Industry News

Sample

25 May 2017

Breaking down data centre security

Ian Bitterlin, a UK Chartered Engineer with more than 25 years' experience in data centre power and cooling, suggests the easiest way to disable a data centre, with a little Hollywood glamour?

 

Data centre security comes in two main parts, physical and data. They can be related, much like the break in through the roof of a London data centre and the theft of several servers, although it turned out that the thieves were interested in the microprocessors rather than the data on the hard-drives. Data security applies to most businesses, but especially those storing personal and financial details, e.g. a credit card processing centre, and that security is achieved by data encryption, firewalls and anti-virus software etc, although recent history has regularly shown that it is far from infallible; witness the tens of thousands of ?stolen' credit card data sets reported every few months.

I have had my main card cancelled and replaced with a new number three times in the last 18 months, although I have no idea if the data breach is with the card, the network or the data centre. It appears that a data security system created by man can be broken by a teenager who doesn't like daylight? a modern form of Bletchley Park.

Physical security is far more obvious: metal fences topped with razor wire, CCTV around the perimeter, no vehicles allowed inside the fence other than delivery trucks through a ram-raid-proof vehicle trap, man-trap turnstile, security entrance with bullet-proof glass, no visitors without 48 hours notice and photo ID, biometrics, one-way air-lock with weight measurement, zoned access cards and internal CCTV ? the list can go on.

The one thing that no one can protect against is a direct lightning strike to the facility ? proven by Google

Then the subtleties, like a blast-wall between any adjacent road and the data centre building, or ensuring that the vehicle entrance is after a tight turn and not at the end of a street where a vehicle can gain sufficient momentum to break through the perimeter, or building a steel mesh into the walls to resist the ?man with an aggressive machine' (as was called Intrusion Level 5).

The physical security also extends to electrical protection including EMP (Electro Magnetic Pulse, not necessarily from a nuclear device but also from a vehicle-mounted, high-energy electromagnetic radiation source), even bonding that steel mesh in the walls to ground/earth to create a Faraday Cage or fitting ?Tempest' filters; at its simplest, fitting surge protection to limit damage to ICT hardware from grid-borne transients. The one thing that no one can protect against is a direct lightning strike to the facility ? proven by Google, but that is another story.

How to disable a data centre

So, what is the easiest way to ?disable' a data centre, if you can't create lightning strikes? It is rather easier than many people might think. I used the word ?disable' to differentiate between data theft in any form and putting the facility out of action. I was recently engaged to advise on just that scenario and the client had in mind the classic ideas of hacking into the BMS system, or directly into the UPS, generator and cooling system controllers, and turning things off remotely. That may be a nice idea for a Hollywood tech thriller but no one in their right mind would connect such systems to the outside world via the internet or phone line.

Remote alarming and reports (all one way) may be acceptable but control systems (for UPS, etc) that have been available for 25 years having the capability to turn-off the system remotely have never found willing users. However, the answer is simple and does not involve entering the facility either physically or via a communication link. It lies in the basic definition of a data centre. For example, when starting the EU CoC, EN50600 or ISO 30134, a disproportionate amount of time was spent trying to define what a data centre ?was'. All sorts of interested parties wanted to exclude server rooms or place a lower limit on cabinets or a minimum kW rating etc.

Disabling a dish isn't difficult as they are usually in plain sight and a large calibre assault rifle will make a fatal impact

However, if we look back to 2001 a typical internet data centre plan for 1,000 cabinets at 2kW per cabinet can, today, be out-computed by a single 2kW server ? such has been the power of Moore's Law and its simple derivative, Koomey's Law. No doubt 1,000 cabinets fulfilled any definition of a data centre so, today, most people agree that any facility that has three crucial elements is a data centre; those elements being compute, storage and I/O. Some folks also advocate that it should have a dedicated power supply, grounding system and cooling system but the latest low-energy designs (such as Google and Facebook) tend to show that, under certain circumstances, those additional items are nice to have rather than essential.

So, to disable a facility simply needs us to remove one element. Disabling compute or storage will require us to break in, either physically or via the connectivity but to remove the connectivity itself disables the facility totally until bulk communications can be restored.

