• Blackout:  a complete loss of power.
• Sag or Brownout:  a decrease in voltage levels, usually of short duration but may last anywhere from fractions of a second to hours.
• Surge: a short-term increase in the level of voltage, generally lasting a fraction of a second
• Spike:  an instantaneous surge causing a tremendous increase to levels of voltage, usually lasting no longer than one-millionth of a second¹.

In order to address these threats to physical security, a secure electrical system for computing equipment must possess the following properties:

1. Dedicated Circuits
2. Physical Access Control must be implemented for:
   • Master Circuit Breakers
   • Transformers
   • Power Distribution Panels and Feeder Cables
3. Emergency Power Off Controls must be installed and accessible by the personnel on-duty
4. Voltage Monitoring/Recording and Surge Protection should be in place

Ensuring Computer Availability through a Backup Power Supply
To ensure that your computer system remains available for use in spite of power supply threats, the power supply has to be made “fault tolerant” through the use of a Backup Power Supply. There are three ways to achieve this:

1. Alternate Feeders
2. Emergency Power Generator
   If using alternate feeders is not feasible, an emergency power generator should be considered as an alternative for mission critical operations. However, this security measure is very costly to maintain and operate. It is advised that a detailed analysis be performed in order to justify the high cost of this security option.
3. Uninterruptible Power Supply (UPS)
   UPS provides just enough time for the computing system to back up data and shutdown before electrical power completely fails. UPS requires regular testing and maintenance work to ensure proper operation.  Additionally, UPS involves the use of hazardous hydrogen gas.

In addition to computing equipment, Backup Power Supply is also needed for the following vital systems:

• Lighting
• Physical Access Control Systems
• Fire Protection Systems
• Communications Equipment
• Telephone Systems
• HVAC

¹Source: University of Connecticut Computer Center (1997), Electrical Disturbances, Available from: http://vm.uconn.edu/~year2000/edisturb.html [Accessed 20 March 2008].

Temperature: Between 21 and 23 degrees Celsius (70 to 73 degrees Fahrenheit) is the general optimal temperature range for computing equipment to operate.

Humidity: The best relative humidity for computer equipment operation is from 45% to 55% because an environment too humid can cause corrosion.  On the other hand, environments too dry can cause static damage. A static charge of above 20,000 volts is potentially harmful to a system.

Pressurization and Ventiliation: Positive pressurization and ventilation must be maintained in order to keep contaminants from entering the facility. Airborne particulates should be kept at appropriate levels since dust and other contaminants can impact computer hardware operation.

According to Keranen E. (2006), dust particles can contain moisture, organic material such as carbon and various minerals, and/or various chemicals. All of these can affect the reliability and life span of computing equipment.

Integrated circuits (ICs) can suffer from overheating due to the insulating effect of dust as well as suffer from electrical shorts caused by dust across their contacts. The most susceptible ICs are those having a metal lid acting as a heatsink cooling surface. To prevent overheating and failure, this metal surface and heatsink need to be essentially dust-free. Dust acts like an insulating blanket, preventing proper convection cooling.” ¹— E. Keranen (2006) Effects of dust on Computer Electronics and Mitigating Approaches.

In addition to dust, an excess concentration of certain gasses such as ammonia can speed up corrosion inside the electronic components of the system, leading to malfunction.

Some devices such as printers should be located outside of the computing facility. A printer’s toner could generate carbon particles, which are moisture absorbent and combustible, threatening the computing equipment’s security.

Of course, non-smoking policies should be enforced within critical computing facilities in order to reduce fire hazards as well as minimize the pollutants related to smoking.

¹ Keranen E. (2006) Effects of dust on Computer Electronics and Mitigating Approaches. [Internet]. Computer Dust Solutions, Available from.

http://www.computerdust.com/SPECIAL_REPORT_ON_DUST_
EFFECTS_ON_ELECTRONICS.pdf [Accessed 17 March 2008].

Tags: Environmental Controls, Environmental Physical Controls, Pollution

• Local Crime: Is the site a prime area for criminal activities?
• Natural Hazards: Does the location have a high occurrence of flooding, earthquakes, thunderstorms, or other natural hazards?
• Power Supply: Is there a stable power supply for your computing facilities?
• Access: Is the locations easily accessible, for personnel, suppliers, and others needed to access to the location?
• Existing boundary protection: Is the location secure?Security controls such as fencing, adequate lighting, and detection systems, including motion sensor and video surveillance systems, need to be in place. The detection system must be equipped with a reactive system preventing (or at least delay the progress of) intrusion of any trespassers. This can be accomplished with nuisance alarms as well as prearranged response forces, such as the local police or hired security guards.
• Nature of Facility:  Is the facility shared with other tenants?It is critically important that the condition of sharing with co-tenants will not undermine the level of security. Strong security measures need to be in force.

In addition to facility management, we should also consider other factors of physical security. But choosing the right facility in the first place is the foundation for all other physical security controls to be enforced effectively.

Why? Think about it. If someone manages to get into your server, physically accessing your computers, he or she can cause serious damage. Some examples of damage possible can include: removing the hard drives from your computer, stealing computer backup tapes, or simply shutting down the power to your servers. All of these can be accomplished in the blink of an eye, without involving serious technical skills. As we have mentioned before, security is the weakest link in your system. For this reason, we should not overlook physical security.

To understand physical security, we first need to understand physical threats.

The are three types of physical threats:

External physical threats:

• Flooding, lightning, earthquake, wind, tornado, hurricane, ice, fire, chemical

Internal physical threats:

• Fire, environmental failure, liquid leakage, electrical interruption

Human physical threats:

• Theft, vandalism, sabotage, espionage, errors

To prevent these threats from becoming reality, physical security controls should be implemented.  Some examples of effective physical security controls include:

Exterior physical security controls:

• Fences, Barriers

Entrance physical security controls:

• Doors and Gates with Locks

Administrative physical security controls:

• Badges and Escorts

Property physical security controls:

• Monitoring/Detection Systems, Lighting

Environmental physical security controls:

• HVAC System, Power Protection, Water and Fire Protection

All of these controls require detailed and careful planning prior to setting up an office with computing facilities. We will discuss physical controls in more detail later.

Tags: Administrative Physical Security Control, Environmental Physical Security Control, Water Protection