SlideShare a Scribd company logo

Cyber Security in Smart Buildings

Download as PPTX, PDF
GAURAV. H .TANDON
GAURAV. H .TANDON

Cyber Security in Smart Buildings

Engineering
1 of 192
Cyber-Security In Smart Buildings Siegeware: When Criminals Take Over Your Smart Building
Smart Building • A smart building is any structure that uses automated processes to automatically control the building’s operations including heating, ventilation, air conditioning, lighting, security and other systems.
Smart Building
Smart Building • A smart building uses sensors, actuators and microchips, in order to collect data and manage it according to a business’ functions and services. • This infrastructure helps owners, operators and facility managers improve asset reliability and performance, which reduces energy use, optimizes how space is used and minimizes the environmental impact of buildings.
Smart Building
Smart Building • At the most fundamental level, smart buildings make occupants more productive with lighting, thermal comfort, air quality, physical security, sanitation and more at lower costs and environmental impact than buildings that are not connected.
Smart Building
Smart Building • Smart office buildings, health care facilities, hospitals, educational facilities, stadiums and many other types of smart buildings exist around the world. • Navigant Research estimates that the smart building technology market will generate global revenue of $8.5 billion in 2020, up from $4.7 billion in 2016, growing at a compound annual growth rate of 15.9% over the forecast period.
Smart Building
The Creation of a Smart Building • Making a smart building, or making a building smart, begins by linking core systems such as lighting, power meters, water meters, pumps, heating, fire alarms and chiller plants with sensors and control systems. • At a more advanced stage, even elevators, access systems and shading can become part of the system.
The Creation of a Smart Building
The Creation of a Smart Building • There is no single set of standards that makes up what a smart building is, but what they all have in common is integration. • Many new building have “smart” technology, and are connected and responsive to a smart power grid. • You don’t even need to move offices or create a new building to work in a smart building. • Building automation systems like those from Honeywell or Johnson Controls exist so property owners can take advantage of the power available in older structures.
The Creation of a Smart Building
The Creation of a Smart Building
The benefits • Creating or transforming a building into a smart building is beneficial for both the owner and the organizations working within. • These benefits range from energy savings to productivity gains to sustainability. • Smart building strategies can reduce energy costs, increase the productivity of the facility staff, improve building operations, support sustainability efforts and enhance decision- making across the organization.
The benefits
The Benefits • One example of energy efficiency is the use of optimal start/stop, which allows the building automation system to learn when it should bring the air conditioning system online for a particular zone in the building. • Another feature is electrical loads that are grouped into categories from critical to high priority to non-essential.
The Benefits
The Benefits • “When the building load is rising and approaching the high limit setting, the nonessential loads are turned off in their subgroup order, followed by the high- priority loads”
The Benefits
Cyber-Security Vulnerabilities in Smart Buildings • Today’s smart buildings are increasingly enabled by Internet of Things (IoT) and made functional by the ongoing convergence of Operational Technology (OT) systems and Information Technology (IT) systems in buildings. • A host of new elements such as the cloud, remote access, data sharing and analytics, and connected and shared networks has fundamentally changed how built environments are being used and operated.
Internet of Things (IoT)
Internet of Things (IoT)
Cyber-Security Vulnerabilities in Smart Buildings • However, buildings are exposed to a new threat that has been downplayed and undervalued for a long time. • After witnessing a recent slew of security breaches, stake holders of the smart buildings industry are recognizing the potential damaging impact cyber threats pose for the industry and its related businesses.
Cyber-Security Vulnerabilities in Smart Buildings
Defining Smart Buildings And Cyber-Security • Smart Building can be defined as one that uses both technology and processes to create an environment that is safe, healthy, and comfortable and enables productivity and well-being for its occupants.
Defining Smart Buildings And Cyber-Security
Defining Smart Buildings And Cyber- Security • A smart building is characterized by active IT-aided intelligence, smart sensors and controls for seamless operation, real-time dissemination of operational information for predictive analytics, and diagnostics to facilitate better management, maintenance, and optimization over time.
Defining Smart Buildings And Cyber-Security • Cyber security in the context of a smart building is defined as the quantum of technologies, processes, and practices designed to protect from unauthorized access all building systems and networks, including front-end physical and IT systems within the building, accessories and field-level devices, data and application platforms, and data aggregation systems such as all localized and remote systems that help in operating and maintaining a smart building.
Cyber Risks in Smart Buildings • Technology Progression • The building automation system (BAS) or a building operating system (BOS) has moved considerably from the physical realm to one with IT enabling all aspects of its functioning. Furthermore, there is now a new generation of connected and intelligent buildings powered by IoT.
The Integrated Building Network • The integrated network of a smart building is where the true benefits of a smart and converged infrastructure are realized by building owners and operators; however, this is also the point where extreme exposure to security vulnerabilities are manifest.
Security Vulnerabilities of a Smart Building’s Integrated Network
Security Vulnerabilities of a Smart Building’s Integrated Network • The integration portion of a smart building’s software is subject to extreme vulnerabilities, in which the BAS is connected to virtually any other aspect of the building, and from which a skilled hacker could access nearly any system in a corporate network.
Security Vulnerabilities of a Smart Building’s Integrated Network
IoT and Cyber Risks • Activities centering on IoT are delivering increasingly unique advantages and novel challenges. • The advantages include real-time access, vast data generation and analytics, and interconnectivity of systems and devices. • These advantages by themselves, however, offer little value unless the crucial decision to share the data and networks is simultaneously taken, thus permitting access to multiple service providers to tap into a smart building’s various systems and devices.
IoT and Cyber Risks
IoT and Cyber Risks • This access implies potential security breaches that could render a smart building, its occupants, and service providers powerless over an adversary’s damaging actions to corrupt networks, misuse critical information, and cause significant operational and financial loss.
IoT-influenced Cyber Risk Areas in a Smart Building
Impact of Cyber Threats to BAS/BOS Infrastructure
Why cyber criminals are targeting smart buildings ? • In countries like the United States, the growth of smart buildings is estimated to reach 16.6% by 2020 compared to 2014, although this expansion is not limited to the US but rather is taking place on a global scale. • This growth is largely due to the fact we live in a world increasingly permeated by technology, in which process automation and the search for energy efficiency contribute not only to sustainability, but also to cost reduction
Why cyber criminals are targeting smart buildings ? • Smart buildings use technology to control a wide range of variables within their respective environments with the aim of providing more comfort and contributing to the health and productivity of the people inside them. • To do so, they use so-called Building Automation Systems (BAS).
Building Automation Systems (BAS)
Why cyber criminals are targeting smart buildings ? • With the arrival of the Internet of Things (IoT), smart buildings have redefined themselves. • With the information they obtain from smart sensors, their technological equipment is used to analyse, predict, diagnose and maintain the various environments within them, as well as to automate processes and monitor numerous operational variables in real time. • Ambient temperature, lighting, security cameras, elevators, parking and water management are just some of the automatable services currently supported by the technology.
Building Automation Systems (BAS)
Why cyber criminals are targeting smart buildings ?
Why cyber criminals are targeting smart buildings ? • To put the possibilities of this smart infrastructure into perspective, is the example of a smart building in Las Vegas where, two years ago, they decided to install a sophisticated automation system to control the use of the air conditioning (keeping in mind Las Vegas has a hot desert climate and very little rain), so it is turned on only when there are people present. • This decision led to a saving of US$2m during the first year after the smart system was installed, due to the reduction in energy consumption achieved by automating the process. • Marriott Hotels implemented a similar system across the entire chain that is expected to generate an estimated US$9.9 m in energy savings.
Marriott Hotels implemented a BAS system across the entire chain that is expected to generate an estimated US$9.9 m in energy savings
