These online monitoring platforms offer reduced downtime, deeper insight into the workings of the infrastructure being monitored and faster mean time to recovery (MTTR) with lower overheads and improved efficiency for power and cooling systems. However, as with any systems dependent on communications over a public network they are susceptible to attack from cyber criminals, a growing problem that will cost global industry an expected $2 trillion to withstand by 2019.
Choosing defensive systems and implementing work procedures for optimal security is a mission-critical discipline. A new White Paper, #239 from Schneider Electric, a global specialist in energy management and automation, entitled “Addressing Cyber Security Concerns of Data Center Remote Monitoring Platforms” provides a basic overview of a Secure Development Lifecycle (SDL) process, describing how a product should be designed and developed with security in mind at every stage.
The White Paper elaborates in detail the finer considerations of eight principal practices, taking into account personnel issues, security testing of the monitoring platform, networking security and the physical security of the products contained in the installation being monitored.
Familiarity with the discipline of how to build security into the fabric of a monitoring product informs data centre operators about the appropriate discussions they must have with platform vendors when choosing systems for their installations.
The SDL process, described in the White Paper, is based around eight key practices. A continuous training programme should equip employees to develop and deploy solutions that are increasingly secure. Cyber security features and customer security requirements should be clearly described at the product development stage. At the design stage, security architecture documents, following accepted design practices, should be produced with regard to customer specifications and threat models created to identify, quantify and address potential security risks.
The development stage sees implementation of the security architecture design into the product guided by documentation for best practices and coding standards. Next, a verification stage sees security testing performed on the product implementation from the perspective of the threat model to ensure that the system is robust.
At release stage, security documentation that defines how to install, commission, maintain, manage and decommission the product should be developed. For the deployment stage, the project development team should co-operate with service technicians to ensure successful installation and optimisation of security features. Service teams should be established to support customers with upgrades and installation advice throughout the lifetime of the product. Finally, a Cyber Emergency Response Team should be established that manages vulnerabilities and supports customers in the event of a cyber incident.