Data Center Links: October 27, 2017

Here are some (mostly) recent things I found interesting:

• NVIDIA and Amazon Simplify Machine Learning.  Amazon and NVIDIA announced new Machine Learning software stacks in the NVIDIA GPU Cloud (NGC), and a new 8 Volta GPU EC2 instance. 

• IBM's Blockchain solution for global payments.  IBM announced a new blockchain banking solution that will, with partners Stellar.org and KlickEx Group improve the speed in which banks both clear and settle payment transactions on a single network in near real time. IBM says the solution is run from the IBM Blockchain Platform on Hyperledger Fabric and that they will continue to advance the solution with the goal of expanding capabilities in order to support central bank-issued digital currencies, securities, bonds and structured financial assets.

• Arm launches security framework IoT at scale. At the annual Arm TechCon conference this year Arm introduced a common industry framework for building secure connected devices, called Platform Security Architecture (PSA). The company said PSA will deliver representative IoT threat models and security analyses, hardware and firmware architecture specs, and a reference open source implementation of the firmware specification called Trusted Firmware-M.

• Cisco acquires Perspica. Cisco announced that it is acquiring machine learning-driven operations analytics firm Perspica for an undisclosed amount. Cisco will fold the company staff into AppDynamics, which it purchased earlier in the year for $3.7 billion. 

• Intel doubles down with $60M on startups. At its annual conference Intel Capital revealed 19 new investments in startups, totaling more than $60 million. Intel Capital's Wendell Brooks focused on the data explosion, noting that "by 2020, every autonomous vehicle on the road will create 4TB of data per day. A million self-driving cars will create the same amount of data every day as 3 billion people.  Company investments in startups were from all over the world and included such companies as Trace, Bossa Nova Robotics, Horizon Robotics, Echo Pixel, TileDB, LeapMind and AdHawk Microsystems.

• U.S. warns about attacks on energy, industrial firms.  This seems almost like a template announcement... that has happened, and will probably keep happening.  The U.S. government issued a public warning last week that hackers are targeting energy and industrial firms. Homeland Security warned that nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

Bonus item:  Here is a Really cool drone video - from Rotor Visual

Server Fires and Data Loss

There are just certain things in IT or the data center industry you don't want to hear - and fire and 'data loss' are two of them. There were a couple of lessons learned from fire and data loss stories recently and I post them here for just that reason - to learn from them.

The University of North Carolina Greensboro had one heck of a Friday last week. In a little under two hours they experienced two fires in the McNutt data center. After the first fire they were unable to determine the cause and staff investigating a short while later witnessed a server burst into flames, starting the alerts and emergency procedures all over again.

The root cause of the events was traced to a single server that overheated and likely burned up a wiring harness first (which produced the first event) and then continued to run until it blew up its power supply (which produced the second event). This was a new server that was not under load, and we believe this was caused by a manufacturer’s defect.

See their site for complete details of the event.

Managed Healthcare services provider Health Net notified their insurer earlier this week that 9 server drives were "missing" from their data center in Rancho Cordova, California. A California Department of Managed Health Care (DMHC) statement later confirmed that nearly 845,000 Health Net customers in California were impacted by the breach.... and that they will be investigating it. A statement from Health Net said:

"After a forensic analysis, Health Net has determined that personal information of some former and current Health Net members, employees and health care providers is on the drives, and may include names, addresses, health information, Social Security numbers and/or financial information."

There are certainly many case studies to learn from involving data breaches and in my opinion it builds the case for following ITIL guidelines and making sure your data center provider or IT staff are acutely tuned to their processes and operational excellence. The Ponemon Institute released a report recently on the U.S Cost of a data breach and stated that the cost "reached $214 per compromised record and averaged $7.2 million per data breach event."

Then there is the Cloud and security and data protection. As Alton Brown says - that's another show.

However - this article from ShareFile.com CEO Jesse Lipson on Forbes is very nice and discusses how safe your data is in the cloud and some key questions to ask vendors to ensure protection.

Review of 2009 Smart Grid News

Smart Grid is a topic captured my attention late last year and I have been (loosely) following the topic ever since. A Google Insights graph shows that I am right in line with everyone else and that 2009 was a big year for smart grid. In April 2009 I started collecting a few links on smart grid and this past summer I had every intention on posting a few links out to the things I had been reading. Well, the year just got away from me and later in the year I decided to do this 2009 roundup of news, sites and various links of interest. I know there is much more than what I have listed here, but these are my bookmarks.

Security in the smart grid is of particular interest to me. I've been in IT long enough, and have read Christopher Hoff's blog long enough now that I know security aspects of this technology can NOT be underestimated. Earlier this month President Obama appointed a new Cybersecurity Coordinator, Howard Schmidt. Let's just say I bet/hope security aspects of smart grid technologies are on his short list. Below is my list of smart grid websites about companies, products, projects and government related information. After that I'll list my news bookmark collection as 2009 progressed.

