Innovating smart solutions for complex regulatory requirements
Innovation is a core value at ICT. That’s why when Allan Wick, former Enterprise Security Manager at Tri-State Generation and Transmission Association, required a completely new solution to meet compliance requirements, we jumped at the opportunity to collaborate with an industry influencer and change maker.
Several years on and the solution we developed is continuing to support Tri-State to meet compliance and regulatory requirements, while also saving money, enabling them to put more resources into green energy initiatives. We sat down with Allan this September to chat about his relationship with ICT and his thoughts on the compliance requirements in the North American energy sector.
Who is Allan Wick?
Allan Wick has had a distinguished career in the security industry.
Allan has dedicated over three decades volunteering in leadership positions in physical security associations, such as ASIS International, The Association of Certified Fraud Examiners, the Urban Area Security Initiative, FBI Citizens Academy Alumni Association, and InfraGard, which is a partnership between the FBI and the private sector for the protection of critical U.S infrastructure. His professional career has allowed him to specialize in physical security and become an authority on compliance requirements.
A Floridian native, Allan started out in the military at 17 where he supported U.S. Air Force aircraft for 10 years before shifting to a career as a special agent for the Tech Services Division in the Air Force Office for Special Investigations (OSI). During this time, he began to learn about access control and the physical security requirements mandatory for high-security facilities. In his 10-year tenure for the OSI, Allan worked in counterintelligence and counterterrorism, supporting the National Reconnaissance Office to ensure that these facilities were secure against bad actors.
After leaving the military Allan moved into the private sector where he worked in financial private investigation
During this time, he also helped launch two startup companies; one in children’s cybersecurity and the other, where he was the Vice-President of Sales and Marketing, a tradeshow company that introduced computers and the internet to the residential market. In 1995, Allan went on to work in sales for a security guard company before being recruited by an oil refinery in Aruba, where he was head of security.
Moving back to the United States, Allan settled down with his family in Denver, Colorado, where he took up a position in security at Xcel Energy for four years, followed by two-years at Midwest ISO, before moving on to Tri-State Generation and Transmission Association as their Security Manager.
The Problem
Tri-State Generation and Transmission Association is a not-for-profit, electricity co-op serving Colorado, Nebraska, New Mexico, and Wyoming. There are 45 members, including 42 electric distribution cooperatives and public power districts.
When Allan started at Tri-State in 2010, there were 1600 employees, no operations center, and 500 facilities with differing compliance requirements with only 350 card readers and 70-90 cameras in operation.
They were also facing large sums in fines due to NERC CIP violations (North American Electric Reliability Corporation Critical Infrastructure Protection). NERC CIP is a set of standards for the regulation and management of the security of the North American bulk power system. NERC CIP has several key requirements for ensuring the physical security of the facilities, and thus, the power grid.
Tri-State had conditions they needed to meet around who was allowed in what areas and facilities. Specifically, the people entering these locations had to have background checks run every 7 years and completed the relevant training every year. The facilities also had a minimum number of card readers and cameras required to monitor the locations and track who was coming in and out of these facilities. At the time that Allan started, Tri-State was in breach of these conditions.
Allan attempted to rectify these problems with Tri-State’s original security company. However, he found the company difficult to work with and that they were overcharging for out-of-date technology. He knew it was time to find a new security company.
The Solution
Allan not only needed a way to prevent non-compliant staff from entering the area or facility, but he also wanted a smart solution. He stated, “from a compliance perspective, you get a red light on a card reader. Well, what does that red mean? You don’t have access to the area from a compliance perspective, you don’t have access at all, or your card is broken. It doesn’t work.”
What Allan envisioned was a smart reader that could explain why a user is being denied access on the display screen. At that time, nobody in the industry had that kind of solution, not even ICT. So, Damon Standish – ICT USA President – asked Chief Technology Officer at ICT, Damian Butters, to develop a solution. He delivered the TS35.
The TS35 gives end-users much needed clarity. When a user presents a credential and is denied access, the reader will display the appropriate warning on the screen such as, ‘training certification has expired’, rather than an ambiguous access denied result. This allows Tri-State to stay on-top of the certification requirements of their 1600 staff.
By the time Allan retired in January 2022, Tri-State was in full compliance with a 24/7 operations facility overseeing a database of 900 TS35 readers and 350 cameras. All covered by the Protege GX system, enabling full oversight of all 500 facilities across the four states.
Yet according to Allan, the benefits don’t stop at meeting NERC’s compliance requirements. The interface that’s purpose-built for the ease of the end-user, costs that are well below competitors average, and the low fail rate of the system make Protege GX a smart solution.
The fact that Protege GX installers and integrators - like Long Security, Tri-State's Protege certified installer - are vetted and must complete training and a certification exam adds up to a system and company that is dependable and trustworthy to protect so many people’s essential utilities.
Finally, the benefit from simplified auditing reports for compliance ensures transparency. Every time a user badges in, whether they are denied or granted access, an event is logged in Protege GX. Tri-State can show regulatory bodies they know exactly who is coming in and out of areas and that those granted access are compliant.
When asked what stood out for you the most during this entire process? Put simply, it was the people and the ease of dealing with ICT.
Conclusion
Meeting regulations doesn’t need to be difficult. We collaborated with Allan to create a tailored solution for Tri-State’s needs, enabling greater transparency and accountability.
Yet, these problems are also not exclusive to Tri-State. Several of the big players in the power industry have faced tens of millions of dollars in fines for NERC CIP compliance breaches. This doesn’t need to be the case. With an ICT solution, meeting regulations is as easy as installing our DIN Rail systems.
There are also a host of other features and products that can keep you in compliance and your locations security robust.
Additional features for compliance:
- Anti passback
- DESFire credentials
- Email on event
- Area counting
- Advanced scheduling
- Elevator control
- Guard tours
- Loiter areas
- Two-factor authentication
- Dual authentication
- Dual code control
- Door interlocking
The views and opinions expressed are those of the contributors and do not necessarily reflect those of Tri-State Generation and Transmission Association.
