800x100 static WP 3
WP_Term Object
(
    [term_id] => 3611
    [name] => IoT
    [slug] => iot-internet-of-things
    [term_group] => 0
    [term_taxonomy_id] => 3611
    [taxonomy] => category
    [description] => Internet of Things
    [parent] => 0
    [count] => 547
    [filter] => raw
    [cat_ID] => 3611
    [category_count] => 547
    [category_description] => Internet of Things
    [cat_name] => IoT
    [category_nicename] => iot-internet-of-things
    [category_parent] => 0
)

Smart Buildings are Stupid and Insecure?

Smart Buildings are Stupid and Insecure?
by Bill McCabe on 07-05-2016 at 7:00 am

An Internet of Buildings (IoB) that really works and can’t be hacked? The IOT holds great promise for nearly every aspect of society and, of course, is rife with business opportunity, as well. One of the most exciting opportunities on both fronts remains the opportunity to create connected buildings.

The U.S. Department of Energy poses the challenge in this way: “Buildings will no longer be passive objects that consume resources, but rather active participants engaged in the energy system and our community.”

What exactly is meant by “connected buildings” on a practical level? Some of these characteristics include:

  • Buildings are self-aware and continuously anticipate and adapt to changes in weather, time of day, occupant needs, and socioeconomics.
  • Buildings will transact with utilities (including electricity, gas, and water), local power sources, and other buildings to provide services that will benefit building owners, utility operators, and the entire community.
  • Buildings will minimize their life-cycle cost while meeting their objective functions through optimizing energy and water use, enhancing health and the productivity of occupants, contributing to a cleaner environment, and actively supporting better living.

Smart Buildings: A brief history
Most people don’t think of the first “smart” buildings and think of the lowly thermostat. However, that technology was really the first step toward a “self-aware” building. As you might imagine, other controls introduced during the early days of building management were of the order of the thermostat and managed manually. In the 1980s, many of these systems became digital and by the 1990s, Building Management Systems (BMS) might have been computerized, might have yielded reports that helped facilities manage resources better—however these systems were often fragmented.


From “Green Biz Insights” June 23, 2014
These challenges culminate today in the difficulty of creating open protocol for many different structures under different ownership. We are now seeing important efforts to that end by governments and businesses that collaborate together to forward the promise of smart buildings. These initiatives and the data they generate contribute to an interrelated web of information – a data-rich ecosystem that benefits both the structures’ occupants and the communities where they stand.

Just two short years ago, a Green Biz article proclaimed, “We are now in the era where big data technologies enable us to capture data from different sources, in diverse formats and with varying context. From being a catalyst, data is now becoming a driver of actions. Less human effort is required to manage even though the complexity around data has increased massively. We are essentially at the cusp of what we call the era of ‘Internet of Buildings.’ This will be the future age of Internet of Buildings, where we will see interoperability and seamless data interchange.”
So how far have we come?

The Present State of the IOB
According to an article in TechVibes, In February at the IBM InterConnect 2016, Siemens Building Technologies Division and IBM’s Watson IoT Business Unit “announced cloud-based solutions that will leverage Siemens’ building expertise and IBM’s Internet of Things capabilities to maximize the potential of connected buildings and the data they create, helping corporate real estate owners across multiple industries drive business results and meet energy efficiency goals.”


IBM’s open standards-based Watson IoT Cloud platform can solve a lot of the open protocol issues that industry wonks were bemoaning in 2014. The move toward open standards platform integration in other cities and for other IoB initiatives will ensure that the “language” of connected buildings converges. Then, smart buildings can speak seamlessly among themselves in smart cities that protect resources and create additional opportunities for improving the lives of the people who live there.

Keeping the IoB secure
Other solid news from the IoB front include government and industry partnerships to control the security risks inherent with the advent of “smart cities.” Entities as diverse as the Department of Homeland Security’s Office of Cyber and Infrastructure Analysis, Stanford University’s Center for the Internet and Society, Drawbridge Technologies, IBM, and others in the public and private sectors have mustered efforts to institute changes. These ensure that “risk assessment methods and security measures (that) often don’t scale well from the asset or system to the level of political jurisdictions” are adjusted to manage threats to smart buildings, and, by extension, smart cities.

A recent research report identified the threat of a “shadow” IoT” built right into several North American connected buildings that were managed by the same company:

“A survey of building automation system software by researchers at IBM X-Force found that the systems suffer from a range of security issues, from weak authentication and authorization controls. Administrative web interfaces used to provide remote access to the systems also are vulnerable to application based attacks and lack basic security controls,” said X-Force researcher Paul Ionescu.

In a “red team” exercise performed for the firm, the IBM researchers found they were able to compromise the company’s main monitoring and control server, which was used to manage several locations in North America. Ionescu told Security Ledger that the attack exploited a weakly secured DLink router that was used to link the building automation system to the Internet.”

In the same article, we learn that “the compromise of Target Stores in 2014 was linked to heating, ventilation and air conditioning (HVAC) systems running within Target’s headquarters.” This incident made the papers when consumer credit cards were compromised; however few knew about the follow-up report blaming the BMS at headquarters. These public relations incidents have the capacity to make a public that is already leery of the “Big Brother” implications of having their house “watching them.”

As we enter the era of smart buildings and smart cities, it’s clear that IoB companies, in partnership with government, need to seek a common goal: Keep the IoB safe and keep working together to ensure that the IoB revolution lives up to its name—but does not include the infighting and disruption that has characterized non-techie revolutions across time.

Share this post via:

Comments

There are no comments yet.

You must register or log in to view/post comments.