Industry News


25 May 2017

Breaking down data centre security

Ian Bitterlin, a UK Chartered Engineer with more than 25 years' experience in data centre power and cooling, suggests the easiest way to disable a data centre, with a little Hollywood glamour?


Data centre security comes in two main parts, physical and data. They can be related, much like the break in through the roof of a London data centre and the theft of several servers, although it turned out that the thieves were interested in the microprocessors rather than the data on the hard-drives. Data security applies to most businesses, but especially those storing personal and financial details, e.g. a credit card processing centre, and that security is achieved by data encryption, firewalls and anti-virus software etc, although recent history has regularly shown that it is far from infallible; witness the tens of thousands of ?stolen' credit card data sets reported every few months.

I have had my main card cancelled and replaced with a new number three times in the last 18 months, although I have no idea if the data breach is with the card, the network or the data centre. It appears that a data security system created by man can be broken by a teenager who doesn't like daylight? a modern form of Bletchley Park.

Physical security is far more obvious: metal fences topped with razor wire, CCTV around the perimeter, no vehicles allowed inside the fence other than delivery trucks through a ram-raid-proof vehicle trap, man-trap turnstile, security entrance with bullet-proof glass, no visitors without 48 hours notice and photo ID, biometrics, one-way air-lock with weight measurement, zoned access cards and internal CCTV ? the list can go on.

The one thing that no one can protect against is a direct lightning strike to the facility ? proven by Google

Then the subtleties, like a blast-wall between any adjacent road and the data centre building, or ensuring that the vehicle entrance is after a tight turn and not at the end of a street where a vehicle can gain sufficient momentum to break through the perimeter, or building a steel mesh into the walls to resist the ?man with an aggressive machine' (as was called Intrusion Level 5).

The physical security also extends to electrical protection including EMP (Electro Magnetic Pulse, not necessarily from a nuclear device but also from a vehicle-mounted, high-energy electromagnetic radiation source), even bonding that steel mesh in the walls to ground/earth to create a Faraday Cage or fitting ?Tempest' filters; at its simplest, fitting surge protection to limit damage to ICT hardware from grid-borne transients. The one thing that no one can protect against is a direct lightning strike to the facility ? proven by Google, but that is another story.

How to disable a data centre

So, what is the easiest way to ?disable' a data centre, if you can't create lightning strikes? It is rather easier than many people might think. I used the word ?disable' to differentiate between data theft in any form and putting the facility out of action. I was recently engaged to advise on just that scenario and the client had in mind the classic ideas of hacking into the BMS system, or directly into the UPS, generator and cooling system controllers, and turning things off remotely. That may be a nice idea for a Hollywood tech thriller but no one in their right mind would connect such systems to the outside world via the internet or phone line.

Remote alarming and reports (all one way) may be acceptable but control systems (for UPS, etc) that have been available for 25 years having the capability to turn-off the system remotely have never found willing users. However, the answer is simple and does not involve entering the facility either physically or via a communication link. It lies in the basic definition of a data centre. For example, when starting the EU CoC, EN50600 or ISO 30134, a disproportionate amount of time was spent trying to define what a data centre ?was'. All sorts of interested parties wanted to exclude server rooms or place a lower limit on cabinets or a minimum kW rating etc.

Disabling a dish isn't difficult as they are usually in plain sight and a large calibre assault rifle will make a fatal impact

However, if we look back to 2001 a typical internet data centre plan for 1,000 cabinets at 2kW per cabinet can, today, be out-computed by a single 2kW server ? such has been the power of Moore's Law and its simple derivative, Koomey's Law. No doubt 1,000 cabinets fulfilled any definition of a data centre so, today, most people agree that any facility that has three crucial elements is a data centre; those elements being compute, storage and I/O. Some folks also advocate that it should have a dedicated power supply, grounding system and cooling system but the latest low-energy designs (such as Google and Facebook) tend to show that, under certain circumstances, those additional items are nice to have rather than essential.

So, to disable a facility simply needs us to remove one element. Disabling compute or storage will require us to break in, either physically or via the connectivity but to remove the connectivity itself disables the facility totally until bulk communications can be restored.

Data transmission rates have made satellite dishes nearly useless for bulk data links and only a few (mainly military/security) facilities have them. Anyway, disabling a dish isn't difficult as they are usually in plain sight and a large calibre assault rifle will make a fatal impact in well under 10 seconds.

But you don't need a weapon to disable fibre connectivity (although a hand-grenade probably does a better job), since a few gallons of petrol in a fibre access pit will severely damage the fibre, but the delivery process is identical. Walking around the facility will identify the access pits and most are even labelled as such in their cast lids. Having a fibre map/plan is more certain and may well identify strategic fibre connection points that are further away and out of site of the primary CCTV. For example, up a main-road to a POP, motorway, canal or railway line.

Identify all the pits, coordinate each lid to be lifted at the same time (e.g. in the middle of the night when escape is not hampered by traffic) and empty one jerry-can of petrol into each pit, light the blue touch-paper and retire quickly. The facility may lose some data in transit but will be, to all intents and purposes, untouched but useless for several days if not a week or two.

I guess that locked/welded lids and pits fitted with detection and fire-suppression is a future market opportunity but may well infringe local regulations in many locations. But, what man builds, another man can tear down. I think I feel a screenplay coming along.

