Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Government Security: No Politics, Just Solutions

September 1, 2010
/ Print / Reprints /
ShareMore
/ Text Size+

Diane Ritchey: What is your primary mission and what are the unique needs specific to this sector versus your counterparts in the private sector?

   

Ronald (Red) Robidas: One of the challenges that we have is that we provide public access to the majority of our facilities. Some of our facilities are restricted to public use; however, the majority of our buildings are open to public access. In addition to the municipal buildings, we are also responsible for the school district for the city of Manchester, which in total gives us about 100 facilities.

   

So we need to provide security, but it has to be low profile at most situations, has to be aesthetically pleasing, open to the public and once we get into the schools, we have to maintain that low profile.

   

Regan Rychetsky: I am responsible for five state agencies, and three of them see clients or bring clients to our offices. So our challenges are public access as well. All of our offices are public access offices. 

   

We see clients in a majority of our offices, and our challenges are whenever we have to address a threatening situation at one of these offices, we have to take measures to possibly control access to a public access building. We have to maintain the safety and security of staff at those locations.

   

Walter Chan: The city of Toronto corporate security unit is committed to supporting and enhancing safety delivery of city service – that’s primarily our mandate. We do this by providing and maintaining an appropriate level of sustainable proactive and reactive security life safety measures through various measures, including highly trained security staff internally and contracted services, as well as using current and relevant technology.

   

Some of the key differences that we have identified are that as a public entity we’re accountable to the public, whereas, of course, larger public corporations are usually accountable to a shareholder. So our means of achieving our mission and delivery of the security program and services are subject to multiple layers of applicable laws and policies. The security measure selection acquisition is very often subject to legislation standard benchmarks’ guidelines and best practice reviews, and we do that as a daily part of our course of duties. 

   

Kirk Simmons: Our primary mission at the county is really to protect the employees and the users of the county services. I’m responsible for more than 150 facilities, not including all of the county libraries, which have different needs for security than some of the county facilities in that we need to be a lot more discreet about our surveillance methods. But the general theme overall is that we are very technology heavy from a surveillance standpoint. 

   

I came from a retail organization before I went to government and there’s just a lot more at stake. We have to record everything and there are cameras everywhere, so it’s pretty technology heavy. We use it all, and we have to integrate it very well.

   

Paul Chang: From an integrator standpoint, we do work with various parts of government, municipal as well as state and local and federal as part of a team, either helping to define the requirements and conduct vulnerability assessments at the very beginning that would set the basis for the future system’s implementation. Of course, we do that in many cases just to be prepared to take on some of the design and the integration tasks that follow to implement the system.

   

John Gaydos: My background is between the private sectors as well as the federal government. So I’ve been versed in both sides. I think the primary difference I believe as Mr. Simmons mentioned, is with the applicable laws, especially on the contracting side with the accountability to the public as far as meeting all of the procurement regulations and the privacy regulations. 

   

What we notice is the technology. Yes, the government is very heavy on technology, and it does a good job of utilizing technology to supplement its resources from a personnel level.

   

Kirk Simmons: The one thing that I’m really not used to from the private side is that everything in government is discoverable. Anything that we record, tape or document has the ability for somebody from the public to be able to use it. That’s something that we always are mindful of when we’re setting up our systems – everything’s pretty much open book to the public.

 

Diane Ritchey: Can you tell us about a recent success story that relates to a specific use of technology?


Walter Chan: In the city of Toronto in August of 2003, we got a wakeup call with regards to a major blackout and our systems being vulnerable to power loss. We looked into a solution that would help close the gap while being environmentally conscious. 

   

This endeavor resulted in an adoption of a NFPA 731 standard for the installation of electronic private security. Over a period of time we established and incorporated a power solution into our array of security products, and since the initiative, we’ve experienced another variety of power loss events, which we have successfully bridged the gap since entering the solution. So that is something other public organizations might want to consider as well from this success story.

 

Laura Stepanek: What about our integrators, can you name anything specific that you would be able to share?

   

Paul Chang: From the integrator side, one of SAIC’s most recent major projects is a water side security surveillance system and a corresponding integrated command console system that we designed and implemented for the Port of Los Angeles. For that project, we worked with Port of Los Angeles engineering, their IT organization and security division, and we designed and installed a video surveillance network and command center systems for the entire port. 

   

The system was quite complex, and it integrated video management, access control, GIS, support for mobile users and other important data from other sources from the region as well as from national data sources.

   

And we were vendor neutral. We really tried to select the products that best met the requirements of the Port of Los Angeles, and we implemented those particular systems and are in the process of helping the definition and the finalization of some of the standard operating procedures that are going to be used.  So that was a major project that took quite a bit of time, but I do think it’s one of the leading-edge projects that are out there.

