U.S. Federal Facility Security (S1:E36)

October 6, 2022

Today, we’re talking U.S. federal facility security with a selection of Identiv’s experts, including Dave Helbock, Director of Product Management, Todd Harrington, Director of Federal Sales, and Tom Dymacek, Director of Federal Sales. We discuss the top threats, biggest challenges, and how to deploy the right solutions to protect the nation’s highest security buildings.

Full Transcript

Speaker 1 (00:01):
You're listening to Humans in Tech, our podcast explores today's most transformative technology and the trends of tomorrow bringing, together the brightest minds in and outside of our industry. We unpack what's new in physical access, identity verification, security, and IOT ecosystems. We reach beyond the physical world, discuss our digital transformation as a species, and dive into the emerging digital experience. Join us on our journey as we discover just how connected the future will be, and how we will fit into that picture. Your host is Leigh Dow, VP of global marketing at Identiv.

Leigh Dow (00:43):
Thank you for tuning in today. We're talking to the federal team at Identiv. That team includes Todd Harrington, the director of federal sales. Dave Halbach, director of product management. And Tom Dimasec, director of federal sales. Thank you all for being here today.

Todd (00:59):
A pleasure. Thanks.

Leigh Dow (01:01):
So let's start off with what is U.S. Federal facility security.

Todd (01:06):
Okay. Sure. So after the bombing of the Murra building in Oklahoma city in 1995, federal government got together and formed the ISC or Inter-agency Security Committee. And they looked at ways that how they can protect federal buildings from any future physical violence against either the building itself or it's people within those buildings. So they created a process that was administered through GSA that really provides a five levels of classification if you will, for those different types of facilities. And actually out of those will give you guidance as to how to protect those bill points.

Leigh Dow (02:07):
Thanks, Todd. Tom who's responsible for Federal Facility Security?

Tom (02:14):
Would be a combination of folks. It would be... On the physical side would be the physical security personnel, which would roll up to the police force as well as the folks in charge of the electronic, physical security equipment or ESS equipment. And then there would be the IT folks or the CSOs responsible for all the data assurance and data security. And what we're finding out is those are converging. And so we have to look at both as we apply any kind of security methodologies for the federal government.

Leigh Dow (02:46):
Todd, you talked about the different levels of federal security with the GSA, the general services administration. Can you tell us how the GSA determines those levels?

Todd (02:58):
Sure. So, as I mentioned, there's five levels and they incorporate a number of different parameters to define what defined that particular level. For instance, level one is a building that may have 10 or fewer employees. There may be a low volume of public contact, or it may simply be a square footage. In the case of level one, it's no bigger than 2,500 square feet. A good example, that might be some of the storefront social security administration offices you'll find in county seats across the country, or say a department of agriculture storefront for farm affairs and things of that nature. And then it goes up from there. Level two would maybe bring it up to 150 employees or less, and then it may be up to 80,000 square feet. So they give you some physical parameters to go by when defining what those levels entail. And then from that, then there are mitigation methodologies to address the physical security,

Leigh Dow (04:12):
What security operations do federal facilities include? Tom, do you have any insight into that?

Tom (04:20):
We say federal facility operations. I mean, again, it's a combination of things. We both have the physical security side, so it's all the folks on the guys with guns, as well as those folks managing the electronic security system. But then again, you have the operations for the IT and IT infrastructure. So those have started to converge. And so when you look at security operations, you're really looking at the overall broad reaching cyber and physical security as a singular entity.

Leigh Dow (04:54):
So Dave, what are some of the challenges that are associated with the implementation of federal facility security?

Dave (05:00):
Well, a lot of times it happens when they're doing these risk assessments and using the various risk management framework options, I guess, while they're filling them out is determining the likelihood or probability of an action. If you're in a certain location, you may be more vulnerable to vandalism where in another location you may not be as vulnerable. So each time that you go to do these site surveys and do your population estimates, do your likelihood or probability estimates, it allows you to build a risk mitigation program around those numbers, but it's still based a lot on the geographic area and what type of circumstances you're going to encounter having your personnel and your property that needs to be protected.

Leigh Dow (06:01):
Well, given that, Tom and Todd, the federal facilities are some of our most secure buildings in the country, or globally, even. What are some of the types of threats that federal facilities, employees in the public, face in those spaces?

Todd (06:19):
Sure. So some of that could be an external threat. For example, physical violence, threats of bombs, things like that. And some other examples, when I was doing risk assessments for Department of Ag, they had facilities that may be doing research of genetically modified plants. And so there's a certain segment of the population that finds issue with that, or takes issue with that. And so they were always cognizant that those could develop into a physical threat. So there's a number of different other types of threats that a federal facility could... Not just external, but also an internal threat. As an example, you might take, say someone deciding to damage an IT closet, which may shut down the mission of that particular facility for a period of time. Of course, there's a cost involved in that. There's a loss of data, of productivity. So all that becomes at a cost. And those are some of the things that are taken into account when looking at the threat potential for a particular facility,

Leigh Dow (07:47):
Dave-

Tom (07:47):
Yeah. Let me add that.

Leigh Dow (07:48):
Oh, go ahead. Sorry.

Tom (07:48):
Let me add that as well. So Todd mentioned physical. So of course certainly active shooter is always a concern, especially when you have federal facilities that are more open and or open to the public such as hospitals. But you also have the data security issues. And some of the things that we address with our solutions and that's a big one is PII or personal identifiable information or PII data. Like I mentioned, as well as other data associated with assets and people.

