The Cybersecurity Threats Posed by Overheating Data Centers
“Heating Up: Climate Change Presents Fresh Challenges for Data Centers, Introducing a Vulnerability Quickly Exploited by Attackers. Overheating Servers, a Result of Record Heat Waves, Pose a Critical Issue, Melting Down Data Centers from Los Angeles to London. The Current Global Heat Waves Exceed the Design Capacity of Many Data Center Cooling Systems, Resulting in Failures and the Overheating of Servers, Leading to Widespread Outages for Popular Websites and Applications.”
Adversaries aim to exploit and weaponize heat.
Businesses that prioritize lower energy expenses over maintaining an adequately cooled data center are exposing themselves to the risk of a breach or, at the very least, a catastrophic failure of their data center. Achieving a secure data center doesn’t come from cost-cutting measures. Instead, sustainability emerges as the route to avoid escalating energy expenses.Adversaries seek to exploit the vulnerability of heat and pilfer substantial amounts of data from data centers by targeting cooling systems. Whether it’s cybercriminal groups or sophisticated Advanced Persistent Threat (APT) teams, often backed by nation-states, an anticipation of increased data center attacks is on the horizon, with heat becoming the weapon of choice for attackers.Avoid exposing your data centers to cybersecurity risks by preventing overheating.
The costs associated with data centers are reaching unprecedented levels for numerous companies, with energy expenses surpassing all other budgetary categories. Enhancing cooling efficiency is crucial for maintaining the profitability of data centers, given that cooling constitutes around 40 percent of their total energy consumption. Although strides have been made in boosting energy efficiency and embracing sustainability, particularly in the realm of enhanced cooling methods, the reluctance to fully commit to sustainability measures introduces a heightened cyber risk.“Data centers are substantial energy consumers, with a hyper scaler’s data center consuming as much power as 80,000 households. The imperative for making data centers sustainable is significant, prompting some regulators and governments, such as Singapore and the Netherlands, to enforce sustainability standards for newly constructed data centers,” as stated by McKinsey.Despite substantial investments in sustainability, data centers continue to grapple with overheated servers, leading to failures and subsequent outages. While cost-effective cooling technologies, such as outside air cooling, offer economic advantages, there is a potential downside as they may introduce contaminants that could harm the data center infrastructure and hardware.To mitigate cooling expenses, some data centers opt to elevate server inlet temperatures, viewing it as a calculated risk where the anticipated cost savings justify the increased likelihood of causing server CPUs to fail. Recognizing that servers are the primary cause of outages, the potential savings from allowing higher temperatures come into question. Server-related outages account for 30% of all interruptions and outages in data centers. Failures induced by excessive heat result in unplanned outages, disrupting data center operations and causing websites, applications, and online storage to fail unexpectedly, incurring substantial losses in productivity, amounting to billions of dollars.Despite substantial investments in sustainability, data centers continue to grapple with overheated servers, leading to failures and subsequent outages. While cost-effective cooling technologies, such as outside air cooling, offer economic advantages, there is a potential downside as they may introduce contaminants that could harm the data center infrastructure and hardware.To mitigate cooling expenses, some data centers opt to elevate server inlet temperatures, viewing it as a calculated risk where the anticipated cost savings justify the increased likelihood of causing server CPUs to fail. Recognizing that servers are the primary cause of outages, the potential savings from allowing higher temperatures come into question. Server-related outages account for 30% of all interruptions and outages in data centers. Failures induced by excessive heat result in unplanned outages, disrupting data center operations and causing websites, applications, and online storage to fail unexpectedly, incurring substantial losses in productivity, amounting to billions of dollars.
