Smart homes and offices are becoming an increasingly normalized aspect of our home and work lives. Eventually, entire industrial complexes, towns, and even cities will be endowed with enough intelligence to significantly transform the way work and live.
However, before that happens, various challenges will need to be overcome with the smart buildings themselves. One of the biggest areas in which improvements will need to be made is the security of smart infrastructure.
In this article, we’ll take a look at a few of the threats faced by smart buildings as well as five considerations for anyone looking to ensure their smart home or office building stays secure, so, let’s start with the threats.
What are the Risks?
There are a multitude of threats that smart homes and buildings could come up against. From hackers with malicious intent to cyber-attacks such as denial of service attacks, malware, or attacks by botnets. In this section, we’ll briefly list a few of the most common threats to smart buildings and explain why.
While malware is typically associated with opening dodgy emails or clicking through toxic sites, smart buildings will still need to be protected. Message payloads containing malware could potentially damage equipment or disrupt critical data and therefore potentially endanger those inside the building.
Denial of service attacks typically involve either individual or multiple attackers targeting a network and sending a huge number of requests and otherwise useless traffic in order to drastically slow it to the point of being useless or bring it down altogether. Botnets are used to cause much large distributed denial of service attacks.
A botnet is a network of compromised, internet-connected devices infected with software that allows them to be controlled as a group. They are most often used to perform distributed denial-of-service attacks and can be potentially limitless in size. Two of the biggest botnets ever discovered are Metulji and Mariposa, both having enslaved over 10 millions machines each.
Brute Force Attacks
Brute force attacks are where a hacker will use the trial and error methods of application programs in an attempt to try to decode encrypted data. This is done through exhaustive effort, rather than any other strategy in that automated software is programmed to make a large number of consecutive guesses until the correct combination is found.
5 Security Considerations for Protecting Smart Buildings
One of the main obstacles seemingly holding back the widespread construction of smart buildings is their apparent lack of adequate security amidst the multitude of attack vectors such buildings would have by design. However, there are ways in which they can be protected.
Multi-Source Threat Intelligence
One of the best ways to continuously improve upon smart building cyber security is to analyse and integrate threat intelligence from a variety of different sources. These could be firewalls, gateways, networks, or even cloud systems. The information available from these sources can then be shared among the other devices connected within the security architecture.
Device & Software Isolation
In order to avoid interactions between applications running on a building’s system, some leading industry organisations suggest that separating security management functions and operational applications so as to allow the operational layer to be secured can prevent rogue applications from accessing the memory space of others and damaging, disrupting or stealing data.
Security Information & Event Management
Security information and event management platforms allow for real time visibility into all activity occurring on all systems, networks, databases, and applications. This real-time situational awareness can allow for threats to be met head on and enables data and network traffic analysis to be turned into security intelligence. This helps to create better situational awareness and can be used to gauge the current vulnerability status.
Regular Security Updates
As obvious as it may sound to some, it can still be an issue getting security updates onto devices. However, with recent revelations such as Meltdown and Spectre demonstrating just how vulnerable systems can be and the massive increase in attack vectors the Internet of Things (IoT) has created, it would seem reasonable to assume that regularly updating security will be a top priority for all who are invested in these technologies.
Encrypt All Traffic
Being aware of the vast number of threats out there, it makes sense to encrypt all traffic so as to prevent unauthorized access from those who may want to damage or steal data. Various encryption methods and services are available, and it is highly recommended by most industry experts as a standard.
The various means by which smart buildings could become infected with malware would also need to be considered. It is widely believed that the computer worm Stuxnet, which caused substantial damage to multiple centrifuges in an Iranian nuclear plant, was transmitted on an infected USB stick. As we continue to see the cyber landscape shift, it is becoming more and more essential that adequate resources are put into cyber security for smart buildings and one day entire smart cities.