Leigh Dow (08:23):
So Dave, the government's physical security program is responsible for protecting facilities and property information as well as personal assets. How is that done?

Dave (08:33):
So typically most agencies have a physical security office, some sort of office of security and then physical security falls under that, along with personnel security and different administrative security functions, or sometimes even classified related functions as well. So inside each of those teams, there's physical security specialists that are specialized in actual system engineering along with using these risk mitigation tools. Doing video projects, doing physical access control projects, electronic access control projects, intrusion projects. And it all depends on what they're protecting or determining how to protect it.

Dave (09:19):
There's continuous monitoring and security assessments done by sometimes different groups, if it's separated between the physical security specialists and the security assessment professionals. There's also various committees that work in these facilities. A lot of times the committees are based on how much square footage they have and the actual agreements in place when they either lease or purchase the facility. And then there's also lock and key programs and then protective security officers as well that are physically located around the facilities too. It's a pretty comprehensive program.

Leigh Dow (10:02):
Can you tell us more about the solutions that Identiv has to secure everything from those standard office spaces to the highly secure facilities? I know that includes VI Cam and our in stock physical access readers.

Dave (10:14):
Absolutely. Yeah. So Identiv has an end to end solution, our velocity is our flagship high security solution, that can be used in standard offices. It can be used in classified spaces, it can be used in large enterprise environments. And inside of the velocity access control, using our Hersh hardware we do offer a TS reader line, which we have several different types of readers available and can be used in all sorts of applications for contactless contact with VI Cam doing card authentication, doing Pival authentication.

Dave (10:53):
So there's a lot of options with our physical access control system. We also offer a video system, a complimentary video system called Velocity Vision, which integrates to our Velocity platform. And then we also have different integrations available for intrusion detection systems as well, where you could use the velocity security management system to also monitor the events and traffic from everything going on in your facilities.

Leigh Dow (11:20):
Tom and Todd, is there anything that you wanted to add to that or to the discussion around protecting facilities and the property and personal assets?

Todd (11:33):
Yeah. So there's a couple points there. And one is when viewing the overall security posture of a facility is to consider the mission and what could impact that mission in terms of a threat. Like I said, it could be so much as some sort of an infrastructure attack. In other words, where you lose power, you lose access to your network. And so there's things you need to consider over and above just locking your doors, but also how do you protect those other assets that may affect your mission and your people?

Todd (12:25):
So there's a lot of layers, as we've indicated today, a lot of layers that can go into addressing those issues. We are able to provide solutions to address nearly all of those layers, through our physical security packs, our video surveillance system, our Velocity Vision. And our use of intrusion detection systems. So we have a lot of tool sets there that we can go to help support a federal end user. Lastly, we have a lot of experience in working in the federated environment, and by being able to bring our expertise, we're able to assist an end user that maybe has questions on what the best way to apply our solution to their particular issues that they're trying to address. Tom?

Tom (13:29):
Yeah. Thanks, Todd. And I want to stress that the 13.02 solution that we provide is unique. There's not very many folks who can deliver that type of solution. What that really means, as Dave mentioned, end to end, is that we provide security, physical security, but that data security for the PII assets, as well as the security of the data going through our systems. And that means utilizing equipment that is from a single manufacturer, which is important because when you're looking at supply chain and things like that as well, securing that supply chain that becomes even more important in today's security environment. So it also adds another... What it also does is it adds cost savings as well. So you're meeting requirements that the government is trying to meet as well as providing stronger security at a much more competitive price point. So these are very, very important elements in helping the customer solve their problems and meeting their missions.

Leigh Dow (14:37):
Excellent. It was really great conversation with all of you today. The federal space is so interesting because it is so intricate and does have its own special set of complexities to navigate through. So I really appreciate you taking time to shed some light on that for our audience.

Tom (14:56):
Thank You.

Todd (14:57):
Thanks.

Dave (14:58):
Thank you.

Leigh Dow (14:59):
Thanks for joining us. We appreciate you guys taking your time out of your day to participate in the humans and tech podcast for our audience. If you like this podcast, please like, and subscribe.

Speaker 1 (15:08):
The problem isn't security it's awareness. Velocity Vision is the future of visual surveillance, an intelligent video management solution that delivers real time situational awareness in an open security platform. Integrate with your existing systems, verify your environment in one pane of glass, and increase the efficiency of your security operation. Get full control of your environment when and where you need it. Learn more at Identiv.com.

Speaker 1 (15:39):
Control access anytime, anywhere, and on any device. 24 7. The Freedom Smart Bridge is a leading edge door controller that integrates seamlessly with existing IT infrastructure and management tools. It stores information locally from any server and remains fully functional in the event of a network outage. The Freedom Smart Bridge eliminates complex control panel configurations with technology, communicating over encrypted IP network protocols. It meets audit compliance requirements and easily supports on premises hybrid and cloud deployments. Learn more at Identv.com.

Speaker 1 (16:20):
Physical security, identity verification. The IOT. The hyper connectivity of our lives will only grow more pervasive. As technology becomes more automated, and experiences more augmented, it's up to us to preserve our humanity and use new tools and trends for good. The only question is, are we up for the challenge.