DARPA is working on new chip design. Promises high efficiency, powerful compute and…low accuracy?

Photo credit DARPA

The Defense Advanced Research Projects Agency (DARPA) is the US Department of Defense (DoD) agency responsible for the development of new technologies for use by the military. 

The scientists at DARPA routinely launch projects so audacious and ambitious that their project list looks like something conjured up by science fiction writers and Hollywood directors rather than legitimate scientists.  Thought controlled bionic arms? Check.  (See project Proto2).  Iron man style powered exoskeleton?  You bet.  (See project XOS)  Battlefield telepathy? Yep. (See project Silent Talk)  Throw in a half dozen autonomous robots and an assortment of super-soldier tactical gear and you start to get a picture of a group that lives on the bleeding edge of science and engineering. 

Given the radical technology innovations these guys are dreaming up it’s no surprise that they’re getting frustrated with the slow pace of computer chip efficiency improvements.  When your projects include surveillance systems that can “track everything that moves” in an entire city (CTS), you obviously need computers with serious processing power.  But, just as importantly, these DARPA projects also require computers that make efficient use of electricity. 

Per chip processing power has continued to double every 18 months (roughly in accordance with Moore’s Law.)  However, chip energy efficiency has reached a near dead end.  In other words, power scaling has all but ceased.  As a result, battery powered devices can’t keep up with the energy demands of the computer chips.      

To address the chip efficiency issue DARPA is throwing away the digital rule book and designing a new generation of ANALOG computer chips.  Instead of using the energy intensive, Boolean logic strategy of driving voltage into transistors to change their state from zero to one, Darpa is examining low power “probabilistic” computing possible using analog computing.

Daniel Hammerstein, DARPA program manager for project UPSIDE, expects intelligence, surveillance and reconnaissance (ISR) systems utilizing the new technology to be faster and “orders of magnitude more power-efficient.”

How does it work?  According to the DARPA press release; “UPSIDE envisions arrays of physics-based devices (nanoscale oscillators may be one example) performing the processing. These arrays would self-organize and adapt to inputs, meaning that they will not need to be programmed as digital processors are. Unlike traditional digital processors that operate by executing specific instructions to compute, it is envisioned that the UPSIDE arrays will rely on a higher level computational element based on probabilistic inference embedded within a digital system.”  (A super fast, super efficient, self organizing, self programming nano-computer?  What could possibly go wrong?)  

Probability computing abandons the its-either-one-or-zero straightforwardness of digital computing.  As a result, it sacrifices some accuracy.  For imaging and surveillance applications, the inexact nature of analog, probability processing may be sufficient. 

Ben Vigoda, the general manager of the Analog Devices Lyric Labs group seems to think that the technology may be applicable to the problem of energy consumption by data centers and server farms.  In an article for Wired, Vigoda stated, “We’re using a few percent of the U.S.’s electricity bill on server farms and we can only do very basic machine-learning,” says Vigoda. “We’re just doing really, really simple stuff because we don’t have the compute power to do it. One of the ways to fix this is to design chips that do machine-learning.”

Maybe.  But a large portion of those server farms using all that electricity are financial sector facilities.  I don’t see them (for example) rushing out to cut their power bills by introducing errors into their data. 

For the foreseeable future, information systems still require three core characteristics; Confidentiality, Integrity and Availability (CIA).  I don’t see many takers for computing strategies that sacrifice one of these core principles for better energy efficiency.

Advertisements

Progressive Insurance looking for data center engineer

Progressive is looking for an experienced engineer to help manage a 24X7 Data Center environment, while repairing and maintaining electrical, mechanical, and plumbing systems or equipment.

If you’re interested in being considered, please go to http://progressive.jobsync.com to learn more about the job and complete your confidential, five-minute candidate profile.

