Weekly Briefing

article sponsor image

Control System Cybersecurity & What It Means to Buildings

4 min read
listen to article Listen to this article

Cyber threats to buildings/data centers include data issues: compromise, exfiltration and denial-of-service. Control system cyber threats to data centers have focused on the Internet-connected building control systems. However, there are other control system cyber threats to data centers that have not been addressed and have actually caused data center damage.

Control system network vulnerabilities include the use of standardized cyber vulnerable communications protocols such as Modbus/TCP, BACnet and SNMP (Simple Network Management Protocol). These protocols have been demonstrated to be vulnerable to cyberattacks and, in the case of Modbus, there are no security features built into the protocol. Hardware vulnerabilities include the Aurora vulnerability and Uninterruptible Power Supplies (UPS).

Aurora vulnerabilities occur when electric substation breakers are opened and then reclosed out-of-phase with the grid. This will generate large torques and current spikes that will damage or destroy and Alternating Current (AC) equipment connected to those breakers. The Aurora demonstration proved there could be physical damage from an attack though the operators were blind because the attack was not see from the SCADA system. An actual Aurora event affected a data center when the data center experienced multiple Aurora events over a multi-day span. The events originated from the utility which was outside the facility’s control. The Aurora events damaged chiller motors with one of the motors out of operation for weeks. The controller logs showed no breaker operation though the mechanical counter showed breaker operation. (This is similar to what occurred with the March 2007 INL test.) Aurora vulnerabilities originate from outside the data center. Data centers have assumed that the electric utility substations feeding the data centers have addressed Aurora. However, this is generally not true. Building owners need to understand what their power companies are doing to mitigate the Aurora vulnerability.

UPS smooth the voltage from the backup generators, so the servers are only fed the design voltage, rather than the fluctuating voltages and frequency produced by a local generator as the load varies. It also supplies interim power when power is lost from “house loads” until backup generators/batteries kick in. UPS are remotely accessible yet are assumed to be secure and available. Compromising the UPS can directly lead to data center equipment damage. SNMP management cards are an integral part of most every company’s power management system. SNMP cards were developed about 25 years ago with the advent of SNMP version 1. The majority of all SNMP cards are still running version 1, which has no security, or version 2, which has minimal security. Even cards that support version 3 can be compromised by a competent hacker.

In the December 2015 Ukrainian cyber attack, the attackers discovered a network connected to a UPS and reconfigured it so when the attacker caused a power outage, it was followed by an event that would also impact the power in the energy company’s buildings or data centers/closets. The outage left nearly 250,000 people without power and caused enormous suffering to many residents within a wide area.

On May 2017, British Airways reported that their Boadicea House data center experienced a major power outage due to an electrical grid power surge. However, National Grid confirmed there were no problems with its transmission network. Scottish and Southern Electricity Networks, the local electricity distribution network operator, also recorded no problems on the local distribution side. Further, no other companies near the area of the British Airways data center reported any type of power anomaly.

Consequently, any change in power had to occur from within the data center. According to the head of Group IT at BA's owner International Airlines Group, a subsequent investigation found that a UPS was over-ridden resulting in a hard power shutdown. While the UPS is supposed to act as the first line of defense in an actual power event, it can also be used at the first line of attack in a cyber/physical attack. In this case, all UPS-supported power to servers and network equipment in the data center was shut down. This resulted in the total immediate loss of power to the facility, bypassing the backup generators and batteries. This meant that the controlled contingency migration to other facilities could not be applied.

After a few minutes of this shutdown of power, the UPS was just as mysteriously turned back on in an unplanned and uncontrolled fashion. The result was both the battery supply and the generator supply being connected in series to the power bus feeding the racks. That resulted in the data center’s servers being fed 480v instead of 240v, causing physical damage to the servers and significantly exacerbated the problem.

All network-connected power systems, not just UPS, can be cyber vulnerable. Other power systems that are cyber vulnerable because of their reliance on Modbus/TCP and SNMP communications include Power Distribution Units (PDU), Smart Breakers, Automatic Transfer Switches, generator systems and many others – all of which can used for buildings.

The common thread between Aurora and the UPS attacks are the systems designed to protect mission critical systems were co-opted to be used as attack vectors against the systems they were meant to protect. UPS and generator systems are very expensive pieces of power infrastructure that are used to protect critical system/facilities but they have weak links with their communications cards, which typically cost less than $1000.

In order to ensure that a UPS, generator or other critical power system cannot be hijacked and used as a weapon, it is critical to understand the cyber threats to this equipment and employ appropriate cyber protection to both monitor and protect these systems.

Joe Weiss, Managing Partner, Applied Control Solutions
Joseph Weiss is an expert on control system cyber security. He authored Protecting Industrial Control Systems from Electronic Threats. He is an ISA Fellow and Managing Director of ISA Control System Cyber Security (ISA99). He was featured in Richard Clarke and RP Eddy’s book, Warning – Finding Cassandras to Stop Catastrophes. He started the ICS Cyber Security Conference in 2002. He has two patents on instrumentation and control systems and is a registered professional engineer.

This Week’s Sponsor

The challenges created by the new lease accounting standards will not end with transition and adoption of the new rules. Your approach to accounting and financial reporting — and even the necessary capabilities of your technology — will never be the same again. Download Trimble’s whitepaper to find out what’s at the heart of making compliance a long-term success.