In the late 1970s, the first local area network was put in place at Chase Manhattan Bank, connecting over 200 computers and supporting data rates of 2.5Mbps. But most data centers operated as fairly disparate facilities for which securing the physical perimeter, and adding an ‘air gap’ where public network connections were kept separate from secure network and facility connections, was enough to protect them from virtual and real intrusions. But what was sensible then is now alarmingly insufficient.
Extensive connectivity to cloud based servers, external devices and meshed networks, and reliance on digital mirrors and other virtual tools for real-time management mean that traditional methods for perimeter and data security is no longer enough to protect data centers intrusions.
Today's data center challenges extend beyond protections against hacks or other intrusions to include preserving energy availability and use.
Now, a robust cybersecurity approach must also include tools for protecting against energy failures and blackouts to assure the quality of the electrical infrastructure and continuity of services.
What a difference a decade makes
Electrification infrastructure and industrial controls are an integral and continuous part of the entire data center system lifecycle. Yet many of the data center facilities that support today's immense consumer and business demands for data services were originally built to meet performance, reliability, safety and flexibility requirements- and not securing multiple communication connections.
While the challenge is simply put, the solution is complex. It is quite a feat to secure a communication network from attacks originating from other communication networks, as the exposure could be nearly infinite. Protections must anticipate unforeseen disasters and prepare the proper backup mechanisms to enable recovery, if necessary. Virtual environments are especially challenging and require intensive, mission-critical monitoring solutions.
Ensuring network, server, data, and perimeter security for electric infrastructure and controls is what data center customers need now and will continue to need in the future. There are three broad elements to delivering it:
First, the benefits of physical distance
ABB experience with network zoning - which is separating the building blocks of the operation into sections that can be managed or shut down independently of one another - is that a hardened system is critical.
Reference architecture is used to segregate secure from insecure networks with firewalls and demilitarized zones (DMZs) and, for data center automation systems, the internal networks assign varying security levels to different devices. This approach informs network connectivity within a level by ensuring that it's governed by the host firewalls (software firewall residing on individual computers) and that data can only pass to another level via a (hardware) firewall.
Second, the importance of perimeters & people
Perimeter security includes safe-guarding the electrical infrastructure and controls by means of mechanical and/or electronic systems in addition to safe-guarding the physical perimeter, so that virtual intrusions and disruptions are as apparent as actions in the real world. Because security management within a facility is inexorably linked to individuals and their actions, assigning different authorizations to employees with different roles is a key mechanism for protecting both physical and virtual infrastructures.
Also, it's important to embed proper measures for data security of electric infrastructure and controls with industrial and proprietary protocols - think reinforced locks. This can be achieved with authentication or integrity checks and can include support of cryptography mechanisms, so the locks stay effective over time.
Third, the utility of a three-stage management model
ABB utilizes a three-stage model for cyber security management and ongoing resilience of data center environments.
The first stage is to establish a basic level of technical and organizational security controls which, if appropriately implemented and maintained, will thwart the majority of generic threats. The second stage is to continuously manage and maintain these controls and add more sophisticated, specialized, or simply upgraded and improved controls, as needed. The third stage is the collaborative operation of cybersecurity controls with managed security services via a tool like ABB's Collaborative Operations Center.
More broadly and for customers, ABB’s Ability™ Data Center Automation solution provides customers the means to engineer, commission, monitor, control and operate automation strategies for their systems, by delivering Engineering Control and Monitoring Systems (ECMS) that include Energy Management System (EMS), Building Management System (BMS) and Power Management System (PMS). The ECMS captures all information/data for the purpose of recording, controlling and reporting.
At ABB we're constantly researching and innovating new solutions that encompass both cybersecurity and energy resilience. For instance, our experts are exploring a tamper-proof solution - a trusted platform module - that stores one of the most tested and reliable encryption keys (Rivest-Shamir-Adelman, or "RSA").
Protecting the electrical infrastructure and assuring the continuity of service is key to data center operation. ABB delivers innovative solutions that meet customers' most vexatious challenges today while collaborating with our customers and partners on the right answers to tomorrow's questions.
