Stringent BEE regulations, onerous tendering processes and an endemic lack of transferable skills are all elements that create frustration in government security projects. Add to this ageing legacy systems and a general slowness in adopting overall integration of solutions, and it is clear that being a supplier into this market sector is particularly challenging. Hi-Tech Security Solutions discussed the pitfalls with three industry specialists.
According to Kevin Buret of Sukema, national key points have the highest level of both logical and physical security. Unfortunately, the level of security within other government facilities is not always to an adequate standard. With regard to the securing of sensitive information government departments hold, he believes that more emphasis needs to be placed on a proper security strategy.
He refers to the PoPI act as being of relevance in this respect and says that he is uncertain whether the stakeholders understand the potential consequences if one does not follow the Act properly, especially with respect to where one captures information on paper. The solution, he says, is to adopt an electronic system that captures and stores information in the correct manner and assurance should also be given that the data will be used only for the specific purpose for which it was originally captured.
Kevin Monk of SW Security Solutions, is a fan of adopting biometric systems for identification management. This, he says, is particularly important when one evaluates high-risk areas and controls access to sensitive information by deploying this technology. Unfortunately, because most government projects are budget driven and subject to the openness of management to deploy security technology, biometric systems often do not see the light of day. In addition, many larger projects are controlled by consultants who are responsible for specifying which technology will be used, often without a thorough grasp of best practice.
Integrated approach
Carlo Klopper of FS Systems points out that government departments are faced with both internal threats from employees who acquire access to data and malicious external threats acquiring data through virtual access. Fighting these threats requires an integrated approach, with various strong physical security layers that entail perimeter security, access control and surveillance, together with logical security in terms of server access and linking this to SAP, HR, contractor management and visitor management.
The important role that physical security plays in controlling government buildings and locations cannot be overestimated. However, it would seem that there is little consistency in the magnitude of and manner in which systems are being deployed in the various government departments. Buret accredits this to suppliers selling boxed products as opposed to holistic solutions. Due to the fact that there is a general lack of an overall security strategy, sustainability and scalability of systems is minimal.
There is definitely a need for more strategic monitoring and maintenance of security systems to ensure their long-term success. The majority of clients in the government sector have existing investments in legacy equipment which is often underutilised and not monitored correctly. While they may be persuaded to upgrade to newer technology, there is frequently no long-term strategy in place. Buret advises that more use be made of analytics and data mining rather than the traditional route of relying on the human factor. This will allow a more rapid response to alerts and triggers from the equipment.
Slow adoption
Monk reiterates the point that National Key Point sites are doing a sterling job with respect to perimeter protection, through a combination of thermal cameras, motion detection sensors, beams, and microwave technology. In less sensitive facilities, perimeter detection is usually limited to the visual deterrent of electric fencing.
He cites an example where Johannesburg Municipality is apparently issuing a tender for the upgrading of the alarm systems in a large proportion of its buildings. Alarms, he believes are the most neglected component of any security system as they are often not upgraded or replaced until they run to failure. Proper assessments of government systems in terms of Bylaw 25 (intruder alarm installation standard) should be undertaken to ensure that they offer a specified minimum standard.
Access control is in many instances moving away from card-based systems to biometrics. In fact, a pilot project using low energy Bluetooth readers as the access device is proving rather successful and could set the trend for future installations. Klopper says that there are lots of benefits to being able to use a mobile device to provide control and access rights, including the ability to enrol and delist users and to remotely disable and enable systems.
While the private sector has been receptive to the implementation of integrated converged solutions, uptake in the public sector has not been as enthusiastic. In fact, integration seems to be used infrequently and in a rather loose manner, Buret comments. This does not achieve much for government departments since it lacks the support of a structured environment.
The answer, he believes, is the necessity to understand why systems are being used and which challenges need to be overcome to result in successful integration. Unfortunately, the biggest challenge facing government departments in this respect is that there are too many disparate silo systems, which are consequently not being used properly.
Functioning and used correctly
Integrators need to identify the areas of consternation, determine what equipment is being used and then see if it is functioning and being used correctly. He uses access control as an example. An appropriate access control system will have information on who is currently in the building. When integrated with a fire and evacuation system, management can interrogate the access control system to determine which employees are absent on a particular day and which visitors are present in the building. This will then ensure that panic is avoided when missing personnel are not accounted for with manual or inadequate systems.
Monk adds that at the higher levels of decision making discussions are in place around integration of systems, but implementation is still a distant goal. The execution of integration will need to happen in multiple layers. The starting point will be to retract disparate secur-ity systems where they have no operational benefit, put business compliance in place, and then add in the integration of converged systems. Due to the complicated nature of this process, it is expected to take some time before it comes to fruition.
Klopper is upbeat about the increasing investments being made into enterprise integrated solutions with layers of control and surveillance. The big benefit of achieving integration is that in real time organisations can acquire an overview of large amounts of data, which results in faster reaction times.
Tough tendering
Much has been written about the complexities of tendering for government projects. All the interviewees agree that government contracts are tough nuts to crack, with specifications developed by consultants who are not always au fait with the security sector and best practice in this field. In general, the majority of tenders are written around specific products with the specification provided by a favoured supplier for the consultant or government department.
Buret is adamant that Sukema will not tender if the supplier has already influenced the process, since the company is product agnostic and prefers to work with products that are suited to the specific application at hand. Added to the issues with predetermined product brands and models is the fact that tenders are often awarded purely on pricing, with a total disregard for standards and the track record of the products or systems.
