The National Cancer Institute Embraces PSIM to Improve Situation Response and Security

Established under the National Cancer Institute Act of 1937, the National Cancer Institute (NCI) is the federal government’s principal agency for cancer research and training. It coordinates the National Cancer Program, which conducts and supports research, training, health information dissemination, and other programs with respect to the cause, diagnosis, prevention, and treatment of cancer, rehabilitation from cancer, and the continuing care of cancer patients and the families of cancer patients. Part of the National Institutes of Health (NIH), NCI is one of 11 agencies that compose the Department of Health and Human Services (HHS).

 

The Challenges

Accustomed to maintaining distinct campus locations and operations, NCI had few organization-wide security or operational protocols in place across its five National Capital Region campuses and numerous off-campus facilities, housing 9,200 total employees. It also lacked a common credential to identify employees and contracted personnel entering its sites. Given the sensitive nature of NCI’s work, this security weakness could have devastating consequences. For example, after the earthquake in August of 2001, NCI senior staff realized it did not have a viable way to quickly ascertain the whereabouts of staff and account for damage at local facilities. It became quickly evident that creating an off NIH campus command center using a PSIM to both aggregate data from various systems and disseminate emergency data to staff was a critical need.

While this had been business as usual for years, increasingly sophisticated (and typically incompatible) security technologies and rising U.S. security threat levels rapidly were changing the way NCI did business, making it even more difficult—and increasingly important—for the organization to ensure standard practices and protocols at all of its many locations. With the impending move to one centralized location, the NCI security team began devising plans to eliminate these existing security weaknesses. NCI faced a number of key challenges including:

  • No single identification credential -- NCI needed a system that would enable them to embrace FIPS 201-2 for the use of one credential for physical access at all facilities.
  • Disparate technologies and protocols—no two NCI buildings were alike when it came to the myriad security devices and systems in place. Each location had its own security staff and set of standard operating procedures. For instance, although two campuses might each operate video surveillance and motion detection systems, the providers of those systems were independently selected by the local security staff at each site, and could therefore only be operated by personnel trained on those specific solutions. This hindered cross-location visibility, and made it impossible for a single command center to effectively operate all NCI security technologies.
  • No standardized metrics— lacking a consistent way to measure security successes and failures across buildings, NCI was finding it increasingly challenging to identify and address problem areas and gaps in security.
  • High personnel turnover rate—facing steady turnover of its security and operations personnel, NCI regularly needs to train new employees on its security systems, a timely and costly endeavor with low ROI.
  • Off-campus personnel— often times, off NIH campus facilities lacked adequate security related information. In some instances, remote personnel received emergency notifications from the NIH mass notification system, making it next to impossible to cohesively aggregate a response from local buildings. In order to address these challenges, NCI sought to establish a single, unified command location that could act as a control center with visibility across all of its sites and personnel while also providing a direct link to and standardized identification protocol for staff members working outside of regular campuses in lab tech and administrative capacities.

 

The Solution

In December 2012, NCI began the process of moving approximately 2,400 NCI staff to a new, LEED Certified facility located in Rockville, Md. Aggregating six buildings into one, the 574,000-foot space and accompanying 1,950 spot surface-level parking garage boasted a 24-hour guard force, 24-hour command center and enterprise-level access control and video surveillance system.

NCI also began the process of rolling out the organization’s first personal identity verification (PIV) system consistent with Federal Identity Credential and Access Management (FICAM) guidelines. The new system addressed the inconsistencies in employee identification by establishing a common database to log all employee access, thereby increasing accountability and making it easier for NCI to keep tabs on who was entering its facilities at any given time.

