A company leases office space in the same building as a medical practice with a magnetic resonance imaging (MRI) scanner. The powerful magnetic fields of the MRI machine penetrate the partition wall and regularly cause screen distortions on the accounting team’s monitors. One day the server in the adjacent room starts responding with sporadic error messages. The cause is only found after weeks — the magnetic hard drives in the server have been damaged by the MRI’s magnetic field.
Electromagnetic interference (EMI) is one of the less obvious physical threats. The BSI lists it as elementary threat G 0.12. Its insidiousness lies in the fact that it is invisible and the symptoms — malfunctions, data loss, communication disruptions — are often attributed to other causes.
What’s behind it?
Information technology consists largely of electronic components. Electromagnetic fields acting on these components can impair device function, damage them, or corrupt data on magnetic storage media. Effects range from subtle calculation errors to total failure.
Effect patterns
-
Functional disturbances — Electromagnetic coupling into signal lines distorts data signals. The result: transmission errors, system crashes, faulty calculations. These disruptions can occur intermittently and are hard to reproduce.
-
Data loss on magnetic media — Strong magnetic fields can erase or corrupt information on hard drives and magnetic tapes. Modern hard drives are better shielded than earlier generations, but they offer no adequate protection against industrial magnets or medical equipment.
-
Hardware damage — Very strong electromagnetic pulses (e.g. from lightning strikes or HEMP — High Altitude Electromagnetic Pulse) can destroy semiconductor components permanently.
-
Disruption of wireless communication — Wi-Fi, Bluetooth, mobile networks and other radio technologies can be affected by interference in their frequency bands. In industrial environments with many interference sources, wireless reliability can suffer considerably.
-
Industrial installations — Electric motors, welding equipment, induction furnaces, frequency converters — all these devices generate strong electromagnetic fields.
-
Wireless networks — Wi-Fi, mobile, Bluetooth, amateur radio, radar installations. In densely populated areas numerous wireless networks overlap.
-
Medical equipment — MRI machines produce extremely strong magnetic fields. Other medical devices (diathermy, shortwave therapy) likewise emit substantial field strengths.
-
Electrical installations — Poorly shielded cables, faulty earthing, switching operations in power grids can generate transient interference pulses.
-
Natural sources — Lightning discharges and (to a small degree) cosmic radiation.
Electromagnetic interference propagates through the air, but also along metallic conductors: cables, heating pipes, air ducts and water pipes can act as antennas and carry interference energy into distant parts of the building.
Practical examples
Frequency converter disrupts the network. A production plant installs a new frequency converter for an electric motor. The network cables to the adjacent office area run parallel to the converter’s power cable. From the moment the new motor is switched on, intermittent network errors appear: packets are lost, connections drop. The cause — electromagnetic coupling from the frequency converter into the unshielded network cables — is only identified after weeks of troubleshooting.
Welding work next to the server room. During conversion work in a production hall, welding is carried out directly next to the server room. The electric arcs produce strong electromagnetic pulses. During the welding work several servers show sporadic errors and restarts. Power-supply safety circuits trip in some cases. Only when a link between welding windows and server outages is drawn is the work relocated.
Radio transmitter disrupts Wi-Fi. A neighbouring operation installs a high-power radio station. The transmit frequency lies close to the 2.4 GHz Wi-Fi band. In your own office the Wi-Fi connection becomes unreliable: frequent drops, low throughput, connection issues during video conferences. Switching to the 5 GHz band solves the problem, but two weeks pass with reduced productivity before the cause is found.
Relevant controls
The following ISO 27001 controls mitigate this threat. (You’ll find the complete list of 2 mapped controls below in the section ‘ISO 27001 Controls Covering This Threat’.)
Prevention:
- A.7.12 — Cabling security: Shielded cables, separate routing of power and data cables, protection against electromagnetic coupling.
- A.7.11 — Supporting utilities: Overvoltage protection and power-supply filtering as protection against conducted interference.
BSI IT-Grundschutz
G 0.12 is linked in the BSI IT-Grundschutz catalogue to the following modules:
- INF.12 (Cabling) — Requirements for the electromagnetic compatibility of building cabling, shielding and cable separation.
- IND.2.1 (General ICS component) — EMC requirements for industrial control systems, which are particularly sensitive to interference.
- INF.2 (Data centre and server room) — EMC protective measures for rooms with high IT concentration.
Sources
- BSI: The State of IT Security in Germany — Annual report with current threat statistics
- BSI IT-Grundschutz: Elementary Threats, G 0.12 — Original description of the elementary threat
- ISO/IEC 27002:2022 Section 7.12 — Implementation guidance on cabling security