Weekly Briefing

article sponsor image

Buildings Go High Tech – And So Do Cyber Threats

5 min read
listen to article Listen to this article

Today's buildings are smarter. From access control to fire safety, HVAC, lighting and humidity control, everything can be centrally managed and optimized to best fit the needs of each specific building and employee. Building Management Systems (BMS) make this possible, reducing building energy and maintenance costs. They can also reduce the building's environmental footprint and improve the security and safety of the built occupants and property stored in it.

BMS have undergone significant and complex changes. Only a decade ago, it controlled HVAC and possibly a physical security system. Today, however, BMS controls virtually every aspect of a smart building. According to Data Bridge Market Research, Building Management System market size is valued at USD 38.76 billion by 2028 is expected to grow at a compound annual growth rate of 15.03% in the forecast period of 2021 to 2028. While a BMS can yield huge benefits in streamlining processes and decreasing costs, it can be equally detrimental if security is not included in deployment and management.

BMS Adoption – the Double-Edged Sword

In fact, there have been documented cases where attacks to BMS have resulted in damage:

  • 2017 – A cyberattack on the Romantik Seehotel Jägerwirt, a prominent hotel in Austria, by cyber criminals who compromised the electronic key system, left hotel guests unable to enter their hotel rooms and disrupting other business operations.
  • 2018 – The FBI warned that unpatched devices on BMS networks were exposed to hackers exploiting vulnerabilities in FOX protocol which is common in BMS.
  • 2019 – Kyasupā, a prominent hacker found half a dozen hackable vulnerabilities in the IoT systems used in a capsule hotel he stayed at in 2019. They allowed him to hijack the controls for any room at the hotel to mess with its lights, ventilation, and even the beds in each room that convert to a couch.

As BMS technologies become more connected and smarter, the cybersecurity risks are only expected to increase. Understanding this new risk profile and how to manage it are essential in stopping future attacks.

Disrupt BMS Attack Paths with OT Security

Control Physical Access

Unlike traditional IT networks, buildings accommodate a wide group of people. Some of these individuals may be authorized employees. Many, however, may be visitors to the location (including suppliers, customers, maintenance workers, etc.) Most buildings have physical perimeter security set-up but once making it past the perimeter, individuals may gain easy access to restricted areas of the building – including where BMS systems are housed. To counter the physical or on-site threat, a BMS security solution must periodically query individual devices at all locations to identify if any changes have been performed via physical connection. It is also important to query servers, workstations, networking equipment, gateways, and any other devices that are critical to the regular network operations.

Smartly Secure the OT Infrastructure

BMS networks tend to have a heterogeneous infrastructure. A multi-vendor environment is generally the norm with different systems controlling everything from the elevator banks to the solar array on the roof. Many different devices can control one or several buildings on a more distributed campus using the same protocol.

In order to manage all of these devices, organizations should have a security solution in place that utilizes several discovery methods to create an accurate and real-time asset inventory. This enables you to secure the entire multi-vendor set of products that comprise BMS. What’s more, you need to be able to account for dormant devices that are not communicating regularly over the network. Even if assets are not communicating over the network, they will respond to a command. Deep knowledge, including visibility into all types of devices, patch levels, firmware versions and backplane information are essential. You should leverage both network as well as device-based protection to account for the network activity and also specific details on the devices that are on the network.

Catch Vulnerabilities Before They Are Exploited

BMS environments often contain a mix of legacy devices that control older technologies, such as fire suppression and physical security. This occurs alongside newer technologies such as living roofs, adaptive window tinting and more. With a multi-vendor, multi-generational environment, all the various patch levels across each device type are difficult to maintain. In addition, an up-to-–date patch management program to assure protection from newly discovered vulnerabilities is cumbersome. If this were performed manually, it would not only consume a significant amount of time but would also be vulnerable to human error.

To achieve proper security, you need deep awareness of the state and characteristics of every device. You also need accurate matching between the specific condition of the devices and the available knowledge base on vulnerabilities to eliminate false positives. Because of the constantly changing threat conditions, this information should be updated regularly and kept in sync with newly discovered vulnerabilities. Take special care to extract detail on devices (e.g. model, firmware, patch levels, installed software, serial number) and use a triage score beyond the industry standard common vulnerability scoring system (CVSS) so you know what vulnerabilities are most severe for your environment. Doing so will provide an airtight patch management plan when maintenance windows are scheduled.

In Conclusion

Cybersecurity is essential to eliminate many of the core risks present in BMS environments. To mitigate that risk, it is essential to gain full visibility into all the operational assets that control the myriad of BMS systems inhabiting the building or campus. That includes HVAC, access control, fire suppression, lighting, physical security, elevators and other devices. Leverage the latest security solutions that use network detection as well as device-based querying technology to detect any threat to your operation. The ability to customize a comprehensive policies mechanism and create rules adapted to the routine of each individual network helps ensure that security is optimized for your unique BMS requirements. This, combined with flexible deployment options, empower security teams to control processes and keep BMS and building operations they support running at peak efficiency, without unacceptable risk.

Marty Edwards, VP, Operational Technology Security, Tenable
Marty Edwards is a 30-year industry veteran who works with government and industry leaders throughout the world to broaden understanding and implementation of people, process and technology solutions to reduce their overall cyber risk. He has held a variety of roles in the instrumentation and automation fields.

Michael Rothschild, Sr. Director, OT Solutions, Tenable
With more than 20 years of security experience, Michael Rotschild is the Senior Director of OT solutions at Tenable. He is a past professor of marketing and has published a number of works on the topic.

This Week’s Sponsor

Microlab is a leader in low PIM RF and microwave products enabling signal distribution and deployment of in-building DAS wireless base stations and small cell networks. High performance passive components such as power combiners, directional couplers, attenuators, terminators and filters are developed for broadband applications to support public safety networks, GPS reference signaling, television transmitters, and aircraft landing systems. Microlab’s active solutions include GPS signal repeaters for cellular timing synchronization and smart components for real-time in-building DAS system diagnostics.