargo ships of 500 gross tonnage or more, and mobile offshore drilling units.

23: Police, Customs, NZDF, MAF, and Department of Labour (Immigration Service).

24: An international certification organisation.

25: The NZDF routinely reports on the day-to-day capabilities of its force elements through the Operational Preparedness Reporting System.

26: Report available on our web site www.oag.govt.nz; ISBN 0-477-02898-5; see paragraph 3.51 on page 43 and related paragraphs 3.35-3.39 on pages 39-40.

27: See www.rbnz.govt.nz/research/0130346.html.

28: The decontamination capability is more basic in smaller centres.

29: For critical infrastructure, key lifeline utilities are required to prepare recovery plans in accordance with their obligations under the Civil Defence Emergency Management Act 2002. Currently these are at varying stages of preparation – some are well advanced. Though prepared for civil defence emergencies, most of each plan should still be applicable to domestic security incidents.

page top