Mitigate, Detect, and Deter

Host: John Verrico, Chief of Media & Community Relations, Science and Technology Directorate, Department of Homeland Security

Guest: LaTasha Thompson, Ed.D., Program Director, Office of SAFETY Act Implementation, Science and Technology Directorate, Department of Homeland Security

[00:00:00] LaTasha Thompson: It's a very interesting way of doing business. And, you know, honestly John, you know, in my number of years of being with the federal government this program is probably the most collaborative program with the private sector. I mean, our team work very closely with private industry. Although our program isn't in a compliance or regulatory, it is a voluntary program and many of our applicants, our external stakeholders come to us because they want to get better.

[00:00:35] Dave: This is Technologically Speaking, the official podcast for the Department of Homeland Security Science and Technology Directorate, or S&T as we call it. Join us as we meet the science and technology experts on the frontlines keeping America safe.

[00:00:48] Verrico: Welcome to this episode of Technologically Speaking.

[00:00:51] I'm John Verrico and I'm your host today. And with me is a very special guest, LaTasha Thompson. LaTasha, I've known you for a little bit now and, you have just been kind of moving up through the organization for quite a while. And before I even get into your current title, which is really cool. Tell me, when did you start here in S&T?

[00:01:11] LaTasha Thompson: So yeah, John, I started here in S&T back in 2019, May of 2019 to be exact. So, before the pandemic, so I had an opportunity to meet a number of people in person before we were totally shut down.

[00:01:29] Verrico: And here you are now in a very cool position as the director of the Safety Act program.

[00:01:35] Now, everybody knows how much the government just loves their acronyms. So, this acronym is really kind of special, isn't it?

[00:01:44] LaTasha Thompson: It is, John. And I would say that it is probably one of my favorite acronyms. I've been with the federal government over 20 years and this one is super cool. It stands for Support Anti-Terrorism by Fostering Effective Technologies Act. And so, I always joke with my team about where did the Y come from?

[00:02:07] Because there's no Y in all of that.

[00:02:10] Verrico: There absolutely is a why and it's why we do this program.

[00:02:15] LaTasha Thompson: Absolutely, John.

[00:02:16] Verrico: You know, I think originally, they were going to call it just technology singular instead of plural, but they realized it needed to be plural, but they already had the Y, but they couldn't just leave it “safe it”.

[00:02:27] LaTasha Thompson: Right.

[00:02:28] Verrico: So, so we came up with safety, but you know, like I said, acronyms are so common in, in the government and we've got so many of them and it's so nice when one comes together that actually makes sense.

[00:02:40] This one Support Anti-Terrorism by Fostering Effective Technologies. So. Now that we know what this mouthful of words actually is, and it stands for SAFETY Act, it's probably one of the most misunderstood programs, that we have in the Science and Technology Directorate. Could you explain just like you would tell your great aunt Tessie at home, what the SAFETY Act is and what it actually does?

[00:03:06] LaTasha Thompson: You know, the SAFETY Act is essentially a federal liability protection program. It was born out of the Homeland Security Act of 2002, and it was really put in place to incentivize, sellers and developers and manufacturers of anti-terrorism technologies. And for the SAFETY Act, technologies is a very broad range of things, right? So, when we talk about technologies, it can be a product, a device, services, programs. So, it's a really broad range of technologies of what we call it.

[00:03:42] We evaluate these technologies, and as a result, we look at their effectiveness, does it do what it's supposed to do, and its capability. Does it help to deter, detect, mitigate, respond to acts of terrorism? And in looking and evaluating those technologies from those two perspectives, we provide our what I call our customers, our external stakeholders, the private sector with liability protection.

[00:04:14] So if there was something to happen, there was a bad actor, there was a terrorist attack, that our sellers and manufacturers, our stakeholders now have tools that they can utilize in court if claims were filed against them. And so, the intent and the purpose of the SAFETY Act is really to ensure that we can reduce the risk associated with developing and deploying these types of technologies to help support and protect the public.

[00:04:46] Verrico: It's an interesting, way of doing business if you think about it.

