Federal government aims to modernize physical security practices Government agencies intend to evolve their security approach to address changing technology, threats and budgets.
By Lilly Chapa
Updated Fri July 19, 2019
WASHINGTON—The Security Industry Association's 16th annual GovSummit in Washington, D.C. was jam-packed with sessions outlining the physical security challenges the federal government is facing and what the security industry can do to help address them. Whether the speakers were discussing government physical access control systems, federal procurement policies, critical infrastructure or soft targets, one message kept emerging: the need for the government to evolve its approach to assessing, procuring, and deploying security assets in a time where budgets are tight and threats are constantly changing.
The changes required to evolve longstanding programs and practices are often met with hesitation and may take a long time to implement, especially at the federal government level, acknowledged Scott Jones, Deputy Director for Operations at the Department of Homeland Security's Federal Protective Service. The FPS is in charge of operational security at federal facilities across the country.
“People hate change,” Jones said. “It's about being informative, so we do a lot of training with building tenants so that we can build that trust and confidence—they trust us to protect them. We give them recommendations, and they believe in our expertise and data. When people come into a facility, their number one goal is to do their job, but in a safe and secure environment. Once you establish that, they have a tendency to adapt to new ways because they know it's what's best for them.”
FPS is hoping to foster that cooperation as they modernize the way they protect nine thousand federal buildings throughout the United States. The organization not only employs 13 thousand protective service officers to oversee day-to-day building security, but has more than one thousand law enforcement professionals on hand to respond to incidents, conduct criminal investigations and complete two thousand facility security assessments per year.
FPS assessments are presented to a federal building's in-house security committee, which makes the final decision on what security solutions are implemented. FPS is then responsible for the acquisition, design, procurement, installation and maintenance of the equipment. Jones said a major goal for the organization in the upcoming year is to modernize its technology and the way assessments and repairs are made.
“Why can't I have the capability built into FPS equipment to know the status of an alarm or camera at any given time?” Jones said. “The technology exists, but we're not there as an agency, and we're hoping to change that this year.”
Jones expressed interest in using facial recognition software to allow vetted federal employees seamless access to facilities in place of access control cards or showing identification. He also said FPS is considering a switch to a continuous assessment model, instead of the current labor-intensive approach.
“I might not come back to a facility for three years, but environments change,” he explained. “We want continuous assessments of these buildings and their equipment. The days of spending 200 manhours to do an assessment of a building—we want to cut that down, and we firmly believe we can do it. We're trying to get more efficient and effective by modernizing government equipment in our nine thousand buildings.”
When it comes to physical access control systems in federal buildings, it's up to each facility to choose—and fund—its own security solutions, but many are not complying with baseline security standards. Coming up with security funding has long been a challenge for agencies, and a panel of experts warned that federal organizations are not committing to improving their physical access control. It's been 15 years since Homeland Security Presidential Directive 12 was mandated, which established a mandatory standard for government employee identification, but a recent federal report found that facility security governance and resources are lacking, resulting in outdated or insufficient access control solutions.
“A lot of people in these agencies want to do the right thing and get it done, but can't advance because they don't have the leadership and vision—they're facing all these constraints,” noted convergence security professional Jason Rosen. “We can have all the greatest technology, but it's the door propper that creates the vulnerability, even with the best sensor. We can have the best physical access control, but if I don't have the policies and governance in place to make the technology work, it's useless.”
New Office of Management and Budget guidance encourages agency security managers to work with IT departments to collaborate on a security solution and find funding together.
“It's all about the commitment from the agency—if you don't put it in the budget, it won't get there,” Rosen said. “The fact that it's supposedly unfunded is convenient. They are viable reasons for competing priorities, but we've had this going on for 15 years. Do we need the next major event for physical access control to kickstart the push for funding? I would hope not, because that means people lost their lives.”
Conference attendees were also keen to hear Steven Haines, Contracting and Procurement Division Chief at the Bureau of Diplomatic Security, discuss changes to how federal contracts will be solicited, evaluated and administered. Haines emphasized the importance of modernization throughout the process—the bureau will be shifting away from the traditional 250-page proposals to a more agile approach that includes oral presentations and demonstrations. Contract proposals will also be assessed with a holistic cost analysis approach, so that a contract bid with a low rate is not cutting costs elsewhere.
“It's untenable to have the bottom dollar drive our contracting decisions,” Haines said. “We're trying to communicate that saving money is not the primary thing we're looking at. Yes, we want to use tax dollars as responsibly as we can, but our first responsibility is quality. We want you to articulate not necessarily dollars but benefits, the total picture of recruitment and retainment—what are you going to do to grow these people so they will stay with you, and by proxy us?”
The federal government is also changing the way it approaches procuring security products by simplifying the process and consolidating schedules from 24 to one, which officials hope will emphasize the role of IT in physical access security solutions.
“One of the challenges we've seen is the nexus between the security apparatus and traditional IT,” said Haines during a panel discussion. “Historically, there is a push and pull between security and IT, but there's a slow recognition that we need to consider the IT contracting method when considering these systems. As we look at schedule consolidation and elimination of having to choose where something belongs, taking that difficulty out of the mix is something we welcome.”
Brian Harrell, Assistant Director for Infrastructure Security at the newly-formed Cybersecurity and Infrastructure Security Agency, also emphasized the importance of both physical and digital security, and how the agency is helping private sector organizations harden critical infrastructure. The main goal of CISA is to raise the security baseline across the country with tools, programs and compliance programs. One key to achieving that is through granting security clearances to the right people, he noted.
“The private sector security clearance program has had its hiccups,” Harrell said. “I'm trying to streamline that process, get rid of the backlog and communicate expectations of what it takes to achieve private sector clearance. If you do not use your security clearance you will lose it. A lot of people need those clearances, and I want to make sure the right people are getting them.”
He also discussed the government's evolving role in protecting critical infrastructure, which today has grown to encompass public spaces, places of worship and other soft targets.
“We've gravitated towards a more uncomfortable conversation about the threat of targeting our most innocent and vulnerable,” Harrell said. “We are marshalling resources and investing in these issues. It's outside our traditional role—it's not the power grid or water systems or financial systems, that hardcore critical infrastructure. But we're gravitating and moving towards the threat. It's changing and we need to evolve and change with it.”
A subsequent panel of government and community officials further delved into the challenges of finding the resources to protect soft targets, especially with tight or nonexistent budgets, and what the federal government can do to help. Steve Sprague with the Transportation Security Administration discussed the agency's efforts to educate the large capacity vehicle industry on preventing vehicular or ramming attacks.
“We issue annual updates that contain strategies for our stakeholders—primarily truck and bus companies and those that protect the infrastructure,” Sprague said. “Every mile of road is a potential point of interruption. We speak to commercial carriers to try to protect their fleets from hijack, theft or insider threat. We also encourage them to reach out to their communities with the message that no community is immune to this threat. The worst words we can hear—and we hear all too often—is that it can't happen here.”
Look for more GovSummit insights in the next issue of SSN, including the opportunities and challenges new security technology is creating for federal, state and local governments.
Comments