For more information please contact:
Wilhelm Ong
JobSync
wilhelm.ong@jobsync.com

4 ½ Data Center Industry Predictions for 2012

2011 is finally gone and 2012 is off to a roaring start.  Here in the blogosphere the bloggers and pundits are busily making predictions about what the New Year has in store for the data center industry.  I’m as guilty as the next guy when it comes to the urge to prognosticate. And, I have a few predictions that I’m not seeing anywhere else.  In no particular order, here we go…

1.         Another Bad Year for Natural Disasters

2011 was a terrible year for natural disasters.  No region of the US was spared this year as wildfires torched the west, floods ravaged the mid-west, tornadoes devastated the south and blizzards paralyzed the North.  According to the NOAA, the US set a new record with 12 weather/climate related disasters that caused greater than $1B in damage.  Total damage from these 12 events approached $52 billion and resulted in the tragic loss of 646 lives. The previous record for billion-dollar weather/climate disasters in one year was 9, set in 2008.

Unfortunately, I’m predicting that 2012 will be just as bad.  Here are a few of my reasons:

  • The graph above indicates (to my untrained eye) a general upward trend.  Call it climate change, global warming, the Mayan end of days or the wrath of vengeful creator.  I care not.  The undeniable fact is; the planet is getting a bit pissy these days. 
  • 15 named storms are predicted to form in the Atlantic during the 2012 hurricane season (Colorado State University).  If 2011 hurricanes Lee and Irene are indicative of 2010 storms, we could be in a wet and windy hurt locker in 2012.
  • NCEP Climate Forecast System (CFS) models predict La Nina to redevelop during the fall of 2012.  This weather pattern has historically resulted in severe Pacific weather patterns and droughts in the central part of the US.
  • Solar scientists are predicting that the sun will reach a period of maximum sun spot and solar flare activity in 2012 solar maximum.  This could lead to geomagnetic storms and power failures.

Climate and weather disasters are clearly bad news for our economy, the general population and for data centers that haven’t spent enough on their electrical and mechanical resiliency.  The utilities that we all depend will be less reliable and fuel costs could soar. 

However, well prepared colocation providers and data center constructors should see steady work as companies with funded DR plans and critical infrastructure seek shelter from the storms.  Which, in turn, should help lead to…    

2.         Another big year for data center construction

2011 was a good year for the data center design and build industry.  Some of the “pent up demand” that we all talked about in 2010 finally let loose.  Data centers started popping all over the place.  Wholesale data center providers such as Digital Realty and Dupont-Fabros ramped up production and colocation providers expanded their capacity as quickly as possible.  Despite the boom in data center construction, demand outstripped supply in most markets throughout 2011.  (As I pointed out here.)

I’m predicting 2012 will be even better.  (Hopefully, wildly better!)  Cloud and virtualization technologies will continue to mature and make the “server closet” a concept of the past. Startups and SMBs will continue to turn to the waiting arms of cloud/colocation providers rather than spend their limited time and resources managing and building their own stacks of silicon.

In the consumer marketplace, data hogging services such as voice recognition, digital publishing, social media photo sharing, online gaming and music from the cloud will continue to be in high demand.  This demand in particular will result in many more of the “industrial size” data centers we saw built by Internet titans like Amazon, Google and facebook in 2011.

Data center construction will be good here in the States.  However, our growth will be dwarfed by activity emerging markets.  As Christian Belady points out in this graph, the global data center market will grow vastly faster than the US and European markets.  Look for activity in China to skyrocket.

 

3.         Increase in cyber attacks on critical infrastructure

Cyber attacks on infrastructure of national significance will be a major concern.  The Stuxnet worm demonstrated that a hacker could cause catastrophic physical damage to critical infrastructure from the comfort of his desk and with complete anonymity.  Unfortunately, the technology that enabled Stuxnet has started to proliferate and new malware has already been found that exploits similar vulnerabilities. 

Cyber criminals and other bad actors have started turning their attention toward the possibilities for mischief in the rich and untapped fields of Industrial Control Systems (ICS).  Cyber weapons have that exploit weaknesses in the ICSs that manage vital systems such our power grids, water supplies and chemical plants will proliferate and increase in potency.

Fortunately, I predict that the US power grid will remain safe.  Our water supply needs work but will probably remain secure as well.  However, facilities that utilize ICS-SCADA technology and are not currently implementing security measures may have a serious problem.  If you don’t think that data centers fall into that category, please see my article on the subject.  (Even better, come hear my presentation on the subject at AFCOM Data Center World in March 2012.  Vegas Baby!)    

