Organizations must educate end-users, says Dan Beard, chief administrative officer of the House of Representatives, reports Dan Kaplan.

Many on Capitol Hill believe, and for good reason, that bipartisanship is nothing but a Beltway myth, more often used as a tiresome campaign slogan than a legitimate goal. But, on albeit rare occasions, both sides of the aisle do come together in unison – and not just because one side needs the votes.

Cybersecurity legislation traditionally has been one of those exceptions. So it was no surprise that when the U.S. House of Representatives decided to turn its attention inward to its own digital security posture, Democratic and Republican leaders alike agreed that there was ample room for improvement.

In December, the joint House leadership approved a five-part plan to boost the lower chamber’s security policies and to further safeguard its IT systems. Most pivotal among the new recommendations was to this year begin mandatory security awareness training of all House members and their staffs.

“We have had solid bipartisan support from [Speaker Nancy] Pelosi and [Minority Leader John] Boehner,” says Dan Beard, 66, chief administrative officer of the House. “Anytime we’ve gone to them with a set of recommendations to increase our cybersecurity, they have enthusiastically endorsed it.”

And while Beard, whose office oversees the House’s operations infrastructure, is no IT security expert, he is well versed in the changing face of cybercrime. What was once a threat landscape dominated by so-called script kiddies who were set on vandalizing the web to gain notoriety has given way to a stealthier group of perpetrators – ones who prefer to break into computer systems to steal sensitive information while remaining in the shadows.

“Now we have people who want to get in and don’t want you to know that they’re there,” Beard says. “The question is, how do you deal with it? You need better hardware and software. But in the end, it comes down to having a trained and committed workforce that uses the systems.”

The House has dealt with frightening examples over the last few years. In June 2008, two lawmakers announced that their office computers were infiltrated by hackers operating out of China, though a spokesman for the nation’s Foreign Ministry denied that country’s involvement.

“We’re a highly visible target,” Beard says. “We always have been. That’s the challenge for government agencies. You have to be constantly vigilant.”

Then, late last year came the tipping point. In an exclusive story, the Washington Post reported that a junior staffer for the House Standards Committee was fired after leaking a confidential report on a peer-to-peer network on the staffer’s home computer. The report detailed investigations into more than 30 Congress members and a number of aides.

“I think that was the straw that broke the camel’s back, so to speak,” Beard says. Soon after, House leadership requested Beard’s office look into revamping the House’s security policies, notably the training of end-users.

The human element

The need to educate employees on proper digital safeguards always has persisted within organizations, but in today’s climate of slick social engineering malware scams and the proliferation of Web 2.0 data leakage risks, it seems that the need for security aware end-users has never been so great.

“The human element is the largest security risk in any organization,” says Stephen Scharf (left), CISO at Experian and the former CSO at Bloomberg. “Most security incidents are the result of human errors and human ignorance and not malicious intent. Therefore, it is critical that significant effort is focused on education and awareness to reduce these occurrences.”

Most compliance requirements, including the Payment Card Industry Data Security Standard and the Health Insurance Portability and Accountability Act, mandate awareness training.

And the nation’s financial state is making end-user education more important than ever. As if the economy already hasn’t done enough damage to American businesses, it also is rearing its ugly head in the form of data leakage concerns.

According to an Information Risk Executive Council (IREC) report, which gauged the opinions of 150 of its CISO members, “employee carelessness” was listed as the top threat facing enterprises in 2010. To put that in perspective, malware ranked number three, and according to a January report from Panda Security, 2009 brought more malware samples than ever before. Forty million to be exact.

Read the rest of this entry »

Bookmark It

Hide Sites

When the FBI’s Steven Chabinsky spoke recently to Congress, he shared a harrowing message, reports Angela Moscaritolo.

Individuals with ties to al Qaeda are interested in attacking United States critical infrastructure systems, Steven Chabinsky, the deputy assistant director of the FBI’s Cyber Division, told the Senate Judiciary Committee in Nov. 2009. Terrorists have recognized vulnerabilities in the computer systems that control critical U.S. infrastructure systems, which could be leveraged to launch a devastating attack against our country, he said.