   

Regan Rychetsky: We receive quite a bit of threats in our offices. We see a lot of different people come through and we encounter a wide array of situations where you have to plan for security measures. So we came up with a way for employees to know what to do in situations when they receive a threat in the office.

   

We developed a workplace violence awareness computer-based training. Our challenge was how to get training to 54,000 employees statewide in the state of Texas, and we have 1,100 field offices. So it couldn’t be done face to face. I wrote the content and worked with our in-house training staff, and we came up with a computer-based training that allowed us to get our training out to all 54,000 employees and implement five agencies.

   

And it’s a required training similar to what civil rights training is every two years.  We put it on a two-year refresher course, and it basically instructs our employees what to do if you receive a threat, how to report, what to do if you receive a suspicious package and the protocols after that. And it’s actually changed the culture within our agencies to show employees that we really do take these things seriously, that we will act on them appropriately. And while I can’t guarantee we receive 100 percent of all reported threats, it’s dramatically improved our reporting processes. So it enables us to address security concerns in our field offices a lot more quickly.

 

Laura Stepanek: What a great idea. And did you start from scratch with that, or did you have others that you could go to for resources and ideas on how to develop that?

   

Regan Rychetsky: We started from scratch. We’d had some major instances that occurred in our offices that precipitated a comprehensive review, and this was the best solution to get training out to our employees. And this is a program that I’m proud to say has won a state and national award with the Public Risk Management Association. 

  
The employees do not mind taking it even though it can take an employee a couple of hours to go through it. It includes test questions and a scenario that maintains the interest of the employee. It’s required for all new employees and existing employees have to take it every two years.

   

Ronald (Red) Robidas: Because we’re a city of about 100,000 people, and as a municipal government, there is a gamut of the type of facilities that we own and the type of services that we offer. 

   

Like most corporations, most people within municipalities want to know about the return on investment. We try to get buy in so that people don’t look at security as the necessary evil; we try to show how the security devices and security equipment we’re using may extend to other departments in ways that they haven’t thought of in the past.

   

For example, in the winter, large freezer units for the schools will sometimes run off parks and recreation department boilers.

   

So we’ve tried to utilize our existing intrusion system to monitor critical devices for them, and monitor them as separate zones with separate dispatch facilities so these people can get notified in the event of a temperature failure or a burnout. In the case of a freezer where one school may store about $25,000 worth of food at a time, if the temperature hits a certain level they’re automatically notified.  So those are some of the ways we’ve tried to reach out to some of the other departments as well as risk management in utilizing the information we have against claims.

   

John Gaydos: As far as technology, we’re seeing more usage of wireless technology to install public safety cameras. You don’t need to do all technology, you don’t need to do all the trenching and tearing up the sidewalks, and invest a lot of money in the infrastructure, which doesn’t really provide you the results by using wireless to get the video back to the various departments within the cities, whether it be the police department or Sanitation Department.

 

Laura Stepanek: On the surface it may seem like integrators are only responsible for implementing security technologies, physical security solutions, and servicing them afterwards, but how does an integrator’s role in working with government entities extend beyond that, for example, into helping develop policies, procedures and other types of plans?

   

Paul Chang: From our view there are really different integrators. The installers and maintainers of earlier systems call themselves systems integrators, but as we all see, all the physical security systems are taking on much greater complexity. 

   

And so a true integrator today would really bring in a variety of different sensors, data sources, applications, networks and high bandwidth fiber types of network, as well as wireless interconnectivity for connection with local, regional and national data sources.
   

Because they’re much more complex, systems require the system integrator to tie them all together. And to do that, the integrators would usually get involved in the start in terms of finalizing the requirements that need to be satisfied, help define architectures and road maps and then define how the systems are going to be used.

   

To use these systems requires new skills and perhaps new types of positions that are typically not currently available or part of the government or the commercial security organizations, so system integrators can play a role in helping with that as well.

 

Laura Stepanek: I see your point there. With everything being so much more complex technologically, the requirements for training must be just so advanced compared with where they were.

   

John Gaydos: As Paul mentioned, it’s becoming more technologically advanced and I think both of us are probably going more into the services side of the business and not just providing hardware. So the way we approach it is we often have subject matter experts. Ways to handle it, but as you become more service-oriented, it becomes more important that you can extend beyond just the physical security piece and into the policy side of the client’s entity.

 

Laura Stepanek: During last year’s government round table that we hosted, we learned from our participants that partially-funded mandates that require agency matching funds are basically at a standstill. This person had said that most agencies can’t supply those matching funds. And so those grant funds are basically not being used. Has this situation changed within the past 12 months or so? 

