Control System Cybersecurity & What It Means to Buildings
Cyber threats to buildings/data centers include data issues: compromise, exfiltration and denial-of-service. Control system cyber threats to data centers have focused on the Internet-connected building control systems. However, there are other control system cyber threats to data centers that have not been addressed and have actually caused data center damage.
Control system network vulnerabilities include the use of standardized cyber vulnerable communications protocols such as Modbus/TCP, BACnet and SNMP (Simple Network Management Protocol). These protocols have been demonstrated to be vulnerable to cyberattacks and, in the case of Modbus, there are no security features built into the protocol. Hardware vulnerabilities include the Aurora vulnerability and Uninterruptible Power Supplies (UPS).
Aurora vulnerabilities occur when electric substation breakers are opened and then reclosed out-of-phase with the grid. This will generate large torques and current spikes that will damage or destroy and Alternating Current (AC) equipment connected to those breakers. The Aurora demonstration proved there could be physical damage from an attack though the operators were blind because the attack was not see from the SCADA system. An actual Aurora event affected a data center when the data center experienced multiple Aurora events over a multi-day span. The events originated from the utility which was outside the facility’s control. The Aurora events damaged chiller motors with one of the motors out of operation for weeks. The controller logs showed no breaker operation though the mechanical counter showed breaker operation. (This is similar to what occurred with the March 2007 INL test.) Aurora vulnerabilities originate from outside the data center. Data centers have assumed that the electric utility substations feeding the data centers have addressed Aurora. However, this is generally not true. Building owners need to understand what their power companies are doing to mitigate the Aurora vulnerability.
UPS smooth the voltage from the backup generators, so the servers are only fed the design voltage, rather than the fluctuating voltages and frequency produced by a local generator as the load varies. It also supplies interim power when power is lost from “house loads” until backup generators/batteries kick in. UPS are remotely accessible yet are assumed to be secure and available. Compromising the UPS can directly lead to data center equipment damage. SNMP management cards are an integral part of most every company’s power management system. SNMP cards were developed about 25 years ago with the advent of SNMP version 1. The majority of all SNMP cards are still running version 1, which has no security, or version 2, which has minimal security. Even cards that support version 3 can be compromised by a competent hacker.
In the December 2015 Ukrainian cyber attack, the attackers discovered a network connected to a UPS and reconfigured it so when the attacker caused a power outage, it was followed by an event that would also impact the power in the energy company’s buildings or data centers/closets. The outage left nearly 250,000 people without power and caused enormous suffering to many residents within a wide area.
On May 2017, British Airways reported that their Boadicea House data center experienced a major power outage due to an electrical grid power surge. However, National Grid confirmed there were no problems with its transmission network. Scottish and Southern Electricity Networks, the local electricity distribution network operator, also recorded no problems on the local distribution side. Further, no other companies near the area of the British Airways data center reported any type of power anomaly.
Consequently, any change in power had to occur from within the data center. According to the head of Group IT at BA's owner International Airlines Group, a subsequent investigation found that a UPS was over-ridden resulting in a hard power shutdown. While the UPS is supposed to act as the first line of defense in an actual power event, it can also be used at the first line of attack in a cyber/physical attack. In this case, all UPS-supported power to servers and network equipment in the data center was shut down. This resulted in the total immediate loss of power to the facility, bypassing the backup generators and batteries. This meant that the controlled contingency migration to other facilities could not be applied.
After a few minutes of this shutdown of power, the UPS was just as mysteriously turned back on in an unplanned and uncontrolled fashion. The result was both the battery supply and the generator supply being connected in series to the power bus feeding the racks. That resulted in the data center’s servers being fed 480v instead of 240v, causing physical damage to the servers and significantly exacerbated the problem.
All network-connected power systems, not just UPS, can be cyber vulnerable. Other power systems that are cyber vulnerable because of their reliance on Modbus/TCP and SNMP communications include Power Distribution Units (PDU), Smart Breakers, Automatic Transfer Switches, generator systems and many others – all of which can used for buildings.