Smart Grid Companies / web sites / projects / government

• NIST Smart Grid Interoperability Standards Project
  
• U.S. Dept. of Energy Office of Electricity delivery and energy reliability
  
• NationalGrid
  
• HowStuffWorks: How the smart grid will work
• GridWise Alliance
  
• Zigbee alliance: an association of companies working together to enable reliable, cost-effective, low-power, wirelessly networked, monitoring and control products based on an open global standard.
• EnerNOC: technology-enabled energy management solutions to help meet the needs of utility/grid operators.
  
• GridNet: Software intelligence to manage the smart grid
  
• ICE Energy: provider of distributed energy storage and smart grid solutions for optimizing energy system efficiency
• GE Ecomagination
  
• Cisco Smart Grid solutions
  
• Cisco EnergyWise
  
• IBM Smart Grid
  
• UtiliQ ranking of U.S. electrical utilities Analysis from IDC Energy Insights and Intelligent-Utility magazine
  
• SmartGrid stocks
  
• Smart Grid News
  
• SmartGrid - TMCNet portal
  

2009 time line of events and news about smart grids.
Interest in the topic peaked in April when the U.S. power grid being hacked was a big story, and then again in October when President Obama announced $3.4 billion in funds to enable the "largest single energy grid investment in U.S. history." I have a few news stories about the current power grid, but (to me) they are related to the smart grid.

• January 26: earth2tech FAQ: Smart Grid
  
• April 8 Cnet : Report: Spies hacked into US electricity grid
  
• April 9: U.S. Power Grid Hacked, Everyone Panic - Bruce Shneier
  
• April 9: Video - U.S. Power Grid Hacked
  
• April 9: CNN - Hacked power grid video on YouTube
  
• April 9: eWeek - Electric Power grid hack lights up cyber-security infrastructure experts
  
• April 16: White House: Vice President Biden Outlines Funding for Smart Grid Initiatives
• June 11: Government Computer News: DOE, NIST aim to secure smart grid
  
• July 12 Hacking Power : Feds Promise Smart Grid Security
  
• July 23: Science News: Electric grid still very vulnerable to electromagnetic weaponry
  
• July 28: IO Active - IOActive's Mike Davis to unveil smart grid research at Black Hat USA
  
• August 28: Cnet - Bill would give president emergency control of Internet
• September: InTech - Security, wireless standards on smart grid roadmap
  
• September 4: Defense contractors pursue the smart grid
  
• September 11: How to short-circuit the US power grid
  
• September 11: earth2tech - Utility interest in WiMAX for smart grid growing
  
• September 14: Computerworld - City 2.0: IT will make cities more engaging and energy-efficient
  
• September 16: ZDnet : IBM opens up systems framework for energy companies
  
• September 21-24 GridWeek
  
• September 24: Scientific American - How will the smart grid work?
  
• October 5: Business Week: The coming energy revolution
  
• October 21: Smart grid leads German revolution
  
• October 26: White House - President Obama explains the smart grid and economic recovery
  
• October 27: President Obama announces $3.4 Billion Investment to Spur Transition to Smart Energy Grid
• October 28: Here's where that smart grid money is going
• October 29: Network World : Q&A: Why IP is the right choice for Smart Grid
• October 29: Network World: Will smart grid power IPv6?
  
• November 7: Earth Times: Smart grid projects in 90 percent of U.S. states
  
• November 9: Data Center Knowledge: power grid hacking back in the news
  
• November 18-19 Green Beat 2009 conference on the smart grid
  
• November 20: Mother Nature Network: Smart technology may increase grid's vulnerability
  
• December 9: Renewable Energy Focus - GridWise alliance releases two smart grid reports.
  
• December 17: Smart Grid News: Report: Smart grid market could double in four years.
  
• December 18: U.S. Dept. of Energy - Secretary Chu announces efforts to strengthen US. electric transmission networks
  
• December 22: earth2tech: Top 10 trends for the smart grid in 2010, courtesy of Ray Bell.
  
• December 22: EE Times - Universities gear up for smart grid training
  
• December 25: The Hot Aisle - Want to understand the smart grid?
  

and in 2010....

• May 18,19, 2010: The Networked Grid
• 
  

Finally - my twitter list for SmartGrid

Monday Links

Just some quick links to things I found on the net today -- no time to comment; just things I found to be interesting.....

Check out the drawing in this IEEE Spectrum article. It looks like another approach to the Microsoft 4th Generation data center (outdoor container park)! The article is good also --- although it is kind of a summary of what has gone on the last 6-12 months....nothing new.

Power Grid Found Susceptible. I'm a big fan of SmartGrids, but like anything else they need to be EXTREMELY careful with this. Security firm IOActive is offering the security lesson....maybe a few rants from Christopher Hoff would help as well.

Just to show I'm not a complete Cisco fan-boy.... Force10 announced some big iron today. They unveiled a new line of switches and routers "designed to improve the performance, management and cost effectiveness of virtualized data center and cloud computing environments." Pretty cool stuff from an initial quick glance.

As many of you know, I blog from Iowa and simply can NOT escape the stupid stereotype about farmers. I've worked on a few IT projects in the past that were for, or benefited farmers, and so I thought this was interesting..... it's a map showing broadband in america -- percentage of farmers with high speed internet.