The FBI knows about and is investigating these individuals, he added, and have found that, currently, terrorist organizations do not have the high level of cyber-sophistication needed to launch such an attack. However, they are interested in developing their hacking skills.

“Should terrorists obtain such capabilities, they will be matched with deadly intent,” Chabinsky warned.

But, while terrorist organizations may lack the capabilities to launch a cyberattack against the nation’s critical infrastructure now, there are others who don’t. An increasing number of individuals, some working on behalf of foreign countries, have the resources to, in a worst-case scenario, manipulate the process control systems that regulate U.S. critical infrastructure systems, causing widespread outages and catastrophic effects.

A primary risk the nation faces is that many of the Supervisory Control and Data Acquisition (SCADA) systems – used to manage electric power generation plants, water systems, oil and gas pipelines, and other systems – are becoming interconnected with enterprise networks, making them accessible from the internet, says Alan Paller, director of research at computer security training organization SANS Institute.

“The vulnerability is that there is a bridge between the business systems and the systems that control the power, distribution and production,” Paller says.

Moreover, these process control systems were not engineered to operate as part of a corporate network, experts say. They are often 10 to 20 years old and are not regularly patched like typical computer systems, says Robert Brammer (right), vice president for advanced technology and CTO at Northrop Grumman Information Systems.

Others in the field concur. “Security was never built into the systems that manage our critical infrastructure,” says Steve Santorelli, a former Scotland Yard detective who is the director of global outreach at Team Cymru, a Chicago-based nonprofit IT security research company. Also, certain parts of process control systems are accessible through wireless connections and other unencrypted communication channels, which can be tapped into, Paller adds.

In the energy sector, for example, many of the systems that are required for power, production, transmission and distribution of energy are computerized, says Amit Yoran, chairman and CEO of network security monitoring vendor NetWitness. Adding to the risk factor, the computer systems that run physical cable plants, turbines and other equipment, have, over the past decade, become increasingly interconnected in ways for which they were not originally designed.

The owners of critical infrastructure systems, approximately 85 percent of which are companies in the private sector, have a good business reason to connect process control systems to their enterprise networks, experts say. Connecting them to corporate billing systems, for example, can make the organization more efficient. But since the systems are interconnected, an attacker could access a system by first making their way into the enterprise network.

To achieve that, an attacker would most likely use a socially engineered ploy to infect an end-user’s computer with malware, which would provide the initial entryway into the enterprise network, says Eddie Schwartz, CSO of NetWitness. The primary objective of an attacker is to get an initial foothold into the enterprise network, he says. From that point, owing to the interconnectivity of systems, that intrusion can eventually lead into a SCADA system.

However, the scenario is not all doom and gloom. Should an attacker gain remote access to a process control system, total calamity is not guaranteed, says Levi Gundert, a former U.S. Secret Service agent who is the director of fraud cyber intelligence at Team Cymru. It may be possible to completely shut off electricity remotely, he says, but doing so would require detailed knowledge of the control system.

In its favor, the various controls in SCADA systems are very granular. Each piece of hardware performs a specific function and is generally responsible for a small percentage of the overall electric output. So, if a remote intruder were able to shut down one control system, the overall impact to electricity delivery may be relatively manageable, Gundert says.

Power penetration

However, attacks from outside the system are not the only worry. There is always the risk posed by insiders, particularly with the recent penchant for outsourcing IT services overseas, and that might just compound and complicate these issues in the long run. A rogue insider would likely have the critical knowledge of exactly how the control systems work together and which are the most high-impact targets, Gundert adds.

For these reasons, the critical U.S. infrastructure is a prime attack target, experts say. Furthermore, there is reason to believe that hackers have a foothold in U.S. critical infrastructure systems right now, Paller says.

“There is reasonably good evidence that nation-states have been taking remote control of computers and power companies for years,” he says. “If you were a country that might have to go to war with another country, you would put spies in place to map the power systems, identify the weaknesses, and pre-place weapons so that if and when you go to war, you are prepared to do real damage.”