   

John Gaydos: I don’t know if it’s necessarily changed. I think everybody’s getting a lot more ideas on how to deal with it. We have a particular client, a relatively small port, with a Fortune 1000 company who has warehouses on their site. So as they designed their video system to protect the port using DHS money, they realized that they weren’t going to have enough of a grant to cover the entire project.  They actually went to the Fortune 1000 company and they shared the cost. So it was kind of a joint effort. They were obviously both the beneficiaries of it, but again, they got a lot craftier.

 

Diane Ritchey: Is anyone here receiving government funds right now?


Walter Chan: The city of Toronto receives more than $18 million in federal funds with the city providing 25 percent of that funding for our transportation hubs. The funding was received to enhance security measures for the Union Station in the city of Toronto, which is a critical transportation infrastructure. One of the key statements in the grant provides funding for the construction costs, not for maintenance and ongoing operations of the systems after they’re installed.

   

Paul Chang: From the contractor standpoint, there seems to be great flexibility in reducing the matching requirements associated with some of these federal grants. Specifically, for example, for the port security grant, the new rounds of the grant no longer require a matching component.

   

When you think through this, the problem goes beyond just grant matching funds because when money is spent to acquire these systems, there’s usually an operations and maintenance cost. In order to be able to maintain and really operate the system there is a cost element. 

   

So the diminished budget not only causes problems for the matching the grant, but also finding money to maintain the system.

   

Ronald (Red) Robidas: It’s not so much with us the cost of matching funds because much of the Department of Homeland Security funding has been non matching. However, it's the after effect. You agree when you accepted the funding that you will continue to operate and maintain and replace, so it’s more an after-the-fact versus the initial installation. 

   

We’ve been very fortunate in that we have received a number of Department of Homeland Security funding sources to help with some of our various critical infrastructures.  There’s almost a tier system. Even though the Department of Homeland Security recognizes that only certain projects are available, they fund the money through the state levels. And then once you get to the state levels, they set up their guidelines as to what would be acceptable projects.  Sometimes that makes it more restrictive. But again, we’ve been very fortunate in not having to come up with the initial match of the grants. We just have to make sure the projects have matched and maintained ownership and maintenance as they become part of the ongoing maintenance program and replacement programs.

 

Diane Ritchey: Recently we learned about an ordinance passed by Baltimore County that mandated the installation and use of video surveillance equipment in county shopping center parking lots, and that’s now being extended to parks, schools, and courts buildings, and that has opened opportunities for technology providers and also has proven to be effective. Are there any other examples out there like that?

   

Walter Chan: At the corporate security unit, we have our own in-house proprietary team of security facilities, and we usually determine the security measures based on a proper risk assessment. 

   

Recently, the city council adopted a citywide corporate security policy, which currently drives our security programs right across all city divisions. That takes us to a level of trying to achieve some sort of resilient model. Integrators play a vital role into the delivery of these security programs and initiatives that we’re undertaking.  So I think from that side, it certainly opened opportunities to these new mandates that our organization, the city of Toronto, has put forward.

 

Diane Ritchey: Did you have any input into how these mandates were created?

   

Walter Chan: Absolutely. The City Council realized that there were many city divisions that were seeking security capital enhancement initiatives funding and the thought was to create some efficiencies so everything comes through the corporate security units. So that drove many new opportunities. And we’re still going through that execution of the policy, and it’s created a lot of opportunities with the private sectors.

 

Diane Ritchey: What are you doing to fight cyber crime within your municipality?

   

Ronald (Red) Robidas: That generally falls under our IT department, but we work very closely with the IT folks in developing plans and specifically dealing with those areas. We are in the process of conducting actual training sessions for all computer users within the city. And that comes out to about 1,300 employees who have everyday access. So we’re stressing the importance of securing the information.

   

Just as a human resource department, there’s a lot of valuable information there, and I think we’ve come to the realization as a municipality these are very rich areas that someone would be very interested in having. 

   

We’re also exploring the opportunity as a city of accepting credit card payments in person from department to department, which opens up a whole host of other issues for security for us. So we are beginning a training process.

   

Walter Chan: We’re in the same scenario where we have a dedicated team of risk management information security group, and we do work with them quite often – we need each other – we need them as much as they need us to physically protect their assets.

   

John Gaydos: Maybe we’ll have a separate division someday, but obviously, there’s a need to bridge the gap between the physical and the logical side. We really look towards taking biometrics and merging it with software, and using a combination of software and some sort of physical act to ensure that when you log on or when you open a door that it’s actually you. 

   

When you talk about integrating various components of different companies you have to go with the best. I think we’ll see more of that to come, with very easy-to-use products that someone with little or no training can use.

