The UK government's designation of data centers as Critical National Infrastructure (CNI) underscores their vital role in national operations and economic stability. This recognition comes with increased scrutiny and highlights the need for robust cybersecurity, especially in the face of escalating global threats.
While significant investment is pouring into the UK data center sector, a critical question remains: how much of this addresses the often-overlooked cybersecurity risks associated with Operational Technology (OT) and Internet of Things (IoT) devices?
Regional Sales Director at Nozomi Networks for the UK and Ireland.
The Achilles' Heel: OT/IoT Security
Data center operators have traditionally prioritized IT security, safeguarding valuable data from cyber threats by focusing on data center connectivity and server infrastructure. However, critical OT systems responsible for building automation, cooling, power, safety, and physical security often lack the same level of protection and are often not accounted for at all.
These systems, crucial for maintaining the physical functionality of data centers, become interesting targets for attackers if left unsecured, often being used as initial points of access and presence in Data Centre networks. This risk is underscored by the fact that many of these systems are more connected to data center networks and even the internet than security teams realize, while often lacking basic cyber security hygiene like operating system updates, secure credentials, and network monitoring.
Similarly, IoT devices like IP cameras, digital displays, fire suppression systems, and biometric access controls, while enhancing safety and physical security, introduce a complicated additional attack vector for security team to account for. Like OT systems, these devices often use stripped down, embedded operating systems that lack critical cyber security functions making them a relatively easy target for compromise.
Real-World Vulnerabilities
There are now numerous known public examples of OT/IoT vulnerabilities being exploited in data centers and similar environments, and likely many more compromises that are not disclosed or even remain undetected. IP cameras have been hijacked for botnet attacks, launching large-scale DDoS attacks. Building management systems have been compromised for unauthorized activities like crypto mining, impacting system stability and risking failure with dangerous levels of resource utilization.
Even when not targeted for direct impact, OT and IoT devices are often ‘soft’ targets threat actors can use for sustained presence in even otherwise secure networks that have invested heavily in IT cyber security. These incidents highlight the very real dangers of neglecting OT/IoT security. Ignoring these vulnerabilities is like leaving the keys to your data center under the welcome mat.
Bridging the Gap: A Focus on OT/IoT Visibility and Security
Effectively securing OT/IoT environments requires a different approach than traditional IT security. It starts with gaining complete visibility into these often-forgotten systems. Data center operators need to know what devices are connected, how they communicate, and what vulnerabilities they introduce.
This requires specialized tools designed for OT/IoT environments, capable of identifying and profiling industrial control systems, building and IT automation devices, and other connected assets. This likely also requires monitoring wireless communications as well, as many IoT devices are connected via site WiFi networks or IoT connectivity solutions like LoRa or cellular.
Once visibility is established, continuous monitoring and threat detection are crucial. Real-time asset management allows operators to track every connected device, identifying unauthorized or anomalous behavior before it escalates into a major incident.
This includes monitoring network traffic for suspicious activity and implementing anomaly detection systems tailored to OT and IoT protocols. Something as simple as identifying an IoT device like a camera attempting to communicate with the data center server infrastructure could be indicative of a compromised device.
Collaboration and Best Practices: A shared responsibility
While the responsibility for securing data centers ultimately rests with the operators, collaboration between the government and the private sector is still essential. Government initiatives like the NCSC's Active Cyber Defence (ACD) program provide valuable resources for threat identification and response. And, industry collaboration and threat intelligence sharing, as advocated by the World Economic Forum, are crucial for staying ahead of sophisticated attackers.
Data center operators must prioritize OT/IoT security by:
- Asset discovery and inventory: Identify and document every connected OT and IoT device within the data center environment.
- Vulnerability assessment: Assess the security posture of OT/IoT devices and systems, identifying potential weaknesses.
- Network segmentation: Implement micro-segmentation to isolate critical OT systems and limit the impact of potential breaches.
- Continuous monitoring: Deploy real-time monitoring and anomaly detection systems to identify suspicious activity.
- Incident response planning: Develop and test incident response plans specifically for OT/IoT security incidents.
The Time to Act is Now: Don't Wait for a Breach to Wake You Up
As data centers become increasingly complex and interconnected, a holistic approach to cybersecurity, encompassing all of IT, OT, and IoT, is no longer optional – it's a necessity. Don't wait for a breach to expose the vulnerabilities in your OT/IoT infrastructure.
By taking simple, proactive steps, data center operators can significantly reduce their cyber risk and ensure the resilience of these critical facilities. Protecting your data is crucial, but protecting the systems that support your data is equally important. Ensuring that cyber security investment goes beyond IT and accounts for OT and IoT environments is critical to secure the foundation of your data center operations.
We've listed the best software asset management (SAM) tools .
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.