‘Smart buildings’ offer many benefits to organisations, individuals and the environment. But they are also widening the attack surface and opening up of new entry paths into corporate networks as a result of the convergence between operational technology and IT systems. Tony Atkins, Regional Director EMEA at Nozomi Networks, discusses how organisations can take steps to secure their networks in order to fully reap the benefits of smart building connectivity.
Today many of the world’s most forward-thinking workplaces are deploying smart technologies into their offices to help optimise functions, increase productivity and improve overall working life.
These new ‘smart buildings’ boost smart thermostats, which can measure the temperature of the building and turn on the heating or the air-conditioning when required, as well as intelligent lighting, which can be controlled remotely and adjusted to suit the time of day. When turning a building into a smart building, one of the key attributes is taking the data from the technology deployed and using it to make intelligent decisions.
Smart buildings can significantly improve the lives of those occupying them and can also play a key role in helping the environment, however, as we have seen time and time again, when Internet-connectivity is added into any piece of equipment it makes it accessible to the outside and by intruders. This ultimately means that when offices turn their workplaces into smart buildings, attackers have an even larger array of entry points to attack the organisation.
A world of opportunity for attackers
According to a report from IDC, Internet-of-Things spending is expected to reach US$745 billion globally this year. This shows just how popular smart technology is becoming and not just among consumers.
Smart technology within buildings offers huge benefits and not just for occupants. It can also be used to significantly reduce costs and reduce the environmental footprint of the building, by intelligently analysing data and understanding when, for instance, energy consumption can be reduced.
An example of this was recently reported in Forbes when it was revealed that the New York Times head office in Manhattan managed to reduce its lighting power per square foot from 1.28 watts to 0.4 watts, which is an energy saving of 70%. This was as a result of the media powerhouse implementing smart technology to control lighting and sensor blinds, among other things.
However, along with the many benefits smart buildings offer, the convergence between operational technology and IT systems this is required to support them also opens smart facilities up to an increased threat of hacking.
If a hacker is able to gain access to a smart building it potentially presents a world of opportunities to the hacker. For instance, because these new smart technologies are connected to the building’s IT network they open up new entry paths into corporate networks. Attackers could use these new devices as new ways in to install malware on the corporate network or recruit the devices into botnets or even launch ransomware attacks against the organisation.
This ultimately means that security for every single Internet-enabled appliance, from lighting to refrigerators, must be forethought before they are introduced into smart buildings.
Making security a priority
While most people would not look at their lighting or sensor blinds as attractive targets for attackers, the fact that these appliances are connected up to corporate networks, which also connect to sensitive information, means they are. Research and experience have shown repeatedly, when things are connected to the Internet, they become a target for malicious hackers. As a result, it is imperative that smart building operators make security a priority.
To reap the full benefits of connectivity within smart buildings it is important that all networks and devices are comprehensively accounted for and secured, as each device could be a potential entry point for attackers. In addition to maintaining an up-to-date and accurate inventory of devices on the network, it is also essential to ensure all software and hardware is updated with the latest patches and not hosting any vulnerabilities which could be exploited by attackers.
Organisations should also train staff on the security threats and teach them about the dangers of email phishing campaigns, including how to recognise malicious emails and attachments.
Finally, it is crucial for organisations to ensure that multiple levels of protection are in place – from securing the network itself to monitoring it in real-time for anomalies that could indicate a cyberthreat is present.
Today’s smart buildings are a variety of sensors, control systems, networks and applications. While these technologies are being introduced into workplace environments to improve efficiencies, help drive down costs and of course improve our global environmental footprint, they also increase the attack surface. As a result, the security of all new internet-enabled appliances must be forethought before they are added to the network.