DC infrastructures at risk?

Is your DC infrastructure protected ?

A bit of historical background

In today’s world more and more devices are ‘connected’. M2M communication (Machine to Machine) was introduced in the late nineties which later went on to become IoT (Internet of Things). GE introduced the term ‘Industrial Internet’ and described it as the way that big data analytics combined with the Internet of Things can produce extended opportunities for industries. (Quoted from Techradar.com, April 2015 see below):

In its ‘Industrial Internet Insights Report’ for 2015 the company (GE red.) said it expects the concept to assist firms in aviation, oil and gas, transportation, power generation and distribution, manufacturing, healthcare, and mining. GE even has a formula for the industrial internet. It starts at the bottom with big data, to which you add the IoT (equipment, products, factories, supply chains etc), then throw in the technological expertise surrounding analytics, and finish it off with the context of the industries where equipment or the patients are at the heart of the business. That there is the industrial internet.

Meanwhile we introduced the term OT (Operational Technology) to discriminate the apparatus for controlling and managing infrastructural facilities from all other ‘things’ in the IoT spectrum. Today we also use ‘Industry 4.0’ to limit OT to those situations where it is used in production and manufacturing.
Whatever their name, these new techniques enabled us to manage and maintain our hardware much better than before. However, it also increased the number of Internet connections and therefor the vulnerability of the system as a whole.

New security challenges

From a security standpoint, this brought along a couple of new challenges: all these devices needed to be secured. Standard security software was not prepared to cover these non-IT devices. For facility management, it became a real challenge to keep track of all the ‘connected things’. Software was the only option to manage the enormous amount of data that was added to the security scope.
The risks of these ‘things’ is even greater than than data or software as this ia not about information security anymore. These things are able to control infrastructures like buildings, bridges, airports etc. Hacking these controls will have immediate effect on our daily lives and personal security.

What about data centres ?

Data centres are the epicentres of IT and OT convergence. There are no other places where so much IT is concentrated in a single location. At the same time the data centre operation is NOT about IT, it is about maintaining operational conditions. For that they use lots of infrastructural machinery that have a single purpose: keep the IT systems running at all times for the best possible price. These devices require monitoring and controlling to make sure that 24/7 operation is guaranteed. Also to ensure that a minimum amount of energy is wasted as this is the main cost driving factor of all data centres. Many sensors and actors are in place to monitor energy consumption, environmental conditions, inventory etc. For that purpose most data centres have systems in place (DCIM) that manage and control all these devices and the processes surrounding them. As you may have read in our previous blog item, Perf-iT’s DCIM tool uses ICONICS® to assure maximum security of it’s DCIM system. But that is just part of the story.

Securing your OT

When it comes to securing your Operation Technology you need a tool that goes beyond the tasks of a DCIM. It finds and locates all connected devices on your network. It  recognises them and asses security status for each of them. It also maintains a library of the latest known threats and report on each security related event. Normal security software is not able to identify non IT-gear like PDUs, PLCs, chillers and vents. You need a specialised tool for this.
Perf-iT has team-up with specialist in the field to offer you a service that assesses your OT layer and protects it 24/7. It is a tool that can be set-up instantly and produces comprehensible information for both security experts and site managers. Call or mail us for more information or a demo.

Links to resources:
M2MIoTIndustry 4.0(Wikipedia)
ICONICS Pentagon Case Study

Follow us, or subscribe to our newsletter ( 3 to 4 x per year)