Looking at SMART building technology through the lens of philosophy, it’s interesting to observe how the venerable fundamentals of Maslow’s Pyramid, regarding “human needs” for safety and security, are now being played out anew in the realm of “building needs” for safety and security.  Not just physical and digital security, but, more recently, cyber security. If one were to construct a “Maslow’s Pyramid” of modern building cyber-security needs, it would be most notably marked by a network of communications portals through which global collaboration occurs.

The critical need for both global and building cyber-security is poignantly exemplified by an incident involving a structure whose very reason for existence revolves around fundamental “human needs” – a hospital.

As the story goes, “it was an attack on a hospital like no other…” the Hollywood Presbyterian Medical Center had been hacked. Its services were crippled. As emergency patients were diverted to other area hospitals, hospital administrators received an ominous message. Pay a ransom to get your hospital systems back. The hospital ultimately paid $17,000 worth of bitcoins. The FBI and the Los Angeles Police Department have yet to find the culprit.

The hospital attack brings to light just how vulnerable buildings and institutions are to hackers. The potential cost in lives and loss of public trust is on par with what might occur with significant natural disasters.1

With innovation being part of the cultural DNA of the big Apple, aka Silicon Alley since the days of mayor Bloomberg, it is becoming a clear, self-evident imperative that SMART buildings, the backbone of SMART cities, must be made into SAFE buildings. The emergence of the Internet of Things (IoT) has seen a technological shift that could potentially change the way our society operates.

Industry predictions suggest that by 2020, there will be an installed base of some 30.7 billion IoT devices. Many of these devices will be deployed within smart buildings, critical infrastructure and public works. Engineering professionals have previously been largely ignored by cyber criminals and Internet-based security threats; however, as engineering firms find themselves with a much greater online presence, and as the technological integration of the occupant and the built environment gains momentum, cyber criminals are now placing a much greater focus on buildings as the targets for their attacks.

Creating a robust cyber security system involves ensuring that physical security is addressed, along with adhering rigorously to sound digital security processes. Only when digital, physical and cyber security are working together can an asset truly be considered secure.

Increasingly, organizations are looking at designers and engineers to factor these concerns into their engineering designs and specifications. Clients know they are exposed. The continued growth in organizations seeking comprehensive and expensive cyber insurance clearly highlights this point. It is not solely whether the end product is functional, innovative and cost-effective, it’s increasingly about the risk profile. How will it hold up to a cyber attack? And if it does not, how will this affect baseline operations? 

Urban planners and engineers need collaboration tools and methods to make their building more cyber safe. These frameworks are long overdue. Industry bodies such as the not-for-profit Internet of Things Security Foundation (IoTSF) have established working groups to address key industry requirements. A recent addition is the Cyber Safe Smart Building working group, which is tasked with developing a global, publicly available IoT cyber security framework for buildings and critical infrastructure.2

Preventative digital measures to consider at a starting point range from encryption to secure updates to bandwidth.

Encryption - The first step in any sound security policy is encryption. With encryption, data is only readable by those with the keys to decode it. A good encryption scheme can make it difficult, if not impossible, for hackers to steal sensitive information or gain control of network devices.

Whitelisting - Another recommended countermeasure borrowed from the IT world is the whitelisting and blacklisting of devices. Whitelisting is a relatively simple approach for locking down the network. A whitelist maintains a list of permitted, trusted devices and prevents endpoints from communicating with unknown or unauthorized devices. Similarly, a blacklist can be used to prevent access from specific IP/MAC addresses and countries.

Software Updates - No software is perfect. As consumers, we constantly receive security updates for our cell phones and personal computers to fix bugs and prevent hackers from finding and exploiting weaknesses. However, most building automation devices are never updated once they leave the factory, leaving them vulnerable to all kinds of unanticipated threats. The most secure BAS devices include the provision for future firmware updates so that customers can trust that they always have the most advanced security available.

Meet New Cybersecurity and Bandwidth Challenges with HD-PLC - Legacy communications protocols aren’t built to handle the cybersecurity threats encountered in modern smart building networks. Fortunately, there are new options now like HD-PLC designed to meet the bandwidth, cybersecurity and cost concerns of these applications.”3

Policy-exploration foundations, such as the IoT Security Foundation (IoTSF) and the Cyber Safe Smart Building working group have become the portals through which global collaboration occurs. Similarly, CyberTECH has developed the Smart & Safe Cities Institute, focusing on the state of smart & safe cities, best practices, the cultural aspects of creating safe cities. All real estate professionals need to be tuned-in to these organizations, in order to keep the hackers tuned-out.

Footnotes:

1. https://www.engineering.com/BIM/ArticleID/15476/Protecting-Smart-Buildings-from-Cyber-Attacks.aspx

2. http://www.megachips.com/The-Smart-City/is-cybersecurity-the-next-killer-app-for-smart-buildings

3. http://www.megachips.com/The-Smart-City/is-cybersecurity-the-next-killer-app-for-smart-buildings

Other resources which may be of interest

https://www.boozallen.com/c/insight/thought-leadership/5-steps-to-protect-smart-buildings-from-cyber-threats.html

https://www.memoori.com/portfolio/cyber-security-smart-commercial-buildings-2017-2021/

http://www.hd-plc.org/

https://www.lonmark.org/about/

Nadine Cino LEED AP, is CEO and co-inventor of both TygaTrax and TygaBox, New York, N.Y.

Tags: