Modernizing Legacy Government Security Systems

July 8, 2020
Integration software platforms may hold the key to tying old systems with new ones
This article originally appeared in the July 2020 issue of Security Business magazine. When sharing, don’t forget to mention @SecBusinessMag on Twitter and Security Business magazine on LinkedIn.

Federal government agencies are facing a “perfect security storm” as they work to physically identify and protect their personnel, update and secure their IT networks and legacy systems, and comply with the many government compliance requirements and standards – all at the same time.

Security integrators looking to thrive in this market are faced with buildings and facilities that often have layers of disparate systems – including legacy technologies dating back more than half a century coupled with state-of-the-art analytics systems – which must operate in parallel to one another. In addition to these complex technology and policy challenges, federal government customers are often handcuffed by budget constraints.  

While the challenges are daunting, integrators can succeed by offering agencies an integration software platform that complies with current standards, provides a solution that can integrate with older security platforms and technology, while also offering a system that will integrate new advanced technology – all within budget. 

The Legacy Systems Problem

Standards and technology for federal agency security began to develop approximately 25 years ago, when six months after the bombing of the Alfred P. Murrah Federal Building, President Clinton issued an Executive Order to create the first Interagency Security Committee (ISC) – whose main focus was to enhance the quality and effectiveness of physical security in, and the protection of, federal buildings and non-military federal facilities, grounds and personnel.

As a result, security products and technology innovation accelerated. Early security companies designed and delivered individual systems with emerging and limited competencies in information technology, software and systems integration.

As a result, federal government agencies developed two approaches to installing security systems:

Invest and install one system created by the agency – or by one provider – that has a variety of capabilities (i.e., video, access control, etc.) that integrate into one platform. In this case, the system can only integrate with technologies from the same provider. Agencies can upgrade system parts from the same provider, however, should they wish to use a different provider for one piece of their overall system, they often believe they have to invest in an entire new system based on what the original manufacturer has told them. Another challenge with this scenario is that providers may only recommend their own products and systems – which may not always address an agency’s specific needs.

Install a patchwork of individual systems that may meet all the agency’s needs but that did not communicate with one another. This lack of integration clearly presents its own challenges with overseeing several different systems, as well as the possibility of error.

Over the past 5-10 years, the federal government has begun updating these legacy technologies and integrating them with IT networks and new technologies that have evolved and become much more reliable and acceptable, including biometric technology (fingerprints, voice, facial recognition), and life safety systems (fire and smoke detectors, etc.).

While innovation in the security products, systems and IT networks industry continues to advance, these products and systems still must integrate with legacy systems, some of which may be decades old.

During this same time period, IT and network security issues have become more prominent. The majority of manufacturers did not start producing hardening guides or instructions for reducing cyberattacks for their products and systems until 2016. In that same year, more than 1.5 million networked cameras and recorders were infected and commandeered by hackers and malware. As a result, federal government agencies began to develop cybersecurity standards and protocols for IT networks that the physical security system providers must meet.

These legacy systems require modernization, otherwise, they can be exposed to crashes, intrusions or hacks at any time. In addition, legacy systems can be difficult to maintain and support and create a significant barrier to digital transformation without a solution.

According to a 2018 Accenture survey of 185 federal IT executives, 37 percent say outdated technology hinders their ability to protect against cybersecurity threats, and 46 percent separately reported that outages within their legacy systems involved a security breakdown.

Integrating Old and New

Security managers are often tasked with managing the inflow of data from millions of sensors at these buildings; a feat that becomes more astonishing when considering the variety of threats being guarded against and the finite resources that they have to work with.

As agencies look to upgrade their security systems in these buildings with new technologies like AI and biometrics, the most practical way of tying the old and new systems together is through integrative software that bridges legacy systems to newer technologies and platforms. If the newer technologies are used in isolation and not integrated and working together, then an agency will lose the value of having installed each of these technologies.

In recent years, new software has allowed more integration of multiple systems to take place, enabling communication between numerous legacy and new platforms and technologies to provide a better, more holistic picture of an agency’s security environment on a global level. The software can tie all technologies to a single-point command center in order to provide employees and computer aided dispatch with good analytic data to make good decisions based on events. This means integration with hundreds of different, individual security technologies – from barriers and electronic gates to video systems and biometric identity verification – to communicate through one IT solution.

Integration security software platforms must comply with the most updated federal standards for cybersecurity, pass stringent testing requirements, and provide automated network vulnerability scanning, configuration assessment, application vulnerability scanning, device configuration assessment and network discovery.

Integration security software can also provide patches for a legacy system, so budget-constrained federal agencies can replace only what is needed at far less cost than having to replace an entire multi-million dollar system.

Federal agencies that install an integrated software solution will see greater effectiveness, accuracy and speed associated with real-time monitoring of security alerts and events, allowing them to resolve conflicts more quickly. Security teams will be able to access full, organized reports of the global integrated security system, saving time and allowing them to analyze situations more efficiently.

For example, integration software can reduce false alarms for a computer aided dispatch system by providing several data points to determine whether smoke that has been detected is because of someone using a cigarette in a hallway or if there is a four-alarm fire. It can also act as a traffic cop for access control systems, which can crash because they are receiving thousands of data points at once and may not communicate well with other security systems.

The integration software works to troubleshoot the tons of data and determine, for example, which specific doors need to open at specific times. This will ultimately help customers save money by better protecting their people and assets.

Integration software can also help federal agencies utilize their employees more efficiently. Previously, one government building might monitor the security of several agencies through multiple physical lines bringing in data. Several employees would need to physically access and assess security data from that one building. Now, using integration software, federal security personnel can be employed in several locations and receive incident data remotely allowing government agencies much more flexibility in how they manage their operations.

Benefits to the Integrator

Integration software also saves federal security contractors time and budget when they install it to knit together new and legacy technologies. Contractors will be able to focus more of their time on the technologies that they specialize in – such as AI, video analytics or biotechnologies. Contractors can recommend and install a wide variety of technologies and products that are best for the agency, regardless of manufacturer. 

Like most software, in order to remain consistently cyber-secure, contractors must maintain their communication with the software company and install updates that find and prevent vulnerabilities.

Erin Phelps is SVP of Business Development for Security Information Systems Inc., a provider of the Alarm Center alarm monitoring and security integration software, which is used at many government facilities. Request more info about the company at www.securityinfowatch.com/10215004.