Why Power Management Should Be In Your Cyber Protection Plan

June 9, 2021
Cybersecurity threats are on the upswing necessitating new digital and physical perspectives

When it comes to cybersecurity, safeguarding power equipment may not always be the first thing IT professionals have on their checklist. Yet hackers are relentlessly exploiting new devices in innovative ways and vulnerabilities are emerging that may not have been previously considered. The ability to eliminate these vulnerabilities is becoming more and more critical.

In this article, we’ll explore why cybersecurity threats are on the upswing, unique ways hackers are exploiting data and the digital and physical perspectives on how to protect critical information.

 Interconnectivity Challenges: 5 Examples of Surprising Hacks

While IoT advancement has generated many benefits for businesses, including the ability to streamline operational efficiency with connected devices like uninterruptible power systems (UPSs) and other power backup devices, this growing interconnectedness brings a new set of cybersecurity challenges. In fact, 61% of organizations have experienced an IoT security incident, which often results in significant financial loss and reputation damage.

 On top of that, COVID-19 has created a handful of difficulties for organizations – cybersecurity being one of them. With an increase in remote work and reliance on technology during the pandemic, hackers have had ample opportunity to take advantage of vulnerabilities. The Federal Bureau of Investigation reported a 300% increase in cybercrimes since the pandemic has struck. Also, recent reporting from the International Criminal Police Organization (Interpol) revealed that in a four-month period, 907,000 spam messages, 737 malware incidents and 48,000 malicious URLs related to COVID-19 were detected.

 A growing list of equipment has become more susceptible to breaches as cybercrime grows, from household appliances to medical equipment. Here are five examples that might surprise you:

 1. A chilling ploy. The massive and widely publicized Target breach in 2014 ── which resulted in the theft of data on 40 million credit and debit cards ── was traced back to the retailer’s HVAC system. Hackers stole login credentials belonging to a company that provided Target’s HVAC services and used that as an access point to the retailer’s financial systems.

 2. Now that was fishy. In 2017, hackers stole high-roller data from a North American casino through an internet-connected thermometer located inside an aquarium. They managed to access the network via the fish tank’s sensors, which regulated the temperature, food and cleanliness of the tank. While the premise sounds like something from an Oceans 11 movie sequel, it’s not the only time an unsecure thermostat has caused a frenzy.

 3. Heart-stopping hack. In 2017, the FDA confirmed that St. Jude Medical’s implantable cardiac devices used to monitor patients’ heart functions could be easily hacked. Due to transmitter vulnerabilities, hackers were able to control shocks, administer incorrect pacing and deplete the battery. Other medical devices have also been targeted; the FDA issued a similar warning about the security of Medtronic insulin pumps, which hackers were able to remotely access and control.

4. Oh, baby! Although baby monitors began as simple one-way radio transmitters, over the years they have evolved into sophisticated Wi-Fi-enabled smart devices complete with features such as cameras and infrared vision. Unfortunately, the IoT devices weren’t smart enough to thwart hackers in late 2018 when a cyber crook accessed the wireless camera system in a U.S. monitor and threatened to kidnap the baby.

5. Alexa, have you been hacked? In August 2020, Cybersecurity firm Check Point revealed that major vulnerabilities allowed researchers to access accounts and personal data in Alexa, Amazon’s AI-based intelligent virtual assistant (IVA). Part of a market that is expected to reach more than 15 billion by 2025, IVA devices can serve as entry points to a wide variety of home appliances and device controllers, underscoring the need to properly secure them.

As devices get smarter for convenience and ease; it is important to properly secure these devices to protect against possible cyberattacks. The same goes for backup equipment. As power backup devices have advanced with new network-connected capabilities, they must become more prioritized for cybersecurity protection like many in the examples above. There are several measures cybersecurity leaders can take to ensure devices don’t fall victim to debilitating breaches.

A Checklist to Help Protect Power Equipment

One of the best things that IT teams can do to ensure an effective level of security for their enterprise and protect power management equipment is to stay abreast of the latest efforts by global standards organizations to certify products as secure across the connected spectrum. 

  •  Know the latest global safety developments. The global safety science organization UL has developed and published a standard, UL 2900-1, for software cybersecurity for network-connectable devices. The standard provides criteria and methods for evaluating and testing for vulnerabilities and requirements regarding the presence of security risk controls in the architecture and design of a product. The International Electrotechnical Commission (IEC) has also released cybersecurity certifications such as ISA/IEC 62443 to give companies a resource to address security vulnerabilities in industrial automation and control systems.
  • Power equipment can combat cybersecurity threats. Purchasing power management equipment that has been certified via these methods can give companies greater peace of mind as they look to advance and add new solutions to their network. Today, there are UPS network management cards available with UL 2900-1 and IEC 62443-4-2 certification. With built-in cybersecurity features, these solutions boast stronger encryption, configurable password policy and usage of CA and PKI signed certificates.
  • Embrace digital solutions. By pairing backup equipment with power management software, organizations can also make timely firmware installation and updates to stay ahead of evolving cybersecurity threats. As new vulnerabilities are identified, businesses can work with their technology service providers to embed necessary patches or solutions. For example, as Ripple20 vulnerabilities were recently identified in the Quadros stack, potentially billions of connected devices were exposed to this vulnerability. Power management software allows mass updating to apply patches and remove this exposure, at scale, quickly across the power chain.
  • Marry physical and digital security. Enterprises should also consider physical security as part of their strategy to keeping power management equipment safe and secure. Taking measures to deploy smart security locks on IT racks can help to ensure that only authorized personnel has access to IT equipment.

The Journey Forward   

As connected options advance, businesses will continue to adopt new solutions to streamline efficiency and enhance their operations. However, in the midst of this evolution, IT and cybersecurity teams must keep a close pulse on industry developments to ensure power management devices and other network-connected equipment is on par with the latest certification standards. As their cybersecurity journey progresses in alignment with the evolving IT landscape, businesses can stay one step ahead by implementing an end-to-end cybersecurity strategy – one that encompasses power management.

About the author: Hervé Tardy is Vice President and General Manager of Eaton’s Distributed Power Infrastructure business unit. In this role, Hervé manages the America's product roadmap for power solutions, software and connectivity products to reinforce Eaton’s technology leadership. You can find more information at Eaton.com.