In September, the UK Government labeled data centers as Critical National Infrastructure (CNI). The first designation since 2015, UK data centers will now be given a direct line to the Government to prepare for and respond to threats in a similar way to the energy, water, transportation, health, and communication sectors.

The move showcases not only the critical role data centers play in modern society, but also the growing perception that IT infrastructure is operating in an increasingly dangerous landscape. Cyber threats are ever evolving, and cybercriminals are becoming savvier about how to infiltrate and disrupt.

Going forward, as attacks become more common and sophisticated, cybersecurity teams need to address threats across physical infrastructure, third-party suppliers, and personnel by using a range of advanced cybersecurity technologies, strong policy and governance procedures, and incorporating employee cyber training.

Cyberattacks targeting physical infrastructure

Cybersecurity considerations need to be expanded to include physical infrastructure which includes, for example, protecting against hackers exploiting weaknesses in heating, ventilation, and air-conditioning (HVAC), or uninterruptible power supply (UPS) systems. The increasing reliance on smart, connected devices in data centers means that virtually any solution has the potential to be hijacked to cause disruptions and outages.

Although rare, HVAC can be exploited with disastrous consequences. There have been examples in the industry of attackers gaining access and manipulating chiller temperatures which risks damage to IT equipment, uptime, and service reliability. Distributed Denial-of-Service (DDoS) attacks have even led to heating systems being lost altogether due to cybercriminals flooding HVAC network resources, overwhelming them to the point of failure.

HVACKer — as codenamed by its creators — is custom-built malware capable of interacting with a computer’s thermal sensors to read temperature variations and convert these fluctuations into binary code. The scenario shows how HVAC systems can be used as a means to bridge air-gapped, highly secure networks with the outside world, using temperature variations to covertly send instructions to malware already present on isolated systems.

Hackers are now also targeting Internet-connected UPS systems, often through unchanged default usernames and passwords. UPSs have been designed to compensate for primary power source failure in critical infrastructures, but Internet connectivity also makes them a target for hackers. CRIL researchers showed how malicious hackers gained access to the web consoles of UPS devices to control key settings, such as turning off/on, rebooting, and even deleting logs and traces from the console. To maintain a sense of reassurance, teams need to manage UPS environments effectively to prevent compromises.

Third-party vendors acting as a back door for cybercriminals

Malicious actors have also shown that they can take advantage of weaknesses in data center infrastructure which includes systems managed by third parties. By targeting third-party vendors who have privileged access to a network, hackers can exploit weaknesses in security to gain entry to sensitive parts of a data center’s infrastructure.

For this reason, it’s important that data center teams work closely with third-party vendors to ensure they are doing their best to protect their systems and networks, to avoid partners unwittingly acting as a back door for cybercriminals.

In a well-known 2013 cyberattack, hackers managed to breach a retailer's network by exploiting credentials stolen from a third-party vendor with remote access to their DC refrigeration units. The attack compromised the retailer’s point-of-sale systems through the HVAC infrastructure, leading to the theft of millions of customer credit and debit card records.

Putting security at the heart of data center operations

Cybersecurity is an ever-evolving industry, with new challenges and threats constantly emerging. In order to mitigate risks across data centers, protect data and valuable assets, and maintain customer trust, there are some key steps teams can follow:

  • Strengthen your network perimeter - By defining the perimeter of a network, data center teams can create a virtual stronghold that serves as the first line of defense against unauthorized access. Secure boundaries are fundamental to network security, and integrating advanced traffic management techniques along with intrusion prevention systems enhances the effectiveness of perimeter security strategies.
  • Ensure full visibility of assets in your environment - make use of network management and discovery tools that have been configured to search for network-connected devices. Also, try to maintain an asset and configuration management database that can support the identification and monitoring of potential vulnerabilities.
  • Keep software updated – implement a strict patch management strategy and plan to address vulnerabilities promptly and keep software and firmware up to date. Pay particular attention to legacy systems and ensure regular compliance and risk reporting are published as part of operational governance.
  • Regularly scan for insecure or open ports in your network layer - enforce strong password management and strict user policies supported by periodic penetration testing to proactively identify vulnerabilities. In addition, maintain an ongoing cycle of configuration and policy reviews to ensure compliance with best practice or regulatory requirements.

A strategy with people at the center

Central to any effective cybersecurity data center strategy is ensuring that every employee, regardless of their role, is aware of their part in maintaining a strong, secure, cyber environment, as this limits the chances of cybercriminals successfully exploiting human vulnerabilities through vectors such as phishing attacks.

Developing a robust, cybersecurity-aware workforce requires continual and regular employee training. Rather than simply being a tick-box exercise, this means that employees must receive regular refresher courses and up-to-date details on new threats to ensure that maintaining good cyber practice becomes a normal part of their daily processes.

National Critical Infrastructure

As UK data centers have been recognized as part of the nation’s critical infrastructure alongside the systems, facilities, and networks that are considered essential for the functioning of a country's economy and society, cybersecurity teams are likely to face an increasing number of threats and attacks. Consequently, technical safeguards need to be put in place to defend data centers against unauthorized access, manage networks, and keep software up to date.

At the center of any strategy there must also be a cyber-aware team, and cybersecurity leaders who remain one step ahead of new and emerging methods and tactics. By putting security at the heart of operations, UK data centers can continue to provide critical services, power the digital economy, and keep personal information safe.

Subscribe to The Management & Operations Channel for regular news round-ups, market reports, and more.
Create an Account to Subscribe Now

More in Cyber