Government Security: No Politics, Just Solutions
Diane Ritchey: What is your primary mission and what are the unique needs specific to this sector versus your counterparts in the private sector?
(Red) Robidas: One of the challenges that we have
is that we provide public access to the majority of our facilities. Some of our
facilities are restricted to public use; however, the majority of our buildings
are open to public access. In addition to the municipal buildings, we are also
responsible for the school district for the city of
So we need to provide security, but it has to be low profile at most situations, has to be aesthetically pleasing, open to the public and once we get into the schools, we have to maintain that low profile.
Regan Rychetsky: I am responsible for five state agencies, and three of them see clients or bring clients to our offices. So our challenges are public access as well. All of our offices are public access offices.
We see clients in a majority of our offices, and our challenges are whenever we have to address a threatening situation at one of these offices, we have to take measures to possibly control access to a public access building. We have to maintain the safety and security of staff at those locations.
Walter Chan: The city of
Some of the key differences that we have identified are that as a public entity we’re accountable to the public, whereas, of course, larger public corporations are usually accountable to a shareholder. So our means of achieving our mission and delivery of the security program and services are subject to multiple layers of applicable laws and policies. The security measure selection acquisition is very often subject to legislation standard benchmarks’ guidelines and best practice reviews, and we do that as a daily part of our course of duties.
Kirk Simmons: Our primary mission at the county is really to protect the employees and the users of the county services. I’m responsible for more than 150 facilities, not including all of the county libraries, which have different needs for security than some of the county facilities in that we need to be a lot more discreet about our surveillance methods. But the general theme overall is that we are very technology heavy from a surveillance standpoint.
I came from a retail organization before I went to government and there’s just a lot more at stake. We have to record everything and there are cameras everywhere, so it’s pretty technology heavy. We use it all, and we have to integrate it very well.
Paul Chang: From an integrator standpoint, we do work with various parts of government, municipal as well as state and local and federal as part of a team, either helping to define the requirements and conduct vulnerability assessments at the very beginning that would set the basis for the future system’s implementation. Of course, we do that in many cases just to be prepared to take on some of the design and the integration tasks that follow to implement the system.
John Gaydos: My background is between the private sectors as well as the federal government. So I’ve been versed in both sides. I think the primary difference I believe as Mr. Simmons mentioned, is with the applicable laws, especially on the contracting side with the accountability to the public as far as meeting all of the procurement regulations and the privacy regulations.
What we notice is the technology. Yes, the government is very heavy on technology, and it does a good job of utilizing technology to supplement its resources from a personnel level.
Kirk Simmons: The one thing that I’m really not used to from the private side is that everything in government is discoverable. Anything that we record, tape or document has the ability for somebody from the public to be able to use it. That’s something that we always are mindful of when we’re setting up our systems – everything’s pretty much open book to the public.
Diane Ritchey: Can you tell us about a recent success story that relates to a specific use of technology?
Chan: In the city of
This endeavor resulted in an adoption of a NFPA 731 standard for the installation of electronic private security. Over a period of time we established and incorporated a power solution into our array of security products, and since the initiative, we’ve experienced another variety of power loss events, which we have successfully bridged the gap since entering the solution. So that is something other public organizations might want to consider as well from this success story.
Laura Stepanek: What about our integrators, can you name anything specific that you would be able to share?
Paul Chang: From the integrator side,
one of SAIC’s most recent major projects is a water side security surveillance system
and a corresponding integrated command console system that we designed and
implemented for the Port of Los Angeles. For that project, we worked with
The system was quite complex, and it integrated video management, access control, GIS, support for mobile users and other important data from other sources from the region as well as from national data sources.
And we were vendor neutral. We
really tried to select the products that best met the requirements of the
Regan Rychetsky: We receive quite a bit of threats in our offices. We see a lot of different people come through and we encounter a wide array of situations where you have to plan for security measures. So we came up with a way for employees to know what to do in situations when they receive a threat in the office.
We developed a workplace
violence awareness computer-based training. Our challenge was how to get
training to 54,000 employees statewide in the state of
And it’s a required training similar to what civil rights training is every two years. We put it on a two-year refresher course, and it basically instructs our employees what to do if you receive a threat, how to report, what to do if you receive a suspicious package and the protocols after that. And it’s actually changed the culture within our agencies to show employees that we really do take these things seriously, that we will act on them appropriately. And while I can’t guarantee we receive 100 percent of all reported threats, it’s dramatically improved our reporting processes. So it enables us to address security concerns in our field offices a lot more quickly.
