Headwall Security - Thoughts and revaltations

When there is a power event in a region that effects an data center what does that mean to a security operations team? I have known teams that walk a facility to ensure that every system is performing as intended, backups are secure, and that know physical breach has occurred. I also have known a team that cheered hoping to go home and walked out of the SOC to go get a cup of coffee with no regard as to whether systems we on line. So what is the right response? Is it a question of scale? Is a power event an issue for the networking and facilities group in a large organization and not something for security operations to worry about while in a smaller organization it is key for security to be a part of the triage of a power event? These are decisions that need to be answered in the security response plan for any organization.

A power event impacts data handling in any organization and while it may be the responsibility of a system owner to ensure their system is up and running, it is the responsibility of security operations to ensure the integrity and security of the data. A system owner may not have the tools, knowledge or faculties to attest to whether a sneaker attack or some other malicious event took place at the time of the power event. Their concern is whether their system is on line, which may simply involve a remote ping. They may not even notice an IP spoof or the drop of a couple of packets from their host. at the time of the event. A power event also provides opportunity for data to walk without notice. System owners will not notice tapes or thumb drives missing which might have caused an alert at other times.

Security Operations for any organization need to have a plan for managing events like these and for holding departments or individuals accountable during a power event or other interruption to normal operation. How does your organization manage these types of events?