Smart buildings can pose a serious security risk

The aim of Smart Buildings, as part of the Internet of Things, is to connect the services that monitor, analyze and control the building environment to the Internet, for better operational efficiency. Without sufficient control over the communication channels and management infrastructure used by the services, Smart Buildings can pose a serious security risk.

Smart Buildings have the potential to gather, store, and transmit vast amounts of sensitive data on the location of their inhabitants. For example, a smart government building may, if compromised, reveal when it is at peak occupancy – or when certain departments are nearly empty. This data needs to be considered highly sensitive, whether gathered by private residences, government buildings, or other critical infrastructures – as it may be targeted by criminal organizations or other malicious entities.

The environmental control facilities of Smart Buildings also pose a potential target. Malicious activation or deactivation of for example the fire alarm, sprinkler or electrical system of critical facilities could seriously disrupt public services, if part of a coordinated attack.

Data security of smart buildings needs to cover both sensors and control units (of doors, lighting, etc.), as well as the back-end management infrastructure – whether on-premise or outsourced to a managed services provider. The communications within this infrastructure need to be encrypted, and end-points (sensors, control units, back-end servers, or human operators) strongly authenticated – with e.g. cryptographic keys or digital certificates. A poorly managed back-end infrastructure may pose an attractive attack vector to the consolidated control and environment data.

Low Visibility to Encrypted Channels

Data transmitted within IoT infrastructures typically needs to encrypted. However, encrypted channels pose a trade-off in the form of lack of visibility and content control. Unmanaged encrypted networks can pose a gaping hole in the security posture of the environment, as they provide a potential covert channel for both accessing the environment and exfiltrating stolen data. Potential exposures include system connectivity to external service providers, as well as the remote access channels used by vendors and service providers for performing maintenance and

support operations. Remote access by outsourced operators typically also utilizes shared system accounts, which poses further challenges for enforcing individual accountability.

When examining the security of Smart Building management infrastructures, the facility owner may question whether the system connectivity and maintenance operations can be subjected to security services such as Data Loss Prevention (DLP), Intrusion Detection/Prevention (IDS/IPS), and enforcing of operator accountability (via e.g. session recording).

Authentication in Process Automation

Smart Building process automation involves a huge number of non-human identities for machine-to-machine (M2M) communications. These identities typically utilize secure encrypted channels with non-interactive authentication (achieved with credentials such as cryptographic keys or digital certificates).

Managing these M2M identities requires careful and sustained management of the related authentication credentials. Over time, lack of, or manual management of these credentials easily leads to orphaned and unused Secure Shell keys left in the environment, as well as rogue keys set up by administrators and operators for ad-hoc purposes. These credentials can be misused by malicious insiders or outsiders and exploited by malware or Advanced Persistent Threat attacks. If not monitored, misuse may go undetected for months or longer, resulting in the systematic removal of critical data over extended periods of time.

Smart Buildings may suffer from lacking security, if the suppliers or service providers do not address network security and potential threats in their core architecture. While organizations enjoy the benefits of smart technologies, they should also take steps to monitor the communication channels, and secure the identities that grant access to the IoT environment.