Data Centers Harden IT. CPS Remains Soft
Data center infrastructure is built for resilience. Power, cooling, and physical security systems are tightly engineered to keep operations running, even under strain. But from a cybersecurity perspective, these same systems remain an open flank.
Cyber-Physical Systems (CPS) such as HVAC controllers, power distribution equipment, and access control networks rarely fall under the scope of OT cybersecurity programs. They are essential to uptime. Yet in many facilities, they remain invisible to monitoring tools and unmanaged by cybersecurity policy.
What’s happening
The integration of CPS into data center operations is not new. But their exposure is growing. As more facilities adopt smart infrastructure (remote power control, intelligent cooling, integrated security) these systems are now connected, accessible, and increasingly targeted.
CPS assets are externally managed and poorly integrated: Power management systems, BMS platforms, DCIM software, and badge access tools are typically installed and maintained by vendors or facilities teams, not cybersecurity. They often run on proprietary protocols, lack centralized logging, and remain disconnected from broader OT security frameworks. As a result, they fall outside routine monitoring, vulnerability management, and incident response planning.
Operational disruption is an emerging attack vector: While data theft and ransomware remain dominant threats, there is growing concern about attacks that interfere with the physical operations of critical environments. In data centers, that means systems like cooling, power, and environmental control.
A compromised chiller or misconfigured power controller does not just degrade performance, it can trigger a shutdown. Few such incidents have been publicly attributed to cyberattacks, but the exposure is real and often underreported. As CPS systems become more connected and remotely accessible, the risk of targeted disruption – whether intentional or collateral – continues to rise.
Cyber monitoring tools don’t extend to the physical layer: Most OT cybersecurity tools focus on traffic inspection, controller behavior, or device inventories. But CPS manipulation often happens silently, through misconfigurations, vendor access, or remote software updates. These actions do not violate policy or trigger alerts. And without visibility into the physical layer, the only sign of compromise is operational failure.
Why Level 0 Visibility Matters
This is where process-oriented OT cybersecurity becomes essential. Instead of relying on software logs or controller outputs, Level 0 monitoring captures raw electrical data (e.g., current, voltage, and actuation behavior) directly from the physical layer.
Because it operates independently of the control system, this layer remains unaffected by firmware changes, logic modifications, or insider misuse. If cooling is disrupted or a power routine shifts, the electrical behavior reveals that change – even if the system interface reports business as usual.
Siga’s solution suite, SigaML2 puts this approach into practice. It provides direct visibility into how critical systems are functioning, based on their physical operation – not just what control room software says.
In complex, high-availability environments like data centers, that added layer of visibility isn’t optional. It’s essential.
The bottom line
Cyber-physical vulnerabilities in data centers are not theoretical. They’re increasing, hard to find, and can originate from trusted systems inside the perimeter.
These attacks don’t need malware or firewall breaches. They can manipulate core infrastructure – airflow, power, cooling – by quietly altering how systems function.
Level 0 monitoring breaks that pattern. It focuses on what’s actually happening at the physical layer, rather than relying on data from higher levels of the control system.
In OT environments, the threat is physical. The defense must be as well.
