K
Kathleen Martin
Guest
Power, they say, corrupts, and absolute power corrupts absolutely. While that was said about politics, it sure seems like it was tailor-made for smart buildings.
Facility-control technology is exploding because the concept is useful and often saves money. Unfortunately, smart devices have also proven to be an on-ramp for major intrusions. Smart buildings are surely absolutely powerful in a way; are they absolutely corruptible? Maybe, if we’re not very careful.
If corruption means overall bad-ness, then hacking a smart building surely qualifies. It could let intruders mess with lights, heating and air conditioning, and maybe other critical systems, too. We also know from news stories that a hacker could use a successful smart building intrusion to sneak into other business applications, potentially compromising them and critical company information. It’s important to address these risks, and that means starting with how they arise.
Hacking generally needs something to hack through, and smart buildings create two broad attack surfaces to worry about. The first is the interface through which the building is controlled, often a phone or browser. The second is the interface to the smart elements themselves, the protocol used by the IoT devices. The risk to each of these depends on how your building intelligence is organized.
There are two basic models of smart buildings, what you could call the military model and the mob model. Have you ever watched a parade where the military marched? There’s a big group, but they’re all marching in step based on some leader who counts cadence. That corresponds to the local-controller model of smart buildings; there’s a leader running things. Now consider the parking lot as a big event is letting out. Everyone-for-themselves doesn’t begin to describe how that usually turns out, and that corresponds to the autonomous-device model of smart buildings.
One reason the model is important in security is that the smaller and cheaper something is, the harder it is to secure. In the local-controller military model, all the smart IoT elements connect with a local device that provides the link between the smart building and the phones or keypads or switches that provide the human interface. There is one control interface, which means only one control point to defend against attack, and it’s pricey enough to get good security.
Continue reading: https://www.networkworld.com/article/3649771/5-best-practices-for-making-smart-building-lans-more-secure.html
Facility-control technology is exploding because the concept is useful and often saves money. Unfortunately, smart devices have also proven to be an on-ramp for major intrusions. Smart buildings are surely absolutely powerful in a way; are they absolutely corruptible? Maybe, if we’re not very careful.
If corruption means overall bad-ness, then hacking a smart building surely qualifies. It could let intruders mess with lights, heating and air conditioning, and maybe other critical systems, too. We also know from news stories that a hacker could use a successful smart building intrusion to sneak into other business applications, potentially compromising them and critical company information. It’s important to address these risks, and that means starting with how they arise.
Hacking generally needs something to hack through, and smart buildings create two broad attack surfaces to worry about. The first is the interface through which the building is controlled, often a phone or browser. The second is the interface to the smart elements themselves, the protocol used by the IoT devices. The risk to each of these depends on how your building intelligence is organized.
There are two basic models of smart buildings, what you could call the military model and the mob model. Have you ever watched a parade where the military marched? There’s a big group, but they’re all marching in step based on some leader who counts cadence. That corresponds to the local-controller model of smart buildings; there’s a leader running things. Now consider the parking lot as a big event is letting out. Everyone-for-themselves doesn’t begin to describe how that usually turns out, and that corresponds to the autonomous-device model of smart buildings.
One reason the model is important in security is that the smaller and cheaper something is, the harder it is to secure. In the local-controller military model, all the smart IoT elements connect with a local device that provides the link between the smart building and the phones or keypads or switches that provide the human interface. There is one control interface, which means only one control point to defend against attack, and it’s pricey enough to get good security.
Continue reading: https://www.networkworld.com/article/3649771/5-best-practices-for-making-smart-building-lans-more-secure.html