Inside Microsoft's security war room

After years of having to scramble when a worm hit, Microsoft in 2005 built adjoining situation rooms to coordinate its response when an outbreak hits. Here's a look inside.

REDMOND, Wash.--Tired of having to fight for a free conference room, Microsoft's security chief, Mike Nash, decided in early 2005 that the company needed a dedicated "war room" where his team could handle emergency responses.

And while he was at it, why not have two? That way, the folks working on fixing a security crisis could have a little breathing room from those drafting the public and customer communications around the issue.

War room

"They were tired of the communications people hearing of things that were half-baked," Nash said.

The Microsoft Security Response Center (MSRC) was completed in June 2005. The engineering conference room includes four flat-panel screens that can display live TV or a computer screen as well as a couple dozen chairs, though the place is often standing-room-only in a real crisis.

The war room is just one of a number of changes Microsoft has made over the years, usually the result of a lesson learned the hard way through some work or other outbreak. In part one of a three-part series starting Monday, I take a look back at those painful lessons and how they have shaped Microsoft's current practices. On Tuesday, I'll look at the role of the human element in trying to keep software secure. And on Wednesday, I'll look at some of the people Microsoft counts on to keep its products safe. Each day there will be a blog too, going into more depth on one issue raised by that day's story.

While most of the room's accoutrements are practical--food, a world map, and clocks showing the time around the world, there is also a photo of actor Harvey Keitel. That's courtesy of Christopher Budd, who used to work as part of the security response effort.

"Back in 2001, I joked about how working to protect customers in the MSRC was a lot like being Harvey Keitel's character, "The Wolf," in Pulp Fiction," said Budd, who now works on Microsoft's privacy team. "Just like his character, I said, you're doing a hard job, and doing it right means you have to remain calm in a crisis and help others stay calm. When you do that, you help everyone stay focused on solving the problem."

To me, "The Wolf" seems like an odd choice for a company that is looking to be more transparent. Wasn't his role in the movie to help clean up after a murder so that the rest of the world would not know what had transpired?

About the author

    During her years at CNET News, Ina Fried has changed beats several times, changed genders once, and covered both of the Pirates of Silicon Valley. These days, most of her attention is focused on Microsoft. E-mail Ina.

     

    Join the discussion

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    HOT ON CNET

    Want affordable gadgets for your student?

    Everyday finds that will make students' lives easier: chargers, cables, headphones, and even a bona fide gadget or two!