NRC security detail is online

When the General Services Administration in 1995 delegated authority to the Nuclear
Regulatory Commission for overseeing its own security guard service contract, NRC's
Security Division decided to automate time and attendance record-keeping.

 Manual sign-ins and sign-outs of about 60 security officers required the NRC
contract staff to spend eight to 10 hours per week on verification alone. 

Under the automated system, oversight now takes just two to four hours per month. The
security contractor also has benefitted by accessing the automated system to calculate

 Finding the automated capability wasn't as easy as might be expected. The Security
Division and NRC's IRM Office turned up only one commercial product that appeared adequate
for the job, and it proved incapable of handling the guards' shift and relief schedules.
No existing government system was found that could be adapted.

 A member of the security staff then attended an industrial security convention and
met one vendor that projected release of a suitable product within a year, but NRC
couldn't wait that long. Another vendor claimed to have just the system that was needed.
However, it was proprietary and would have required NRC to contract for the vendor's own
security officers.  

When all this research proved fruitless, the Security Division and IRM Office put their
heads together. Security identified requirements, and IRM put two in-house developers on
the job. They came up with a straightforward MS-DOS interface for the guards to sign in
and out at their posts.

 Greg Nowakowski, a Census Bureau employee working at NRC, wrote the application in C
to run on a Novell NetWare 3.11 LAN. Networked PCs already were at most of the guard

The tracking system has extensive reporting capabilities and can serve as the basis for
hourly payment records. Up-to-the-minute post coverage data is available at the system
manager's terminal. Security managers can shift around guards and post schedules and
holidays as needed without going to the developers for changes.

 To ensure that only the authorized officers sign in, the tracking system
periodically presents several types of built-in checks. For instance, it may ask a guard
for random information such as birthday, birthplace or high school name.

 NRC tested the system for two months in parallel with the manual system before
cutting over totally. Both the agency and the security company continue to rely on the
MS-DOS program. NRC can give the program to other agencies, but without support.

 For more information, contact NRC's Lois Telford at 301-415-6837. 

Stuart Lynn is a systems analyst with the Nuclear Regulatory Commission in
Rockville, Md.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above