In brief: Experiments with underwater data centers have been ongoing for almost a decade now, revealing the numerous advantages to placing these facilities deep below the waves. However, researchers have discovered that their unique environment makes them vulnerable to a specific attack: sound waves.

From Microsoft’s Project Natick to China’s Hainan Undersea Data Center Demonstration Development Project, we’ve seen data centers being placed underwater for years, saving precious land space and providing a dust-free, oxygen-free environment, which can protect electronics and help reduce faults.

The biggest benefit of these data centers is the surrounding cold water that helps carry away heat. In the case of the Hainan facility, the cold seawater is forecast to save 122 million kilowatt-hours of electricity and 105,000 tons of freshwater annually.

Now, researchers at the University of Florida and the University of Electro-Communications in Japan have found a vulnerability in underwater data centers. All it takes are sound waves directed at the structures. Just a pool speaker playing a high D note – carried by the dense water – could have a significant impact.

The study detailed how sound at the resonant frequency of the hard disk drives causes vibrations at a given velocity and intensity directly proportional to the sound pressure level, affecting the read/write performance of the disk.

“The main advantages of having a data center underwater are the free cooling and the isolation from variable environments on land,” said Md Jahidul Islam, Ph.D., a professor of electrical and computer engineering at UF and co-author of the paper. “But these two advantages can also become liabilities, because the dense water carries acoustic signals faster than in air, and the isolated data center is difficult to monitor or to service if components break.”

Tests were carried out in a lab-based water tank and in a lake on UF campus. An off-the-shelf underwater speaker playing music tuned to 5.1-5.3 kHz caused a Supermicro rack server configured with RAID 5 storage to experience “consistent throughput degradation.”

Unresponsiveness in a distributed file system happened after just 2.4 minutes of acoustic targeting, which also caused a database’s latency to increase by up to 92.7 percent. The researchers say this method can completely destroy some drives.

The attacks were carried out 20 feet away from the equipment, but Islam said some simple underwater robotics could disrupt data centers from miles away.

The researchers looked at ways of mitigating the attacks: sound-proof panels, but that raised the servers’ temperatures too much, and increasing the volume bypassed this method; and active noise cancellation, which proved too cumbersome and expensive.

A solution could come in the form of an algorithm that the researchers developed using machine learning. It identifies disruption patterns caused by acoustic attacks by analyzing the throughput of disk clusters in close proximity inside a submerged data center. The algorithm could then reallocate computational resources before an attack causes too much damage.

“The ocean is awash in sound already. We’ve demonstrated that these attacks can happen inadvertently from something like a submarine sonar blast, which is extremely loud,” said co-author Kevin Butler, Ph.D., a UF professor and director of the Florida Institute for Cybersecurity Research. “So it’s that much more important that we know how to defend against these attacks. These are issues that haven’t been studied at all by the security community.”