In today’s Smart building, all the electrical and mechanical devices (controllers and sensors) such as Heating, Ventilation & Air-conditioning (HVAC), fire detection & suppression, video surveillance and/or a building’s SCADA based microgrid are controlled and monitored by a centralised Building Automation System (BAS). BAS devices are tightly integrated. For example, HVAC systems are now integrated with fire suppression systems for smoke control, and in turn fire suppression systems are integrated with elevators for automatic shutdown in case of fire. Modern BASs include cost effective off-the-shelf IoT (smart) devices such as thermostat, humidity and motion control sensors.
In this context, threats to BASs are on the increase. There are two main factors for this. The first factor is threats due to physical attacks (executed perhaps by insiders). Individuals are fast becoming more knowledgeable of the nuances and intricacies of BASs such that they are ever more capable of executing sophisticated on-site attack scenarios. For example, it might be possible to physically tamper (intentionally or accidentally) with a fire suppression system that not only directly affects that system but causes a cascading threat scenario with its interconnected BASs such as HVAC and Elevator controllers fail to shut-down in accordance with Health and Safety procedures.
The second factor is threats due to cyber-attacks. Traditionally BASs were isolated from ICT systems and as a consequence were considered secure and resilient (assuming no insider threat) despite their lack of security features. This is no longer true. Not only are BASs vulnerable due to a lack of inbuilt security by-design and/or security misconfiguration, but they are now also subject to ICT threats/vulnerabilities such as those caused by their connection to the Internet. For example, a smart building ICT network switch fabric may have an overly permissive access control configuration (in terms of IP addresses and ports) between various BASs such as HVAC controllers and data historians that may not be necessary and an upstream Internet facing firewall may be misconfigured to allow unintended access to a data historian. In addition to that, these two seemingly disjoint threats (overly promiscuous trust on internal control network and improper DMZ access to a data historian) may in fact cause an unforeseen cascade threat such that their composition makes an unsecured HVAC controller accessible from the Internet.
In addition to the threat vector of (unintended) Internet access, management of large scale distributed heterogeneous BASs security mechanisms are complex and requires a security administrator to have deep knowledge of each security mechanisms configuration. Note unlike typical ICT systems, BASs are intended to have a life span on the order of decades. As a consequence, acquiring deep knowledge may not be feasible nor easily transferable. As a consequence, effective security configuration may be hampered by poor understanding and/or management of the enterprise security policy which, in turn, may unnecessarily expose the enterprise to known threats. With today’s emerging threats to Building Automation Systems, effective security configuration is beyond manual analysis and/or human ability.
ANASTACIA technology with its trust and security by-design approach will provide an ideal technology to address these security challenges in BASs and Smart Buildings. The following are examples and a preliminary scenario which will be taken into account, together with others, to demonstrate the project outcomes.