4.         Data center efficiency efforts will shift from facilities it IT

In the last 10 years, the concepts of energy efficiency and sustainable design have gone from completely inconsequential to completely consuming in the minds of data center professionals.  You can’t pick up a trade magazine or swing a cat in a data center conference without hearing some pitch about green data centers. 

When smart people focus on an issue, smart ideas are generated. When the data center industry started focusing on energy efficiency, astounding and innovative ideas became reality.  As a result, average data center PUE went from near 2.8 in 2000 to near 1.4 in 2011.

A few deeply committed (and deeply funded) data center companies have started hitting average PUEs around 1.14.  I predict that these amazing efficiencies are close to the end of the path for data center electrical and mechanical energy efficiency.  It may be possible to shave a few more hundredths off but the cost of getting there makes it a losing proposition from a business standpoint.    Google senior director of data center construction Joe Kava calls it the asymptotic range, the “point where it (PUE) is flattening out” meaning the gains are becoming smaller and smaller.

In order to continue to drive additional efficiency into data center operations, data center energy efficiency programs will shift focus from facilities to the IT side of the data center.  End users will demand more efficiency from server and chip manufactures. We will see:

  • Server utilization will become a larger topic. 
  • Data center analytics will enable the identification of underutilized and “Zombie servers”
  • New data center efficiency metrics will be launched that measure the effectiveness of a data center’s server utilization
  • New server architectures based on energy sipping ATOM and ARM chip technology will gain market share
  • Promising advances will be made in the area of Near Threshold Computing (NTC)

4½          Cuba emerges as the Technology hub of the Caribbean, Central and South American markets.

This is my bold, and thoroughly baseless, prediction for 2012.  It’s so bold and baseless that I’m only counting it as half a prediction.  (ala Jeffery Gitomer

This year will see the end of the Castro regime in Cuba.  Capitalism and technology will move in swiftly as soon as Fidel exits stage left.  I expect Equinix and QTS construction in Havana before the end of the year.  Demand for managed/cloud services from the new Cuban casinos, resorts and business will be the spark that will eventually transform Havana into the Silicon Valley of the Caribbean, Central and South American markets. 

There you have it; 4 ½ predictions for 2012.  (I wish I could have come up with a nice round number like 10 or even 5.)  Overall, I am confident that we will continue to see fantastic growth in the data center industry.  I also expect that growth to be fueled by innovative and unexpected feats of engineering and technology.  Now get out there do smart stuff! 

Happy New Year and may you all prosper and find adventure in the days to come!

Santa “Un-friends” Coal

Naughty children all over the world are breathing a sigh of relief at the news that Santa Claus has decided not to place lumps of coal in their stockings on Christmas Eve.

The long standing tradition of coal in naughty children’s stockings has been the proverbial “stick” in the Christmas carrot-and-stick behavior equation for as long as anyone can remember.  Nevertheless, Santa’s spokeself has confirmed that this year Saint Nick will be leaving the North Pole without a sack of coal for delivery to a few egregiously underperforming children.

It appears that Santa is bowing to a relentless campaign by environmental activists.  An anonymous elf source stated, “The environmentalists really ratcheted up the rhetoric this year.  Greenpeace’s “Coal Isn’t Tinsel” campaign really stung the old man.”

Representatives from Greenpeace commented, “We believe that Santa’s association with the filthy coal industry needed to end.  By delivering coal to children, Santa continuously reinforced dependence on fossil fuels with each succeeding generation.  We are proud to have helped stop the cycle of violence against the Earth.”

2011 has been marked by significant victories for Greenpeace.  Earlier this year they chalked up a major win against Internet giant facebook by forcing them to “unfriend” coal.  It seems that facebook had the audacity to build a major data center in the state of Oregon which generates a slight percentage more of its electricity from coal than other states.  The environmentalist group was not dissuaded from their campaign by the fact that facebook’s data center is a model of energy efficiency and sustainable design.  They were equally unimpressed by the fact that if the data center had been built in a different state it would have consumed more electricity and contributed more greenhouse gases because it would not have been able to take advantage of the cool Oregon climate for “free cooling.”

Santa was equally unsuccessful when trying to reason with Greenpeace.  Tensions peaked earlier this year when Santa thundered, “The lump of coal a symbolic gesture you nitwits!”  Greenpeace responded with a well crafted marketing campaign that equated giving fossil fuels to naughty children with giving loaded weapons to known criminals.