The common thread between Aurora and the UPS attacks are the systems designed to protect mission critical systems were co-opted to be used as attack vectors against the systems they were meant to protect. UPS and generator systems are very expensive pieces of power infrastructure that are used to protect critical system/facilities but they have weak links with their communications cards, which typically cost less than $1000.
In order to ensure that a UPS, generator or other critical power system cannot be hijacked and used as a weapon, it is critical to understand the cyber threats to this equipment and employ appropriate cyber protection to both monitor and protect these systems.
This Week’s Sponsor
The challenges created by the new lease accounting standards will not end with transition and adoption of the new rules. Your approach to accounting and financial reporting — and even the necessary capabilities of your technology — will never be the same again. Download Trimble’s whitepaper to find out what’s at the heart of making compliance a long-term success.
UPCOMING REALCOMM WEBINARS
The Cloud, IoT, Sensors and More – The NEXT EVOLUTION of Smart Connected Buildings - 4/4/2019
The concept of smart buildings has been around for decades. What’s different now are the multiple generations of technology we have seen throughout the years. At first ‘building automation’ was proprietary and single-source, next came ’connected’ buildings which introduced us to the internet. Today, next-level thinking includes an expanded use of the cloud, the inclusion of non-traditional smart edge devices found within the Internet of Things (IoT), sensors, as well as integration into ERP’s other single purpose solutions and multiple telecommunication platforms. While the benefits of a smart connected building are great, the path to success is elusive. This webinar will feature the industries’ most accomplished smart building experts.
Tom Shircliff is a co-founder and principal of Intelligent Buildings, a nationally recognized smart real estate professional services company that was started in 2004. Intelligent Buildings provides planning and implementation of next generation strategy for new buildings, existing portfolios and urban communities. Tom is a speaker and collaborator with numerous universities and national laboratories, a gubernatorial appointee for energy strategy and policy and founding Chairman of Envision Charlotte, a Clinton Global Initiative.
Paul Maximuk is Energy Manager for Ford Land Energy where he is currently is providing project and program technical guidance to implement global metering of electric, natural gas, steam, water and compressed air systems. He is an Energy Engineer with over 30 years of experience in the HVAC/BMS field. He is an SME specializing in building management and energy reduction. Paul has focused his efforts in large industrial facilities but also has equal expertise in Class A buildings. Additionally he is a problem solver finding the root cause of why mechanical systems do not operate at their peak efficiency.
Gordon Echlin is Vice President Marketing and Business Development for Triacta Power Solutions LP, where he has been a management team member since 2009. Prior to Triacta, Gordon was a partner for a boutique venture capital firm, Venture Coaches from 2006 to 2009, and started a telematics company, Netistix Technologies, in 2002.
As a Senior Strategist for Aruba, a Hewlett Packard Enterprise company, Chris Fine is focused on Aruba’s Smart Digital Workplace initiative. The Smart Digital Workplace combines Aruba’s industry-leading networking technology and a growing ecosystem of partners in technology, real estate, smart furniture, and other specialties, to drive the growth of new experiences for end users and managers in the next gen Smart Office.
Rick has more than ten years of experience in technology and intelligent building engineering. Prior to cohesionIB, Rick served as the Senior Practice Leader at Environmental Systems Design in the Intelligent Building group. He led the technical design of global intelligent building and smart city projects in cities around the globe. He is passionate about designing digital solutions for the built environment that improve the experiences people have and foster the culture around them.
Anne is a high-tech executive with broad experience, starting from software design, architecture, cybersecurity, to managing teams to release telecommunications and enterprise software, building and leading research labs, managing developer relations, and initiating and driving cultural changes. She worked for over 10 years at SAP successively as Director of Security and Trust Research, VP of Platform Research and VP of Developer Advocacy. More recently she co-founded and became the CEO of Workrize PBC.