The Smart City Blog

​Is Cybersecurity the Next “Killer App” for Smart Buildings?

Joel Silverman - Monday, February 19, 2018

Smart buildings are no longer a vague idea in the mind of ardent futurists. Today, more than 2.7 billion devices have been deployed in smart buildings to improve operational efficiency, safety, comfort and functionality. As of 2015, 84% of building automation system (BAS) operators reported using Internet-connected systems to tap into the power of the Cloud and Big Data. These systems bring a range of benefits, from increased energy efficiency to improved productivity.

But they also raise cause for alarm. The presence of billions of new Internet-connected devices has dramatically increased the number of attack surfaces in a world where ransomware, malware, and cyber-espionage/terrorism are on the rise. In a 2014 survey, IBM found that only 29% of BAS operators had taken action or were in the process of taking action to improve the cybersecurity of their Internet-connected systems. It’s not surprising, then, that according to the U.S. Department of Homeland Security the number of cyber incidents involving industrial control systems, which includes BAS, increased by 74% from 2011 to 2014. Indeed, Gartner predicts that by the end of this year, 20% of smart buildings will have suffered from some form of digital vandalism.

84%

Building automation system (BAS) operators reported using Internet-connected systems in 2015

29%

BAS operators had taken or were taking action to protect Internet-connected systems in 2015>

74%

Increase in cyber incidents involving industrial systems from 2011 to 2014


The Cybersecurity Opportunity in Smart Buildings

Every challenge bears within it the seed of opportunity—and the cybersecurity problem is no different. Research firm Memoori estimates that global revenues for smart building cybersecurity will reach $8.65 billion by 2021, more than double the estimated $4.26 billion in 2016. The market is expected to grow at a healthy 15% CAGR over the forecast period as smart building operators race to stay ahead of threats against their critical systems and data.

Not everyone will benefit from this opportunity. Many are still sitting on the sidelines waiting for the cybersecurity market—and customer demand—to develop. Yet, there are others that we’re working with who have begun to take action today. They understand that now is the time to position themselves as cybersecurity leaders and build brands and products that customers can trust.

Building Stronger, More Secure Smart Building Networks

One of the biggest dangers in smart buildings is that they’re not prepared for the numerous threats found within an Internet-connected world. Many of the devices installed in building automation systems were built for closed networks that were isolated from the outside world. Authorization controls are weak or nonexistent, data is frequently left unencrypted, and the administrative web interfaces are not built to handle the kinds of attacks we see on public websites.

Compounding this problem, cybersecurity is traditionally seen as the domain of IT experts. Most building managers lack the knowledge or experience needed to fend off botnets, denial-of-service attacks, brute-force attacks and the many other threats posed by sophisticated hackers. This is an area where BAS vendors can step forward to help their customers navigate the complexities of implementing effective network security.

Encryption

The first step in any sound security policy is encryption. With encryption, data is only readable by those with the keys to decode it. A good encryption scheme can make it difficult, if not impossible, for hackers to steal sensitive information or gain control of network devices.

Historically, one of the biggest obstacles to implementing encryption within smart building networks is the relatively low bandwidth provided by available communications protocols. However, this has changed with the advent of high-speed protocols like HD-PLC. Developed for advanced smart building applications, HD-PLC achieves fast +10Mbps data rates over distances up to several kilometers long. This gives it ample bandwidth to support the high-bandwidth demands of converged smart building networks, along with cryptostrong AES-128 encryption.

AES encryption is a specification developed by the US National Institute of Standards and Technology. It is used by the US government and many others worldwide. It is the only publicly available cipher approved by the National Security Agency (NSA) for the protection of top secret information. AES offers several key sizes: 128-, 192-, and 256-bit. AES-128 encryption is best suited for smart building networks, since it is secure enough to withstand modern day brute-force attacks, yet very bandwidth-efficient.

Whitelisting

Another recommended countermeasure borrowed from the IT world is the whitelisting and blacklisting of devices. Whitelisting is a relatively simple approach for locking down the network. A whitelist maintains a list of permitted, trusted devices and prevents endpoints from communicating with unknown or unauthorized devices. Similarly, a blacklist can be used to prevent access from specific IP/MAC addresses and countries.

Both of these approaches are well-suited for building automation systems, since the software has a small footprint and low overhead and the network is well-defined. Together, they help prevent devices from communicating beyond where they’re supposed to or being accessed from outside the network. Megachips’ HD-PLC SoC solutions integrate this functionality, alongside standard AES-128 encryption, to facilitate the implementation of robust cybersecurity in smart buildings.

Software Updates

No software is perfect. As consumers, we constantly receive security updates for our cell phones and personal computers to fix bugs and prevent hackers from finding and exploiting weaknesses. However, most building automation devices are never updated once they leave the factory, leaving them vulnerable to all kinds of unanticipated threats.

