The building automation industry is now at a point where we have legitimate and reasonable concern regarding the security of building control systems, especially in smart buildings where advanced technology is deployed. We see stories in the news regarding malicious cyber-attacks on private companies, government networks and internet sites. There are questions as to what such an attack would mean for building control systems, building operations, occupants and owners.
The apprehension is amplified in newer buildings because there have been increased penetration of IT infrastructure in building control systems and greater integration and interconnection of building controls with other systems. The potential security vulnerability of a building can extend to the smart grid as we move to implement two-way communication between buildings and the grid, and of course could also impact corporate business systems. The overarching security concern is more about network security and less about physical security, although the two are certainly related.
The threat simply is that someone can penetrate a building’s systems via an unsecured network to cause damage, disruption, theft or possibly even loss of life. For traditional IT systems, the threat may be loss of communications, unauthorized access to sensitive data, theft of intellectual property, disruption of equipment which may include physical security systems such as access control and video surveillance, loss of data and impediments to business continuity. For the other building systems such as HVAC control, electrical distribution, lighting, elevators, etc., the threat is disruption of critical building infrastructure which also impedes or can halt normal operations.
Depending on the building use and building control system, a security threat may be related to life safety, for example disrupting emergency power, lighting and HVAC in a critical healthcare space. The threat to building systems is not hypothetical: The infamous Stuxnet cyber-attack in 2010 eventually affected programmable logic controllers (PLC), a controller that is often used in industry, commonly in buildings elevators, pumps, drives and lighting equipment.
In general, the building automation industry and facility management have treated the security of building control networks as a secondary or tertiary issue, if at all. The most popular security approach for a building management system (BMS) is to isolate the BMS -- by not letting it connect to any other networks. But that alone is a false sense of security. The BMS at a minimum will have fire systems, HVAC, access control, elevators and possibly lighting connected into it, potentially allowing access from one of those networks or one of the devices on those networks.
Minimal or partial security measures may be in place for some buildings, but not the comprehensive security measures required to minimize network vulnerability. It’s fair to say that most traditional building management systems are not secured. In fact, many legacy BMS systems have “back doors” allowing the BMS manufacturer or local control contractor to monitor, manage or update the systems.
Next page: Older buildings at risk, too