This past April, for example, it was widely reported that intruders, believed to be from China and Russia, hacked into the U.S. power grid and left behind malicious software that could be activated at a later date to disrupt the nation’s electric system. Federal intelligence officials – not utility companies connected to the grid – detected these compromises. While saying there was no immediate threat, they cautioned that if there was a war, the hackers may try to “turn on” the malware left behind.

“This is real stuff happening,” says NetWitness’ Schwartz. Officials in the government and the power companies need to take these issues very seriously, he warns.

Steps being taken

And steps have been taken by owners of critical infrastructure to mitigate the vulnerabilities, but much more work is needed, experts say.

“There’s been a move to retrofit security [into process control systems], with varying degrees of success,” Team Cymru’s Santorelli says. “The security discussion has been going on for years in very closed security communities.”

Seth Bromberger, director of the Energy Sector Security Consortium (SEC), a nonprofit whose mission is to facilitate information sharing among those interested in protecting the power grid, says cybersecurity is a top concern of power companies. “We have made significant strides in protecting our infrastructures,” he adds. As an example, Bromberger explains that the industry collaborated with the North American Electric Reliability Corp. (NERC) – the organization that sets and enforces standards for power company owners, operators and users that comprise the bulk power system – to draft the Critical Infrastructure Protection (CIP) Reliability Standards. These standards contain roughly 40 requirements which serve as a foundation to secure the electric critical infrastructure from cyberthreats.

Team Cymru’s Gundert sees progress as well. “NERC and the Department of Homeland Security (DHS) continue to work toward increased security awareness, and companies continue to improve security strategies,” he says.

In contrast, Paller argues that critical infrastructure owners and operators have spent more time denying that vulnerabilities exist than they have fixing them. In addition, they have hired lobbyists to ask Congress to block various security initiatives, claiming there is no real problem.

“The penetrations that have already taken place are being denied,” Paller says.

Securing critical infrastructure systems against cyberattacks is far from a high priority for electric power companies. These utilities are more concerned with the cost of fuel and an aging infrastructure, says Northrop Grumman’s Brammer. “They would acknowledge that it is a theoretical threat, but it is not high on their list to worry about. A lot of these threats only become real in retrospect.”

The mindset in the utilities industry is that an attacker could do equal damage by launching a physical attack, says Brian Ahern (left), president and chief executive officer of Industrial Defender, a provider of cybersecurity solutions for SCADA systems.

But, denial is the least expensive solution. Critical infrastructure operators are able to deny the problem because they don’t have hard evidence that their systems have been penetrated, Paller says.

Getting secure

Complying with security best practices, such as those set forth by NERC, is often a very costly process, Gundert adds.

“Cost will always be a driving factor for utility companies – they are, after all,  a business at the end of the day,” he says.

The solution, he suggests, is that governments around the world should provide incentives that encourage organizations to secure their existing infrastructures, along with any technologies they are planning to implement in the future.

Ahern agrees, saying that when it comes down to it, the only way to truly mitigate the risks is for those in the private sector to take action to secure the infrastructures they control. However, SANS’ Paller says it’s up to the vendors to ensure security, pointing out that vendors of critical infrastructure process control and business systems need to take responsibility for delivering systems that are harder to penetrate.

“The procurement of new technology and every maintenance contract for every one of these control systems needs to have a much higher level of security built into it,” Paller says. “You can change your procurement quickly, whereas regulations take years to become part of the fabric of organizations.”

While individuals have differing

views as to what needs to happen to secure critical infrastructure systems, all agree that a greater level of information-sharing among members of the private and public sectors is needed.

“The best thing we can do as an industry is keep talking, communicating and working as a partnership,” says EnergySec’s Bromberger.

[sidebar]

IN THE WORKS: New legislation

Currently, there are several pending bills related to critical infrastructure cybersecurity making their way through the federal government. Those applying to the energy sector include the following:

Critical Electric Infrastructure Protection Act, introduced in April, would give the Federal Energy Regulatory Commission, the U.S. agency responsible for overseeing electric rates and natural gas pricing, the authority to issue emergency rules if a cyberthreat is imminent.