Santa quickly caved to demands after Greenpeace pointed out that Santa is operating a workshop at the North Pole.  An activity the Greenpeace characterized as “a harsh, polluting industrial facility located at the vulnerable center of Earth’s most pristine and sensitive wilderness.”

Santa is reportedly working with representatives from Greenpeace to find an alternative to lumps of coal for naughty children.  Greenpeace has suggested biodiesel producing algae.  Santa has suggested reindeer manure.  In either case, environmentalists will be hanging their stockings with extra care this year.

(PS Thanks to soniacarreras for the elf!  http://soniacarreras.deviantart.com/#)

Peak 10 Breaks Ground On New South Florida Data Center. A Word About Data Center Standards and Compliance

Data center hosting and cloud services provider Peak 10 has broken ground on a new data center in Ft. Lauderdale, FL.

Some of the vital statistics on the new facility include:

  • Peak 10’s 22nd data center
  • 11,000 square feet (Peak 10’s presence in south Florida will total 33,000 square feet.)
  • Multiple levels of security
  • Uninterruptible power
  • HVAC systems
  • Fire suppression
  • Around-the-clock monitoring and management.
  • Interconnected with Peak 10’s private network
  • SSAE 16 and PCI compliant

For those unfamiliar with SSAE 16, this is the new version of SAS70.  For those unfamiliar with SAS70, SAS 70 is an auditing standard that was developed by the American Institute of Certified Public Accountants (AICPA).  SAS 70, when applied to data centers, demonstrates that the data center operator has adequate controls and safe guards in place to host or process data related to their customer base. SAS 70 is not a certificate, but an opinion on the nature of those controls.

SSAE 16 is becoming a pretty big deal in the data center hosting industry.  It should provide Peak 10 with a competitive advantage in the marketplace for a couple of reasons;

  • The south Florida hosting industry caters to businesses located in the Caribbean, Central and South America.  SSAE 16 is an internationally recognized standard.
  • SSAE 16 is especially important to the healthcare, insurance and financial services industries.  You can’t swing a cat in South Florida without hitting a healthcare, insurance or financial services firm.

The Peak 10 data center will also be PCI compliant.  The Payment Card Industry (PCI) Security Standard is another important standard for financial services, e-commerce and retail industries.  This is an information security standard for organizations that handle cardholder information for the major debit, credit, prepaid, ATM, and POS cards.

The Peak 10 corporation is also compliant with a number of other important standards including:

  • Sarbanes Oxley (SOX)– A Federally mandated accounting standard important for auditing of publicly traded US companies.
  • HIPAA/HITECH– A Federally mandated standard that addresses the privacy and security concerns associated with the electronic transmission of health information
  • Gramm-Leach-Bliley (GLBA)-A federally mandated standard that is important to commercial banks, investment banks, securities firms, and insurance companies.

The Florida data center is one of many growth moves announced by Peak 10 in 2011.  Others include completion of data centers in Nashville, TN and Louisville, KY and ground breaking in Nashville, TN.

Congratulations to the good folks at Peak 10 for quickly becoming a major player in the Southeast data center hosting and cloud marketplace.

 

 

The Threat of Cyber Attacks on Data Center SCADA Systems

Earlier this year, shortly after the discovery of the STUXNET cyber weapon, I wrote an article for Mission Critical Magazine (MCM) titled, “The SCADA Worm Threat to Mission Critical Infrastructure”.  In the article, I explained how STUXNET had demonstrated a new and profoundly dangerous threat to Industrial Control Systems (ICS) such as SCADA (Supervisory Control and Data Acquisition).  I urged the data center community to recognize that data center electrical and mechanical infrastructure is potentially vulnerable to this type of cyber attack.  Furthermore, I warned that data centers can be very enticing targets for criminals, terrorists and foreign nationals utilizing cyber weapons.  I predicted that SCADA cyber attacks in general would become more common and that data centers could become targets for data theft, extortion and sabotage through their SCADA systems.

