Protecting Smart Buildings from Cyber Threats
Complex cyber threats to smart buildings range from locking doors and changing building temperature, to pumping gas into specific spaces to harm the occupants
Tomer Nuri
| 16/03/2017
Photo: Bigstock
In 1998, the sci-fi thriller Dream House was the first movie that addressed potential threats by smart home/building infrastructures. Since then, it has become almost impossible to watch a movie describing a hostile takeover of a high-class building without encountering at least one scene dealing with the disruption of the building's infrastructures and management systems – and for a good reason. Building automation and management systems made considerable progress in recent years, and now provide a significant base for intrusion by threats capable of affecting the operational infrastructures and, accordingly – the physical dimensions (metaphysical threats) and the serviceability and survivability of the computer and C4I systems throughout the organization.
The field of security for Building Automation Systems (BAS) and Building Management Systems (BMS) belongs in the complex category of security for critical infrastructures, along with security for SCADA/ICS systems in the manufacturing and operations world on the one hand and security for IoT systems on the other hand – as only recently we have become aware of the potential damage of threats from this particular source.
Unlike the SCADA and IoT categories, where security efforts are being invested and the importance of security is a matter of consensus (even though the accomplishment of this objective is by no means a trivial matter), in the smart building category, the issue of security is still a matter of considerable ambiguity. For example, if an organization is preparing to erect a new building or to relocate to a new campus and various contractors have already been selected, like the framework contractor, the structural work contractor, the finishing contractor and so forth – unless one of the contractors is a cyber technology contractor, these preparations will be an example of poor planning that could result in vulnerable operational systems in that building that would necessitate a more substantial investment of resources later on.
The building management and automation systems constitute a critical backbone that links together and manages all of the systems that are essential to the uninterrupted function of the building, from climate controls through lighting controls, ventilation, fire alarm and extinguishing systems, elevator and parking controls to physical and logical access controls.
In recent years, BAS/BMS manufacturers have begun to adopt such standard protocols as BACNET and MODBUS for linking the various systems to the management backbone. The transition from dedicated protocols to standard protocols offers numerous advantages, especially with regard to more efficient integration and synergy, but also constitutes a source for various threats and vulnerabilities.
Control System Disruption
An attack against any one of these subsystems or a synchronized attack against multiple systems could lead to a complex cyber event that has the potential of adversely affecting the experience of dwelling in the building being attacked, and in some cases even constituting an actual threat to the people in it. For example, a sharp rise in temperature and a disruption of the climate control system along with the activation of the public address system and alarm sirens might lead to a situation that will deteriorate to the point where staying in the building or in specific parts of it would become impossible. A much more severe scenario might evolve in the case of a meeting room whose electronically-controlled doors are locked by hacking into the physical access control systems, and at the same time – gas-based fire-extinguishing systems are activated to pump gas into that room. This will create a combined situation that poses an immediate danger to everyone in that room.
Generally, the threats to smart building systems may be classified into several categories: disruption/interruption of the normal function of controllers and operational systems; disruption of telemetry and control data for the purpose of displaying false control indications; illegitimate transmission of commands to various controllers at a different frequency, while using an illegitimate source (a "foreign" element connected to the building network in a stationary or mobile form); illegitimate transmission of commands to various controllers at a different frequency while posing as a legitimate source.
As stated, the ultimate objective of the attack is not always the critical operational systems. In some cases, these systems are exploited by the attacker as an interface with other critical IT systems (as in the case of the hacking into the network of the Target chain, which started with a supplier accessing the climate control systems).
The challenge in security for smart building systems stems from the fact that in most cases, such systems involve a substantial physical area containing decentralized infrastructures that provide hostile parties with convenient access options. Additionally, for various reasons, it is not always possible to completely isolate the operational communication infrastructures of the building from the other, general infrastructures, especially in the case of building clusters.
Moreover, the types of threats we are addressing are relevant to various elements, including:
Threats to national and defense organs – consider a smart building that contains a defense operations center dealing with the management of a critical event/situation, where the operational systems suddenly collapse.