Bulk Power System Protection Act of 2009, introduced in April, is similar to the bill above but would give FERC the authority to take emergency measures lasting up to a year.

American Clean Energy Leadership Act of 2009, in July was placed on Senate Legislative Calendar. It is a comprehensive energy bill that includes cybersecurity provisions similar to the bills, but establishes cybersecurity jurisdiction within the Department of Energy, instead of the Department of Homeland Security.

Bookmark It

Hide Sites

Community Transit has brick and mortar facilities and facilities on wheels. Both hold precious cargo. For its buildings, the enterprise uses megapixel cameras.

Back in the really old days, before security video and smart cards, before optical turnstiles and biometrics, there were buildings and watchmen. Often after dark, the watchmen would walk around, armed with a flashlight and – sometimes – a watchman’s clock, to protect the facility. Then Henry Ford, who invented the charcoal briquette among other things, decided there were important business assets beyond factory walls. His Psychological Department, some say the precursor to corporate security, would go visit Ford workers at home to ensure they were behaving.

Today, the security mission can involve hundreds of remote facilities in scores of countries and cover thousands of computer systems holding millions of dollars of intellectual property. Or it can cover one building. There are workplace violence threats, terrorism, slip-and-falls, vandalism, weather emergencies, parking violations, employee theft, unauthorized intruders, armed robberies, white powder in the office mail, arson incidents and the breach of hundreds of complex and conflicting rules, regulations and laws.

There are a variety of ways to look at and differentiate facility security in key sectors such as banking and finance, manufacturing, public transportation, government facilities, educational institutions and healthcare.

Still, whatever the sector and its uniqueness, all share commonality in a focus to conduct their security programs, apply technologies and use contracted services to align and further the business aims of the enterprise.

Manufacturing giant Honeywell’s John McClurg, vice president – global security, knows he must make sure his internal stakeholders’ interests are protected. But the bottom line is that “we are a widely held Dow 30 Company, so shareholder interests are considered. Shareholders give an asset to the company and they expect a return,” says McClurg. “Similarly, the board understands that their obligation to shareholders involves a secure environment. We also work to secure our 100,000 worldwide workforce from both external and internal threats.”

Healthcare’s Core Business Focus

Franklin & Marshall College in Lancaster, Pa., must position facility security to reflect its community as well as the educational institution.

Eric L. Levine, staff vice president and director of corporate security at WellPoint, the nation’s largest health benefits company with approximately 34 million medical members, believes in a proactive approach to facility security. “But you also need to make sure you align with the core business of the company.” His mission statement blends with WellPoint’s.

Also at healthcare facilities, and because of federal and state laws and regulations specific to healthcare records, there is expanded emphasis on computer and information security as a critical part of the facility security mission.

“We try to be on the cutting edge of integrity and accountability when it comes to patient confidentiality and record-keeping,” says Michael Counes, director of information technology at California’s Hanley Center, the renowned nonprofit alcoholism and addiction treatment facility. “HIPAA (Health Insurance Portability and Accountability Act) is primary at every level, and archiving business email and minimizing personal email are concerns.”

He adds that although productivity is important to any organization anywhere, “problems with off-color jokes or inappropriate Web surfing was not really a big issue for us. But sometimes people forget and you want to be able to enforce your Acceptable Use Policy and we were looking for a way to accomplish that if necessary.”

For Don Burr, risk assessment analyst at Community Transit, facilities are both fixed and mobile. Headquartered in Everett, Wash., the regional transit authority houses most of its critical infrastructure at a couple of locations that include diesel storage, fuel islands, bus and vanpool fleets, and surplus vehicles. But there are rubber-wheeled facilities: 282 buses, 410 vanpool vans and 55 paratransit vehicles that carry 40,000 or so people every weekday.

“We are always looking for new ways to improve service – and safety is always an important consideration,” comments Burr.

At California State University Long Beach, Police Chief Stanley Skipworth’s facility is really a community within a community. Known as “the Beach,” the hilltop portion on the 322-acre campus overlooks the Pacific Ocean. Eighty permanent buildings house the various colleges, 63 academic departments and programs, 24 centers, four institutes and four clinics. “While our purpose is to protect the facilities and people, the security mission reflects the university’s mission so that a safe and high quality learning experience can occur,” points out Skipworth, who notes that many southern Californians visit the campus at all hours for performances, events or just to stroll.

