Going Underground

Inside a computer security fortress

It's cold. A light dusting of snow covers the fields in the valley. It's silly o'clock in the morning and I'm beginning to wonder what I'm doing in the depths of the Hampshire countryside. Then I find the entrance: a steel windowless door leading directly into the hillside.

The door is opened by an ex-submariner who must enjoy being underground. He has been looking after this former cold war nuclear bunker since it was decommissioned in 1991. Welcome to Symantec's security operations centre.

Originally designed to house 30 employees of Southern Water for two months in the event of nuclear war, the bunker boasts state of the art security. Every part of the building and its surroundings is monitored by video camera. Entry is via an airlock protected by 18 inch-thick steel doors. The facility's walls are 18 inches thick and made from reinforced concrete. The concrete on the roof is over seven feet thick, reinforced with steel. You could store the crown jewels here.

Inside, apart from the lack of windows and the ubiquitous cameras, it feels like a normal office. At the heart of the building there is an open plan room that looks like NASA mission control on dress-down Friday. A dozen engineers study the computer screens in front of them. Their job? Nothing less than constant surveillance of the internet for emerging threats.

The Hampshire bunker is one of six security operations centres that Symantec runs worldwide, on the front line of the fight against viruses and Trojans. They are digital security guards for the company's large corporate clients. They have direct access to their clients' firewalls and intrusion detection systems. This is why they need such strong security - how else will their clients trust them with the keys to the kingdom? However, I don't think Symantec are unaware of the drama of such a setting.

Although the bunker itself sets an impossibly high standard for the rest of us to live up to, it embodies universal principles of physical security:

•	Physical hardening. You don't need blast protection, radiation filters and steel doors but you can make unauthorised access to your office and your computer room more difficult. For example, you can fit discreet steel plates to the backs of wooden doors, and fit steel bolts to stop them being kicked down.
•	Access control. A decontamination shower may be an awkward way to greet visitors but controlling who gets into the building is vital. Checking and making sure people are properly escorted can reduce the risk of walk-in hack attacks and theft.
•	Accountability. At the bunker, every room is monitored with a video camera. They store the data for three months so they can check up who went where if a breach occurred. Keeping security logs seems like a chore until you need them.
•	Redundancy. The bunker has standby generators and uninterruptible power supplies in case of power failure. Do you?