Zum Hauptinhalt springen
CENEDRIL WIKI
DE
Elementary Threat · BSI IT-Grundschutz

G 0.10 — Failure or Disruption of Supply Networks

Updated on 4 min Reviewed by: Cenedril Editorial
A.7.5A.7.11A.7.12A.7.13A.8.14 BSI IT-GrundschutzISO 27001ISO 27002

A building is an ecosystem of interconnected utility networks. Electricity, water, heating, cooling, ventilation, alarm systems — each network depends directly or indirectly on the others. If the heating fails in winter, water pipes freeze. If the water supply fails, the air conditioning stops working. If the air conditioning fails, the servers overheat. A single disruption can thus propagate through the entire building.

The BSI lists the failure or disruption of utility networks as elementary threat G 0.10. The threat goes beyond a pure power outage (G 0.8) and covers the entire building infrastructure.

What’s behind it?

A building contains a multitude of utility networks that serve as the basis for all business processes. These networks depend on each other to varying degrees — and it is precisely this interdependence that makes the threat so complex.

Building utility networks

  • Power — The fundamental dependency. Without electricity, neither IT nor air conditioning, lighting, lifts or control systems function. (Details under G 0.8.)
  • Cooling and air conditioning — In server rooms and data centres the air conditioning is as critical as the power supply. Without cooling, servers overheat within 30–60 minutes.
  • Heating and ventilation — In winter a heating failure can force employees to leave the building and cause water pipes to freeze.
  • Water and wastewater — Water is needed for AC units, sprinkler systems and sanitary facilities. In high-rise buildings, pumps are required for water supply to upper floors.
  • Gas — In buildings with gas heating or gas-based emergency generation.
  • Alarm and control systems — Fire alarm systems, intrusion alarm systems, building management systems, intercoms. Their failure can mean that safety functions are no longer assured.

Impact

The greatest danger lies in the chaining of failures. A loss of power deactivates not only IT but also all electrically driven control systems of the other networks. Even wastewater lines can be affected when electric lift pumps are installed. A water outage affects air conditioning. A heating failure in frost conditions damages the water supply.

Practical examples

Heating failure and frost damage. On a Friday afternoon in an office building the gas heating fails due to a burner defect. The weekend is frosty, with temperatures around minus 10 °C. On Monday morning several heating pipes in outer-wall areas are frozen and partially burst. The escaping water has flooded the technical room on the ground floor. The IT infrastructure is undamaged (the server room is on the first floor), but the main power distributor on the ground floor is submerged.

Air conditioning without water. Water supply to a commercial park is cut off for six hours due to a mains-line burst. The water-cooled AC unit of the server room loses its cooling circuit and shuts down. Room temperature rises to 38 °C within 45 minutes. The servers throttle performance, business-critical applications become extremely slow. Portable cooling units must be set up as a stopgap to keep operations running.

Building management system disrupted. A software update to the building management system fails. Automatic control of heating, ventilation and air conditioning falls back to manual operation. In the first few hours nobody notices — but the server room’s AC no longer runs on automatic control. Only the temperature monitoring (a separate system) raises the alarm and prevents worse.

Relevant controls

The following ISO 27001 controls mitigate this threat. (You’ll find the complete list of 5 mapped controls below in the section ‘ISO 27001 Controls Covering This Threat’.)

Prevention:

Response:

BSI IT-Grundschutz

G 0.10 is linked in the BSI IT-Grundschutz catalogue to the following modules:

  • INF.2 (Data centre and server room) — Requirements for redundant utilities and monitoring of all building systems.
  • INF.5 (Room and cabinet for technical infrastructure) — Supply reliability for technical rooms and distribution cabinets.
  • INF.13 (Technical building management) — Control and monitoring of building installations.
  • INF.14 (Building automation) — Resilience and fallback operation of automated building systems.

Sources

ISO 27001 Controls Covering This Threat

A.7.5 Protecting against physical and environmental threats A.7.11 Supporting utilities A.7.12 Cabling security A.7.13 Equipment maintenance A.8.14 Redundancy of information processing facilities

Frequently asked questions

Which utility networks are relevant for IT operations?

Power (primary), cooling/air conditioning, heating/ventilation, water (for AC units and sprinklers), communications (covered separately as G 0.9) and alarm/control systems (fire alarm, intrusion alarm, building management systems). The failure of any single network can directly or indirectly affect IT operations.

How are the various utility networks interrelated?

The networks are highly interdependent. Electricity drives AC units, pumps, lifts and control systems. Water is needed for AC units and sprinklers. Heating prevents frost damage to water pipes. A failure in one network can trigger cascade effects in others.

Do I have to build redundancy for every utility network?

Full redundancy across all networks is rarely economically sensible. A risk analysis shows which networks are critical for which business processes and which downtimes are tolerable. For the most critical networks (typically power and cooling) redundancy is advisable; for others, emergency plans and quick-repair agreements suffice.