The Vulnerability of Intelligent Building System - Report Example

Vulnerability of Intelligent building system Name Institution Date Vulnerability of Intelligent building system Introduction Advancement in technology has led to changes in the construction industry. The intelligent buildings are the buildings that have centralized controls in terms of different aspects. The design of the intelligent buildings includes all the aspects that contribute to the automation of the buildings. Building managements systems are usually used for the purposes of ensuring that the building is automated. Control systems are in place in the buildings for the purposes of controlling the aspects of safety, security, ventilation and other aspects that are related to the operations in the building. The automation is important in terms of alerting the security as well as the occupants of the building in the event of breach of security or fire outbreak (Nguyen & Aiello, 2013). The main purpose of an intelligent building is to ensure that the occupants are more comfortable. The intelligent buildings are also useful in terms of energy conservation it is designed to minimize the use of energy. The construction of the intelligent building is also cost effective which plays an essential role in ensuring that the overall construction costs are reduced. The materials that are used during the construction process are also cost effective and environmentally friendly. This plays an important role in ensuring that the building is green and it does not have negative impacts on the environment. The intelligent buildings are increasingly becoming popular although security concerns have been raised. The paper discusses the considerations of the security manager with regards to the intelligent buildings. Discussion Concepts of intelligent building The intelligent buildings have system wide control systems that controls and monitors the subsystems, facility system, plant and equipment. As a result of the system wide control, the building is exposed to vulnerabilities which are of concern to the security managers. Open data communication protocols are usually used for the purposes of integrating the system and hence exposing it to vulnerabilities and risks. The intelligent system usually incorporates many components into a common network. The communication process can be linked into three main distinct layers which include management level, automation level and field level (Figueiredo & da Costa, 2012). The management level is comprised of the human interface, routing system and servers which are connected via the Ethernet. The automatic level is comprised of the primary controls and the secondary controls automation which are connected via the networked controlled automation. The automatic levels are also comprised of some distributed intelligence for the purposes of providing interface between the lower and the upper levels. The field devices are mainly used to connect the intelligent buildings to the physical environment. It plays an important role in terms of providing information about the operations in the building. This includes the aspects of security within the building. Various software are also used for the purposes of carrying out different activities. The control of security issues is also monitored and coordinated through the use of software and hardware. The vulnerability of the intelligent building can be as a result of either in internal or external threats and it may end up affecting the operations of the building. Vulnerability of the intelligence building The vulnerability of the intelligence building is one of the issues that is of great concern to the security managers. The level of integration with the web is quite high when using the intelligent building. This exposes the system to hacking leading unauthorized access to the building. The hacker may manipulate the system and affect its functioning and hence leading to the unauthorized access. This has negative impacts on the occupants as the intruder may end up stealing properties in the building or commit crimes. It may be difficult to detect that there is an intruder in the building once the system has been hacked and manipulated. This is also considering that the security manager depends on the system to raise an alarm in the case of intrusion. This may not happen once the system has been compromised and hence the vulnerability. One of the major incidences of unauthorized access to an intelligent building was in 2012 when hackers managed to access the M16 Headquarters in Britain (Silva, et al, 2012). The hackers manipulated the system and gained access to the building and several sensitive documents were stolen. This is therefore an indication that the intelligent buildings are quite vulnerable and the managers should take note of it. The occupants may end up losing their properties as well as being exposed to criminal activities. The number of hackers is on the increase and so is their experience and knowledge which exposes the intelligent buildings at risk. Cyber attacks and viruses are also some of the risks that the systems operating the intelligent building may be exposed to. This is as a result of the reliance on the internet as well and different software and hardware. Any system that relies on the internet is vulnerable to cyber attack. The cyber attacks and exposure of the system to viruses may affect the operations of the system (Moreno-Cano, et al, 2013). This may result to discomfort among the occupants of the building. It may also be difficult for the system to perform its normal functions and hence resulting to negative effects in terms of monitoring the systems. A lots of activities including ventilation is dependent on the system, as a result of this, it may be difficult for such processes to be regulated and hence affecting the comfort of the occupants of the building. This is a security threat that the security managers have to consider in order to prevent the negative effects that it may have on the occupants. The occupants may also be unable to carry out some of the activities as a result of the cyber attacks which are of major concern. The whole system can also stop functioning in case of a virus or cyber attack. This may also expose the building to the risk of intruders who may cause crime. The virus may also make it difficult for the fire to be detected in case of such incidences. This exposes the occupants of the building to risk and it may also lead to loss of life. Public safety is also one of the major aspects that the security managers have to consider in the intelligent buildings. The threat of terrorism is currently high in any