BUILDING CONTROLS & TECHNOLOGY VPN offers virtual security
Enabling secure remote access in building automation and energy monitoring applications is a major challenge. Will Darby, managing director of Carlo Gavazzi considers the advantages of virtual private networks in preventing cybersecurity breaches
B
uildings today are more connected than ever before. Strategically positioned Internet of Things (IoT) sensors in a workspace or factory, for example, can be used to
collect real-time, detailed information about a building’s energy consumption, the performance of an item of plant or the operation of a critical piece of manufacturing machinery.
Connecting IoT devices to a Building Energy Management System (BEMS) gives facilities and production managers an unprecedented level of insight into the performance of a building’s systems, enabling smart operational decisions to be made based on real-time data. IoT enabled devices also ensure that it is easier than ever to control and monitor a facility remotely. System integrators, for example, can connect from their office to a customers’ plant using a PC to monitor systems and resolve problems, saving both time and the expense of visiting a site. While there are obvious benefits to remote access, the downside is that it can also expose a system to cyberattacks. One method of ensuring secure, remote access to IoT devices is through a Virtual Private Network (VPN). A VPN enables a company network to be isolated from the internet through the use of an IP address which permits access only from authorised external devices. Provided there are adequate authentication
procedures in place to control access, the target IoT device will be securely interconnected with a user’s PC over internet through an encrypted channel or ‘VPN tunnel’. This tunnel goes through the public internet, but the data sent back and forth through it is protected by encryption and security protocols to help keep it private and secure. Nobody, not even those on the same Wi-Fi network, can monitor or intercept the traffic and decipher the data.
The advantages of a VPN include:
• Ease of use: it allows a seamless connection from field devices to a Cloud- based server through gateways
• It enables secure, remote control of devices and remote problem solving, without the need for operators to visit the field, saving both time and money
• A VPN eliminates the difficulties of accessing devices concealed behind firewalls and makes it easier to manage firewall rules
• A VPN also avoids Network Address Translation (NAT) issues which can occur when mapping multiple local private addresses to a public one before transferring the information.
• In addition, the VPN’s data encryption will provide protection against insecure Wi-Fi
When it comes to responsibility for cybersecurity of an energy monitoring or building automation system, all parties involved in setting it up and its operation have a role to play. The software supplier, for example, has a responsibility to provide recognised security measures and technical documentation; the device supplier has a responsibility to develop both software and hardware security measures and to provide technical documentation; the system integrator must implement system security measures and provide technical documentation; while the end-user/operator must use the system security measures and test, audit and certify the system. End users also have a responsibility to ensure users’ security training is up to date. It should always be remembered that cybersecurity is a process not a product. By simplifying common actions VPNs and remote access tools allow users to focus their efforts on maintaining the system to improve cybersecurity. While a VPN can facilitate procedures, it does not change peoples’ roles or responsibilities; it should always be remembered that cybersecurity is the result of collective efforts of coordinated users.
8 BUILDING SERVICES & ENVIRONMENTAL ENGINEER JULY 2022
For a business looking to improve the cybersecurity of its BEMS with the addition of a VPN, one option is to build and maintain a dedicated VPN platform. This can be expensive. Instead, using a Platform as a Service (PaaS) system can provide users with VPN access via the Cloud but without the need to install and maintain the hardware, software and infrastructure.
Carlo Gavazzi’s MAIA Cloud is a PaaS-based solution developed to allow a secure, seamless connection of remote devices through its Universal Web Platform (UWP) 3.0 Gateways. The UWP 3.0 Edge separates Cloud-based services from the fieldbus while enabling data to be transmitted between the local network and the Cloud. Users with access to the MAIA Cloud can easily reach the gateways and endpoints, provided they have the necessary access rights, using a standard web browser and a PC application called the MAIA Cloud Connector. The benefit of a MAIA Cloud solution is that its VPN tunnels are provided with best-in- class authentication. Users always need to authenticate themselves to a trusted portal before being able to access the system; to prevent any misuse, permissions for access for specific users or user groups can easily be set by the organisations administrator. Data breaches in today’s highly connected world have become commonplace with news headlines frequently shouting about major organisations falling prey to cyber attackers. These headlines are a warning that security should be a top priority for any business that allows remote access to its systems. Without a remote access VPN, these companies are putting their private information (as well as their employee and customer data) at risk.
Read the latest at:
www.bsee.co.uk
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38