Possibility of a smart building being attacked • The risk of a security incident taking place in an intelligent building is linked to the motivations of cyber criminals, who mainly seek to achieve economic gain through their actions, as well as to impact and spread fear. • There are already some tools such as Shodan that allow anybody to discover vulnerable and/or unsecured IoT devices connected publicly to the internet. • If you run a search using the tool, you can find thousands of building automation systems in its lists, complete with information that could be used by an attacker to compromise a device.
Tools Such As Shodan That Allow Anybody To Discover Vulnerable And/Or Unsecured Iot Devices Connected Publicly To The Internet
Possibility of a smart building being attacked • Smart homes and buildings are a new battlefield for hackers and security experts • Most people wouldn’t consider their heating, ventilation, and air conditioning (HVAC) system as a prized target for cyber criminals. After all, a successful hacking attempt could go as far as making us uncomfortable for a few minutes until we fix the problem.
Smart homes and buildings are a new battlefield for hackers and security experts
Possibility of a smart building being attacked • This wishful thinking, however, is what hackers are counting on. As we deploy a growing number of connected devices such as smart HVACs, intelligent cameras, and smart doorbells in our homes and offices, the complexity of the Internet of Things (IoT) ecosystem increases.
Possibility of a smart building being attacked
Possibility of a smart building being attacked • Gartner, a research and advisory company, predicts that 25 billion connected devices will be in use by 2021. • And many of these IoT devices will interact with each other through house automation servers like FHEM (Freundliche Hausautomatisierung und Energie- Messung) and Home Assistant, making our lives more comfortable, but less secure.
Possibility of a smart building being attacked
Possibility of a smart building being attacked
Possibility of a smart building being attacked • Sure, having tech that automatically turns on the air conditioner and lights as people enter the room is convenient, but building automation systems (BAS) that integrate connected ‘things’ are often inadequately secured and configured.
Possibility of a smart building being attacked
Possibility of a smart building being attacked • Hackers easily breach them by, for instance, finding a weak spot in an unprotected web login page of a fire detection system. • Once inside, hackers move to take over other parts of the BAS as well and can shut down the alarm or heating systems and demand ransom payment. • This threat, also known as ‘siegeware’, is growing in severity, and many companies and individuals have already fallen victim to these attacks.
Hackers easily breach a weak spot in an unprotected web login page of a fire detection system
Siegeware
Scope of The ‘Siegeware’ Threat • According to ForeScout, a cyber-security firm, the number of vulnerabilities in automation systems is constantly increasing. • Hospitals and schools are particularly unprotected from cyber-attacks, and they operate as much as 8,000 highly vulnerable devices. And taking full control of these devices can have major consequences.
The ‘Siegeware’ Threat
Scope of The ‘Siegeware’ Threat • ForeScout explains that control over smart devices can eventually provide hackers with access to private financial files and information stored in data centres. • Also, they can listen to conversations, review camera streams, delete files, reprogram automation rules, distribute malware, and provide unauthorised individuals with physical access to the building.
Scope of The ‘Siegeware’ Threat
Scope of The ‘Siegeware’ Threat • And although many of the vulnerabilities that hackers exploit are well known, only about half of them in industrial and IoT systems have been patched. • What’s worse, even hackers with limited resources can develop effective malware and hack smart buildings.
Creating powerful malware isn’t as expensive as it may seem • For instance, it took ForeScout only $12,000 to develop proof-of-concept malware to show how easy it is to hack a smart building. • In that process, the security experts first spent some time analysing various automation systems and looking for weak spots.
Scope of The ‘Siegeware’ Threat
A hacker hijacked Nest devices in a family home • Arjun and Jessica Sud from Lake Barrington, a village in the US state of Illinois, certainly agree with ForeScout, as they were victims of a malicious cyber criminal. • He hacked their Nest cameras, speakers, and thermostat, and, at first, talked to their 7- month-old baby. • As Arjun grabbed the kid and went downstairs, he noted that the temperature, which was usually set to around 22°C, was turned up to 32°C.
Nest camera hacked: Hacker spoke to baby, hurled obscenities
Family Was Watched Through Nest Security Cameras • https://youtu.be/qrgn8zHpGfs • https://sagaciousnewsnetwork.com/family-was- watched-through-nest-security-cameras
A hacker hijacked Nest devices in a family home • A deep male voice then yelled at him through the speaker in a security camera, using racial insults and cursing. • And as soon as the voice stopped screaming, Arjun and Jessica unplugged 17 Nest devices worth $4,000 and returned them to Google’s company.
A hacker hijacked Nest devices in a family home
Exfiltrating data through a fish tank and modem routers • But despite all the security measures in place, creative hackers are sometimes able to overcome any obstacle. • In Las Vegas, for instance, they hacked a casino through a high-tech fish tank that was connected to the internet. • The malware extracted ten gigabytes of data and transferred it to a remote server in Finland.
Ex-filtrating data through a fish tank and modem routers
Exfiltrating data through a fish tank and modem routers • The full scope of the breach was spotted only after the staff called in experts from Darktrace, a cyber-defence company, to analyse suspicious activity. • Darktrace says that “this was a clear case of data exfiltration but far more subtle than typical attempts at data theft.” • This, however, isn’t the only way hackers exploit the vulnerabilities of connected ecosystems.
Darktrace, A Cyber-defence Company
Exfiltrating data through a fish tank and modem routers • In one such example, cyber criminals hijacked DLink DSL modem routers and redirected all users that wanted to visit the website of Banco de Brasil to a fake website. • The attack was highly sophisticated in the sense that the hijacking succeeded without editing URLs in the victim’s browser. Also, the malicious code works on both Apple and Android phones and tablets. • The victims then enter their username and password, believing they’re accessing online banking accounts, while in reality, they’re delivering sensitive data to hackers.
Cyber Criminals Hijacked Dlink DSL Modem Routers
Cyber Criminals Hijacked Dlink DSL Modem Routers And Redirected All Users That Wanted To Visit The Website Of Banco De Brasil To A Fake Website.
Google Hacked By Its Own Employee • Even big tech companies aren’t immune to security flaws in IoT devices. • Google’s engineer David Tomaschik, for example, found a way to control smart locks used in the company’s Sunnyvale offices by replicating the encryption key and forging commands in the office controller software made by the tech firm Software House. • Even without the required RFID keycard, Tomaschik managed to open or lock the door and prevent people from entering the facility. And he could do all of this without leaving any digital traces behind.
Google Hacked By Its Own Employee
Hospital data breach left 1.5 million patients exposed • Meanwhile, cyber criminals stole the personal data of 1.5 million patients in Singapore, including their names, gender, identity card numbers, and addresses. • They stole even the prescription data of Prime Minister Lee Hsien Loong.
Hospital data breach left 1.5 million patients exposed
Hospital data breach left 1.5 million patients exposed • The attack took place between 27 June and 4 July 2018, as the hackers breached the network of Sing Health, Singapore’s largest group of healthcare institutions. • Luckily, records such as diagnoses or test results weren’t tampered with, but the authorities paused many of the country’s Smart Nation initiatives because of the attack.
Hackers stole personal, medication data
Hospital data breach left 1.5 million patients exposed • And many people fear that hackers could misuse their identities, as ID numbers are crucial for accessing various government services in Singapore. • Leonard Kleinman, the senior director of IT Security for the Australian Tax Office and cyber security advisor to the security company RSA, says that “such data can fetch a high price”. In 2017, a stolen or lost healthcare record was worth as much as $408 on the Dark Web.
Hospital data breach left 1.5 million patients exposed
Siegeware and BAS attacks, an emerging threat • As technological solutions to cybercrime become increasingly advanced, able to preempt attacks and weed out vulnerabilities before they’re widely known, attackers also become more adept at cloaking their presence and concealing their intent.
Siegeware and BAS attacks, an emerging threat
Siegeware and BAS attacks, an emerging threat • The targets of attacks also change with the times. • Hacking websites and bank accounts is old- hat, some of the most threatening dangers to the most modernized companies and even citizens are those that target technology that doesn’t yet have the robust security systems, or even standards, in place.
Siegeware and BAS attacks, an emerging threat
Siegeware and BAS attacks, an emerging threat • It’s sad, but well known that the average consumer doesn’t spend a lot of time worrying about whether the firmware on their IoT devices is up-to-date, leaving millions of devices around the world critically vulnerable to attack.
