When we consider Smart Buildings, we immediately look for their advantages or benefits offered by them. We consider the efficiencies such smart infrastructure offers engineers, building managers, and inhabitants. Regardless of whether it's about efficiency, brand perception, or long-term value, investors and stakeholders will endure if their infrastructure isn't 'smart' by any means. Be that as it may, do we even consider their cybersecurity risks?
As our buildings and infrastructures become more complex, and with the number of IoT connected devices and other cloud services developing at a rapid pace, the risk and chance of cyberattacks turn out to be even greater. Then, what are these challenges and how can we keep them from happening in the future?
What Are The Challenges Of Smart Buildings?
The present infrastructure systems often miss the mark of effectively managing any potential digital intrusion. This is an immediate consequence of there being an undeniable disconnect between groups managing IT, who have immense knowledge about cybersecurity, and the groups managing OT or Operational Technology, who have the operational knowledge about building a management system (BMS).
Earlier, BMS required particular knowledge of frameworks and protocols and didn't need access to the internet or other corporate network resources. Along these lines, the security of a BMS network prevalently depended on obscurity and the absence of external connectivity. In any case, these days, the advancement of BMS technology has implied that usual BMS control frameworks now use a blend of OT conventions, such as Modbus and BACnet, along with IT conventions, for example, HTTP and FTP. This has revolutionized the manner in which smart buildings and infrastructure operate yet it has additionally affected how they can be targeted from a cyber perspective.
The advancement of BMS technology is basically a gold dig for hackers. Combined with the disconnect between OT and IT groups, the accepted operational model for infrastructures needs to change. As of late, there have even been hacker communities and research groups that spend crucial time in cyberattacks targeting smart buildings to steal significant data.
Eventually, the issue begins with the network of a BMS. This system can be regarded as a route into the broad IT network of an organization. Thus, not only does the management system become the target but so does the entire organization.
What Might Be The Solution?
For those looking forward to upgrading their building technology, the danger of cyberattacks is a huge barrier. It averts numerous sectors, mainly healthcare, financial services, and public sector, from putting resources into building enhancements. This is an immediate consequence of the fear of assaults, and the harm and disruption they could cause. In fact, an attack could cost millions to the entire organization.
To lessen the extent of these attacks and understand the maximum potential of smart infrastructures and buildings, operators and occupants need to alter how smart building managements systems are architected and overseen from the perspective of cybersecurity. Putting aside organizational boundaries and realizing the IT/OT disconnect is the initial move towards executing and operating smart building control systems that are cyber-secured.
Fortunately, there has just been robust support in the OT control systems industry to address the security difficulties being confronted today. Even better, industry affiliations have emerged to the need for common OT cybersecurity best practices, specifically with the advancement of the IEC 62443 global set of cybersecurity criterions. This is set to increase safety, accessibility, integrity, and confidentiality of systems used for industrial control and automation.
Principally, there are four key ways that organizations can create a secure, safe, and operational smart infrastructure:
1. Assess and secure OT building control systems
2. Choose IoT gadgets and sellers that follow a secure approach towards Development Lifecycle
3. Implement secure architectures to OT building control systems
4. Channel the secure OT building control systems through an IT Security Monitoring Zone.
The Future of Smart Buildings and Cyber Security -
The susceptibility of a BMS system operating with these two sets of conventions depends on the disconnect between the groups in the IT team, who have the required knowledge about cybersecurity and the OT group, who have the required knowledge about operations. If buildings get smarter with time and there’s a lack of communication between these two IT groups, it would result in technology becoming more vulnerable to an increasing number of cyberattacks. Groups need to cooperate to create a more secure system and organizations need to adapt to certain practices to keep their building as secure as possible.