Page 40 - RC18-EDGE Spring.FINAL
P. 40

SPOTLIGHT/CYBERSECURITY





          SMART BUILDINGS


          NEED SMARTER CYBERSECURITY






          JEFF HUSSEY
          President & CEO
          Tempered Networks

          SMART BUILDING TECHNOLOGIES are shaping the
          future of our cities, driven by the need for energy-effi-
          ciency, wide-spread adoption of Internet of Things (IoT)
          platforms, and government initiatives. Seeking to reduce
          costs through increased operational efficiency and
          streamlined processes across IT, maintenance, facilities,
          distribution, and more, business are integrating these
          smart systems – such as Building Automation Systems
          (BAS) – across the organization on an ever-expanding
          scale.

          Connectivity and Control Often Outweigh Security
          One of the biggest concerns for network security practi-
          tioners is connected devices and systems that cannot
          protect themselves. This includes aging legacy systems,   service interruption, safety issues, loss of brand prestige
          devices running un-patchable operating systems (e.g.   and a negative impact to the bottom line.
          Windows XP), and vulnerable systems often used in
          Industrial Control System (ICS) deployments. ICS, SCADA,   The Root Cause of Networking Complexity
          and components such as HVAC systems, remote sensors,   What many people don’t understand is, despite all the
          and IP cameras, have a single common denominator:   layers of security in place and in the roadmap, most
          inherent vulnerability. The primary goals of smart   building automation systems remain vulnerable because
          building technology are typically connectivity, control and   they connect via TCP/IP: an inherently insecure protocol.
          monitoring, meaning security is often overlooked despite
          constant reminders from ICS-Certifying bodies and the   But why is TCP/IP insecure? Because it serves as a
          Department of Homeland Security.                    device’s location and identity on a network. This exposes
                                                              those devices to numerous attack vectors, such as IP
          Most organizations maintain a relatively flat Layer 2   spoofing. This fundamental flaw of TCP/IP is the root
          network. That means security, fire suppression, building   cause of virtually all networking and security challenges.
          access controls, HVAC systems, and other building-
          specific protocols are often on the same flat network as   To combat this, network segmentation and device
          other systems, like HR servers, Finance, etc. Vulnerable   isolation are considered industry best practices. Most
          devices and machines – like those mentioned above –   organizations turn to traditional segmentation tools like
          are the weakest link and, when they operate on a shared   VLANs or leverage firewalls, managing certificates, ACLs,
          network, it puts the entire organization at risk.   VPNs, etc. to accomplish this initiative.

          What’s more, these security shortcomings present    These systems, however, often require new routing rules for
          attackers with a way to move laterally within the network   certain traffic as well as custom-configured policies for each
          and compromise machines that could impact reliability   system or location. This often results in high costs and only
          and availability of entire systems – which could lead to   modest improvements in network security posture.

          38
   35   36   37   38   39   40   41   42   43   44   45