The security week that was: 04/11/08

April 11, 2008
A weekly surveillance of news shaping your profession

Getting industry & government collaborating on HSPD-12

By far, the biggest thing to hit the industry this week was testimony on Capitol Hill about the HSPD-12 project. If that acronym doesn't sound familiar, then here's the summary: HSPD-12 is a presidential directive issued by President Bush to aid in securing access to federal information and facilities. It directs an integrated access control program that links physical and logical security in one card, while providing for future uses of biometrics. Secure data transport and technological standards are part of the mix. Essentially, this is a combined federal employee/contractor/subcontractor identity management and authentication project.

And the program, (even if the ACLU can't stand it) is probably one of the most important projects occurring in the federal security space these days. It has the power to set new standards for access control and actually push forward this idea of a converged authentication and identity management solution for logical and physical security.

But it's not an easy thing for anyone to do, like most things worthwhile. On that note, Rob Zivney, the chair of the Security Industry Association (SIA) committee on HSPD-12 and V.P. of marketing at access control company Hirsch Electronics, visited with Congress this week to present industry ideas on adjustments that needed to be made to the HSPD-12 project. He also advocated a spirit of cooperation between the government and the security vendor community. We've published his full testimony on SIW, and he makes some very sound points that are worth reading by the entire industry -- whether you deal with HSPD-12 solutions or not.

P.S. -- Look also for analysis from Rob in the May issue of Security Technology & Design on HSPD-12.

Back from ISC West 2008
Vegas even left a couple dollars in our wallets!

ISC West 2008 was a success. Even with the NBFAA and CSAA splitting off to do their own tradeshow this year (ESX 2008, coming this June), the value of ISC West 2008 wasn't minimized. Traffic seemed very good (SIA's Richard Chace said the show was on target for strong numbers, although it hadn't been audited yet for actual attendance) and there were more security technologies under one roof than any technology editor could hope to cover in three days.

Education sessions were reportedly hit or miss in attendance, but not in content. The two that I stopped in on were doing really well, but I'm told by some vendors and editors that there were some flops where just a few persons attended. That's normal, and from what I heard from our other staff members, even low-attendance at some sessions didn't mean there wasn't top-notch content being delivered. Sometimes it's hard to draw attendees away from the booths and off-the-wall contests happening on the show floor.

We put a page at www.securityinfowatch.com/iscwest08 to post lots of editor-written news and vendor-submitted press releases. One of our regular forum members also posted his own video technologies report from ISC West.

Big industry business news
HID's IT focus, Brink's buy, Securitas Systems expands, more

In business news, there was a lot happening, and these are the highlights: Brink's bought another armored car company; UTC elected a new CEO; Hitachi bought into the identity management space; Securitas Systems bought G4S' German security integration business; and HID created an IT channel strategy.

I should make note of this HID Global IT channel strategy and explain how the company is really spreading out its technologies into new applications. According to Phil Scarfo, vice president of identity management solutions for HID Global, it's really about recognizing that HID is more than cards and readers. With that, the company is expanding into partnering with logical (network/computer) solutions providers for logical access, data encryption, single sign-on and more. The idea is that the card and reader solutions used for IT can be shared with the physical security department at the same time IT security administrators are able to "raise the bar" from simple username/password systems.

"The goal is to make the solutions better by providing a single token [such as a card]. Today, our business has largely been cards and readers," said Scarfo in an interview with SecurityInfoWatch.com. "But the value that we provide is more than the cards and the plastic and the readers. We want to be the facilitator, whether that's for physical or logical [security]."

Finally we close with a look at our most read stories of the week: