Data center cybersecurity – don’t overlook the cyber vulnerable building control systems

March 22, 2021
Buildings and data centers use building control system devices and network protocols with minimal to no cyber security. Yet, given these significant cyber security limitations, the focus of data center cyber security has been on the software and data in the data center. Because of the lack of control system cyber forensics, data center shutdowns have not been identified as potentially being cyber-related. However, data center and building control systems have been compromised. Additionally, IT network hacks such as SolarWinds that may not be targeting building and data center systems can still compromise the physical integrity of data centers and building control systems. Because of the need to address data center control system cyber security, Bob Hunter and I have written a chapter for the 2021 Data Center Handbook on data center control system cyber security. https://www.wiley.com/en-us/Data+Center+Handbook%3A+Plan%2C+Design%2C+Build%2C+and+Operations+of+a+Smart+Data+Center%2C+2nd+Edition-p-9781119597506. The Handbook should be available after May 1, 2021.

According to many people, data is the new oil. Industries such as insurance, finance, retail, etc. depend on massive amounts of data from multiple data centers. However, what happens if you can’t get to your data because the data center infrastructure or servers have been damaged and are unusable?

Data is merely a series of ones and zeros that are created, transported, and stored in servers using mission critical control systems. As an example, control systems include power systems such as Uninterruptible Power Supplies (UPSs) and Power Distribution Units (PDUs) to provide the electricity that creates the data and the cooling systems used to store the data in servers at safe temperatures, and process sensors and controllers to measure and adjust temperatures to keep the data safe in the servers. The ability of adversaries to use cyber and/or physical attacks against these power and cooling systems, sensors, or controllers can alter or destroy those ones and zeros, rendering their value to nothing.

In the past few years, buildings and data centers have been using insecure building control system devices (https://www.controlglobal.com/blogs/unfettered/lack-of-iot-hvac-control-system-cyber-security-and-potential-real-world-impacts) and network protocols with minimal to no cyber security. Insecure protocols include Simple Network Management Protocol (SNMP), BACNet, serial Modbus, and Bluetooth. Yet, given these significant cyber security limitations, the focus of data center cyber security has been primarily on the software and data in the data center and secondarily building controller connections to the Internet not the cyber vulnerable control devices. Because of the lack of control system cyber forensics, data center shutdowns have not been identified as potentially being cyber-related. However, data center and building control systems have been compromised in cyber incidents as documented in  https://www.controlglobal.com/blogs/unfettered/data-centers-have-been-damaged-and-they-are-not-being-adequately-cyber-secured/. As is now known, Russian intelligence services compromised the UPS in the communication center in the 2015 cyberattack against the Ukrainian power grid. UPSs are used in all buildings and data centers. Additionally, IT network hacks such as SolarWinds may not be targeting building and data center systems as the primary attack vector but can still compromise the physical integrity of data centers and building control systems.

Because of the need to address data center control system cyber security, Bob Hunter of Alpha Guardians and I have written a chapter for the 2021 Data Center Handbook on data center control system cyber security. This is an important addition to the field of data center integrity as it focuses on what has been missing to date. Wiley has released the purchase page for the 2021 Data Center Handbook with availability expected after May 1, 2021 https://www.wiley.com/en-us/Data+Center+Handbook%3A+Plan%2C+Design%2C+Build%2C+and+Operations+of+a+Smart+Data+Center%2C+2nd+Edition-p-9781119597506.

Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...