Physical Security and Facilities Management 101
Download
Report
Transcript Physical Security and Facilities Management 101
Physical Security and Facilities
Management 101
David M. DiQuinzio, P.E.
Strategic Facilities, Inc.
Kathleen A. Lucey, FBCI
Montague Technology
Management, Inc.
1
Session Agenda
Kathleen:
David:
• Introduction and ground
rules
• Physical Access Security
• Incident Management
• Introduction to SFI
•
•
•
•
Reliability vs. Availability
The Players
Risk Assessment
Case Studies
Questions & Discussion
2
GROUND RULES
Please interrupt immediately if you...
Can’t hear
Can’t see or read the slides
Find the presentation confusing
…Let’s address the situation ASAP!
3
Introduction
It’s about working together to avoid the
interruption and minimize both its recurrence
and its impact...
Who are the players...and how do we work
together ?
Making the right decisions for design, detection,
and response
Managing the incident to minimize impact and
deter recurrence.
4
Where are MOST of the
Continuity Challenges ??
CONTINUITY ISSUES
Catastrophic Interruptions
Minor Interruptions
Everyday Blips
Process
Dysfunctions
BCARE SOLUTIONS
Continuity
Availability
Reliability
Engineering
5
Physical Access Security
Establishing Perimeters
Implementing and Maintaining a System,
Equipment, Procedures
Defensive Depth, Universal Application
Monitoring / Detection / Response
Common Intrusion Techniques
6
What is a Perimeter?
Controlled border
• External: Public / First Level. May be outside
of building.
• Second: Building Access. May include
elevators and stairways.
• Multiple interior: authorization related to
function-based “need to know”
7
Systems, Equipment, Procedures
System components: hardware, software, devices,
data, personnel (operators and staff)
Equipment: readers, tokens, cameras and video
recorders, screen monitors, barriers (turnstiles,
man-traps)
Procedures: operator, equipment maintenance, log
review, token issuance, authorization maintenance.
System upgrading. Guards.
8
Defensive Depth
Multiple barriers to breach: make an
intruder work harder
Multiple levels, multiple techniques
Multiple levels of monitoring and detection
Introduce random supplemental checks
9
Universal Application
Every time
Every person
Every control point
Weekdays, nights and weekends
Especially no “official piggybacking”
Why: keeps the “bright line” between
authorized and unauthorized
10
Monitoring/Detection/Response
Monitoring: what conditions, when
Detection: manual, automatic, alarms; who is
notified?
Response:
√ Who, what, when
√ How contacted
√ Logistics and SLA
Failure in any area “breaks the chain” of response
11
Common Intrusion Techniques
“Piggy-backing”
Poor housekeeping of access privileges
• Terminated employees
• Transferred employees
“I have a delivery for Mr./Ms. X.”
Concealment within interior protected areas
Exploitation of known system flaws
12
Incident Management:
How to Get a High ROI
13
Incident Management
Players
Response Management
Debriefing and Documentation
Follow-up: Implementing Adjustments
14
Players
BC should be taking the LEAD
IT
Facilities: Internal, Building Management,
+ vendors, contractors
Physical Security: Internal, Building
Management, + external contractors
15
Response Management (1)
Get complete information:
•
•
•
•
equipment/environment state
relevant time/day data
understandable alarms
supporting systems
Notify the most knowledgeable person for this
case within the appropriate time interval
Eliminate response single-points-of failure
through cross-coverage and training.
16
Response Management (2)
Who is in charge of logistics procedure?
• BC should design, implement, and maintain, and should
be involved in every incident.
• Should NEVER be IT, Facilities, or Physical Security
alone.
Analysis and problem resolution leads to design of
the fix.
The fix is then applied by the appropriate party,
but...
THE FIX DOES NOT END HERE!
