Security

A Fundamental Change of Attitude to Cyber Security In Smart Buildings

According to Idan Udi Edry of Nation-E, the smart buildings industry has evolved past a dutiful attitude towards cyber-security, and instead displays “an attraction and curiosity” for the topic. “This year there was a change”, Edry says. “For a quarter of a century the BAS industry has been working hard at delivering full connectivity across all the different building services. More recently with the introduction of IP Networked product across many of the services improved solutions have been made possible”, explains our recent report on the Transformation of BAS into the Building Internet of Things. “With the advent of IoT we now have the capability to join “things” together more efficiently and cost effectively in a building. This technology can collect data from all the sensors and devices and with Big Data software, analyze all of this data and immediately optimise and fully automate the buildings performance”, continues the report. However, this increased connectivity also brings about vulnerability […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

According to Idan Udi Edry of Nation-E, the smart buildings industry has evolved past a dutiful attitude towards cyber-security, and instead displays “an attraction and curiosity” for the topic. “This year there was a change”, Edry says.

“For a quarter of a century the BAS industry has been working hard at delivering full connectivity across all the different building services. More recently with the introduction of IP Networked product across many of the services improved solutions have been made possible”, explains our recent report on the Transformation of BAS into the Building Internet of Things.

“With the advent of IoT we now have the capability to join “things” together more efficiently and cost effectively in a building. This technology can collect data from all the sensors and devices and with Big Data software, analyze all of this data and immediately optimise and fully automate the buildings performance”, continues the report.

However, this increased connectivity also brings about vulnerability to cyber-attack. With so many entry points to a building management system (BMS) in a modern smart building, it becomes crucial to build cyber-security into the system architecture from an early stage, in order to reduce the risk of attack.

If a cyber-attacker zeroes in on a BMS system, “The target is not necessarily the building,” says Edry. The BMS system may integrate facility access controls, surveillance, HVAC, lighting, power, elevators, fire safety, and even scheduling. Any of these elements could be the target of the attack, but any of them may also be the entry point for the attack; each of these systems is at a different level of smart development and the responsibility of each lies in different departments.

Therefore Edry’s bigger concern is that OT and IT teams don’t work together to spend enough time thinking about each other. Despite all the advancements in IT technology, for example, “OT still hasn’t changed,” he says. “Whether you bought your generator today or 10 years ago” (or longer) “the communication protocols are the same”. Everything still has a serial port, Edry says, and that creates a vulnerability that IT professionals might not think about.

Ethical hackers from IBM’s X-Force tested a smart buildings automation system and encountered numerous serious security issues. The researchers identified several security holes that provide hackers with a backdoor into corporate networks through the office’s climate control systems. “We did it old-school, just probing the firewall, finding a couple of flaws in the firmware”, said Chris Poulin, research strategist for IBM’s X-Force. “Once we had access to that, we had access to the management system of one building”.

It doesn’t matter how much you invest in securing your IT, Edry says. If you don’t also take into account the OT, you’re missing something, and leaving yourself vulnerable. So as a first step in smart buildings cyber security strategy, Edry’s advises to map all the building’s assets, both IT and OT alike, in one place. “There is always going to be a conflict between the IT and the engineering” departments. The direction must come from the top.

Cyber security has become second nature to IT companies, which is not to say they’ve mastered it, but that it has become a daily element in their businesses. Like power supply, or data processing capacity, the limitations created by cyber-security represent the limitations on the product or service as a whole. The same need to be true of OT in buildings and these two elements need to work together, according to Billy Rios of Cylance, one of the two men responsible for finding flaws in the BAS at Google’s Australian headquarters back in 2013.

“The attack highlights the increasing vulnerability in our modern interconnected world. As the excitement and development continues in the Smart Building and IoT space, it leaves us vulnerable to attacks not only on our private information, but also on the built environment around us”, Rios explained in a Memoori Webinar last year.

The increasing focus on making buildings more energy efficient, secure and responsive to changing conditions is resulting in a plethora of web-enabled technologies. BMS’s are not only more tightly integrated with each other, they are also integrated with systems outside the building, like the Smart Grid. Highlighting potential threats to entire cities and regions as connectivity expands beyond the smart building.

Edry says that a fundamental change of attitude is now beginning to happen. Because regulations and cyber insurance policies are now mandating certain protections on “critical assets”, including cyber-physical systems in smart buildings, OT engineers are now talking to their boards of directors about cyber-security. “Real change”, says Edry. “The strategy has changed.”

[contact-form-7 id="3204" title="memoori-newsletter"]

Most Popular Articles

View Inc. Glass Unicorn Bankruptcy
Smart Buildings

Breaking the Glass Unicorn: View Inc. Files for Bankruptcy

The “first smart building unicorn” has gone bankrupt. After receiving numerous warnings from NASDAQ that it could be delisted, View Inc. admitted it doesn’t have enough money to operate publicly beyond September. Last week, the company announced it would file for Chapter 11 bankruptcy and continue operations under private ownership via an agreement with Cantor […]

SPIE
Energy

SPIE Technical Facility Management Business 2024 Examined

This Research Note examines the French public company, SPIE and its focus on building solutions, which is one of four strategic markets that the group addresses in central and northern Europe. This article covers the Group’s fields of expertise, its development since 2013 through platform and bolt-on acquisitions and its expansion in the Netherlands, based […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy