How Things Will Change The Way You Approach Understanding Cyber Security In Smart Buildings
When we think of smart buildings, we immediately think of their advantages. We think about the efficiency that connected building technology offers developers, landlords, and tenants. Whether it’s efficiency, long-term value or brand awareness, stakeholders will be hurt if their buildings aren’t ‘smart’. However, do we think about the cybersecurity risks we face? Cybersecurity risks also has increased manifolds in the times of cloud services.
As our buildings become more complex, with the number of IoT- connected devices and cloud services growing exponentially, the chances of cyber attacks become even greater.
So how can we understand these challenges and prevent them from happening in the future?
Cyber Security in numbers
There has been a more than 2100% increase in the number of industrial cyber attacks in the last three years alone;
- The impact of just one cyber attack costs, on average, about $ 3.8 million (Source: Ponemon Institute);
- The number of malware created daily exceeds 300,000;
- An average business uses 928 cloud applications;
- IoT security spending in 2018 was estimated at $ 547.2 million;
The challenges of smart buildings
Building systems today often cannot effectively manage any potential cyber intrusion. This is a direct result of an obvious disconnect between groups that manage information technology (IT), who have extensive knowledge of cybersecurity, and groups that manage operational technology (OT), which have knowledge of building management system (also known as BMS).
Previously, BMS required specialized knowledge of systems and protocols and did not require access to corporate network resources or the Internet. Thus, the security of a BMS network depended predominantly on obscurity and lack of external connectivity. However, the evolution of BMS technology has meant that systems now use a combination of OT protocols, including ModBus and BACnet, as well as IT protocols such as HTTP and FTP. This has revolutionized the way smart buildings operate, but has also affected how they can be targeted from a cyber perspective.
The evolution of BMS technology is basically a gold mine for hackers. Along with the disconnect between IT and OT groups, the current building operational model needs to change. In recent years, hacking communities and research groups specializing in cyber attacks have turned to smart buildings to gather important data.
In the end, the problem starts with a BMS network. This network can be considered a path to access an organization’s complete IT network. Thus, not only does the management system itself become the target, but the entire company.
The solution
For those looking to upgrade their building technology, the risk of cyber attacks is a huge hurdle. This prevents many sectors – notably health, FS and the public sector – from investing in improvements. This is a direct result of the fear of attacks and the damage and interruptions they can cause. The reality is that an attack can cost millions to an organization.
To mitigate these attacks and realize the full potential of smart buildings, operators and occupants need to change the way intelligent building control systems are designed and managed from the perspective of cyber security. Leaving organizational barriers aside and recognizing the IT / OT disconnect is the critical first step in implementing and operating cyber-secure intelligent building control systems.
Luckily, the OT control systems industry is already showing strong support for addressing today’s security challenges. Even better, industry associations have increased the need for common cybersecurity practices, in particular with the development of the IEC 62443 global cybersecurity standards set. This is designed to improve the security, availability, integrity and confidentiality of the systems used. for industrial automation and control.
Fundamentally, there are four main ways organizations can create a secure, operational smart building:
- Assessing and protecting OT’s legacy building control systems
- Choosing IoT Devices and Providers That Follow a Secure Development Lifecycle Approach
- Implementing secure building control system architectures
- Connecting secure building control systems through an IT Security Monitoring Zone
The future of cyber Security in buildings
The vulnerability of a BMS system that works with these two sets of protocols lies in the disconnect between the IT staff, who have the cyber security knowledge, and the TO team, who has the operational knowledge. The smarter your building and the less these two groups work with each other, the more vulnerable the technology will become, resulting in increased external cyber attacks. Teams need to work together and organizations must adhere to certain practices to keep their building as safe as possible.