   

Paul Chang: Cyber security is actually one of SAIC’s major new business initiatives because of the type of projects that we typically work on for state and local government, and much more so for the federal government. Cyber security goes hand in hand with physical security.  It’s traditionally been taken care of by the IT side of the house. At the same time, we think that cyber as well as physical security go together to form one overall protected system. 

            
An area where we see that there is some touch and sensitivities right away is in the network area. There’s always a debate as to where does the physical security traffic run on – is it a shared network with the IT system, or is it a separate network? So it does impact both sides of the house from a total solution for a secure system. 


The Roundtable Participants

Walter Chan, CSPM, PSNA, CPP, CPO has been employed with the City of Toronto since 1997, where he brought an extensive understanding and application of security management skills with emphasis on security management, security technology, security project management, program management and portfolio management. Chan has held various positions involving critical infrastructures in corporate security, from initiating and leading the Social Services security program to designing and implementing a complete operational and physical security program for Toronto Water, currently overseeing the city-wide capital security program.

Paul Chang is senior vice president for SAIC’s Surveillance and Security Division with focus on providing integrated security solutions for critical infrastructures. He possesses more than 30 years of business and technical management experience and in depth global program management experience in delivering solutions including: integrated security systems for critical infrastructures, port security systems for various major U.S. and International Ports, major energy critical infrastructures, major federal government and DoD security systems, enterprise wireless networking solutions and range instrumentation systems. Chang’s technical background is primarily in the area of computer systems software and hardware and communications networking where he developed the system architecture for several major Information Systems and Networking Systems. Chang holds an MSEE from UC Berkeley, BS Engineering UCLA, and MBA California Lutheran University. 

John Gaydos is vice president, Government Systems Division for ADT Commercial, serving federal, state and local government customers. Gaydos brings more than 20 years of security experience to ADT and has held multiple leadership roles for the company, including the area of Fortune 1000 national accounts, systems sales and engineering and establishing several new markets for the company in North America. He has spent more than 12 years of his career specializing in providing security solutions to government clients. Gaydos earned his bachelor’s degree from The Pennsylvania State University and currently resides in Alexandria, Va. 

Ronald (Red) Robidas, CPP has 34 years of experience in the security field. Currently, he is the security manager for the City of Manchester, NH, where he is responsible for the security of employees, buildings, offices, and city school district facilities. He’s been an adjunct faculty member at the University of Louisville, National Crime Prevention Institute, Louisville, Ky. since 1994. Robidas has served as an instructor in a number of security courses and programs including; United States Department of State Anti-Terrorism program, Oklahoma City, OK, United States Department of Housing and Urban Development Conference, Charlotte, NC, NASA Lewis Research Center, Cleveland, OH, Northern Illinois University, DeKalb, IL., City of Dayton OH, Florida Crime Prevention Association Seminar, Orlando, FL, and New England Community Policing and Crime Prevention Partnership Symposiums. He has earned a Master of Science Degree in Security Administration and is a Board Certified Protection Professional (CPP) in the American Society for Industrial Security International (ASIS).

Regan J. Rychetsky is the director of enterprise risk management and safety for Texas Health and Human Services System (HHS), comprised of five state agencies, approximately 1,100 field offices and 52,000 employees, and is responsible for the development, implementation, coordination and continual evaluation of the risk management, safety, insurance, fire safety, workers’ compensation, and facility inspection programs designed to mitigate and manage losses incurred by the HHS agencies of Dept. of Aging and Disability Services (DADS), Dept. of Assistive and Rehabilitative Services (DARS), Health and Human Services Commission (HHSC), Dept. of Family and Protective Services (DFPS) and Dept. of State Health Services (DSHS), and has oversight responsibility of risk management and safety for DADS State Supported Living Centers and DSHS State Hospitals. He also develops and provides risk management and safety training to enterprise agencies, DADS State Supported Living Centers and DSHS State Hospitals. He works with domestic violence victims and provides victims with safety plans for home and the workplace, and he also trains the Threat Management Teams within HHS. He is also a frequent speaker regarding the topic of workplace violence and domestic violence in the workplace. He also reviews all legislation impacting HHS related to risk management, workers’ compensation, fire safety, insurance, emergency management, and health and safety. He has a Bachelor of Science from Texas A&M University in College Station, Texas. 

Kirk Simmons is the security manager for Hennepin County, Minn. He has held this position for the past four years. Prior to his work at the county, Simmons spent 27 years working for Musicland Stores Corporation. While at Musicland he worked in a variety of security and loss prevention related positions with the last as corporate loss prevention manager. Simmons holds a Master of Arts Degree in Organizational Leadership from Bellevue University (Nebraska) and graduated summa cum laude with a Bachelor of Science degree from Bellevue University in Criminal Justice Administration. Simmons served for six years in the United States Marine Corps Reserve as a Military Policeman.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Diane Ritchey

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+