An electromagnetic pulse device could hold your data center ransom
Suppose your data center just stopped. Inbound and outbound traffic all ceases and the screens for DCIM the Meet-Me-Rooms all go blank.
Colocation and managed-service clients call, asking what the problem is, and a C-Level exec phones from home office, asking you about the 100-percent uptime guarantees. An engineer heads for the Meet-Me-Room and reboots everything. Slowly, the networking gear comes back online, and you breathe again.
But the next day, at the same time, it happens again.
And a few days later, the engineer hands you a letter he found stuck under his car’s windshield-wiper blade. It’s a ransom note.
That’s how an electromagnetic pulse (EMP) attack might play out. An attacker uses a burst of electromagnetic interference to disrupt your systems. And they can do it again whenever they want.
The dangers from an electromagnetic pulse are widely talked about, but mostly we hear about geomagnetic disturbance (GMD) from solar storms or the effect of electromagnetic fields produced by a high-altitude nuclear blast. If either of these two Doomsday scenarios happens, I’m told those familiar with Mad Max movies will have a good idea of what it will be like.
The attack described above revolves around another type of EMP event — Intentional Electromagnetic Interference (IEMI), defined by the International Electrotechnical Commission as: “The intentional malicious generation of electromagnetic energy introducing noise or signals into electric and electronic systems thus disrupting, confusing, or damaging these systems for terrorist or criminal purposes.”
IEMI consists of man-made bursts in the form of an electric field, magnetic field, or conducted electric current. Simply put, it’s like a lightning strike minus the flash and bang.
As a mini-lightning strike, an IEMI blast directed at electronics will either operationally or physically render the equipment useless depending on the pulse intensity, pulse frequency, and the distance between the IEMI device and electronics.
The IEMI attack works because most of today’s electronics have little if any EM shielding, and will not withstand an electromagnetic pulse of more than 10 volts per meter. Portable IEMI devices and even home microwaves can transmit RF signals in excess of 10,000 volts per meter.
What are IEMI devices?
APELC 100-KV/M HP RF Source
Source: Applied Physical Electronics
To learn more about IEMI devices, I contacted Applied Physical Electronics, L.C. (APELC), an R&D company that develops compact, deployable equipment used by the DoD and businesses to test the EMP survivability of electronic equipment. The APELC suitcase device shown here can produce pulses of over 100,000 volts per meter.
Richard Schreib, vice president of APELC, told me IEMI devices consist of a Marx generator (electrical circuits that generate a high-voltage pulse from a low-voltage DC supply) and an antenna. “Marx Generators have been around a long time (1924),” said Schreib. “When creating an IEMI device, the trick is to match an antenna to the generator so it works correctly.”
Is IEMI a cyber threat?
For IEMI to be a real threat, operational devices or components to create IEMI equipment must be readily available. There aren’t many companies in this business sector. However, a few minutes of searching on the internet presents a plethora of IEMI Do-It-Yourself (DIY) sites, including this one. The following quote from this paper adds to the credibility of DIY IEMI devices:
“Clearly it is possible to generate conducted wideband waveforms similar to those used for EMC testing of equipment, but with somewhat higher peak levels than those specified for normal home or commercial usage. For radiated waveforms, it is possible to apply microwave oven parts and those from surplus military radars to generate threatening electromagnetic field levels. Of course generators can be built in laboratories with higher level capabilities, however, source size is an important factor to be considered when creating threat level criteria.”
And, there is the thriving digital underground.
Depending on what an attacker has in mind, an IEMI device can be used as a temporary denial of service weapon or, if so inclined and with a powerful enough device, it could physically destroy all electronic components within the range of the EMP. In either case, in the competitive world of commercial data centers, reputation is everything, and having any kind of unplanned down time will likely result in loss of current and future business.
To get a better idea of the level of cyber threat, I contacted Emprimus, which builds equipment to fend off the effects of an EMP. David Jackson senior program director and Gale Nordling CEO at Emprimus started by explaining why IEMI is a viable threat to data centers. “Bad guys, ever conscious of the bottom line, are looking for new ways to ply their trade,” said Jackson. “And the lack of IEMI awareness today similar to cyber-security awareness ten years ago is in their favor.”
Nordling added that the IEEE is concerned enough to have issued Standard 1642-2015 Recommended Practice for Protecting Publicly Accessible Computer Systems from Intentional Electromagnetic Interference (IEMI). On page two of the standard, the authors refer to several reported instances of IEMI devices being used for criminal intent:
- A UK bank was blackmailed, the attackers threatened to destroy the bank’s IT systems using an IEMI device.
- In the Netherlands, a disgruntled client, having been refused a loan, disrupted the bank’s IT network. According to sources, the individual built the briefcase-size IEMI device from what he learned on the internet.
Additionally, the National Fire Protection Association (NFPA) now recognizes EMP as a threat to be dealt with, in standard NFPA 1600.
Jackson made it clear that IEMI is not picky what data-center equipment it disrupts or destroys — computing, power distribution, backup power, or cooling. “It can enter a facility as radiated energy; it can also couple into currents in cabling and other wiring serving the facility,” explained Nordling. “It is important to point out that these threats are cyber threats, since EMP can corrupt and destroy data, by changing its state, just as surely as the more publicized internet hacker attacks we are familiar with.”
Protect against IEMI attacks
As mentioned earlier it is difficult to determine if an IEMI attack is occurring. Fortunately, specially designed sensors can detect EMP activity. Emprimus has an inferential-detection system that can be integrated with traditional security. The system is so designed that cameras will point toward the sensed EMP activity.
I asked Nordling, besides detection, what other measures would help fend off IEMI attacks. Here’s his list:
- EM pulses weaken the further they travel, so keep as much distance as possible between sensitive electronics and potential attack locations
- Replace wires with fiber optics
- Remove windows or cover with fine-wire meshPlace EM filters on all cables entering the building
- Place the data center’s most sensitive gear in a metal-lined safe room
Ultimate answer to IEMI attacks
Having talked to many data-center operators, experts, and engineers, it seems most feel IEMI attacks are unlikely. I hope they are right. But, it does not hurt to be aware of the possibility. And for those concerned about IEMI, there are solutions available, even the ultimate answer — an underground data center.