Conferences for Emerging Markets and Technologies

Data Centers Confront Rising Threat: When Physical Controls Become Cyber Targets

As the Asia-Pacific region pours hundreds of billions into next-generation digital infrastructure, vulnerabilities in building systems like HVAC and badge access are emerging as critical cybersecurity blind spots.

3 hours ago 2 min read

When AI-powered attackers target HVAC, badge readers, and surveillance systems, your BMS becomes your weakest link.

In the Asia-Pacific’s booming data center scene, a new risk frontier is emerging: physical infrastructure being exploited as a cyberattack vector.

Rapid Growth Meets Hidden Flaws

The region is on track for $564 billion in data center investment by 2028, with capacity expected to more than double at nearly a 20% CAGR according to Moody’s Ratings. But as capital pours in, so do vulnerabilities – especially in Building Management Systems (BMS) like HVAC, power, badge readers, and surveillance controls.

The Overlooked Entry Point

OT systems weren’t built with cybersecurity in mind. Experts emphasize that the old concept of isolating these systems – an “air gap” – no longer holds. Dragos, a leading OT security firm, states: “We have never found an organization that is truly air gapped.” Most successful OT attacks leverage intermittent IT-OT connections.

Real-World Vulnerabilities

The infamous 2013 Target breach began with stolen credentials from a third-party HVAC vendor, demonstrating how physical systems can grant deep network access.

More recently, in June 2024, Indonesia’s Temporary National Data Centre was hit by Brain Cipher ransomware (a LockBit 3.0 variant), disrupting immigration systems and hundreds of services. The attackers demanded ~US$8 million ransom.

Financial Stakes Are High

IBM’s 2024 Cost of a Data Breach Report pins the average global breach cost at US$4.88 million, a 10% rise, driven mostly by business disruption. Industrial sector breaches average even higher – US$5.56 million. While OT-specific costs aren’t public, extrapolated losses from building-system breaches can run into the millions per incident.

Reputational & Contractual Fallout

Analysts warn that physical security lapses can lead to immediate client churn, especially where financial or government clients are involved. This directly impacts recurring revenue and investor confidence. Institutional investors are increasingly evaluating these risks during due diligence.

Zero Trust for OT – Not Optional

Security leaders are shifting toward Zero Trust models that include OT systems – a concept endorsed by U.S. federal bodies such as NSTAC and CISA. Core controls include:

Micro segmentation of OT networks
Continuous multi-factor authentication for devices and vendors
AI-enabled anomaly detection
Unified IT/OT security teams and incident response

The Asia Pacific’s fast-growing data infrastructure demands resilience at every layer, up to the physical controls that run the servers. The cost of ignoring these vulnerabilities is no longer speculative – it’s real, measurable, and increasingly visible.