As new technology proliferates, more and more hospitals, schools, factories, and even homes are becoming “smart” buildings. In these buildings, automated systems govern critical functions (e.g., lighting, HVAC, etc), often with the help of a complex network of Internet of Things (IoT) devices. With 5G deployments on the horizon, the network infrastructure to support this model will become even more robust, which will continue to fuel further smart building conversion. One recent estimate from a MarketsandMarkets report indicates the entire market may grow to over $105 billion worldwide by 2024.
However, for all the benefits that these systems can bring, they all share one glaring weakness: they are incredibly vulnerable to malicious attacks. According to a recent study by cybersecurity specialists Kaspersky, nearly 40% were targeted in the first half of 2019. In some countries, this total was even higher: just under half of smart building systems in Italy were attacked. In this article, we’ll go over common types and sources of these attacks, and also discuss how to make your building as electronically secure as it is physically secure.
Types and Sources of Smart Building Attacks
According to the Kaspersky report, the majority of attacks on smart buildings were web-born, with smaller totals coming from infected removable storage media or email links and attachments. Many of these attacks exploit vulnerabilities in either poorly-protected IoT devices like IP security cameras, which are often poorly integrated into “dumb” legacy systems. Spyware (typically intended to steal sensitive customer account information) and worms were the most common form of attack, while phishing and ransomware were also reported.
Consequences of Smart Building Attacks
The consequences of these attacks can range widely in their seriousness. For example, an attack targeting a smart building’s HVAC system can adjust the temperature settings to shut off automated air conditioning. While this could be merely an annoyance for office workers, it could have dire consequences in temperature-controlled environments like server rooms or data centers, in which cooling airflow is critical to maintaining functionality. In hospitals, entire lines of critical medical devices could be rendered lethally inoperable.
What Can Be Done?
Every component and member of the smart building ecosystem can play a critical role in combating this issue. While there are many highly-regarded cybersecurity solutions on the market that cater to building automation systems, these developers can find themselves playing catch-up to cyberattackers. IoT hardware and automation software developers must be aggressively proactive in identifying and resolving vulnerabilities. Smart building owners and facilities managers must educate themselves on the common threats and available solutions before committing to an investment in a holistic, fully integrated system.
Another valuable resource in the fight against malicious cyberattacks is the open source community, the force behind the success of the open networking model. The Linux mantra of “security through transparency” has created a robust network security toolkit. To discuss how this can work with our experts, contact us today.