Most public sector information technology (IT) decision-makers know that security system modernization (SSM) is critical. It’s truly the only way to prevent ever-evolving next-generation threats and attacks. However, the process of SSM comes with a multitude of challenges, from contending with budgetary restrictions to system integration issues.These obstacles are what keep many public sector agencies in the destructive spending pattern of simply maintaining outdated systems. In fact, the federal government has spent as much as 80 percent of its IT budget on maintenance rather than new investments. But “new investments” doesn’t have to mean ripping and replacing every system. Instead, IT leaders can apply zero-trust cybersecurity principles to existing systems.In the case of SSM in the military, IT leaders need to make integration a central pillar of their modernization efforts, meaning every cloud and on-site solution should work together. Because military security systems have complex cybersecurity requirements, traditionally planners have kept these systems isolated and inadvertently siloed critical data. These data silos ultimately create gaps in coverage and require advanced technological solutions to be properly addressed.To provide guidance to this complex integration problem, the Natural Disaster Program Management Office at Tyndall Air Force Base (AFB) awarded Simplesense, an emergency technology solutions provider, a $9 million contract to build the Installation Resilience Operations Center, or IROC, to enhance base security and facility operations by integrating 12 technologies into a ready-to-implement military-specific Internet of Things, or IoT.In the fall of 2021, the Air Force Lifecycle Management Center awarded Simplesense an additional $3.4 million to pursue SSM at Tyndall AFB, combining civil engineering and security forces modernization into one technical effort as a pathfinder project.The “system of systems” will create a common data platform that hosts information from internal and external stakeholders inside and outside of Tyndall AFB, including emergency operations and first responders. Simply put: this system can securely route data and advanced analytics wherever and whenever people need it.
What is Security System Modernization (SSM)?
Security system modernization (SSM) is the act of upgrading, integrating, and improving an organization’s security systems, applications, and data. The goal is to enhance situational awareness, reduce risks, minimize points of weakness and vulnerabilities, and streamline operations.“In its simplest sense,” says Ken Ohlson, Senior Program Management for Simplesense and United States Air Force Veteran with nearly three decades of experience, “Security system modernization is taking an outdated security system into the 21st century by integrating other data sources and systems. At Tyndall AFB, our goal is to combine data feeds and pull the right information out of each of them and present it to the controller and the alarm monitor, in context, at the right time.”
Bigger Savings. Better Security.
The U.S. government plans to spend over $100 billion this fiscal year on information technology. IT decision-makers will use most of those funds to operate and maintain existing systems. While there are certainly numerous legacy systems, many require upgrades and integrations to operate as fully streamlined security solutions.“We're trying to go from a rip and replace approach, meaning rip all the old stuff out, put in new stuff— which has become the standard—to an adapt and integrate strategy,” notes Ken. “We upgrade what's there to make sure we have a modern stable security system and then merge the data streams from each component of the security system to provide better situational awareness.”So, not only can this approach save the military millions of dollars, but it also eliminates deep-rooted data silos. In the context of security, more organized data can mean faster response times and better decision-making in the event of a crisis and throughout standard daily operations.“You can't build one system that can do everything for everybody,” asserts Ken. “So why not pick separate specialized systems (e.g., security system, building management system, fire alarm system) that fit your needs and then integrate their data flows into a single operation center as opposed to trying to build a new security system that does it all.”
For mission support users, receiving the right data, at the right time, in the right format, is critical for taking swift and effective action. SSM will streamline data flows and securely share information with each party who needs access, which allows for faster response times.“An operator in a control center spends a lot of their time answering questions about what's going on,” notes Ken. “If we can give the right data to those people, then everyone can concentrate on solving the incident, not on asking and answering questions. Don't get me wrong, bosses need information to make good decisions, so if we can bypass the questions, then the response can be more efficient and effective.”Without implementing the rip and replace technique, Simplesense is also able to enhance usability. “Let's suppose that there are five systems in the base defense operation center; an operator needs to be trained in each one of those five systems,” Ken says. “Our goal is to create one system to interact with, IROC. The user has five systems worth of data but only one unit to interact with.”Minimizing the number of systems an operator needs to monitor creates a more user-friendly system. Further, instead of spreading training time across five systems, an operator can study one centralized platform, ultimately building operational know-how and boosting personnel efficiency.
A Paradigm Shift
The barriers to SSM aren’t just technical challenges; they’re cultural ones. First, many government agencies are reluctant to put data in cloud-based systems—and that hesitation is understandable. According to a recent IBM report, there are thousands of data breaches each year, and the costs of these breaches are reaching record highs. However, military response times are slower without access to data, and mission-critical information can be lost in inaccessible data silos.“It’s challenging to break old paradigms,” admits Ken. “The biggest challenge is convincing people that we can take a new approach and still be secure. Once you start talking about making security information portable, people get really nervous.”[caption id="attachment_1722" align="aligncenter" width="750"]
Secondly, some decision-makers want to replace entire systems rather than incrementally modernize existing ones. However, this approach isn't sustainable. IT leaders have long-term plans and budgets to follow, making it difficult to ramp up a new system every time technology makes a significant advancement.Maxing out budgets for entirely new security systems makes it exceedingly difficult to make purposeful and incremental upgrades when stakeholders need them. While there are instances where entirely new systems are mission-critical, following an upgrade-and-integrate approach to SSM often leads to better results at a more affordable price.Third, many decision-makers often consider new concepts with an "if it ain't broke, don't fix it" mentality. The problem is, waiting to replace technology until it's broken can have catastrophic results.
Simplesense is helping to make IROC a reality. It’s a solution that would deliver enhanced base security, emergency response, and facility operations by securely eliminating information silos in a way that improves situational awareness. Ken put it best: “We'll use IROC to present information to the right users at the right time.”