Power Equipment: A New Cybersecurity Frontier
Power systems, HVAC systems, and other network-connected devices are exposing new vulnerabilities that must be secured.
Power management may not be at the top of anyone’s priority list when they think about cybersecurity. But to quote the famous words of Bob Dylan: “The times, they are a-changin’.” As Internet of Things (IoT)-enabled devices have evolved and many business functions have shifted to remote operations, vulnerabilities are emerging in places that may have once seemed like something out of Hollywood fiction.
As digital transformation continues to advance amid the COVID-19 pandemic and beyond, businesses must evaluate their security model to ensure they’re prepared for the next normal. Power equipment must be part of the equation in an end-to-end cybersecurity strategy.
Hackers Make Surprising Moves
While IoT has been the catalyst for many positive developments, there are challenges with these expanding interconnections. For power management, the ability to connect backup equipment like an uninterruptible power supply (UPS) can prove helpful in enabling IT teams to monitor and maintain essential infrastructure more efficiently. However, like any other network-connected devices, they become assets that need to be secured from potential cyber breaches.
Though UPS doesn’t traditionally come to mind when envisioning ways cybercriminals infiltrate a network, the same could also be said for other inconspicuous devices like HVAC units. Yet, that’s exactly what hackers pursued when they were able to gain access to Target’s system and steal data on over 40 million credit and debit cards.
And consider how hackers were able to penetrate the network of a North American casino utilizing an Internet-connected thermometer inside an aquarium. Finding the vulnerability in a fish tank, of all places, allowed hackers to access the casino’s database and ultimately steal private customer data. And, while the premise may sound like something from an Ocean’s Eleven movie sequel, it’s not the first time an unsecure thermostat has caused a frenzy.
These are just a few examples of how hackers are exploiting new network entry points, but all it takes is a Google search for the morbidly curious to find plenty of other surprising examples. Each example underscores the need to have an end-to-end strategy to defend today’s digital infrastructure.
Safeguarding Power Management Systems
The growing urgency surrounding cybersecurity is pushing power management manufacturers to introduce new protections in their connected devices. Here are a few steps IT and cybersecurity leaders can take to better secure their power equipment today.
- Look for certifications: Global standards organizations are expanding their processes for certifying products as secure, and these efforts extend to power backup devices. There are UPS network management cards available with UL 2900-1 and ISA/IEC 62443 certifications that have built-in cybersecurity capabilities and features. Buying products with these types of certifications can give IT teams more peace of mind that their products have strong encryption, certificate authority (CA) and public key infrastructure (PKI) signed certificates, and configurable password policies.
- Keep current on firmware updates: The ability to make timely firmware updates is essential to protect against emerging threats. This was made clear recently when Ripple20 vulnerabilities, which put countless Internet-connected devices at risk, were discovered. To secure power equipment against these types of new threats, IT teams can deploy power management software and work with their technology provider to ensure systems reman up to date with the latest patches. Power management software also offers capabilities for graceful shutdown in the case of a prolonged outage, which will help IT teams save their work in progress and prevent data loss.
- Digital and physical security: As recent threats to Amazon’s data center infrastructure illustrate, organizations should also take physical security into consideration as part of their defense strategy. Putting smart security locks on IT racks can help keep power management devices and other equipment safe and secure, allowing only authorized personnel to have access to these components.
Ultimately, enterprises and their IT teams should aim to build a holistic strategy for protecting power equipment, similar to how they approach other Internet-connected systems. There’s a balance in buying inherently secure products and taking ongoing measures to ensure equipment remains updated with the latest policies, procedures, and risk assessments.
A Journey, Not a Destination
As IoT advances and spreads into new areas of operation, enterprises will reap benefits by collecting more data and uncovering new insights that add value to their business. However, with progress comes the need to continue keeping a very close eye on the network. While new vulnerabilities and threats are bound to emerge, IT teams can do their best to stay one step ahead by monitoring the cybersecurity landscape and committing to an evolving, end-to-end strategy for protection.
Hervé Tardy is Vice President and General Manager of Eaton’s Distributed Power Infrastructure business unit. In this role, Hervé manages the Americas product roadmap for power solutions, software, and connectivity products to reinforce Eaton’s technology … View Full Bio