Intelligent, energy efficient buildings are all very well – but what about the security risks that come with the integration of building management and security systems asks Dr Tony Whitehead, director of policy at the Institution of Engineering and Technology.
An article earlier this year entitled ‘Intelligent thinking’ reviewed the business case for increased use of IT to deliver intelligent and sustainable buildings.
The driving forces listed included a combination of environmental and economic pressures. But also detailed advances in the technology employed in building management systems where the adoption of industry standard Internet Protocol (IP) based networks for a variety of control systems and physical security applications has paved the way for integration of building management and security functions.
The article showed the exciting possibilities that such integrated control systems offer to building owners and occupiers. However, before getting carried away, we should note that these advances also create a number of new cyber security related risks. Owners and occupiers of property with integrated building management and security networks need to be aware of these threats and prepared to protect against them.
Need for resilience and cyber security
Modern control systems, of which building management systems are a sub-set, are largely developed using standard commercially available components.
These include the networking technology, the computers and operating systems used by operators or managers, and applications built on standard databases, accessed via web browser interfaces.
Given frequent media reports about hacking, denial of service attacks, malware, etc. it should be evident that these technologies are vulnerable to attack. Even if a computer is standalone, i.e. not connected to a network or the Internet, it is still vulnerable to attacks through use of removable media such as USB sticks or CDs.
The problem is exacerbated by increasing connectivity of equipment and systems to the Internet. For example suppliers of plant and machinery such as lifts, generators and chiller equipment increasingly expect to have Internet connectivity to allow remote access for automated fault reporting and diagnosis.
Building owners or occupiers also expect to have connectivity to systems to allow monitoring of energy consumption. All these connections potentially provide a route for attackers or malware to gain access to your building management systems.
Nature of threats
Threats potentially emanate from four distinct sources: malicious outsiders; malicious insiders; non-malicious insiders; and nature.
“Malicious outsiders could be hackers, cyber criminals, activists or terrorists. Their intent may range for causing disruption and reputational loss through to causing serious harm including damage or fatalities.”
Adoption of building information modelling (BIM), with its increased electronic collaboration during design, construction and operation of a building, creates further cyber security risks.
The malicious insider may be motivated by disaffection leading to sabotage or misuse of privileges. However, the non-malicious insider can be just as dangerous, capable of causing significant harm through negligence or ignorance, e.g. failing to follow security procedures resulting in malware infections.
Finally, nature should never be underestimated for the risks it can pose to a company. Weather conditions, animals, insects and more could bring a building management and security system to its knees. For example, a weather event could result in loss of mains power causing the intelligent building systems to shut down and jeopardise the safety of occupants.
The nature of the threats affecting an intelligent building will vary widely. Their severity and impact depending on both the profile and nature of the building, and also upon activities or businesses it accommodates.
Recent media coverage of a threat to the Olympics opening ceremony, which arose from a potential cyber attack on Olympic Park power supplies, demonstrates that it is not just the building management systems that need protection, but also any infrastructure critical to their operation.
Cyber security across the building lifecycle
Cyber security risks to a building extend across the full building lifecycle.
During pre-construction stages there are risks related to the theft of designs and their embedded intellectual property value. During construction there are risks associated with confidentiality and security of tendering processes, and integrity of the delivered IT design.
During operations risks and issues will arise regarding management of the IT systems and infrastructure, particularly with regard to maintaining their security. This may be complicated by the different cultures between facilities management and corporate IT teams, and contractual interfaces between a diverse range of facilities and IT suppliers.
Adoption of building information modelling (BIM), with its increased electronic collaboration during design, construction and operation of a building, creates further cyber security risks.
These range from a need for good cyber security hygiene regarding transfer of electronic files and media, to the need to introduce new secure processes. For example, the need to control access to files, provide electronic version control, and an ability to prevent repudiation of electronically delivered designs. Control of access to design files is of particular concern for buildings containing sensitive functions, e.g. banks, courts and prisons.
Addressing the risks
To start to address vulnerabilities and hence risks to an intelligent building, a cyber security threat assessment should be conducted as early as possible in the building lifecycle and be regularly reviewed and updated.
This assessment should take into account the proposed design as it evolves, particularly as the degree and nature of IT integration between systems and required connectivity with third parties becomes clearer.
For contractual reasons it is unlikely that building management systems and corporate or occupier IT systems will share a common network infrastructure. However, it is the interconnections between them, planned or accidental, that pose the most significant threat.
In testing industrial controls it is not uncommon to discover up to a dozen connections between the control systems and corporate networks, when in theory there is an air gap between them. The use of wireless networking technologies on either building management or occupier networks can also significantly increase risks to both networks.
To address cyber security risks associated with BIM it is important that all collaborating organisations implement good cyber security practice. Given the number of organisations involved in a supply chain through the building’s lifecycle, this can be a significant challenge. Responsibilities should be clearly addressed in all contracts and sub-contracts.
Next steps
Cyber security is not solely an issue for government departments, defence contractors and financial institutions; it affects all sectors of the economy.
Intelligent buildings have the potential to offer significant economic and environmental benefits, but these could be easily lost through poor cyber security. Threats are both commercial, e.g. loss of intellectual property or compromised tenders, and regulatory, e.g. the health, safety and privacy of building occupants.
Widespread use of IP-based technologies can only increase as we move towards the Internet of Things. If you wish to harvest the benefits from intelligent and Internet technologies, it is time to start investing in cyber security awareness and skills for your organisation.