The challenges of security programs—including those involving surveillance cameras—are common at all levels of government, so developing models and strategies for dealing with those challenges is crucial to getting security programs funded, according to federal and county officials.
Security is built into federal agencies’ programmatic and mission functions; as agencies develop their annual budget proposals, they include appropriations for their own security and, when appropriate, to award grants, said Robert Brese, the Department of Energy’s deputy chief information officer.
However, federal budget sequestration has placed caps on the amounts agencies can spend, said Brese, who spoke about “Funding Today’s Security Programs” at the GovSec conference in Washington during May. Sequestration has imposed “flat and declining budgets” on the agencies, creating a situation where flat is the new increase in funding, he said. But, even though appropriations for security programs might be reduced, “the level of security requirements don’t go down,” he added.
The agencies are aware that “even though our bottom lines are going down, or being held flat, the level of activity by our adversaries continues to go up,” Brese said. While security programs have to be funded, the cap on federal spending has required the agencies to focus intently on “outcomes and goals,” either within the agency, or by grant recipients, he said. Such outcomes and goals are provided to the agencies by the White House and from the departments, he said. The agencies also are aware that there are local goals that jurisdictions want to achieve.
DEALING WITH RISKS
In addition, while state and local governments face the same challenges when seeking funding for security programs, each municipality has pressures unique to their jurisdictions, said Ira Levy, chief information officer for Howard County, Md., who also spoke at GovSec. “Those pressures are how the jurisdictions develop funding models to deal with what is seen as risks,” he said.
When the agencies in Howard County seek security-program funding—either in the county budget or through grants—it is to deal with vulnerabilities and risks, Levy said. In addition, no matter how secure a facility might seem to be, “unpatched vulnerabilities” can be found, he said. “Anyone who says that they are ‘100 percent patched’ or their goal is to be 100 percent patched … the first is untrue, and the second is impossible.”
Some potential funders might even ask, “If you know these vulnerabilities exist, then why haven’t you fixed them on your own?” Levy said. So those seeking a grant or a budget allocation have to be ready “to have a conversation on why you haven’t fixed those.”
Howard County government is not the largest or smallest county government in Maryland, but is in the middle in many regards, including geographically in the middle between Washington and Baltimore, he said. The county uses its location as an advantage when seeking discretionary funding from the state or federal government, he said. It partners with adjacent counties when applying for grants, he added.
The grants the county seeks are, on occasion, not so much about vulnerabilities, but how the joint applicants are going to approach the vulnerabilities, Levy said. If the funder believes that four jurisdictions are going to team up to deal with a risk, that can be more meaningful because we’re four jurisdictions coming together, he said. When counties do partner, they have not only communicated a risk, but that it is being solved by combined action.