As data centers grow in scale and complexity, so do the security challenges they face. Among the various security challenges data centers regularly address, the threats to Operational Technology (OT) and Industrial Control Systems (ICS) – otherwise known as the Data Center’s infrastructure – have emerged as a serious concern. Ransomware attacks on data centers can trigger extended shutdowns, potentially impacting the operational integrity of mechanical and electrical equipment in OT. Reports and surveys of data center operators show outages caused by cyber incidents are increasing year over year.
Written by Elisha Olivestone, Director Business Development & Channel Partnerships at Waterfall Security
In data centers, ICS play a crucial role in managing the Building Management Systems and Electrical Management Systems, which oversee cooling, power distribution, access control, and physical security. The convergence of OT and ICS with traditional internet- facing IT systems and cloud platforms introduces vulnerabilities that malicious actors can exploit. Additionally, any possibility of a breach via an internet-facing DCIM interface represents a very high risk for the data center as the DCIM has direct access and control over these critical OT systems.
The interconnected and digital nature of data center systems increases the risk of a cyber attack propagating from the internet connected Enterprise network and affecting multiple core components simultaneously. To mitigate these risks, data center operators must implement robust cybersecurity measures, such as fully segmenting OT networks from IT and regularly updating or patching the OT systems (albeit cautiously, after thorough testing).
However, managing cybersecurity for these infrastructures is different from managing cybersecurity for information systems. While problems with a new software version or security update can be “backed out” to preserve uptime, an impairment to high-voltage transformers or compromised cooling systems cannot be restored from backups and will create an immediate outage at any data center.
Engineering Grade Protection
All this forces the conclusion that the physical infrastructure of data centers is more of a network engineering domain than an information processing domain. While IT strategies generally rely on software-based solutions to deal with existing attacks, network engineering strategies use engineering-grade protections to prevent cyber attacks from entering data center OT networks in the first place.
The network engineering approach includes a number of engineering-grade tools for the prevention of cyber attacks from entering OT networks, but the most widely-applicable tool is Unidirectional Security Gateway technology. These gateways are deployed at consequential boundaries – connections between networks with physical consequences and networks with only business consequences. In data centers, the gateways are deployed most commonly at IT/OT interfaces and provide unbreachable protection of the infrastructure contained in the OT networks. Unlike purely software-reliant firewalls, hardware-enforced unidirectional gateways provide physical engineering-grade protection – OT data is copied to IT networks in real time and there is absolutely zero risk of a cyber attack (like ransomware) pivoting from Enterprise network through the gateways into OT networks. The gateways therefore ensure the data center’s uptime by protecting the essential infrastructure which maintains reliable operations.
Conclusion
Data centers are changing the world, and the world is changing around data centers. Being at the heart of modern technological infrastructure, data centers should naturally prioritize OT and ICS security to safeguard critical operations and sensitive data, and this is driving a push towards engineering-grade protections. By understanding the unique challenges and implementing proactive security measures, data center operators can ensure the highest levels of protection against evolving cyber threats. Only a secure OT network will allow data centers to maintain the uptime goals they strive to achieve. A deterministic approach that includes risk assessment, network segmentation, access controls, and employee awareness will fortify data centers against potential infrastructure breaches, enabling a safer digital future. The increased use of unidirectional gateway technology is a reflection of this approach as it sits at the junction of engineering and cybersecurity.
Visit our website to learn more info.