G 0.3 — Water · Cenedril Wiki

A leaking joint in a water pipe, hidden behind a suspended ceiling on the first floor. For weeks it drips unnoticed. Then the joint breaks open completely — and within minutes the electrical distributor below is submerged. Power and water supply to the entire building wing must be shut off. IT operations stand still for three days.

Water is one of the most insidious physical threats to IT infrastructure. The BSI lists the threat as G 0.3 in the IT-Grundschutz catalogue. In contrast to fire (which is noticed quickly) water can seep in gradually and cause damage undetected over hours or days.

What’s behind it?

Uncontrolled water ingress into buildings or rooms endangers IT components through several mechanisms: short circuits, mechanical damage, corrosion and destruction of storage media. The cause of damage need not be spectacular — a faulty valve or a leaking pipe joint is entirely sufficient.

Causes of water ingress

Defective water pipes — Burst pipes, leaking joints or corroded lines, especially in older buildings. Pipes hidden behind cladding are often noticed only once the damage has occurred.
Heating and air-conditioning systems — Leaking radiators, defective condensate drains of AC units, or clogged drain hoses.
Sprinkler systems — False activations or leaking sprinkler heads. In server rooms with conventional wet sprinklers, a false activation can be more devastating than the fire it is meant to suppress.
Extinguishing water — Water used for firefighting flows through cable ducts and raised floors into rooms below (interaction with G 0.1).
Frost — Standing water in pipes freezes in sustained cold, expands and bursts the line. Existing thermal insulation is overcome by prolonged cold.
Sabotage — Deliberately opening taps and clogging drains requires neither technical know-how nor tools and can cause considerable damage.

Basement rooms are the worst possible location for critical IT infrastructure. Groundwater, sewer backflow and surface water collect there first. Yet in many buildings the main distributors for power, telephone and data sit exactly there — often without automatic drainage.

Practical examples

Water pipe behind suspended ceiling. A cold-water pipe runs below the structural ceiling of a server room, hidden behind plasterboard cladding. A joint starts leaking. The escaping water collects inside the cladding and only bursts out once half a cubic metre has pooled. It falls directly onto the electrical distributor mounted below and causes a short circuit. Power and water supply to the affected part of the building must be shut off entirely.

Frost damage in the shoulder season. A company houses its IT in an older building. In a rarely used side room a heating pipe runs through an uninsulated area near the outer wall. During a cold snap in spring the pipe bursts and the escaping water runs into the network room below. Several switches and a patch panel are destroyed.

Sabotage by clogging drains. On his last day, a dismissed employee clogs the drains in the tea kitchen on the floor above the server room and leaves the tap running. The overflowing water seeps through the floor and drips onto the servers below. The damage is only discovered the next morning when three servers no longer start.

Relevant controls

The following ISO 27001 controls mitigate this threat. (You’ll find the complete list of 5 mapped controls below in the section ‘ISO 27001 Controls Covering This Threat’.)

Prevention:

A.7.5 — Protecting against physical and environmental threats: Structural and technical measures against water ingress, pipe routing and drainage.
A.7.1 — Physical security perimeters: Security zones with defined protection requirements that include water protection.
A.7.11 — Supporting utilities: Monitoring and maintenance of pipes and building systems.

Detection:

A.7.4 — Physical security monitoring: Leak sensors and water detectors as part of physical monitoring.

Response:

A.8.14 — Redundancy of information processing facilities: Geo-redundant systems secure availability when a site fails due to water damage.

BSI IT-Grundschutz

G 0.3 is linked in the BSI IT-Grundschutz catalogue to the following modules:

INF.1 (General building) — Requirements for water protection, pipe routing and drainage in buildings.
INF.2 (Data centre and server room) — Extended protection requirements against water ingress, including leak detection and drainage systems.
INF.5 (Room and cabinet for technical infrastructure) — Water protection for technical rooms and distribution cabinets.
INF.6 (Media archive) — Protection of archived storage media from moisture.

Sources

BSI: The State of IT Security in Germany — Annual report with current threat statistics
BSI IT-Grundschutz: Elementary Threats, G 0.3 — Original description of the elementary threat
ISO/IEC 27002:2022 Section 7.5 — Implementation guidance on protection against physical and environmental threats

Frequently asked questions

Why are main IT distributors so often located in the basement?

It grew historically: cable entry into the building is usually underground, and central distributors were placed where the cables arrive. From a water-risk perspective the basement is the worst possible location. Moving critical distributors to higher floors is laborious, but strongly recommended for new builds and renovations.

Which water detectors are suitable for server rooms?

Leak sensors (spot or rope sensors) detect water on the floor and raise an alarm. Rope sensors along walls and under raised floors cover large areas. The alert should be connected to the building management system or to a location staffed 24/7.

Are sprinkler systems sensible in server rooms?

Conventional wet sprinklers can cause more damage in server rooms than the fire itself. Gaseous extinguishing systems or pre-action sprinklers — where water only enters the pipework after two independent trigger signals — are more suitable for IT rooms.