Sunday, December 27, 2020




Cyber Attack by the Chinese

Chinese Military Cyber Warfare Units:

People's Liberation Army (PLA) Unit 61398 (also known as APT 1, Comment Crew, Comment Panda, GIF89a, and Byzantine Candor)

How China's cyber command is being built to supersede its U.S. military counterpart   
As U.S. leaders contemplate a proper definition for “cyberwar,” their counterparts in China have been building a unit capable of fighting such a large-scale conflict. 

China’s rival to U.S. Cyber Command, the ambiguously named Strategic Support Force (SSF), is quietly growing at a time when the country’s sizable military is striving to excel in the digital domain. 

Though the American government is widely considered to be one of the premier hacking powers — alongside Israel, Germany, Russia and the United Kingdom — China is rapidly catching up by following a drastically different model. 

The SSF uniquely conducts several different missions simultaneously that in the U.S. would be happening at the National Security Agency, Army, Air Force, Department of Homeland Security, NASA, State Department and Cyber Command, among others. 

If you combined all of those government entities and added companies like Intel, Boeing and Google to the mix, then you would come close to how the SSF is built to operate. 

Examining the development of the SSF in relation to Cyber Command provides a view of how two of the world’s most influential countries see the future of conflict. The U.S. agency is a similarly nascent organization but with a more narrow focus and three definitive missions: to protect Defense Department networks, to launch computer network attacks in support of combatant commanders and to “ensure US/Allied freedom of action in cyberspace.” Cyber Command has yet to be elevated to a unified combatant command and as a result, remains tied at the hip to the NSA. 

After two years in development, China’s SSF is now positioned to surpass its U.S. counterpart in capabilities — a position that seemed unattainable a decade ago.  Source

And this is when things get ugly.

Better to blame AQW than the Chinese....

Could a UPS actually be vulnerable to a cyber attack or other network based exploit? 

The unfortunate answer is; absolutely. In this current era of interconnectivity, where every critical mechanical and electrical infrastructure component is communications enabled, a UPS is simply another networked device. If a hacker gets into your network, the SNMP communication card in your UPS can potentially be used as a beachhead to launch attacks on other networked devices and even allow the hacker to gain control over critical electrical systems. Source

The Chinese would have to attack the Battery Room ventilation by shutting it down thus causing the Hydrogen Explosion

Uninterruptible Power Source (UPS) Battery Room 

Avoiding Hydrogen Explosions with Battery Room Ventilation 

Hydrogen when mixed with oxygen, is a highly explosive substance that is odourless, colourless and lighter than air. Where effective ventilation is not in place, a build-up can occur. In extreme circumstances there have been cases of battery room explosions as a result of ineffective battery room ventilation. 

Everyone knows the function of a battery; to store electricity in the form of chemical energy and to convert to electrical energy when required. Vented lead acid batteries or flooded batteries, as they are also commonly known, consist of plates that are flooded in an acid electrolyte. When charging, the electrolyte emits hydrogen through the vents in the battery. Under normal operations, the release of hydrogen is relatively small, but this is elevated during heavy recharge periods. 

Hydrogen when mixed with oxygen, is a highly explosive substance that is odourless, colourless and lighter than air. The lightweight element accumulates above the oxygen, and where effective ventilation is not in place, a build-up can occur. In extreme circumstances there have been cases of battery room explosions as a result of ineffective battery room ventilation. A small smoulder can create a huge explosion when hydrogen is in the presence of oxygen, and besides this, hydrogen is hazardous to health, causing skin burns and eye issues. 

Dismissing a critical safety issue is clearly not responsible, system integrators in commercial, industrial and dockyard applications need to identify the risks and design a system to protect in a fail-safe way. This also includes protecting personal with protective workwear. 

The likelihood of an explosion occurring depends on the number of batteries, the charge rate, the size of the room and the ventilation available. Legislation advises the number of air changes per hour, for example IS:1332 Battery Rooms advises 12 air changes per hour, or suggest that hydrogen concentration levels are kept below 1% to avoid the risk of explosion. 

The National Fire Protection Association lists the explosive concentration level, or Lower Explosive Level (LEL) of hydrogen as 4%, so the legislation stipulating a maximum level below 1% encourages the safe implementation of ventilation systems to avoid explosions far below the stipulated 4% explosive level. 

If the level of hydrogen in a battery room exceeds 1% after one hour of charging, mechanical ventilation using exhaust fans is recommended. This should also be a compulsory requirement even if the concentration is not expected to reach 1%, due to uncertainties in building geographies, high points or inadequate and blocked openings for natural ventilation. 

Ventilation should ideally be placed at both high points (for the exhaust of hydrogen that accumulates above the oxygen), and low points within the battery room to encourage forced ventilation out of the room. There should be no air recirculation under any circumstances as this encourages the mix of the two gases, and where possible, on a separate ventilation system than the rest of the building. Corrosion resistant fans with ATEX non sparking components, ideally roof mounted to exhaust upward and out, are the ideal solution. If this is not possible, ATEX wall mounted axial fans with back draught dampers, to avoid the return of hazardous substances, can be used. 

For more information, or to discuss the use of industrial fans for battery room ventilation, or any other air movement application, contact Axair Fans on 01782 349 430. Source

ATT Building On Right

Battery Room Explosion:

A hydrogen explosion occurred in an Uninterruptible Power Source (UPS) battery room. The explosion blew a 400 ft2 hole in the roof, collapsed numerous walls and ceilings throughout the building, and significantly damaged a large portion of the 50,000 ft2 building. Fortunately, the computer/data center was vacant at the time and there were no injuries. The facility was formerly a large computer/data center with a battery room and emergency generators. The company vacated the building and moved out the computer equipment; however the battery back-up system was left behind. The ventilation for the battery room appeared to be tied into a hydrogen monitoring system. The hydrogen sensor was in alarm upon emergency responders arriving at the scene (post-explosion). 911 callers reporting the explosion also reported hearing an alarm for 3 days prior to the explosion. This appears to have been a local alarm, as it was not relayed at any time to the local fire department. Given how slowly batteries generate H2 (1.3x10-7m/s per amp-cell), it appears as though batteries were charging for a long period of time with no ventilation. Apparently the detector was alarming, and hydrogen continued to build up until it found an ignition source. Due to the damage and actions of emergency responders shutting off all circuit breakers, etc., it could not be verified whether the ventilation system failed, or was previously turned off when the building was vacated. Onsite personnel assumed that the ignition occurred at or near a grounding strap on the battery racks, but in a room full of batteries and electrical equipment, ignition sources are plentiful.

Lessons Learned

The lesson to pass on is that ventilation is critical in UPS battery rooms. Great care should be taken to ensure that the ventilation system is operational and brings in enough outdoor air to properly ventilate the enclosure. Electrical safety interlocks should also be considered, which would isolate the batteries from their power supply, not allowing the batteries to charge if the ventilation system isn't working properly. It is imperative that the battery room designers pay close attention to the design of ventilation systems and electrical safety interlocks. There are lots of good (and bad) ways to design and install battery rooms and critical ventilation systems. If designers do not have experience designing UPS battery rooms, experienced consultants should be contacted to ensure a safe and effective design. In addition, internal management procedures need to be developed which analyze operation of such systems. As in this case, the entire data center was removed and the UPS system was no longer needed. The UPS system should have been decommissioned when the data center was removed. A good management-of-change procedure would have uncovered this problem before it became an incident. More information on management of change can be found in the Lessons Learned Corner and also in the Hydrogen Safety Best Practices Manual.

No comments:

Post a Comment