Video surveillance has long been a component of improving physical security in the connected building, yet the cameras themselves can be a risk in the cyber realm. Think about all the different assets in the average connected building. A large suite of endpoint devices includes surveillance cameras, climate controls, energy management, wireless communications, digital signage – the list goes on and on. It’s no wonder then that the world’s largest botnets that are built up to knock large websites offline are largely composed of video surveillance cameras – the very tools that were supposed to provide security in the first place.
As physical and virtual worlds continue to merge, cyber-physical systems are making interconnected systems more and more vulnerable, which is the opposite of what should happen. This convergence isn’t stopping, and there will be more endpoints and more systems.
Latest Trends
Predictive HVAC can auto-adjust temperature and other settings based on weather forecasts and anticipate occupancy rates. There is increased HMI (human machine interface) utilization for things like buttonless doors and predictive elevators. There is unique wayfinding lighting to guide visitors to the correct location and even advanced asset tracking to ensure things don’t get lost. All of this adds incredible value to an already valuable asset. It also adds a lot of cyber exposure.
Much of these varying assets tend to meet up in the telco room or closet, or even the connected building data center if the asset is large enough. It’s the meeting point for HVAC, lighting, security, industrial controls, ethernet, LON and fire/life/safety systems.
The problem of a lot of existing BAS and EMS is that they originally were confined to the building itself – they weren’t really exposed to the internet. Of course, that didn’t last long – there are just too many interesting apps and software out there that can do seemingly magical things without connecting it to the outside world or interconnecting it together.
This is compounded by the fact that facilities management who usually run BAS and EMS systems are typically not people from the IT department. A lot of existing BAS software vendors presume that the onus for applying critical security updates and operating verbose SIEM software relies on facilities management. This has created a new category of risk called “Forever Day” bugs.
There was a time when end-users thought they’d be saved by utilizing software in the cloud, but that trend has been reversed with the advent of advanced machine learning capabilities and other edge compute advantages that must keep the software onsite.
Clearly security is still not just a burning issue but one that is rapidly devolving into a disaster. Traditional perimeter-based protection, a.k.a. firewalls, endpoint protection and the like have been deemed by most organizations to be inadequate at best and at worst give a false sense of security. Many organizations are taking a ‘zero trust’ approach toward securing networks and their systems.
The issue is that once a hacker breaches a network most everything is up for grabs. Therefore, it is important to protect individual functions and applications, not the networks – something the micro-segmentation vendors may not understand.
Unikernels are a newer software deployment methodology that some vendors are starting to embrace as they merge the traditional operating system and the individual application into one distinct unit. Rather than having to protect each and every server and each and every network from being a beachhead for hackers to launch their attacks, the unikernel creates a sandbox-like environment around each application with the unique aspect that it can only run one program – the program that was designed to run inside the sandbox. This simple yet straight forward approach vastly limits attackers’ abilities to enumerate and advance their attacks.
As more software is brought into each property, talk to software vendors about how they deploy their applications and whether they make use of newer unikernel technology. As the value of the physical property increases, do not neglect the value of the cyber property.
