The Smart City Blog
Is Cybersecurity the Next “Killer App” for Smart Buildings?
Smart buildings are no longer a vague idea in the mind of ardent futurists. Today, more than 2.7 billion devices have been deployed in smart buildings to improve operational efficiency, safety, comfort and functionality. As of 2015, 84% of building automation system (BAS) operators reported using Internet-connected systems to tap into the power of the Cloud and Big Data. These systems bring a range of benefits, from increased energy efficiency to improved productivity.
But they also raise cause for alarm. The presence of billions of new Internet-connected devices has dramatically increased the number of attack surfaces in a world where ransomware, malware, and cyber-espionage/terrorism are on the rise. In a 2014 survey, IBM found that only 29% of BAS operators had taken action or were in the process of taking action to improve the cybersecurity of their Internet-connected systems. It’s not surprising, then, that according to the U.S. Department of Homeland Security the number of cyber incidents involving industrial control systems, which includes BAS, increased by 74% from 2011 to 2014. Indeed, Gartner predicts that by the end of this year, 20% of smart buildings will have suffered from some form of digital vandalism.
Building automation system (BAS) operators reported using Internet-connected systems in 2015
BAS operators had taken or were taking action to protect Internet-connected systems in 2015
Increase in cyber incidents involving industrial systems from 2011 to 2014
The Cybersecurity Opportunity in Smart Buildings
Every challenge bears within it the seed of opportunity—and the cybersecurity problem is no different. Research firm Memoori estimates that global revenues for smart building cybersecurity will reach $8.65 billion by 2021, more than double the estimated $4.26 billion in 2016. The market is expected to grow at a healthy 15% CAGR over the forecast period as smart building operators race to stay ahead of threats against their critical systems and data.
Not everyone will benefit from this opportunity. Many are still sitting on the sidelines waiting for the cybersecurity market—and customer demand—to develop. Yet, there are others that we’re working with who have begun to take action today. They understand that now is the time to position themselves as cybersecurity leaders and build brands and products that customers can trust.
Building Stronger, More Secure Smart Building Networks
One of the biggest dangers in smart buildings is that they’re not prepared for the numerous threats found within an Internet-connected world. Many of the devices installed in building automation systems were built for closed networks that were isolated from the outside world. Authorization controls are weak or nonexistent, data is frequently left unencrypted, and the administrative web interfaces are not built to handle the kinds of attacks we see on public websites.
Compounding this problem, cybersecurity is traditionally seen as the domain of IT experts. Most building managers lack the knowledge or experience needed to fend off botnets, denial-of-service attacks, brute-force attacks and the many other threats posed by sophisticated hackers. This is an area where BAS vendors can step forward to help their customers navigate the complexities of implementing effective network security.
Encryption
The first step in any sound security policy is encryption. With encryption, data is only readable by those with the keys to decode it. A good encryption scheme can make it difficult, if not impossible, for hackers to steal sensitive information or gain control of network devices.
Historically, one of the biggest obstacles to implementing encryption within smart building networks is the relatively low bandwidth provided by available communications protocols. However, this has changed with the advent of high-speed protocols like HD-PLC. Developed for advanced smart building applications, HD-PLC achieves fast +10Mbps data rates over distances up to several kilometers long. This gives it ample bandwidth to support the high-bandwidth demands of converged smart building networks, along with cryptostrong AES-128 encryption.
AES encryption is a specification developed by the US National Institute of Standards and Technology. It is used by the US government and many others worldwide. It is the only publicly available cipher approved by the National Security Agency (NSA) for the protection of top secret information. AES offers several key sizes: 128-, 192-, and 256-bit. AES-128 encryption is best suited for smart building networks, since it is secure enough to withstand modern day brute-force attacks, yet very bandwidth-efficient.
Whitelisting
Another recommended countermeasure borrowed from the IT world is the whitelisting and blacklisting of devices. Whitelisting is a relatively simple approach for locking down the network. A whitelist maintains a list of permitted, trusted devices and prevents endpoints from communicating with unknown or unauthorized devices. Similarly, a blacklist can be used to prevent access from specific IP/MAC addresses and countries.
Both of these approaches are well-suited for building automation systems, since the software has a small footprint and low overhead and the network is well-defined. Together, they help prevent devices from communicating beyond where they’re supposed to or being accessed from outside the network. Megachips’ HD-PLC SoC solutions integrate this functionality, alongside standard AES-128 encryption, to facilitate the implementation of robust cybersecurity in smart buildings.
Software Updates
No software is perfect. As consumers, we constantly receive security updates for our cell phones and personal computers to fix bugs and prevent hackers from finding and exploiting weaknesses. However, most building automation devices are never updated once they leave the factory, leaving them vulnerable to all kinds of unanticipated threats.
The most secure BAS devices include the provision for future updates. MegaChips’ HD-PLC solutions employ IPv6 addressing to enable the addition of state-of-the-art security features through simple firmware updates, so that end customers can trust that they always have the most advanced security available.
Meet New Cybersecurity and Bandwidth Challenges with HD-PLC
Legacy communications protocols aren’t built to handle the cybersecurity threats encountered in modern smart building networks. Fortunately, there are new options now like HD-PLC designed to meet the bandwidth, cybersecurity and cost concerns of these applications.