Learn more about federal government and defense facility security from industry experts.
Security is an ever-evolving industry with a seemingly endless number of regulations and options. To navigate the changes, challenges, and opportunities, it’s crucial to understand the “why” behind security requirements and solutions, to trust and collaborate with those around you, and to proactively plan for the future.
This article is a summary of the key points touched on in the recent webinar “The Challenges of Government and Defense Industry Facility Security,” featuring these industry experts who have both held multiple senior leadership roles in the government and security industry:
Before even beginning to form a security plan, security leaders need to understand the requirements from both their customer and company, including:
Just as important as understanding the requirements, however, is the “why” behind them. Understanding why requirements and regulations are in place allow you to more effectively fulfill those requirements. In addition, understanding the “why” behind things allows you to:
Security threats, much like the measures used to defend against them, are often a combination of both old and new. As time has gone on, the security industry has learned how to effectively defend against and recognize some types of threats (hence the existing regulations and requirements), but new threats will continue to evolve and emerge, making it just as important to consider the future as it is to pay close attention to the past.
Other industries commonly have an us-against-them mentality when it comes to other businesses, but the security industry tends to tackle it differently. Instead of being guarded and secretive about crucial information and developments, this industry is often more than willing to share threat and risk information with industry peers.
“We all understand and have understood for a long, long time that we are all suffering and subject to the same level of threats and same attack scenarios, and we all have to assume the same level of risk,” Phalen said. “We’re in this together and the communication is absolutely important.”
This team mentality works to keep everyone safe from threats old and new. If you work together, you’ll not only have a better understanding of old threats and solutions, but also recognize new threats a lot faster.
Industry relationships are crucial, but customer communication and understanding is just as important.
Understanding what a customer wants and needs is a core element of creating a successful security plan. To come to that understanding, it is often a constant negotiation between the customer and the security professional, especially when the customer has questions or requests that don’t quite fit the security issues at hand.
“It is often incumbent upon the industry partner to help the customer be successful without saying ‘You’re wrong,’” McCaffrey said.
Successful communication involves listening with the intent to understand the real issues and concerns and working out how to address those effectively.
No matter how perfectly planned however, the execution of a security plan requires a solid team behind it. Each member of the team must perform functions competently and independently with an understanding of why they’re doing what they’re doing. If disaster strikes, each person should be aware of the response plan and their individual role in that plan to help things return to business as usual as soon as possible.
Both McCaffrey and Phalen agreed that the best advice for those managing large enterprise security programs was straightforward: Hire, develop, and trust the people you need to manage and execute your security program because you can’t do it alone.
It’s one thing to build a new facility, create the security plan, and implement the security measures, but it’s just as important to focus on operations and maintenance once everything is up and running.
“Don’t wait for an external review to review your security program,” Phalen said. “You’ve got to periodically test review on your own—the barriers, the sensors, the communications.”
Regularly testing systems and equipment allows you to catch any issues before they actually become issues. It also prevents the situation in which an unhappy customer has to approach you with the problem, creating a more negative and less competent tone in the relationship.
While external reviews and other issues will still happen, it’s important to stay ahead of the game as much as possible. This involves listening to employees who bring issues to your attention—while being careful not to shoot the messenger in the process.
“You can only fix what you know, and if you pretend you don’t know it, you’re going to have a bigger problem at the back end,” McCaffrey said.
It’s also important to follow up on seemingly false alarms. It’s possible that these false alarms point to a very real potential issue (and if it’s not an issue now, repeated false alarms that are ignored open the door to exploitation). False alarms that go off regularly—also known as nuisance alarms—diminish the attention spans of the responders and equipment that are supposed to monitor these systems. In addition, unattended nuisance alarms damage the credibility of the intrusion detection systems.
Just as concerning (though not as readily noticeable) is when no alarms are sounding at all for a long span of time. This can be a sign that it’s time to test the system to be sure it will pick up intruders.
Security threats and technologies have evolved at a rapid pace over the last 20 years without any signs of slowing. Bridging the gap between existing systems and new threats and advancements is difficult but crucial. The plan needs to be built for today with room for the future as it comes.
Since no one can predict exactly how things will evolve, the most effective way to plan for the future is to build space and flexibility for it in your plans and in your budget.
Build your security plan to accommodate the need to reinvest, reinvent, and upgrade pieces of your security along the way. Then when the time for these changes come, you will need to make the case for the security changes and upgrades in a clear, straightforward manner.
“It is important to have that ability to approach the leadership directly and be able to tell them concisely and fairly ‘Here’s what we have to deal with. Here’s what the possibilities look like, and here’s where this technology is going,’” Phalen said.
Planning for the future doesn’t just mean keeping pace with security evolutions; sometimes it means replacing equipment as it reaches the end of its lifespan to avoid failure before it becomes an issue.
While the costs of security are often difficult to negotiate (because budgets never seem to stretch quite far enough), it helps to approach the maintenance and upgrades from a business perspective.
“It’s all about branding and how do you brand the dollars of security to the company to better [keep pace] with the corporate mission, which ultimately keeps pace with the customer mission,” McCaffrey said.
Nothing is evolving quite as quickly as artificial intelligence right now. There’s tremendous potential for AI in security, and some of that potential is already a reality today.
Currently, AI already has the capacity to detect patterns, speed forensic searches, and increase situational awareness.
“[AI’s] best tool right now is to see things, come to some elementary interpretations of them, match it to other behaviors that it may have learned about already, and then better inform the responders,” Phalen said.
AI can speed responses and help narrow the focus onto the actual issue where people might otherwise start to focus on unrelated activity.
Phalen brought up the scenario of being in charge of monitoring the activity in a large facility’s control room with several screens to monitor at once.
“Where AI comes in very, very useful is in being able to see all of this at once, make decisions all at once based on the information that it’s been collecting all at once as opposed to me, the human, having to say ‘What’s happening there? What’s happening there? What’s happening there?’” Phalen said. “It makes my life a lot easier.”
The capabilities of AI, and agentic AI in particular, will continue to increase in ways we can only guess at.
“It really is like every evolving technology: How smart do you make it and how smart does it make itself? And more importantly, how do you use your guardrails so that it’s used for positive and not negative?” McCaffrey said.
One strong potential future use for AI is the ability to help build out plans (both architecturally and mission-related), review threats and environments, and provide strategy and design elements. AI could later help with new requirements, new threats, and new risks as they arise by reviewing all of this original information and offering strong suggestions on how to adjust the existing countermeasures program.
No matter how it develops, however, the human component remains important.
“It’s always going to be the balance of the technology and the human,” McCaffrey said.
Watch the full webinar here.
