Page 40 - RC18-EDGE Spring.FINAL
P. 40
SPOTLIGHT/CYBERSECURITY
SMART BUILDINGS
NEED SMARTER CYBERSECURITY
JEFF HUSSEY
President & CEO
Tempered Networks
SMART BUILDING TECHNOLOGIES are shaping the
future of our cities, driven by the need for energy-effi-
ciency, wide-spread adoption of Internet of Things (IoT)
platforms, and government initiatives. Seeking to reduce
costs through increased operational efficiency and
streamlined processes across IT, maintenance, facilities,
distribution, and more, business are integrating these
smart systems – such as Building Automation Systems
(BAS) – across the organization on an ever-expanding
scale.
Connectivity and Control Often Outweigh Security
One of the biggest concerns for network security practi-
tioners is connected devices and systems that cannot
protect themselves. This includes aging legacy systems, service interruption, safety issues, loss of brand prestige
devices running un-patchable operating systems (e.g. and a negative impact to the bottom line.
Windows XP), and vulnerable systems often used in
Industrial Control System (ICS) deployments. ICS, SCADA, The Root Cause of Networking Complexity
and components such as HVAC systems, remote sensors, What many people don’t understand is, despite all the
and IP cameras, have a single common denominator: layers of security in place and in the roadmap, most
inherent vulnerability. The primary goals of smart building automation systems remain vulnerable because
building technology are typically connectivity, control and they connect via TCP/IP: an inherently insecure protocol.
monitoring, meaning security is often overlooked despite
constant reminders from ICS-Certifying bodies and the But why is TCP/IP insecure? Because it serves as a
Department of Homeland Security. device’s location and identity on a network. This exposes
those devices to numerous attack vectors, such as IP
Most organizations maintain a relatively flat Layer 2 spoofing. This fundamental flaw of TCP/IP is the root
network. That means security, fire suppression, building cause of virtually all networking and security challenges.
access controls, HVAC systems, and other building-
specific protocols are often on the same flat network as To combat this, network segmentation and device
other systems, like HR servers, Finance, etc. Vulnerable isolation are considered industry best practices. Most
devices and machines – like those mentioned above – organizations turn to traditional segmentation tools like
are the weakest link and, when they operate on a shared VLANs or leverage firewalls, managing certificates, ACLs,
network, it puts the entire organization at risk. VPNs, etc. to accomplish this initiative.
What’s more, these security shortcomings present These systems, however, often require new routing rules for
attackers with a way to move laterally within the network certain traffic as well as custom-configured policies for each
and compromise machines that could impact reliability system or location. This often results in high costs and only
and availability of entire systems – which could lead to modest improvements in network security posture.
38