Data centres are physical facilities that house the routers, switchers and servers that are essential for communication, operation of critical infrastructure, and storage of confidential information. They often interface with multiple other data centres as well as the cloud – itself a collection of data centres – and are complex and highly automated.
Yet the sophisticated features of data centres, such as power supply and cooling systems, as well as various smart, connected devices used for security and surveillance, environmental monitoring and control, can be exploited as vulnerabilities without proper protection from cyber threats. Cybersecurity breaches can have large-scale and far-reaching consequences well beyond the scope and scale of a facility itself, affecting a company’s bottom line, reputation and, in some cases, leading to legal action.
Cyber threats are ever-evolving – cyber criminals are becoming savvier about how to infiltrate and disrupt. Phishing, malware and Distributed Denial of Service attacks are more frequent than ever before. This leaves data centres – including the physical infrastructure like servers and storage – in a potentially vulnerable position.
A high-profile example of the vulnerability of physical infrastructure was the suicide bombing near an AT&T facility that took place in Nashville in late 2020. The explosion damaged surrounding structures and caused telephone and internet outages, including disruption to emergency and first responder communications infrastructure that, in some instances, impacted centres for over a week.
Additionally, because of the significant damage to the building, two water main breaks caused flooding to their onsite generators, leading to further outages, and complicating recovery efforts. The cascading nature of the disruptions highlights the importance of understanding system interdependencies in complex facilities such as data centres.