U.S. flag

An official website of the United States government, Department of Justice.

NCJRS Virtual Library

The Virtual Library houses over 235,000 criminal justice resources, including all known OJP works.
Click here to search the NCJRS Virtual Library

NEVADA COMPUTER FACILITY - COMPUTER SECURITY REQUIREMENTS STUDY

NCJ Number
53539
Author(s)
ANON
Date Published
1977
Length
25 pages
Annotation
RESULTS ARE REPORTED OF A SECURITY SURVEY THAT CONCENTRATES ON MEASURES FOR IMPROVING A COMPUTER FACILITY'S VULNERABILITY TO TERRORISTS, SABOTEURS, OR DEMONSTRATORS.
Abstract
THE CONSTRUCTION OF THE EXISTING COMPUTER FACILITY IN CARSON CITY, NEV., IS DESCRIBED, ALONG WITH ITS CURRENT SECURITY MEASURES. PHYSICAL WEAKNESSES, PROCEDURAL WEAKNESSES, AND EXTERIOR WEAKNESSES INCREASE THE VULNERABILITY OF THE FACILITY. IN THE AREA OF PHYSICAL WEAKNESSES, ALL EXTERIOR DOORS ARE SUBJECT TO FORCED ENTRY DURING A SEMISKILLED PHYSICAL ATTACK. A SECOND PHYSICAL WEAKNESS IS A GLASS WALL PROVIDING A CLEAR VIEW OF THE COMPUTER ROOM FROM OUTSIDE THE BUILDING, ALLOWING EASY 'CASING' OF THE LAYOUT WITHOUT HAVING TO ENTER THE BUILDING. A THIRD PHYSICAL WEAKNESS IS THE ABSENCE OF ANY MEANS OTHER THAN THE TELEPHONE FOR SUMMONING HELP IN AN EMERGENCY. A BLOWOUT PANEL ON ONE OF THE EXTERIOR WALLS, COVERING AN OPENING LARGE ENOUGH FOR A PERSON TO ENTER, PROVIDES ANOTHER MEANS OF EASY ENTRANCE INTO THE BUILDING. THE MOST SERIOUS PROCEDURAL WEAKNESS IS THE POOR VISITOR CONTROL PROCEDURE. KEY CONTROL PROCEDURES ARE ALSO DEFICIENT, AND FAILURE TO LOCK ALL COMPUTER ROOM DOORS DURING NIGHT AND WEEKEND HOURS CONSTITUTES A THIRD PROCEDURAL WEAKNESS. EXTERIOR SECURITY WEAKNESSES OCCUR IN THE TRANSFORMER-GENERATOR AND AIR CONDITIONING CHILLERS. ALL THREE UNITS ARE LOCATED ON THE EXTERIOR OF THE BUILDING AND ARE THUS VULNERABLE TO ATTACK. RECOMMENDATIONS ARE OFFERED FOR ELIMINATING OR REDUCING VULNERABILITY IN EACH OF THE AREAS IDENTIFIED. THE APPENDIXES INCLUDE DISCUSSIONS OF DOOR ASSEMBLY STANDARDS, A LOCKING SYSTEM, A BUZZER-REPLY INTERCOM SYSTEM, AND RECOMMENDED ACCESS CONTROL PROCEDURES. (RCB)