[00:04:50] LaTasha Thompson: It is, it's a very interesting way of doing business. And, you know, honestly, John, you know, in my number of years of being with the federal government, this program is probably the most collaborative program with the private sector. I mean, our team work very closely with private industry. Although our program isn't in a compliance or regulatory, it is a voluntary program and many of our applicants, our external stakeholders come to us because they want to get better.

[00:05:26] LaTasha Thompson: They want to improve. And they recognize that the expertise and the subject matter expertise that we provide gives them a much broader understanding of the threat, it gives them a much broader understanding of the various solution sets to be able to mitigate, detect, and deter, acts of terrorism. And so they, they really work with us closely to get better. And that's what they all want to do.

[00:05:57] Verrico: And that's really, kind of the crust of it. Right. And we do this, a lot of people don't realize that about S&T. That's kind of what we were out here doing, right? We're working with the private sector, with industry, with small business, with startups, academia, who may have some really good ideas or some good technologies on the bench that they're putting together. And then we work with them through various ways to help them improve it.

[00:06:21] So let's talk a little bit about the types of protections. There are different levels of protection for the SAFETY Act. And is protection the right word?

[00:06:31] LaTasha Thompson: Protection is the right word. It's, what I've heard, right? What we've seen in this space is that, some of the misconceptions is that we're an insurance program and we're not, right? We are essentially that federal liability protection program. So, we provide protections. We do not provide awards.

[00:06:50] Verrico: So, explain then, what are the different pieces of the SAFETY Act?

[00:06:55] LaTasha Thompson: Sure. So, there are two types of protections that we provide. The first is designation. With designation, we look at, you know, the regulation, lays out eight criteria that we evaluate all technologies against and for the purposes of designation. When a technology is provided designation level protections, they now have, in their terms and conditions, they have a liability cap or an insurance requirement, and that liability limit or insurance requirement essentially speaks to if there were an act of terrorism, that event was delegated as or designated as an act of terrorism by the DHS secretary, that seller or manufacturer now have tools that they can take into court and, any claims that may be filed against them, they now have a cap by which they can pay those claims out, right?

[00:08:01] Verrico: Right, right.

[00:08:02] LaTasha Thompson: And so many people just assume that you know, that it eliminates the seller or the manufacturer's liability responsibility. It doesn't. It just limits it. That's a common misconception around the SAFETY Act. That's for designation. The other level of protection that we have is certification.

[00:08:23] Certification is now you have to demonstrate long term effectiveness. So, we look for, that the ongoing capability, has it been an operational environment? We are looking at lots of data demonstrating that it is safe for use. It operates in accordance with the specifications as well as it continues to be effective in a long term.

[00:08:52] Verrico: And in the IT world, it's about eight minutes, right?

[00:08:55] LaTasha Thompson: Exactly with the IT world…

[00:08:56] Verrico: It's something new coming up…

[00:08:57] LaTasha Thompson: Very short.

[00:08:58] Verrico: Every five seconds, right?

[00:09:00] LaTasha Thompson: Absolutely. I absolutely agree with you. So, and so when we are evaluating those, we are looking at lots and lots of performance data, test data, we are talking to users of the technology that have used it, that technology over a period of time. What sort of things does the technology, What gaps does the technology have?

[00:09:22] What vulnerabilities do you have that this technology is not really filling or not as effective in? So, we really, what I like to say is kick the tires from a paper-based perspective. We don't go out and touch and feel and tinker with the technology. We look at it from a paper-based perspective. And so those are the two protections that we provide.

[00:09:47] Verrico: I don't know how you can study as much data as you guys have to review just for a single technology or service or venue. It's these things are not given out willy nilly. They really have to go through a very rigorous review in order to get issued a designation or certification.

[00:10:05] LaTasha Thompson: You're correct in that, we have a pretty deep bench of subject matter experts across various different content areas and, it is a very rigorous documentation heavy process. You know, the SAFETY Act is really changing the marketplace is what I like to say.

