In September, state news agencies from North Korea explicitly stated that the country could hit the United States with an Electromagnetic Pulse (EMP) attack. Since the announcement, people have been struggling to understand the possibilities of an EMP attack and its level of risk.
An Electromagnetic Pulse (EMP) is “an instantaneous, intense energy field that can overload or disrupt at a distance numerous electrical systems and high technology microcircuits, which are especially sensitive to power surges. A large scale EMP effect can be produced by a single nuclear explosion detonated high in the atmosphere. This method refers to a High-Altitude EMP or HEMP1.” The frequency created by the pulse is what creates damage as it couples to electrical and electronic systems. “Long-line” connected equipment, like the electric power grid and telecommunications infrastructures, especially vulnerable to EMP.
Although prominently discussed in recent weeks, the evaluation of EMP threats against the United States is not new. In 2001, Congress created the “Commission to Assess the Threat” to the United States from Electromagnetic Pulse. In the Commission’s first report in 2004, they stated that “the high-altitude nuclear weapon-generated electromagnetic pulse (EMP) is one of a small number of threats that has the potential to hold our society seriously at risk.” They published a second report in 2008 with a more detailed assessment of the risk that an EMP attack presented.
An electrical grid is highly susceptible to a HEMP attack with good reason. Although it is difficult to estimate, some experts predict that a HEMP attack could wipe out the electrical grid in the Eastern US, which supplies 75% of the power to the United States. Also, the electrical grid does not have one oversight body that is responsible for its safeguarding. The North American Energy Reliability Company (NERC) makes “best practices” recommendations to the Federal Energy Regulatory Commission (FERC). NERC, as the Electric Reliability Organization, said that they do “develop mandatory and enforceable standards to help protect the bulk power system, including numerous security standards and take a risk-based “defense-in-depth” approach to protecting critical grid assets from all threats”2.
Since the Commission last released a report to Congress in 2008, the importance of data centers to our nation’s economy and critical infrastructures has increased dramatically. Many of the top US companies by market capitalization like Apple, Alphabet, Microsoft, Amazon, and Facebook operate and rely on massive data centers to support their operations. Financial markets rely on highly-available data centers to support millions of trades per day. Smart City and Internet of Things (IoT) initiatives require low-latency connections to data centers to operate buildings and critical systems efficiently. Our reliance on data centers has never been greater.
Data centers connected to the power grid and long-haul telecommunications networks house sensitive electronics. This combination makes them particularly vulnerable to EMP attacks and if the Commission were to submit an updated report today, I believe that they would identify data centers as a critical area of risk in the event of an EMP attack.
Our team has recently designed a data center capable of withstanding an EMP event and has been humbled to rethink the process again in light of recent global threats. While a typical data center design focuses on resiliency in the electrical and mechanical systems, an EMP-protected data center has the added challenge of delivering resiliency against a nuclear attack. Here are a few takeaways to consider:
Understanding Protected Spaces: A 6-Sided Envelope
The term ‘protected space’ is used daily in this design process and is meant to define the area within the facility that is protected from an EMP attack. While there are different methodologies for creating a protected space, they all require the implementation of a “6-sided envelope” meaning that the shielding created against EMP is bonded/welded together across your walls, floors, and roof. This is most common strategy for creating a protected space is the creation of a ‘Faraday Cage,’ which is a continuous covering of conductive materials. However, in recent years, new construction methods (like conductive concrete) have been developed that provide effective shielding against EMP attacks.
Evaluating what needs to be in the protected space is a critical part of the design, as the cost to create the 6-sided envelope is substantially more than the cost of typical data center construction. As an example, staging and testing/development systems may be able to reside outside the protected envelope.
Everything is Vulnerable
When considering an EMP attack, any system with electronics or a system connected to electrical power is vulnerable, which makes critical systems like chillers, electrical distribution, and standby generators likely to fail as well. As a result, these systems need to be considered part of the protected space. Conventionally, this equipment would be located in a mechanical room or outside on an equipment pad, and coordinating the design of a protected space that accommodates the infrastructure needs of these systems is a challenge.
Rethinking Building Penetrations
In conventional construction, building penetrations for chilled water piping, electrical distribution, or telecommunications infrastructure are typically made during the installation process based on site conditions. In an EMP-protected data center, the walls, floor, and roof are welded together to create the 6-sided envelope. As a result, any penetration made through this envelope must be predetermined during the design process and welded into the envelope during construction. In other words, a 4” penetration cannot be cut into the side of the building during construction for an electrical conduit. Instead, the exact location has to be predetermined, and a prefabricated sleeve has to be welded into the protected envelope in advance. (The sleeve has a connection point on the outside and the inside of the envelope).
Data centers are critical to our country’s operations. However, we do not typically consider the risk of Electromagnetic Pulse (EMP) attacks in the design process. For data center facilities that support critical systems, EMP-protected designs should be part of the design conversation.