Goldman: Expecting the unexpected

Federal officials continue to invest vast sums in traditional information technology security and systems management. Further, with increased frequency, they are purchasing new video surveillance and biometrics technologies to authenticate users and secure facility access.

Agency officials allocate precious resources to IT and physical security but fail to anticipate and move to mitigate the threat of disruption and equipment loss at the crossroads between IT and physical threats. Specifically, environmental anomalies and physical interference can significantly compromise computer networks and associated operational capabilities.

The movement to IT ubiquity compounds these challenges. Limited space forces technology managers to either stash mission-critical IT infrastructure in unconventional areas — such as broom closets — or overcrowd traditional locations, creating IT hot spots. The hot spots increase the stress on ventilation and power systems.

Such realities increase the potential for climate control system failure — with associated repercussions for IT availability.

Too many officials fail to set up safeguards or envision threats to network equipment caused by a Heating Ventilating and Air-Conditioning system failure, a water leak in the main server room and malicious or benign human intervention. How do agencies protect against threats at the IT/physical crossroads and where does the responsibility fall? Who is responsible for broom closets when they become impromptu server rooms? Authorization and climatic conditions cannot be readily controlled in these high-traffic areas where all personnel enjoy round-the-clock access. By placing IT equipment in nonconventional environments and overcrowding server rooms, officials create the potential for the perfect storm.

With unlimited personnel access, zero airflow, high humidity, and chemicals often sharing the shelf with network devices, system and equipment loss is a concern.

Ordinarily, these nonconventional, high-traffic areas fall under the watch of facility security personnel. This forces IT managers to give up control of the environment. However, giving up control places the agency's most expensive and often mission-critical equipment in a security no-man's land, leaving IT managers with poor visibility and diagnostic and forensic capabilities.

Just as dangerous, IT managers may believe the facility security team has an area covered when it does not, and that leaves the area unprotected and vulnerable. IT managers and facility security personnel, who have different priorities amd reporting hierarchies, do not regularly function as a team. This silo approach creates dangerous blind spots and vulnerabilities exacerbated by the "not-my-job" scenario.

We need to raze the walls separating IT and physical security. Simultaneously, we must avoid the temptation to establish new out-of-band communication conduits to support "converged enterprise security" capabilities.

If we are to effectively empower integrated security professionals, any new systems must operate on existing and pervasive IP communication networks.

Agency officials must strive to equip security employees with cohesive, integrated physical and cybersecurity views and the ability to diagnose and resolve problems at remote and understaffed locations.

Goldman is president and chief executive officer of NetBotz Inc. Prior to joining NetBotz, Goldman served as president and chief operating officer of enterprise software company Apogee Networks.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group