Can your critical backup power be hacked?

When we talk about information security, most people think of personal information and stolen credit card numbers. Recently, the residents of Dallas, Texas started thinking about it in a whole new way when hackers set off every single emergency siren in the city for an entire hour. This was disturbing, perhaps a bit frightening, but ultimately pretty harmless. However, it’s an indicator of a larger trend – and much larger concerns.

The world is moving towards equipment that’s powered by software, from smart home devices to road signs to the Uninterruptible Power Supply (UPS) units that keep your backup power going strong. Over the past decade, UPS units have evolved into software-driven equipment, and as a result they are more efficient than ever. But with new technology comes new vulnerabilities.

Part of the problem lies in the remote monitoring solutions that have existed for these units. These monitoring solutions typically breach company firewalls, leaving systems vulnerable. At DC Group, we’ve developed Site Sentry™ secure remote monitoring to eliminate this breach. By using a proxy agent, the SNMP protocol is only used within the customer’s network – between the proxy agent and the UPS itself.

While most UPS units are vulnerable to external SNMP commands that might shut the unit down completely, Site Sentry’s use of a proxy agent makes this type of hack impossible:

  • Instead of passively requesting commands from the ether and passing along any that come its way, the proxy agent checks an SSL certificate to verify that it’s running commands that come from an authorized location
  • The proxy agent only translates SNMP-read commands, not writes. By prohibiting writes, Site Sentry safely excludes any commands that would change the UPS state

 

 

In addition to this iron-clad security, Site Sentry™ gives you all the information you need. At a glance (and on desktop, phone or tablet) you can see real-time input and output voltages, battery temperature, temperature alarms, the status of UPS parts like fans, fuses and capacitors and much more. If anything is operating out of parameters, you get an alert instantly by text, email or phone call per your preferences. These alerts are also encrypted and authenticated. Nobody knows where your backup power supply is, what it’s doing, or what condition it’s in except for you and the colleagues you trust.

Site Sentry™ is the world’s first completely secure remote real-time monitoring software, and the only solution that employs the same data security protocol used by major financial institutions. Site Sentry™ is part of the PowerTools Suite™ that comes complimentary with every DC Group maintenance contract. See an online demo of the Site Sentry™ dashboard here, or get in touch to talk more how the PowerTools Suite™ is helping people manage critical power more efficiently – and with security that stays ahead of the hackers.