Multiple experts in data center recovery, preferring anonymity, unveilied the prevalent issue of chronic overheating in data centers. These specialists noted that many data centers are stretching their limits to cut costs, struggling to keep server inlet temperatures below 80°F, the widely accepted standard for server cooling. The current trend leans towards prioritizing cost savings over mitigating cyber risks. A notable data center recovery specialist warned that if climate change continues to bring triple-digit heat waves and data centers neglect long-term, sustainable, and cost-effective cooling solutions, they may face a rude awakening.The outage at Twitter’s Sacramento data center in 2022 due to extreme heat acts as a cautionary tale about the potential impact of heat on data center performance. In an internal memo, Twitter’s Vice President of Engineering, Carrie Fernandez, characterized the incident as unprecedented, resulting in a complete shutdown of physical equipment. The heat-induced outage attracted the attention of cyber attackers refining their techniques to exploit vulnerabilities in HVAC, electricity, and redundant power systems.A lesson from 2021 underscores the risks associated with pushing server heat levels to the limit for cost-saving purposes. A data center operator in Singapore elevated temperatures to borderline unsafe levels to cut cooling costs, leading to server meltdowns and widespread failures that persisted for nearly a week, causing significant disruptions for thousands of customers.
Exploiting Heat: Cyber Attacks Targeting Data Centers
Attackers are honing their techniques and developing malware to target cooling systems, aiming to induce a data center meltdown either to fulfill ransomware demands or to make a political statement.In 2018, a cyberattack on an Atlanta, Georgia data center resulted in the shutdown of various city services, including the municipal court, police department, and Hartsfield Atlanta airport. Cybercriminals utilized a variant of SamSam ransomware to encrypt data on all available servers. Additionally, they infiltrated the data center’s cooling system, causing temperatures to exceed 100 degrees and damaging server CPUs and related silicon-based equipment. The attackers demanded a ransom of $51,000 in Bitcoin to unlock servers and relinquish control of the cooling system.A 2019 cyberattack on an Iranian data center disrupted its power supply and cooling systems, leading to rapid overheating of servers and supporting systems. The responsible party, an adversarial nation opposing Iran’s nuclear program, claimed responsibility for the attack, employing the Stuxnet malware designed to target and compromise industrial control systems. Iranian data center operators reported that the malware caused the centrifuges at the data center to spin out of control and malfunction.In July 2022, a Singaporean data center fell victim to an attack, disrupting online servers for several government agencies, banks, and media outlets. Exploiting a firewall vulnerability, the attackers caused server malfunctions resulting from overheating. An Indonesian hacking group claimed responsibility, citing retaliation against Singapore’s continued support for Myanmar’s military junta.Finding Equilibrium: Balancing Security and Sustainability
Data centers grapple with intricate challenges, juggling the need for expanding storage, minimizing latency, managing costs, and fortifying cybersecurity, all while facing environmental pressures. Operators are embracing inventive strategies for sustainability, incorporating renewable energy, water-efficient cooling, and waste heat recovery technologies. This exploration delves into the successful approaches implemented by data center owners and recovery experts
The following strategies are paying off the most from data center owners and recovery experts implementing these programs:Make it a routine to perform comprehensive thermal mapping to pinpoint areas of elevated temperature and enhance cooling efficiency.
Explore the potential of leveraging AI to enhance power efficiency, reinforced by environmentally friendly chillers and evaporative cooling
The future of data center cooling lies in having backup cooling systems alongside power sources designed to tolerate faults.The adoption of AI for optimizing inventories of data center assets is becoming increasingly popular.
Data centers are in a race to improve cybersecurity and sustainability.
As the data center sector endeavors to minimize its environmental impact, there is a need to harmonize sustainability objectives with cyber-resilience goals. While sustainable approaches like outside air cooling offer energy efficiency and cost savings, they can heighten security risks if not integrated into a comprehensive data center cybersecurity strategy. In the pursuit of enhancing data center sustainability, it is crucial for operations and the responsible companies to prioritize the security of cooling and infrastructure, refraining from compromising them for the sake of cost savings. The moment has come to prioritize sustainability without disregarding risk mitigation.
We deliver services and solutions by applying our Digital, Data, Technology and Cyber capabilities.
Categories
- Application
- Capabilities
- Cloud
- Credentials
- Cyber
- Data
- Delivery
- Design
- Development
- Digital
- Live (Operations)
- Services
- Solutions
- Strategy