Printer Friendly

Keeping computers safe.

IN 1989, HEARINGS BEFORE THE US Senate Committee on Governmental Affairs exposed our nation's vulnerability to terrorism against the telecommunications and energy industries.(1) In addition, researchers predict a significant rise in domestic terrorism attacks against government and law enforcement agencies during the 1990s.(2) Unfortunately, information managers lack a comprehensive national policy to guide them in the design, construction, protection, and operation of computer centers.

In the future, terrorist organizations may expand from assassination, bombing, hijacking, and hostage taking to high-technology terrorism. Interested groups such as the ASIS Standing Committee on Computer Security are already identifying vulnerabilities in telecommunications and energy among other fields. Several vulnerabilities have already been exposed, not by terrorism but through natural, accidental, or intentional acts.

Attacks on computer centers are not limited to physical assaults. An example of an electronic attack is the use of malicious computer software programs known as viruses or worms. These programs can completely destroy data bases, deny access to legitimate users, and pass undetected from computer to computer.

In November 1988, a malicious computer program temporarily shut down Internet, an international electronic message highway linking educational, government, commercial, and military computer centers.(3) Computer scientists still warn that another malicious attack using worms or viruses could occur any day.(4)

They also argue that exposing this known vulnerability only invites the use of malicious software by high-tech terrorists, who thrive on publicity to further their causes.(5) Will the computer hackers of today become the high-tech terrorists of tomorrow?

Recent unauthorized disruptions of computer systems and their networks also raise national concerns about detecting, predicting, and preventing such incidents. Because of these concerns, the Department of Defense (DoD), through its Defense Advanced Research Projects Agency (DARPA), established a Computer Emergency Response Team Coordination Center (CERT/CC) in 1988.

CERT is at Carnegie-Mellon University's Software Engineering Institute (SEI) in Pittsburgh. CERT, in cooperation with public and private computer networks, serves as a clearinghouse for information on safeguarding computer centers from intentional, natural, and accidental disruptions. THE FBI'S NATIONAL CENTER FOR THE Analysis of Violent Crime (NCAVC) is developing a threat model for evaluating proposals for combating malicious intrusions, terrorism, and other forms of attacks on computer systems. This model uses a threat evaluation model developed from research by the US Army.(6) The NCAVC is also developing a manual for classifying the external and internal methods offenders use in attacking computer systems.

The FBI presented this model during a 1989 DARPA workshop on responses to computer security incidents.(7) This threat evaluation model contains all the components necessary to combat external and internal attacks on computer centers, as well as the information needed to conduct a comprehensive review of the facility.

An evaluation process allows for potential proposals to be compared and contrasted with others before their implementation. The following steps are used in the model:

* Step one: information collection

* Step two: threat analysis

* Step three: crime prevention strategies (operational security, personnel protection, and physical security)

* Step four: authority and jurisdiction

* Step five: planning crisis management

* Step six: incident handling

* Step seven: performing crisis management

The model has two phases: proactive and reactive. The proactive phase includes steps one through five, and the reactive phase involves steps six and seven.

Proactive activities concentrate on planning, detecting, predicting, and preventing possible computer abuse. Reactive activities concern an installation or network response to an incident. Based on this model, the FBI's NCAVC is developing a handbook to guide its investigators in performing computer threat evaluations.

Physical attacks on computer centers. Loss histories documenting the successful use of explosive and incendiary devices against computer facilities raise concerns about the physical protection of valuable resources. Still, many questions regarding such issues as offsite records storage for disaster recovery purposes do not address the adequate protection of the computer center itself.

Since the early 1970s, numerous cases of physical attacks against foreign, US government, and educational computer centers have been documented:(8)

* 1970s--The Italian Red Brigades terrorist organization reportedly is responsible for 27 attacks on European electronics and weapons companies.

* 1980s--The French terrorist organization known as CLODO (Comite Liquidant ou Detournant les Ordinateurs) attacks high-technology firms.

* 1984--The US terrorist group United Freedom Front bombs an IBM facility in New York. This attack is to protest the company's business operations in South Africa.

Other case histories, compiled by the National Fire Protection Association (NFPA), raise questions about the adequacy of computer room design.(9)

* 1981--A fire set in a lounge at a training facility causes $90,000 in damage to computer terminals.

