search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
FEATURE SMART BUILDINGS & IOT


UNDERSTANDING THE CHALLENGES OF CYBER IN SMART BUILDINGS


Fabiana Moreno, end user marketing manager at Schneider Electric, looks at the security challenges faced as buildings become ‘smart’


To mitigate these attacks and realise


the full potential of smart buildings, operators and occupiers need to alter how smart building control systems are architected and managed from a cyber security perspective. Setting aside organisational barriers and acknowledging the IT/OT disconnect is the critical first step towards implementing and operating cyber secure smart building control systems. Luckily, there has already been strong


W


hen we think about smart buildings, we immediately think


about their advantages. We think of the efficiencies such connected building technology offers developers, building managers and tenants. Whether it’s about efficiency, long-term value or brand perception, stakeholders will suffer if their building is not ‘smart’. As buildings become more complex, with


the number of IoT connected devices and cloud services growing exponentially, the threat and chance of cyber attacks becomes even greater. So, how can we understand these challenges and prevent them from happening in the future?


THE CHALLENGES Sadly, today’s buildings systems often fall short of effectively managing any potential cyber intrusion. This is a direct result of there being an obvious disconnect between groups managing information technology (IT), who have extensive cyber security knowledge, and the groups managing building operational technology (OT), who have the building management system (BMS) operational knowledge. Previously, BMS required specialised


knowledge of systems and protocols and didn’t require access to corporate network resources or the internet. Therefore, the security of a BMS network predominantly relied on obscurity and the lack of external connectivity. However, in this day and age, the evolution of BMS technology


22 SEPTEMBER 2019 | ELECTRICAL ENGINEERING


has meant that typical BMS control systems now use a combination of OT protocols, including ModBus and BACnet, as well as IT protocols such as HTTP and FTP. This has revolutionised the way smart buildings operate, but it has also affected how they can be targeted from a cyber perspective. The evolution of BMS technology is


essentially a gold mine for hackers. Coupled with the disconnect between IT groups and OT groups, the de facto operational model for buildings needs to change. In recent years there have even been hacker communities and research groups that specialise in cyber attacks, targeting smart buildings to retract important data. Ultimately, the problem starts with the


network of a BMS. This network can be deemed as a way in to the wider IT network of an organisation. Hence, not only does the management system itself become the target but so does the whole company.


THE SOLUTION For those looking to update their building technology, the risk of cyber-attacks is a huge roadblock. It prevents many sectors, most notably healthcare, FS and public sector, from investing in buildings enhancements. This is a direct result of the fear of attacks, and the damage and disruption they could cause. The sad reality is that an attack could cost millions to an organisation.


support in the OT control systems industry to address the security challenges being faced today. Better yet, industry associations have risen to the need for common OT cyber security best practices, in particular with the development of the IEC 62443 global set of cyber security standards. This is set to improve safety, availability, integrity and confidentiality of systems used for industrial automation and control. Fundamentally, there are four key ways


that organisations can create a secure and operational smart building: • Assess and protect legacy OT building control systems • Choose IoT devices and vendors that follow a secure development lifecycle approach • Implement secure OT building control system architectures • Bridge the secure OT building control systems through an IT security monitoring zone


THE FUTURE The vulnerability of a BMS system working with these two sets of protocols lays on the disconnect between the groups in the IT team, who have the cyber security knowledge and the OT team, who have the operational knowledge. The smarter a building gets and the less these two groups work with each other, the more vulnerable technology will become, resulting in the increase of external cyber attacks. Teams need to work together to create a more secure system and organisations must adhere to certain practices to keep their building as secure as possible.


Schneider Electric schneider-electric.co.uk





Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56