Server and Telecom Rack Operational Security

Power and Environmental control systems are required for any rack-mounted server or telecom system in a HIPAA, PCI-DSS, FERPA or GLBA regulated site . The systems in a Server Room as well as the Telecom Equipment in the IDF/MDF rooms must have backup power from a UPS, Power Distribution from a rack PDU and must be kept at a temperature that allows those systems to operate properly. If any of your power or cooling systems is interrupted, even for a short time period, the servers or telecom equipment can go into thermal overload and shutdown without notice.

A recent General Accounting Office (GAO) study noted the high degree of vulnerability electrical power and HVAC systems. The study makes it clear that with the network connectivity of these power and cooling systems, there is a real vulnerabilities that could result in physical harm to your systems and even to your personnel. The GAO report noted the following:

“Federal Facilities contain building…control systems – computers that monitor and control building operations such as elevators, electrical power and heating, ventilation and air conditioning – that are increasingly being connected to other information systems and the Internet. The increased connectivity heightens their vulnerability to cyber attacks, which could compromise security measures, hamper agencies’ ability to carry out their missions or, may cause physical harm to the facilities or their occupants.”

These UPS, PDU and cooling systems must be locked down with a cyber firewall and must be continuously scanned for any signs of physical tampering or operational failure.  Only RackGuardian has the ability to provide a full firewall against hackers while continuously scanning for physical tampering or operational anomalies.  At the first sign of a statistically significant tampering or operational event, you will receive a notification via our secure iOS Mobile App.  In addition, because of the statistical nature of our operational analytics, you can be assured that you will never be flooded with nuisance alarms.  Only RackGuardian has the ability to provide full cyber, physical and operational security required by all major security standards.

Attack Options/Results from Locally or Remotely Controlled HVAC unit
DeviceAttack OptionsResult
HVACConceal errors, adjust temperature, power cycling Physical damage