P1: JDV
Michael WL040/Bidgolio-Vol I WL040-Sample.cls June 19, 2003 16:10 Char Count= 0
PHYSICALASPECTS OFCOMPUTER ANDNETWORKSECURITYPLANNING 81ways or may require a combination of remedies. Data
may be retrieved and equipment rehabilitated on- or
off-site. Simultaneously, operations may be (partially)
restored on-site or transferred off-site. In most disaster
recovery planning (the subject of a separate article), the
first priority is maintaining operations or restoring them
as soon as possible. There are a variety of services that can
be contracted for this purpose. Some are mobile facilities.
We concentrate here on the physical aspects of reha-
bilitating buildings, equipment, and media. Professional
disaster recovery services should always be employed for
this purpose. Because such specialized companies are not
based in every city, however, their response time does not
match that of emergency personnel. Yet for many phys-
ical disasters, the first 24 hours are the most important
in limiting progressive damage, for example, from water
and smoke. Consequently, knowledge of what to do dur-
ing that crucial time frame is essential. Good references
in this regard are McDaniel (2001) and the “What to do in
the first 24 hours!” links at the BMS Catastrophe Web site
(http://www.bmscat.com/were/press.shtml)Recovering from Fire Damage
Even when a fire has been extinguished, other prob-
lems remain. By-products of the fire, perhaps because of
the type of suppressant used, may be toxic to humans
or corrosive to equipment. As soon as practical after a
fire has been extinguished, thorough ventilation should
take place. Only appropriately trained and equipped ex-
perts should enter to begin this dangerous procedure.
Aside from the initial health hazard, improper proce-
dures may worsen the situation. Active HVAC equipment
and elevators might spread contamination to additional
areas.
Once air quality has returned to a safe level, resources
should be rehabilitated. In some cases, equipment will
never again be suitable for regular use; however, it may be
brought to a condition from which any important data can
be backed up, if necessary. The same is true of removable
storage media. Paper documents can be restored provided
they have not become brittle.
The combustion by-products most devastating elec-
tronic equipment are corrosive chloride and sulfur com-
pounds. These reside in particulate residue, regardless of
whether dry chemical (which itself leaves a film) or a clean
agent (a somewhat misleading term) was applied. In ei-
ther case, time is of the essence in preventing the pro-
gression of damage. Some types of spray solvents may be
used for preliminary cleanup. In the case of fire suppres-
sion by water, the procedures outlined below should be
followed.Recovery from Water Damage
The first rule of rehabilitating electrical equipment ex-
posed to water is to disconnect it from its power source.
Energizing equipment before it is thoroughly dried may
cause shorting, damage, and fire. The second rule is to
expedite the drying process to prevent the onset of cor-
rosion. Low ambient humidity speeds drying, whereas
high humidity (and, even more so, dampness) speeds the
corrosive action of any contaminants. If the HVAC sys-
tem cannot (or should not) be used to achieve a relativehumidity of 40–50%, then wet items should be moved
to a location where this can be done. Actively applying
heat significantly above room temperature must be done
with caution, recalling from Table 1 the temperatures at
which damage can occur to media and equipment. Hand-
held dryers can be used on low settings. An alternative
is aerosol sprays that have a drying effect. Even room-
temperature air moved by fans or compressed air at no
more than 3.4 bar (50 psi) can be helpful. In any case,
equipment should be opened up as much as possible for
the greatest effect. Conversely, equipment should not be
sealed, because this may cause condensation to develop
inside. Low-lint cotton-tipped swabs may be used to dab
water from hard-to-reach areas.PHYSICAL ASPECTS OF COMPUTER
AND NETWORK SECURITY PLANNING
Computer and network security planning traditionally
starts by identifying assets. Physical security planning
would best begin before there were any assets to pro-
tect. Whereas cyberattacks and cybersecurity have little
to do with where resources are located, the earliest stages
of physical security planning should consider and dictate
location.
Locating a facility in a particular region is usually done
with an eye to the bottom line. A variety of regional char-
acteristics influence the difficulty of maintaining physical
security and can ultimate affect profit: the availability of
electrical power and a skilled workforce; the frequency of
earthquakes, hurricanes, tornadoes, or wildfires; and the
likelihood of terrorism, civil unrest, or regional conflict.
The natural traits will stay fairly constant, whereas the po-
litical, social, and economic ones may vary dramatically
over time.
Locating a facility at a specific site within a region may
have an even more profound influence on total risk. New
factors, such as topography and neighbors, enter into the
equation at this level. A small difference in elevation can
make a big difference where flood plains and storm surges
are concerned. Higher terrain may initially look safer than
a valley but may be dealt bigger surprises due to steep
land gradients. The ground underneath may hold more
surprises, such as mine subsidence. Rail lines, major thor-
oughfares, massive electrical lines, natural gas pipelines,
and even major water mains pose potential threats. Ad-
jacent establishments may be high-profile targets, have
hazardous operations, or produce abundant electromag-
netic pollution. Choosing to have no close neighbors may
have long-term consequences if adjoining parcels of land
are later occupied by high-risk establishments. Being
in an isolated area has implications for emergency ser-
vices.
Locating departments within a building should ide-
ally influence its design and construction. Critical depart-
ments and support equipment (including backup power)
should be in the safer areas, not in the basement or on the
top floor. Within departments, the most crucial resources
should preferably be placed away from windows and over-
head plumbing. Safes for any on-site backups should
be in windowless, interior rooms with high fire ratings.
Flammable and hazardous material must be contained