Security Issues and Solutions Part 1: Anthrax and Other Terrorist Threats
- New World Threats
- More Conventional IT Security Terrorism
- Security Policy
This first of a six-part series of articles on security issues focuses on computer system security issues and solutions. Although directed significantly at Windows 2000, the principles outlined apply to all operating system environments... but first some sensationalism about anthrax and biochemical threats.
It might seem odd to begin a series of articles on computer security with a reference to anthrax-based terrorism. However, since the events of September 11, the need for a fresh examination of security on all levels is obviously required. The anthrax threat in relation to computer security is real. In this first article, I want to not only underscore general IT security principles, but also to recount my first-hand experience in the front lines of anthrax decontamination efforts that may have wider implications.
New World Threats
I was recently brought in as the lead computer industry consultant dealing with the anthrax contamination of U.S. Postal Service electronic equipment. As a result of this activity, my concept of a computer bug was turned inside out. The anthrax bacterial spore represents a brand new type of computer infection. Science fiction has just met reality in recent weeks. It seems that computer equipment from the ill-fated Postal Service facilities in New Jersey had been sent for repairs to the critical parts center in Indianapolis. The fear was that anthrax-contaminated equipment could spread the threat of computer-distributed bacteria to many corners of the country.
Why does anthrax on a computer represent a threat? The basic design of computing equipment makes it a natural host. Anthrax spores are attracted to static electricity. When you couple this with cooling intake and exhaust fans of the typical computer and printer, the mode to make anthrax airborne (and therefore potentially deadly) becomes evident.
In the drama that unfolded in Indianapolis, the isolation of suspect equipment became a priority of equal importance to the public health considerations for the employees at the facility. Although humans can be effectively treated by antibiotics when diagnosed in the early stages of infection, such a remedy was not readily available for the suspect electronic equipment. When the CDC confirmed the presence of anthrax, decontamination efforts had to proceed. As it relates to computers, the standard methods simply did not apply. Corrosive gases, harsh chemicals, radiation and boiling were our options... the good news is that we could destroy anthrax spores, but not without also making the electronic equipment inoperative.
This story underscores what any enterprise might face. While hopefully unlikely, computing equipment in an office environment could be infected and represent a threat. In addition to the potential loss of life, the economic loss is also present. I mention this fact because we are still on a crusade to find solutions. If anyone has any ideas, please drop me an e-mail message.
We have entered a new phase in enterprise security. Biological and chemical terrorism may never impact the main stream commercial environment, but we must be aware of our need to think about precautions at every step—both for new world threats and those that have plagued IT professionals for years.