Tag: physical security

Can solar power be used to increase our cyber security?

June 24, 2021 /

We have a pretty big problem with our technology power consumption. On average, a server uses between 400 Wh and 900 Wh. By official sources, different vendors sold almost 100 million units for the period between 2010 and 2020. And ten years is the average lifecycle for a server. So, at the moment, we can calculate that to have running just the server part of the Internet, we must generate 50 GWh. And most of this power is coming from traditional power sources, which can be a target of a cyber attack, as we saw from the Colonial Pipe case.

According to another official source, the Internet has around 5 billion daily active users. On average, every user will have at least one personal computer and a smartphone. For every four people, we have one network router. For every twenty users, we will have a network switch provided by their service provider. 

An average consumption per hour for a personal computer is around 200 Wh, for a smartphone is 1 Wh, for network switch and routers are 10 Wh. Now, this makes an additional 1000 GWh + 5 GWh + 100 GWh. Servers, network equipment, and smartphones work 24 hours, and users usually browse around for 6 hours on average, making a total of 9720 GWd or 405 GWh.

So the average consumption of the Internet is around 405 GWh. Just for comparison – one nuclear power plant can produce 1 GWh. So we need the equivalent of 405 nuclear power plants to keep everyone online.

On the diagram, you can see a standard solar-powered security system. The solar panel is sending data to the charge controller, which decides whether to charge the battery or not. The inverter chooses whether to use solar power or the standard grid and finally, the security system is powered.

There are two leading solar solutions for commercial use at the moment. The first option is the standard solar panel. The average production of such solar panels is 320 Wh. To cover the needs of the Internet using only solar panels, we shall need 1.3 billion of these solar panels placed around the World. The second option is solar power towers. The main idea of solar power towers is to establish many digitally controlled mirrors, reflecting its rays into a tower full of salt depending on the Sun location. When the salt is molted, it is combined with water, evaporating to a turbine. The most significant such installation is Ivanpah Solar Power Facility, with a production capacity of 392 MWh. To cover the needs of the Internet, we shall need around 1,000 such structures. 

However, to build a solar-based solution, we must consider the following problem: there are only around 12 hours of daylight in most locations. There are two mitigations of this problem – the first is to double the number of installations and make sure they cover the 24 hours interval for everyone by strategical placement. The second is to double the number of structures and install batteries to preserve the generated energy for night use. 

Our first mitigation creates an interesting geopolitical situation with a large number of dependencies. For the second mitigation, let’s calculate how many batteries we need to preserve the energy for night use. 405 GWh multiplied by 12 hours make around 5000 GWn. A standard Tesla Powerwall unit can store 13.5 kWh. We shall need approximately 370 million units to preserve the energy during the night.

In conclusion, solar power can be an exciting alternative to traditional power sources. In terms of cybersecurity, it could make your network and even alarm system not so dependent on power coming from the grid. The standard way of having a backup is to have a petrol-based generator unit. However, you must fill a generator with petrol, which means that the system is not 100% independent. It is essential to know that the solar power alternative can give an extended backup period, but it will come with a higher price, more complex setup, more expensive support, etc. However, it can offer quite a good way of making your security more robust.

Legend:

Wh – Watts per hour

kWh – Kilowatts per hour = 1000 Wh

mWh – Megawatts per hour = 1000000 Wh

GWh – Gigawattas per hour = 1000000000 Wh

GWd – Gigawattas per day

GWn – Gigawattas per night

Cybersecurity tactics for small teams – Physical Security – part 2

June 1, 2021 /

Please check the previous part – here.

The same concerns as to real estate apply to all vehicle-related threats. Hackers can use your vehicle to track your activities and to decide when to execute an attack towards you. As a final list of perils, I would like to mention the dangers related to garbage. Most people do not consider their garbage as a cybersecurity threat. However, the truth is – this is usually the best source of intel for a given hacker organization. Let me list the different threats your garbage generates, and after that, we can create a simple budget of how to keep your and your devices secure:

  • Paper: Every paper document with personal data, addresses, or buying preferences leads to information leaks, which any hacker group can use to penetrate your defenses. A paper retention policy is a must for every organization these days.
  • Hard Drives: Techniques for data forensics become more and more advanced. Hackers can use these techniques to retrieve data from hard drives and SSD drives found in the garbage. It is better to treat your Hard and SSD drives as paper documents and not resell or throw them away.
  • Mobile Phones: Modern mobile phones are computers. Deleting data from them is pretty tricky. To keep your organization safe, you must treat them similarly to paper documents and hard drives. 
  • Electronic Devices: Every smart device in your home and office is a low-level mini-computer that stores and records data. Hackers can read the storage chips of these devices with proper machinery. They can use the data stored there for malicious activities.
You can see a diagram showing how a small organization or even a freelancer handles their priorities in terms of cybersecurity. Everything starts with the digital garbage and its retention policy.

You can notice that the number of attack vectors to your persona is quite significant. And we are only in the physical security realm, without mentioning any digital space. As promised at the beginning of the article, I shall present a simple list of tools and activities, together with a budget. Using them, you can set up your cyber defenses on a limited budget:

  • Hardware toolkit (100$): This toolkit will give you the availability to disassemble all of your electronic devices and destroy them. If you have better knowledge of electronics, you can cut the power of your laptop microphone and camera. 
  • Paper Shredder (50$): A shredding machine can destroy paper documents, credit cards, and everything which looks like a paper-sized card. Still, cutting through the papers is just a first step, but not enough.
  • Camping Gear (50$): There is no better way of document destruction than burning them. With camping gear, you can go to the woods, have a barbecue, and meanwhile destroy all of your not-needed documents.
  • Safe (500$): Paper is the ultimate data storage. With proper care, it can survive over 100 years or more. Still, you must keep the paper somewhere, and there is no better place than a safe. For this money, you can get a safe the size of a standard desktop drawer unit. It is more than enough to store all of your documents.
  • Home And Vehicle Security Systems (4000$): Still using security systems without a network system can be pretty advantageous for you. An isolated security system can send you SMS messages when an event happens. Sure it is a little bit more expensive, but the only way of disabling such systems is by bringing a Faraday cage.

With a total budget of around 4700$, we achieved a pretty good level of security. Still, a determined attacker can penetrate this setup, but it will take him more time and resources. To break a safe, you should cut through it. And this generates sound. Sound is terrible for attackers, and it can alert neighbors.

In conclusion, just one more piece of advice. When you choose electronic devices (including a car) for your home, please research how smart the device is. The more intelligent it is, the more prone it is to hacking. Devices without Internet access are the best because the chance of hacking is relatively low or nearly zero.

Next part – here.

Photo of my last garbage destruction event. You can see the old paper documents burned.