APC UPS

Let’s explore the security of UPSs

Cybersecurity breaches through unauthorized access to hardware happen more often than most people realize. While the industry in recent years has focused on software and cloud security, bad actors have been exploiting hardware vulnerabilities to launch cyberattacks. This includes cybersecurity breaches on uninterruptible power suppliers (UPSs).

So let’s explore the security of UPSs.

Cybersecurity improvements in UPSs

Before purchasing a UPS, a business should thoroughly examine its cybersecurity capabilities. Recent technology developments have made it possible to harden UPSs with better cybersecurity measures. These measures can help prevent breaches that could result in data and financial losses and damage a company’s reputation. Let’s explore the security of these UPSs.

Blocking counterfeit UPS accessories

The ability to add to a UPS system is important as it gives users the flexibility to install power and battery modules. As a result, organizations can scale up and customize UPSs as their needs evolve. However, this can also create a vulnerability with the possibility of attaching any unauthorized or counterfeit part or accessory to the UPS system. So, the first line of defense is to block any unauthorized accessories.

For example, the UPS can include a tamper-proof chip that can communicate and authenticate all the system’s linked modules. The system automatically identifies any counterfeit parts and an error code appears on the unit’s display, locally or transmitted through the cloud. This alerts the user to remove counterfeit or unknown modules and avoid potential attacks intended to manipulate the system.

Dealing with malicious firmware

The second line of defense protects against the most common method used by bad actors to access a system – downloading malicious firmware into the hardware. With the malicious firmware, bad actors can get past built-in security measures to interfere with performance and steal system and unit data. This threat makes it essential to bolster firmware security protocols. Firmware files can be set up so they are signed by a PKI (Public Key Infrastructure) system that confirms the authenticity of the firmware, assisting in preventing malicious firmware downloads into the UPS.

Zero Trust architecture

A special, secure boot process serves as the third line of defense, and it is based on Zero Trust architecture. Before the operating system even starts to boot up, the root of the Trust chip initiates a number of procedures that include verifying the authenticity of all hardware subsystems and validating all installed firmware. The system can start only after successful completion of the secure boot process. This feature identifies any vulnerabilities, such as outdated firmware and counterfeit accessories, then alerts users.

Preventing security breaches

With cyberattacks and physical breaches on the rise, IT teams can’t overlook potentially vulnerable access points in IT infrastructure such as a UPS. That is why Schneider Electric offers its APC Smart-UPS Modular Ultra series with the three new layers of cybersecurity, adding to capabilities that were in place already. For instance, Smart-UPS units can be connected through the cloud to Schneider’s EcoStruxureTM

IT monitoring platform, which provides remote monitoring and maintenance capabilities. As such, the APC Smart-UPS Modular Ultra series provides multiple levels of security that can help your organization prevent costly cybersecurity breaches.