Gallagher Security’s National High Security Manager, Jason Hunter on achieving the highest government standards for physical and cyber security.
Gallagher Security has been designing and manufacturing purpose-built, integrated solutions across the access control, perimeter security, intruder, and cybersecurity space for over 35 years. Whether it’s safeguarding critical infrastructure, securing government facilities, or ensuring the safety of sensitive data, the company has a proven history and reputation in the delivery of high security solutions that meet government compliance standards not just in the United Kingdom, but around the world.
Led by Jason Hunter, Gallagher’s National High Security Team in the UK was formed in September 2022 to support an established high security portfolio while growing and strengthening relationships with customers across government and critical national infrastructure sectors.
Matt Page supports the team as Technical Account Manager High Security, along with Kevin Godfrey, Strategic Business Development Manager High Security, and Matt Wills, Technical Business Development Manager High Security.
Jason joined Gallagher in 2017, bringing over 10 years of broad security experience including Hostile Vehicle Mitigation solutions in the Middle East and landmine clearance and UXO disposal for UN and multinational oil and gas organisations.
The UK’s High Security Team’s raison d’etre, says Jason, is to ensure the highest standards of security for government organisations and other critical infrastructure sectors, in addition to making these same government-approved products and solutions available in the commercial world. Jason explains, “We’ve invested a significant amount of time and resource to ensure we achieve the highest government standards. We are empowering all our customers to achieve their desired level of security. The question isn’t really ’Why use a government-approved platform in the commercial world? It’s ‘Why wouldn’t you?”
When Gallagher first started working with the UK government, it was in the field of perimeter security. “We made sure we adhered to the highest testing standards for our perimeter solution, protecting critical national infrastructure,” says Jason.
The threat landscape has since changed for those who are typically just looking at perimeter security, something Gallagher recognised early on with its ’curb-to-core’ philosophy; it’s not a separate system out on the perimeter, everything pulls together from the core solution. “Edge devices could be one of your biggest vulnerabilities. Your system could be hacked via something that potentially isn’t being monitored or looked at,” says Jason, citing the example of one business that was hacked via its vending machine.
Government and other critical national infrastructure sectors realise they need to be more cyber aware; it’s not just about protecting the fence line, it’s also about the cyber resilience of that solution and the cyber resilience of the access control.
Jason explains, “Data is now our most valuable commodity, and the hacker wants to be able to pull down the system. This was proved in Ukraine back in 2015 when the national power grid was pulled offline through a cyber-attack for the first time. That was a serious, significant attack on critical national infrastructure.”
Jason also points to comments made in 2021 by Jens Stoltenberg, Secretary General at NATO, who said an attack in cyberspace can be as damaging and as dangerous as an armed attack and is as serious as any attack on a NATO ally.
“A big part of what we do here at Gallagher is help organisations to protect their people, their buildings, and their brand. High security is very similar, it’s about protecting your people, your assets and your data – and all the people we speak to in high security face the same set of challenges.”
So, where Gallagher would typically have had separate teams to support access control, perimeter, communications, technical, and intruder, the High Security Team was established to pull all these key areas of our business together and cross-pollinate government, and other critical national infrastructure.
Leveraging the expertise of both technical authorities, the CAPSS standard has been jointly written by the National Protective Security Authority (NPSA), the UK government’s technical authority for physical security, and the National Cyber Security Centre (NCSC) which leads all things cyber.
CAPSS is about gaining confidence in the cyber components of electronic security products which, while robust in the physical security domain, could potentially be compromised by a hacker thousands of miles away.
Gallagher is the only access control security manufacturer that has achieved the CAPSS 2021 standard so far, having been awarded it in early 2022 for its Command Centre software and High Security Controller 6000.
It is also the only security manufacturer that sits across three key categories in the Catalogue for Security Equipment (CSE) – including Access Control Equipment, CAPSS Approved, and Detection Systems.
“Being the first to CAPSS 2021 was a testament to the pedigree of our research and development teams. The approval demonstrates that we are leading the way in delivering high security solutions for governments in the Five Eyes alliance. It also gives critical national infrastructure sites confidence that our software and hardware meet the toughest cybersecurity requirements.
“We know that obsolescence occurs quickly in security technology thanks to the ever-changing environment, and our industry has a responsibility to ensure the latest standards are collectively met to help reduce the vulnerability to terrorism and other threats in national infrastructure.”
GovPass is a UK Government credential standard, developed by the Cabinet Office to provide interoperable and secure access control credentials across government department buildings. As many government departments start converting to GovPass credentials, Gallagher and their independent installation partners are in a great position to deliver this access control standard to UK Government sites. With a proven pedigree in the delivery of government high security solutions, Gallagher was invited to work with the Cabinet Office in the development and testing of the new standard.
Jason explains, “The UK government is modernising its estate and repurposing buildings to enable their employees to utilise hot desking initiatives across multiple buildings without having to carry around a dozen or so different access control passes. It’s all about interoperability and functionality; a civil servant can have one pass to go into multiple buildings even if these buildings use different access control platforms, which is something that’s never been achieved in the past.”
Gallagher has been at the forefront of adopting this standard. Rolling it out successfully to some of the first UK Government sites, Gallagher’s High Security UK team continues to have regular conversations with the Cabinet Office, says Jason: “It’s important that we understand their roadmap so that we can align ourselves to deliver their future vision and make sure we’re providing best-in-class support.”
Once the government adopts a new standard or credential that typically rolls out into other critical national infrastructure sectors – and the commercial sector follows. What you are ultimately trying to protect is your people, and that is why Gallagher continues its commitment to shaping the future of security – to protect what matters to organisations the most.
In today’s rapidly evolving digital landscape, the threat of cyber-attacks hangs over industries and nations alike. Security has become the bedrock of technological advancement. Gallagher Security constantly monitors the security environment, and a network of analysts gathers information that shapes the development of future solutions. Gallagher’s commitment to research and development is to ensure that their customers’ assets are protected now and into the future.
Gallagher’s achievements are built on its consistent investment in R&D. A substantial 15% of the company’s revenue is allocated to R&D each year, showcasing its commitment to innovative advancements. By actively involving its customer base and valuing their input, Gallagher develops groundbreaking solutions.
The foundation of Gallagher’s development process is its carefully scheduled biannual release cycle. This coordination involves various teams including Business Analysts, Technical Leaders, Project Managers, and Developers.
Testing is central to Gallagher’s security assurance. With a team of almost 30 dedicated Test Analysts, the company follows a comprehensive methodology to ensure product usability and reliability. By testing products against more than 28,000 functional scenarios daily across multiple virtual machines, Gallagher enhances security. This continuous testing routine minimises potential vulnerabilities and accelerates code reviews.
Gallagher’s comprehensive and proactive approach to cybersecurity is deeply rooted in its core values. The “Secure by Design” philosophy, combined with a rigorous development cycle and thorough testing protocols, has established Gallagher as a leading platform in the high security sector. By blending innovation with valuable customer input, Gallagher has not only solidified its position but also set an industry standard.