â€œWeâ€™re about to become the most regulated industry in America,â€ predicted Bob Hayes, who was in charge of security at Georgia Pacific Corp. headquarters in Atlanta at the time of the El Qaeda and anthrax attacks. Spooked by paper dust always found in packages, customers insisted on proof of security through the supply chain. Now a security consultant, Hayes noted the rising number of government units, regulatory bodies, compliance agencies, advisory groups, and supplier certifications now authoring guidelines and rules on security.
â€œThis is not a fad,â€ Hayes said. â€œThis is a tidal wave coming at us.â€
Federal directives, in particular, conflict and overlap with each other. â€œThey didnâ€™t do a very good job of making sure thereâ€™s only one Washington standard,â€ Hayes said. At the state level are more policies and procedures. â€œEvery state in the union has something theyâ€™re working on,â€ Hayes warned, and theyâ€™re not being coordinated. Overall, the goal is to help reassure the public via anti-terrorism measures. Hayes is less than optimistic. â€œIâ€™ve never found standards and policies to be particularly helpful, because they vary so much, even within a corporation,â€ he said. While penalties are not in place yet, in the event of an incident, Hayes expects repercussions. â€œIf you donâ€™t knowâ€ about applicable rules or guidelines, and then make recommendations not in compliance, â€œyou could be held liable,â€ he said. â€œAt the very least, increase your insurance, especially errors and omissions.â€
Biometrics RequiredUpgrades of the ID badge system at the Port of Seattle were underway, when the requirements changed abruptly. â€œOur security requirements are shaped instantly by world events,â€ said Brad Jenson, AV/IT Security Systems Supervisor at SeaTac Airport. â€œIn the aftermath of September 11, biometrics became a requirement.â€
The airportâ€™s ID system is designed so that staff on site can modify scripts as necessary and customize the data view. With the requirement for higher security, Jenson said, â€œThe specifications for the ID badge system and access control technologies were modified accordingly.â€ Still â€œa work in progress,â€ the systems now include fingerprint identification, and smart card printers, for example. The intent is to achieve â€œmaximum flexibility for an uncertain future,â€ he said. Changes in security needs as well as changes in security requirements can be accommodated.
No More HolesFor Chelan County Public Utility District in Washington, the documents to follow are â€œThe Physical Protection of Critical Infrastructure and Key Assetsâ€ and â€œVulnerability Assessment Methods, Electrical Power Infrastructure.â€ The guidelines are set to help power utilities upgrade security systems in light of September 11 attacks. â€œThat was the basis of the investment,â€ said Richard Robert, director of security. He led a major overhaul of access control, video, and monitoring for the agency, which generates electricity for clients throughout the West from its dams along the Columbia River.
Prior to 9-11, the agency had determined every possible gap in security and â€œthen put it on the shelf,â€ said Robert. â€œAfter 9-11, ba-boom, everything came off the shelf.â€ Now that an enterprise-level system has been installed with upgrades throughout the facilities, â€œItâ€™s a better place to work, people feel more comfortable, and we have an excellent management tool.â€
With his background in law enforcement, Robert did his homework before and after requesting bids. â€œThe installation is key: the integrator. If you get a bad integrator, youâ€™ll find outâ€¦later.â€ His diligence extended to multiple on-site visits, checking integratorsâ€™ references and poking inside their control boxes. Too often, it wasnâ€™t pretty.
â€œWhen you opened the panel, youâ€™d swear somebody had put a bowl of spaghetti in there,â€ he said.
To determine which integrator will meet his standards, the power security chief looks for manufacturer training and certificates that show technicians assigned to his worksite are personally qualified on equipment they install.
â€œWhen you first install new security, everybody hates it,â€ Robert said. When itâ€™s done right, â€œthen they get used to it, and everybodyâ€™s a security expert. They want it on their door.â€
Awareness and EducationAt Pepsico, itâ€™s hearts and minds that needed changing. â€œWhen we spend money on gates, guards, fire alarms, and security systems to better protection ourselves against threats, then we canâ€™t have employees let strangers follow them in the door,â€ said David Carpenter, who heads up global security. During the 2001 attacks, Carpenter was assistant secretary of state for diplomatic security at the U.S. State Department. In his current assignment, concern about September 11 is real, but doesnâ€™t hit home at first. When concerns are pointed out, the reaction is typical: â€œâ€™We make sodas and salty snacks. Why would someone want to get in our facility?â€™â€
â€œWe need to engage employees and make sure only people with passes come in. Weâ€™re trying to drive that home very hard,â€ Carpenter said.