Connected buildings a real chink in cybersecurity’s armour
May 3, 2016 - With all the attention being paid to cybersecurity in today’s connected systems, Pook-Ping Yao explains connected building systems mostly fly under cybersecurity’s radar.
By Anthony Capkun
Which is unfortunate, because many of these devices that comprise a connected building are being installed and commissioned (e.g. lighting, shading systems, thermostats, occupancy sensors) as part of a larger effort to manage energy consumption.
Yao is the CEO of Vancouver-based Optigo Networks, which offers a network-based anomaly detection engine to deliver security for the commercial IoT (internet of things). Optigo explains modern commercial buildings include thousands of smart devices that require complex networks, all of which present new cybersecurity concerns.
“Every IoT device is an entry point for hackers,” explained Yao earlier this morning at the BICSI Canadian Conference, being hosted in Niagara Falls, Ont.
Be they window shades, occupancy sensors or a myriad of other devices, manufacturers of IoT gadgets aren’t usually cybersecurity experts, Yao noted. Their expertise is manufacturing devices; how those products fare against hackers is, typically, not their primary concern.
And how many IoT device owners proactively ensure their devices are up-to-date with the latest firmware?
Compounding the problem is deciding who is ultimately responsible for IoT device security. Is it Facilities? Operations?
Yao suggests the best way—in most situations—to secure your Building IoT (B-IoT) network is to secure the network, because it is common to all systems, everything runs through it, it is scalable, and makes IoT communications predictable.
He regularly advises clients to implement a physical separation between OT and IT (operations technology and information technology) functions, and isolate those systems.
In fact, the three key principles to securing your building network are:
• Observability (if you were hacked, would you even know it?)
• Controllability (if you were hacked, could you do anything about it?)
More than anything, Yao says you should start doing something right now. Start small, start simply… but start doing something.