Complex cyber threats to smart buildings range from locking doors and changing building temperature, to pumping gas into specific spaces to harm the occupants
Author: Tomer Nuri, IOTSI SCCISP, firstname.lastname@example.org
In 1998, the sci-fi thriller “Dream House” was the first movie that addressed potential threats by smart home/building infrastructures. Since then, it has become almost impossible to watch a movie describing a hostile takeover of a high-class building without encountering at least one scene dealing with the disruption of the building’s infrastructures and management systems – and for a good reason. Building automation and management systems made considerable progress in recent years, and now provide a significant base for intrusion by threats capable of affecting the operational infrastructures and therefore effect the physical dimensions (by metaphysical threats) and the serviceability and survivability of the ICT systems throughout the organization.
The domain of cyber security for Building Automation Systems (BAS) and Building Management Systems (BMS) belongs to the complex category of security for critical infrastructures, along with security for SCADA/ICS systems in the manufacturing and operations world and security for IoT systems
Unlike the SCADA and IoT categories, where security efforts are being invested and the importance of security is a matter of consensus (even though the accomplishment of this objective is by no means a trivial matter), in the smart building category, the issue of security is still a matter of considerable ambiguity. For example, if an organization is preparing to build a new building or to relocate to a new campus and various contractors have already been selected, like the framework contractor, the structural work contractor, the finishing contractor and so forth – unless one of the contractors is a cyber-technology contractor, these preparations will be an example of poor planning that could result in vulnerable operational systems in that building that would necessitate a more substantial investment of resources later on.
The building management and automation systems constitute a critical backbone that links together and manages all of the systems that are essential to the uninterrupted function of the building, from climate controls through lighting controls, ventilation, fire alarm and extinguishing systems, elevator and parking controls to physical and logical access controls.
In recent years, BAS/BMS manufacturers have begun to adopt standard protocols as BACNET and MODBUS for linking the various systems to the management backbone. The transition from dedicated protocols to standard protocols offers numerous advantages, especially with regard to more efficient integration and synergy, but also constitutes a source for various threats and vulnerabilities.
Control System Disruption
An attack against any one of these subsystems or a synchronized attack against multiple systems could lead to a complex cyber event that has the potential of adversely affecting the experience of visitors in the building being attacked, and in some cases even constituting an actual threat to the people in it. For example, a sharp rise in temperature and a disruption of the climate control system along with the activation of the public address system and alarm sirens might lead to a situation that will deteriorate to the point where staying in the building or in specific parts of it would become impossible. A much more severe scenario might evolve in the case of a meeting room whose electronically-controlled doors are locked by hacking into the physical access control systems, and at the same time – gas-based fire-extinguishing systems are activated to pump gas into that room. This will create a combined situation that poses an immediate danger to everyone in that room.
Generally, the threats to smart building systems may be classified into several categories: disruption/interruption of the normal function of controllers and operational systems; disruption of telemetry and control data for the purpose of displaying false control indications; illegitimate transmission of commands to various controllers at a different frequency, while using an illegitimate source (a “foreign” element connected to the building network in a stationary or mobile form); illegitimate transmission of commands to various controllers at a different frequency while posing as a legitimate source.
As stated, the ultimate objective of the attack is not always the critical operational systems. In some cases, these systems are exploited by the attacker as an interface with other critical IT systems (as in the case of the hacking into the network of the Target chain, which started with a supplier accessing the climate control systems).
The challenge in security for smart building systems stems from the fact that in most cases, such systems involve a substantial physical area containing decentralized infrastructures that provide hostile parties with convenient access options. Additionally, for various reasons, it is not always possible to completely isolate the operational communication infrastructures of the building from the other general infrastructures, especially in the case of building clusters.
Here are some examples of security measures that may prove effective against threats of the types described above.
Monitoring of traffic and signaling – monitoring the data traffic and the signals exchanged between the building management system and every last controller can contribute to the detection of irregularities and threats to the critical infrastructures of the building.
Analytical security – a small number of analytical security manufacturers offer support for monitoring and analyzing protocols and data traffic in the field of smart buildings. These systems can identify evasive threats (stealth malware), including repetitive transmission of commands to various controllers.
Segmentation & network encryption – micro-segmentation and L2 encryption technologies, incorporated and automatically activated in the communication infrastructure of the building, can minimize “migration” of threats between systems and establish an additional layer of security with no user involvement.
Physical Security Operations Centers (SOC) – more and more organizations that have understood the severity of the risk in question are incorporating cybersecurity planning in the construction phase and are even establishing SOCs that focus on the detection of threats to the operational systems. For this purpose, automatic blocking and response management systems may be combined with SIEM systems that feature built-in support for analysis of events and metadata from BAC/BMS systems, as well as correlation capabilities.
Reducing the vulnerability space – rigidizing of critical subsystems and methodical enforcement of operational processes will reduce the vulnerability space of every smart building.
Providing a security solution begins, as always, with an understanding and recognition of the threat and advance planning, followed by the deployment of an effective line of defense. In the field of smart buildings, the most important thing is to incorporate cyber-oriented thinking as early as during the design stages, if possible.
For more information and a practical guide for a reference security architecture visit IOTSI web site and access all required documents.