17
Debriefing and Documentation (1)
Formal post-incident meeting
Led by BC; includes all fix participants + others
Cause analysis:
• Proximate cause
• Contributing causes
• Underlying causes
“Fix” design for all causes
18
Debriefing and Documentation (2)
BC assigns responsibility for implementation of
changes/adjustment to a named person.
Date for change completion, including documentation, is
agreed upon
BC is responsible for follow-up.
BC provides a formal, written meeting record to all
participants AND their management.
BC facilitates any budget or resource allocation necessary
to design/implement change.
EFFECTIVE PERFORMANCE OF THIS STEP IS
THE ONLY WAY TO MAXIMIZE ROI
19
Follow-up: Implementing
Adjustments
• BC signs off on correct implementation of
change.
• BC, working with other units, ensures that
any necessary training is provided.
ONLY BY EXECUTION OF THIS KIND OF
PROCEDURE CAN YOU PREVENT
RECURRENCE OF THE SAME INCIDENT.
20
BREAK!!
21
Introduction to Strategic Facilities, Inc.:
Dave and Dave
Founded in January 1996 by David A. Sjogren;
David M. DiQuinzio becomes co-owner in 1997.
Today SFI is multi-disciplinary and nationwide
practice
22
Dave and Dave
DiQuinzio
Sjogren
• 6+ years at Chase Manhattan
Bank - 6+ years. Project
Manager (Mechanical
/Electrical) at MetroTech Center
- Brooklyn, NY
• 3 years at PRK Associates Critical Facility Engineering
Specialists. UPS System
Design and Testing,
Reliability/Capacity Studies.
• 11+ years at UPS as IT
Facilities Director
• Ramapo Ridge Data Center Mahwah, NJ
• Windward Data Center Alpharetta, GA
23
SFI Clients and Projects
Typical Clients
Projects
• Site Capacity, Reliability & Ops
Analyses
• Critical Systems Testing &
Commissioning
• Operating Procedures &
Programs
• New Critical Systems
Technology Studies
• Serve as Interim Facilities
Department
Hughes
State Street
Cingular
Safeco
1st National Bank of Omaha
Salt River Project
24
PHYSICAL INFRASTRUCTURE
SECURITY - FROM A CRITICAL
FACILITIES GUY
25
PART 1
Overview &
Introduction
26
GET WITH THE PROGRAM...
1. Overview & Introduction
2. Facilities, Security, Information
Technology and BCP - Risk & Reliability
as Common Threads
3. Case Studies - Using Risk & Reliability
Language to Improve Coordination among
Facilities, Security, IT & BCP
27
PART 2
Facilities, Security, IT &
BCP - Risk & Reliability
as Common Threads
28
WHAT YOU ALREADY KNOW
Good Things:
• Card readers and physical access control systems
• Cameras
• Locked doors
Bad Things:
• Piggybacking
• Easy-to-guess passwords
• Asleep at the console
No need to hear that again
29
WHAT YOU MAY NOT KNOW...
Facilities & Security co-dependencies
How they affect the enterprise risk picture
How formal risk assessment techniques
developed for other industries are
emerging as tools to reduce critical
facilities risks
How all this relates to BCP/DR
…UNTIL NOW
30
SO WHAT? WHO CARES?
Poor Facilities/Security/IT/BCP coordination =
Wasted resources
Risk picture not fully understood
Risks not fully addressed
CEOs, CFOs, CIOs, CHAIRMEN AND
DIRECTORS CARE ABOUT THESE THINGS...
...AND SO DO REGULATORS
31
Copyright 2004 Strategic Facilities Inc. All rights reserved
3 THINGS TO TAKE AWAY
Coordinate Facilities and Security before
investing in reliability and BCP/DR
improvements - or waste your resources
How? Get everyone on the same page with
common language
The language of formal risk assessment
techniques does this very well; it’s worth
taking time to learn
32
AND ANOTHER THING...
…you don’t have to become a risk assessment
expert to learn and use the language and get
value from risk assessment concepts
HOW DO WE KNOW?