[00:10:24] We are really driving innovation, and really incentivizing the anti-terrorism technology space in a very novel way. Our stakeholders often seek out technologies that have participated in the SAFETY Act program. Those stakeholders often are interested in, has someone else confirmed, validated, looked at this technology, to validate that it does what it the developer says it's supposed to.

[00:11:04] Verrico: Do you have to reevaluate as let's say somebody does, you know, a new upgrade on their technology that has already been, received, certification or designation and they've upgraded it. Do you need to do a reevaluation to determine if it's still, that protection is still applicable?

[00:11:21] LaTasha Thompson: We perform two activities that really satisfies that, John. One is during the active, term of their protections, they can submit a modification. So, let's say they're adding in a new component, they are performing additional activities, maybe there is pieces of that device that they realized they needed to improve upon, they can submit a modification for that component or that change within their technology.

[00:11:56] We do perform an evaluation of the change and how the change impacts the baseline of that technology. So that's one way. The other way is through our renewal process. So, our stakeholders, our applicant community can apply for renewal up to two years prior to their expiration. And so that's an opportunity for us to see how their technology is evolving, staying current and leaning forward to help them to mitigate the risk of an impact of an act of terrorism.

[00:12:37] Verrico: And I'll say they don't have to wait for that five year, eight year, whatever mark, before they can actually do it sooner, uh, and say, Hey,

[00:12:43] LaTasha Thompson: And we encourage it.

[00:12:44] Verrico: LaTasha, you're so knowledgeable about this stuff. And, you know, I said, you've been here for a while and 2019 is not that long ago, really. You know, when you think about it, but you know, you are so knowledgeable about this and you said that you've been around in government for 20 years, which I find hard to believe because you're so young looking, but you started as a zygote, I'm sure. But anyway, in those 20, what did you do before you came here to S&T?

[00:13:12] LaTasha Thompson: My federal career started with the Department of Defense. I came in as an entry level engineer, doing some commercial satellite work, and military SATCOM analysis. So, my background is engineering, and I've been doing that for a number of years. And I've also worked for the U.S. Coast Guard, a systems engineer for them. I've been the majority of my federal career has been in IT project management, or program management. I like to say that I had this very unique skill set of being able to communicate hard, complex, technical issues to non-technical users. And it kind of allowed me to just fall into program management. And, and that's what I've been doing for the majority of my federal career. And I did start when I was two. So just kidding.

[00:14:11] Verrico: How did you wind up in the engineering field in the first place?

[00:14:14] LaTasha Thompson: Yeah, I enjoyed math when I was in high school, and I had, what I would like to call an angel of a math teacher to approach me one day about whether I was going to college. And I assume that I would, right? Both of my parents are college graduates, and I just didn't know what I was going to go to school for. When I was in high school, we didn't have a lot of exposure to engineers, scientists, mathematicians that look like me. So, so I didn't have a lot of exposure to those in the STEM field. So, I didn't know what an engineer did. And he, just really encouraged me. He encouraged me to come to his classroom during lunch and he's like, hey, I want you to read some books on engineers, what they do. And because of that interest that he sparked in me I ended up getting a scholarship, a full scholarship to Norfolk State University for Electronics Engineering, which was right up my alley because I enjoyed tinkering with things.

[00:15:16] I even did that as a young child, just breaking things and saying, don't worry, Mom, I can fix it. And I would fix it.

[00:15:24] Verrico: You know, that, that's amazing. I actually started out in electrical engineering myself.

[00:15:28] What I liked was English and what I was doing in the electronics organizations I was working in I actually was writing training manuals and it was the writing that I enjoyed more than the electronics work. But anyway, it's, I didn't realize we had that in common, electrical engineering.

[00:15:44] LaTasha Thompson: Yes, it's interesting because I agree with you, John, I wouldn't say that I necessarily liked math. I did well in it. And it's one of those things where you kind of like what you do well in.

[00:15:57] Verrico: Yeah, that's true.

[00:15:58] LaTasha Thompson: What I really enjoyed, it was problem solving, right? It was, I can recall going with my mom to many of her college courses because I was a really, I was a young girl, only child.

