At SIA GovSummit, Government Security Execs Share Tips on Going from Silos to Convergence

Cyber and physical security leaders opened up about lessons they learned for converging systems across domains and how they evaluate and assess new technologies.

At the 2024 SIA GovSummit, a 2-day government security conference held in Washington, D.C., May 21-22, the convergence of IT and OT and the creation of a unified cyber-physical approach to security was a top theme that carried across many of the panels and keynotes. The overall message was that now is the time to modernize, bring together previously siloed security systems and create a paradigm shift for how government facilities and agencies approach security.

This message was on display in a key session at the 2024 SIA GovSummit that featured four federal government leaders – Aldrich Camat, chief of electronic security systems at the Pentagon Force Protection Agency; John Clatterbaugh, manager of information technology at U.S. Citizenship and Immigration Services; Remengton Pierce, cyber systems engineer at Sandia National Laboratories; and David VanderWeele, physical security program manager at the U.S. Fish and Wildlife Service – and moderated by Jeff Fields, director of federal government programs at Gallagher Security. This session highlighted conversations on creating an infrastructure that supports a common operating environment to refocus emphasis from single problem sets to holistic, connected views for better situational awareness and actionable intelligence.

Part of the discussion centered around the evolution of artificial intelligence (AI) and how such smart technologies are influencing this physical security modernization and automation initiative. Camat encouraged cautious adoption and encouraged agencies to consider what AI means for a given product or technology before adopting it. Clatterbaugh highlighted that “it’s difficult to control to consider what someone will enter into a chat with a bot” and emphasized the importance of protecting sensitive data when using AI. VanderWeele urged government entities to consider the filters being used with AI and how it could unintentionally be profiling, for example, as well as potential privacy implications.

As attack surfaces continue to expand and become more complex amid the increasing proliferation of OT/IoT devices into business and security functions, panelists weighed how the security industry can strengthen product resilience. Clatterbaugh emphasized the importance of identifying what is standard activity of a device or system so security teams have a baseline to compare against when something is suspected to be happening on a device that would not be standard.

“Federal departments and agencies face the challenge of providing security for both physical and cyber assets, targeted separately or simultaneously, resulting in compromised systems and infrastructures,” said Fields, prompting a discussion of how the industry can better prepare for these challenges and how physical security can improve its cybersecurity posture.

Camat stressed that IT counterparts need to be looped into what physical security is working to do, what the network can do and that their input must be included in what needs to be done to make applications successful. “We’re working on similar goals,” he said.

“Now we’re entering the digital realm,” said Pierce, who said that evaluations must focus on both the component level and the integrated testing level.

“As government agencies move toward the next technological horizon, it’s critical to understand how technologies used together can create new possibilities,” said Fields.

Panelists shared challenges they have experienced in their modernization efforts. Clatterbaugh said his agency’s challenges include funding and planning for how modernization will impact staffing and operational IT needs in terms of engineers and security operations center monitoring, while Pierce said it’s important to make sure different security solutions are not competing with each other and to understand whether a site needs one or multiple solutions.

‘If government leaders focus solely on separate technologies for single problem assets, they potentially risk buying them without the necessary support or infrastructure,” said Fields.

When it comes to assessing technologies, Clatterbaugh encouraged teams to “create a solid architectural plan, including your cybersecurity plan,” and include cybersecurity stakeholders from the beginning. “Have a solid plan upfront that meets your requirements, and be upfront about your solutions,” he said.

Panelists closed by exploring how the industry can improve on the modernization effort while simultaneously improving functionality, operational efficiency and delivery or actionable intelligence to the operator.

“Have support that’s going to be remote,” said VanderWeele. “Make it easy and effective to get that remote support to them.”

“Training is critical,” said Clatterbaugh, adding that with off-network systems, it is more difficult to provide training and that the U.S. Fish and Wildlife Service is working to standardize its basic levels of training for surveillance systems and evaluate the effectiveness of its personnel training materials.

Camat encouraged the industry to reach out to users during product development and get their feedback on the best ways for them to ingest all the data in terms of factors like priority, aesthetics and visualization.