With cybersecurity threats and attacks becoming an increasingly common occurrence Paul Bates, technical manager, Integrations Solution Centre at Schneider Electric asks whether you are leaving your building management system open to attack?
Building management systems that were once stand-alone are now firmly integrated with other IT systems. Today’s intelligent building management systems are networked with IT data centres, remote access servers and utilities through open protocols. While these intelligent systems provide significant benefits, they also open companies up to greater cybersecurity vulnerabilities.
There are a couple of simple, even obvious, but effective ways that you can improve the protection to yourself and your business from cyber attacks. These include, but are not limited to, effective password management, securing open ports and access points, software upgrades, user management and vulnerability plans.
Properly managing users and passwords is critical to securing any building management system. Most attacks on BMS systems are successful because a password has been compromised. The importance of changing default passwords for every installation should not be underestimated – this should be the first thing done when a new device is initialised. Products are usually shipped from the manufacturer with minimal security credentials, to allow for easy system setup. However, the longer that a device sits with default credentials, the greater the likelihood that it could be compromised.
On top of this, the days of simple alphabetic passwords are long gone. Today, there are common machines that can test billions of passwords a second. To provide any level of real protection, only complex passwords with over ten characters should be used.
Information about devices is valuable to any hacker. Once hackers are armed with sensitive network information, it is a relatively simple process to access a device and identify credentials. Once accessed, the device’s information can be harvested and either stored or sold. This process happens continuously and once it does no internet connected devices are safe.
Once all devices have been secured, the next step is securing all entry points into the system. These could include the Web interface, USB ports, open IP ports and building automation devices communicating with open protocols.
Most of the field bus networks running in an iBMS use protocols that are inherently insecure. In some cases these protocols have vulnerabilities that allow users to inject commands into the controlling device. While there are efforts to enhance protocols like BACnet with security features, these protocols have not yet made it into new devices.
When safeguarding from external threats is complete, it’s time to safeguard the system from within. It may seem easier to give everyone full admin rights – this is strongly discouraged from a security perspective. There’s no limit to the amount of damage a disgruntled employee with full access rights can do. Best practice is to give people the minimum amount of access rights necessary for them to do their job successfully.
There is also the possibility of adding further layers of security to manage user accounts, which includes auto-expiry of all accounts, whereby users need to input new passwords every couple of days along with ensuring that accounts are automatically disabled as soon as a user leaves the company to ensure the data stays secure.
When attacking a device, hackers usually determine first if all security patches have been installed. When security systems are not up-to-date there are usually weak areas that hackers can exploit.
An increasingly common way that hackers gain access to a BMS is through the distribution of doctored software deployment packages containing modified applications, which can compromise a device’s integrity. Always be fully familiar with the deployment system’s security features and implementation procedures to ensure that software authentication processes are followed prior to deployment.
Patching devices requires a co-ordinated process. Different companies have different policies for performing updates on their BMS. It’s important to understand these requirements, as well as to determine any operational impact caused by a temporary service outage needed to complete the update process. A Vulnerability Management Plan takes into consideration aspects of the vulnerability update.
Issues to consider when creating a VMP include:
- How does a given vulnerability impact a particular installation?
- What is the process to quickly access and update the device?
- Are there factors that will affect the ability to access or update the device?
- Are there risks associated with the update?
With data breaches regularly hitting the headlines, companies are more worried than ever before about the implications of a data breach. Any company with infrastructure connected to the Internet is vulnerable and could be financially crippled through lost revenue, lost productivity and damaged reputation. Today’s complex building management systems with their integrated IP-based communications networks are no exception. A hacker can use a single BMS device as an entry point to access an entire system.
While not every employee needs to be an expert in all fields of data protection, certain practices apply to all employees. Effective and regular cybersecurity training will make all of those within an organisation aware of possible vulnerabilities. Ultimately, the level of security issues and data breaches is directly related to the effort expended on making it difficult for hackers to access valuable building management systems.