Siegeware and BAS attacks, an emerging threat • However, you would be forgiven for assuming that companies implementing centralized control of a building’s life support functions such as HVAC, fire security, doors and windows, etc. along with more convenience focused building automation systems, would prioritize cyber security. • This is not always the case, and can lead to a potentially disastrous situation for the homes and organizations that implement Building Automation Systems (BAS) and the companies that manufacture, install, and maintain them.
Siegeware and BAS attacks, an emerging threat
Siegeware and BAS attacks • When attackers combine ransom ware with BAS vulnerabilities, we get Siegeware. • The attacker takes control of a building and shuts down critical operations such as heating, cooling, alarm systems, and even physical access, and will only rescind control once a ransom has been paid.
When attackers combine ransom ware with BAS vulnerabilities, we get Siegeware
Siegeware and BAS attacks • Gaining access to the BAS means the attacker becomes the digital overlord of the building. By controlling the automated system that governs the functionality of the building, they control the building itself. • They can turn off ventilation, heating, fire suppression systems, and potentially extend influence to other digital functionality of the building.
Siegeware and BAS attacks
The hacker can access seven systems remotely once he hijacks the BAS: • Lighting control systems • Fire detection and alarm systems • Automated fire suppression systems • Integrated security and access control systems • Heating, ventilation, and Air conditioning • Power management and assurance systems • Command and control systems • The consequences of losing control of these systems may range from discomfort to potentially life-threatening situations.
The hacker can access seven systems remotely once he hijacks the BAS
An Emerging Threat • Siegeware is quickly becoming one of the most dangerous and effective methods of cyber-attack. • Many companies have already fallen victim to these attacks, and those that haven’t given in to the ransom demands have faced highly disrupted operations as a result.
Siegeware is quickly becoming one of the most dangerous and effective methods of cyber-attack
An Emerging Threat • BAS allows a single command center to control and automate all connected systems in a building so that a high level of comfort can be achieved efficiently. • But vulnerabilities exist in any connected system, and when the network is compromised the prospect of physical danger becomes very real.
An Emerging Threat
An Emerging Threat • With increasing numbers of organizations adopting BAS infrastructures, the number of potential targets rises, along with the time spent by attackers searching for as-yet unknown vulnerabilities. • To make things worse, many of these buildings are connected to the internet where anyone with the correct username and password can access it. • As of February 2019, there were 35,000 BAS systems connected to the public internet globally, and it’s highly likely that many of these are using default usernames and passwords.
An Emerging Threat
An Emerging Threat • Even if the majority of organizations implement adequate security, those that do not face severe consequences. • Countless schools, hospitals, universities, and banks have all fallen prey to ransomware attacks in the past few years, and this is likely to mutate into large-scale siegeware attacks in coming months to many BAS equipped buildings that do not have effectively secured networks.
An Emerging Threat
Siegeware: When Criminals Take Over Your Smart Building • Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities.
Siegeware: When Criminals Take Over Your Smart Building • Imagine you are the person in charge of operations for a property company that manages a dozen buildings in a number of cities. What would you do if you got the following text on your phone? • “We have hacked all the control systems in your building at 400 Main Street and will close it down for three days if you not pay $50,000 in Bitcoin within 24 hours.”
Siegeware: When Criminals Take Over Your Smart Building
Siegeware: When Criminals Take Over Your Smart Building • In this scenario, the building at that address is one of several upscale medical clinics in your company’s portfolio. • The buildings all use something called a BAS or Building Automation System to remotely manage Heating, Air Conditioning, and Ventilation (HVAC), as well as fire alarms and controls, lighting, and security systems, and so on. • As many as eight different systems may be remotely accessible.
Siegeware: When Criminals Take Over Your Smart Building
BAS or Building Automation System
Siegeware: When Criminals Take Over Your Smart Building • In this scenario, if someone has in fact gained control of the BAS, then it is entirely possible that the sender of the threatening message could make good on their threat.
Siegeware: When Criminals Take Over Your Smart Building
Siegeware: When Criminals Take Over Your Smart Building • Clearly, holding a building for ransom by leveraging its reliance upon software is now on the criminal agenda, part of the expanding arsenal of techniques for profiting from the abuse of technology
Siegeware: When Criminals Take Over Your Smart Building
Siegeware: When Criminals Take Over Your Smart Building • From Neolithic hilltop settlements to medieval castles and walled cities, human structures have always been a target for nefarious activity, often besieged by aggressors because access to them is essential to their functionality, be that living, working, meeting, trading, storage, or medical care.
Siegeware: When Criminals Take Over Your Smart Building • Numerous practical and financial benefits can accrue from enabling remote access to a BAS, but when you combine criminal intent with poorly protected remote access to software that runs a building automation system, siegeware is a very real possibility. • To put it another way, siegeware is the code- enabled ability to make a credible extortion demand based on digitally impaired building functionality.
Siegeware: When Criminals Take Over Your Smart Building
Siegeware: When Criminals Take Over Your Smart Building • How widespread will the siegeware problem become in 2019? • That will depend on several factors: how aggressively cases are investigated by law enforcement; how many victims refuse to pay; and how many targets of opportunity the bad actors can find.
Siegeware: When Criminals Take Over Your Smart Building
Siegeware: When Criminals Take Over Your Smart Building • So, if you are at all concerned about the possibility of a siegeware attack, ask around to see if there is any remote access for the BAS in “your” building. • Then try to find out how well protected it is. Has access been placed behind a firewall? • Does access require a VPN connection? • Is access protected with multi-factor authentication or just a password? • If the latter, then immediately call a meeting to get that fixed.
Siegeware: When Criminals Take Over Your Smart Building
Siegeware: When Criminals Take Over Your Smart Building • Frankly, anything less than hiding the BAS login behind a VPN with 2FA means a building is at risk from criminals wielding siegeware. • With 2FA now being so widely available and easy to use, failure to take advantage of it to protect a BAS is likely to fail a reasonable test, should building tenants sue in the wake of a siegeware attack.
Siegeware: When Criminals Take Over Your Smart Building
Preventing BAS hijacking • Any smart home or other BAS controlled building is a potential target for siegeware attacks. • If you live in a smart-home, or are the building manager or security officer at an organization that utilizes BAS to control functions of the building, then it’s critical to provide that the security systems are up to the task of controlling access to the BAS.
Preventing BAS hijacking • Many contractors will simply set up the automated control system on a web-based login interface. • It makes it easier for them to make any changes later on or solve any issues that might appear. • However, such remote access is vulnerable to unauthorized access.
Preventing BAS hijacking • If there is remote-access to your BAS it needs to be considered a critical IT system, see to it that you have the following, at the very minimum: • Up to date firmware • Firewall • Encrypted connection • Preferably VPN-only access from the building’s IP • Strong passwords • Multi-factor authentication • Lockout on failed password attempts • Notification of login attempts
Preventing BAS hijacking
Preventing BAS Hijacking • If remote access to a BAS is vulnerable in even one of these areas, it’s susceptible to being hijacked. • By implementing at least three authentication types - password, possession, IP - unauthorized access can be discouraged, but not necessarily stopped entirely for a determined attacker.
Preventing BAS Hijacking • In the case of smart-homes and IoT devices, one has to make sure that all connected devices utilize security that prevents any unauthorized access. • The security of the controlling BAS box, in this case, extends to each and every physical device controlled through the network.
Preventing BAS Hijacking • The concept of a smart home, of top-tier technology that aspires to increase convenience and comfort, becomes one of the most powerful enablers of cyber-terrorism. • Here’s hoping that those companies and individuals implementing BAS into buildings will be working closely with IT departments and security researchers to protect our buildings’ critical support systems.
Preventing BAS Hijacking
Cyber Risk Management for Smart Buildings • Dealing with cyber risks and threats demands a sophisticated and robust approach for smart buildings, which essentially consists of a systematic review and analysis of aspects such as the following: • ICS vulnerabilities • Cost of damage • Scope and magnitude of cyber crimes • Technology initiatives and mitigation methods • A cyber-security management strategy