March 19 announcement from Rackable: "The CloudRack C2 servers can run at 104 degrees inside the data center, and they offload power supply to the rack to reduce energy wasted in converting AC electricity from the wall to DC electricity used by the box to 1 percent"

I'm usually on the same page as Om Malik.... but have to disagree with him on this one. He thinks Cisco should buy Sun, not IBM.

Social Engineering in the Data Center

I listened to a TWiT podcast recently with the one and only Kevin Mitnick.  If you don't know who Kevin is, follow this link and see his story -- he is a pretty amazing security expert who has been through a lot.  There was an interesting part in the story he was telling on TWiT about HID proximity card spoofing.  The spoofing has been around a while, but he makes it sound pretty easy.  Kevin is widely known for his social engineering.

Via a tweet from @ciscoDC tonight I also read a very interesting paper on data center security.  It covers the physical side of security for a data center and related social engineering that can go on.  I think so much effort is put into digital security and facility security, that the people and process side of the business get ignored.  This paper does a very good job of conveying the importance of people and processes.  

"A terrorist isn't likely to be walking in with guns blazing and take over the building, but rather play a game of invisibility and misdirection, taking advantage of the very nature of "good-willed" or ignorant individuals...these external tests can help identify these weak areas."

Check the paper out here.

Also along the process side of things -- check out an Uptime Institue paper on using ITIL to gain data center efficency.  

The Four Horseman of the Virtualization Security Apocalypse

I definitely need to get to the Black Hat conference next year. It was just a few weeks back in Vegas and it looked to have a ton of good sessions. One of my absolute favorite bloggers, Christofer Hoff, was nice enough to post the slides from his session on "The Four Horseman of the Virtualization Security Apocalypse". Although, as he points out, the slides are meant to go with his speaking, I went through all 176 slides and it was AWESOME!! I highly recommend anyone interested in virtualization, security....or otherwise take a minute to read through his presentation.

Check out his blog and the presentation PDF here.

Power Grid Vulnerability

Back in January there was some news surrounding the issues surrounding network vulnerabilities of the nations power grid operators. Pretty scary stuff considering the implications. According to a Network World article today, the Tennesee Valley Authority (TVA) apparently still doesn't get it. A GOA (Government Accountability Office) report laid out 73 recommendations for TVA to improve its security. The report and recommendations seem to apply across the board to electric companies; the focus on the TVA is probably just because they are the largest, serving an area with 8.7 million people.

Check out the article here.

Hacking the Power Grid

Here is one to keep any data center manager up at night. Speaking at a security conference, CIA analyst Tom Donahue gave information about attacks (regions outside the U.S.) where criminals hacked into systems and cut power to several cities. All attacks were intrusions via the Internet, and the goal was extortion.

On Thursday The Federal Energy Regulatory Commission (FERC) approved approved new standards to protect the nation's bulk power systems against cyber attacks. The eight new standards are:

• Critical Cyber Asset Identification
• Security Management Controls
• Personnel and Training
• Electronic Security Perimeters
• Physical Security of Critical Cyber Assets
• Systems Security Management
• Incident Reporting and Response Planning
  
• Recovery Plans for Critical Cyber Assets

In November 2007 President Bush asked congress to move $152 million into cybersecurity programs for 2008. Given what the CIA has known (presumably for some time), it's no surprise that investigation, new technologies and protection methods are crucial.

The PC World article quotes a conference attendee as saying that this "came as news" to many professionals in attendance. I'm no security expert, but come on.... this is nothing new. The U.S. has had any number of reports on potential infrastructure attacks and we have been pouring money into cybersecurity for many years -- the Clinton administration announced a $1.46 Billion initiative for cybersecurity in 1999, there was project Eligible Reciver in 1997, and countless others since then. Just last September there was a demonstration at the Idaho National Laboratory of the effects of a software vulnerability attack on infrastructure systems.

The power grid hacking is still pretty scary to think about though....and good reason for all of these alternative power sources to gain popularity.

Check out the PC World article here

Security in Ten Years

Just a quick link to an interesting post where security guru Bruce Schneier has a conversation with Marcus Ranum.

The conversation with appear in Information Security Magazine this month. While there is nothing earth-shattering in the conversation, it is a good read.

Check it out here
---------------------

Also check out the SANS Top 20 2007 Security Risks

Virtualization: I'm OK, You're OK

With all of the hype around virtualization, I couldn't resist another post. A few items I've found while surfing lately have really peaked my interest.

The first one is well over my head, but extremely cool. It's a year old, but I imagine some of the concepts still apply (or have been revised/improved/tweaked). It's called Hardware Virtualization Rootkits, from Dino A. Dai Zovi and can found here. If you are in to security at all, this guy does some insane research.

The second one I ran across was from a favorite blogger of mine - Christofer Hoff. It's a presentation on Virtualization and Network Security. It's an excellent mix of Virtualization concepts, vulnerabilities and solutions from his former company, Crossbeam. Check out the blog post here and presentation here.

The final is a presentation entitled The Virtualized Rootkit is Dead from Matasano, Symantec and RootLabs. It discusses HVM malware, virtualized malware detection and the Samsara framework. (Dino Dai Zovi is on the Matasono team)