* 1984--A fire of undetermined origin in a computer room of an airline reservation center results in damages totaling $160,000. The room contained computers, disk drives, printers, disk storage, paper documentation, and supplies.

* 1990--A transformer explosion and the resulting fire shut down the offices that control the main computer system serving the New York and American stock exchanges. No backup facility existed. Stock markets temporarily closed three times during 1990 due to electrical power failures.(10)

Some bomb attacks on computer facilities harm not only the facilities but also their users. For example, in 1985 a serial bomber placed an explosive device in a limited-access computer terminal room at a large university. The device detonated when it was jarred by a researcher.(11) The explosion seriously injured the researcher and extensively damaged the room and computer equipment.

The NFPA study on computer center fires between 1981 and 1985 found that approximately 80 such fires occurred per year; annual losses totaled $1.1 million. Investigators found that most of the fires were caused by electrical equipment or had an intentional or suspicious origin.

Other industry studies emphasize that among other possible hazards a fire can be the most disastrous event to disrupt the operation of a computer center. A recent study indicates that over the last three years fires have been the leading cause of computer center outages. Fires also were responsible for the most downtime.(12)

Several potential attacks on the utilities and environmental controls of a computer center could effectively destabilize its operations. These attacks affect the following systems:

* Electrical power system. Disruptions such as blackouts, brownouts, or fluctuations could have a short-term impact on computer centers not equipped with uninterruptible power systems (UPSs). Changes to the electrical power phasing could not be readily repaired.

* Heating/air-conditioning system. A loss of cooling and humidity control could also bring operations in a computer room to a standstill. Most computer centers maintain a constant temperature of 70 [degrees] Fahrenheit and a humidity of 50 percent.

* Environmental controls on contamination. Corrosive materials, metal fibers, smoke, and flammable or hazardous chemicals can harm computer center operations. Disk drives, particularly those that are removable, are especially vulnerable to contaminants mentioned here.

Computer center design. Even the most heavily protected computer centers treat the computer room as a single, enclosed area containing everything needed to support the center. Thus the center contains the actual computer system, the tape storage library, documentation files, offices for computer programming and operations staff, power distribution equipment, and heating and air-conditioning systems.

Many designs do not compartmentalize these essential functions. This critical design flaw is repeated from facility to facility worldwide.

To enhance compartmentalization, some facilities simply place the backup computer system in a different computer room. That way, a disaster destroying the first computer is less likely to affect the second computer.

Computer center design raises further complications. For space considerations, managers often place the workers' offices inside the areas housing the computers. However, worker productivity decreases in noisy environments. Also, placing workers in a computer room increases the potential for equipment damage through accidental or intentional acts. THREE MAJOR FIRE-EXTINGUISHING SYSTEMS are used in safeguarding computer centers: automatic water sprinkler, carbon dioxide, and halon. Some centers have no extinguishing systems and rely on employees to detect fires and summon help.

Carbon dioxide and halon flood a computer room and extinguish the fire by depriving it of oxygen These systems have several problems: accidental, premature discharges; intentional overrides during actual incidents by unknowledgeable employees; and high installation and maintenance costs. Again, the problem that managers overlook most is the placement of staff in offices within the operational computer room where they may be exposed to these hazardous incidents.

Using automatic water sprinkler systems is stymied by exaggerated fears of water damage to computer equipment. The fears include accidental leakage of sprinkler heads as well as water damage during fire extinguishing.

In fact, most damage to computer centers comes from smoke. An incipient fire produces toxic smoke particles, which are drawn into disk drives and deposited on tapes. Only then is the fire's heat great enough to trigger the water sprinkler systems--thus most of the damage is already done by the time the water arrives.

Industry experts give the soundest recommendation for fire-extinguishing systems: an early-warning fire detector combined with water sprinkler systems.(13) These water sprinklers control the fire and contain it until professional fire fighters can arrive at the scene. Hopefully, compartmentalization further minimizes the potential loss that such hazards can pose.

The Montreal Protocol Treaty makes using halon as an extinguishing agent a moot point.(14) This treaty plans to severely limit and control halon emissions by the year 2000. Alternative fire-fighting solutions are already being sought. THE FACTORY MUTUAL (FM) ENGINEERING Corporation publishes the most comprehensive set of recommendations for the location and construction of computer centers.(15) The summary of FM recommendations that follows is most applicable to the concepts discussed in this article. These suggestions are based on lessons learned from actual loss histories investigated by FM fire-protection engineers:

* Compartmentalize computer systems and related storage areas for magnetic media in separate rooms that have no other use.