Far from a surfing beach, Dick Powell, who oversees physical security for Army Alaska in Fort Richardson, needed to protect a unique facility, an abandoned Cold War-era Nike Missile site. Situated on a mountain just outside of Anchorage, the site also houses several wireless towers for Anchorage utilities and other critical communications. His challenge was to overcome the environment when considering security communications from the site.

At Nationwide Financial Services, Jay Beighley, AVP, corporate security, sees a clear though daunting mission. “Simply, our role is to help the company take the risks they want to take to do their business. Sometimes people think the security folks are here to stop crime; that’s part of the role, but it’s important to align our function with the company’s goals and objectives.”

Michael Perrette agrees. “My mission involves risks and threats,” observes Perrette, vice president corporate real estate at Prudential Financial, and who has responsibility for electronic security at the enterprise’s far-flung facilities.

Facilities Go Animalistic

At Nationwide Financial Services, Jay Beighley, AVP, corporate security, balances a diverse and far-flung group of facilities while allowing the enterprise to take the risks it needs to take.

And speaking of far-flung, Connie George has a diverse facility that ranges from the African savanna to an Asian forest and from foraging bears to blacktip reef sharks and a giant Pacific octopus. George, working with IT Manager Doug Jones at the Pittsburgh Zoo and PPG Aquarium, uses security technology to provide a safe experience for visitors but unique animal behavior needs for the zookeepers.

Corporate culture is on the mind of Wayne “Butch” Day, vice president of security, YRC Worldwide, a Fortune 500 company headquartered in Overland Park, Kan., and one of the largest transportation service providers in the world. “The mission of the YRC security department is to ensure the safety and security of employees, equipment, facilities and customer goods entrusted to the care, control and custody of YRC.

“We endeavor to fulfill a wide variety of security requirements, both from the YRC business model and corporate culture,” Day says. “The security of our employees is of paramount importance. Through that culture, security defines those requirements through several programs, both at the corporate and field levels.”

Continuity also is a building security element, too.

With more than 35 years in the field, Bill Besse, executive director at Andrews International, sees the resilience puzzle pieces as centering on processes, people and facilities as much as current and future threats. When it comes to facility security, no matter the type of enterprise, he says that communications during a crisis is crucial. You cannot just cover everything, he notes, but instead, you have to get to employees, customers, law enforcement, the community, the media and others in their homes, offices, plants and in transit. Rather than try to build plans to cover everything, he suggests building a broad set of contingency plans. Incorporate as much into the day to day of the organization. And, your plans must be part of overall business planning itself.

Brand and reputation are two more recent elements to consider in resiliency. He suggests that CSOs, loss prevention and security directors have a big opportunity here, as these executives, more than others, have a 40,000 foot high view. Moving from so high up, security leaders with facility protection responsibility also have a clear view of how technology can play a vital role close to the ground.

At Burr’s Community Transit, Andrews installed five megapixel cameras from Avigilon at the Kasch Park Operating Base and the Merrill Creek Operating Base, in addition to a two megapixel camera inside the vault room where cash is counted, and a three megapixel camera in the lobby for greater coverage. The organization uses the vendor’s control center software with HD stream management and an HD network video recorder at each site to store one week of continuous surveillance footage.

Thanks to the technology, Burr has reduced investigation times substantially. “Previously, we had a mix of VHS and DVR systems that were cobbled together to create a surveillance system that was unable to meet our needs,” he explains. “With our previous system we could not capture any incident – whether it was a car theft or suspicious person – with enough clarity for identification.”

Wireless as a Facility Security Solution

At Prudential Financial, Michael Perrette is on top of change. “Technology – it changes so fast. Is the decision you make today good tomorrow?”

At California State University Long Beach, Chief Skipworth employs a wireless video surveillance system to watch over his campus. The system, with wireless networks from Firetide, has led to numerous arrests, including one felony weapons possession charge. The University administration and on-campus police department needed a surveillance system to supplement officers on patrol and couldn’t temporarily shut down to lay fixed cable.

