Security integrators across our nation are working to provide safer and more secure facilities for their staff, communities, and clients — which includes our country’s critical infrastructure (CI) operations. Security systems integrators are expected to advance their industry tradecraft through the plethora of education opportunities offered by leading industry bodies, like the Physical Security Professional (PSP) certification offered through the American Society for Industrial Security (ASIS), or the Certified Security Project Manager (CSPM) and Security Industry Cybersecurity Certification (SICC) offered by the Security Industry Association (SIA). In the national security domain, however, there is so much more to learn, a broader whole-of-security education bolstering effort that systems integrators can undertake to ensure their seats at the table become an indispensable resource to our critical infrastructure operating community.
The National Infrastructure Protection Plan (NIPP) is a framework upon which the Sector Risk Management Agency (SRMA) collaborates to tailor sector-specific plans for the unique characteristics and conditions of each of the 16 critical infrastructure sectors such as energy, water, healthcare, transportation, etc. Systems integrators naturally understand tailoring electronic security solutions to meet specific site requirements. However, with the CI facilities that we all service, we have an additional responsibility to support our trusted facility owner and operator relationships by bringing a whole-of-security mindset to the negotiation table. That mindset entails understanding and educating our clients on the resources available to them within the broader national security partner ecosystem, and connecting them to those resources, regardless of our own business development interests. That’s the implicit responsibility of a trusted relationship, and the ethical responsibility of every security professional.
Hopefully now you’re motivated to learn how to be the best national security partner you can be and you’re thinking, Who are these ecosystem partners? What are these amazing tools, and how do we get engaged with them? Let’s look at a few framework particulars first. On page 10 of the Department of Homeland Security’s (DHS) National Infrastructure Protection Plan you’ll find details for the public-private partnership structure, and importantly, the admission that the federal government must make “economic calculations of risk” alongside non-economic concerns such as privacy risk in its national security role. This is important because the tolerance associated with a particular risk may or may not justify a particular investment. That is where a security professional must honestly set aside sales and marketing goals and be available to objectively evaluate a variety of risk perspectives associated with a particular CI facility. Understanding and absorbing the NIPP is critical to your national security industry growth.
It only takes our spending the time necessary to increase our professional security competencies.
Another tool I would point you to is the DHS assessment tool “Best Practices for Anti-Terrorism Security” (BPATS) for commercial security. This assessment output can be included in a facility’s Safety Act application, and its granular assessment approach gives security professionals a vetted means of evaluating the 411 common security practices contained within the 24 BPATS best practices, under the “7 Practice Categories: Program Charter, Strategic Planning, Administrative Controls, Security Systems, Communication and Notification, Defensible Space Design, and Performance Evaluation.” This is a comprehensive assessment tool that goes far beyond what most systems integrators are capable of or willing to commit to performing; that’s why there’s help.
DHS delivers national support through 10 regional infrastructure offices. You will find all the DHS agencies similarly aligned, e.g., Federal Emergency Management Agency (FEMA), Cybersecurity and Intelligence Agency (CISA), Customs and Border Patrol Agency (CBP), etc. Your local DHS office is staffed by a group of professional security advisors (PSAs) that will perform BPATS for critical infrastructure facilities upon request from the facility. It’s important to ask your CI client if they’ve had a BPATS you can review to ensure your offerings are aligned with the facility BPATS priorities. Don’t assume your client’s management team understands or is even familiar with the BPATS output; and if they haven’t had one, point them to their local DHS office for support. All of this may impede your sales cycle, but it will ensure that CI facilities within your area of operations are receiving the most comprehensive risk mitigation advice possible as they structure their security budgets to address security gaps or shortcomings.
Everything discussed above is available for free. It only takes our spending the time necessary to increase our professional security competencies. Other free resources include joining your local InfraGard National Members’ Alliance (INMA), the Homeland Security Information Network (HSIN), or Information Sharing and Analysis Centers (ISACs) particular to your operating area. Good luck on your security systems integrator journey and thank you for your further consideration of our national security contributions along the way.