Smart buildings are popping up in towns and cities all over the world. Using a set of Building Automation Systems (BAS) to control their internal and external environments, smart buildings can save organizations lots of money and help the environment. For example, a BAS may control air conditioning and ambient lighting, resulting in a significant reduction in electricity bills.
If you’re a tech enthusiast, you may have joined a free community website and taken part in the increasing number of discussions around smart buildings. One of the hottest topics at the moment is smart building security. Experts believe many smart buildings aren’t adequately protected from cyberattacks, and the tech industry needs to act quickly to address this risk.
Why are smart buildings vulnerable?
A smart building may contain many BAS, which share information and control various aspects of the environment. Striking a balance between connectivity between devices and safeguarding data from leaks or hacks is a big challenge. In a network of dozens or hundreds of sensors, there are numerous opportunities for attackers to break into a system.
Specific threats include malware, which can be used to take control of a computer system that controls automated systems, spyware, phishing scams, and worms. Cybersecurity firm Kaspersky says that at least 40% of smart buildings are at risk of attack.
Shodan, a search engine that locates unsecured devices that are connected to the internet, is a useful tool for hackers. Using Shodan, cyber attackers can identify system components within smart buildings. Armed with this information, a hacker can find the BAS IP address, locate a login page online, and access the system.
Having taken control of a BAS, a hacker can then hold a company to ransom by asking for money in exchange for relinquishing their control over a building’s systems. Other hackers may be motivated by a desire to frighten the public, disrupt services, steal valuable information, or simply prove themselves smarter than cybersecurity staff.
How can we improve cybersecurity for smart buildings?
A smart building may contain hundreds of devices from various manufacturers, who may not design their components to be compatible with those from other suppliers. Organizations should scrutinize their supply chains when setting up smart systems, ensuring that they choose high-quality components that can be incorporated into a safe, secure network.
An organization needs to know how many devices are in operation and how they connect to others in the network. They need to establish a baseline for routine operations – any sudden deviation is a useful early warning signal that the network may be under attack.
Technology is a rapidly changing landscape, and security staff needs to stay abreast of the latest threats to BAS. Setting aside a budget for ongoing training and development will pay off in the long run; recovering from an attack is costly in terms of time and money.