Goldman: Expecting the unexpected
- By Tom Goldman
- Nov 07, 2004
Federal officials continue to invest vast sums in traditional information technology security and systems management. Further, with increased frequency, they are purchasing new video surveillance and biometrics technologies to authenticate users and secure facility access.
Agency officials allocate precious resources to IT and physical security but fail to anticipate and move to mitigate the threat of disruption and equipment loss at the crossroads between IT and physical threats. Specifically, environmental anomalies and physical interference can significantly compromise computer networks and associated operational capabilities.
The movement to IT ubiquity compounds these challenges. Limited space forces technology managers to either stash mission-critical IT infrastructure in unconventional areas — such as broom closets — or overcrowd traditional locations, creating IT hot spots. The hot spots increase the stress on ventilation and power systems.
Such realities increase the potential for climate control system failure — with associated repercussions for IT availability.
Too many officials fail to set up safeguards or envision threats to network equipment caused by a Heating Ventilating and Air-Conditioning system failure, a water leak in the main server room and malicious or benign human intervention. How do agencies protect against threats at the IT/physical crossroads and where does the responsibility fall? Who is responsible for broom closets when they become impromptu server rooms? Authorization and climatic conditions cannot be readily controlled in these high-traffic areas where all personnel enjoy round-the-clock access. By placing IT equipment in nonconventional environments and overcrowding server rooms, officials create the potential for the perfect storm.
With unlimited personnel access, zero airflow, high humidity, and chemicals often sharing the shelf with network devices, system and equipment loss is a concern.
Ordinarily, these nonconventional, high-traffic areas fall under the watch of facility security personnel. This forces IT managers to give up control of the environment. However, giving up control places the agency's most expensive and often mission-critical equipment in a security no-man's land, leaving IT managers with poor visibility and diagnostic and forensic capabilities.
Just as dangerous, IT managers may believe the facility security team has an area covered when it does not, and that leaves the area unprotected and vulnerable. IT managers and facility security personnel, who have different priorities amd reporting hierarchies, do not regularly function as a team. This silo approach creates dangerous blind spots and vulnerabilities exacerbated by the "not-my-job" scenario.
We need to raze the walls separating IT and physical security. Simultaneously, we must avoid the temptation to establish new out-of-band communication conduits to support "converged enterprise security" capabilities.
If we are to effectively empower integrated security professionals, any new systems must operate on existing and pervasive IP communication networks.
Agency officials must strive to equip security employees with cohesive, integrated physical and cybersecurity views and the ability to diagnose and resolve problems at remote and understaffed locations.
Goldman is president and chief executive officer of NetBotz Inc. Prior to joining NetBotz, Goldman served as president and chief operating officer of enterprise software company Apogee Networks.