Data center construction is booming, driven by cloud migration and the surge in AI workloads that demand massive compute power, storage space, network bandwidth — not to mention precise environmental control to ensure uninterrupted uptime.
Given their business criticality, data centers have become high-value targets for sophisticated cyberattacks. But cybersecurity priorities focus on protecting the cloud environments where AI workloads are running and the rows and rows of always-on servers, often tenant-owned but under the data center’s watch. Meanwhile, the building management, physical security and OT systems that control power and cooling to keep data centers humming remain a blind spot.
Data center owners and operators face three primary challenges related to this blind spot:
- Little insight into their vast, unprotected OT/IoT attack surface and how to protect it
- Dependence on a stable energy supply, subject to separate cybersecurity regulations for utilities
- Designation as critical infrastructure, which imposes strict cyber-physical security requirements
Here’s how to address the challenges inherent in data center security so you can reduce cyber risk, maintain operational resilience and fulfill uptime guarantees.
Cybersecurity Across Converged OT, IoT and IT Systems
Large data centers leverage hundreds of cyber-physical systems to monitor and manage everything from heating ventilation to cooling systems to the uninterrupted power supply systems. Add to this CCTVs, badge access, fire suppression and other IoT systems found throughout the data center campus. These systems are more connected than ever to both IT networks and the internet, often unknowingly and with default credentials unchanged. Many of them are managed and maintained remotely by third-party vendors with round-the-clock access. Others may not be maintained at all.
“Cybersecurity requires visibility across the system of systems. The power plant, backup power, cooling and physical access systems each have potential for misuse that could affect data center and grid stability.” — World Economic Forum
When not managed as part of holistic data center cyber risk, this complex “system of systems” can easily be exploited by threat actors intent on triggering cascading failures. For example, a compromise in the cooling system could overload circuits, requiring a shutdown.
Top Cyber-Physical Risks for Data Centers
As geopolitical crises morph into chronic tensions, cyberattacks on critical infrastructure meant to disrupt services and undermine public trust have become the norm.
Increasingly connected, remotely serviced and internet exposed, OT and IoT assets and networks provide access points and attack paths for threat actors that bypass IT controls, potentially causing disruption or widespread outages.
Internet-exposed DCIMs at the Core of Operations
The data center infrastructure management system (DCIM) integrates IT and facility management systems to monitor power, cooling, server racks and environmental sensors. Because it sits in a gray zone, it’s often overlooked – and often exposed to the internet.
Cooling Systems that Maintain Precise Conditions
Whether related to a cyberattack or malfunction, a cooling system outage would lead to a rapid temperature increase, allowing just 15 or 20 minutes to shut down servers before they’re damaged beyond repair.
Exploitable OT/IoT Devices
Assets like CCTV cameras and temperature sensors use stripped-down OSs and minimal encryption or authentication, enabling hackers to bypass perimeter controls to gain initial access and pivot to critical systems.
Remote Maintenance by Third-party Vendors
Dozens of vendors have remote access to OT and IoT systems throughout the data center. On any given day, there’s a steady stream of technicians logging into the network for maintenance, with scant security.
Securing the Substation that Powers AI
Data centers need a continuous and stable supply of energy to operate, namely because AI workloads are extremely energy intensive. To meet this insatiable demand, larger data centers need a dedicated power grid that they can control, especially regarding redundancy, uptime and cost. Even smaller data centers typically have backup generators.
Hyperscale data centers almost always have their own purpose-built substation. A single hyperscale campus can demand city-scale power. Colocation facilities may also build and operate their own substations. In both scenarios, data center operators must satisfy additional cyber regulations for utilities such as NERC CIP in North America, which requires ongoing, defensible proof of compliance.
Cybersecurity Regulatory Compliance for Critical Infrastructure
Data centers are now formally classified or regulated as critical infrastructure/critical national infrastructure (CNI) across most major economies. Cybersecurity oversight and regulations are common everywhere that data centers are common.
A Holistic Approach to Data Center Cybersecurity
For data center owners and operators, the implications are clear: cybersecurity strategies that focus solely on IT and the cloud are insufficient. Many of the most critical risks lie in the cyber-physical systems that keep data centers running, not the servers they house. You need a unified approach that provides visibility and control across converged IT, OT and IoT environments.
The Nozomi platform helps data centers comply with regulations and meet SLAs by providing a complete, accurate inventory of OT and IoT assets, risk-based vulnerability management, continuous threat and anomaly detection, and AI-powered SOC assistance to keeps analysts focused on what matters most.
To learn how we can help you secure the infrastructure that powers AI, contact us today.