BEEN THERE, DONE THAT
33
WHAT LIFE IS
LIKE FOR OUR
CLIENTS...
34
WHAT THEY DO RESTS ON
SUPPORTING SYSTEMS
35
Copyright 2004 Strategic Facilities Inc. All rights reserved
A SHORTFALL IN THE CORE
BUSINESS…WE CAN’T HELP
36
WE CAN’T FIX THIS,
EITHER…
37
Copyright 2004 Strategic Facilities Inc. All rights reserved
OUR MISSION & PURPOSE:
AVOID THIS
38
Copyright 2004 Strategic Facilities Inc. All rights reserved
AERIAL VIEW
39
SOMEWHERE AT THE BASE...
40
SECURITY & FACILITIES
SECURITY NEEDS FACILITIES
Surveillance & Access Control need power
Cameras need light
Guard force needs decent environment just like
everyone else
FACILITIES NEEDS SECURITY
Extra eyes and ears to for building problems
Help screen visiting technicians
Reduce tampering with building systems
41
MANAGING CRITICAL
FACILITIES: PROJECT CIRCLE
42
FILL IN THE GAPS...
43
WHAT WE’VE LEARNED
FROM DOING THIS RISK ASSESSMENT LESSONS
RISK
•
•
•
•
•
Probability that something bad will happen?
Variable #1 - FREQUENCY
How bad if / when it does?
Variable #2 - SEVERITY
It’s TWO DIMENSIONAL
44
THE RISK PICTURE
45
WHAT TO ACT ON?
46
ACCEPTANCE CURVE
47
IN YOUR CASE, PERHAPS...
48
BUT FOR SOMEONE ELSE...
49
WHERE WE SEE PROBLEMS
50
WHAT SEEMS TO WORK
51
Copyright 2004 Strategic Facilities Inc. All rights reserved
MORE LESSONS
RELIABILITY
• What is the probability that a system will
•
•
•
•
operate correctly?
Over what mission time?
Severity of failure is part of the risk
conversation, not the reliability conversation
Duration of failure is also a separate variable
Duration is also part of the risk conversation
and also NOT part of the reliability
conversation
52
EMPIRICAL LIFETIME
53
THE GOAL...
54
WORTHWHILE? MAYBE...
55
MAYBE NOT...
56
reserved
LESSONS III
MORE RELIABILITY
Can be expressed as Mean Time To Failure
(MTTF)
MTTF is OK, but lacks mission time context
Probability of success over mission time does a
better job of depicting the situation
Probability of failure
= 1 - (Probability of success)
Duration of failure known as Mean Time To
Restore, or MTTR
Probability of success or failure of an individual
system does not depend on MTTR
57
LESSONS IV
AVAILABILITY
•
•
•
•
Different concept entirely
Comparison of MTTF & MTTR
Mathematically: MTTF / (MTTF + MTTR)
Grossly misused throughout industry in the
form of “nines”; usually, MTTF >> MTTR
• Misuse due to two-dimensional nature
• Does not mean that MTTR and Availability
do not matter
58
AVAILABILITY - IT DEPENDS
59
RELIABILITY VS.
AVAILABILITY
System “A”
1 failure; end of year 9
Down entire year 10
Reliability: MTTF = 9
yrs; only 1 sample
Availability: 90 %
More reliable (?), less
available
Less certain
System “B”
4 failures, avg. 1/2.5 yrs
Down 5 min each time
Reliability: MTTF = 2.5 yrs,
4 samples
Availability: 99.996 %
More available, less reliable
More certain
60
LESSONS V
HOW SYSTEMS FAIL
• Independently due to internal, local failure
• Due to a “common cause” effect; that is,
something that affects entire system at once
• Natural or man-made disaster, for example;
tend to be high severity, low frequency
• Human error is most frequent common-cause
failure mode; often less severe than disasters
Applies to Facilities, Security, IT, BCP
61
WHERE DOES ALL OF THIS
COME FROM?
