Critical infrastructure: The five biggest technology mistakes

Security pitfalls and how to avoid them

Protectors of our nation's assets should remain constantly mindful that security technology is only one aspect of a security program, and, in fact, depends on the success of the other parts in order to be effective. For example, some technology proponents automatically believe that video surveillance cameras outfitted with analytics can replace the need for roving guards. In reality, however, depending on the particulars of the situation, more monitoring staff might be needed to receive, assess and respond to increased alerts that might be generated by advanced video systems - offsetting the fewer field personnel.

It is important to keep expectations reasonable about technology's role in your overall security program and thoroughly understand exactly the impacts of each proposed system. Ultimately, your security programs success may hinge on the perception of how effectively and appropriately security technologies are understood and have been deployed at your facility. In addition, technology's role in the overall program should be well thought-out and clearly communicated to everyone involved.

Mistake #3: Poor planning.

Security breaches can be a stressful time for everyone. Natural instinct dictates that the sooner something is done to address an incident, the less likely something like it will occur again.

Security technology such as cameras, access control and intrusion detection can seem like obviously good tools to deploy or upgrade; however, rushed incident response-driven deployments without appropriate planning are not always best for the overall security program - and in some cases, can create unnecessary liability.

A thorough understanding of the real vs. perceived needs for security technology is necessary prior to deploying any equipment. Planning for any critical infrastructure enhancement involves knowing the real security needs and which technologies are most appropriate to deploy.

This process must also addresses "low tech" and "no tech" supporting features essential to program success. For example, wherever cameras are deployed, a lighting plan should support their use.

When IP-based security systems are considered, the IT infrastructure plans should be updated to account for current and future bandwidth and resource demands.

When facilities are designed or renovated, minimum security technology standards should be in place. Prior to making any product standards decisions, a thorough competitive evaluation should be performed, including identifying a pool of competent, factory-certified installing companies to provide options and ongoing support.

When security systems costs are estimated, make sure that product lifespan and five-year service needs are anticipated in addition to the ongoing personnel and operational costs of maintaining the systems.

Mistake #4: Leaving out lynchpin stakeholders.

Critical infrastructures, like many organizations, can be politically charged environments with competing interests, agendas and legacy attitudes.

We have seen a trend among some organizations that in order to obtain consensus on issues and complete the project, the pool of stakeholders must be as small as possible. Security projects that kick-off without involvement from important stakeholders invites second-guessing, criticism and can create hurdles and project roadblocks that could be avoided.

Ultimately, the security program may suffer from less credibility and support, due to what is viewed by some as a program forced on them by an elite group that is out-of-touch with organizational needs.

Commonly overlooked stakeholders include service staff who maintain the systems, field personnel who respond to system alarms, operators who will be manning the equipment on a regular basis and information technology personnel whose network may be supporting the systems. Other departments appropriate for process inclusion are legal, local law enforcement, human resources and procurement.

Not every stakeholder needs to be integral to every security technology discussion; however, inviting these stakeholders to the table from the outset and keeping them informed in some manner throughout the process can smooth the implementation and acceptance path and remove much of the potential resistance to your security technology program.

Mistake #5: Deploying more technology than you need.

Just because it can be done does not mean it should be. In recent years, security mandates and grant funding opportunities have driven facilities to acquire significant amounts of security equipment.