The most secure BAS devices include the provision for future updates. MegaChips’ HD-PLC solutions employ IPv6 addressing to enable the addition of state-of-the-art security features through simple firmware updates, so that end customers can trust that they always have the most advanced security available.

Meet New Cybersecurity and Bandwidth Challenges with HD-PLC

Legacy communications protocols aren’t built to handle the cybersecurity threats encountered in modern smart building networks. Fortunately, there are new options now like HD-PLC designed to meet the bandwidth, cybersecurity and cost concerns of these applications.

Download the HD-PLC whitepaper to learn more.

Let Us Know What You Think

Is cybersecurity the next “killer app”? What are you doing to address these concerns in your products and applications? Please share your thoughts in the comments below.

Michael Navid
VP, Marketing and Business Development, MegaChips
Michael is an accomplished business executive who has spent the last 15 years working to advance the communications technologies needed to build a smarter planet. The original founder of the G3-PLC Alliance, he was a key contributor in the evolution of G3-PLC as the premier communications technology for smart grids. Today, Michael is applying his experience and energy to bringing the benefits of HD-PLC to smart cities and smart buildings. When he’s not driving technology transformation, you’ll likely find him in one of his vintage cars heading down Pacific Coast Highway in Southern California.
Connect with him on LinkedIn.

Comments
mezo commented on 29-Mar-2018 12:51 AM
I think this is ߋne of the most sіgnificant іnformation fߋr me.

And i'm satisfied studying your article. However want to commentary ߋn some basjc things, The website taste іs ցreat, the articles
is іn reality nice : Ɗ. Jusst rіght task, cheers
Paul Loves iotega DIY Wireless Alarm System commented on 04-Apr-2018 06:00 AM
I've been investigating this subject for almost two weeks at this point and this really is the 1st page which makes perfect sense. Why is it really hard to gather effective advice with regards to security today? Absolutely recognize the effort you invested getting your ideas in to words so first-timers similar to me will be able to take a step. Will there be a part 2 on your post? Thanks again!
Hussin Ahmed commented on 04-Apr-2018 08:31 AM
Hi there just wanted to give you a quick heads up.
The text in your content seem to be running off the screen in Firefox.

I'm not sure if this is a format issue or something to do with internet
browser compatibility but I figured I'd post to
let you know. The design look great though! Hope you get the problem resolved soon. Thanks
viagra super active paypal commented on 11-Apr-2018 11:56 PM
Aⲣpreciate tһis post. Will tгy it out.
Manar AHmd commented on 12-Apr-2018 06:10 PM
Howdy! This is my first comment here so I just wanted to give
a quick shout out and say I truly enjoy reading your blog posts.

Can you recommend any other blogs/websites/forums that deal with the
same subjects? Thanks!
rite commented on 13-Apr-2018 07:21 PM
I pay a quick visit everyday ɑ few sites and informɑtion sites to
read articles, howevber tһis weblog ցives feature based articles.
Iomoio commented on 22-Apr-2018 02:08 AM
Hi my friend! I want to say that this article is amazing, great written and come with approximately all vital infos. I would like to peer more posts like this.
Teodora Voorhees commented on 30-Apr-2018 11:49 PM
You need to take part in a contest for among the very best blogs on the internet. I will recommend this internet site!
Paul Loves No Contract Alarm Monitoring commented on 11-May-2018 09:17 AM
I have been exploring this subject for almost 2 weeks at this point and this is actually the first blog that absolutely seems sensible. How come it's so hard to access reasonable facts relating to security today? Surely respect the effort you spent putting your thoughts in to words so rookies similar to me can certainly take a step. Could there be a part two on your article? Thanks again!
Wireless Security Systems commented on 22-May-2018 05:16 PM
I've been researching this area for roughly three weeks now and this is the 1st posting which adds up. How come it's so difficult to find good facts about protection these days? Definitely value the effort you spent putting your ideas into words so first-timers similar to myself will be able to take action. Will there be a part 2 on your article? Thank you again!
Wireless Security Systems commented on 05-Jun-2018 09:36 PM
I have been researching this topic for about two weeks at this point and this is actually the 1st article which actually makes perfect sense. Why is it so difficult to gather quality specifics involving security and safety these days? Surely value the energy you spent putting your ideas in to words so amateurs just like me personally will be able to take a step. Will there be a part two for your posting? Thank you again!
Matthew Holweger commented on 29-Oct-2018 06:46 AM
06. Add a grid
April Skar commented on 24-Nov-2018 08:13 AM
escorts tours

Post a Comment




Captcha Image

Trackback Link
http://www.megachips.com/BlogRetrieve.aspx?BlogID=22976&PostID=1012336&A=Trackback
Trackbacks
Post has no trackbacks.