Threats by cybercrime elements – concerned about a ransomware incident involving the organizational servers? How would you react if the entire building was taken hostage?
Threats by social/political activists – any such organization will be delighted to create the circumstances that would enable it to disable a major bank or a government ministry.
Effective Security
Here are some examples of security measures that may prove effective against threats of the types described above.
Monitoring of traffic and signaling – monitoring the data traffic and the signals exchanged between the building management system and every last controller can contribute to the detection of irregularities and threats to the critical infrastructures of the building. For this purpose, the market currently offers several solution categories, from NGFW (Next-Generation Firewall) type systems that offer support for identification and analysis of protocols that are relevant to the environment and incorporate a package of dedicated signatures for the specific environment, to systemic solutions that may be integrated in the building network in a non-disruptive manner to enable system-wide analysis of all signals, including a map of legitimate and hostile devices throughout the building space.
Analytical security – a small number of analytical security manufacturers offer support for monitoring and analyzing protocols and data traffic in the field of smart buildings. These systems can identify evasive threats (stealth malware), including repetitive transmission of commands to various controllers.
Segmentation & network encryption – micro-segmentation and second-layer encryption technologies, incorporated and automatically activated in the communication infrastructure of the building, can minimize "migration" of threats between systems and establish an additional layer of security with no user involvement.
Physical Security Operations Centers (SOC) – more and more organizations that have understood the severity of the risk in question are incorporating cybersecurity planning in the construction phase and are even establishing SOCs that focus on the detection of threats to the operational systems. For this purpose, automatic blocking and response management systems may be combined with SIEM systems that feature built-in support for analysis of events and metadata from BAC/BMS systems, as well as correlation capabilities.
Reducing the vulnerability space – rigidizing of critical subsystems and methodical enforcement of operational processes will reduce the vulnerability space of every smart building.
Providing a security solution begins, as always, with an understanding and recognition of the threat and advance planning, followed by the deployment of an effective line of defense. In the field of smart buildings, the most important thing is to incorporate cyber-oriented thinking as early as during the design stages, if possible.
***
Tomer Nuri is VP Technologies & CTO at MalamTeam
Complex cyber threats to smart buildings range from locking doors and changing building temperature, to pumping gas into specific spaces to harm the occupants
In 1998, the sci-fi thriller Dream House was the first movie that addressed potential threats by smart home/building infrastructures. Since then, it has become almost impossible to watch a movie describing a hostile takeover of a high-class building without encountering at least one scene dealing with the disruption of the building's infrastructures and management systems – and for a good reason. Building automation and management systems made considerable progress in recent years, and now provide a significant base for intrusion by threats capable of affecting the operational infrastructures and, accordingly – the physical dimensions (metaphysical threats) and the serviceability and survivability of the computer and C4I systems throughout the organization.
The field of security for Building Automation Systems (BAS) and Building Management Systems (BMS) belongs in the complex category of security for critical infrastructures, along with security for SCADA/ICS systems in the manufacturing and operations world on the one hand and security for IoT systems on the other hand – as only recently we have become aware of the potential damage of threats from this particular source.
Unlike the SCADA and IoT categories, where security efforts are being invested and the importance of security is a matter of consensus (even though the accomplishment of this objective is by no means a trivial matter), in the smart building category, the issue of security is still a matter of considerable ambiguity. For example, if an organization is preparing to erect a new building or to relocate to a new campus and various contractors have already been selected, like the framework contractor, the structural work contractor, the finishing contractor and so forth – unless one of the contractors is a cyber technology contractor, these preparations will be an example of poor planning that could result in vulnerable operational systems in that building that would necessitate a more substantial investment of resources later on.
The building management and automation systems constitute a critical backbone that links together and manages all of the systems that are essential to the uninterrupted function of the building, from climate controls through lighting controls, ventilation, fire alarm and extinguishing systems, elevator and parking controls to physical and logical access controls.
In recent years, BAS/BMS manufacturers have begun to adopt such standard protocols as BACNET and MODBUS for linking the various systems to the management backbone. The transition from dedicated protocols to standard protocols offers numerous advantages, especially with regard to more efficient integration and synergy, but also constitutes a source for various threats and vulnerabilities.