Data transmission rates have made satellite dishes nearly useless for bulk data links and only a few (mainly military/security) facilities have them. Anyway, disabling a dish isn't difficult as they are usually in plain sight and a large calibre assault rifle will make a fatal impact in well under 10 seconds.

But you don't need a weapon to disable fibre connectivity (although a hand-grenade probably does a better job), since a few gallons of petrol in a fibre access pit will severely damage the fibre, but the delivery process is identical. Walking around the facility will identify the access pits and most are even labelled as such in their cast lids. Having a fibre map/plan is more certain and may well identify strategic fibre connection points that are further away and out of site of the primary CCTV. For example, up a main-road to a POP, motorway, canal or railway line.

Identify all the pits, coordinate each lid to be lifted at the same time (e.g. in the middle of the night when escape is not hampered by traffic) and empty one jerry-can of petrol into each pit, light the blue touch-paper and retire quickly. The facility may lose some data in transit but will be, to all intents and purposes, untouched but useless for several days if not a week or two.

I guess that locked/welded lids and pits fitted with detection and fire-suppression is a future market opportunity but may well infringe local regulations in many locations. But, what man builds, another man can tear down. I think I feel a screenplay coming along.

Source Credits: https://thestack.com/data-centre/2017/04/28/breaking-down-data-centre-security

View all Industry News
Loading

Sponsors

Platinum Sponsor

Platinum Sponsor

Platinum Sponsor

Platinum Sponsor

Platinum Sponsor

Official Project Delivery Partner

Gold Sponsors

Gold Sponsors

Gold Sponsors

Silver Sponsors

Silver Sponsors

 

Silver Sponsors

 

Silver Sponsors


 

Bronze Sponsors



 

Bronze Sponsors




 

Bronze Sponsors





 

Bronze Sponsors


 

Global Sponsors


 

VIP Lounge Sponsor


 

Keynote Theatre Sponsor


 

Live Data Centre Of The Future Sponsors


 

Live Data Centre Of The Future Sponsors


 

Live Data Centre Of The Future Sponsors



 

Live Data Centre Of The Future Sponsors


 

Live Data Centre Of The Future Sponsors


 

Partners

Knowledge Partners

 

Offical Real Estate Partner

Official TV Partner


 

Official Video Partner


 

Official News Release Distribution Partner

 

Global Event Partner


 

Event Partner



 

Event Partner




 

Event Partner





 

Event Partner






 

Event Partners







 

Media Partners








 

Media Partners









 

Media Partners










 

Media Partners











 

Media Partners












 

Media Partners













 

Media Partners














 

Media Partners














 

Media Partners















 

Testimonials

  • The show has been absolutely amazing. The footfall we had on our stand was great – we were busy, rushed off our feet all day! We’ve got ten staff on stand and no-one stood still all day. It’s been a mixture of customers we know, new customers coming in from the data centre industry and the other industries that are here as well. So, it’s been a smashing event!
    Marketing Manager, NTT
  • We’ve seen lots of people, the right people. There’s been great footfall of industry relevant visitors - as expected, and we had lots of interest at our stand. I’ve had positive feedback from our sales team, they’ve had really good conversations, which is fantastic! We’re happy to be part of DCW and we’ve already signed up for next year.
    Sales and Marketing Manager, Stulz
  • At Data Centre World you will find all the important DC players and more importantly, all the delegates have the right job titles. It is a great place to network, so far we have had great conversations with existing and new customers. We’ve had great feedback from our sales team!
    Marketing Manager, Vertiv
  • The event was excellent and always busy, we did not have any quiet moments over the two days and took away some excellent leads and opportunities. The Data Centre World event in Singapore is definitely the most important event for us in APAC. We have already booked to come back in 2019!
    Head of Sales APAC, Stulz
  • This has been a good event as there was brand awareness generated. It's a good platform for showcasing data centre solutions and so far we've achieve some of our goals. We've also met some of the leads we've been looking for such as design engineers, staff from the Purchasing Departments, CEOs etc. We will definitely be back next year!
    Manager - Strategic Sales, Elcom
  • We supply equipment for data centre projects, and are here to get more connections and leads. We've received good support from the organisers of Data Centre World, and will come back next year as well.
    Business Development Manager, ZOE INTERNATIONAL