The world we woke up to on that clear September day 10 years ago was in many ways vastly different than the one we live in now. That world was before robust wireless networks, smart phones, broadband, GPS and a host of other technological advances that make us feel safer today. Our ability to track people, check identities and access infinite amounts of information via the Internet is leaps and bounds ahead of what was possible then. We have seen more advances in the past decade than in the previous 40 years! But these very advances have led to new vulnerabilities that present the security industry with equal amounts of opportunities and challenges.
To understand where we are going we need to look back at how far we have come. The events of Sept. 11, 2001, forever changed the way we view our world, our technology and the role of security. Almost immediately the U.S. government began looking at ways to utilize the burgeoning biometrics and smart-card technologies to prevent further terrorist acts. HSPD-12, FIPS-201, the PIV and TWIC cards were direct outgrowths of those efforts. Every aspect of security was scrutinized and the result was a push for standards, interoperability of systems, and an influx of funds and programs dedicated to renewing physical security efforts nationwide. We as an industry and as a nation looked around at what had happened, took note of the data revolution that was just beginning to emerge, and began to really question what was possible to accomplish. Government initiatives and technology advancements converged to shove us from infancy to adolescence nearly overnight.
The Security Industry Association (SIA) has been at the forefront of many of the security efforts that have propelled this industry during the past decade. From helping launch the International Committee for Information Technology Standards (INCITS) M1 biometrics committee, to initiating its own open systems integration and performance standards (OSIPS), the organization has played a key role in government and industry efforts to standardize and harmonize the security industry’s efforts.
Related Article: 9/11 Makes Security Priority No. 1
As an industry organization, SIA’s focus has changed from the silo approach to standards that dealt chiefly with preventing false alarms to a truly international scope. SIA recognizes that Americans are far from the only victims of terrorism in the world, and has begun to be an international participant and influence on what is going on abroad as well as here at home. But just as its world view has expanded globally, SIA has also led the development of domestic security initiatives such as the Local Preparedness Acquisition Act that President Bush signed into law in 2008. This cooperative purchasing effort makes it easier for companies to sell solutions through the GSA services program to state and local government - streamlining a process that previously had a wide variety of rules in each state and local jurisdiction.
So where does that leave us today? We are in the midst of a data revolution that shows no signs of slowing down, and that is both good and bad for the security industry. We have done a good job using information technology to our advantage to secure our physical infrastructure. Now it is time to turn our attention to securing the information pipeline itself, which is ironically now more vulnerable than the assets it protects. We have to increase our understanding of encryption, authorization and authentication — words that weren’t part of our security lexicon then. Now we have to educate ourselves about best practices to secure these new potential targets.
In addition, there is more work to do on the federal programs that have been in the works since 9/11. The federal identity credentialing and access management (FICAM) initiative provides a good roadmap to the requirements for identity solutions and issuing these credentials in federal facilities. We at SIA look to this initiative to provide even more specific details going forward. And in conjunction with that, the Office of Management and Budget recently issued a memorandum that provides guidance on how to implement HSPD-12 that specifically references OSIPS standards, so SIA will continue to have a direct role in these efforts going forward.
Related Article: Funding Uncertainties Surround CFATS, Other DHS Security Programs
We have come a long way in the past decade and made great strides in security, yes. But growing from adolescence into maturity is never an easy process and we must stay alert for the pitfalls and challenges that most certainly lie ahead.
Gordon Hope is Chairman of the Security Industry Association (SIA) Board of Directors Executive Committee and General Manager for Honeywell’s AlarmNet business. He can be contacted at firstname.lastname@example.org.