Specifically Speaking with Andrew B. Hall

What's your role at the company?

As a physical and technical subject matter expert for UL listed 1076 & UL 2050 systems and Intelligence Community Directives (ICD) 705 Technical Specifications, I have participated as an industry representative to the U.S. Government Physical & Technical Security Policy Working Group for the past 20 years. In addition to owning and managing the company, I oversee all physical and technical security projects performed by HLM Associates for numerous clients.

What kinds of systems do you design/specify and what services does the company provide?

Our client base is often Defense & Intelligence Contractors, or it is the U.S. Government directly. We design UL 2050 intrusion detection systems and access control systems that are ICD 705 Technical Specification compliant for the safeguarding of U.S. Government Classified information.

We have more than 20 years' experience as a Software House CCure System Administrator for access control or access control & intrusion detection system as a list UL 1076 system & UL 2050 for accredited areas. We often specify Digital Monitoring Products (DMP) for intrusion detection systems that are for UL 2050 accredited areas.

With that said if a client has as specific system requirement, we will work with the alarm service company in the design, installation and commissioning to ensure it meets the requirement set forth by UL and the ICD 705 Technical Specification.

We can work with the architectural & engineering firm (A&E), the end-user or client, a specific alarm service company, U.S. Government Agency or company or firm that has a valid need to protect classified information.

Post installation we insure that the access control system and intrusion detection systems both go through commissioning and acceptance criteria testing. We will also insure the systems are UL 2050 and ICD 705 Technical Specification compliant. Should a particular U.S. Government Cognizant Security Authority (CSA) have a specific requirement or lien we will insure those have been met as well.

HLM Associates also provides technical mitigations against rF, Infrared Red (IR), electromagnetic interference (EMI) and shielding design, installation oversight and pre & post testing.

Commercially, we work with our clients to apply the same risk reduction and mitigations for the access control and intrusion detection systems used in the protection of the classified information in facilities that safeguard Research and Development laboratories, data centers, facilities that host merger & acquisitions, and financial information.

In addition to all of the physical & technical security requirements, understanding
operationally how the client works every day in this facility is key to every project success. Facilities that write software code are configured differently than satellite manufacturing facilities, clean rooms or data centers. All of our projects offer unique challenges, are interesting, and the sooner we are engaged the more integrated the mitigations and countermeasures are to the design.

How did you get started in security and designing/specifying?

After an honorable discharge from the U S Marine Corps in the spring of 1999, I took a position with a growing firm in the Washington DC Metro area. The business unit manager had a large telephone bill from all the alarm systems using multiplex telephone lines. He had been a program manager at the Defense Advance Research Project Agency (DARPA) and had worked on the “Internet”. He stated to me, “It is 1999, why can I put an alarm signal to the monitor station across the Internet?”

The answer was not so simple. U.S. government policies and UL 2050 did not allow for UL 2050 alarm signals to traverse the Internet. The business unit manager funded a small team of three of us to work with a U.S. government Agency, UL 2050 in order to complete a working model or proof of concept. In April 2000, the first “waivered” UL 2050 IDS system was accredited by a U.S. government agency. After which I worked with the U.S. government policy writers on how to change the policy that was codified in Director of Central Intelligence Directives, DCID 6/9 Annex B in 2001. Since then, I have worked with the policy working group and subcommittees to continually update those policy now found in ICD 705 Technical Specification v1.4.

Can you talk about what new or emerging technologies you are seeing or specifying today?

Often access control and intrusion detection equipment that is leading, or emerging technology is not the type of equipment the U.S. government is looking to be an early adopter. If a particular use statement is formulated or a cost benefit statement developed to support the technology a U.S. government agency might then then look to support a concept of operations or trial case. The other way new technology is ingested into new projects is if the Department of Defense (DoD) Combatant Commands (CoCOMs) have stated that a new technology is required to overcome a current operational challenge. For access control, intrusion detection and video management systems this is not often, but when industry has solutions that can be adapted to a particular mission support then change is inevitable.

What is your view on the industry moving forward?

As the technologies become easier to integrate, more focus and effort has to be applied on the end user to make sure that the data available to the end user is transformed into useful information.

Data without context becomes overwhelming — especially during emergency or crisis events — so we need to better understand the end-user and client operations to ensure that the information is available when and how they need
it.
                                         
Specifically Speaking features Q-and-A with a different security consultant every month. Consultants are provided to Security Systems News by SecuritySpecifiers.