Goldman: Expecting the unexpected

Federal officials continue to invest vast sums in traditional information technology security and systems management. Further, with increased frequency, they are purchasing new video surveillance and biometrics technologies to authenticate users and secure facility access.

Agency officials allocate precious resources to IT and physical security but fail to anticipate and move to mitigate the threat of disruption and equipment loss at the crossroads between IT and physical threats. Specifically, environmental anomalies and physical interference can significantly compromise computer networks and associated operational capabilities.

The movement to IT ubiquity compounds these challenges. Limited space forces technology managers to either stash mission-critical IT infrastructure in unconventional areas — such as broom closets — or overcrowd traditional locations, creating IT hot spots. The hot spots increase the stress on ventilation and power systems.

Such realities increase the potential for climate control system failure — with associated repercussions for IT availability.

Too many officials fail to set up safeguards or envision threats to network equipment caused by a Heating Ventilating and Air-Conditioning system failure, a water leak in the main server room and malicious or benign human intervention. How do agencies protect against threats at the IT/physical crossroads and where does the responsibility fall? Who is responsible for broom closets when they become impromptu server rooms? Authorization and climatic conditions cannot be readily controlled in these high-traffic areas where all personnel enjoy round-the-clock access. By placing IT equipment in nonconventional environments and overcrowding server rooms, officials create the potential for the perfect storm.

With unlimited personnel access, zero airflow, high humidity, and chemicals often sharing the shelf with network devices, system and equipment loss is a concern.

Ordinarily, these nonconventional, high-traffic areas fall under the watch of facility security personnel. This forces IT managers to give up control of the environment. However, giving up control places the agency's most expensive and often mission-critical equipment in a security no-man's land, leaving IT managers with poor visibility and diagnostic and forensic capabilities.

Just as dangerous, IT managers may believe the facility security team has an area covered when it does not, and that leaves the area unprotected and vulnerable. IT managers and facility security personnel, who have different priorities amd reporting hierarchies, do not regularly function as a team. This silo approach creates dangerous blind spots and vulnerabilities exacerbated by the "not-my-job" scenario.

We need to raze the walls separating IT and physical security. Simultaneously, we must avoid the temptation to establish new out-of-band communication conduits to support "converged enterprise security" capabilities.

If we are to effectively empower integrated security professionals, any new systems must operate on existing and pervasive IP communication networks.

Agency officials must strive to equip security employees with cohesive, integrated physical and cybersecurity views and the ability to diagnose and resolve problems at remote and understaffed locations.

Goldman is president and chief executive officer of NetBotz Inc. Prior to joining NetBotz, Goldman served as president and chief operating officer of enterprise software company Apogee Networks.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.