* Maintain fire barriers to piping, cabling, and other openings to computer rooms.

* Minimize using cellular plastics in computer rooms. These plastics generate large amounts of hazardous fumes and smoke particles when burned.

* Use masonry wall construction whenever possible.

* Avoid using basement areas for computer equipment and storing media and supplies. These areas are susceptible to water damage and hazardous pollutants. Allow for water drainage whenever possible.

* Install complete automatic sprinkler protection and a smoke-activated fire alarm system that shuts down the computer system and air-conditioning.

* Install portable, hand-held carbon dioxide and water extinguishers inside the computer, record storage, and supply rooms.

* Install intrusion alarms in computer, record storage, and supply rooms.

* Use noncombustible furniture, approved trash containers, and associated furnishings. Use nonflammable cleaning solvents whenever possible.

* Provide clean electrical power by using a UPS. Avoid locating electrical transformer equipment inside the computer room.

* Supply separate air-conditioning systems to the computer, record storage, and supply rooms. Install appropriate alarms to monitor the temperature and humidity.

* Prepare, test, and implement an emergency procedures plan for disaster recovery. Post emergency instructions at the appropriate locations outside the computer center.

With comprehensive planning, realistic threat assessments, and proper design, computer centers can be safeguarded against intentional, natural, and accidental disasters.

(1)John Glenn, Chairman, US Senate Committee on Governmental Affairs, "Vulnerability of Telecommunications and Energy Resources to Terrorism," S. Hearing 101-73, Washington, DC, Feb. 7-8, 1989. (2)W. C. Mullins, "Terrorism in the '90s: Predictions for the United States," The Police Chief, September 1990, pp. 44-46. Also, W. L. Tafoya, "A Delphi Forecast of the Future of Law Enforcement," PhD dissertation, University of Maryland, 1986, p. 197. (3)"Student Guilty in Computer Break-In, Rogue Program Crippled Nationwide Network in 1988 Incident," The Washington Post, Washington, DC, p. A16. (4)M. A. Kellner, "MIT Network Guru: Internet Is in Deep Trouble," Federal Computer Week, October 22, 1990, p. 14. (5)"Computer Hackers: Tomorrow's Terrorists," Dynamics, American Society for Industrial Security, January/February 1990, pp. 6-8. (6)US Army, "Countering Terrorism on U.S. Army Installations," TC 19-16, April 1983. (7)D. J. Icove, "Modeling the Threat," a committee report to the DoD Invitational Workshop on Computer Security Incident Response, Carnegie-Mellon University Software Engineering Institute, Pittsburgh, July 31-August 1, 1989. (8)"Terrorism's Threat to Information Processing," IS40-505-101, Datapro Research Corporation, Delran, NJ, July 1986. (9)K. T. Taylor, "Updating the Record on Computer Center Fires," Fire Journal, Vol. 83, No. 2, March/April 1989, pp. 31-35. (10)"Fire in N.Y. Skyscraper Delays Stock Trading, 3rd Power Failure of Year Closes Markets," The Washington Post, December 28, 1990, p. Cl. (11)"VICAP Alert: UNABOM," FBI Law Enforcement Bulletin, November 1988. (12)G. Vorsheim, "Computer Fires Cause Most Downtime," ISPN News, March-April 1990, p. 47. (13)Vorsheim. (14)C. Grant, "Life Beyond Halon," Fire Journal, May/June 1990, pp. 52-59. (15)Factory Mutual Engineering Corporation, "Electronic Computer Systems," Loss Prevention Data Sheet No. 5-32, Norwood, MA.

David J. Icove, PhD, PE, is program manager for the Arson and Bombing Investigative Services Subunit with the National Center for the Analysis of Violent Crime at the FBI Academy in Quantico, VA.
COPYRIGHT 1991 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1991 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Icove, David J.
Publication:Security Management
Date:Dec 1, 1991
Previous Article:Networked for crime.
Next Article:Mastering the challege of securing a budget motel.

Related Articles
Keeping computers safe and healthy.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters