The Risk Strategies of the Building Management System in System Security - Term Paper Example

Table of Contents Introduction 2 Risks and Vulnerabilities: 4 Risk Mitigation Strategies: 7 Design 8 Installation 10 Operations 11 Conclusion 12 References 13 Introduction Building automation can be traced back to the 1600s when a Dutch inventor created an incubator thermostat to keep eggs warm as they hatched into baby chicks. However, before the 1960s, most control activities within a building were managed manually and there was very little data storage or processing outside of a standard log book. Most of the decisions were therefore made by a building technician and were based on standard practices, experience or intuition (Sinha, Taparia & Mansukhani, 2014). The 1980s saw the introduction of computers which led to the introduction of digital controls. The first generation systems were ran on dedicated mainframe computers but they only controlled heating, ventilation and air conditioning (HVAC). While this created greater automation of building management, the value of data analytics was still not fully utilized due to system integration issues, lack of access to fast and effective analytical tools and data fidelity concerns. The introduction and industry wide adoption of the building automation and control network in 1995, allowed factory mounted digital controls to communicate directly with disparate systems including HVAC, lighting, access control, fire detection security and elevator/escalator systems. The focus then shifted from automation to energy consumption. It was imperative to identify patterns in energy consumption and create strategies that managed such consumption. In recent years technology has not only enabled energy efficiency but has also led to cheaper operating expenses and better indoor environments for occupants while leaving a smaller environmental footprint in its wake. This gives managers the power to influence the bottom line. Today’s systems operate on web-based platforms and run on more reliable high speed internet connections that allow managers and service partners to access the HVAC and other building systems remotely at any time of the day (Maldeis, 2013). Big data technologies also enable the capture of data from a variety of sources, in diverse formats and in varying contexts. These Intelligent building management systems are now at the center of service platforms that use analytics to collect, interpret and act based on system requirements enabling the facility manager to manage energy consumption, reduce operating costs, minimize environmental impact, and improve systems reliability and uptime thereby resolving problems sooner and more effectively (Dickson, 2014). An active monitoring intelligent system for example allows a facility manager to remotely resolve 40% of building problems in less than thirsty minutes without the need for service calls. Control has not been limited to facility managers. Electronic sensors in the building systems make it easier to personalize comfort settings based on movement in the buildings. The biggest leap forward however comes from interoperability of systems that has enabled a variety of systems within the building to communicate seamlessly. While the advantages of this system are well known and frequently discussed, these advancement have also lead to more frequent and sophisticated threats within facility management. Intelligent building management systems (IBMS) not only integrate the buildings systems but communication technology, information security and business systems as well. IBMS are designed, installed and operated by service engineers who have little consideration for security. Their main focus being that the systems integrate and communicate effectively and that little additional interfacing is required (Brooks, 2011). Unauthorized access of these systems can therefore lead to financial, physical and structural issues, the implications of which lead to a disruption of services leading to loss in productivity and service delivery. It may also lead to physical and information security issues and health implications on the occupants, if systems such as heating and ventilation are compromised. Furthermore, threats and breaches to the facility may be used as entry points to an organizations network. According to Brooks, these vulnerabilities can result in attacks such as denial of service, convert facility entry or espionage therefore it is worthwhile to identify them and prescribe possible mitigation strategies. Risks and Vulnerabilities: Building management systems are developed using standard components such as networking technology, computers and operating systems, and applications built on standard databases accessed via internet browsing interfaces. For this reason they are as vulnerable to attack as any other system. Such attacks may include denial of service attacks, hacking and the introduction of malware. The integration of intelligent building management systems with the web and other internal and external systems, can present avenues for unauthorized access similar to smart devices (Gellers, 2014). Such breaches can pose a risk to those who own, operate and use the buildings and can affect the technical and business operations relating to its use. The threats to an IBMS can emanate from malicious outsiders such as hackers and cyber criminals, malicious insiders who want to sabotage operations or misuse privileges, non-malicious insiders who can cause significant harm due to ignorance or negligence and natural causes which tend to be uncontrollable (Gray, 2013). The human element As with most systems, the human element poses the greatest risk. This maybe in the form of deliberate or accidental attempts to bypass security controls and incorrectly operate systems. The personnel may also not see themselves as networked. Therefore they tend to segregate themselves into departments, those in the facilities department feeling quite far removed from the IT department (Saier, 2013). This is further aggregated if none of the teams are sensitized on their respective roles and how they should aid one another. System Integration System integration also has the potential to magnify the impact of errors and omissions. System integration brings together IT and facility management teams with different priorities, cultures and chain of commands. Integration can introduce vulnerabilities in business systems or the building systems themselves. For example if the systems used in the offices contain antivirus software’s that are regularly patched but the building management systems do not, there is potential for malware being introduced over the network or from infected media. Electromagnetic pulse attacks An electromagnetic pulse device can be built with a generator, a car battery and an antenna but its effects can cause significant disruption throughout the building. Since technology is becoming highly dependent on closely integrated, high speed electronic systems that operate at low internal voltages, everyday devices can now be used to bring down system with sharp high voltage pulses that are actually low on energy (King, 2013). Furthermore such an attack can be launched wirelessly or with the use of a hard connection. Signal Jamming Radio noise can be deliberately used to disrupt wireless communication on cellphones, Wi-Fi or bluetooth. The security manager should therefore be concerned if there are enough fail safes to maintain human safety if jamming of the system were to occur. Power Supply While power supply may seem like a trivial matter, it is critical in most building facilities as it can paralyze all their operations. A good example of this is in a casino. If the lights in a casino were to fail even for a moment, the casino would lose sight of thousands of chips. A lack of interrupted power supply to avoid shutdown of the building system, in case of the loss of power, should be an area for major concern. Internet protocol technology While the use of IP based technology creates operational savings through centralizing and outsourcing control and monitoring stations, it also leads to the loss of local knowledge and control (Palensky, 2012). This situation is exasperated when incidence response personnel are deployed and do are not familiar with the layout and operations of the buildings. Malicious software and hacking Malicious software can be introduced or the system can be hacked. This vulnerabilities are enabled when the system communicates with external parties through the web. The effectiveness of malicious software largely depends on the host system. For example if a vendor leaves a back door to enable him to enter the system and debug a problem the same backdoor may be used by malicious outsiders to harm the system instead. Viruses can also be introduced into the system through removable media as was the case with stuxnet which brought down an Iranian uranium enrichment plant by bringing down its hardware (Fisk, 2012). Open systems are always vulnerable Although patching of malicious software is possible, open software platforms can only be protected from malicious software that has been identified and not malicious software that is yet to be deployed. This is because only the operator can define software as malicious and not the machine (Fisk, 2012). Most virus protection services guard against known characterized risk with identifiable signatures. Legacy system risks The older a system is in use, the more vulnerabilities are known to aggressors and the greater the discrepancy between the computing technology of the system and the technology available to the assailant (Fisk, 2012). This increases the risk for a targeted attack since it is an easy mark. Lack of contingency plans A hardware malfunction in an IBMS can bring down all components of the building. Once one controller is infected the malicious software can easily propagate itself across the whole system and such an infection would take several days to clean especially if the code needs to be rebuilt from scratch and not simply rebooted. Therefore a contingency and backup plan is essential for the continuation of operations during this period. Risk Mitigation Strategies: The mitigation strategies are meant to protect the security and privacy of building owners and users, maintain the integrity of the building and its operations and ensure continuous availability of accommodation for its owners and users (Sinha, 2014). The security and privacy of the buildings occupants is jeopardized when the integration of systems and the convergence of technical infrastructure results in unplanned and unauthorized pathways allowing access to systems or data loss. For example unauthorized access to building control and room booking systems can lead in the revelation of personal data. The optimum place to start when mitigating the risks brought about by an IBMS is during its design phase. Certain steps need to be taken at the various stages of design, installation and finally during operations to improve the security of the system. Design Physical Security Physical security ensures that IBMS devices, networks and information are not accessible unless authorized and therefore intruders cannot circumvent other methods of protection. Therefore during the design stage, consideration should be made to ensure that mission critical devices are located in access controlled areas or locked cabinets (Beilby et al, 2011). This will prevent physical access to network devices such as routers, firewalls and switches. Communication cable runs should also be protected with conduit or ruggedized cables chases. Network Infrastructure The network allows information to flow between the IBMS, the organization system and the outside world therefore it is of vital importance in securing the system. To secure the network, the organization should limit access points and isolate the IBMS as much as possible. For example locating the IBMS on a virtual local area network would ensure that building traffic remains within an established logical boundary. Providing remote access to the IBMS systems introduces a unique set of security challenges. A secure connection should be used such as a VPN which would provide encryption and authentication of remote sessions. Secure protocols and applications such as HTTPS, SSH and SCP/SFTP should be used as opposed to Telnet and FTP (Crestron, 2012). Only required users such as system operators should be allowed remote access and even then a two factor authentication should be required. A demilitarized zone (DMZ) should be created if the organization needs to provide public access to information. Consider placing a server on which to mirror the information. Security features Firewalls should also be used to control the flow of information in and out of network entry points. Firewalls should be placed at every transition point in and out of the IBMS network. Care should also be taken before granting outsiders access. Authentication and authorization should also be used to manage user access. Users should only be allowed to perform functions as defined by their role on the organization. User restriction controls should include central authorization, password control and network monitoring. Users can further be restricted by establishing requirements for individual devices such as routers, servers, embedded controllers and workstations (Capita, n.d.). Strong authentication methods should be used for host devices. Such methods include smart cards or USB tokens, biometric authentication and two factor authentication limits. Intrusion protection systems should also be put in place to monitor system events and identify threats early on. The IDS should allow for the customization of rules based on defined acceptable network behavior. The system administrator should take the time to understand the capabilities of the IDS before setting alerts and response rules that govern its operation. Measures should also be put in place to detect and mitigate threats through the creation of logs that monitor physical access, network activity, device activity and firewall configuration. System performance should be considered in the setting of logging parameters and log files should be located in a central area to avoid unauthorized modification (Popescu, n.d). Wireless Technology The advantages of wireless technology are weighed down by the security risks associated with its use. The organization should choose wireless devices with built in firewalls and support for high level encryption. Wireless access devices should be hardened by replacing the default administrator and password with strong alternatives. The identifier broadcasting should also be disabled while the user authentication should be enabled. When selecting system components in general, devices and protocols that support encryption, nonrepudiation and integrity should be selected (Saleh, Ali & Kamaruzzam, 2009). Preference should be given to devices with event logging capabilities which can aid in early threat detection by recording network events, configuration changes and user access. Installation The IBMS may be particularly vulnerable throughout the installation process therefore management should consider temporarily isolating the system until all components of the security plan are in place. New and legacy systems should be updated with security patches. To allow proper configuration of security features during installation, system performance should be evaluated as security features are brought online to ensure they are not interfering with proper IBMS and enterprise system functions (Snyder, 2015). Each device should be evaluated to determine which ports and services are available and any that are not needed or are only used temporarily should be disabled. Media ports could be blocked to avoid the introduction of malicious software through removable media. If removable media are necessary, measures should be taken to restrict port access. Antivirus software and firewalls should be introduced to host systems and operating systems should be updated automatically. In the configuration of user accounts, each group of users should be restricted to the lowest level of privileges needed to perform their role and the administrator should prevent the duplication of passwords. Expiration dates should periodically force users to change their passwords. Operations Once installed the IBMS should be monitored vigilantly to detect security breaches early and limit the spread of damage. The network should be scanned regularly and systems logs reviewed routinely for any irregular activities. Indicators such as numerous failed logins, unusual credential card use and increases in the network load are usually signs of a breach and should be treated with the highest priority. Incident response plans should describe the actions to be taken in case of such irregularities. User accounts and access lists should be maintained and updates made in case a user changes their role in the organization. This process should be well documented and should address all types of access such as physical, remote and device level access. The IBMS administrator should also ensure that a good security patch management plan is in place to close security gaps without major disruption to the system. This may be done through taking inventory of devices that require periodic security updates. Whenever possible, patches with digital signatures should be used to ensure they are from trusted vendors. A patch installation plan is also necessary and should dictate the methods used to prioritize patches, the procedures for vendor certification of patches, testing of patches before installation and stages of the installation process to minimize possible disruption. The plan should also have pre-approved patch management tools that provide security audit features. A backup and recovery plan should also be approved and it should identify responsible parties, list items to be backed up and provide specifics