Smart Buildings

Security By Design – The Only Way To Effectively Protect Smart Buildings From Cyber Attack

Cyber attacks are an unfortunate reality of our connected world, and as more of our smart buildings get online, it seems there is no stopping the increased threat to them from hackers. While we may be helpless in reducing the wide variety of attempts to bring down or hold to ransom our connected assets, we can do more to protect ourselves against the effects of these attacks. In the highly anonymous world of hacking, it seems there is often little or no moral code. In February 2017, for example, hackers disrupted the services of the Hollywood Presbyterian Medical Center, a hospital facility in Los Angeles. The attack blocked access to patient records, laboratory results, surgery and critical patient information - with experts equating the human cost to some natural disaster situations. This was not a terrorist scenario however, it was in effect a cyber-kidnapping, as the critical hospital systems would only be released once a […]

Stay ahead of the pack

with the latest independent smart building research and thought leadership.

Have an account? Login

Subscribe Now for just $200 per year per user (just $17 USD per month) for Access to Quality Independent Smart Building Research & Analysis!

What Exactly Do you Get?

  • Access to Website Articles and Notes. Unlimited Access to the Library of over 1,700 Articles Spanning 10 Years.
  • 10% discount on ALL Memoori Research reports for Subscribers! So if you only buy ONE report you will get your subscription fee back!
  • Industry-leading Analysis Every Week, Direct to your Inbox.
  • AND Cancel at any time
Subscribe Now

Cyber attacks are an unfortunate reality of our connected world, and as more of our smart buildings get online, it seems there is no stopping the increased threat to them from hackers. While we may be helpless in reducing the wide variety of attempts to bring down or hold to ransom our connected assets, we can do more to protect ourselves against the effects of these attacks.

In the highly anonymous world of hacking, it seems there is often little or no moral code. In February 2017, for example, hackers disrupted the services of the Hollywood Presbyterian Medical Center, a hospital facility in Los Angeles. The attack blocked access to patient records, laboratory results, surgery and critical patient information - with experts equating the human cost to some natural disaster situations.

This was not a terrorist scenario however, it was in effect a cyber-kidnapping, as the critical hospital systems would only be released once a ransom was paid. The medical center eventually paid the $17,000 ransom in untraceable bitcoins, while the subsequent LA police force and FBI investigations were unable to track down the perpetrators.

This nefarious attack on a vital healthcare facility is not an isolated event. In May this year, the global WannaCry ransomware attack targeted, among other things, the British National Health Service (NHS), forcing hospitals across the country to turn away patients. Less than two months later, the ExPetr ransomware attack disrupted, among other things, the Heritage Valley Health System, which runs hospitals and care facilities in Pittsburgh. Even more disturbing, the latter of these incidents did not include a release function once the ransom had been paid.

“One of the key differences [of ExPetr] from WannaCry is that there doesn’t appear to be a kill-switch, i.e. a mechanism that will stop if from infecting. This is why it’s essential to ensure that systems are fully updated and to ensure that data is backed up regularly,” Kaspersky’s Principal Security Researcher, David Emm, told Memoori shortly after the event.

The Internet of Things (IoT) and smart buildings seek to connect our physical world to bring about efficiencies and a host of other benefits that are elevating society into a new technological era. “Smart buildings promise significant benefits to owners and operators in terms of efficiency, safety, comfort and functionality, but these systems also carry potential costs, as without the right levels of protection, they can act as tempting targets for would-be hackers and or malicious insiders,” states our recent report Cyber Security in Smart Commercial Buildings 2017 to 2021.

These IoT devices, when improperly secured, provide the easy entry point for hackers into wider systems. Furthermore, IoT devices on mass have been used as ammunition for Distributed Denial of Service (DDoS) attacks, which overwhelm systems through a barrage of digital requests - the most infamous of which bringing down a host of major online services in October 2016.

“In an IoT world where a camera or building management system (BMS) can potentially launch a cyber attack and disable a building’s critical services, there is an imperative to address these risks at all levels of the build, design and deployment stages. Builders, engineers and critical services specialists who do not factor in potential cyber risk threats as part of their design considerations expose their assets, their occupants and the public to considerable risk,” explains Alan Mihalic, Senior Cyber Security Consultant for Norman Disney & Young.

Mihalic promotes “security by design” as the only way to effectively protect against the wide diversity of cyber attacks our smart buildings are now vulnerable to. This philosophy requires that the construction, building infrastructure and facility management sectors better incorporate cyber security into the core of their design processes.

“The inclusion of smart technologies within building services and design considerations requires a collaborative approach to help ensure that security and privacy standards are maintained,” says Mihalic. “This collaboration must extend to electrical and mechanical engineers, HVAC, fire safety, BMS, and audiovisual specialists. Whether engineering companies work in collaboration with cyber security firms or build out their own competencies, the need for an integrated approach to cyber security challenges is required,” he adds.

In a ‘better late than never’ scenario, industry bodies such as the not-for-profit Internet of Things Security Foundation (IoTSF) have established working groups to address key industry requirements. Such foundations are tasked with developing vital channels of communication between engineers, designers and urban planners on cyber security issues. As the physical world gets increasingly connected, the physical industries must become increasingly cyber security savvy.

[contact-form-7 id="3204" title="memoori-newsletter"]

Most Popular Articles

ABB Smart Buildings 2023
Smart Buildings

ABB Smart Buildings Business 2023 Examined

In this Research Note, we examine the Smart Buildings business of ABB, based on their February 2024 Factsheet and building automation portfolio, acquisitions, divestments and investments throughout 2023. This article updates our 2022 Examined article published in March 2023 and the Capital Markets Day update for Smart Buildings in December 2023. The Smart Buildings division, […]

UK Green Building Council Progress Report
Energy

“Our Industry is Not Moving Fast Enough” – UK Green Building Council

The United Kingdom (UK) is falling behind in its projected green building roadmap according to the UK’s Green Building Council’s (UKGBC) progress report. The initial 2021 roadmap demanded a 19% drop in emissions over the past four years but the latest data shows just a 13% fall, more than 30% short of the target reduction. […]

Honeywell Building Technologies 2023
Smart Buildings

Honeywell Building Technologies Business & Financials 2023 Examined

In this Research Note, we examine the Building Technologies business of Honeywell (HBT) based on their 2023 10K Report, investor presentations and commentary from their Q4 investor call. The strategic rationale for the Carrier Access Solutions acquisition is further discussed and significant investments and partnerships by HBT throughout the year are highlighted. Honeywell Products & […]

Subscribe to the Newsletter & get all our Articles & Research Delivered Straight to your Inbox.

Please enter a valid email

Please enter your name

Please enter company name

By signing up you agree to our privacy policy