NASA’s Converged Security
Sprawling campusThe center’s campus is made up of 90 buildings containing more than 6,000 computer systems and approximately 1,000 servers. IT is a critical horizontal function that supports the center’s ability to achieve its mission. With more than 200 computer and server rooms, communication closets, telecommunications platforms and associated dedicated battery rooms, the center owns a complex, mission-critical enterprise environment. The Applied Information Technology Division (AppTech), led by George Alger, assistant division chief, is charged with maintaining IT equipment, services and support to provide safe and reliable IT infrastructure for the 4,500 personnel at the center. In order to achieve this mission, the center must closely monitor the physical location and condition of systems to ensure that they will neither be adversely affected by their environment nor by theft or tampering.
The AppTech team is comprised of just 100 members. In light of this reality, the team is focused on maximizing efficiency. Physically monitoring systems for environmental conditions such as temperature, moisture and human tampering extends beyond the domain covered by traditional IT security and systems management product sets, yet it is critical for mission success for the center. Temperatures at Moffett Field fluctuate from 45 to 90 degrees on a daily basis. Often deployed in non-traditional IT environments, such as closets, systems are prone to overheat and malfunction. The failure of an air conditioning system or a water leak can negatively impact IT functionality.
Beyond environmental concerns, AppTech needs to monitor the use of IT systems to ensure that important components are only moved when authorized and that systems are kept plugged in. More than 1,000 NASA, contractor and visitor personnel move about the campus on a monthly basis. In the course of executing their regular duties, unauthorized personnel have unplugged systems and disconnected systems and networks. The AppTech team is very aware of the danger of IT interference from non-authorized users in a distributed campus and needs to closely monitor its IT assets. Further, the team needs to safeguard NASA’s equipment and intellectual property from theft.
Considering these realities, the AppTech team needed to monitor 360 degrees of IT and physical factors that impact critical IT infrastructure security as well as performance and availability. AppTech requires constant proactive awareness – the team recognizes that identifying a problem early empowers it to take immediate steps to prevent possible catastrophic system failure/damage, loss of data and, importantly, interruption of service to the user base.
Monitoring everything“It’s imperative that we monitor all critical IT systems and physical environments,” said Alger. “We need to empower our team to understand who has physical access to our distributed systems, what they are doing with the systems, as well as ensure that the environmental characteristics are stable and within band. While business continuity systems, such as back-up batteries, are only needed in emergency circumstances, we need to constantly monitor their status to ensure that they will function when required. Importantly, while we run IT functions on our IP network backbone, we cannot afford to implement a whole new network environment to monitor physical conditions. We require a converged enterprise security approach that functions on the existing IP network. Our focus is on preemptive management. Failure to take a proactive stance can cost hundreds of thousands of dollars in downtime, damaged equipment, and loss of valuable research data.”
AppTech installed 10 NetBotz WallBotz and RackBotz appliances from Austin, Tex., and a NetBotz 500 monitoring appliance. The sensors in the systems provide instant warnings about fluctuations in air quality, temperature and power levels. If levels fluctuate, day or night, the sensors send an alert over NASA’s installed IP network, telephone line or cellular network to appropriate personnel, giving them time to act before services are impacted or equipment damaged. In addition to sensors that monitor the environment, the NetBotz systems include digital cameras that provide physical security surveillance capabilities.
Such appliances leverage the center’s existing IT infrastructure to provide a monitoring solution to protect critical assets from threats like extreme temperature changes, human error and/or sabotage, power spikes, and other harmful environmental elements.
“NetBotz is extremely easy to deploy and easy to use,” said Alger. “You simply configure the appliances and plug-and-play. Technical support has been exceptional. And, the solution is very scalable, so we can add more sensors and other equipment as our requirements dictate. We started with a pilot program in 2002 and are expanding the NetBotz deployment campus wide.”
ResultsIn the last 22 months, the NetBotz monitors have alerted AppTech of several previously undetectable negative environmental changes and power outages, mitigating thousands of dollars in damages and preventing network and systems downtime. The monitors have also alerted staff to unauthorized individuals entering secure areas.
“The solution has cut our response time in half,” said Alger. “The systems have made the IT staff more efficient. Rather than spending time babysitting rooms, the team is empowered to concentrate on strategic management issues.”
Surge protection, tooThere is another environment and systems integrity concern according to Security magazine research: power surges.
John Chappie of Diversified Technology Group, Inc. (DITEK), Largo, Fla., said today’s integrators are caught between a “rock and a hard place” when it comes to including surge suppression. Most people mistakenly believe that equipment losses are caused by “direct” lightning strikes. While it’s true that nothing can stop a direct lightning strike, direct hits only account for approximately two percent of all equipment losses. Ninety-eight percent of equipment losses and downtime can be eliminated with secondary surge suppression.
Surge suppressors should be installed on all conductors feeding into electronic equipment, i.e., AC power and low voltage circuits. Surge suppression should be “external” to the equipment for better protection and ease of replacement. Security, life safety and environmental monitoring systems are useless if components are compromised by preventable surge events.
“Surge suppression is an investment, not an expense,” explained Chappie.