Across small and medium businesses, millions of small (5 kVA and below) uninterruptible power supplies (UPS) are hooked up directly to key servers that help to run and operate the business. These UPSs provide valuable services such as a source of power backup should utility power be cut off due to electrical storms or other unanticipated power supply interruptions. The batteries inside the UPS afford the systems administrators a window of extended runtime to ensure a proper, safe shutdown, without loss of data. In some cases, the UPS will serve as a power bridge during the time it takes for a backup diesel power generator to kick in. A UPS system also filters out common electrical anomalies like power swells and sags that can freeze up servers and network connections.
As an example, PowerChute Business Edition from APC by Schneider Electric is an advanced UPS management software solution that is included with all APC Smart-UPS sized at 5 kVA and below. The software provides graceful remote shutdown and restart of servers during times of prolonged power outages when valuable data is at risk. Systems administrators find these capabilities useful for servers in remote locations. As a result, systems operators don’t need to drive to their workplace in the middle of the night in order to gracefully shut down or reboot servers.
This software also monitors power characteristics such as power usage and the energy efficiency of the power consumption. As the software supports the SNMP v1 and SNMP v3 protocol, customers can use their own network management system to centrally monitor an unlimited number of PowerChute Business Edition Agents.
The advantages of the UPS management software are clear; but from a cybersecurity perspective how safe are they? Does the software unintentionally provide a “back door” point of entry for potential hackers?
Determining the cyber threat resilience of your UPS management software
Below are some key questions systems administrators should ask their UPS suppliers regarding the security of their UPS management software.
- Who is the manufacturer of the software and how much do they invest in making sure their products are cyber secure? Leading vendors with reputations for high quality products should always incorporate cybersecurity best practices in their software development cycle. Companies like Microsoft and APC subject all their products to rigorous Secure Development Lifecycle (SDL) security testing. Products that undergo SDL have been coded, pretested, verified and validated utilizing industry leading cybersecurity testing methods and are better protected from malicious cyberattacks.