P1: JDV
Michael WL040/Bidgolio-Vol I WL040-Sample.cls June 19, 2003 16:10 Char Count= 0
REACTIVEMEASURES 79eventuality. The solution is to teach general principles.
In the case of hazardous materials, personnel should just
call the proper agencies and get out.
All employees need to know how intruders might enter,
how to recognize intruders, and how to react—whom to
call and what to do until they arrive. Custodial personnel
may need additional training and oversight. They often
work at night, a time favored by certain types of intruders.
Cleaning crews also are prone to breach security protocols
to streamline their work, for example, by leaving offices
open and unattended for periods of time. For this reason,
education should be reinforced by spot checks to see what
is actually going on.
Maintenance and construction workers (whether they
are employees or not) must be made of aware of the
dangers posed by dust, even from something as simple
as accessing the space above a suspended ceiling. When
dust-producing activities are anticipated, other employ-
ees should know to take precautions, such as installing
dust covers on equipment.
All employees who know anything that might be useful
to a potential attacker need social engineering awareness
training. They should also be educated as to the kind of
information that might leak onto a newsgroup bulletin
board and why this is bad. For both of these, sample sce-
narios should be described.
Perhaps the most sensitive area of training regards ma-
licious insiders. Again, sample scenarios can help. Smaller
institutions in which everyone knows everyone else are es-
pecially likely to have coworkers who are overly trusting
of one another. The trick is to preserve the esprit de corps
and avoid breeding mistrust among coworkers. The cor-
porate culture should foster “collegial paranoia.” Physical
security is just another problem that needs to be attacked
with teamwork, a highly valued corporate virtue. That
means everyone should expect cooperation from every-
one else in adhering to physical security protocols. Every-
one should believe that an unattended computer is a bad
thing. Everyone should expect to be turned down when
asking to “borrow” someone else’s account; this kind of
rejection should not be perceived as a bad thing. (In-
cidentally, system administrators need to keep in mind
that no group of people should be given a common ac-
count name and password because this complicates trac-
ing malfeasance to a single person.) Given what has been
said about theft of bandwidth and time, appropriate-use
policies must be communicated and justified. This is an
area where the rules may be less clear-cut than for dealing
with colleagues.
Ultimately, the goodwill of employees is invaluable.
Managers at all levels must be educated to appreciate
the crucial role they play in maintaining an environment
which does not turn employees against the organization.
Understanding that most attacks are from within is the
first step.REACTIVE MEASURES
Despite the best preventive measures, things will go
wrong. Defense in depth requires us to be prepared to
react to those calamities. This is most critical when lives
are in danger.Fire Suppression
Fire suppression systems generally release water, dry
chemical, or gaseous agents. The release can be from
portable devices, from a centralized distribution system
of pipes (perhaps with hoses which will be manually di-
rected), or from modular devices in fixed locations. Fire
can be extinguished by displacing oxygen, by breaking the
chemical reaction, by cooling the fire’s fuel below its point
of ignition, or by a combination of these.
Any fire in a computing environment should be consid-
ered aClass Cfire because of the presence of electricity.
Electrical power should be cut as soon as possible, re-
gardless of whether a conductive fire-suppression agent is
used, because any electrical shorting will work against the
suppressant. Obviously, automatic fire suppression sys-
tems must be able to function independent of the facility’s
main power supply.
When possible, it is preferable to extinguish a fire im-
mediately with portable extinguishers aimed at the base
of the fire before it can grow. Each device should have one
or more letters on the label, indicating the class(es) of fires
on which it can be used. For most computing facilities, a
dry chemical extinguisher rated A-B-C will cover all situa-
tions. The dry chemical will leave a residue, but if the fire
can be caught early, this is a small price to pay.
Countermeasures must match the potential confla-
gration, both in quantity and quality. The presence of
flammable materials requires greater suppression capac-
ity. In addition, special tools and techniques are needed for
special fires. AClass Dfire (involving combustible metals
such as magnesium) requires the application of a metal-
specificdry powder(so named to distinguish its purpose
from that of ordinary dry chemical with B-C or A-B-C
ratings). Recently certified, specialized (wet chemical) ex-
tinguishing equipment should be installed if there is the
potential of aClass Kfire (involving cooking equipment
using oils and fats at high temperature).Total Flooding with Gaseous Agents
Total floodingseeks to release enough of a gaseous agent
to alter the entire atmosphere of a sealed area (with open-
ings totaling no more than 1% of the total surface area
of the enclosure). The termclean agentis often used to
indicate that the gas itself leaves no residue (although its
decomposition by-products will). Ordinarily, the air-agent
mixture alone would be safe for humans, but fires always
produce toxic smoke.
Consequently, the best protocol is to have an alarm
continuously announce the impending release of a flood-
ing agent, allow a reasonable time period for person-
nel to evacuate and seal the area, and sound a second
alarm to announce the actual release. Doors must be self-
closing and have “panic hardware” for easy exit. Warning
signs must proclaim the special nature of the area. Self-
contained breathing equipment must be available for res-
cuing people.
The sudden release of a highly pressurized gaseous
agent has several side effects. The gas undergoes a
dramatic decrease in its temperature. Reportedly, skin in
direct contact with a release could suffer frostbite. Equip-
ment could suffer as well. The force of the exhaust is