Power systems which happen to be the most critical infrastructure of a data center are sadly the most overlooked architecture by Cybersecurity teams. The reason, most of the IT heads think that protecting the powers systems through backups and restricting physical access to them is enough to protect them from failures and blackouts.
However, they fail to make a note that the Cybersecurity controls on their power systems are vulnerable to cyber attacks which can make or break a data center business.
But security experts say that most of the power equipment in the data centers running across the world can be remotely controlled and configured.
“So, a malicious cyber actor or a military agency of a nation can easily take control of the device and interrupt the power to a data center or a specific server on a network- eventually leading to a business disruption”, said Bob Pruett, Security Field Solutions executive, SHI International. Bob added that some of these data center systems which are prone to cyber attacks fall into the category of the Internet of Things(IoT).
And a recent survey made by Darktrace- a San Francisco based Cybersecurity vendor says that attacks against IoT devices have increased by 100% in 2018.
Another survey made by SANS Institute says that only 40% of companies go for the security patches to their systems every year to protect their IoT devices and rest all either neglect or are still ignorant of troubles of being outdated.
Remember, the high-profile attacks have been against power grids maintained nationally, like the 2015 and 2016 attacks against the Ukraine Power Plant.
In the past, there are instances of IoT devices being hijacked to power botnets, which later are used for malevolent purposes.
Technically speaking, most of the attacks can be controlled by Cybersecurity teams. But with industrial control systems that are not possible in practice. And as these systems serve as entry points into a network of a data center, extra care is needed to protect them.
Here, if proper care is taken while purchasing new devices, then the security issue can be managed with due diligence. However, with old systems, the only thing we can do is to keep the systems well patched and that too on time.
In most cases, the budget also plays a vital role in securing the data center equipment from cyber attacks. Therefore, in most cases, the staff of the server farms is left with no option, other than to manage the resources they have.
It’s a tough call from here….isn’t it?