Can an Uninterruptible Power Supply be hacked?

If you were paying close attention to this Monday’s episode of “24: Live Another Day and you happen to be a data center geek professional, you may have noticed that computer savant Chloe Obrien uses the fact that the terrorists are operating their IT systems on an “Uninterrupted (sic) Power Supply” to pinpoint their exact location within a London office building.

(If you didn’t catch it, no worries. There was so much over-the-top Jack Bauer bad-assery going on at the moment that it was easy to miss. There was this one completely awesome part where Jack goes full John McClane and repels off the roof using electrical wires and then he grabs the…I digress. No spoilers.)

Is there any reality to this scenario?  Could a UPS actually be vulnerable to a cyber attack or other network based exploit? The unfortunate answer is; absolutely.

In this current era of interconnectivity, where every critical mechanical and electrical infrastructure component is communications enabled, a UPS is simply another networked device. If a hacker gets into your network, the SNMP communication card in your UPS can potentially be used as a beachhead to launch attacks on other networked devices and even allow the hacker to gain control over critical electrical systems.

(We previously covered a similar vulnerability in SCADA systems that poses a threat to data center electrical and mechanical infrastructure systems.)

Fortunately the good people at BCL Power are getting in front of this potential threat. They recently published a well-researched white paper that outlines

  • the vulnerability of SNMP based communications,
  • the internal and external threat vectors that make these systems vulnerable
  • and most importantly, describes detailed strategies to address the vulnerability

The paper is highly informative and leads to the unfortunate conclusion that “24” wasn’t far off the mark when they hacked a UPS system.

You can view an overview of the BCL Power UPS Monitoring and Security solution here.

You can read the detailed white paper here.

For more information about BCL Power please visit their profile in the Data Center Discovery global directory of data center solution providers

For more information about how your company can get listed in the Data Center Discovery global directory of data center solution providers please email becca@datacenterdiscovery.com