The devastating potential posed by solar flares, coronal mass ejections, and other space weather are well publicized. These storms have been known to snipe satellites and disrupt power grids, but the risk to datacenters isn't as well understood.
But according to a recent report published by Uptime Institute, there's no reason to think datacenters are any less susceptible to space weather, let alone terrestrial sources of electromagnetic pulse (EMP) events.
Compared to nukes or junkyard bombs, solar storms are some of the more likely, if easier to mitigate. So let's breakdown the risk each poses to your datacenter infrastructure, and what you can do to safeguard against them.
Probability: unpredictable | Impact: low
Geomagnetic storms are a relatively common occurrence, but thanks to the Earth's relatively thick atmosphere, an ample electromagnetic field, and some luck, the negative effects of this space weather are usually minor. A pretty light show for those at high-enough latitudes is usually all they amount to, but that's not always the case.
In a recent blog post, Uptime Institute analyst Jacqueline Davis wrote that solar storms with a rating of G3 might require grid operators to make voltage corrections, while those with a G5 rating are extreme enough to destroy high-voltage transformers.
One of the most famous and powerful solar storms ever recorded is the 1859 Carrington event, which burnt out telegraph systems across Europe and the US and reportedly set fire to some buildings. Another more recent event occurred in March 1989, when a solar storm knocked Hydro-Québec's transmission lines offline for more than nine hours.
The good news is G5-class solar storms aren't that common, occurring roughly every 25 years or so, Davis' research found. The bad news is a solar storm doesn't have to knock out the power grid to give datacenter operators a headache. Smaller storms can cause disruptions to power quality, such as the introduction of harmonic distortion, which can overwhelm and even damage datacenter power-management equipment.
"Most datacenter uninterruptible power supply (UPS) systems are designed to accommodate some harmonics and protect downstream equipment, but geomagnetic EMP events can overwhelm these built-in protections," Davis wrote.
Solar storms can usually be spotted hours or even days before they reach Earth. As such, Uptime recommends that datacenter operators consider increasing onsite fuel stores and run on backup power during periods of intense solar activity to isolate the facility from the local grid.
However, in the case of a Carrington-class event, Uptime notes that power outages are likely to outlast operators' fuel supplies. As a result, Uptime emphasizes the importance of deploying workloads across multiple regions and to store protected copies of critical data or infrastructure offline to speed recovery.
While unpredictable, Geomagnetic storms are a bigger risk to the utilities and services that datacenters rely on than they are to the underlying infrastructure or data within. Unfortunately, of the datacenter operators Davis spoke with for the report, only one had conducted an EMP risk assessment and none had implemented protections.
"Best practice in EMP protection is not well established in the datacenter industry yet, but a periodic risk assessment will enable operators to incorporate updated information and guidelines as they become available," the report reads.
Probability: low | Impact: moderate
According to Uptime Institute, even the most powerful solar flares pale in comparison to man-made EMPs, which can not only disrupt local power, but fry integrated circuits or corrupt data at close enough range.
Called intentional electromagnetic interference (IEMI) weapons, these devices can be as small as a suitcase and have ranges in the hundreds to thousands of feet.
"This type of attack is plausible, but inherently unpredictable," the report read. "A single datacenter outage can cost millions of dollars and is a sufficient incentive for sabotage or blackmail."
Making matters worse, Uptime reports that creating such a device isn't inherently difficult or cost prohibitive. "An attacker without specialized training can assemble a portable electromagnetic interference device such as a high-power microwave generator that fits on a truck, or even in a suitcase," the report found. Uptime adds that blueprints for these kinds of devices are widely available on the internet.
Despite their destructive potential, Uptime has found little to no evidence of EMP attacks on datacenters. Analysts did find evidence of EMP attacks, however they targeted public systems that lacked the physical security found in most datacenters.
Physical security remains one of the best ways to guard against a nutjob with a junkyard EMP. Simply by preventing vehicles or persons from getting too close to the facility might be enough to mitigate the threat.
For highly sensitive workloads, datacenter operators can also deploy shielding in the form of a Faraday cage. "Datacenter operators can deploy a Faraday cage around all —or some — of the facility to protect the most critical equipment. Shielded server racks are available, or operators can construct a shielded room or a fully-shielded facility," the report reads.
Uptime also notes the existence of EMP detectors, which can be used in conjunction with shielding to automatically seal off sensitive areas.
High-altitude nuclear detonation
Probability: unlikely | Impact: high
IEMIs are hardly the most sinister form of EMP weapon. That title unequivocally goes to high-altitude electromagnetic pulse devices — essentially just a nuke detonated high above the Earth's surface.
Such an explosion would shower large populations in intense and sustained pulses of electromagnetic interference. According to Uptime, these pulses would be strong enough to corrupt data or damage integrated circuits.
While there is no recent data on the subject for obvious reasons — atmospheric testing of nuclear weapons has been banned since 1963 — Uptime looked to the US Atomic Energy Commission's Starfish Prime nuclear tests for clues.
The tests involved the intentional detonation of a 1.4 megaton nuclear warhead at about 250 miles above the Earth's surface, which showered a substantial portion of the population in a series of strong electromagnetic pulses. "Simulations predict disruption and damage to equipment over thousands of miles," the report read.
The electromagnetic radiation left behind from the blast was eventually blamed for the early failure of between seven and 11 satellites — including Bell Labs Telstar 1 — according to NASA.
Despite this, Uptime considers high-altitude nuclear EMPs an implausible threat to datacenters. Similar to an IEMI, local shielding could protect datacenter infrastructure against a nuclear EMP, but the damage to the surrounding electrical grid, utilities, and customer infrastructure would render this moot. And that's not to mention the swift and severe retaliatory response such an attack would invite.
Similarly, low-altitude nuclear detonations are equally impractical, according to Uptime. While it would result in an extremely strong, albeit localized, EMP, the effect would be secondary to the physical destruction of the warhead itself. ®