Cyber Risk Management for Smart Buildings
Scope and Magnitude of Cyber Crimes in Smart Buildings • Cyber crime encompasses a broad range of activities; however, cyber security professionals tend to group criminal activity into categories based on capabilities and impact. • It can be categorized in following 4 groups
Scope and Magnitude of Cyber Crimes in Smart Buildings • Terrorist organizations are considered low- to-moderate in impact and directed mostly for propaganda and recruitment; however, they could potentially launch high-impact attacks in the future.
Terrorist organizations
Scope and Magnitude of Cyber Crimes in Smart Buildings • Hacktivists (e.g., politically motivated groups such as Anonymous and LulzSec) depict a steep upward trend since 2011and are prone to high and low fluctuations as technology changes and as the business, economic, and socio-political landscape changes over time.
Hacktivists
Scope and Magnitude of Cyber Crimes in Smart Buildings • Organized crime (e.g., profit-seeking criminals and criminal organizations) is considered a medium/high threat in terms of capabilities and impact and is primarily focused on data theft and not directed at destroying the host system so as to maintain a lifeline to illicit revenues.
Organized Crime
Scope and Magnitude of Cyber Crimes in Smart Buildings • Espionage (e.g., corporate and government) is considered a high-skilled and high-impact growing threat involving computer and physical network attacks to obtain, destroy, and render critical information unavailable.
Scope and Magnitude of Cyber Crimes in Smart Buildings • Among the 4 categories discussed above, the 2 considered most applicable to smart buildings, with the ability to inflict substantial damage, are espionage and organized crime. • However, the potential of hactivism impacting a smart building cannot be ruled out. • Similarly, depending upon the nature and strategic importance of the building, terrorist- devised cyber threats could be a strong possibility as well
Cyber security Measures Adopted for Smart Buildings • Cyber security solutions currently being offered to the smart buildings industry combines IT and physical security options, in addition to technology deployment approaches that attempt at annomaly detection and reduce vulnerabilities for IT and OT staff.
Cyber security Measures Adopted for Smart Buildings
Cyber security Measures Adopted for Smart Buildings • In reviewing such technology options, it is important to begin by looking at a building’s critical vulnerability areas that gain top consideration.
Technology Initiatives Addressing Cyber-security in Smart Buildings
Cyber Risk Mitigation • The smart buildings industry is currently adopting mitigation methods that are varied and somewhat specific and/or proprietary to every organization. • Upon closer inspection, however, several best practices and commonalities in techniques have emerged from these approaches, which range from simple best practices to more rounded strategies based on life-cycle principles discussed below.
Best Practices for Adoption • Industry experts agree that simple best practices can be applied for protection from cyber attacks. • These best practices include the following steps as examples: • Restricting BAS access to virtual private network (VPN)connections only • Using a Web server-based human machine interface (HMI) because it relies on IT technologies to secure access and restricts ports that need to be opened on a firewall • Segregating the BAS network from the IT backbone using virtual local area network (VLAN)IT technologies to restrict internal attacks/breakdowns
Restricting BAS access to virtual private network
Using a Web server-based human machine interface
Segregating the BAS network from the IT backbone using virtual local area network (VLAN)IT
Best Practices for Adoption • Maintaining password etiquette • Keeping BAS software and firmware up-to date and installing patches on a timely basis • Encrypting the data at rest to protect an organization further, and backing up to a separate system for access during a data breach • Conducting security audits to validate security measures to-help avoid complacency • Educating database users, owners, and operators on the need for, and methodology of cyber security
Maintaining password etiquette
Keeping BAS software and firmware up-to date
Conducting security audits to validate security
Cyber Security
Conclusion • Smart buildings are creating new standards in technology, comforts, efficiency, and operational gains for owners, users, operators, service providers, and the community at large. • The influence of IoT in smart buildings has drastically changed both services and value delivery models; however, IoT has exposed buildings to unprecedented vulnerabilities of cyber space.
IoT has exposed buildings to unprecedented vulnerabilities of cyber space
Conclusion • While still in the early stages, cyber security concerns have the potential to derail an otherwise fast-growing smart buildings industry and its associated markets, primarily because of significant operational and financial loses that all stakeholders will have to sustain in the event of a cyber breach.
Conclusion
Conclusion • Evolving technology, advances in connectivity, and an M2M environment will continue to shape the trajectory of smart buildings, thus raising the need for protection against cyber threats. • According to David Fisk, “If intelligent buildings are the future, then so too are cyber threats to building services.” • The question is not how but when a cyber attack will strike smart buildings. • It would be in the interests of all stakeholders if an appropriate response strategy is put in place without delay, such that cyber threats do not exert a destabilizing impact on the smart buildings industry.
If intelligent buildings are the future, then so too are cyber threats to building services
Terminology • Building Automation • Building automation is the automatic centralized control of a building's heating, ventilation and air conditioning, lighting and other systems through a building management system or building automation system (BAS).
Building Automation
Terminology • Home Automation • Home automation or domotics is building automation for a home, called a smart home or smart house. A home automation system will control lighting, climate, entertainment systems, and appliances. It may also include home security such as access control and alarm systems
Home Automation
Terminology • Internet of Things • The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human- to-human or human-to-computer interaction
Internet of Things
Terminology 5G • 5G is the fifth generation of cellular technology. It is designed to increase speed, reduce latency, and improve flexibility of wireless services. 5G technology has a theoretical peak speed of 20 Gbps, while the peak speed of 4G is only 1 Gbps. • 5G also promises lower latency, which can improve the performance of business applications as well as other digital experiences (such as online gaming, videoconferencing, and self-driving cars).
5G
Terminology • Siegeware • Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities
Siegeware
Terminology • Darknet • Dark Net (or Darknet) is the part of the Internet purposefully not open to public view, or hidden networks whose architecture is superimposed on that of the Internet. • "Darknet" is often associated with the encrypted part of the Internet called Tor network where illicit trading takes place such as the former infamous online drug bazaar called Silk Road. It is also considered part of the deep web
Darknet
Terminology • Electronic Harassment • Electronic harassment, electromagnetic torture, or psychotronic torture is a conspiracy theory that government agents make use of electromagnetic radiation radar, and surveillance techniques to transmit sounds and thoughts into people's heads, affect people's bodies, and harass people. • Individuals who claim to experience this call themselves "targeted individuals" ("TIs") .
Electronic Harassment
Terminology • Black Hat Hackers • Black hat hackers are the stereotypical illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". • Black hat hackers break into secure networks to destroy, modify, or steal data, or to make the networks unusable for authorized network users
Black Hat Hackers
Books The Internet of Risky Things: Trusting the Devices That Surround Us - by Sean W. Smith
The Smart Enough City Putting Technology in Its Place to Reclaim Our Urban Future By Ben Green
Ted Talks • Avi Rubin: All your devices can be hacked • https://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked?utm_c ampaign=tedspread&utm_medium=referral&utm_source=tedcomshare
'Future Crimes,' by Marc Goodman • https://www.ted.com/talks/marc_goodman_a_vision_of_crimes_in_the _future?utm_campaign=tedspread&utm_medium=referral&utm_sour ce=tedcomshare
References • Building Automation & Control Systems An Investigation into Vulnerabilities, Current Practice & Security Management Best Practice • https://www.securityindustry.org/wp-content/uploads/2018/08/BACS-Report_Final- Intelligent-Building-Management-Systems.pdf • Cyber security In Smart Buildings in action Is Not An Option Anymore • https://www.switchautomation.com/wp-content/uploads/2015/12/Cybersecurity-in- Smart-Buildings_-Discussion-Paper.pdf • How Common Are Attacks Through The BAS? • https://www.facilitiesnet.com/buildingautomation/article/How-Common-Are-Attacks- Through-The-BAS---16713 • Siegeware: When criminals take over your smart building • https://www.welivesecurity.com/2019/02/20/siegeware-when-criminals-take-over-your- smart-building/ • What is a smart building? • https://www.rcrwireless.com/20160725/business/smart-building-tag31-tag99 • What is a Building Automation System (BAS)? • https://www.opensourcedworkplace.com/glossary/what-is-a-building-automation- system-bas- • Why cybercriminals are eyeing smart buildings • https://www.welivesecurity.com/2019/06/12/cybercriminals-eyeing-smart-buildings/
Thanks…

