In today’s threat landscape, federal security leaders must prioritize better safeguarding facilities, people and property, says Katie Bourbeau, Executive Director, Business Development, Convergint Federal.
In a recent survey from Pro-Vigil, 25% of business leaders across a wide range of sectors reported an increase in physical security incidents in 2023.
Furthermore, 87% of respondents fear the number of incidents will stay the same at best and 27% predict that incidents will certainly increase.
Federal government agencies must respond by focusing on the implementation of fully integrated, modernized technology solutions that can better protect personnel and facilities from unpredictable threats or risk bad actors continuing to target federal agencies in the years to come.
They must also address cyber-threats that endanger federal networks and confidential data.
Federal security leaders should immediately harden their network and cybersecurity measures in 2024 by integrating emerging cloud and AI-powered technologies to power efficiency (while remaining compliant with evolving regulations) and safeguard the nation’s most confidential data and critical infrastructure.
With this, below are three considerations every federal security leader should keep in mind in 2024 – to stay ahead of evolving threat (physical and cyber) and ensure a more robust, tech-forward security approach.
Federal agencies are increasingly adopting emerging and cloud-based technology to streamline security management and threat remediation.
This includes cloud video surveillance, for example, in which video footage is stored remotely in the cloud, rather than on local legacy devices such as network video recorders (NVRs), digital video recorders (DVRs) or network attached storage (NAS) drives.
By implementing modernized, cloud video surveillance solutions, agencies can seamlessly scale their surveillance system and add cameras as needed, without the limitations of physical storage – and can reduce time and resources spent on maintenance, access video feed from anywhere and eliminate the need for costly storage infrastructure.
Federal security leaders can also consider adopting cloud-based, wireless intrusion detection systems (WIDS), which can remotely monitor device networks to identify possible attack or threat, network errors and potential access points for bad actors to exploit.
In integrating these cloud-based technologies, agencies must consider adopting a zero trust security strategy in lockstep – constantly assuming breaches are happening within a network and requiring strict verification for access within the IT environment.
Through this model, federal agencies can reduce risk when adopting emerging technologies and better adapt to evolving threat.
Zero trust, combined with innovative, cloud-based technologies, enables federal agencies to modernize their security posture and transform operations while remaining compliant with regulatory guidelines and remediating cyber threats.
Hackers are continuing to target the federal government’s data network. With the ability to breach physical security devices connected to these networks, standalone legacy devices – including video surveillance, access control and building automation solutions – are urgently vulnerable to cyber-threats.
As outdated security systems may be not equipped to defend against threats, implementing a remotely managed ecosystem of devices is now critical for agencies to consider.
With the transition to cloud-based security networks, agencies must prioritize the proper network hardening (and certification from software vendors) to ensure that the use of all devices is secure.
Undergoing the process of network hardening – including establishing stricter access controls, encryption and educating employees on how to spot threat – ensures that cloud security systems are better protected from threat on an ongoing basis and maintaining a secure digital environment.
With an ongoing commitment to securing their network and facilities from threats, federal security leaders should also ensure that the technology providers they work with uphold the same dedication to network hardening, data protection and access control policies.
With the emergence of cloud-based and AI-powered technology, federal security leaders must balance the rate of technology adoption with ensuring federal data and security regulation compliance.
For example, Biden’s 2021 executive order on improving the nation’s cybersecurity mandates that software vendors who provide services to federal agencies disclose a Software Bill of Materials (SBOM) – outlining the open-source and third-party components that make up their software, to improve threat visibility and transparency.
This means that federal agencies must ensure that software vendors are providing an SBOM and the due diligence to prove that their practices are secure.
Beyond SBOM, agencies must also ensure that software solutions are FedRAMP authorized and compliant – certifying that cloud providers can properly secure federal information and are safe for public sector use.
As this is a very rigorous and time-consuming process to complete and specific to cloud-based technology, FedRAMP certification is vital to consider when evaluating cloud providers, proving that their data practices are consistently secure.
Federal security leaders must also consider Authority to Operate (ATO) processes – aiming to minimize and manage risk in software systems and fully assessing solutions to certify that they are safe for government use.
Additional regulations like the Homeland Security Presidential Directive 12 (HSPD-12) set strict requirements and standards, ensuring reliable identification and access control protocols within government facilities to protect federal employees and reduce risk of identity fraud.
As federal facilities often face strict regulations for which devices can be employed to comply with regulations like HSPD-12, working closely with a security integrator is critical to ensure compliance with these rapidly evolving regulations.
Following the Secretary of Defense’s memo in 2023 and the 45-day review of the Department of Defense’s security policies and procedures, agencies will also be required to install WIDS throughout facilities by 2024 – to manage internal access and threat vulnerabilities for Sensitive Compartmented Information Facilities (SCIFs) and Special Access Program Facilities (SAPFs).
As government agencies face changing federal security requirements and pressing deadlines to harden physical security measures – like these WIDS system requirements – security integrators can offer the expertise needed to ensure that software and devices are in compliance on an ongoing basis, helping federal clients overcome complex security objectives and streamline the process of meeting deadlines.
New technologies, including cloud-based and AI-powered security systems, present an exciting opportunity for federal agencies and leaders to modernize security operations and create a more secure, efficiently managed environment, especially amidst rapidly evolving cyber and physical threats.
However, federal security leaders must also ensure that these technologies are compliant with complex federal regulations and that their security network is prepared for cloud-based technologies.
Partnering with a security integrator that specializes in federal security environments is crucial, to ensure compliance and safety in this complex sector.
By balancing these cutting-edge, emerging technologies with ongoing regulations and requirements – agencies can improve federal security posture and operations, to safeguard the nation’s critical personnel and facilities. Â
Katie Bourbeau has 20 years of experience serving the federal government. Her career began as an Aviation Logistics Officer in the US Marine Corps.
After her military service, she went on to work for both small and large systems integration companies as a regional federal sales account manager.
For the last eight years, she has led federal sales and operational teams to best support Convergint’s federal customers and partners.
This article was originally published in the May edition of Security Journal Americas. To read your FREE digital edition, click here.