NEB seeks contractor to monitor 'vast amounts' of online chatter for potential security threats

The federal regulator responsible for pipelines is seeking an outside company to monitor online chatter en masse and aggregate the data in an effort to "detect security risks" ahead of time.

Pipeline regulator aims to 'proactively ... protect its personnel, critical assets, information and services'

A demonstrator is taken away by a police officer after disrupting a National Energy Board public hearing in Montreal in 2016. (Paul Chiasson/Canadian Press)

The federal regulator responsible for pipelines is seeking an outside company to monitor online chatter en masse and aggregate the data in an effort to detect security risks ahead of time.

The National Energy Board has issued a request for information (RFI) from companies qualified to provide "real-time capability to algorithmically process vast amounts of traditional media, open source and public social media data."

It is asking applicants to provide a "short demo session" of their security threat monitoring services in early July.

"This RFI is part of our processes to ensure we are getting the services we require to proactively manage security threats, risks and incidents to help protect its personnel, critical assets, information and services," NEB communications officer Karen Ryhorchuk said in an email.

"It is not specific to any project, application or issue."

'Why all of a sudden?'

But with the NEB's recent involvement in several controversial decisions regarding the Trans Mountain pipeline, digital security expert Tom Keenan believes the timing of the request may be related to anticipated security concerns in the near future.

Tell us what you think!

Help shape the future of CBC article pages by taking a quick survey.

"You'd have to be living under a rock not to know that pipelines are controversial, that there have been threats to construction of pipelines," he said. "And that may have accelerated the timing."

The RFI says the threat monitoring services are required under a broader federal directive on security management, but that directive was issued in 2009 and was supposed to have been implemented by 2012.

"The directive that they cite is Government of Canada policy, but it has been around for a while," Keenan said. "So, why all of a sudden? Probably because somebody figured that there's going to be a potential problem, so let's head it off."

Ryhorchuk said the NEB "does contract security services regularly" but won't publicly discuss the details of its security measures.

A man holds a sign as part of a protest outside National Energy Board hearings on the Trans Mountain pipeline expansion in Burnaby, B.C. (Canadian Press)

The request for monitoring service does get into specifics, however.

It says the NEB requires a contractor that cannot just gather large volumes of data but also analyze the information and provide "plain language" briefings.

The briefings are to include "relevant socio and geo-political context" and "considerations of trends and likelihood of similar incidents and activities."

Privacy laws

The request says the information must relate to four sectors of interest — energy, the environment, government and infrastructure — and the data must be available "24/7 via desktop and mobile application."

"Provider must have thorough understanding of Canadian geography, levels of government, jurisdictions, and regional political differences," the request for information says.

The service would only gather "open source information whenever permissible under privacy laws," according to the request.

Keenan said there's nothing preventing the government regulator from gathering tweets, Facebook posts, comments on news stories and other types of information that are publicly available online but he would like to see the NEB set out a clear policy on how it will store, retain and share the information.