Zum Hauptinhalt springen
CENEDRIL WIKI
DE
Elementary Threat · BSI IT-Grundschutz

G 0.8 — Failure or Disruption of the Power Supply

Updated on 4 min Reviewed by: Cenedril Editorial
A.7.5A.7.11A.7.12A.7.13A.8.1A.8.14 BSI IT-GrundschutzISO 27001ISO 27002

Ten milliseconds. That is all a power interruption needs to disrupt IT operations. A human would not notice such an outage — but for a server without UPS it is enough to crash mid-write. Databases in inconsistent state, lost transactions, damaged file systems — the consequences of a sub-second interruption can cost hours of recovery work.

Failure or disruption of the power supply is one of the most common infrastructure threats. The BSI lists it as elementary threat G 0.8.

What’s behind it?

Electricity is the fundamental precondition for nearly every IT component and for the entire building infrastructure. When the power supply fails, it is not only servers and networks that fail — air-conditioning systems, access control systems, lifts, fire alarm systems and even the water supply to higher floors are affected as well.

Types of disruption

  • Short interruptions (< 1 second) — The most common type of disruption, often triggered by switching operations in the supply grid. Sufficient to cause data loss or corruption on IT systems without UPS.
  • Longer outages (minutes to hours) — Caused by cable damage during excavation work, switching errors or grid overload. Without emergency power, all dependent systems and infrastructure are taken out of service.
  • Large-scale outages (hours to days) — Severe storms, grid instabilities or sabotage can affect entire regions. Emergency generators must then operate over longer periods, which requires fuel resupply.
  • Overvoltage — Lightning strikes, switching operations in the grid or faulty electrical installations can produce voltage spikes that damage or destroy electronic devices.
  • Undervoltage and frequency variations — Gradual quality defects in the power supply that cause malfunctions without an obvious cause.

Impact

Dependence on electricity is pervasive and produces cascade effects. A power outage deactivates the air conditioning — without cooling, servers overheat within 30–60 minutes. Access control systems fail — depending on fail-safe configuration, doors are either permanently open or permanently locked. Fire alarm systems switch to battery operation, which is time-limited. Each of these secondary events can independently cause substantial damage.

Practical examples

UPS fails to switch back to normal mode. After a brief outage in a data centre, the UPS starts correctly and supplies the servers from batteries. When mains voltage returns after two minutes, a firmware bug prevents the UPS from switching back to normal operation. After 40 minutes the batteries are depleted — all servers in the affected hall go down. The cause: a fault that never appeared during the semi-annual tests because the test was always ended manually.

Excavation work severs the power cable. During road works in front of the office building an excavator cuts the main power cable. The UPS bridges the outage, but repair takes eight hours. The existing emergency generator starts automatically — but shuts down after 90 minutes due to overheating because the radiator fan was not repaired during the last service. The servers shut down in a controlled manner; IT operations are idle for the rest of the day.

Overvoltage from a lightning strike. A thunderstorm discharges into a nearby overhead high-voltage line. The resulting overvoltage is partially dampened by the transformer but reaches the building installation in attenuated form. Three server power supplies and one switch power supply are damaged. The affected systems remain offline until replacement power supplies are delivered.

Relevant controls

The following ISO 27001 controls mitigate this threat. (You’ll find the complete list of 6 mapped controls below in the section ‘ISO 27001 Controls Covering This Threat’.)

Prevention:

Detection:

Response:

BSI IT-Grundschutz

G 0.8 is linked in the BSI IT-Grundschutz catalogue to the following modules:

  • INF.2 (Data centre and server room) — UPS concept, emergency power supply, redundant feeds and energy management.
  • INF.12 (Cabling) — Protection of power supply cables from mechanical damage.
  • INF.5 (Room and cabinet for technical infrastructure) — Power supply and protection of technical rooms.
  • SYS.1.1 (General server) — UPS connection and automatic shutdown during power outages.

Sources

ISO 27001 Controls Covering This Threat

A.7.5 Protecting against physical and environmental threats A.7.11 Supporting utilities A.7.12 Cabling security A.7.13 Equipment maintenance A.8.1 User endpoint devices A.8.14 Redundancy of information processing facilities

Frequently asked questions

How long does a UPS bridge a power outage?

That depends on the UPS capacity and the connected load. Typical UPS systems for server rooms bridge 10–30 minutes — enough time for a controlled shutdown, but not enough to keep working. For longer outages an emergency generator (diesel, gas) is required that starts automatically once the UPS batteries are depleted.

Does a UPS also protect against overvoltage?

Most modern online UPS systems (double-conversion technology) protect the connected load from overvoltage, undervoltage and frequency variations as well. Simple offline or line-interactive UPS units offer only limited overvoltage protection. For sensitive IT systems an online UPS is advisable.

How often should UPS batteries be tested?

A load test should be performed at least every six months. Actual bridging time is measured and compared with the specification. Lead-acid batteries lose substantial capacity after 3–5 years and should then be replaced preventively — a defective battery in a real incident is the most common cause of UPS failure.