While smart buildings use connected devices to boost efficiency and user experience, such connectivity also introduces cybersecurity risks. Keeping the building secure from cyber threats and attacks is therefore a top priority. This article looks at some of the solutions and best practices to effectively secure connected, smart buildings.
Smart buildings leverage the powers of IoT devices to make buildings more efficient and sustainable. Yet they are also vulnerable to cyberattacks and threats. The reason is simple: these buildings being connected, a breach on one device may compromise the entire system, which can bring irreparable damage to the building. Operators thus place a high priority on the cybersecurity of smart buildings.
Solutions addressing Layer 1 visibility issues
In this regard, though, operators are faced with various challenges. One of the major challenges is a lack of visibility – being able to see what devices are on the network, how they are functioning and whether they may create problems.
Especially, a lack of Layer 1 visibility is particularly concerning. “Layer 1 is the physical network layer and can be compared to a physical road if comparing a building network to a city’s road system. Additionally, Layer 1 are the cables and hardware connections that construct a network. Layer 1 visibility is the ability to have all eyes on what is plugged in and where. If anything new is introduced, you will know immediately. Without Layer 1 visibility, an attacker can plug unauthorized technology into these networks without you knowing,” said Luke Bencie, MD, and Sasha Hossain, Junior Research Associate, at Security Management International.
According to Sepio through a
whitepaper, traditional security solutions like Network Access Control (NAC) and Intrusion Detection Systems (IDS) fall short because they operate at the software level and lack Layer 1 awareness. “Layer 1 visibility is crucial for detecting rogue or hidden devices. While NAC enforces access policies and IDS scans for suspicious traffic patterns, neither can detect rogue hardware that physically connects to a network but remains invisible at the software layer. This blind spot allows attackers to exploit endpoints, often through USB drops, unauthorized Wi-Fi devices, or spoofed MAC addresses,” Sepio said.
That said, Sepio has a solution that helps smart building operators gain visibility. “Sepio’s platform addresses the root cause of smart building cybersecurity challenges: network asset visibility. Unlike traditional security solutions, Sepio leverages physical layer visibility to provide unparalleled asset awareness, going deeper than any other approach. By creating a digital fingerprint of all devices using multiple Layer 1 parameters and a unique machine learning algorithm, Sepio ensures ultimate visibility across IT, OT, and IoT assets, whether managed, unmanaged, or hidden,” Sepio said, adding that the company also uses a Zero Trust Hardware Access (ZTHA) approach that enforces strict hardware access control policies.
A layered approach
While having visibility of IoT devices is important, it alone isn’t enough to fully protect smart buildings from cyberattacks. What’s recommended is a layered approach that makes smart building cybersecurity more complete and comprehensive.
“It is recommended to implement what is called a ‘layered’ security approach of combining physical security, network segmentation, and regularly updating firmware and conducting robust penetration testing regularly. Furthermore, preparing response plans is crucial to make response time more efficient. When organizations are able to see all their devices, traffic, and behavior across all layers of their tech environments is when they can begin to create and enforce policy and protect the systems they need,” Bencie and Hossain said.
Salvatore D'Agostino, CEO of IDmachines, echoes those remarks. “In general, perform a risk assessment that includes an inventory of devices and users. This would include all network connections, ports, radios, and credentials. Include vendors and their maintenance staff and make sure that any turnover resulted in revocation of their credentials and also an updating and curation of keys, both physical and digital, including key rotation. Follow best practice, consult with and see if your vendor supply chain is on top of this and has policy and procedures for this,” he said.
Other standards and best practices
D'Agostino also mentions some other standards and best practices to make smart buildings more cybersecure. These include adopting NIST IR 8425 core baselines to counter default credential exploitation; implementing IEC 62443-2-1 security programs to prevent third-party vendor credential theft; and adopting NIST SP 800-63-4 identity proofing to counter social engineering attacks. Default credential exploitation, third-party vendor credential theft and social engineering attacks are among the most common security threat vectors against smart buildings.