Recommended

Intelligent buildings
Intelligent buildingsIntelligent buildings
Intelligent buildingsAbhishek kumar maurya
 
CCTV Control Room Design Suggestions
CCTV Control Room Design SuggestionsCCTV Control Room Design Suggestions
CCTV Control Room Design Suggestionsvictoriamorgan1122
 
Summary of smart building
Summary of smart buildingSummary of smart building
Summary of smart buildingBayu imadul Bilad
 
smart Architecture - contemporary architecture
smart Architecture - contemporary architecturesmart Architecture - contemporary architecture
smart Architecture - contemporary architectureUniversity of Jordan
 
INTELLIGENT BUILDING FACADES
INTELLIGENT BUILDING FACADES INTELLIGENT BUILDING FACADES
INTELLIGENT BUILDING FACADESHamzah Meraj, Faculty of Architecture, Jamia Millia Islamia, New delhi
 
Intelligent building ppt
Intelligent building pptIntelligent building ppt
Intelligent building pptBeing Deepak
 
Intelligent Buildings
Intelligent BuildingsIntelligent Buildings
Intelligent BuildingsSustainable Resources Management
 
Smart buildings
Smart buildingsSmart buildings
Smart buildingsSiva Venkatesh Anand Selvarajan
 

Recommended

Intelligent buildings
Intelligent buildingsIntelligent buildings
Intelligent buildingsAbhishek kumar maurya
 
CCTV Control Room Design Suggestions
CCTV Control Room Design SuggestionsCCTV Control Room Design Suggestions
CCTV Control Room Design Suggestionsvictoriamorgan1122
 
Summary of smart building
Summary of smart buildingSummary of smart building
Summary of smart buildingBayu imadul Bilad
 
smart Architecture - contemporary architecture
smart Architecture - contemporary architecturesmart Architecture - contemporary architecture
smart Architecture - contemporary architectureUniversity of Jordan
 
