Automation strengthens facility threat assessments
- By Stephanie Kanowitz
- Nov 20, 2019
The Federal Protective Service (FPS) estimates that it has halved the time it takes to produce threat assessment reports (TARs) by applying automation and machine learning.
Part of the Department of Homeland Security, FPS is responsible for the security and safety of federal employees and the business they conduct at about 9,500 federal facilities nationwide. To that end, FPS’ approximately 1,000 special agents and inspectors conduct 2,100 annual assessments of threats to those buildings using the Modified Infrastructure Survey Tool, weigh them against standards and practices determined by the Interagency Security Committee (ISC) and recommend countermeasures.
Until recently, all of that happened manually. The inspectors, or physical security specialists, would conduct site visits; interview employees, community members and local law enforcement; and then write their findings in a report, concluding which threats were most likely to affect the facility.
Working with Argonne National Laboratory, FPS automated much of the information collection and analysis to identify security-related deficiencies and recommend countermeasure and mitigation measures.
“The biggest thing that [the automated TAR] does is it takes it out of the subjective realm and puts it into an objective realm, where now like findings will come up with like conclusions,” said Jeffrey Levine, the special agent responsible for FPS assessment operations. “In the past, we were dependent on those individuals to come up with a conclusion as to what their data is telling them, and based on their experience, based on their familiarity with an area, that information may vary," he said.. "With the automation, we’re able to throw a lot of math and science into it.”
When users log in to the tool, they see a dashboard of assessments to work. They click a link to what FPS calls the “online builder,” akin to a survey with questions and options to either check all that apply or provide specific responses, Levine said. They can also include comments as a description.
When all the threat and vulnerability data is entered, they click a button to start calculations. The system uses scripts that run the algorithms and returns back to the user groupings of likely threats.
Agents and inspectors document countermeasures already in place and compare them to the measures the ISC states would help mitigate those particular risks. Next, an automated gap analysis identifies where and how holes need to be filled, leaving FPS representatives with concrete recommendations to present to those responsible for security at each facility. Simply put: Based on what was found, this is what you have and what you need.
The automation looks at data from three sources: information input by agents specific to the threat assessment, information put in by inspectors specific to the vulnerability assessment and documentation of the existing countermeasures at a facility. TAR then includes sources that FPS feeds in, such as census data, crime statistics at a facility, data that FBI might have on the building and FPS database contents.
Agents must still enter findings from interviews and site visits, but rather than write sentences and paragraphs, they answer structured questions within the tool so that the information can feed into algorithms, Levine said.
“It’s definitely helping us to speed things up in terms of the process. It’s helping to identify things across the portfolio that might not have been as obvious to us,” he said. “Instead of me going to a facility … and saying, ‘OK, Facility X, here are the things that you face,’ what I can now do is go to a tenant --take, for example, Customs and Border Protection -- and say, ‘Across your portfolio that we protect -- 600, 700, 800 buildings -- here’s the common threats that we’re seeing and the common recommendations.’”
This lets agencies plan and budget at an enterprise, not facility, level. It also means inspectors can act on their findings sooner, rather than spend time writing reports.
The automated TAR had been beta testing for six months and is in full use as of fiscal 2020. The overall threat assessment process has been in place since December 2014.
Future capabilities include leveraging the cloud -- to which FPS is in the process of migrating-- to facilitate direct data sharing, Levine said, adding that he also plans to expand the machine learning, pulling in new data points and automating the review of documentation to surface threats. Right now, someone must read reports from state and local law enforcement about criminal activity at federal facilities, the bulk of which is theft, vandalism and assault, Levine said.
The automated TAR gives FPS "the ability to now start using all the information that’s out there and connecting all the dots instead of just most of the dots,” he said.
Stephanie Kanowitz is a freelance writer based in northern Virginia.