Skip to main content

Data center security: the importance of protecting critical infrastructure

5 minutes read
written by:
Data center security, protecting critical infrastructure from cyber attacks.

Cyber-attacks can come from anywhere and lurk undetected for years - says Peter Dempsey, Axis Communications - so it is imperative that data centers arm themselves with resilient security hardware to avoid breaching ever-more stringent regulations.

For cyber criminals, data centers represent a lucrative and attractive prize, whether the aim of the attack is to steal data, disrupt critical systems, or deploy ransomware. A data center represents a huge number of systems, processes, and hardware devices, and a chink in the armor of any of these is all it takes. If it can be exploited, it will be – and there are many potential avenues of entry. 

Over 20,000 Data Center Infrastructure Management (DCIM) systems have been found- to be publicly exposed, and these could allow an attacker to disrupt a data center by altering temperature and humidity thresholds. Some Uninterruptible Power Supply (UPS) systems have also been found to be vulnerable, giving hackers access to data center power. And data centers are filled with Internet of Things (IoT) devices which could act as attack vectors. Data centers must be aware of their vulnerability and strive to protect every part of their infrastructure.

APT31 – Prepare for undercover attacks 

Many data centers could already have been silently compromised. Attackers are increasingly deploying sophisticated ‘living off the land’ (LOTL) attacks which make use of the core tools of computer systems rather than installing their own malicious files. This kind of infiltration is difficult to spot, and indeed can stay undetected for years until the bad actor is ready to strike1.  

These actors can be major entities. In many cases LOTL payloads originating from state-sponsored agents have been found lurking on critical networks. The UK National Cyber Security Centre  has now implicated the state-sponsored hacking group, APT31, of attempting to target a group of MPs. In a list of other targets, the APT31 cyber-threat extends to the UK economy, critical national infrastructure and supply chains2. 

This highlights the need for data center managers to take a proactive approach to security, one which does not simply lean on known cybersecurity principles but employs active monitoring and strict due diligence. And it is especially important in today’s regulatory environment.  

NIS2 - Detecting data anomalies in critical infrastructure 

The NIS 2 Directive (NIS2) and the Cyber Resilience Act reclassify data centers as critical infrastructure. They now fall into the same category as healthcare, energy, and transportation, and will meet the same level of scrutiny over their governance. Data center operators, whether under the jurisdiction of such legislation or not, have no choice but to tighten their defenses. 

The behavior of every piece of hardware, software, and firmware within a network must be regularly analyzed in order to spot even the most innocuous-seeming unusual activity. This detective work must also extend beyond the bounds of the data center, because NIS2 applies to the activities of collaborators as well as critical entities. This includes equipment vendors and, crucially, every step in their supply chain.

Finding supply chain vulnerabilities 

If an attacker cannot infiltrate a data center through direct means, it may attempt to inject a malicious payload on equipment which is yet to be deployed. IoT devices are fertile ground for criminals: they are network-attached by default and often not inspected with the same level of detail as more obvious attack vectors would be. As with LOTL payloads, malicious IoT devices may simply hide in plain sight because they allow attackers to piggyback on implicit trust.

Supply chain attacks are incredibly dangerous and growing, exceeding direct malware attacks by 40%3 in 2022. There is no longer any way to justify any implicit trust: vendors must demonstrate the security and purity of their supply chain in detail and take action to ensure that unauthorized modifications do not happen. Data centers, in turn, must reevaluate every vendor relationship to ensure they are not caught out.

Thankfully modern technology allows suppliers to demonstrate the legitimacy of their hardware quite cleanly. Trusted platform module hardware protects signed firmware, offering confidence in a device’s integrity along the chain. Secure boot prevents unauthorized firmware from running at all. And some devices can store cryptographic keys and certificates securely within, strengthening their security credentials while simplifying the process of managing one’s defenses.

Dealing with regulatory pressure 

Regulations such as NIS2 basically offer data centers no choice but to act now or face massive fines. Their terms make data center directors liable not only for internal breaches but for those caused by some third-party security lapses. Security must be reevaluated from top to bottom.

Strong physical security through cameras, thermal and radar detection, and access control is clearly vital, because an attacker on site could cause untold disruption. But logical security is just as vital to ensure attackers do not reach one’s site virtually. Every piece of hardware and software, whether within the scope of the regulations or not, should be catalogued, analyzed, prioritized, and documented on a regular basis.

Compliance needs to be substantiated with a clear record – and vendors must supply this too. No supplier of any value would wish to issue anything which is not on the level; working with vendors that care about their products is the path for data centers to create a smarter, safer world.

Learn more about Axis solutions for data centers.

Peter Dempsey

Peter Dempsey has spent 25+ years in the security sector undertaking various roles of being responsibility for key elements of mission critical projects across a number of different vertical markets. For the last, three year’s Peter has focused his attentions on how security technologies best support a business’s security strategy, whilst driving the adoption and elevating the importance of cybersecurity and emerging technologies for physical security practitioners in the Data Centers. Peter’s passion for the industry can be traced back to the huge success in Ireland with Hyper Scale and Multi-Tenant Data Centre (MTDC) deployments over the last number of years.

Peter Dempsey
To top