INTELLIGENT BUILDING FACADES
INTELLIGENT BUILDING FACADES INTELLIGENT BUILDING FACADES
INTELLIGENT BUILDING FACADESHamzah Meraj, Faculty of Architecture, Jamia Millia Islamia, New delhi
 
Intelligent building ppt
Intelligent building pptIntelligent building ppt
Intelligent building pptBeing Deepak
 
Intelligent Buildings
Intelligent BuildingsIntelligent Buildings
Intelligent BuildingsSustainable Resources Management
 
Smart buildings
Smart buildingsSmart buildings
Smart buildingsSiva Venkatesh Anand Selvarajan
 
Building automation
Building automationBuilding automation
Building automationKetan Nayak
 
Intelligent building (Link in Description for Download)
Intelligent building (Link in Description for Download)Intelligent building (Link in Description for Download)
Intelligent building (Link in Description for Download)Dimple Poddar
 
Intelligent building
Intelligent buildingIntelligent building
Intelligent buildingKhyati Saggu
 
Examples of intelligent buildings
Examples of intelligent buildingsExamples of intelligent buildings
Examples of intelligent buildingsRajat Nainwal
 
Intelligent building system
Intelligent building systemIntelligent building system
Intelligent building systemSaifullah Memon
 
Smart Buildings
Smart BuildingsSmart Buildings
Smart BuildingsMohit Kumar
 
Smart buildings powerpoint, the future of sustainability. Building services
Smart buildings powerpoint, the future of sustainability. Building services Smart buildings powerpoint, the future of sustainability. Building services
Smart buildings powerpoint, the future of sustainability. Building services PatricNgotho
 
Intelligent Buildings standards
Intelligent Buildings standardsIntelligent Buildings standards
Intelligent Buildings standardsMahmmoud Krraz
 
Intelligent building
Intelligent buildingIntelligent building
Intelligent buildingMohammad Zaryab
 
Intelligent buildings power point presentation
Intelligent buildings power point presentationIntelligent buildings power point presentation
Intelligent buildings power point presentationila vamsi krishna
 
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1Grace Henry
 
A case study of intelligent buildings
A case study of intelligent buildingsA case study of intelligent buildings
A case study of intelligent buildingsRajat Nainwal
 
Control room ( Advance Services )
Control room ( Advance Services ) Control room ( Advance Services )
Control room ( Advance Services ) Divyanshu Prakash
 
Smart building Requirements
Smart building RequirementsSmart building Requirements
Smart building RequirementsIndrajeet Kumar
 
Building Management Services
Building Management Services Building Management Services
Building Management Services Aroh Thombre
 
Intelligent building
Intelligent buildingIntelligent building
Intelligent buildingMohammad Zaryab
 
Intelligent building library study
Intelligent building library studyIntelligent building library study
Intelligent building library studyArchistudent Portal
 
Defects in buildings
Defects in buildings Defects in buildings
Defects in buildings Pragya Chattree
 
PRECAST BUILDING SYSTEM
PRECAST BUILDING SYSTEMPRECAST BUILDING SYSTEM
PRECAST BUILDING SYSTEMSagar Shah
 
Smart building
Smart buildingSmart building
Smart buildingPrajwal Aradhya S
 
intelligentbuilding.pptx
intelligentbuilding.pptxintelligentbuilding.pptx
intelligentbuilding.pptxDeeshaKhamar1
 
Cybersmart_buildings_securing your investment in connectivity and automation
Cybersmart_buildings_securing your investment in connectivity and automationCybersmart_buildings_securing your investment in connectivity and automation
Cybersmart_buildings_securing your investment in connectivity and automationIron Mountain
 

More Related Content

What's hot

Building automation
Building automationBuilding automation
Building automationKetan Nayak
 
Intelligent building (Link in Description for Download)
Intelligent building (Link in Description for Download)Intelligent building (Link in Description for Download)
Intelligent building (Link in Description for Download)Dimple Poddar
 
Intelligent building
Intelligent buildingIntelligent building
Intelligent buildingKhyati Saggu
 
Examples of intelligent buildings
Examples of intelligent buildingsExamples of intelligent buildings
Examples of intelligent buildingsRajat Nainwal
 
Intelligent building system
Intelligent building systemIntelligent building system
Intelligent building systemSaifullah Memon
 
Smart buildings powerpoint, the future of sustainability. Building services
Smart buildings powerpoint, the future of sustainability. Building services Smart buildings powerpoint, the future of sustainability. Building services
Smart buildings powerpoint, the future of sustainability. Building services PatricNgotho
 
Intelligent Buildings standards
Intelligent Buildings standardsIntelligent Buildings standards
Intelligent Buildings standardsMahmmoud Krraz
 
Intelligent buildings power point presentation
Intelligent buildings power point presentationIntelligent buildings power point presentation
Intelligent buildings power point presentationila vamsi krishna
 
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1Grace Henry
 
A case study of intelligent buildings
A case study of intelligent buildingsA case study of intelligent buildings
A case study of intelligent buildingsRajat Nainwal
 
Control room ( Advance Services )
Control room ( Advance Services ) Control room ( Advance Services )
Control room ( Advance Services ) Divyanshu Prakash
 
Smart building Requirements
Smart building RequirementsSmart building Requirements
Smart building RequirementsIndrajeet Kumar
 
Building Management Services
Building Management Services Building Management Services
Building Management Services Aroh Thombre
 
Intelligent building library study
Intelligent building library studyIntelligent building library study
Intelligent building library studyArchistudent Portal
 
PRECAST BUILDING SYSTEM
PRECAST BUILDING SYSTEMPRECAST BUILDING SYSTEM
PRECAST BUILDING SYSTEMSagar Shah
 

What's hot (20)

Building automation
Building automationBuilding automation
Building automation
 
Intelligent building (Link in Description for Download)
Intelligent building (Link in Description for Download)Intelligent building (Link in Description for Download)
Intelligent building (Link in Description for Download)
 
Intelligent building
Intelligent buildingIntelligent building
Intelligent building
 
Examples of intelligent buildings
Examples of intelligent buildingsExamples of intelligent buildings
Examples of intelligent buildings
 
Intelligent building system
Intelligent building systemIntelligent building system
Intelligent building system
 
Smart Buildings
Smart BuildingsSmart Buildings
Smart Buildings
 
Smart buildings powerpoint, the future of sustainability. Building services
Smart buildings powerpoint, the future of sustainability. Building services Smart buildings powerpoint, the future of sustainability. Building services
Smart buildings powerpoint, the future of sustainability. Building services
 
Intelligent Buildings standards
Intelligent Buildings standardsIntelligent Buildings standards
Intelligent Buildings standards
 
Intelligent building
Intelligent buildingIntelligent building
Intelligent building
 
