Safe and secure
Building controls and BEMSs need to be kept as secure as any other business IT system. Steve Harrison explains why now is the time to consider the best options for balancing functionality with security.
The rise of intelligent buildings has yielded numerous benefits for clients and installers when it comes to ease of use and servicing. But with those advances come significant security challenges.
A number of stories are emerging about hackers slipping into the IT systems of some companies via the BEMS software. While still rare, such incidents highlight the potential impact of an attack on a building’s control system, and they demonstrate that the controls industry and its clients need to keep a careful eye on system security.
The risks are twofold.
Once access is gained to everything from room temperature to lift operation, the dangers in emergency situations and to sensitive materials are obvious.
Additionally, with many control systems sharing networks with business-critical functions, the potential for the BEMS to become a gateway to other areas of business information is all too clear.
Steve Reid, solutions development engineer for Siemens Building Technologies, sees this convergence of corporate IT and building systems as the key issue: ‘Typically, the BEMS servers are on company’s corporate network. An engineer would usually log in directly, insert a memory stick and make a change.
‘That’s the convenient solution but introduces the possibility of viruses getting into the system. The fact that these technologies sometimes share networks could provide a springboard from one system to get into another system.’
One solution that would at least reduce this type of risk is for controls systems to sit on a separate, private network. Reid explains: ‘Putting it on a private network is the most secure method, but to make it easy for the outsourced facilities management company to have access or look after it remotely, they can link control systems to the Internet, and that means a trade-off between convenient servicing and security.’
Jon Kilpatrick, director of systems installer Detail Design Engineering concurs. ‘Physical separation is the ultimate method of securing against threats to a central IT system,’ he says. ‘But the benefit of BEMS solutions is that the end users can have access. So there is a need to find a balance between achieving protection on one side and user access on the other.’
Malcolm Anson, managing director of Clarkson Controls and BCIA vice president, says it’s not just hackers with unlawful intentions who are causing concern: ‘Our biggest problem has been Google,’ he says. ‘Their software was treating one of our web-based controllers as a website and searching for keywords. We installed tracking software as it was freezing up our controller and tracked the IP addresses back to Google. We’ve rewritten our firmware to kick them out.’
Anson agrees that, with IT and controls systems sitting side by side on a network, risks exist. But there are safeguards in place such as those implemented in one of his school installations.
‘You can't access the site network unless your external computer’s IP address and password are recognised by the site’s physical firewall. Once we're on the site network, we are restricted by the on-site IT department so we can only look at our own specific IP BEMS controller addresses. This means we can't get into anything else on the network. We also have rolling passwords that are changed monthly. This puts our BEMS IT protection at the same level as banking and financial services.’
Kilpatrick also contends that there is provision in larger-scale sites for other areas to be kept off limits to unwelcome visitors: ‘If you don’t tie your systems down with passwords and regularly change them, you do leave them open to abuse.’
He also points to other built-in security devices that should be activated: ‘Manufacturers have always had pin codes you can set into their devices and the software you run on them.’
However, determined hackers will work hard to break into a system if they really want to, so there is a need for constant vigilance, especially when BEMS are being updated and where a site consists of numerous buildings.
Ultimately, clients have to make the choice about the best way to secure their building’s building-management systems, be that the physical detachment of the BEMS from the main network, or reliance on strict policies and protocols for every engineer logging in.
The controls industry has been paying close attention to the security challenge. Manufacturers are already building in security as much as possible, and systems installers will be able to offer sound advice on this area. The main driver, however, is with end-users who must have as much concern for BEMS security as they do for their other business IT systems.
Steve Harrison is president of the Building Controls Industry Association.