Probabilistic Risk Assessment - known as PRA
Taught at MIT, Stanford, etc.
Initiated by German rocket scientists during
WWII to explain V2 rocket failures
Brought to USA by Werner von Braun and his
associates
Refined by many over the years since
62
PRA ACCOMPLISHMENTS
Aviation: Odds of you NOT getting off a
commercial airliner in one piece are now less
than one in one million
Nuclear Power: USA output is up 20% and
reportable incidents down despite older fleet
and no new plants since early 80’s
Slow and steady improvement, not gee-whiz
breakthroughs
Very limited application in Facilities arena
63
Copyright 2004 Strategic Facilities Inc. All rights reserved
PART 3
Case Studies:
Using Risk & Reliability
Language to Improve
Coordination among Facilities,
Security, IT & BCP
64
CASE #1 - WHO CAN GO
INTO THE DATA CENTER
Client is a hedge fund; they develop and use
proprietary applications to execute trades.
Frequent hacker target; security is tight.
Big battle over who has access to data center.
Facilities team is responsible for power and cooling
in there!
Facilities team members are not employees:
Should they be allowed in?
65
CASE #1 - WHO CAN GO
INTO THE DATA CENTER
Result for Case #1:
Debate spurred client to grow in-house staff and
reduce presence of non-employees while
expanding the ability to grant and track
physical access privileges.
66
CASE #2 - OPERATOR
TRAINING FOR NEW SITE
Client was considering building a new facility
specifically designed as a data center.
Limited pool of building engineers to transfer to
new facility; mostly air conditioning guys.
Client is late in recognizing problem and planning
for commencing operations.
How should the client prepare to operate and how
much should they spend to do it?
67
Copyright 2004 Strategic Facilities Inc. All rights reserved
CASE #2 - OPERATOR
TRAINING FOR NEW SITE
Result for Case #2:
Client saw the folly of spending $25 million on
a new site and risking outage due to human
error; instead implemented a full program of
procedure writing and training to reduce
errors.
68
Copyright 2004 Strategic Facilities Inc. All rights reserved
CASE #3 - WHO SEES STATUS
INFO ON BUILDING SYSTEMS
Client agreed to lease space in former co-lo site taken
over by landlord.
Landlord has never managed critical facilities before.
Power and cooling status info goes to NOC via HP
OpenView and other means systems.
NOC personnel are trained in only IT, not Facilities.
Analysis finds AVAILABILITY too low
What should the landlord do?
69
CASE #3 - WHO SEES STATUS
INFO ON BUILDING SYSTEMS
Case #3 Results:
Landlord contracted for fast emergency response,
added auto-paging capability, and trained NOC
staff to relay vital information to qualified
responder en route.
70
CASES #4, 5, etc....
ANY SUGGESTIONS?
71
RECOMMENDATIONS &
CONCLUSIONS
1. When confronting a risk, ask yourself:
How often is it likely to occur?
How bad will its impact be if it does occur?
2. Then, compare this risk to others you face:
Is it likely to occur more or less frequently?
Is its likely impact more or less severe than others?
3. Apply this approach consistently across IT, Facilities
and Security
72
MORE RECOMMENDATIONS
& CONCLUSIONS
4. When evaluating a risk reduction measure:
What does it require of other sectors - e.g., if it’s a
Facilities measure, what do IT and Security need
to do to make it work?
Who will do those things and how?
Same question for Security and IT initiatives
5. Then, look across sectors...
What other exposures are out there?
Who should address them?
73
Copyright 2004 Strategic Facilities Inc. All rights reserved
Q+A
74
Contact us at:
• David M. DiQuinzio
• (973) 903-3699
• Kathleen A. Lucey
• (516) 676-9234
• [email protected]
• [email protected]
75
LATER, DUDES!!!
76