PERSPECTIVE: What I’ve Learned Leading a U.S. Government Subcontractor During a Breach

I am CEO of Perceptics, a manufacturer of high-performance imaging systems.

In May, we had a criminal cyber intrusion that caused CBP-related information (including some images of license plates and travelers) to potentially be exposed. This has caused law enforcement, privacy advocates and politicians to take notice, resulting in cancellation of our contract by our prime contractor Unisys, investigation by our end customer CBP and suspension from federal contracts. This devastating path may take our company down, but I see that we have a lot of fight left.

Unequivocally, I believe we have acted within the scope of our contracts, with reasonable and ethical behavior, and have worked hard to do the right thing. We were attacked, and we have hardened against potential future attacks and have been open, honest and forthright through this devastating time of uncertainty.

From criminal attack to national politics, these are some things I’ve learned:

• It’s devastating to be the victim of a cyber intrusion. The fear of realizing a criminal is in our system and has our information is extreme, but it is nothing like the painful path we have witnessed since intrusion. We took the ethical path and didn’t pay extortion. Despite notifying the FBI within 24 hours of discovering this threat and reaching out to customers before our investigation was complete, threat verified and key facts known, we’ve been accused of being slow to inform. We believe we informed appropriately, trying to balance threat and legitimacy. We have made many improvements to harden systems and are committed to setting a new security standard among our peers, using robust FISMA and CISC Top 20 methodologies. The integrity of our systems, people and business processes are a top priority, and we have learned a lot about how impossible “impenetrable” is. This is a call to action for government and industry to build better cyber protection for governments and companies.
• Employees are vulnerable. Perceptics has been successful because of a team that I will defend as the best in the world. Our employees have borne the brunt of this attack: half have been terminated, and half have agreed to a pay cut. I wonder about the damage my decisions cause, and if there are there families with too little food on the table. Their information was leaked, and we have done everything to help them protect themselves; cyber criminals don’t just hurt governments and companies, they hurt people.
• It is challenging to be a CBP executive. CBP has used Perceptics license plate readers because they are the very best in the world at protecting our country. Our systems were part of deployment to implement a recommendation of the 9/11 Commission, which garnered many accolades. No other company has fielded a system to meet CBP’s aggressive specifications – 95-98 percent full plate accuracy of all readable traffic – driven by the mission to defend national security, speed legitimate trade and travel, and protect border agents. I once had a CBP commissioner tell me that Perceptics was a “funeral avoider” to him. If a border officer was killed in the line of duty, he went to that funeral, hugged the officer’s mother and told her he appreciated her son/daughter’s service. That has to be, by far, the worst part of the job. If we could get the data to the right place, to avoid funerals, then we had done our job. That has been my rally cry to support the mission ever since, and I get chills telling that story – even in the eye of this storm. More broadly, lately CBP executives have had to manage through constant direction and leadership change, and manage enormous pressure from different directions and agendas. We have always worked hard for CBP, and we will continue to support and defend the mission. Perceptics started with CBP in 1982, long before me, and has had an unblemished record ever since. I believe we will come out of this with a clean record in the end. We remain committed to working collaboratively with CBP to address any and all concerns.
• I am still right to care about the mission. Some people think talking about “mission” is corny. I don’t. I have stood next to our employees as they have helped get systems running that will save lives and speed travel. I am extremely proud of what Perceptics has done to serve the CBP mission and believe that the US is a safer place because identifying vehicles is central to assessing threats at the border. We will not back down from our pride of mission.
• It’s hard to be caught in the middle. Our prime contractor for CBP work is Unisys. We began working with Unisys in 2009 to help CBP implement the Western Hemisphere Travel Initiative. We worked quickly and effectively to get about 450 lanes of equipment installed in nine months at our nation’s borders, and together successfully achieved a 9/11 Commission recommendation to automate border processing – on time and on budget. We were incredibly proud to work with Unisys to achieve these goals, and we hope to be supporting them again soon.
• The policy discussion is valid. Perceptics was a central figure in a recent congressional hearing. Discussions ranged from cyber responsibility to criminal charges. It was frightening, and we were dragged through the mud. The mud will wash off, because we believe we were operating within our contracts and using methods accepted for a dozen years. The reality is that biometrics is evolving into a mature technology that will make us safer, allow us to travel more efficiently, and help us find threats and criminals better. However, since the technology is continuously changing, we see the need for an ongoing dialogue to ensure proper privacy and security considerations are accounted for. We look forward to being a part of those discussions and are committed to doing everything necessary to meet the standards that result from them. It is important for authorities to invest time to understand the technology, what it does and doesn’t do, where safeguards should be considered, and engage in a thoughtful dialogue that works to achieve a responsible balance and improves our nation’s security.

I’ve also learned some things about my blessings, which are plentiful. I am thankful. I am thankful for all the people above, who I know are doing the right thing. In fact, I am counting on them to do the right thing. I am thankful for the outstanding Americans at Perceptics who I hope will be back hard at work on our borders soon.

John Dalton

John Dalton is CEO of Perceptics, LLC, a Tennessee-based manufacturer of high-accuracy license plate readers provided to U.S. Customs and Border Protection (CBP) for more than 30 years.

See Full Bio