Viewable by the world


All employees, guests, and collaborators share in the responsibility to protect the Laboratory's information assets and resources. Physical security of IT assets is an important component of this responsibility. Physical security provides the first line of defense in cyber security. Someone who can steal your machine or sit down at it and start working represents as much potential disruption to your work or data as cyber incidents do.


1. Adopt a graded approach

Physical security of IT resources at LBNL should follow a graded approach. Use additional caution with those devices that contain information where the confidentiality, integrity, or availability of the information is of greater importance. Take reasonable steps to protect your devices like locking your workspace after hours, placing laptops in inconspicuous locations when unattended in your office, home, or hotel room, and using additional measures such as laptop-locks and computer-locks where appropriate. Resources:

2. Use caution with portable devices

Portable devices such as laptops, CDs, and USB memory keys are easily lost and are often an attractive target for thieves looking for the device - or the information it contains. Never store Protected Information on a portable device or assume that information on your laptop or USB thumb drive are "safe". Assume that portable devices will eventually be lost or destroyed. Read .

3. Ensure adequate protection against environmental threats

In a graded manner, ensure that you have identified physical threats in your workplace and have considered the impact of the loss of your systems (for instance, from an earthquake) on your research or other work. Adequate backups may mitigate some of this risk. For information about IT's backup service offerings, visit the .

4. Use appropriate technical controls

Easy technical controls include screen saver timeouts and BIOS passwords which prevent someone with physical access to your system from easily accessing its data. Likewise, encryption of your portable or desktop device provides a strong additional safeguard since loss of the device does not mean an exposure of the data. However, you should familiarize yourself with the potential pitfalls of file and disk encryption. Ensure that at least two people have recovery capabilities for your system if you encrypt it and ensure that your keys and passphrases are appropriately protected. Ensure you also familiarize yourself with the behavior of whatever encryption system you are using. For instance, in Windows, copying an encrypted file to an unencrypted location, will decrypt the file. For more information, contact [email protected]. Resources:

5. Get help if you need it

Talk to your facilities manager or property representative if you have any additional concerns about Physical Security. You can also contact [email protected] for a referral.

Additional Readings:

Cafe Laptop Thefts: Be Alert!

A small but troubling number of incidents of laptops being stolen from cafes have been happening around the Bay Area. Typically, the user is working on their system at an outdoor or indoor table and the laptop is grabbed and stolen. In one incident, the victim provided no resistance but was nevertheless stabbed by the assailant. Be alert to your surroundings - laptops are one of the few multi-thousand dollar items most people would leave out on a table in public! Of course, never risk your personal safety protecting your laptop. As always, don't store anything on your personal computer that you can't live without and don't ever store protected personal information. Always report the theft of any LBNL equipment or information immediately to the Security and Emergency Operations Group.

Complete Computer Security Includes Both Cyber and Physical Safeguards

Editor's note: The following message was written by Steven Lau of NERSC's Networking and Computer Security Group.
Link to original here:

Physical security is an often-overlooked aspect of computer security. Although one would like to believe that their offices and work areas are secure areas free from theft and unauthorized use, the reality is that they are not.

Unattended electronic devices, such as computers, laptops, PDAs and cell phones can be easily stolen or used without your permission or realization. In numerous instances, incidents of theft and unauthorized use have occurred during working hours when an employee "walked away for a few minutes".

To deter unauthorized use of your systems while you are away, use screen savers with password locking enabled. Many systems are now configurable to automatically lock your screen after idling a few minutes. Additionally, locking your office door at night and when you leave for extended periods of time deters both theft and unauthorized use. Use lockdown cables whenever possible to add additional protection against theft.

The Lab voice mail system allows you to enable a security code that deters others from accessing your voice mail without your knowledge. To enable or change your security code, press 1-6 to select Mailbox options and then 2 for the Security Code option. Follow the instructions to enable or change your security code.

Always keep track of portable electronic devices such as PDAs, laptops and cell phones. These are "high profit/low risk" items for would-be thieves and are therefore attractive.

When traveling, pay particular attention to keeping track of your electronic devices when going through security screening. Airports have reported a significant increase in the theft of electronic devices at security checkpoints.

Some suggestions on deterring theft at security checkpoints:

  1. Place a sticker or some other distinguishing emblem on the cover of your laptop or other electronic devices to make it easily identifiable from a distance.
  2. Don't place your electronic devices onto the conveyor belt until you are just about to walk through the metal detector.
  3. If you are delayed for a secondary screening, maintain eye contact with your personal belongings and electronic devices.
  • No labels