Issue link: https://cp.revolio.com/i/457819
28 | THE DATA CENTER JOURNAL www.datacenterjournal.com security has Been BreacheD Corporate information technology security systems oen focus on securing the IT perimeter from outside sources. However, with the recent popularization of ubiquitous network access for all types of equipment, not just limited to information technology equipment (e.g. HVAC con- trollers, air conditioning units, electrical gear, etc.), there is a tremendous amount of trust placed on equipment connected on the inside of a secured IT perimeter. e emerging category of equipment connected to the internet, oen referred to as the Internet of ings, or IoT, also contributes to the increase in cyber attack risk. In many of these cases, systems are inherently vulnerable to cyber security risks driven by programming designed for convenience and ease of establishing re- mote connectivity. Also, the level of scru- tiny placed in securing the IT perimeter against unwanted intrusion from outside sources is oen higher than that placed on intrusion from sources inside the secure perimeter. Many of the most violent cases of cyber security breaches can be traced to some type of internal breach, whether through utilization of stolen credentials or internal breach due to imbedded malware. In today's high tech environment, as more equipment is becoming net- work capable, it is not uncommon to see network access in electrical rooms and mechanical rooms. ese rooms frequently have lesser physical security provisions than the physical data center and oen are less monitored with real time security video surveillance. is situa- tion provides some real opportunities for physical security breaches (use of network ports within these less secure spaces to infiltrate the corporate firewall) from the inside. In addition to the capability of physical breaches, oen times monitor- ing equipment provides a weak link that becomes an easy target for cyber attackers because the monitoring gear can become an unintended bridge between secured and unsecured networks for a network intruder. architect the right soLution As with many complex problems, there is no one size fits all solution to the problem. Dedicated control networks and proprietary protocols may offer some level of protection against cyber security risks. However, it would be foolish to resort to solutions from the past to solve the current problem. e use of com- mon networks and open protocols arose for very specific reasons and need to be considered in today's complex solutions. Moreover, when developing the archi- tecture for today's advanced control and monitoring systems, it is important to be deliberate in the planning for protection against cyber attacks. Solutions range from proprietary only, open protocol only, hybrid, and hybrid plus the added protec- tion of a dedicated security appliance. No matter which route you choose, each system should be specifically architected with security in mind. Hybrid proprietary and open pro- tocol solutions is a one simple method to improve security that leverages the benefits of proprietary security and open protocol cost efficiency. However, it should be noted that most proprietary control networks are not specifically de- signed for conformance to any particular security goal. Rather, proprietary proto- cols are more oen purposed to facilitate a guarantee of compatibility (to the benefit of one particular manufacturer), speed and reliability of communication (in the case of equipment specifically listed for a particular application), and a variety of other primary goals. In the event of a breach, it may be difficult to place the full liability for security breach on the system vendor as security is not a primary responsibility of the system. To further aggravate the matter, the deployment of any solution whether proprietary, open protocol, or hybrid, oen results in a very gray assignment of responsibility for cyber security between facilities management and IT security. In some cases, deploy- ment is made impossible simply from the inability to have facilities management and IT security resolve this gray assignment or due to the inherent stringent protections required by IT security roles. Where the assignment of liability for the security of a system against cyber at- tack is important, one might also consider a growing list of products on the market designed specifically for the purpose of providing cyber security for networked HVAC and critical power infrastructure systems. More specifically, there are now security appliances and applications that have been specifically developed for the specific purpose of providing security for data center infrastructure control and monitoring communication. Broadly speaking, these security appliances may be referred to as a firewall; but, these HVAC and critical power specific appliances also have inherent capabilities beyond that of a traditional IT network firewalls. HVAC and critical power specific appliances are purposely engineered to facilitate building infrastructure network traffic. e use of such devices can dramatically reduce the coordination required to perform the same functions with traditional IT network firewall appliances. Moreover, these systems allows the responsibility for the security of building infrastructure networks to be clearly delineated between IT and facilities management, making deployment, management, and mainte- nance much easier if deployed in conjunc- tion with the HVAC and critical power infrastructure it supports. e cyber ecosystem, as it exists today, requires diligence in ensuring the security and the resiliency of the facilities that require uninterrupted operation. Low cost control and monitoring solutions have allowed facilities to achieve new heights in automation and facility protec- tion. Since these solutions are becom- ing increasingly necessary to support unintended facility downtime, designers, constructors, and managers of data centers must ensure that the critical infrastructure is protected against newly created cyber security vulnerabilities. n