Since the release of the article, a number of trends have reinforced my view that SCADA systems are becoming increasingly vulnerable.  Events of concern include:

  • Proliferation of STUXNET SCADA worm technology.  On September 1, 2011 a new SCADA worm, dubbed Duqu, was discovered.  The Duqu worm bears close resemblance to the STUXNET worm in complexity, design and execution.  However, Duqu was configured for a completely different (and currently unknown) target.  Initial analysis indicates that Duqu may be designed to steal data as a precursor to a STUXNET type cyber attack.   The similarity to STUXNET indicates that Duqu’s designers either designed STUXNET or had access to the STUXNET source code.
  • Rise of hactivist interest in ICS cyber attacks.  In September of 2011, a US Department of Homeland Security (DHS) bulletin provided evidence that the hacking collective “anonymous” “had recently expressed an interest in targeting industrial control systems (ICS).”  It is doubtful that anonymous will have the capacity to execute a STUXNET level cyber attack in the near future.  However, their interest in exploiting ICS technology is indicative of an increase in awareness and activity within the hacking community regarding ICS systems.
  • SCADA hacking malware (almost) demonstrated at TakeDownCon In May 2011, security researchers from NSS Labs were planning to demonstrate how to write “industrial-grade” SCADA malware at a Dallas information security conference.  The researchers claimed, “We will demonstrate how motivated attackers could penetrate even the most heavily fortified facilities in the world, without the backing of a nation state.”  SCADA manufacturer Siemens and the US Department of Homeland Security requested that the researchers not continue with the demonstration citing public safety concerns.  The NSS Labs researchers complied with the DHS request.
  • Additional SCADA vulnerabilities made public.  In March 2011, security researcher Luigi Auriemma posted full-disclosure advisories and details regarding proof-of-concept attacks for thirty five new SCADA vulnerabilities.  Auriemma posted these to the publicly available securityfocus.com (Bugtraq), an open bulletin board for Symantec customers, end users, developers and partners.
  • Powerful SCADA Hacking “Toolkit” released.  In March 2011, Gleg, a Russian security firm offered for sale a software package known as The Agora SCADA+ Pack.  The software contained 22 modules exploiting 11 zero-day vulnerabilities.  The pack included data applicable to a wide variety of SCADA system manufacturer’s devices and software.  The package also allegedly contains analysis of SCADA system “weak points” such as hard-coded passwords and problems with smart chips.

Clearly, cyber criminals are beginning to focus their attention on SCADA systems and are busy developing new exploits and malware

The vulnerability of SCADA systems represents a particularly grave threat to infrastructure of national significance.  Vital infrastructure such as electrical grids, refineries, water treatment plants and chemical processing plants rely heavily on ICS and/or SCADA.  The consequences of a successful cyber attack on this infrastructure are potentially dire.  Fortunately, some national governments have recognized that the SCADA cyber vulnerability represents an emerging threat to national security and have taken steps to close security gaps.   The US Federal Government, for example, has launched extensive cyber security initiatives and programs to address vulnerabilities in our national infrastructure.  US-CERT, a division of the US DHS, has become one of the world’s leading cyber security organizations.

SCADA systems are not limited to industries of significance to national security.  In fact, variations of these systems can be found in nearly every industrial and commercial environment.  Data centers are no exception.  Most commonly, data centers utilize SCADA technology to control the automated functions of their critical electrical switchgear.  Switchgear in these facilities usually feature multiple, redundant power paths to allow for maintenance and to provide operational resilience in the event of a system component failure.  In order to function effectively, this type of switchgear must monitor system conditions such as voltage, amperes and frequency.  If one of the monitored parameters falls out of a preset tolerance band the switchgear automatically performs an action or series of actions to correct the abnormal condition.  For example, in the event of a loss of mains power to the switchgear, standby generators start and a number of circuit breaker position change in order to deliver generator power to the critical load.  The system of sensing devices, Programmable Logic Controllers (PLCs), and computers that monitors and controls the switchgear is known as SCADA.

For many years, data centers and other users of SCADA systems operated without significant threat from hackers, malware and cyber criminals.  These systems benefitted from a flawed security principle known as security through obscurity or hiding in plain sight.  SCADA systems utilize communication protocols (for example MODBUS) that are not widely known by hackers and malware developers.  Furthermore, the systems monitored and controlled by SCADA are often extremely complex and require extensive training to understand and operate.  It was considered unlikely that an intruder in the system would have the engineering knowledge needed to effectively infiltrate the system and cause lasting damage.  These system characteristics amounted to a degree of obscurity that did not seem to require extensive cyber security.

