Cybersecurity can be a scary subject for smart buildings managers, especially after several reports of connected buildings being hacked and users held for ransom. The cyberattack on a hotel in Australia and the DDoS attack on the heating system of two apartments in Finland are all just an indication of what hackers can do to connected buildings.
Cybersecurity can be a scary subject for managers of smart buildings, especially after several reports of connected buildings being hacked and users held for ransom. A cyberattack on a hotel in Australia and a DDoS attack on the heating system of two apartments in Finland are all just an indication of what hackers can do to connected buildings.
To make things complicated, many building managers are not IT experts, and require training to manage threats in this emerging sector.
To minimize cybersecurity risks in smart buildings, the global chip-making company Intel has provided a set of guidelines. A white paper from the company has outlined certain steps for good, better, and best protection against hackers.
At the device level
Cybersecurity solutions can be loaded onto systems and devices. A good security measure at this level would include blocking unauthorized applications and malware from entering the system by controlling the software that runs on the system. Software solutions that can whitelist applications are useful for this.
A better step would be to protect the data on the device through encryption, and preventing the unauthorized use of hardware such as removable storage devices.
Use SSL/HTTPS to ensure that software from internet of things (IoT) gateways or IP-enabled edge devices communicate through secure channels.
“Enable secure and user-friendly access to business-critical information,” Intel notes. “Give users a set number of attempts to enter their password, locking the system when unsuccessful to stop hackers using brute-force login attacks. Authenticate devices to ensure only those approved can connect to the network.”
The best solution, however, would be device and application software isolation. Prevent unnecessary interaction between applications, as this could be malware trying to access another application’s memory space and steal data.
At the network level
A good security measure at the network level would be to discover and block threats with an intrusion prevention system. Combat DoS and botnet attacks with deep inspection of network traffic and user behavior analysis to identify hackers.
Better yet, ensure the building system remains free of viruses and malware with deep content inspection of uploads onto the building portal.
“Web Security Gateways usually can deploy multilayered defenses including pattern-based malware scanning but some can provide additional security services based on behavioral engines to detect unknown threats based on code behavior,” Intel writes. “These can also inspect the mobile code and can provide detection for threads embedded into scripting languages not only in HTML but also PDF, office documents or flash. In addition, these can help in securing portals by controlling access based on the geolocation of the client making a request, can act as a reverse proxy to provide AAA-functionality and SSL security when acting as a reverse proxy.”
According to Intel, the best step is to detect when malware writers use packing to change the composition of the code or to hide it in order to evade detection.
At the data center and cloud level
Data centers and cloud storage devices could be where a lot of attacks are targeted as this is where all the information is stored. Ensuring the security of the databases can be considered a “better” measure in this category. All database activity should be visible to the administrator who will be able to terminate any activity that would violate security policies.
Prevention of all known zero-day attacks is also critical. However, the best solution here would be the employment of a security information and event management (SIEM) system. This offers real-time visibility into all activity on every system, database, network, and application.
“Identify stealthy attacks through real-time situational awareness,” Intel said. “Use data analytics to turn data and network traffic analysis into security intelligence.”