G 0.24 — Destruction of Devices or Storage Media

An employee discovers that the ventilation slots of a critical server are covered by an object — deliberately placed by a colleague who is frustrated with internal processes. Two days later the hard drive suffers a temperature-induced failure. The server is down for several days; parts of the data can only be recovered from a backup from the previous day.

The destruction of devices and storage media can arise through sabotage, negligence or improper handling. The BSI lists this threat as G 0.24. The consequences range from business disruption to irrecoverable data loss.

What’s behind it?

IT devices and storage media are physical objects — and therefore susceptible to physical impact. Whether through wilful sabotage, frustrated action, accidents or improper handling: when hardware is destroyed, both the availability of the system and the data stored on it are endangered.

Causes of destruction

Sabotage by insiders — aggrieved employees deliberately damage IT systems. Particularly dangerous when the perpetrator knows the hardware’s weaknesses (e.g. sensitivity to overheating or shock).
Vandalism — wilful damage by intruders or unauthorised persons who have gained access to server rooms or offices.
Improper handling — dropping devices, knocking into running systems, improper transport without protective packaging.
Environmental influences through negligence — spilled liquids, blocked ventilation, overloaded power supplies, improper cleaning.
Untrained handling — employees unfamiliar with sensitive devices cause damage through improper operation.

Impact

The immediate consequences are business disruption and replacement costs. More serious is the potential data loss: when the destroyed hardware held the only copy of certain data and no current backup exists, the data is irretrievably lost. Professional data recovery from damaged hard drives has success rates of 50-80 per cent depending on the type of damage — with costs in the four-figure range and weeks of waiting time.

Practical examples

Sabotage of the server room air conditioning. A technician who has been informed of his termination tampers with the air conditioning of the server room before leaving the company. Over the weekend the temperature rises unnoticed to over 40 °C. Several hard drives and a switch suffer thermal damage. Rebuilding the environment takes four days; customer data can only be recovered up to the state of the last daily backup.

Coffee on the laptop. An employee knocks over a full coffee cup onto her work computer while on the phone. The liquid causes a short circuit; the device is damaged beyond repair. On the local hard drive are project files that have not been synchronised with central storage for two weeks. These two weeks of work are lost.

Fit of frustration against the work computer. After yet another system crash, an employee kicks his desktop computer. The hard drive suffers a head crash. The data stored on it — locally stored customer correspondence and quotations — can only be partially reconstructed from backup because the local folder was not covered by the backup plan.

Relevant controls

The following ISO 27001 controls mitigate this threat. (You’ll find the complete list of 12 mapped controls below in the section “ISO 27001 Controls Covering This Threat”.)

Prevention:

A.7.5 — Protecting against physical and environmental threats: Structural and technical measures against fire, water, vibration and temperature influences.
A.7.13 — Equipment maintenance: Regular maintenance prevents defects through material fatigue and wear.
A.7.11 — Supporting utilities: Uninterruptible power supply and climate control protect against environmental damage.
A.7.9 — Security of assets off-premises: Protection of mobile devices against physical damage while travelling.
A.8.1 — User end point devices: Policies for the proper handling of workstations and mobile devices.

Detection:

A.7.14 — Secure disposal or re-use of equipment: Controlled processes ensure that devices do not disappear or suffer damage unnoticed.
A.8.20 — Networks security: Monitoring detects the failure of network components.

Response:

A.5.29 — Information security during disruption: Contingency plans for operations after hardware destruction.
A.8.14 — Redundancy of information processing facilities: Redundant systems take over when primary hardware fails.
A.8.27 — Secure system architecture and engineering principles: Resilient architecture that withstands the failure of individual components.

BSI IT-Grundschutz

The BSI IT-Grundschutz catalogue links G 0.24 to the following modules:

INF.2 (Data centre) — physical security, climate control and access protection for data centre rooms.
INF.5 (Room and cabinet for technical infrastructure) — requirements for server rooms and IT cabinets.
SYS.1.6 (Containerisation) — redundancy and rapid recovery in container-based systems.
CON.3 (Data backup concept) — requirements for backup strategies, including offsite backup and regular restore tests.

Sources

BSI IT-Grundschutz: Elementary Threats, G 0.24 — original description of the elementary threat
ISO/IEC 27002:2022 Section 7.5 — implementation guidance on the protection against physical and environmental threats
BSI: Business Continuity Management — recommendations for contingency planning

ISO 27001 Controls Covering This Threat

A.5.15 Access control A.5.29 Information security during disruption A.7.5 Protecting against physical and environmental threats A.7.9 Security of assets off-premises A.7.11 Supporting utilities A.7.13 Equipment maintenance A.7.14 Secure disposal or re-use of equipment A.8.1 User endpoint devices A.8.10 Information deletion A.8.14 Redundancy of information processing facilities A.8.20 Networks security A.8.27 Secure system architecture and engineering principles

Frequently asked questions

Is G 0.24 only about intentional destruction?

The threat covers both deliberate destruction (sabotage, vandalism) and destruction through negligence or improper use. A dropped server, a spilled coffee cup on a laptop or a device overheated by a blocked vent — all of this falls under G 0.24.

How does destruction differ from failure?

Destruction (G 0.24) means the device or storage medium is damaged beyond repair. Failure (G 0.25) can also be temporary — a restart or repair restores the function. With destruction, devices must be replaced and data must be restored from backups.

How do I protect data against physical destruction of the hardware?

Regular backups at a physically separate location (offsite backup or cloud backup). Redundant systems for critical services. Physical protection of the hardware through suitable installation, climate control and access controls. For particularly critical data: geo-redundant storage.