Control System Disruption
An attack against any one of these subsystems or a synchronized attack against multiple systems could lead to a complex cyber event that has the potential of adversely affecting the experience of dwelling in the building being attacked, and in some cases even constituting an actual threat to the people in it. For example, a sharp rise in temperature and a disruption of the climate control system along with the activation of the public address system and alarm sirens might lead to a situation that will deteriorate to the point where staying in the building or in specific parts of it would become impossible. A much more severe scenario might evolve in the case of a meeting room whose electronically-controlled doors are locked by hacking into the physical access control systems, and at the same time – gas-based fire-extinguishing systems are activated to pump gas into that room. This will create a combined situation that poses an immediate danger to everyone in that room.
Generally, the threats to smart building systems may be classified into several categories: disruption/interruption of the normal function of controllers and operational systems; disruption of telemetry and control data for the purpose of displaying false control indications; illegitimate transmission of commands to various controllers at a different frequency, while using an illegitimate source (a "foreign" element connected to the building network in a stationary or mobile form); illegitimate transmission of commands to various controllers at a different frequency while posing as a legitimate source.
As stated, the ultimate objective of the attack is not always the critical operational systems. In some cases, these systems are exploited by the attacker as an interface with other critical IT systems (as in the case of the hacking into the network of the Target chain, which started with a supplier accessing the climate control systems).
The challenge in security for smart building systems stems from the fact that in most cases, such systems involve a substantial physical area containing decentralized infrastructures that provide hostile parties with convenient access options. Additionally, for various reasons, it is not always possible to completely isolate the operational communication infrastructures of the building from the other, general infrastructures, especially in the case of building clusters.
Moreover, the types of threats we are addressing are relevant to various elements, including:
Threats to national and defense organs – consider a smart building that contains a defense operations center dealing with the management of a critical event/situation, where the operational systems suddenly collapse.
Threats by cybercrime elements – concerned about a ransomware incident involving the organizational servers? How would you react if the entire building was taken hostage?
Threats by social/political activists – any such organization will be delighted to create the circumstances that would enable it to disable a major bank or a government ministry.
Effective Security
Here are some examples of security measures that may prove effective against threats of the types described above.
Monitoring of traffic and signaling – monitoring the data traffic and the signals exchanged between the building management system and every last controller can contribute to the detection of irregularities and threats to the critical infrastructures of the building. For this purpose, the market currently offers several solution categories, from NGFW (Next-Generation Firewall) type systems that offer support for identification and analysis of protocols that are relevant to the environment and incorporate a package of dedicated signatures for the specific environment, to systemic solutions that may be integrated in the building network in a non-disruptive manner to enable system-wide analysis of all signals, including a map of legitimate and hostile devices throughout the building space.
Analytical security – a small number of analytical security manufacturers offer support for monitoring and analyzing protocols and data traffic in the field of smart buildings. These systems can identify evasive threats (stealth malware), including repetitive transmission of commands to various controllers.
Segmentation & network encryption – micro-segmentation and second-layer encryption technologies, incorporated and automatically activated in the communication infrastructure of the building, can minimize "migration" of threats between systems and establish an additional layer of security with no user involvement.
Physical Security Operations Centers (SOC) – more and more organizations that have understood the severity of the risk in question are incorporating cybersecurity planning in the construction phase and are even establishing SOCs that focus on the detection of threats to the operational systems. For this purpose, automatic blocking and response management systems may be combined with SIEM systems that feature built-in support for analysis of events and metadata from BAC/BMS systems, as well as correlation capabilities.
Reducing the vulnerability space – rigidizing of critical subsystems and methodical enforcement of operational processes will reduce the vulnerability space of every smart building.
Providing a security solution begins, as always, with an understanding and recognition of the threat and advance planning, followed by the deployment of an effective line of defense. In the field of smart buildings, the most important thing is to incorporate cyber-oriented thinking as early as during the design stages, if possible.
***
Tomer Nuri is VP Technologies & CTO at MalamTeam