The security of SCADA systems also benefitted from a persistent question of motive.  Hackers and malware are typically associated with the theft of sensitive corporate secrets, personal information or financial data.  This type of data is not stored in Industrial Control Systems.   Thus, ICS manufacturers and operators assumed that their systems would not be hacked because they contained no data that might justify the work required by a hacker.

Additional security was assumed because SCADA systems are not typically connected to the Internet.  However, these systems are routinely accessed for software upgrades, data exports and system configuration changes.  Additionally, many SCADA systems share network infrastructure with other corporate networks.  This practice allows the SCADA system to share data with other corporate assets and avoids the cost of a separate, dedicated network for the SCADA system.  However, these practices compromise security integrity for these systems.

Given the assumed security through obscurity, the lack of traditionally targeted data content and the lack of direct Internet connection the primary security threat to SCADA systems appeared to come from accidental misuse by poorly trained operators or deliberate misuse by disgruntled employees.  The solution to this type of security problem consisted of restricting access to the SCADA controller using rudimentary (usually default) passwords and physical security.

In 2010, the appearance of STUXNET shattered the illusion of security for operators of SCADA systems.  The STUXNET cyber weapon was a piece of malware (specifically a worm) which was engineered to target a uranium purification facility in Iran.  The STUXNET worm utilized USB drives and autonomous replication capability to infect the SCADA system in the highly secure facility.  The systems were infected despite the fact that they were not connected to the Internet.  Once inside the system, the malware cunningly hid itself in system memory, reprogrammed Programmable Logic Controllers (PLCs) and sent false data to the system SCADA controller or Human Machine Interface (HMI).  The new PLC programming caused momentary speed changes in the high speed uranium purification centrifuges in use at the facility.  These speed changes had the combined effect of rendering batches of purified uranium unusable and causing catastrophic physical damage to the centrifuges.  The net effect of the attack was to set the Iranian nuclear power program back by years.  When the worm was finally discovered months after its payload was delivered, the international cyber security community promptly labeled STUXNET a “game changer” and the first “cyber super weapon”.  

For the first time, malware had been successfully deployed against a SCADA target and caused catastrophic physical damage to the controlled system.  Clearly, the obstacles of obscurity and complexity could no longer be counted on to keep SCADA systems secure.  The creators of STUXNET had demonstrated that these obstacles were irrelevant to highly motivated and educated malware developers.  Clearly, a lack of Internet connection could no longer be considered adequate protection for SCADA systems. Trojans, worms and other malware can infect SCADA systems via secondary network connections and via devices used to perform necessary maintenance tasks.  Clearly, the question of motive was answered.  SCADA technology had been adopted by so many critical industries that abundant motive could be found to justify building the tools needed to crack these systems.

The complexity and sophistication of the STUXNET worm indicated that it was the work of a national intelligence agency.  However, many cyber security professionals began discussing the longer term ramifications of the existence of such powerful SCADA worm malware.  Drawing on their experience with the development and spread of conventional worms and viruses, experts warned that now that this type of weapon had been deployed, the techniques and source code would be replicated and repurposed by a widening array of cyber criminals.  Because SCADA technology can be found in nearly every industrial environment and because these systems usually lack even rudimentary cyber security features, experts warned that attacks on these systems would quickly become commonplace.

Some cyber professionals argued that operators of SCADA systems that are NOT part of the national infrastructure are actually at greater risk than targets of national security significance.  Ralph Langner (the man who “solved” STUXNET) of Langner Communications, warned that cyber criminals using SCADA worm malware would avoid public infrastructure targets in favor of poorly protected private enterprises with sizable financial resources.  Langner predicted, “The next cyber weapon will be considerably cheaper, since much of the attack vector and the specifics of how to use automation equipment will simply be copied.  Sabotage with the motivation of extortion will get a commonplace scenario.  At this time targets are no longer limited to critical infrastructure but will especially cover the private sector — a TARGET-RICH AREA where it cannot be assumed that organizations will install countermeasures large scale in a reasonable amount of time.”

