Smart building security: Threats, tips and tricks
by Mirko Zorz - Editor in Chief - Thursday, 29 August 2013.
In the same way that the industrial revolution and the subsequent growth in cities created the need for chimney sweeps in the 19th century, I think that the continuing electronic and Internet revolutions which are driving the advent of smart buildings will create the need for new professions. I can envisage the need for new job roles such as the cyber-custodian, someone concerned with the commissioning, monitoring and ensuring the continued functioning of smart building systems. In any case, major systems within buildings are currently regularly inspected and maintained to ensure their correct functioning. As these systems become computerized and networked, regular mechanical maintenance and inspection will continue, but there will also need for the networks and computer systems to be inspected and maintained too.

Owners can help themselves by considering during the design phase what they have at risk should their smart building system be breached. At the very least, owners should appoint someone to be responsible for cyber security and to ensure that smart building systems follow the appropriate best practices and cyber security standards that are applicable to any networked environment.

What are the features of a robust and secure smart building system? What features should owners be on the lookout for?

Owners need to ensure that the security features of a smart building are appropriate to the security needs of the activities that are carried out within the building. Not every smart building will require top security, but some will.

Owners need to know what smart systems they have in their building, how these are networked, how these systems are accessed and how authorized use of these systems is authenticated. Owners should also consider how would they know if there was a problem with a smart building system, and how would they be able to fix it.

These tasks are very similar to those currently performed by network administrators. Within an office network, we know how to authenticate users and devices, how to eliminate attacks, how to patch vulnerable systems and how to monitor traffic to identify unauthorized use. We now need to take these skills and apply them to the networked devices within a smart building.

Unlike attacks on a server, modifying the systems of an intelligent building can have a physical impact on its inhabitants. Is it reasonable for people be wary about working and living in an establishment that relies so heavily on technology?

Smart buildings have the opportunity to provide a much better environment for the people living and working within them. These devices can deliver just the right amount of service when required and switch off, or deliver reduced service, when they are not required. A building with a smart heating system that reacts to the local environment to provide a constant pleasant temperature is infinitely preferable to the type of heating system that is switched on October 1st and switched off April 15th with no regard to unseasonable heat waves or cold snaps. If we are to reduce our energy consumption and reduce our carbon emissions, we’re going to need technology to help us achieve these goals, smart buildings are certainly going to help with this.

Technology has brought many benefits to our lives, and can do the same for the built environment. However before the technology is deployed the security aspects need to be considered and correctly managed. Technology permeates so much of our lives that we tend not to notice it. In many ways this should be the goal of technology, to quietly enhance our lives without us being aware of it. As security professionals we need to ensure that this is true of smart buildings and to ensure that the security posture of the building is compatible with the security needs of the activities that taking place inside.

Martin Lee will moderate a Risk Forum on this topic at the 2013 EuroCACS / ISRM Conference that will take place at Hilton London Metropole on the 16th - 18th September 2013.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th