Thirty-seven pan-tilt-zoom cameras, 29 of which are connected wirelessly, and 40 mesh nodes comprise the network, deployed by local installer Moore Electrical Contracting. The network operates in the licensed 4.9 GHz public safety band to reduce interference and provide extra security; the system includes Bosch analog cameras and IndigoVision encoders and video management. The majority of cameras are strategically located on light poles and other structures around campus and its parking lots. Those entering areas under surveillance are alerted via signs.
Trained police dispatchers monitor the live video feeds and communicate with police officers on patrol in real-time.

Ultimately, the network will be able to stream live video into patrol cars on the beat. Skipworth proudly states that “We have one of the most advanced communications centers anywhere. We have taken the technology to the most appropriate level.” He observes that “any police department is only as strong as the relationships it has. IT and telecom on campus are very helpful. When people come to my facility, they should always have a safe, educational and enjoyable visit. To get to that goal, it comes down to the technologies that give us the advantage and the people who make it possible.”

At another, very different, facility, add spending money to the goal.

That’s the value-added for Michael Williams at his suburban Chicago Golf Mill Shopping Center.

Williams, senior general manager, has stakeholders, too. They include the center’s owners, the merchants and shoppers as well as local law enforcement. His facility security strategy consists of officers as a uniformed presence and digital security video. Sharing Chief Skipworth’s attraction to wireless mesh, Golf Mill has internal and exterior PTZ cameras, from Axis Communications and OnSSI for video management, that provide protection, lower liability and can tie into the local police. The bottom line: a safe and secure shopping experience means more purchases and returning shoppers.

Way up north to Alaska and wireless was a key element of Powell’s Fort Richardson facility assignment. Installing a five mile point to point link was especially difficult in the microclimate location with winds of over 150 mph, extreme temperature changes, and a lot of snow. He worked with integrator John Banks of Evergreen Fire and Security, who looked at wireless mesh networking from Fluidmesh to cover the point to point link. According to Powell, one challenge was to overcome the communication portion for the security video. The wireless connection was economical for the distance covered and alleviated the need to install fiber. “When you add the word ‘mesh,’ it often means you’re using the antennas in a ‘mesh’ configuration, which is multiple paths for a signal to transmit to the same location,” Banks says.

“We’re not using the mesh aspect in this particular case. It’s a point to point configuration.” He adds that “the microclimate was a challenge but the reason we decided to go wireless was the only other real option was fiber and it was cost prohibitive to say the least.”

A Community Effort

Facility security vulnerabilities can include computers, storage devices and the network itself. At Hanley Center, monitoring software watches over emails and use of the Web to protect patient records.

Residential colleges such as Franklin & Marshall in Lancaster, Pa., are inextricably linked to the surrounding community. So when Lancaster experienced a rash of vandalism incidents near college property, campus security officials took action with a new initiative to increase video surveillance and overall safety measures.

Although the incidents were not located on school grounds, they spurred F&M’s 19-member public safety staff to find additional ways to monitor the facility’s 52-acre campus and implement a deterrent to potential vandals. Integrator Tri-M Group used equipment from Bosch Security Systems, which began with six perimeter PTZ cameras and now numbers 20. Dedicated fiber was run from four facilities to public safety headquarters. The integrator and Maureen Kelly, director of F&M’s public safety group, worked with local officials to use decorative streetlight poles and traffic light arms to mount the cameras, which were encased in special housings to blend in with the street’s décor.

Corporate culture went to a high level. “It was important to the community and to the school that the campus still be considered open and welcoming,” Kelly comments. Through a series of community meetings as well as the use of strategically posted signage that indicated the area was under surveillance, residents knew the cameras were working to ensure their safety. School officials also increased street lighting and improved landscaping to boost the efficacy of the surveillance camera effort.

