Home » Physical Security » Critical Infrastructure

Dennis Treece and Massport: Safe Harbor

From Boston's Logan Airport to the city's waterfront shipping facilities, Massport CSO Dennis Treece patrols an anxious perimeter.

"And we appreciate that," says Treece of the clammers (who now, after their 14-month hiatus, are digging up a record harvest from the long-neglected flats). "The [nearby] Winthrop Yacht Club is in the same position to help us, and we're working to make sure that they know what number to call if they see something out of the ordinary. Because these are the people who know everything that is ordinary [on the waterfront scene], whereas we don't. So we're happy to be associated with good Americans out there protecting our flank."

The beach forms one part of Treece's perimeter. Massport's computer networks form another. "My perimeter is my perimeter," he says. "My background has been in all of the security fields that exist. It's all pretty much important to me. And there's nothing more important to me than our information technology network because it touches everything. It hits every one of my strategic focus areasand in a big way." Treece works happily with Massport's Director of IT Francis Anglin, whom Treece credits with being very savvy about security. The network at Massport is old but ironclad.

"We hired a firm to try to hack into our network. They were unsuccessful. We have a private network that's not addressable from the Internet. You have to come through a special servera network address table, a NAT serverto get to our network," he says. "Those [servers] are tightly controlled, and they are the only things that touch the network (those and the public Web servers we use). So we conduct our business just fine, and maybe we're not hackerproof, but the company we hired spent 25 hours trying to hack into our systems and couldn't do it."

Among the things Treece wants from technology is more data on the variability of threat levels across those focus areas. He's in the midst of developing a system that aims to synthesize various data points into a real-time, rolling assessment of risksomething that could express threat as a numerical variable. Once again, he turns to the detested beach.

"The beach is a vulnerability," says Treece. "I have a list of the types of threats that can exploit the beach. There's a numerical value for each of these based on, say, the destructive power of a sniper coming out of the water, as opposed to, you know, a streaker." Risk equals the destructive power of an event multiplied by the likelihood of its occurrence, he says. "So at the end of the day, the residual risk of that open beach will have a defined value based on the best judgment I can give it along with my team."