Source Credits:

View all Industry News

Latest News

2019 Sponsors

Diamond Sponsor

  • Huawei


VIP Lounge Sponsor

  • Anixter2


Official Project Delivery Partner

  • Turner and Towner

Live Data Centre Sponsors

  • Starline
  • Onion Technology
  • AVCIT Electronics
  • Fourway Engineering
  • TTK Leak Detection
  • Microtac

Live Data Centre Sponsors

  • Johnson Controls
  • Mt Titlis
  • Racks Central Pte Ltd
  • Schneider Electric
  • Viavi
  • Microtac
  • Mitsubishi


Platinum Sponsors

  • Eeaton Industries
  • ExtremeNetworks
  • Schneider Electric
  • Anixter

Gold Sponsors

  • Caterpillar
  • Kohler Power
  • MTU Onsite Energy

Gold Sponsors

  • Austin Hughes
  • Syntax


Silver Sponsors

  • Johnson Controls
  • On Engineer
  • Ebm-papst Southeast Asia
  • Centiel 4th Generation Modular UPS
  • Uptime Institute
  • Armstrong
  • Rotarex


Silver Sponsors

  • Sterling & Wilson
  • Sacred Sun
  • Sumitomo Electric Industries
  • Saft
  • Southwest Microwave
  • E+I Engineering
  • Linesight


Silver Sponsors

  • Suzhou A-Rack
  • Wartsila, Energy Solutions
  • INVT
  • Top Cable
  • Shenzhen iTeaQ Network Power Tech. Co. ,Ltd.
  • Camfil
  • IX Technology


Silver Sponsors

  • Datumstruct Pte Ltd
  • ERI
  • Fuji Electric
  • Vision Batteries
  • Reflex Winkelmann GMBH


Bronze Sponsors

  • Computer Room Solutions
  • EAE Elektrik
  • Calorex
  • Aggreko
  • Nohmi
  • Focus HQ PTY LTD


Bronze Sponsors

  • Eland Cables
  • Hangzhou Huasu Jada Technology
  • Carlo Gavazzi
  • SMARTr
  • FNT Software
  • KeyOptions


Bronze Sponsors

  • Brother
  • Datwyler
  • Scolmore Group
  • Leash It


Bronze Sponsors

  • Socomec
  • Fourway Engineering
  • Sunbird
  • GSM Pte Ltd
  • Shenzhen EverExceed Industrial Co., Ltd.
  • Office of Planetary Observations


Bronze Sponsors

  • TTK Leak Detection
  • Onion Technology
  • Permapipe
  • Vass Electrobar Busways
  • Shenzhen Ritar Power
  • Nvent
  • PI Exchange


Bronze Sponsors

  • ADC
  • Racks Central
  • Kaori
  • Rahi Systems
  • Sinway South
  • Hilti
  • Plattar


Bronze Sponsors

  • Open Computing
  • Keysight
  • Superloop
  • Shenzhen Haipengxin Electronics
  • smardt
  • Tradesk
  • Wiredhands


Bronze Sponsors

  • Starline
  • Taiwan Bussway
  • Unitest Instruments
  • ZPE Systems
  • Viavi
  • Genesis Networks
  • ITRS


2019 Partners

Knowledge Partner

  • Frost-&-Sullivan_blu-bkgd-print-jpg


News Distribution Partner

  • ACN Newswire

Global Event Partner

  • Data-Centre-Alliance-jpg


Associate Content Partner

  • Uptime Institute


Strategic SEO Partner

  • AdVantage


Strategic Event Partner

  • ISC2


Event Partners

  • AiSP
  • ARC Advisory
  • Asia Cloud Computing Association (ACCA)
  • Asosiasi Cloud Computing Indonesia
  • Fintech Association of Hong Kong
  • ISACA Singapore
  • GS1


Event Partners

  • Best Practice of eCommerce
  • BigDataX
  • CMO Council
  • Singapore Chamber of E-Commerce
  • La French Tech


Event Partners

  • Practical DevSecOps
  • Digital Advertising Association Thailand (DAAT)
  • DevOps Institute
  • Forrester
  • European Data Center Association
  • Smart Asia India


Event Partners

  • IASA
  • IPI Singapore
  • itSMF
  • Michael Page
  • IFMA Singapore
  • Plug And Play


Event Partners

  • KinerjaBisa
  • Logistics & Supply Chain Management Society
  • NexChange
  • SG Tech
  • Open Connectivity Foundation
  • ASME


Event Partners

  • Singapore Cyber Security Consortium (SGCSC)
  • General Assembly
  • Accelerating Asia
  • Structure Research
  • Co Creation Lab


Media Partners

  • APAC CIO Outlook
  • APAC CIO Outlook
  • Asia Blockchain Review
  • Asia Blockchain Review
  • Asia Research News
  • AI Time Journal


Media Partners

  • Australian Cybersecurity Magazine
  • Australian Security Magazine
  • BizClik Media
  • SearchCIO
  • Asia Content News


Media Partners

  • CryptoNewsZ
  • CIO Advisor APAC
  • Cross Border Magazine
  • CMO Asia


Media Partners

  • Data Storage  ASEAN
  • e27
  • Cyber Security ASEAN
  • Fintech Finance
  • Cybersec Asia


Media Partners

  • Gigabit
  • Jumpstart Media
  • My Security Media
  • Retail CIO Outlook
  • Digicon Asia


Media Partners

  • Supply Chain Brain
  • Supply Chain Digital
  • Techwire Asia
  • Techtarget
  • FutureCFO


Media Partners

  • FutureCIO
  • Frontier Enterprise – Jicara Media
  • Marketing Ops
  • Future IoT
  • Payment & Cards Network
  • Chief IT


Media Partners

  • Telecom Era
  • Wire 19
  • 计算机网络世界
  • Disruptive Tech Asean
  • GovTech SEA
  • Enterprise Security Magazine


Official Partner Hotel

  • MBS