Fortunately, some private industries are actively hardening their SCADA infrastructure against cyber attack.  Many electric utilities, chemical manufacturing plants, water treatment facilities and oil & gas infrastructures, at the urging of the U.S. Congress and in cooperation with agencies such as US-CERT, have taken many steps to secure their systems.  In addition, a number of professional cyber security firms have emerged to specifically address SCADA vulnerability for these industries.  However, the data center industry has largely been slow to implement meaningful security measures.  Ironically, an industry that is profoundly conscious of the cyber security threats aligned against the IT assets on the raised floor seems to be unconcerned regarding the security issues relative to the SCADA in the facilities space.

In the current political and cultural climate there are a variety of groups that may develop the motive and skill to target data center SCADA infrastructure for cyber attack.  These groups include:

  • Nations engaged in cyberwar.  In 2007 a Blue Horizons paper, titled, “State Actor Threats in 2025” was prepared by the US Air Force.  The paper identified a number of scenarios that could threaten the United States in the future.  The scenario with “the highest potential for a state actor to inflict catastrophic damage to the US” is known as Phantom Menace.  In this scenario, cyber attacks are used, “against the enemy so that the civilian electricity network, traffic dispatching network, financial transaction network, telephone communications network, and mass media network are completely paralyzed, this will cause the enemy nation to fall into social panic, street riots, and a political crisis.”  Each of the targeted infrastructure assets identified could be crippled by attacks that shut down the data centers that control those industries.
  • Corporations and nations engaged in industrial espionage.  In 2010, Google revealed that for the second half of 2009 it had been under constant cyber attack.  Security professionals at McAfee named the attack Operation Aurora and identified the attacks as an advanced persistent threat (APT), (a classification of attack that also includes the STUXNET malware.) Google indicated that the cyber attack originated in China.  Operation Aurora was not limited to Google assets but also included assaults on other major American companies.  Adobe Systems, Juniper Networks and Rackspace have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanleyand Dow Chemicalwere also among the targets.  In an era where state actors can attack public companies using cyber weapons, it is not inconceivable that data center infrastructure could be jeopardized.  Nations and companies could gain competitive advantage over their adversaries by disrupting operations at their data centers.
  • Cybercriminals targeting data center infrastructure for purposes of extortion.  As Ralph Langner pointed out, malware has become a common weapon used by criminal organizations.  As SCADA cyber weapons proliferate, it is expected that the technology will find its way into the hands of criminals that will use the technology to extort funds from corporations.  In my article in MCM, I outlined a possible scenario where a SCADA worm could be used to destroy an emergency generator at a data center. The damage would be followed up with a threat of more damage unless a hefty extortion threat is complied with.
  • Social activists seeking to disrupt credit and banking infrastructure.  The news during the autumn of 2011 was dominated by stories of “Occupy” protesters in major American and European cities.  Fortunately, these protest groups lack a cohesive political message or effective leadership.  However, these groups represent a general rise in antipathy toward banking and commerce organizations.  A cyber attack on commerce infrastructure such as a stock exchange or credit card processing data center would meet the apparent aims of these groups.  The Occupy protesters may find support for such an attack from environmental activists who view data centers as major consumers of “dirty” electrical energy.

The trend regarding SCADA attacks is clear.  The weapons used to perpetrate these attacks are becoming more widely spread and more powerful.  Simultaneously, the expertise and techniques required to successfully deploy these weapons is becoming more common.  Finally, the number of groups that could benefit from deploying one of these weapons against a data center is increasing.  Each of these trends points toward a bleak future for the unprepared data center.

Caronet adding 15,000 sq. ft. data center space in Charlotte

The web hosting (Managed, Cloud and Dedicated Server) company Caronet announced last week that they are expanding their data center footprint.  The expansion will add 15,000 square feet of data center space in Charlotte, NC.  The expansion will also include additional critical power and storage.

The expansion is scheduled to wrap up in early 2012 and will bring Caronet’s total data center space to 40,000 square feet across 4 data centers. 

Caronet is best known for providing solutions to the internet gaming industry and offers a variety of “Engineered Hosting” solutions.