Securing your UPS systems against cyberattacks

Schneider Electric - Cyberattacks are on the rise, as evidenced by the growing number of cybersecurity-related headlines. From ransomware attacks, denial-of-service attacks resulting in outages, or insidious data breaches, the average cost of an attack has more than quadrupled in Singapore over just one year to a staggering US$3.46 million (S$4.7 million) in 2021.

But while such attacks were focused solely on computers in the past, a growing number of them are now targeting the IT infrastructure of commercial and industrial operators, including power plants, gas pipelines, manufacturing facilities to data centres

Cyberattacks on infrastructure

While unthinkable in the past, cyber attackers are also targeting what is known as OT (Operational Technology), which is the hardware and software used to manage and control physical devices that exist and operate in the physical world. And OT systems, previously hooked up to isolated networks, but which are now increasingly wired up to the Internet, are proving surprisingly vulnerable to cyber attackers.

For example, a ransomware attack on the computer systems for the Colonial Pipeline in the United States in 2021 saw the largest fuel pipeline in the country taken down as a precautionary measure. The pipeline transports and distributes nearly half of the fuel for the eastern seaboard and is considered one of the most vital oil pipelines. Other attacks include meatpacking company JBS Foods - the world's largest meat producer, and closer to home, an attack on Oil India's headquarters.

By now, it is evident that any organisation can suffer a cyber compromise. The only way to defend against hackers is through a layered approach, leveraging established technologies such as endpoint protection, firewalls, and intrusion detection, and ensuring that employees don't fall prey to phishing or social engineering.

Time to review your UPS

Of course, protecting IT infrastructure will only get more complicated given evolving computing environments, which have now extended towards edge computing, as well as IoT and the Industrial Internet of Things (IIoT). All these must be secured, hardened, and monitored, with relevant security patches and updates promptly applied.

Despite the growing attention focused on defending physical infrastructure, it is easy to overlook the power infrastructure. Yet UPS and power distribution units (PDUs) are some of the most critical systems that if subverted, can severely compromise normal operations. For instance, attackers could turn off the power, or disengage power protection.

Unfortunately, recent findings from Schneider Electric show that UPSs make up 55 per cent of connected devices that are vulnerable to cyber security breaches. Moreover, findings from a sample of data centre customers found that as many as 62 per cent are currently using outdated device firmware that creates security risks, with Gartner predicting that 70 per cent of organisations that do not have a firmware upgrade plan in place will be breached due to a firmware vulnerability.

With many deployed UPS having exceeded their service lifespan, it is hence for IT managers to review their cybersecurity plans with their UPS in mind.