IT Energy Security – Electric Power makes Cyber go around

René Pfeiffer/ April 1, 2022/ Conference

 An electric arc,arc lamp provided one of the first commercial uses for electricity. Source: https://commons.wikimedia.org/wiki/File:High_voltage_electric_arc.jpgThis is not a typical 1 April posting. We have stopped the habit of writing satirical articles, because the actual news stories are better than any comedy these days.  Instead of having a laugh, let’s look at the core of information technology – electrical power.

The energy prices have been rising for a while now. Russia’s invasion of Ukraine has put Europe’s supply of fossil fuels into the spotlight, because it is used to force political decisions. Using renewable energy sources could have been sped up twenty years ago. It hasn’t. Now the price for electrical power is rising. Information technology relies on electrical power. Computers, servers, networks, smartphones, and display devices can’t do without. The same goes for information security. Adding countermeasures to defend your digital assets and to introduce secure coding requires more effort, which means more energy consumption. Usenet veterans remember TANSTAAFL.

The 1990s saw the first standards of Green IT emerging. Monitors using cathode ray tubes greeted you with the Energy Star logo to tell you they intended to use less power. Processors, memory, and peripherals took some time to establish power saving features. The smartphone boom did a lot to boost the research on power saving, because of battery use. Desktops usually care a lot less, because they have no battery. For our own hardware, we are constantly looking for devices that have passive cooling. It is a sign of reduced power consumption. This is the hardware part. Creating power efficient software is more challenging.

Secure coding and encryption costs you extra code, extra time, and extra energy. If you want to reduce your power consumption, then you have to tinker with your IT architecture. Cloud platforms have switched to a different processor architecture in order to save energy. Defence in depth might also help. Depending on your workload or network traffic, a series of filters with increasing complexity can save power. Try to get rid of the obvious packets and problems as early as possible. Then deal with the rest, which is hopefully smaller or easier to handle. You can also rephrase power saving to performance analysis. Refactoring code often yields applications that do the same work in less time and with fewer resources.

Information security has a lot of connections to other fields of IT (and outside thereof). Power consumption is a problem that will stay. Resources are not as endless as they seemed in the 1980s. Moore’s Law only considers transistors, not power or cooling. When planning IT security measures, please try to look for power efficient solutions. Using less power for the same tasks is good practice. Plus, it reduces your attack surface, because your providers are less dependent on geopolitically problematic sources of energy.

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.