such as backup intervals, locations and the number of versions to retain. A building “black box” needs to be designed and implemented to capture information that may be considered important in the investigation of incidents (Vijayan, 2014). Frequent remote back up of building occupancy information should be considered for use in case of an evacuation. IBMS security awareness As mentioned, the people who interact with the IBMS play a critical role in securing it which necessitates personnel training to build awareness about the role of each person in maintaining its security. The training should enable personnel to recognize and respond to breaches. The training should be made mandatory and should be monitored for effectiveness. Finally, periodic security audit should be performed to ensure the systems, policies and procedures are effective and that no gaps exist. Security audits should include penetration testing and the organization should evaluate past breaches to identify points that can be exploited as well as assess new types of threats. Management should ensure security procedures are being followed and security systems are not bypassed. The operations team should also collect feedback from building users on whether building systems are supporting or hindering them because users may try to bypass controls if they feel hindered thereby creating security gaps. Conclusion It is clear that building automation systems have evolved over the years leading to unforeseen advantages such as energy efficiency, cheaper operating expenses and better client services. However, this evolution has also led to the increase in security concerns for the security manager. The intelligent building management system not only integrated systems within a building but for efficiency it linked to an organizations IT network and allows for remote access through the web. These features of the IBMS make it vulnerable to an attack against not only the building in question but the operating environment of the business as a whole. Some of the threats and vulnerabilities cited are electronic pulse attacks, signal jamming, power supply, IP technology, legacy systems and the introduction of malicious software not forgetting the human element that can either make or break the security of the system. The risk strategies cited started all the way from the design phase in order to ensure that system security was at the core of the development of the building management system. The installation phase was also found to be vulnerable and therefore measures must be undertaken to ensure security is not breached. Finally, security should not end once the system is in place. There needs to be a continuous effort during the operations of the system to keep track of activities undertaken by the system and sniff out suspicious events. References Beilby, M., Bjorck, A., Bulow, J., Cunningham, J., Leida, B., Meran, J., Nilsson, H., Slavin, S., Strass, G. (2011). Best practices for securing an intelligent building management system. Retrieved from http://www.schneider-electric.com Brooks, D.J. (2011). Intelligent buildings: An investigation into current and emerging security vulnerabilities in automated building systems using and applied defeat method. Retrieved from http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1010&context=asi Capita IT Enterprise Services. (n.d.). Integrated solutions-10 drivers for intelligent buildings. Retrieved from http://www.capita-ites.co.uk CPD 13. (2013). Intelligent building management systems. Retrieved from http://www.building.co.uk Crestron Electronics Inc. (2012). How intelligent building management solutions are reducing operational costs. Retrieved from https://www.crestron.com Dickinson, P. (2014). Smart building technologies could expose companies to a new breed of cyber-attacks. Retrieved from http://techcrunch.com Fisk, D. (2012). Cyber security, building automation and the intelligent building. London: Taylor & Francis. Retrieved from https://workspace.imperial.ac.uk/securityinstitute/Public/cybersecurity17508975.2012.pdf Gellers, J. (2014). Building automation systems: Addressing vulnerabilities through best practices for green builders. Retrieved from http://insight.gbig.org Gray, J. (2013). Intelligent buildings and new cyber threats. Retrieved from http://www.themanufacturer.com King, R. (2015). Cyber security for intelligent buildings. Retrieved from http://www.academia.edu Maldeis, N. (2013). Building automation trends: Building automation evolution. Retrieved from http://facilityexecutive.com Palensky, P., Dietrich, D. (2011). Demand side management: Demand response, intelligent energy systems, and smart loads. Retrieved from http://citeseerx.ist.psu.edu Popescu, D., Prada, M. (n.d.). Some aspects about smart building management systems-Solutions for green, secure and smart buildings. Retrieved from http://www.wseas.us Saier, S., Towery, C. (2013). Could your building catch a virus? Cyber security risks for intelligent buildings. Retrieved from http://ownersperspective.org Saleh, H., Ali, S.A., Kamaruzzam, S.N., Chuing, L.S., (2009). A case study of intelligent buildings in Malaysia. Malaysian construction research journal, 4(1). Retrieved from http://repository.um.edu.my Sinha, S., Taparia, S., & Mansukhani, R. (2014). A roadmap to the ‘Internet of buildings’. Retrieved from https://www.greenbiz.com Snyder, L. (2015). Building automation: Why building management systems are at risk of cyber-attack. Retrieved from http://www.facilitiesnet.com The Institute of Engineering and Technology. (n.d.). Intelligent buildings: Understanding and managing the security risks. Retrieved from http://www.theiet.org/sectors Vijayan, J. (2014). With the internet of things, smart buildings pose big risk. Retrieved from http://www.computerworld.com Wong, J.K., Li, H. (2006). Application of the analytic hierarchy process (AHP) in multicriteria analysis of the selection of intelligent building systems. Retrieved from https://www.researchgate.net Read More