For Nationwide’s Beighley, his facility turned out to be literally nationwide and diverse while his relationship with his integrator, Tom Clancy of AcreeDaily, turned out to be a welcomed partnership.
With 200+ facilities and more than 700 locations, “I really have a variety including office buildings, high rises, data centers, hotels, a hanger and the Columbus, Ohio, arena district, to name a few. Security needs to blend into these diverse areas so that it is acceptable to the people you are there to protect,” says Beighley. He sees the need for facility security to be in the “fabric of the organization. You must make sure the function fits the organization. You can teach security but it is the management of it” that makes a difference.”

For the Nationwide executive, when setting security standards for his enterprise, there is value in ongoing threat assessments and a rating system. “The higher the risk, the more countermeasures are needed ranging from policies, procedures and awareness programs to access controls, security video and alarms to security officers, training and testing. They’re all part of the mix.” And the integrator must clearly understand “what my goals and objectives are. He is my expert. I cannot possibly stay on top of all the technologies and advances.”

Clancy agrees. “With so much technology out there, different solutions apply to different facilities, applications, events and changers in the budget. We need to listen, to help cost justify and then implement.”

Uniquely, Beighley’s enterprise has Nationwide Property Protection Services, which provides alarm monitoring and guarding services internally and externally.

Officers Protecting Facilities

Security officers are the backbone of facility security at Palmer College of Chiropractic. Robert Lee, vice chancellor for support services, sees value in a well-trained, service-oriented officer force.

Beyond video management software, smart cards and analytics, among high-tech tools, there is facility security value in officers.

While many educational institutions have sprawling, park-like settings and young people often away from home for the first time and living on campus, Palmer College of Chiropractic in Davenport, Iowa, stands apart. According to Robert Lee, vice chancellor for support services, his college, of course, shares a mission with others. “Being located in the Midwest with an inner city environment, our 1,300 students depend on our campus security programs to create and maintain a safe and comfortable environment that is paramount to attract students, patients, faculty, and staff. Without the safe and comfortable environment, we would have no business.”

Palmer College students are adult and independent to make their own decisions and the college must have a stable campus environment to attract students to the neighborhood.

The campus has around 20 neighborhood buildings built from 1860 to 2007 and not all are contiguous. “The academic buildings are not intended to be locked down. The buildings are protected with Per Mar Security officers and electronic devices,” says Lee. The officer firm maintains trained security officers, professional in their interaction with the constituents. Lee and Per Mar executives agree that constant refining of training is a must for the security officers to perform their roles interacting with students, faculty, staff, and citizens passing through the campus. Another challenge is creating a strategic plan for electronic devices and the importance of buildings and spaces such as parking lots in regards to matching up with limited funding.

Friendly but not friends, Palmer College officers handle threat and emergency situations but they also provide escort service, help others in bad weather in parking lots, and try to find lost items of value. The college doesn’t lack for electronic solutions for facility security. It was the first to install emergency phones in the Quad City area. All buildings are monitored for fire protection and all elevators are directly tied to Per Mar Security’s central station. There are intrusion systems, access controls in designated buildings and security video, to name a few.

At Prudential Financial, Michael Perrette, who is vice president of corporate real estate, has a neighborhood, too. From his office in Newark, he constantly evaluates ever-changing risks and responds to business requirements. Perrette sees merit in many solutions, including electronic access controls and turnstiles as well as security video, bollards and window protection. “We also have strong security when it comes to all the mail and packages into facilities.”

The Prudential executive is always eyeing improvements and advances. “Technology – it changes so fast. Will the decision you are making today be good tomorrow?”

Yesterday – in the form of older facilities built before today’s security strategies and technologies – is just one challenge faced by Darrell Reyka, manager of school police/safety and security at Sarasota County Public Schools, and his Chief of School Police Larry Leon. “Our mission is to provide a safe, secure and nurturing environment,” says Reyka. The schools have a mix of facilities. “There are older schools built in the 1920s, with open corridors and many entrances. Newer style buildings have a central point of entry,” points out Leon, who sees one strategy as the need to limit access.

Bill Zalud
zaludb@bnpmedia.com
Bill is the Editor Emeritus of Security Magazine, and he can be reached at (773) 929-6859.

Bookmark It

Hide Sites