If they mount webcams and other sensors inside the cabinet, they could detect unexplained access to their servers. Not sure what it'd really accomplish. The colo provider would either say "tech mistakenly opened that cabinet" or "no comment". The only real defense is to assume any such access is a breach and have servers immediately overwrite FDE keys in RAM and power off - and if they were that committed, they wouldn't host in the US in the first place.
There is some historical precedent for such methods. I believe one popular CDN (possibly Akamai?) has its nodes set up with sensors of some variety to discard sensitive data if the hardware is exposed to light.
Yeah, that is just bar room banter between nerds. I've stood next to unprotected racks of Akamai servers and nothing happened.
Nobody really builds systems where an HVAC engineer walking into your cage to move a cooling tile will cause an outage, they just love to talk about how they would build them.
Full disk encryption would be another option, with the key being obtained over a secure channel from servers hosted remotely before booting to the real system. Then, as long as they can detect whether the server asking for the key has been compromised, I think it should be pretty safe. (Not a security researcher though, I wouldn't bet money on it.)
Remotely detecting if the server is not compromised when you don't trust the physical surroundings is probably unsolvable. If your attackers are very motivated and have lots of resources, what's to prevent them from installing a ram bus signal analyzer during a scheduled/unscheduled downtime. This would be pretty hard to detect (absent an elaborate video monitoring setup), as a good analyzer should not impact the system being monitored.
Hardware Security Modules (HSMs) are supposed to be able to resist that kind of attack, but given we currently have a duopoly of fairly government (US and EU/UK) connected HSM manufacturers, and they devices aren't suitable (price and capabilities) for general purpose computing, we're kind of out of luck.
A Free/Open HSM design would go a long way, along with more host-based trusted computing security (Intel SGX, etc.). But just physically controlling the surroundings is probably the only feasible option today.
Sure, they might be, but what do I care what the Chinese govt knows about me? They're 10,000 miles away and I have no foreseeable plans to travel there. My own government, who I want to be free to criticize when they do something I disapprove of, that's something else.
And we'd want to turn that off every time we got them to replace a hard disk...
I wonder how many "sorry, the hairtrigger anti-intrustion systems took the site down" outages it would take before people begged us to turn the sensitivity down.
