The Smart City Blog

The Cybersecurity Opportunity in Smart Buildings

Every challenge bears within it the seed of opportunity—and the cybersecurity problem is no different. Research firm Memoori estimates that global revenues for smart building cybersecurity will reach $8.65 billion by 2021, more than double the estimated $4.26 billion in 2016. The market is expected to grow at a healthy 15% CAGR over the forecast period as smart building operators race to stay ahead of threats against their critical systems and data.

Not everyone will benefit from this opportunity. Many are still sitting on the sidelines waiting for the cybersecurity market—and customer demand—to develop. Yet, there are others that we’re working with who have begun to take action today. They understand that now is the time to position themselves as cybersecurity leaders and build brands and products that customers can trust.

Building Stronger, More Secure Smart Building Networks

One of the biggest dangers in smart buildings is that they’re not prepared for the numerous threats found within an Internet-connected world. Many of the devices installed in building automation systems were built for closed networks that were isolated from the outside world. Authorization controls are weak or nonexistent, data is frequently left unencrypted, and the administrative web interfaces are not built to handle the kinds of attacks we see on public websites.

Compounding this problem, cybersecurity is traditionally seen as the domain of IT experts. Most building managers lack the knowledge or experience needed to fend off botnets, denial-of-service attacks, brute-force attacks and the many other threats posed by sophisticated hackers. This is an area where BAS vendors can step forward to help their customers navigate the complexities of implementing effective network security.

Encryption

The first step in any sound security policy is encryption. With encryption, data is only readable by those with the keys to decode it. A good encryption scheme can make it difficult, if not impossible, for hackers to steal sensitive information or gain control of network devices.

Historically, one of the biggest obstacles to implementing encryption within smart building networks is the relatively low bandwidth provided by available communications protocols. However, this has changed with the advent of high-speed protocols like HD-PLC. Developed for advanced smart building applications, HD-PLC achieves fast +10Mbps data rates over distances up to several kilometers long. This gives it ample bandwidth to support the high-bandwidth demands of converged smart building networks, along with cryptostrong AES-128 encryption.

AES encryption is a specification developed by the US National Institute of Standards and Technology. It is used by the US government and many others worldwide. It is the only publicly available cipher approved by the National Security Agency (NSA) for the protection of top secret information. AES offers several key sizes: 128-, 192-, and 256-bit. AES-128 encryption is best suited for smart building networks, since it is secure enough to withstand modern day brute-force attacks, yet very bandwidth-efficient.

Whitelisting

Another recommended countermeasure borrowed from the IT world is the whitelisting and blacklisting of devices. Whitelisting is a relatively simple approach for locking down the network. A whitelist maintains a list of permitted, trusted devices and prevents endpoints from communicating with unknown or unauthorized devices. Similarly, a blacklist can be used to prevent access from specific IP/MAC addresses and countries.

Both of these approaches are well-suited for building automation systems, since the software has a small footprint and low overhead and the network is well-defined. Together, they help prevent devices from communicating beyond where they’re supposed to or being accessed from outside the network. Megachips’ HD-PLC SoC solutions integrate this functionality, alongside standard AES-128 encryption, to facilitate the implementation of robust cybersecurity in smart buildings.

Software Updates

No software is perfect. As consumers, we constantly receive security updates for our cell phones and personal computers to fix bugs and prevent hackers from finding and exploiting weaknesses. However, most building automation devices are never updated once they leave the factory, leaving them vulnerable to all kinds of unanticipated threats.

The most secure BAS devices include the provision for future updates. MegaChips’ HD-PLC solutions employ IPv6 addressing to enable the addition of state-of-the-art security features through simple firmware updates, so that end customers can trust that they always have the most advanced security available.

Meet New Cybersecurity and Bandwidth Challenges with HD-PLC

Legacy communications protocols aren’t built to handle the cybersecurity threats encountered in modern smart building networks. Fortunately, there are new options now like HD-PLC designed to meet the bandwidth, cybersecurity and cost concerns of these applications.

Download the HD-PLC whitepaper to learn more.