As every executive in the financial industry is well aware, data and digital communications are a crucial area of security concern. But while considerable efforts go into protecting banks’ and insurers’ digital infrastructure from malicious actors such as hackers, how many executives have considered the risk of fire to their digital fortresses?
The security threats faced by financial institutions can generally be divided into physical and digital, with banks and other companies investing continuously to keep their security measures up to date in both arenas. However, from a fire safety point of view it is the interface of these two worlds that provides the point of greatest danger and no amount of steel or clever software can help. Indeed, both have the potential to make matters worse. This is because reliable fire detection for ICT electrical cabinets is difficult in the best of circumstances and the challenges become even greater as computing power increases and locations become more remote or hard to access.
The data that drives modern finance is physically stored and processed by banks of servers networking equipment and storage arrays staked together in cabinets where they give off a significant amount of heat as a side effect to their furious electronic activity. They are, effectively, a giant fire hazard that requires continuous cooling and monitoring. On the one hand, even the smoke from a smouldering electrical element within a data cabinet can damage many other delicate computer components. On the other hand, uncontrolled, wide-ranging shutdowns can itself have a serious effect on such crucial financial infrastructure.
Planners therefore need to find a way of offering both very early and very reliable fire detection. Whereas once financial institutions simply outsourced their ICT needs to general cloud providers, the current landscape is more complicated because many companies have increased their in-house data processing to offer a hybrid data model, relying on edge elements to their data architecture which can be more closely protected from external risks. Wherever the data cabinets are hosted, risk management for any financial institution must consider their physical safety.
Cabinet protection challenges
Reliably protecting data cabinets from fire presents considerable challenges: the cooling systems that are used to prevent equipment from overheating are usually based on high airflow. Typically, server or storage racks will be positioned to have hot aisles and cold aisles, with cool air circulated from the cool side, through the electrical cabinets and extracted out of the hot side. This system of equipment cabinet row containment creates a unique high and turbulent airflow environment that not only poses significant challenges to the early detection of diluted smoke, but also impairs timely human intervention and the actuation of a pre-action sprinkler system, water mist or clean agent gaseous release.
Current practices permit most computer rooms to use 24°C supply in the cold aisle. This leads to the increase of operating ambient temperature in the hot aisle to the point where it can exceed approved levels for some fire detection and suppression equipment. These unique HVAC characteristics present challenges to how fire detection is interfaced with suppression release, in particular with interlocked or double-interlock sprinklers, water mist and clean agent gaseous suppression systems.
Additionally, the normal practice of conducting a general power-down (e.g., HVAC shut-down before the release of gaseous suppression) upon an initial fire alarm will lead to other side effects. In one documented case, a computer room with 250 ICT cabinets at 6 kW/cabinet went from 22°C to 32°C within 75 s when the cooling was lost.
The only protection against a potential data catastrophe is therefore Very Early Warning Fire Detection (VEWFD). This is an accepted international practice which combines highly sensitive detection equipment with a staged alarm and response system. Naturally, prescriptive building and fire codes for property protection and life safety exist in every country and must be met. But they do not go far enough and critically for sensitive financial data banks, they do not offer any guarantees to a company’s ability to remain in business. We must look to Performance-Based Design (PBD) methodologies to safeguard business continuity through risk and situational assessment. This will combine early yet reliable smoke detection to enable suppression system interaction and integrated site incident and emergency response.
Fit-for-purpose fire detection
When combining the prescriptive and PBD approaches to design a fit-for-purpose fire detection system for a datacom facility, it is important to select advanced detection products. Aspirating smoke detectors such as Securiton’s SecuriSmoke ASD allow for flexible design with quantifiable and reliable detection performance. With aspirating smoke detectors, sampling holes can be positioned at many points in the airflow through data cabinets. Combined with the high sensitivity available through the large detection chambers of such devices, this ensures even the slightest smouldering in electrical contacts will quickly be picked up. These devices can then offer multiple layers of pre-alarm and alarm, ensuring that a timely and measured response can be launched.
Such a staged response is the best way for organisations to protect their most critical business infrastructure: the earlier that an incident can be checked, the greater the chance of avoiding a false alarm. But at the same time, intervening to stop a fire at the early smouldering stage is far less destructive, while also keeping damage from the actual fire to a minimum. A detailed design guide to PBD and Very Early Warning Fire Detection for data centres is available on Securiton’s website. Although risk managers in finance have tended to leave such matters to datacom specialists, the importance of ICT infrastructure to the world’s finances means it is time for banks and insurers to fully understand fire risks and ensure their infrastructure is as well protected physically as it is digitally.
© Technews Publishing (Pty) Ltd | All Rights Reserved