Laura Stepanek: What a great idea. And did you start from scratch with that, or did you have others that you could go to for resources and ideas on how to develop that?
Regan Rychetsky: We started from scratch. We’d had some major instances that occurred in our offices that precipitated a comprehensive review, and this was the best solution to get training out to our employees. And this is a program that I’m proud to say has won a state and national award with the Public Risk Management Association.
The employees do not mind taking it even though it can take an employee a couple of hours to go through it. It includes test questions and a scenario that maintains the interest of the employee. It’s required for all new employees and existing employees have to take it every two years.
Ronald (Red) Robidas: Because we’re a city of about 100,000 people, and as a municipal government, there is a gamut of the type of facilities that we own and the type of services that we offer.
Like most corporations, most people within municipalities want to know about the return on investment. We try to get buy in so that people don’t look at security as the necessary evil; we try to show how the security devices and security equipment we’re using may extend to other departments in ways that they haven’t thought of in the past.
For example, in the winter, large freezer units for the schools will sometimes run off parks and recreation department boilers.
So we’ve tried to utilize our existing intrusion system to monitor critical devices for them, and monitor them as separate zones with separate dispatch facilities so these people can get notified in the event of a temperature failure or a burnout. In the case of a freezer where one school may store about $25,000 worth of food at a time, if the temperature hits a certain level they’re automatically notified. So those are some of the ways we’ve tried to reach out to some of the other departments as well as risk management in utilizing the information we have against claims.
John Gaydos: As far as technology, we’re seeing more usage of wireless technology to install public safety cameras. You don’t need to do all technology, you don’t need to do all the trenching and tearing up the sidewalks, and invest a lot of money in the infrastructure, which doesn’t really provide you the results by using wireless to get the video back to the various departments within the cities, whether it be the police department or Sanitation Department.
Laura Stepanek: On the surface it may seem like integrators are only responsible for implementing security technologies, physical security solutions, and servicing them afterwards, but how does an integrator’s role in working with government entities extend beyond that, for example, into helping develop policies, procedures and other types of plans?
Paul Chang: From our view there are really different integrators. The installers and maintainers of earlier systems call themselves systems integrators, but as we all see, all the physical security systems are taking on much greater complexity.
And so a true integrator today
would really bring in a variety of different sensors, data sources,
applications, networks and high bandwidth fiber types of network, as well as
wireless interconnectivity for connection with local, regional and national
Because they’re much more complex, systems require the system integrator to tie them all together. And to do that, the integrators would usually get involved in the start in terms of finalizing the requirements that need to be satisfied, help define architectures and road maps and then define how the systems are going to be used.
To use these systems requires new skills and perhaps new types of positions that are typically not currently available or part of the government or the commercial security organizations, so system integrators can play a role in helping with that as well.
Laura Stepanek: I see your point there. With everything being so much more complex technologically, the requirements for training must be just so advanced compared with where they were.
John Gaydos: As Paul mentioned, it’s becoming more technologically advanced and I think both of us are probably going more into the services side of the business and not just providing hardware. So the way we approach it is we often have subject matter experts. Ways to handle it, but as you become more service-oriented, it becomes more important that you can extend beyond just the physical security piece and into the policy side of the client’s entity.
Laura Stepanek: During last year’s government round table that we hosted, we learned from our participants that partially-funded mandates that require agency matching funds are basically at a standstill. This person had said that most agencies can’t supply those matching funds. And so those grant funds are basically not being used. Has this situation changed within the past 12 months or so?
John Gaydos: I don’t know if it’s necessarily changed. I think everybody’s getting a lot more ideas on how to deal with it. We have a particular client, a relatively small port, with a Fortune 1000 company who has warehouses on their site. So as they designed their video system to protect the port using DHS money, they realized that they weren’t going to have enough of a grant to cover the entire project. They actually went to the Fortune 1000 company and they shared the cost. So it was kind of a joint effort. They were obviously both the beneficiaries of it, but again, they got a lot craftier.
Diane Ritchey: Is anyone here receiving government funds right now?
Walter Chan: The city of
Paul Chang: From the contractor standpoint, there seems to be great flexibility in reducing the matching requirements associated with some of these federal grants. Specifically, for example, for the port security grant, the new rounds of the grant no longer require a matching component.
When you think through this, the problem goes beyond just grant matching funds because when money is spent to acquire these systems, there’s usually an operations and maintenance cost. In order to be able to maintain and really operate the system there is a cost element.
