Hello OCP Community!
We would like to announce the creation of the Data Center Facilities Operation Technology Security Sub-Project or DCF-OTS through the Open Compute Project (OCP). The Industrial Control Systems (ICS) that run our data centers are frequently designed with availability as the focus rather than mitigation of security risk or vulnerability. This has presented a unique security challenge across multiple industries from manufacturing to datacenters. We find this type of equipment is often lacking security fundamentals. Security fundamentals such as modern communication, authentication and authorization mechanisms that we would expect in critical equipment attached to a network are often missing.
This Sub-Project will be led by Joey Arato (Facebook) and Jon Littel (Google).
Project Scope and Goals
Security issues with this type of equipment are not unique to data centers but are present in multiple industries such as manufacturing and energy. By combining efforts across multiple organizations and industries we can begin to drive a marked increase in the security of these systems and environments. The project's scope is focused on communications, authentication, monitoring and management. To start we are focusing on what a baseline physical security standard would look like for a data center, what types of communications standards and protocols would best enable secure comms of this equipment and how we best monitor it for security issues.
We will be initiating 3 different workstreams:
Construction Security - led by Marcello Campos (Roxtec)
Monitoring and Logging - led by Eehern Wong (Google)
Communications - led by Steve Scott (Facebook)
Call to Action