[00:16:12] So she dragged me along to courses and I remember she couldn't, she was having a hard time passing statistics. Many people can relate to that. You know, statistics is that one class that everyone waits until the last minute of graduation to take. And so she was having a challenge with statistics and I enjoyed listening to the lecture.

[00:16:36] So I would help my mom with her statistics homework because it was just, oh, it was always so much fun just trying to figure out what is the problem. Let me figure this out. And so, like I said, I didn't really like it. I really enjoyed the problem-solving aspect of it most. And I still do to this day.

[00:16:53] Verrico: Well, and that's obvious because you're working in the SAFETY Act program, right? You're leading the SAFETY Act program, which is all engineering, it's all understanding problem solving, it's anticipating what the problems are and getting ahead of them.

[00:17:05] LaTasha Thompson: Yes, and I love the data. The numbers make me happy.

[00:17:08] Verrico: So, you know, we talked about the fact that in the SAFETY Act program, there's a certification and a designation, but I know that there's also, or at least there was a developmental testing and evaluation designation. Does that still exist?

[00:17:22] LaTasha Thompson: That does still exist. That is under our designation level of protections. It is something, it's a carved-out component of designation to really support those technologies that are in the early, prototyping phases of their technology. So, you have a technology that is, is relatively new. It doesn't have a long, longevity in terms of data to be able to apply for full designation.

[00:17:57] And so what we, have carved out is a developmental testing and evaluation designation. It comes with all of the protective benefits of designation. It's now just scoped a little bit right so we provide that for those that need a little bit more performance data those I say hey, there's I have a risk a liability risk of putting this new technology in the field, but without putting it in the field, I can't test it appropriately.

[00:18:28] Verrico: Right, right.

[00:18:29] LaTasha Thompson: We really want to be able to kick the tires in a real-world operational environment, and there's risk associated with that. Hence the reason for, us having that carved out component of designation to support the private sector from that perspective.

[00:18:45] Verrico: And now we've been talking about we say technologies, right? Most people, when you hear the word technology, you think of a, you know, of a widget, a thing, a device of some sort. But the SAFETY Act covers a lot more than that. It also covers services. And I think you've even done, you know, venues like sports venues and things like that. So how does that work?

[00:19:07] LaTasha Thompson: So, in the early stages of the program, there were security services that were receiving SAFETY Act protections, but what the large venues started to really understand is that there still remained a liability risk and gap for them, right? So, we hire these third-party vendors, and these products that may have SAFETY Act protection, but we can still expose ourselves to risks if there were a terrorist event, because we could still have claims filed against us because maybe the venue didn't utilize the right policies and procedures.

[00:19:49] Maybe they didn't have the right quality control. And so, large venues started to work with the SAFETY Act program and say, I have a risk here. If, in our ability to be able to continue to protect the public, and we want to be able to innovate and the SAFETY Act saw it as an opportunity to incentivize for security programs that were being implemented at large venues, such as stadiums, arenas, and convention centers.

[00:20:22] Verrico: So, we're looking at kind of the whole suite of everything that they're putting in place and saying, okay, you've got this widget over here and that doohickey over there and that whatchamacallit over there, and this practice going on here and this procedure in place here and these types of personnel there. And you're looking at that as a kind of a holistic perspective and then making a determination?

[00:20:44] LaTasha Thompson: Yes, we are looking at their comprehensive, security program. So that includes their policies and procedures, their training, their hiring and vetting policies and practices.

[00:20:58] We are also looking at things like, their perimeter. How are they securing the perimeter? We're looking at how they implement ingress and egress. So how fast and what tools and technologies are they using to get people in quickly, as well as getting them out safely. We look at access control, their CC, their cameras, their command centers. So, we're looking at the entire holistic implementation and operations of their security program.

[00:21:34] Verrico: And then that particular venue would get, what type of protection is normally used for that?

