Martin Lee is the Technical Lead, Threat Intelligence at Cisco. In this interview he discusses the critical security threats to smart buildings, the features of a robust and secure smart building system, and much more.
What are some of the most critical security threats to smart buildings today?
Smart buildings are being implemented without necessarily designing security into these systems from the beginning. Because of this, we risk creating smart buildings that have inherent weaknesses that attackers can exploit. We’ve seen this happen in many other environments; unless security considerations are implemented as part of the design, we will be forever trying to bolt on extra security and playing catch up with attackers.
This model of providing security has proved to be expensive and inefficient. We are now at a point that we can apply our experience of securing other systems to ensure that smart building systems are well designed and resilient to attack.
The provision of services to buildings such as power, water, electricity and internal facilities such as heating, air conditioning, lighting, lifts and door locks may all rely on small embedded computers, as these computers become networked to create a smart building we are creating new risks. Without considering the security needs of these devices and the networks that connect them, we’re creating the environment where attackers may maliciously activate motors, pumps, valves, open or close locks, control heating settings etc.
For example, permanent damage can be caused to information systems if the air conditioning in a data centre is disabled. Water dripping from an overflowing cistern that is constantly being replenished, even though it is full due to a faulty sensor or actuator, can wreck electronic equipment. Additionally, an office without water and functional washrooms is one where the workforce cannot operate without breaks.
We’ve recently seen attackers launch denial of service attacks against financial services organisations in an apparent attempt to occupy and distract security teams while more sophisticated attacks to compromise systems is undertaken. We can envisage the scenario where poorly protected environmental control systems that have not been subject to any security oversight are compromised by an attacker who switches the air conditioning to full heat and waits for the security operations team to take a break to cool down before launching an attack on sensitive systems.
A security researcher conducted research on the Philips hue lighting system and found a vulnerability that can be used by malware on an infected machine on the user’s internal network to cause a sustained blackout. This is probably just the tip of the iceberg considering how many companies and technologies are part of a smart building. What can owners do to make sure they are protected? Are we nearing a time when we’ll need a penetration tester like we need our chimneys cleaned every year?
As we are beginning to see these smart building systems deployed, we are also beginning to discover that these systems have vulnerabilities. We need to start considering these smart networked appliances as the small computers that they are, rather than as the dumb electrical appliances that they replace. Like any networked computer system, we need to think about how we authenticate users and machines on the network, how we control network access, how we enforce access to devices, and most importantly how these systems will be patched and maintained when they are deployed.
In the same way that the industrial revolution and the subsequent growth in cities created the need for chimney sweeps in the 19th century, I think that the continuing electronic and Internet revolutions which are driving the advent of smart buildings will create the need for new professions. I can envisage the need for new job roles such as the cyber-custodian, someone concerned with the commissioning, monitoring and ensuring the continued functioning of smart building systems. In any case, major systems within buildings are currently regularly inspected and maintained to ensure their correct functioning. As these systems become computerized and networked, regular mechanical maintenance and inspection will continue, but there will also need for the networks and computer systems to be inspected and maintained too.
Owners can help themselves by considering during the design phase what they have at risk should their smart building system be breached. At the very least, owners should appoint someone to be responsible for cyber security and to ensure that smart building systems follow the appropriate best practices and cyber security standards that are applicable to any networked environment.
What are the features of a robust and secure smart building system? What features should owners be on the lookout for?
Owners need to ensure that the security features of a smart building are appropriate to the security needs of the activities that are carried out within the building. Not every smart building will require top security, but some will.
Owners need to know what smart systems they have in their building, how these are networked, how these systems are accessed and how authorized use of these systems is authenticated. Owners should also consider how would they know if there was a problem with a smart building system, and how would they be able to fix it.
These tasks are very similar to those currently performed by network administrators. Within an office network, we know how to authenticate users and devices, how to eliminate attacks, how to patch vulnerable systems and how to monitor traffic to identify unauthorized use. We now need to take these skills and apply them to the networked devices within a smart building.
Unlike attacks on a server, modifying the systems of an intelligent building can have a physical impact on its inhabitants. Is it reasonable for people be wary about working and living in an establishment that relies so heavily on technology?
Smart buildings have the opportunity to provide a much better environment for the people living and working within them. These devices can deliver just the right amount of service when required and switch off, or deliver reduced service, when they are not required. A building with a smart heating system that reacts to the local environment to provide a constant pleasant temperature is infinitely preferable to the type of heating system that is switched on October 1st and switched off April 15th with no regard to unseasonable heat waves or cold snaps. If we are to reduce our energy consumption and reduce our carbon emissions, we’re going to need technology to help us achieve these goals, smart buildings are certainly going to help with this.
Technology has brought many benefits to our lives, and can do the same for the built environment. However before the technology is deployed the security aspects need to be considered and correctly managed. Technology permeates so much of our lives that we tend not to notice it. In many ways this should be the goal of technology, to quietly enhance our lives without us being aware of it. As security professionals we need to ensure that this is true of smart buildings and to ensure that the security posture of the building is compatible with the security needs of the activities that taking place inside.
Martin Lee will moderate a Risk Forum on this topic at the 2013 EuroCACS / ISRM Conference that will take place at Hilton London Metropole on the 16th – 18th September 2013.