The biggest deterrent to tendering for any system integrator is the arduous BEE codes. Monk says that companies that previously held level 3 status are now finding that in many instances they have been downgraded to level 4 or level 5 status. In addition to the tendering process being so cumbersome and weighted, for the average business the payment terms are a huge issue.
Government departments frequently use consultants who try to tie system integrators into the Joint Building Contracts Committee (JBCC) contract, which is actually designed for construction companies. Therefore, when tendering, SIs have to factor in that 10% of their profit will be retained for a year. Alternatively, performance bonds are implemented by lending institutions which again results in the retention of monies.
Klopper comments that a trend within government departments is the award of multi-year contracts. While the assurance of an ongoing project can seem attractive to cash-starved companies, there is a definite downside to this scenario. Essentially, the SI has to gear up with resources and capabilities in order to provide guaranteed service for this extended period of time. The problem arises when the contract comes to an end as the SI then has a glut of human and material resources which need to be either reallocated to a project or retrenched/sold off if no new projects are available.
Challenges
Sukema has faced a number of challenges in the government sector, with the existence of legacy systems being a dominant one. Where multiple disparate systems exist, staff will require extensive training to ensure that they are proficient on a wide variety of products. Once again, this problem could be alleviated during the tender process when the opportunity arises to stipulate the implementation of open platform systems or standardisation on specific brand solutions.
Not only is archaic and incompatible equipment an issue, but it is compounded by an apparent lack of effective management on the operational side. One finds high value equipment being monitored by an outsourced facility which may not be familiar with operational procedures and systems. This can easily result in inadequate response to events. Carefully selected technology, however, becomes an effective enabler which is instrumental in providing timeous alerts.
Another area where shortfalls occur is in the scarcity of essential skills. The big question is whether SIs place people permanently on site or do they train government technicians to undertake an operational and maintenance role. Buret feels that where technology is deployed there is simply not enough skills to maintain it from the customer’s side.
Sadly, when people are trained and leave the government department there is very little transfer of knowledge happening. As a result, there is perhaps only 20% usage of system capabilities. He encourages customers to focus on their core business and allow specialists to help them. Cloud managed services are becoming more popular, using a management platform in conjunction with technology to deal with exceptions.
Monk adds that SIs should responsible for Tier 3 support and database maintenance, while government personnel can be upskilled to maintain Tier 1 equipment. In addition, there should be more of a drive towards proactive rather than reactive maintenance. Unfortunately, when maintenance is handled in-house, other operational requirements often take precedence over security systems, which leads to unnecessary downtime.
He continues that training government technicians is difficult due to the warranty negotiated with product suppliers. Therefore, most SIs would rather service systems themselves to ensure that warranties are not rendered null and void.
Customised solutions
Sukema provides a core suite of management products to manage all operations across security, assets, health and safety, logistics and workforce management and to integrate these with other subsystems.
Similarly, SW Security Solutions would review current systems and then find the best solutions for the tasks at hand. Monk stresses that since many of the systems are monitored by control room staff who may not be skilled to industry standards, it is advisable to deploy systems that are extremely user friendly.
Klopper states that one should build solutions to deliver organisational value. Technology continues to become more complex and the number of solutions continues to expand, thereby making customisation a prerequisite for optimised operational performance.
While there is a drive towards using more local content as a result of government intervention and incentives, the issue is whether local products are available for specific operations and also whether they are affordable. Monk believes that there are instances of local suppliers who fit the bill but there are also many cases where it is simply advisable to go the importation route. However, with most local products the advantages are that support is readily available and affordable, as well as more time efficient.
Buret adds that one should consider that South Africa serves as a testing ground for technology in security and if something has been proven in this country it will definitely be suitable for exportation. This lends a large degree of credibility to its use in the government arena.
Security insights
Security & Communication Warehouse MD, Pasco Lattuca, offers some insights into the security of government locations.
Securing information at national key points is imperative to the efficient functioning of a state. There needs to be a willingness to apply best practice to these institutes protecting the information. Physical security coupled with access control is the answer.
Physical security works hand in hand with electronic security, and that includes alarms, perimeter detection and access control. The government should opt for Tier1 products, as the total cost of ownership in the long run will prove to be the better option. Access control software has improved considerably over the past three years and integration with surveillance and alarms has become common practice. Biometrics is a given, allowing the tracking of an individual to be done with accuracy.
However, budgets allocated are often insufficient to get the desired results and they use alternative Tier 2 or Tier 3 products to match the budget. However, the lifespan and the intrinsic quality of these products will not match that of Tier 1 systems. And as a result the project lifespan would be reduced. The advisors to the state also do not have a white paper to work from and primarily would supply their solution based on personal experiences and preferences.
Cyber security is and will be a problem going forward and naturally the state is at risk of hacking and viruses. Security and cyber security are very similar in there composition and the same tactical and coherent approach should be applied. The state is investing more resources and time to resolving cyber security. There are many options available to minimise the risk to the problem and naturally, as in electronic security, the selection of the advisory panel is critical to stability and efficiency.
| Tel: | +27 11 543 5800 |
| Email: | [email protected] |
| www: | www.technews.co.za |
| Articles: | More information and articles about Technews Publishing |
© Technews Publishing (Pty) Ltd. | All Rights Reserved.
printer friendly version