NEW YORK -- If enterprises are serious about eventually integrating their logical security operations with physical security, they can probably turn to the aviation and transportation industries for examples. Governed by the mandates of the Department of Homeland Security and other federal agencies, airports like JFK International, for example, have no choice but to make the two work together smoothly. In this interview, JFK Terminal...
4 security director John J. De Felice describes the convergence of logical and physical security at the airport, the use of biometrics as an access control for construction workers operating in a sensitive area, and his operation's relationship with Department of Homeland Security.
Do you manage both logical and physical security for your terminal? And if so, is managing both a new component of your responsibilities?
John De Felice: I manage the philosophy of it. The actual day-to-day management is done by two different departments: operations and IT. Operations handles the physical end, IT the logical. What I design and what I'm responsible for is the development of the philosophy that makes all that work.
In the aviation industry, the convergence of logical and physical security is almost mandated. How can a 'traditional' enterprise overcome resistance to the convergence? And is it inevitable?
De Felice: I think if we're going to proceed in the right direction, it is inevitable. People need to be educated as to what they're in store for. Once they are, it becomes more palatable. It's a cultural thing. I think it's the only viable way.
With your example of the construction site, you labeled them a 'captive audience.' Did any of them pose resistance?
De Felice: They were in a Catch-22 situation. Either you enroll, or you didn't work on that site. That was part of what you needed to do, and it was met with no resistance whatsoever. I never heard one construction worker say, 'I'm not doing that.' I can't say across the board that would be the case, but [it was] for our project -- we had about 3,000 workers, at different times, and there was no resistance.
In terms of the technology, what challenges did you run into with respect to integration with systems already in existence?
De Felice: There were some challenges with the articulation and integration of one system with another. It wasn't without problems. When you mate two types of technologies, you always run into downtime, especially back-end downtime. Everything was still emerging with palm [hand] geometry [biometrics]; it was very new. There were some interruptions at the beginning, but the manufacturer had worked with our access control system to help us through that.
Biometrics have also been slammed for high costs. Was that an issue for you?
De Felice: Believe it or not, the hand geometry application was very inexpensive. We only used it at one access point and one enrollment station. The cost associated with that was less than $2,000. Of course, there was installation [which cost something]. For less than $5,000, we had a very good vehicle for verifying that the person holding the card was the person who was issued the card.
Enterprises are reticent to advocate or support regulation and legislation. In some vertical markets, however, government intervention has made systems and processes more secure. Is regulation and legislation the nudge enterprises need to make things more secure?
De Felice: I don't like to wave the flag for regulation. You don't legislate emotions. You don't legislate socialization. In the past, we have done that. And in every instance the government has done that, they've met with even more resistance. The best way to get this program rolling is for people to educate -- you're probably going to have to have people in the academic field, or the medical field -- get committees formed and articulate why this is a good technology and what are the safeguards that will protect you when this technology is implemented.
Can you provide examples of how you educated your user base?
De Felice: It was through informal gatherings, what we call town-hall meetings. We also sent out e-mails to every employee. Everyone who came to the key-badge office was given a pamphlet. We used a lot of different methods to get the information out. We're dealing with a different kind of population. The people are in a closed environment. It was a little easier to get the information out to them.
You have to deal closely with the Department of Homeland Security. How do you see that evolving, in terms of information sharing and other things that fall under their umbrella?
De Felice: Since September 11, information sharing has gotten much, much better. In the aviation industry, especially at JFK, there was a lot of information sharing already, but there was need for improvement. Since September 11, it's gotten 100% better. There are so many agencies and workgroups that were formulated, task forces, that it's commonplace for information to go up and down very quickly. Everyone's tapped into this. It really was a unifying factor. If anything came out of September 11 that was positive, it was that. The intelligence community realized, 'Hey, we'll do a lot better if we work together than if we work our separate ways in parallel investigations.'