Intelligent buildings power point presentation
Intelligent buildings power point presentationIntelligent buildings power point presentation
Intelligent buildings power point presentation
 
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1
Intelligent Building- Burj Khalifa and Advantech Linkou Campus Phase 1
 
A case study of intelligent buildings
A case study of intelligent buildingsA case study of intelligent buildings
A case study of intelligent buildings
 
Control room ( Advance Services )
Control room ( Advance Services ) Control room ( Advance Services )
Control room ( Advance Services )
 
Smart building Requirements
Smart building RequirementsSmart building Requirements
Smart building Requirements
 
Building Management Services
Building Management Services Building Management Services
Building Management Services
 
Intelligent building
Intelligent buildingIntelligent building
Intelligent building
 
Intelligent building library study
Intelligent building library studyIntelligent building library study
Intelligent building library study
 
Defects in buildings
Defects in buildings Defects in buildings
Defects in buildings
 
PRECAST BUILDING SYSTEM
PRECAST BUILDING SYSTEMPRECAST BUILDING SYSTEM
PRECAST BUILDING SYSTEM
 
Smart building
Smart buildingSmart building
Smart building
 

Similar to Cyber Security in Smart Buildings

intelligentbuilding.pptx
intelligentbuilding.pptxintelligentbuilding.pptx
intelligentbuilding.pptxDeeshaKhamar1
 
Cybersmart_buildings_securing your investment in connectivity and automation
Cybersmart_buildings_securing your investment in connectivity and automationCybersmart_buildings_securing your investment in connectivity and automation
Cybersmart_buildings_securing your investment in connectivity and automationIron Mountain
 
Be wp cybersmart_buildings (1)
Be wp cybersmart_buildings (1)Be wp cybersmart_buildings (1)
Be wp cybersmart_buildings (1)JeremyGarcia46
 
Be wp cybersmart_buildings
Be wp cybersmart_buildingsBe wp cybersmart_buildings
Be wp cybersmart_buildingsJeremyGarcia46
 
VET4SBO Level 1 module 3 - unit 3 - v0.9 en
VET4SBO Level 1 module 3 - unit 3 - v0.9 enVET4SBO Level 1 module 3 - unit 3 - v0.9 en
VET4SBO Level 1 module 3 - unit 3 - v0.9 enKarel Van Isacker
 
IOT in Hospitality Industry.pdf
IOT in Hospitality Industry.pdfIOT in Hospitality Industry.pdf
IOT in Hospitality Industry.pdfnikki123239
 
intelligent architecture - contemporary architecture
intelligent architecture - contemporary architectureintelligent architecture - contemporary architecture
intelligent architecture - contemporary architectureUniversity of Jordan
 
Axenttech Property
Axenttech PropertyAxenttech Property
Axenttech Propertygladwynlewis
 
VET4SBO Level 1 module 2 - unit 4 - v1.0 en
VET4SBO Level 1 module 2 - unit 4 - v1.0 enVET4SBO Level 1 module 2 - unit 4 - v1.0 en
VET4SBO Level 1 module 2 - unit 4 - v1.0 enKarel Van Isacker
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart buildingDuncan Purves
 
VET4SBO Level 1 module 4 - unit 1 - v0.9 en
VET4SBO Level 1 module 4 - unit 1 - v0.9 enVET4SBO Level 1 module 4 - unit 1 - v0.9 en
VET4SBO Level 1 module 4 - unit 1 - v0.9 enKarel Van Isacker
 
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATIONIBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATIONIRJET Journal
 
IoT applications and use cases part-2
IoT applications and use cases part-2IoT applications and use cases part-2
IoT applications and use cases part-2Divya Tiwari
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution briefNozomi Networks
 
IoT in Civil Engineering_ICE_Unit4.pdf
IoT in Civil Engineering_ICE_Unit4.pdfIoT in Civil Engineering_ICE_Unit4.pdf
IoT in Civil Engineering_ICE_Unit4.pdfAndreaTreezaFernande
 
IoT-Introduction.pptx
IoT-Introduction.pptxIoT-Introduction.pptx
IoT-Introduction.pptxImpanaR2
 

Similar to Cyber Security in Smart Buildings (20)

intelligentbuilding.pptx
intelligentbuilding.pptxintelligentbuilding.pptx
intelligentbuilding.pptx
 
Cybersmart_buildings_securing your investment in connectivity and automation
Cybersmart_buildings_securing your investment in connectivity and automationCybersmart_buildings_securing your investment in connectivity and automation
Cybersmart_buildings_securing your investment in connectivity and automation
 
Be wp cybersmart_buildings (1)
Be wp cybersmart_buildings (1)Be wp cybersmart_buildings (1)
Be wp cybersmart_buildings (1)
 
Be wp cybersmart_buildings
Be wp cybersmart_buildingsBe wp cybersmart_buildings
Be wp cybersmart_buildings
 
Module-1.pptx
Module-1.pptxModule-1.pptx
Module-1.pptx
 
Module I.ppt
Module I.pptModule I.ppt
Module I.ppt
 
VET4SBO Level 1 module 3 - unit 3 - v0.9 en
VET4SBO Level 1 module 3 - unit 3 - v0.9 enVET4SBO Level 1 module 3 - unit 3 - v0.9 en
VET4SBO Level 1 module 3 - unit 3 - v0.9 en
 
IOT in Hospitality Industry.pdf
IOT in Hospitality Industry.pdfIOT in Hospitality Industry.pdf
IOT in Hospitality Industry.pdf
 
intelligent architecture - contemporary architecture
intelligent architecture - contemporary architectureintelligent architecture - contemporary architecture
intelligent architecture - contemporary architecture
 
Axenttech Property
Axenttech PropertyAxenttech Property
Axenttech Property
 
VET4SBO Level 1 module 2 - unit 4 - v1.0 en
VET4SBO Level 1 module 2 - unit 4 - v1.0 enVET4SBO Level 1 module 2 - unit 4 - v1.0 en
VET4SBO Level 1 module 2 - unit 4 - v1.0 en
 
Can you trust your smart building
Can you trust your smart buildingCan you trust your smart building
Can you trust your smart building
 
VET4SBO Level 1 module 4 - unit 1 - v0.9 en
VET4SBO Level 1 module 4 - unit 1 - v0.9 enVET4SBO Level 1 module 4 - unit 1 - v0.9 en
VET4SBO Level 1 module 4 - unit 1 - v0.9 en
 
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATIONIBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
IBMS IN HIGH RISE BUILDINGS (HVAC AND LIGHTING) COST OPTIMIZATION
 
IoT applications and use cases part-2
IoT applications and use cases part-2IoT applications and use cases part-2
IoT applications and use cases part-2
 
Managed services
Managed servicesManaged services
Managed services
 
Nozomi networks-solution brief
Nozomi networks-solution briefNozomi networks-solution brief
Nozomi networks-solution brief
 
