Government and Private Security: Will they ever form a partnership?
The lasting effects of the Sept. 11 terrorist attacks have unified security professionals from government and private industry. Even so, some would argue that a true partnership does not yet exist.
The absence of standards and practices to bridge government and private sector security suppliers is a major concern for the security industry. The government has several initiatives under way, including technology standards for smart cards and biometrics, a new set of security standards for the aviation industry and physical security standards addressing anti-terrorism and force protection. Interestingly, the emerging standards are taking hold only in certain areas of the government, such as the Department of Defense. Many other government agencies are simply oblivious. Government clients looking to implement additional security are deploying legacy technologies — such as mag-stripe and older proximity technologies for access control — that are not compatible with the emerging standards. They continue to install infrastructure to support older technologies without regard for long-term impact.
Private-sector security suppliers have not yet embraced standards, unlike in sister industries such as telecommunications and building automation, where there are recognized authorities to impose standards. To address this problem, several initiatives, including the ASIS International Commission on Guidelines and the Security Industry Association (SIA) Open System Integration and Performance Standards (OSIPS) development project have been established. These initiatives are representative of the private sector’s willingness to advance the security industry; however, they are not currently backed by any government mandate. Although these private sector initiatives have not taken hold in the mainstream, they are a step in the right direction.
From a neutral perspective, it is obvious that both the government and private sector need security standards, but that they are doing so independently of each other is troubling. Still, some progress has been made, particularly with regard to protecting the public infrastructure and in the design and construction industry. The Infrastructure Security Partnership (TISP) is one example of a focused effort spanning the government and private sector that is making progress through sharing information and standards. Its focus is to facilitate dialogue concerning domestic infrastructure security, offer sources of technical support and comment on public policy. Two fundamental goals of TISP are to reach and include all stakeholders potentially affected by any disaster and to provide technical assistance and information to the Department of Homeland Security.
Similarly, in 1997, the Sustainable Building Industry Council (SBIC) included security and accessibility criteria to its mandate, thus expanding the partnership between government and private industry. The concept of a whole building approach that includes security is not new, but the inclusion of physical security as a fundamental design criterion is.
The Good, Bad, and Indifferent
Traditional security measures are broadly categorized by the basic elements of security: architectural, operational and technical. Perhaps the least publicized but most highly effective partnership has occurred in the area of architectural security — particularly because the government addressed architectural security concerns more thoroughly in the past than had private sector businesses. The government’s head start established a baseline for critical standards to be developed. Examples include barriers and bollards, lobby design, egress control and structural standards. This burgeoning partnership was triggered by a rapid increase in leased government office space. When the government shared its lessons and design concepts, architects and developers responded with more efficient buildings, able to accommodate government tenants.
While standards exist for architectural security, they are virtually non-existent in operational security measures such as security guard services, security procedures, policies and operational plans.
Post-Sept. 11 security enhancements were a prime example of the lack of cooperation between the two sectors. Notable enhancements were made with visibility in mind and focused on screening. Visibility is a significant security benefit — it provides deterrence and operational awareness — but a focus on screening was a mixed blessing. Government-operated facilities with federal or state security personnel immediately raised the bar by screening all vehicles. To implement the enhanced screening, they re-trained and augmented guard staff in effective screening methods and procedures. The level of convenience diminished, but the level of protection increased.
With the government as a benchmark, private security operations attempted to mimic the model. In Washington, D.C., for example, private tenants demanded increased security from their landlords that would largely equal that of neighboring government facilities. The effort to duplicate the government process without the benefit of federal resources proved impossible. How could a contract guard company, operating on bare-minimum margins, provide the training and management to effectively duplicate the government’s benchmark? They couldn’t.
For its part, the government shared little from its lessons learned to support private sector enterprises. In the end, some private enterprises experienced significant increases in operational security costs without realizing their desired operational improvements.
Does One Hand Know What The Other Is Doing?
From an independent perspective, indifference is the prevailing attitude among some government agencies concerning a partnering initiative. The slow pace of intra-agency standards development — relative to access control technology, digital video recording technology and application guidance — are recent examples. For instance, several agencies continue to deploy access control technology that is not compatible with the Combined Access Card (CAC) standard or the GSA Smart Card Interoperability Standard.
That leaves access control system manufacturers with little guidance about where to focus research and development funds, and in the end, limits the government’s options to those manufacturers meeting their standards. Unfortunately, a side effect can be the limitation of the government’s ability to choose a solution that offers optimal performance and cost-effectiveness.
Economics
Before Sept. 11, security was driven largely by private-sector interest. The government operated its varied physical security programs in a vacuum and had little influence on the development of new security technology, policy and procedures.
The economic picture provides some explanation why so many security professionals feel that no real partnership exists between government and the private sector. There is only a business relationship.
As the security industry continues to evolve and mature, the small successes in government and private-sector partnering should expand — most notably in the areas of operational and technical security, where standards development will be a catalyst for the development of overall industry standards. When these changes occur, a government/private-sector partnership could be more than just a catch phrase.
Roger B. Hutchins, CPP, is associate vice president of Kroll’s Security Services Group, Vienna, Va.
