FEATURE
metal mesh, it should be able to resist a
machine. No data rooms should have an
external wall as its interior wall so that
entry through the wall only leads to the
next layer/zone.
This process continues into and around
the building, with security access controls
(PIN, bio metric etc) zoned to each person,
CCTV, mantraps with weight checks etc.
In a perfect world the security entrance
would be unmanned (no bullet-proof glass
needed or risk of physical threats) with all
interface done via intercom, CCTV and a
security tray.
be fitted with vibration monitoring both
above and below ground.
Ian Bitterlin, Consulting Engineer and
Visiting Professor, Leeds University
the term paranoia? There are numerous
possible threats that can be mitigated
against but have almost never been
realised. For example, vehicle traps
(bollards) and ram-raid precautions,
although no data centre has ever been
assaulted in that way.
For example, the following principles serve
as a shopping list of a physical security plan:
A boundary without adjacent roads (no car
bomb or mobile ENP risk) or neighbours
presenting physical threats (fire, smoke,
dust, chemicals etc). A 4m metal fence
(3m above and 1m below ground level)
topped with a coil of razor-wire. If any
access path is easy by a machine, then
heavy steel upright columns set in
concrete. The fence can have a ditch to
act as an additional vehicle trap and can
46
Issue 10
An access road that has a 90-degree bend
at the end so that a high-speed run-up
isn’t possible. If possible then CCTV
monitoring should be on all local approach
roads and security rounds extended to
parked cars. All staff and visitor cars must
be parked outside this perimeter fence
yet still only be accepted with a 24-hour
prior appointment that has been checked.
A separate entrance for pre-booked
personnel with an internal fence to the
facility entrance.
Deliveries, trucks etc, only by prior
appointment as before but through a
barriered and trapped holding section
before entry is allowed and only accessible
to the loading bay. All the exterior fence
and the space between the external
boundary and the building should be
monitored by CCTV, infra-red and motion
activated sensors. A dummy system
should disguise the active camera and
sensor system.
Lastly, for physical threats to the facility,
we should these days consider the threat
from drones. Those that carry a 1kg
payload and have a range of at least 1km
to 2km are cheap and pose a considerable
threat. The disruption and anonymity
(without apprehension) was clearly
demonstrated at Gatwick.
The threat to a data centre is simple.
Multiple drones, each carrying one litre
of acid, flown into the heat rejection coils
(aluminium and copper) of the cooling
system plant could disable the facility for
weeks. Protection, via physical nets, or
frequency jamming needs to be planned
if that level of security (or paranoia) is
deemed necessary.
And finally, to disable the facility from
performing its task, without gaining
access or even approaching too close,
there is the threat of cutting the fibre
links between the facility and the outside
world. Maps are available for routes and
the fibre-pits are both clearly marked and
almost never ‘locked’.
The space between can have everything
from motion, heat, vibration and tunnelling
sensors to dense African thorn hedge
planting to slow-down any unwanted
visitor. Exterior lighting is essential but
infra-red is also recommended. Cutting isn’t the fastest, nor the most
disruptive method of disablement – that
is probably reserved for fire. A well-timed
simultaneous attack using a gerry-can
of finest unleaded into each fibre-pit
(and there are often diverse routes to be
attacked) and the facility is off-line for a
considerable time or for an event targeted
for that facility.
The external wall should have no
fenestration and incorporate a metal
Faraday-cage. Ideally of heavy solid
construction, or incorporate heavy All the security efforts (and paranoia)
comes down to an issue of remote
connectivity that does not involve
intrusion or high risk for the ‘perps’. ◊
www.intelligentdatacentres.com