[00:21:41] LaTasha Thompson: So, we see for our applicants, we see both designation and some at the certification level. Some of the stadiums and arenas have been working with our program dating back, you know, 10 years ago of trying to determine how do we go about demonstrating the capability and the effectiveness of such a complex thing as a large venue’s security program because there's so many pieces and parts that work together, right? So that integration of that, the interoperability. So, when we take out a device and we put in a new device, how do we ensure that all of the things around it now makes the operation seamless with a new technology or a new thing or a new practice or policy?

[00:22:35] Verrico: Now, explain to me, is that for, let's say the stadium itself, or is it for say a stadium for a particular event only?

[00:22:45] LaTasha Thompson: In the early stages, we would provide protections for particular game days since then many of the stadiums and large venues have just as much of a capacity or, participation from the public for concerts…

[00:23:06] Verrico: Right?

[00:23:07] LaTasha Thompson: Um, and other types of events that are held. And so, it brings the same amount of people into that setting. And so, it has evolved where many of our large venues are seeking for game days, but then also for non-game day events. And they are implementing, if not the same, very similar security practices because you're bringing in just as much of a capacity as you would for a game.

[00:23:35] Verrico: Wow, LaTasha, it's always amazed me that SAFETY Act has been one of my kind of favorite programs here in the 15 years that I've been here. And because it is so incredibly interesting and how it does incentivize industry to develop technologies, to take risks, to kind of get out there.

[00:23:55] And then also, you know, these larger venues to really, I mean, more than just the protections that you provide, the evaluation process itself has got to be a real eye opener for them to make sure that they are in fact providing everything that they, you know, the best protections that they can for the people coming to their venue. So, I can see just benefit everywhere around on this.

[00:24:20] LaTasha Thompson: I love to share a story with you, John, of when I came into this program, I couldn't even spell the SAFETY Act for the first two months. But I had an opportunity to talk to an evaluator on our team and they shared with me they had gone out to a stadium for the first time to evaluate it 'cause this particular stadium was interested in SAFETY Act protections. And they went out and they looked at their operations and just how they looked at their entire security program. And he recalls leaving that kind of site visit terrified. He, you know, he said he went home to his family, and he said, we will never go to an event at this venue ever.

[00:25:07] So I'll talk again about this collaboration, this partnership between the Department, S&T, and the private industry. He said after about a year this stadium was provided a program and he went back and he bought season tickets for him and his family.

[00:25:28] Verrico: Wow. So, they were able to implement all of the things that they needed to get that place up to a safety level. Yeah, they got better.

[00:25:37] LaTasha Thompson: They got better, right? And that's the goal is to incentivize, and to help our private industry stakeholders just get better at what they're doing today to really improve and continuously improve and this particular stadium has been moving in that direction over the last five years.

[00:25:56] I mean, it's just a stark difference between us with them five years ago and now and the difference for that stadium owner and their Chief Security Officer is now I have something that I can sit around the table with the owners when we're trying to determine budget and we're trying to determine investments, when it comes to where the owners spend the money, you know, we have something to say, we need to do this. It costs this much because we need to maintain our SAFETY Act protections, right? This is what we agreed to. This is what we must adhere to for the purposes of maintaining our protections. And they don't want to put those protections at risk. And so therefore those investments are made. To ensure that the safety of the public is and their fans and their staff is number one.

[00:26:54] Verrico: Looking back at that venue that you're talking about, you know, it's so interesting that here is a venue who's putting in for SAFETY Act protections and thought that they had a bunch of great stuff in place, you know, security wise, but then looking through the lens of protecting against a terrorist attack is a very different process. And also, it's had to have been an incredible eye opener for the venue to learn about all of the different things that they could be doing to make things better. And I know that was also was a long time ago too. It was very early in the process.

[00:27:27] LaTasha Thompson: It was John and I share that story to really foot stomp how the SAFETY Act has been such a connector for various technology types. So, when we look at security programs that are implemented at large venues, this isn't what I shared isn't something that we necessarily see today. It was something that we may have seen earlier on when we started to introduce stadiums and large venues into our portfolio, but since then, the information that we've been able to share, across the country, at multiple stadiums, everybody's threats, their vulnerabilities, their risks are very different. But now, as the SAFETY Act as a DHS resources is able to kind of share lessons learned, share how you can utilize technology to mitigate risk.

