Desktop version

Home arrow Engineering arrow Advanced Technology for Smart Buildings

Security

The building automation industry is now at a point where we have legitimate and reasonable concerns regarding the security of building control systems, especially in smart buildings where advanced technology is deployed. We see stories in the news regarding malicious cyber-attacks on private companies, government networks and internet sites, and there are questions as to what such an attack would mean for building control systems, building operations, occupants, and owners. The apprehension is amplified in newer buildings because there has been increased penetration of IT infrastructure in building control systems and greater integration and interconnection of building controls with other systems. The potential security vulnerability of a building can extend to the smart grid as we move to implement two-way communication between buildings and the grid, and of course it could also impact corporate business systems. The overarching security concern is more about network security and less about physical security, although the two are certainly related.

For a smart building it is a prerequisite to implement a secured converged network. In addition, the building should have:

b An integrated video network

b Security Measures—Network admission control

b Security Measures—Network intrusion detection

b Security Measures—Ability to segment or isolate the network to limit access temporarily or permanently

b QoS management

b Bandwidth management

b Core equipment and cabling redundancy

b ISP redundancy

b Uninterrupted Power Supply (core network) b IP device management system

b Monitoring of energy usage of equipment at the data center/MDF/IDF

b Enhanced security elements for integrated networks

b Assign an administrator for building control systems with responsibility for ongoing network security.

b Utilize IT security measures for the building automation networks.

b Provide physical security in areas or spaces where BAS equipment is located

b Encrypt and safeguard network traffic. b Secure any wireless network

The threat is that someone can penetrate a building's systems via an unsecured network to cause damage, disruption, theft or possibly loss of life. For traditional IT systems in a building, the threat may be loss of communications, unauthorized access to sensitive data, theft of intellectual property, disruption of equipment (which may include physical security systems such as access control and video surveillance), loss of data, and impediments or stoppage of normal business operations. For the other building systems, such as HVAC control, electrical distribution, lighting, and elevators, the threat is disrupting critical building infrastructure, which also impedes or stops normal operations. Depending on the building use and building control system, a security threat may be related to life safety; for example, disrupting emergency power, lighting, and HVAC in a critical healthcare space. The threat to building systems is not hypothetical; the infamous Stuxnet cyber-attack in 2010 eventually affected programmable logic controllers (PLC), a controller heavily used in industry, but also commonly used in buildings, for example in elevators and lighting equipment.

In general the building automation industry and facility management has treated the security of building control networks as a secondary or tertiary issue, if at all. The most popular security approach for a building management system (BMS) is to isolate the BMS; not letting it connect to any other networks. But that in itself is a false sense of security; the BMS

Table 4.1

BAS Security Attacks

Network Attacks

Device Attacks

Interception

Network Sniffing

Software

Code Injection

Exploiting Algorithm Weakness Availability Attacks Configuration Mechanism Abuse

Fabrication

Insert Malformed Messages

Side-

Time Analysis

Insert Correct Messages Replay Old Messages

Channel

Power Analysis Fault Behavior Analysis

Modification

Interruption

Man-in-the-Middle Attacks Alteration

Denial of Service Network Flooding Redirection

Physical

Eavesdropping Microprobing Component Replacement

at a minimum will have fire systems, HVAC, access control, elevators and possibly lighting connected into it, potentially allowing access from one of those networks or one of the devices on those networks. Some minimal or partial security measures may be in place for some buildings, but not the comprehensive security measures needed to prevent or minimize network vulnerability. It's fair to say that most traditional building management systems are not secured.

In fact, many legacy BMS systems have back doors allowing the BMS manufacturer or local control contractor to monitor, manage or update the systems. It is interesting that while the recent security concern is about newer intelligent buildings, it is older buildings with legacy BMS systems that are much more vulnerable to attacks. The legacy systems have less computing power and are vulnerable to newer, more powerful and advanced technology that a hacker may use. The legacy systems are also likely to be running older operating systems, some of which may no longer be updated with security patches. In addition, the vulnerabilities of older systems are well known to hackers, thus minimizing the effort and time needed for an attack.

The automation industry has rightfully strived for systems standards with a move from proprietary implementations to open and transparent communication protocols. There are many benefits to open standards: compatibility of products, customization, avoiding being locked-in to one manufacturer, interoperability, competitive costs, and more support options. At the same time, open and transparent standards would seem to increase vulnerability of BAS networks, basically providing all the information hackers would need to assess vulnerabilities and potential approaches for an attack. This may look like something akin to giving the car thief the keys to the car.

But one of the upsides of the open standards movement is that it allows those communication protocol standards to incorporate network security related attributes into the standards. Most major BAS standards have incorporated some security mechanisms into their standards. The security aspects of BACnet are probably the most advanced. But at the other end of the spectrum is Modbus, which has no inherent security capabilities.

A cyber-attack on a BAS network is either going to access the network, trying to access or disrupt the communication or exchange of data, or the BAS devices, namely the controllers, actuators, and sensors. The BAS network could be accessed physically, or possibly via wireless communication, but also through a network device, such as a compromised controller. The attacks on the devices are likely to come from the network or physical manipulation of the device.

Table 4.2

Typical IT Security Measures

Strong firewalls

User authentication

Secured wireless

Awareness about physical security

Use VPNs in enterprise situations

Back-up policy

Strong encryption of BAS data communications

Network hardware is in secured data center

Intrusion detection systems

Devices that can capture IP packets

 
Source
< Prev   CONTENTS   Source   Next >

Related topics