Control System Cybersecurity & What It Means to Buildings
Cyber threats to buildings/data centers include data issues: compromise, exfiltration and denial-of-service. Control system cyber threats to data centers have focused on the Internet-connected building control systems. However, there are other control system cyber threats to data centers that have not been addressed and have actually caused data center damage.
Control system network vulnerabilities include the use of standardized cyber vulnerable communications protocols such as Modbus/TCP, BACnet and SNMP (Simple Network Management Protocol). These protocols have been demonstrated to be vulnerable to cyberattacks and, in the case of Modbus, there are no security features built into the protocol. Hardware vulnerabilities include the Aurora vulnerability and Uninterruptible Power Supplies (UPS).
Aurora vulnerabilities occur when electric substation breakers are opened and then reclosed out-of-phase with the grid. This will generate large torques and current spikes that will damage or destroy and Alternating Current (AC) equipment connected to those breakers. The Aurora demonstration proved there could be physical damage from an attack though the operators were blind because the attack was not see from the SCADA system. An actual Aurora event affected a data center when the data center experienced multiple Aurora events over a multi-day span. The events originated from the utility which was outside the facility’s control. The Aurora events damaged chiller motors with one of the motors out of operation for weeks. The controller logs showed no breaker operation though the mechanical counter showed breaker operation. (This is similar to what occurred with the March 2007 INL test.) Aurora vulnerabilities originate from outside the data center. Data centers have assumed that the electric utility substations feeding the data centers have addressed Aurora. However, this is generally not true. Building owners need to understand what their power companies are doing to mitigate the Aurora vulnerability.
UPS smooth the voltage from the backup generators, so the servers are only fed the design voltage, rather than the fluctuating voltages and frequency produced by a local generator as the load varies. It also supplies interim power when power is lost from “house loads” until backup generators/batteries kick in. UPS are remotely accessible yet are assumed to be secure and available. Compromising the UPS can directly lead to data center equipment damage. SNMP management cards are an integral part of most every company’s power management system. SNMP cards were developed about 25 years ago with the advent of SNMP version 1. The majority of all SNMP cards are still running version 1, which has no security, or version 2, which has minimal security. Even cards that support version 3 can be compromised by a competent hacker.
In the December 2015 Ukrainian cyber attack, the attackers discovered a network connected to a UPS and reconfigured it so when the attacker caused a power outage, it was followed by an event that would also impact the power in the energy company’s buildings or data centers/closets. The outage left nearly 250,000 people without power and caused enormous suffering to many residents within a wide area.
On May 2017, British Airways reported that their Boadicea House data center experienced a major power outage due to an electrical grid power surge. However, National Grid confirmed there were no problems with its transmission network. Scottish and Southern Electricity Networks, the local electricity distribution network operator, also recorded no problems on the local distribution side. Further, no other companies near the area of the British Airways data center reported any type of power anomaly.
Consequently, any change in power had to occur from within the data center. According to the head of Group IT at BA's owner International Airlines Group, a subsequent investigation found that a UPS was over-ridden resulting in a hard power shutdown. While the UPS is supposed to act as the first line of defense in an actual power event, it can also be used at the first line of attack in a cyber/physical attack. In this case, all UPS-supported power to servers and network equipment in the data center was shut down. This resulted in the total immediate loss of power to the facility, bypassing the backup generators and batteries. This meant that the controlled contingency migration to other facilities could not be applied.
After a few minutes of this shutdown of power, the UPS was just as mysteriously turned back on in an unplanned and uncontrolled fashion. The result was both the battery supply and the generator supply being connected in series to the power bus feeding the racks. That resulted in the data center’s servers being fed 480v instead of 240v, causing physical damage to the servers and significantly exacerbated the problem.
All network-connected power systems, not just UPS, can be cyber vulnerable. Other power systems that are cyber vulnerable because of their reliance on Modbus/TCP and SNMP communications include Power Distribution Units (PDU), Smart Breakers, Automatic Transfer Switches, generator systems and many others – all of which can used for buildings.
The common thread between Aurora and the UPS attacks are the systems designed to protect mission critical systems were co-opted to be used as attack vectors against the systems they were meant to protect. UPS and generator systems are very expensive pieces of power infrastructure that are used to protect critical system/facilities but they have weak links with their communications cards, which typically cost less than $1000.
In order to ensure that a UPS, generator or other critical power system cannot be hijacked and used as a weapon, it is critical to understand the cyber threats to this equipment and employ appropriate cyber protection to both monitor and protect these systems.
This Week’s Sponsor
The challenges created by the new lease accounting standards will not end with transition and adoption of the new rules. Your approach to accounting and financial reporting — and even the necessary capabilities of your technology — will never be the same again. Download Trimble’s whitepaper to find out what’s at the heart of making compliance a long-term success.
UPCOMING REALCOMM WEBINARS
A Path to Net Zero – Driving ENERGY EFFICIENCY in Smart Buildings - 7/18/2019
One of the first trends to emerge in the modern smart building movement was energy conservation and efficiency. Approximately eight years ago, the industry realized that connecting energy related equipment to a network and applying advanced analytics and complex integration strategies could result in a significant reduction in energy and natural resource consumption and a resultant decrease in energy related expenses. In recent years, operational efficiency and occupant experience have been added to the smart building discussion, sometimes overshadowing energy efficiency. This webinar will focus on the very important goal of including energy efficiency in the comprehensive smart building strategy.
Tom Shircliff is a co-founder and principal of Intelligent Buildings, a nationally recognized smart real estate professional services company that was started in 2004. Intelligent Buildings provides planning and implementation of next generation strategy for new buildings, existing portfolios and urban communities. Tom is a speaker and collaborator with numerous universities and national laboratories, a gubernatorial appointee for energy strategy and policy and founding Chairman of Envision Charlotte, a Clinton Global Initiative.
Sarah currently serves as a Senior Advisor for the U.S. Department Building Technology Office where she leads commercial zero energy efforts, district-scale solutions, and a pSarah currently serves as a Senior Advisor for the U.S. Department Building Technology Office where she leads commercial zero energy efforts, district-scale solutions, and a portfolio of data infrastructure projects. In previous roles at DOE, Sarah led local government clean energy innovation programs. Sarah has over 15 years of experience in sustainability and energy work. Before DOE, Sarah worked for Baltimore City where she helped establish their Office of Sustainability.
Ryan Knudson, is the AVP for Operations and Energy Management at Macerich. He is responsible for the development, execution and operations for all Capital Expense Energy and Smart Building projects as well as national program vendor management. He oversees the daily operations of Macerich’s portfolio with a focus on same center NOI growth.
Akshai Rao, a vice president at Yardi, is responsible for the development of procurement and energy management solutions to ensure high-performing buildings. Prior to Yardi, Akshai spent five years at Bain & Company where he focused on technology and telecom.