The City Seinfeld Papers
Seinfeld was a television show about nothing.
Each week the show told you nothing … in a very funny way.
The City of Ottawa tells you nothing but leaves out the humour in the report below. Then it sends you to the meat of a report which is behind a firewall (the above screen is what you get if you try to log in to the security something that is behind the firewall … open, caring and inclusive).
The city believes it has things worth keeping secret. Some of the things we see aren’t worth keeping secret when they try to cover them up. Then the things they do manage to keep secret might or might not be worth keeping secret. We don’t know.
The memo below outlines the Seinfeld technique. It has many words but conveys no information other than the auditor general said there should be changes to security but the city is so secure that in this memo, it doesn’t say what those things are.
When the city was considering banning Tik Tok because it could glean municipal information to China, The Bulldog pondered what those secrets could be. Perhaps the city’s secret plans to invade Gatineau? We don’t know. The secret plans to make Lansdowne successful? Can’t say. They’re secret.
When the city really has something to cover up, it hides behind proprietary property. And it jumps to keep information behind closed doors by the way it writes contracts to cover staff’s posterior. An uninformed public is a happy public.
The problem with that is when people screw up, there are no consequences. Nobody knows. Until the city arrives at a point where it is sloppy beyond belief … like transit. Even when the public knows the problems, there are no consequences for the error-makers.
And as for proprietary property, who would want to steal secrets from the light-rail project? Maybe to write a book on how to not design a light-rail project. Those secrets the city should keep secret, but probably won’t.
So here we have it, the report below so secure that it tells you nothing.
But before that, we give you the theory behind nothing and Seinfeld. Nothing. What does this memo say? Nothing. And the important part of this is the hotkey to nothing. That hotkey shields proprietary information … if the city finally has something of value to keep secret, when it can keep a secret.
—
From / Expéditeur
Kim Ayotte
General Manager
Emergency and Protective Services
Subject / Objet
New Corporate Security Framework
Date: May 21, 2024
This memo serves to inform Members of Council of the recently established Corporate Security Framework.
Background
In 2019, the Office of the Auditor General (OAG) conducted an audit evaluating the adequacy and effectiveness of the governance, internal controls, and risk management practices related to physical security management. The audit highlighted areas where there were opportunities for the City’s Corporate Security Program to improve, including through the development of a Corporate Security Policy.
The Corporate Security Program prioritized all audit recommendations that presented potential operational risk (e.g., improvements to the Photo Identification Card and Access Control Systems) and then began working on the ones that would be best addressed through the development of an over-arching new policy or framework.
Since 2019, the City’s security context has changed. The pandemic, the Convoy Protest, and the housing and homelessness crisis are some of the contributing factors. The current and evolving operating context has been taken into account in the development of this new Corporate Security Framework.
Update
Aligned with industry best practices and standards, the new Corporate Security Framework aims to provide appropriate oversight for the City’s physical security measures and fulfills several outstanding OAG audit recommendations.
The Framework provides a formal governance structure for the Corporate Security Program and confirms senior management’s support and participation in security risk management and awareness initiatives. It does not change the day-to-day operations of the Corporate Security Program nor does it delve into specific security processes, procedures or standards.
Vision and mission:
The Framework articulates the vision of the Corporate Security Program, which is to provide a safe, secure and inclusive environment for all persons at City facilities. Its mission is to anticipate, understand and address the evolving physical security needs at City facilities through the assessment of security risks, and the application of reasonable risk management strategies.
Development Process:
Extensive groundwork, including an academic literature review, analysis of established security standards, and benchmarking against similar municipalities, has underpinned the Framework’s development. Approval of the strategic direction and governance structure by the Senior Leadership Team in February 2024 was followed by consultations with all City departments to ensure inclusivity and stakeholder input, with particular attention to equity, diversity, and inclusion considerations.
Next Steps
The Corporate Security Framework will be accessible on the City’s Policies and Procedures SharePoint page. Staff will be informed of the new Framework through articles in the Management Bulletin and In The Loop during the week of May 27.
Questions on the new Framework or on the City’s Corporate Security Program can be directed to Beth Gooding, Director, Public Safety Service.
Respectfully,
Kim Ayotte
General Manager
Emergency and Protective Services
cc: Wendy Stephanson, City Manager
Senior Leadership Team
Andrea Lanthier-Seymour, Chief Communications Officer
Beth Gooding, Director, Public Safety Service
Michele Rochette, Manager, CMO Administration
Carole Legault, Program Manager, Council and Committee Services
Danyelle Belanger, Program Manager, Council Support Services
—
Fortunately, nothing is “aligned with industry best practices and standards.” What could go wrong? Whatever it is.
Ken Gray
—
—
RECOMMENDED FOR YOU
City Continues Its War On Rats
One-Third Of Senior City Managers Interim
Tierney PR Watch: News On The March
—
Let me summarize the key take away from this memo. Not just for the public, but for the members of council.
In 2019 the city’s AG identified cybersecurity as something the city should take care of. Staff got around to it in 2024. 5 years later! That tells you everything you need to know about how seriously the city takes its cybersecurity. And the response from council is … pending.
Ron:
City hall is in crisis and it doesn’t even know it or understand it.
It has made horrible mistakes, can’t fix them and, frankly, doesn’t seem to care.
Another round of nightmayors, Construction Days, plow namings and a shawarma in every pot.
Not sure this is what an angry public and an especially angry transit-using population wants to hear.
Worse is that nobody seems to have solutions to its own problems and nobody seems to care.
cheers
kgray
Ken, cyber threats are ever evolving. For every cybersecurity measure there is a countermeasure. Repeat, repeat, repeat. With the volume of work being performed from locations not inside city hall (read home, coffee shop, …), the risk of cyber penetration by social misfits is very high, let alone by those with unlimited resources. Thus the levels of protection must be very, very high. Response times must be measured in minutes, not hours, let alone days. The reaction time demonstrated by this memo is indicative of an organization that is out of touch with reality. That council does not recognize the pattern is beyond worrisome.
I recall the musings of a tour guide in Vienna a couple of decades ago. The Austrian-Hungarian Empire covered large tracts of central Europe up to the start of World War I. The Austrians entered that war with a cavalry centric army. The Germans arrived in tanks. It didn’t end well for the Austrians (or any one else for that matter).