NCI recognized that rolling out compatible technologies across campus locations would not be enough if there still were no common operating system to integrate the feeds and data from those locations, allowing the new command center to view and work with all of those systems simultaneously. To address this concern, the organization, working with integrator Northrup Grumman, decided to purchase a physical security information management (PSIM) solution that could integrate all its subsystems and technologies into one common operating environment. Selecting PSIM provider VidSys for its strong track record and simple-to-use, web-based user interface, NCI quickly found the cost of its investment made up by the training and cost reductions that resulted from only needing to operate a single system. Aggregating the inputs from and control for all of NCI’s existing security applications (regardless of provider), VidSys PSIM software made it possible for NCI operators to see, for the first time, how all systems were operating, and to have all of those systems working together for a 360-degree view of campus security. For instance, if a fire were to break out, the PSIM software would enable the controller to institute pre-set emergency response protocols, initiating the building mustering system and implementing evacuation procedures in motion while simultaneously alerting emergency responders –recording the entire event for later review and use for regulatory and training purposes. The first wave of NCI systems and technologies organized under VidSys PSIM solution were:

  • access control
  • video surveillance
  • emergency phones
  • emergency messaging system
  • entry building mustering system
  • fire detection

 

Early benefits of VidSys PSIM software identified by NCI include:

Training and Personnel Allocation -- Because of the traditionally high turnover rate for security employees, training personnel on the disparate systems at each campus had previously been a costly undertaking. VidSys PSIM software enabled NCI to bring all of its systems and technologies under one umbrella, meaning that there now was just one system on which to train. Regardless of location or systems involved, the organization no longer had to worry about whether a controller or security employee in one location would be able to function in another.

Further, because VidSys PSIM software streamlines the overall security process by integrating all software and technologies into a single view, manageable by a single operator, the number of personnel needed to man the command center was reduced, allowing resources to be allocated elsewhere.

Situation Response -- From day one, VidSys PSIM software gathered and correlated critical NCI’s system data in real time, giving operators the necessary tools and information to allocate resources during a situation and making it possible to respond more rapidly and effectively than ever before. For example, if the intrusion detection system alarms were to go off, the control center operator immediately could view the appropriate video feeds in real time, to determine whether dispatching personnel to the location was necessary.

Event Simulations -- Unlike previous training exercises, which typically required participation from the general employee population to be realistic and effective, VidSys PSIM software enabled NCI to run tabletop drills without outside help. Simulating real events in the command center by engaging all key systems and technologies, operators and security personnel could now train in realistic scenarios that helped identify the strengths and weaknesses of their response both human and technology-based. Further, after identifying an area for improvement, operators could work with PSIM to update and enhance the solution’s “understanding” of a given area.

One example of the PSIM software as a learning tool came for NCI during a recent fire drill. By tracking and logging the drill as it unfolded, the PSIM software enabled operators to identify and target problem areas (e.g. officer performance, post-drill review of specific decisions made during the event) from NCI video feeds, addressing those weak spots in real time and later using that same footage as a post-drill training tool.

System Intelligence -- Also in line with this VidSys PSIM software’s ’s ability to “learn” from past experiences, the software quickly helped to standardize protocols and processes across NCI, providing operators with a truly apples-to-apples view of events, enabling them to view data from multiple systems side by side to identify and address discrepancies.

The system creates the ability for standardized responses while allowing for flexibility when things do not go as planned. The system establishes a framework through the use of action plans but is not so rigid that the officers cannot make real-time decisions. This flexibility is crucial when trying to save precious time during emergencies.

 

The Road Ahead

While still in the early stages of its PSIM implementation, NCI has high hopes for the technology and the future security integration of its numerous buildings and campuses. In the coming months, NCI plans to focus on developing more robust, post-event accounting of response procedures based on VidSys PSIM system data as well as increased integration and video sharing with other state, local and federal agencies

The organization is in early-stage discussions with other government agencies about the possibility of creating fully redundant command centers across its numerous locations and says that it sees VidSys PSIM software as the best tool to advancing its security and integration protocols in the years to come.

Through the use of its PSIM, NCI has created a framework to breakdown the technological barriers to sharing data while still maintaining control. This is a great step forward in providing a safer and more streamlined security program.

 

This case study was a 2013 submission for the Security Innovation Awards.

Loading