part of the world. There has been an increase in the terrorist activities in the last few decades. Several buildings have been targeted by terrorists and hence the importance of the security managers considering how the system can help in detecting and preventing crime. This concept has been used widely in some of the intelligent buildings that is usually accessed by the members of the public. The intelligent buildings at the airports are usually equipped with system that is able to deal with the issues of terrorism (Eliades, et al, 2013). The success of the system is therefore dependant on the considerations that the managers put on various aspects of the security. The security managers should also consider enhancing the system so as to ensure appropriate action is taken in the event of a terrorist attack. During such incidences, there is usually a lot of panic and the system has to ensure that it aids in the operation intended to deal with the attackers. The access to the intelligence building should also be considered by the security managers. This is considering that the safety of the intelligence building is dependent on the people who access the building. An access to the building by the terrorists may impact negatively on the security and safety of the occupants. The security managers should consider the sources of power. Thais is considering that any loss of power within the building results to the loss of communication and hence impacting negatively on the system. This is considering that the system is dependent on the power and so bare other operations within the building. A security breach may take place in case of power loss (Clements-Croome, 2011). The security managers therefore need to ensure that measures are in place to deal with loss of power and avoid the loss of communication. The monitoring capability of the system is also affected in the event of loss of power. Disruption of the emergency power can also take place in the building and hence affecting the security. This may have negative impacts on some of the activities that need to be carried out within the building. The security managers should therefore consider the measures that should be put in place to prevent any interruption of the emergency power. The interruption of the controllers is also a major security threat the security managers should consider. Such interruptions may prevent some of the activities from taking place. The sensors may also be compromised and this may affect the security of the building and the security managers should be aware of such problems. The security managers should also understand that the system may be compromised from within the building as well as through the external sources. Measures should therefore be put in place to ensure that the system is fully secured. Network attacks as well as device attacks should be considered by the security managers. Network attacks can take place in the form of interception through network sniffing. Network sniffing can be carried out through the external sources and hence creating a security problem. Fabrication is also one of the security threats that can be caused by network attacks. Fabrication can take place through inserting the malformed messages that affects the system. Devoice attack can be carried out through various means and it may lead to negative impacts on the system. The software can be attacked through code injection and hence leading to its malfunction. Unauthorized access to sensitive data is also a threat that the security managers should consider. The unauthorized access to sensitive data may lead to interruptions of operations and hence impacting negatively on the system. Unsecured networks can be used for the purposes of penetrating the building and this may result to unauthorized access (Clements-Croome, 2014). Damages as well as disruptions can take place as a result of the unauthorized access and the manager should consider the measures that need to be put in place to prevent such incidences. The technological advancements are taking place at a fast rate which has seen a lot of changes to the software. The security manager should therefore ensure that the software used is updated from time to time in order to prevent using outdated software that may increase the vulnerability of the building. How the vulnerabilities can be mitigated The vulnerabilities cannot be completely eliminated but mitigation measures can be put in place to reduce the vulnerability of the system. The security managers may consider creating a honeypot system which is mainly unsecure and it can be easily attacked. This is a measure that is intended to bait the attackers and hence enabling the managers to know when someone is trying to attack the system. This is important in providing the managers with information with regards to the vulnerability of the systems and the possible measures that can be put in place to prevent the attacks. The managers should also ensure that there is a secured backup that cannot be deleted from the network. This is important in ensuring that the data can still be recovered even after an attack or unauthorized access. It is also important for the managers to ensure that the backup cannot be accessed by unauthorized personnel. Any wireless network that is used in the system should also be secured for the purposes of preventing the unauthorized access (Suryadevara, et al, 2014). The wireless network that is not secured enables the hackers to access the system and cause some manipulations. It is also important for the managers to ensure that the network is encrypted for the purposes of preventing unauthorized access. The security managers should ensure that physical security is provided in the areas where the Intelligent Building Management system is in place. This is also important in preventing the entry of unauthorized personnel who may interfere with the equipment and hence affecting the operations of the system. The human aspects may also contribute to the vulnerability of the system. Some of the threats are from within and disgruntled employees may want to cause sabotage. It is therefore important for the manager to ensure that policies are in place with regards to the use and access to the system. The policies should target the use of passwords, configurations as well as the settings of the system. Training should also be conducted among the employees for the purposes of ensuring that they are aware of the policies. All the employees who operate the system have to be vetted in order to ensure that they cannot cause any sabotage (Allerding & Schmeck, 2011). The third party should also be vetted to ensure that they do not contribute