[IMAGE]12292[/IMAGE]To satisfy the technical requirements of Homeland Security Presidential Directive 12 (HSPD-12), the push for secure and reliable forms of identification for federal employees and contractors resulted in Federal Information Processing Standard Publication 201 (FIPS 201). To better secure port facilities, the Transportation Worker Identification Credential (TWIC) program was created to provide a biometric credential to maritime workers.
While these and other government-driven programs have helped advance system interoperability and integration, as well as other technical advances, they have also been dogged at times by copious industry frustration.
For instance, HSPD-12 has been out since 2004, yet implementation has been slow, says Geri Castaldo, CEO of Coconut Creek, Fla.-based Codebench, a software development firm for physical security applications.
“The original deadline for compliance was 2007. But when few agencies complied, citing not having the funds to do so, there was really no repercussion,” she says.
Sidebar: 9/11 Prompts New Building and Fire Codes to Emerge
Various carrots and sticks have been brandished by the federal government to goad agencies into complying. Those efforts, such as withholding technology refresh funds for other projects, are being met with some success, Castaldo says.
Some critics contend 10 years after 9/11 there still remains little guidance or governance from DHS to both the public and private sectors on truly what should they be deploying in their security systems. Industry practitioners clamor for adherence to guidelines common to the fire/life-safety and physical security sectors.
The Chemical Facility Anti-Terrorism Standards (CFATS), maybe the most high-profile unfunded mandate, remains every bit a thorn in the side of the industry.
“I had great hopes that CFATS was the first step toward providing some guidance and regulation and requirements to give owners an understanding of what they should be deploying,” says Jim Henry, executive vice president of Henry Bros. Electronics (HBE), which was acquired by Kratos Defense & Security Solutions Inc. in 2010. “It has been largely a recommendation, but the teeth and the consequences for not following those recommendations aren’t there.”
Sidebar: Funding Uncertainties Surround CFATS, Other DHS Security Programs
Companies Forced to Evolve
As an increased awareness for security reached critical mass in the wake of 9/11, organizations awoke to the grim reality of just how woefully unprepared they were to protect their employees and facilities from 21st-century threats. The upheaval and organizational soul-searching that ensued helped rocket security to the fore.
“The electronic security industry went from the outhouse to the penthouse,” says PSA Security Network CEO Bill Bozeman.
Where once security devices were commonly an afterthought or even jettisoned from budgets in favor of better furniture in the lobby, Bozeman says, now anxious corporate decision-makers who controlled the purse strings started asking questions.
‘What are we going to do? What is our security plan? What is our obligation? Who is in charge of security anyway? I’ve never even met that guy.’
“Now at every board meeting at every company of any size, security is discussed,” says Bozeman. “Some of it is logical, some of it is physical, but believe me it is on the agenda.”
Among the momentous change, companies began selecting in-house executives to lead their security operations, which became an organizational equal to sales and marketing teams. For the first time, many companies sent executives off to be trained in security, which became a viable and upwardly mobile career path.
“If you were a young executive trying to get to that next level, climb that ladder, prior to 9/11 you didn’t want to be in the security department,” says Bozeman. “It was a dead-end street. It was low paid, low respect, no future.”
IT department heads had already begun their ascent up the organizational ladder prior to 9/11 as companies were forced to contend with globalization and other marketplace factors. Now IT was propelled even faster into the electronic security realm. Still, a great deal of disorder was yet to be sorted out over just who and what department would assume traditional security responsibilities.
“There was a lot of confusion who should run security,” says Hayes, who served as corporate security director for Atlanta-based Georgia Pacific at the time. “Should it be the IT people? Should it be the corporate security people? Should the CIO have it all?”
Lower-level management of corporate security departments began to disappear. Traditional-minded security dealers and integrators were now thrust into interfacing with corporate brass. To keep pace with the transformation, many dealers and integrators had to learn — and indeed are still having to learn — new skill sets. Waning are the days of the typical sales conversation with an ex-policeman who manages the security department part-time.
“It is very different how you sell a system to a MBA who reports to somebody on a board of directors,” Bozeman says.
While a small number of integrators had already recognized the coming convergence wave prior to 9/11, many more were caught flat-footed when IT and increased networking of systems and devices grew.
Page 2 of 3 pages <