Network-connected, data centre physical infrastructure equipment1 – i.e., the power, cooling, and environmental/security-monitoring devices found in the IT space – are necessary for ensuring availability and making operation of the data centre efficient. However, these network connections, particularly if poorly designed and implemented, could be used by cyber criminals as an attack surface. A typical installation is composed of widely distributed, network-connected hardware devices communicating to network gateways, firewalls, and on-premise or remote infrastructure management (DCIM) servers. These connections may extend to mobile devices, corporate IT and facility management systems, and 3rd party cloud services. Figure 1 shows a simplified block diagram of an example data centre to highlight the many potential cyber-attack vectors on power and cooling infrastructure that is network connected to potentially a wide variety of devices, users, and monitoring systems. The arrows represent data flow and network connectedness.