A Heavenly Marriage: Physical, Virtual Security

BRUCE: Well, I'll use recent projects that we've deployed. We, through access to a number of grants, back in 2006 and 2007, contracted out for a consultant to come in and look at an enterprise-wide physical security solution for the city and county of Honolulu. Their goal was to design a system, without selecting a vendor, that met our need. Once that was done, we brought in another expert, to take a look at what applications and what systems were out there, and identify, through the RFP process, a system that would meet our needs. And that system had to address everything from credentialing, who the person is, all the way to what door they are allowed to go through, in what particular building. All of that was laid out. Now that credential that we have created is a national standards. It's called 6201 HSPD 12 Credential. And we are rolling those credentials out now.

We've deployed the physical security systems in five waste water treatment plants, Fire department headquarters, Frank Fasi Municipal Building, City Hall, and the mayor's office, the Office of Transportation Services, which is the bus. We're going to be letting the contract to start rolling out the police department headquarters. Of all the strange things, to give you a sense of the system, we have surf lockers here in Honolulu. We actually rolled it out last week, at the surf lockers, to control what goes on at that particular location. All, an integrated solution set.

Now, the credential, as we roll it out, for the first responders, and for the employees, identifies what, from a cybersecurity standpoint, these individuals have the right to do. So, if there was an incident that occurred, and I come up to that particular incident, my credential, with a wireless handheld device, identifies me as that person on the picture, there is a fingerprint read, and at the same time, it identifies what I am qualified to do. Am I hazmat certified? Am I certified in these certain areas? And it will allow or not allow me into that particular site. It really brings those two pieces of the physical security and the cybersecurity together.

People tend to think of cybersecurity like "Oh, what can my PC get access to?" That's just a piece of it. It gets deeper than just the device that's sitting out there on the edge. That's one of the pieces. The person is another one of the pieces. The network is another one of the pieces. The applications that are being run on that network are all of the other individual pieces. Taking the physical side, as well as the cyber side, and bringing them together allows an organization, especially like government, to take the disparate pieces, and run with the standards that are created, on a daily basis, so that we are monitoring, we are tracking, we are reacting, we are pro-acting to anything that many occur, not only from a public safety standpoint, but from a security standpoint, of the citizen's data and the employee's use of all of these systems that have been funded by the citizen.

CHABROW: How is this governed?

BRUCE: We govern it through two entities. The first entity was the one I mentioned earlier, the Public Safety Oversight Committee, which is now headed up by the Department of Emergency Management. The long-term plan under the mayor's direction was once public safety oversight was established, and all the programs identified and the plans put in place to move forward, was to create a department of emergency management that would oversee that. That has occurred. They oversee credentialing, physical security, first responder communication. So, they oversee the operations of that, if you will.

The other piece of the puzzle is the Department of Information and Technology, which is responsible for supporting all of those pieces. So, we support all first responder radio communication, 800 megahertz, microwave, we support Wi-Max, we support the WiFi, we support the physical fiber network that we have deployed around the entire island. We support the security systems that monitor what goes on on the networks. We support routers, the switches and everything else. We support 911. The 911 infrastructure, that's supported out of the Department of Information Technology, even though it is handled by police, fire and ambulance, as the consumer, or the user of the product, all of that information is supported by DIT. Instead of having to deal with multiple agencies and multiple players and multiple issues, we have kept it nice and tightly fit around these two entities.

CHABROW: Is there any other kind of relationship to other types of IT security with physical security? For instance, is does of the information that you deal with, credentialing, help in other aspects of IT security?