[00:28:28] What we saw seven, eight years ago isn't what we see today, and I like to say it's largely due to the relationship that the Department, not only just the SAFETY Act, but other Components within DHS have been able to create and partnerships that we've been able to create with our private industry sectors, particularly for large venues, like stadiums and arenas.

[00:28:55] Verrico: When I look at the list of technologies, venues, et cetera, that have achieved this designation or certification for SAFETY Act protections, and there's over what, somewhere around 1,200 of them so far?

[00:29:15] LaTasha Thompson: We have approved over 1,200 submissions for protections. Yes.

[00:29:25] Verrico: Where do you see this program in the future? Like, are there, if you were to say you had goals for the program.

[00:29:32] LaTasha Thompson: Yeah, I think the number one goal. Well, I have two goals for the program. One is we, we are committed within the SAFETY Act of making, the process more streamlined, more efficient and effective for our applicant community, as well as for those internally that are keeping the engine running. So, for us, our number one goal is to get better at what we have been doing.

[00:30:07] And then secondly is how can we, the SAFETY Act, be much more of a connector across the Department. So how can we more effectively share resources, share information, work with our CISA counterparts more effectively? We have a number of technologies that is being utilized by our other Components, such as TSA.

[00:30:34] How can the SAFETY Act better support them in their requirements and, to, you know, helping to get those innovative, new, and incentivizing technologies in the field to help protect our homeland.

[00:30:49] Verrico: We look at all the different types of technologies that we have provided designation or certification protections for over the years, what kinds of technologies, what kind of categories would they fall into? Like, you know, sensors, cameras, what kinds of things are we looking for, that would be applicable to preventing terrorism type of scenario?

[00:31:11] LaTasha Thompson: So, the great thing about the regulation as well as the statute is that it gave us a lot of range in terms of the types of technologies that would be eligible for SAFETY Act protections. The majority of the technologies that we evaluate are in the sensors, detectors, um, your more discrete technologies.

[00:31:39] That's the majority of our portfolio. The next one would be your security services and your security programs. So, when you talk about security services, you're talking about guard services that are acquired based on events, things of that nature. But then you also have the security programs as we talked about at the large venues.

[00:32:02] We do also see multiple applications, IT sorts of applications, such as mass notification systems. But what is so exciting for me, John, is when we see those novel technologies. So, for example, we have provided protections too, for a decontamination lotion that can be put on your skin if you are exposed to chemical warfare. Those are the ones that get me super excited because it is, that is one of those things where it's like this was what the SAFETY Act was really put in place to help push forward these types of technologies.

[00:32:48] Verrico: Right. To encourage people to invent this stuff. Yeah.

[00:32:50] LaTasha Thompson: To encourage that invention, that innovation, what can we do differently today that we didn't have yesterday, you know, blast resistant trash cans. Those are the types of applications that our case managers fight over. Oh, let me see that. You know, they, they really get excited about those novel kind of cutting edge technologies that really don't fit so nicely in a box or category.

[00:33:17] Verrico: I love it. I love it. Well, LaTasha, thank you so much for joining us here today. Is there anything else that you'd like to put out there to the world?

[00:33:24] LaTasha Thompson: What I'll say is, John, this was loads of fun. I didn't even realize that it would be this exciting. So, thank you for having me. I really appreciate it. And I appreciate the opportunity just to talk about our program. I see this as one of the greatest resources within, just the federal government and it's just such a huge partnership with the private sector and industry, because we're all moving together for the greater good and it feels good to work on this program and come to work every day.

[00:33:57] Verrico: Thank you so much for taking the time to talk with us, to get our listening audience to learn about this very unique, one of a kind collaborative program that the government has with the private sector.

[00:34:09] LaTasha Thompson: Thank you for having me, John.

[00:34:11] Dave: Thank you for listening to Technologically Speaking. To learn more about what you've heard in this episode, check out the show notes on our website, and follow us on Apple and Google Podcasts, and on social media at DHS SciTech. DHS SCI TE CH. Bye!