fast international shipping
ISO 9001/27001 Corporate certification
Manufacturer certified experts for your project-
fast international shippingISO 9001/27001 Corporate certificationManufacturer certified experts for your project
The rapid adoption of IoT-based systems with the promise of significantly reducing operating costs is driving rapid growth in the building and building automation market. The aim of these systems is to improve occupant comfort, reduce energy consumption and total cost of ownership, operate building services efficiently and extend the lifecycle of utilities.
This digital transformation of the building automation sector involves moving away from legacy proprietary systems and adopting edge-to-cloud computing architectures. There is a motivation to deploy lower cost sensors, both wired and wireless, to collect as much data as possible.
At the same time, the industry has a significant number of legacy building automation systems, applications, devices and networks that need to be managed, maintained and progressively modernised.
As with traditional ICS sectors such as manufacturing and electric utilities, managing cyber risk to smart buildings is a challenge. Smart building owners and operators today face shrinking resources, scarce cybersecurity talent and IT/OT convergence.
Let's look at both the potential of smart buildings and the realities of managing their cybersecurity risks.
Digitisation of building automation systems covers a diverse and complex range of applications. These applications include, but are not limited to:
Each system and device, including its various versions and iterations, has its own level of cybersecurity risk.
Digitising these systems offers a great opportunity to reduce energy and operating costs for building and facility operators. Many buildings are older and have legacy technology and could benefit significantly from retrofitting building control systems to reduce total cost of ownership and improve security.
According to the US Department of Energy, both commercial and residential buildings account for approximately 38 per cent of greenhouse gas emissions, presenting a significant opportunity for the new generation of IoT-enabled systems to reduce the sector's carbon footprint.
New smart, digital technologies for building monitoring and control can help improve the comfort of building occupants and provide information that can be used to operate the building as efficiently as the building structure and equipment allow.
But the increasing digitisation of all buildings increases cyber risk. Many owner-operators recognise the importance of a sound cybersecurity strategy due to the possibilities of digitalisation. Assets are becoming increasingly connected, increasing the need for secure remote monitoring and management of buildings.
Owner-operators also need to gain a better overview of the types of potential vulnerabilities that exist in their installed base of cyber and control system assets. Data flows need to be planned and monitored, necessitating the use of one-way data collectors.
Other challenging aspects of cyber security for smart buildings include:
IT/OT convergence - Many end users and trades in building automation still see IT and OT cybersecurity as separate challenges. However, attackers are already exploiting gaps between IT and OT defences. For example, spam phishing is often used to gain privileges and access to OT systems. Hackers use HVAC and other poorly defended OT systems as entry points into corporate data centres and IT networks.
OT Systems Incorporate More IT - The rise of the Internet of Things, Industry 4.0 and other broad technology initiatives are creating a huge wave of IT adoption at all levels of building systems architecture. Edge computing devices are already replacing proprietary controllers in a wide range of applications. The ARC Advisory Group sees the introduction of a wider range of cheaper, smarter and more pervasive sensors.
In addition to the functions of the systems and their specific sensor requirements, it is becoming increasingly difficult from a computational perspective to distinguish between building automation systems and enterprise-level systems.
The rise of OT-level cyberattacks - Cyberattacks on smart buildings, as well as related attacks on smart cities and infrastructure, can have far-reaching implications and pose risks to human safety. An attack in a large public building or structure (especially in a densely populated area) could lead to chaos.
Cyber-physical assets in smart buildings, cities and infrastructures are becoming more distributed, especially considering the new trend of monitoring entire fleets of buildings from a central location. On a campus or in a medical complex, these systems cover multiple city blocks and can be critical to the overall functioning of a city or community.
Expanded attack surface - Modern smart buildings have many systems and connections. These expand the threat landscape for an attack. In the case of the Target retail chain hack, the HVAC system was accessed and used to gain access to financial systems to steal credit card information for over 40 million people.
Insecure protocols - The use of insecure industry protocols is another way attackers can disrupt operations. This is especially true for building automation. Popular protocols such as BACnet and LonWorks are not inherently secure and, like those used in manufacturing, have their own vulnerabilities. Experienced attackers are aware of these gaps and have easy access to the documentation they need to create commands designed to disrupt the operation of controllers and other devices.
A comprehensive cybersecurity programme for smart buildings encompasses the three foundations of cybersecurity for any system: people, process and technology.
Builders and companies with building portfolios will find it difficult to put in place the teams, cultures and processes required to properly manage smart building cyber risk.
On the technology side, the good news is that innovative and mature solutions are available. OT-level cyber security vendors, such as Nozomi Networks, offer products that provide:
While the digital transformation of building automation systems can bring tremendous benefits in terms of energy and operational savings, occupant comfort and safety, and lower total cost of ownership, the associated cyber risks must be actively monitored and managed. In a rapidly changing world, we encourage smart building owners/managers to actively develop a comprehensive cyber security programme.