to the security problem. The policy should also target the employees who bring their laptops in the building. The security managers should also ensure that they have identified the probable avenues of attack. The identification is important as it ensures that measures are put in place for the purposes of monitoring the system in order to detect any possible attacks. The security manager should also work with other departments for the purposes of ensuring that the vulnerability is mitigated. The Information Technology manager should be consulted from time to time in order to mitigate the vulnerability of the system. The Information technology manager could be more knowledgeable on some of the aspects that affects the system and may also contribute to the vulnerability. A comprehensive approach should also be taken for the purposes of ensuring that the vulnerability is mitigated. Each of the possible attacks to the system should be determined and the possible risks should also be analyzed. This is for the purposes of ensuring that more information with regards to the vulnerabilities is obtained. A comprehensive approach will also outline the possible impacts that the attacks is likely to have on the building its terms of issues like the economy (Michaelides, et al, 2012). It is also important for the organization to ensure that a dedicated network administrator is recruited. The presence of highly qualified personnel is useful in ensuring that the system can be monitored effectively. Plans should be put in place for the purposes of determining the appropriate action that should be taken in case the mitigation plan is not successful. This means that the security manager should be prepared for any attacks that may take place. The security program developed should not a dress a limited portion of vulnerabilities. It is should instead address a wide range of vulnerabilities that are likely to attack the system. The mitigation process therefore requires a combination of strategies in order for the process to be successful. Disconnections should be made in case of an attack for the purposes of ensuring that it does not do much damage or harm to the system. It is therefore important for the security managers to know when an attack is taking place and the measures that should be put in place immediately. It is also important to ensure that a security risk management plan is put in place for the purposes of identifying and mitigating the risk. This is considering that the risk management plan ensures that the managers are ready for any attack. However, the plan has to be developed in consultations with the other stakeholders. A degree of network isolation should be put in place for the purposes of ensuring that the system is protected. The Intelligent building network should be isolated from the other networks that are used within the building for mitigation purposes (Allerding & Schmeck, 2011). This is considering that there could be an interference with the network leading to the attack. Some degree of emergency power has to be provided so as to ensure that the system is not affected incase of power loss. The presence of an emergency power supply ensures that the system continues to work even in the event of power loss within the building. The continuity of operations is important in ensuring that the vulnerability of the attacks is reduced. Security awareness among the personnel involved in the operation of the system is also important. All the personnel should be trained in order to increase awareness and ensure that they are able to monitor the process. The awareness among the personnel is important in enabling them to be ready to carry out the process of monitoring and controlling the system. The presence of highly trained personnel is important in ensuring that the personnel are prepared for the process. Conclusion In conclusion, it is evident that the intelligent buildings are increasingly becoming important due to the advantages and features that it has. Various technological devoices can be used for the purposes of running the system. Unauthorized access to the building is one of the security threats and it can be as a result of hacking. The system is prone to cyber attacks since it mainly relies on the internet. It is also evident that the system is vulnerable to threats from the disgruntled employees. The safety of the occupants of the building is also important in terms of their security. The access to the building by the intruders may risk the lives of the occupants and it may also lead to loss of documents and properties. It is evident that the mitigation measures can be put in place for the purposes of ensuring that the vulnerabilities are reduced. The security manager has to ensure that the personnel working with the system are vetted to avoid any form of sabotage. It is also evident that encryption should be done so as to ensure that the system is protected. It is also evident that the security codes should be put in place in order to protect the system. It is also evident that the success of the system is dependent on the coordination of the activities by different personnel. References Nguyen, T. A., & Aiello, M. (2013). Energy intelligent buildings based on user activity: A survey. Energy and buildings, 56, 244-257. Figueiredo, J., & da Costa, J. S. (2012). A SCADA system for energy management in intelligent buildings. Energy and Buildings, 49, 85-98. Silva, R. M. et al. (2012). Modeling of active holonic control systems for intelligent buildings. Automation in Construction, 25, 20-33. Moreno-Cano, M. V. et al. (2013). An indoor localization system based on artificial neural networks and particle filters applied to intelligent buildings. Neurocomputing, 122, 116- 125. Eliades, D. G. et al. (2013). Security-oriented sensor placement in intelligent buildings. Building and Environment, 63, 114-121. Clements-Croome, D. (2011). Sustainable intelligent buildings for people: a review. Intelligent Buildings International, 3(2), 67-86. Clements-Croome, D. (2014). Intelligent Buildings: An Introduction. Oxon: Routledge. Suryadevara, N. K. et al. (2014). WSN-Based Smart Sensors and Actuator for Power Management in Intelligent Buildings. IEEE Transactions on Mechatronics. Allerding, F., & Schmeck, H. (2011). Organic smart home: architecture for energy management in intelligent buildings. In Proceedings of the 2011 workshop on Organic computing (pp. 67-76). ACM. Michaelides, M. et al. (2012). Contaminant event monitoring in intelligent buildings using a multi-zone formulation. In 8th IFAC Symposium on Fault Detection, Supervision and Safety of Technical Processes, Vol. 8, pp. 492-497. Read More