Data Center World is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Data Center World 2025

Sign In Create Account Export | Need Help?
All Sessions Speakers My Schedule

Tech Talk Presented by DeNexus: Quantifying Risk to Datacenter OT Systems from both Cyber and Physical Security Threats

Donovan Tindill  (Senior Director, OT Cybersecurity, DeNexus)

Location: Room 209A/B

Date: Wednesday, April 16

Time: 2:35 pm - 3:25 pm

Pass Type: AFCOM Solution Provider, All Access Conference, Industry Conference, Standard Conference - Get your pass now!

Session Type: Sponsored Session

Vault Recording: TBD

The datacenter is full of operations technology (OT) such as medium voltage power distribution, switchgear, transformers, generators, battery backups, transfer switches, cooling units, electric motors, sensors and more all controlled by PLCs and automation systems that support datacenter reliability. Without needing to cyber-attack the customer network side of the datacenter, targeting the OT systems can cause major capacity and cyber-physical impacts across multiple tenants, data halls, or buildings.


OT cyber risk management is evolving to an impact-based approach, where the estimated financial loss of a major cybersecurity incident is being quantified. Financial quantification helps reveal the probability and potential impact of a major cybersecurity event. But with traditional cyber risk management approaches, they are not considering the financial impacts of cyber events, and physical security is entirely siloed away.

In this presentation, we will introduce financial quantification of cyber risk as a foundational concept; then share real examples of the financial value-at-risk that network-borne cyber-attacks and physical attacks to OT systems in the datacenter can present. Using a case study of a real hyperscale datacenter, a digital twin of both their cyber network architecture and their physical access controls are simulated. Results can be used to reduce the uncertainty, improve the timeliness, and better accuracy of security risk analysis using quantitative methods. If we see twice as many physical access attempts per year, how much financial risk does that present? If we don’t mitigate the CVE vulnerabilities in our system, how much risk do they present? If I move ahead with my 3-year cybersecurity roadmap, how much risk is reduced each year?

Takeaway

Operations technology (OT) cyber risk can be estimated as a potential financial loss value with probabilities.
Physical risk can also be financially quantified.
Both cyber and physical risk to the datacenter security can be harmonized and shown beside each other, instead of the traditional silo.