So the diminished budget not only causes problems for the matching the grant, but also finding money to maintain the system.
Ronald (Red) Robidas: It’s not so much with us the cost of matching funds because much of the Department of Homeland Security funding has been non matching. However, it's the after effect. You agree when you accepted the funding that you will continue to operate and maintain and replace, so it’s more an after-the-fact versus the initial installation.
We’ve been very fortunate in that we have received a number of Department of Homeland Security funding sources to help with some of our various critical infrastructures. There’s almost a tier system. Even though the Department of Homeland Security recognizes that only certain projects are available, they fund the money through the state levels. And then once you get to the state levels, they set up their guidelines as to what would be acceptable projects. Sometimes that makes it more restrictive. But again, we’ve been very fortunate in not having to come up with the initial match of the grants. We just have to make sure the projects have matched and maintained ownership and maintenance as they become part of the ongoing maintenance program and replacement programs.
Diane Ritchey: Recently we learned about an ordinance passed by
Walter Chan: At the corporate security unit, we have our own in-house proprietary team of security facilities, and we usually determine the security measures based on a proper risk assessment.
Recently, the city council
adopted a citywide corporate security policy, which currently drives our
security programs right across all city divisions. That takes us to a level of
trying to achieve some sort of resilient model. Integrators play a vital role
into the delivery of these security programs and initiatives that we’re
undertaking. So I think from that side,
it certainly opened opportunities to these new mandates that our organization,
the city of
Diane Ritchey: Did you have any input into how these mandates were created?
Walter Chan: Absolutely. The City Council realized that there were many city divisions that were seeking security capital enhancement initiatives funding and the thought was to create some efficiencies so everything comes through the corporate security units. So that drove many new opportunities. And we’re still going through that execution of the policy, and it’s created a lot of opportunities with the private sectors.
Diane Ritchey: What are you doing to fight cyber crime within your municipality?
Ronald (Red) Robidas: That generally falls under our IT department, but we work very closely with the IT folks in developing plans and specifically dealing with those areas. We are in the process of conducting actual training sessions for all computer users within the city. And that comes out to about 1,300 employees who have everyday access. So we’re stressing the importance of securing the information.
Just as a human resource department, there’s a lot of valuable information there, and I think we’ve come to the realization as a municipality these are very rich areas that someone would be very interested in having.
We’re also exploring the opportunity as a city of accepting credit card payments in person from department to department, which opens up a whole host of other issues for security for us. So we are beginning a training process.
Walter Chan: We’re in the same scenario where we have a dedicated team of risk management information security group, and we do work with them quite often – we need each other – we need them as much as they need us to physically protect their assets.
John Gaydos: Maybe we’ll have a separate division someday, but obviously, there’s a need to bridge the gap between the physical and the logical side. We really look towards taking biometrics and merging it with software, and using a combination of software and some sort of physical act to ensure that when you log on or when you open a door that it’s actually you.
When you talk about integrating various components of different companies you have to go with the best. I think we’ll see more of that to come, with very easy-to-use products that someone with little or no training can use.
Paul Chang: Cyber security is actually one of SAIC’s major new business initiatives because of the type of projects that we typically work on for state and local government, and much more so for the federal government. Cyber security goes hand in hand with physical security. It’s traditionally been taken care of by the IT side of the house. At the same time, we think that cyber as well as physical security go together to form one overall protected system.
The Roundtable ParticipantsWalter Chan, CSPM, PSNA, CPP, CPO has been employed with the City of Toronto since 1997, where he brought an extensive understanding and application of security management skills with emphasis on security management, security technology, security project management, program management and portfolio management. Chan has held various positions involving critical infrastructures in corporate security, from initiating and leading the Social Services security program to designing and implementing a complete operational and physical security program for Toronto Water, currently overseeing the city-wide capital security program.
Kirk Simmons is the security manager for Hennepin County, Minn. He has held this position for the past four years. Prior to his work at the county, Simmons spent 27 years working for Musicland Stores Corporation. While at Musicland he worked in a variety of security and loss prevention related positions with the last as corporate loss prevention manager. Simmons holds a Master of Arts Degree in Organizational Leadership from Bellevue University (Nebraska) and graduated summa cum laude with a Bachelor of Science degree from Bellevue University in Criminal Justice Administration. Simmons served for six years in the United States Marine Corps Reserve as a Military Policeman.