Attacking supercomputers through targeted alteration of environmental control: A data driven case study

In this paper, we show that a malicious user can attack a large computing infrastructure by compromising the environmental control systems in the facilities that host the compute nodes. Such violations cannot be easily recognized by the administrators who manage the cluster, because of limited observation of the events in the cyber-physical systems. We describe real cases of failures due to problems in the cooling system of Blue Waters, the petascale supercomputer of the University of Illinois at Urbana-Champaign. Blue Waters has cooling cabinets that use chilled water provided by the National Petascale Computing Facility (NPCF). We demonstrate, using real data, that the control systems that provide chilled water can be used as entry points by an attacker to indirectly compromise the computing functionality through the orchestration of clever alterations of sensing and control devices. In this way, the attacker does not leave any trace of his or her malicious activity on the nodes of the cluster. Failures of the cooling systems can trigger unrecoverable failure modes that can be recovered only after service interruption and manual intervention.