IOT-BASICS.pptx
IOT-BASICS.pptxIOT-BASICS.pptx
IOT-BASICS.pptx
 
IoT in Civil Engineering_ICE_Unit4.pdf
IoT in Civil Engineering_ICE_Unit4.pdfIoT in Civil Engineering_ICE_Unit4.pdf
IoT in Civil Engineering_ICE_Unit4.pdf
 
IoT-Introduction.pptx
IoT-Introduction.pptxIoT-Introduction.pptx
IoT-Introduction.pptx
 

More from GAURAV. H .TANDON

Suicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningSuicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningGAURAV. H .TANDON
 
Suicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningSuicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningGAURAV. H .TANDON
 
Digital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesDigital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesGAURAV. H .TANDON
 
Digital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesDigital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesGAURAV. H .TANDON
 
Crash for Cash-Organized Crime (COC).pptx
Crash for Cash-Organized Crime (COC).pptxCrash for Cash-Organized Crime (COC).pptx
Crash for Cash-Organized Crime (COC).pptxGAURAV. H .TANDON
 
Ecological Footprint (1).pptx
Ecological Footprint (1).pptxEcological Footprint (1).pptx
Ecological Footprint (1).pptxGAURAV. H .TANDON
 
The unethical practice of gift giving to doctors by pharma companies
The unethical practice of gift giving to doctors by pharma companiesThe unethical practice of gift giving to doctors by pharma companies
The unethical practice of gift giving to doctors by pharma companiesGAURAV. H .TANDON
 
Gamification of Smart Cities
Gamification of Smart Cities Gamification of Smart Cities
Gamification of Smart Cities GAURAV. H .TANDON
 
Collusion and Fraud Detection on Electronic Energy Meters
Collusion and Fraud Detection on Electronic Energy Meters Collusion and Fraud Detection on Electronic Energy Meters
Collusion and Fraud Detection on Electronic Energy Meters GAURAV. H .TANDON
 

More from GAURAV. H .TANDON (20)

Suicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningSuicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City Planning
 
Suicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City PlanningSuicide Prevention through Architecture (Building) and City Planning
Suicide Prevention through Architecture (Building) and City Planning
 
Digital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesDigital Detoxing in Smart Cities
Digital Detoxing in Smart Cities
 
Digital Detoxing in Smart Cities
Digital Detoxing in Smart CitiesDigital Detoxing in Smart Cities
Digital Detoxing in Smart Cities
 
Premerital Sceening .pptx
Premerital Sceening .pptxPremerital Sceening .pptx
Premerital Sceening .pptx
 
Polymath(Renaissance man)
Polymath(Renaissance man)Polymath(Renaissance man)
Polymath(Renaissance man)
 
Crash for Cash-Organized Crime (COC).pptx
Crash for Cash-Organized Crime (COC).pptxCrash for Cash-Organized Crime (COC).pptx
Crash for Cash-Organized Crime (COC).pptx
 
Voting Age .pptx
Voting Age .pptxVoting Age .pptx
Voting Age .pptx
 
Ecological Footprint (1).pptx
Ecological Footprint (1).pptxEcological Footprint (1).pptx
Ecological Footprint (1).pptx
 
Urban Heat Island Effect
Urban Heat Island EffectUrban Heat Island Effect
Urban Heat Island Effect
 
Communication Skills
Communication SkillsCommunication Skills
Communication Skills
 
The unethical practice of gift giving to doctors by pharma companies
The unethical practice of gift giving to doctors by pharma companiesThe unethical practice of gift giving to doctors by pharma companies
The unethical practice of gift giving to doctors by pharma companies
 
Compassionate Cities
Compassionate CitiesCompassionate Cities
Compassionate Cities
 
Gamification of Smart Cities
Gamification of Smart Cities Gamification of Smart Cities
Gamification of Smart Cities
 
Anti-Microbial Copper
Anti-Microbial Copper Anti-Microbial Copper
Anti-Microbial Copper
 
Smart Forest City
Smart Forest City Smart Forest City
Smart Forest City
 
Smart forest cities
Smart forest cities Smart forest cities
Smart forest cities
 
Automotive Hacking
Automotive Hacking Automotive Hacking
Automotive Hacking
 
Collusion and Fraud Detection on Electronic Energy Meters
Collusion and Fraud Detection on Electronic Energy Meters Collusion and Fraud Detection on Electronic Energy Meters
Collusion and Fraud Detection on Electronic Energy Meters
 
Internet Addiction
Internet Addiction Internet Addiction
Internet Addiction
 

Recently uploaded

APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...ranjana rawat
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...RajaP95
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxupamatechverse
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 

Recently uploaded (20)

9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
9953056974 Call Girls In South Ex, Escorts (Delhi) NCR.pdf
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
(TARA) Talegaon Dabhade Call Girls Just Call 7001035870 [ Cash on Delivery ] ...
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCRCall Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
Call Us -/9953056974- Call Girls In Vikaspuri-/- Delhi NCR
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
IMPLICATIONS OF THE ABOVE HOLISTIC UNDERSTANDING OF HARMONY ON PROFESSIONAL E...
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Introduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptxIntroduction to Multiple Access Protocol.pptx
Introduction to Multiple Access Protocol.pptx
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 

Cyber Security in Smart Buildings

  • 1. Cyber-Security In Smart Buildings Siegeware: When Criminals Take Over Your Smart Building
  • 2. Smart Building • A smart building is any structure that uses automated processes to automatically control the building’s operations including heating, ventilation, air conditioning, lighting, security and other systems.
  • 4. Smart Building • A smart building uses sensors, actuators and microchips, in order to collect data and manage it according to a business’ functions and services. • This infrastructure helps owners, operators and facility managers improve asset reliability and performance, which reduces energy use, optimizes how space is used and minimizes the environmental impact of buildings.
  • 6. Smart Building • At the most fundamental level, smart buildings make occupants more productive with lighting, thermal comfort, air quality, physical security, sanitation and more at lower costs and environmental impact than buildings that are not connected.
  • 8. Smart Building • Smart office buildings, health care facilities, hospitals, educational facilities, stadiums and many other types of smart buildings exist around the world. • Navigant Research estimates that the smart building technology market will generate global revenue of $8.5 billion in 2020, up from $4.7 billion in 2016, growing at a compound annual growth rate of 15.9% over the forecast period.
  • 10. The Creation of a Smart Building • Making a smart building, or making a building smart, begins by linking core systems such as lighting, power meters, water meters, pumps, heating, fire alarms and chiller plants with sensors and control systems. • At a more advanced stage, even elevators, access systems and shading can become part of the system.
  • 11. The Creation of a Smart Building
  • 12. The Creation of a Smart Building • There is no single set of standards that makes up what a smart building is, but what they all have in common is integration. • Many new building have “smart” technology, and are connected and responsive to a smart power grid. • You don’t even need to move offices or create a new building to work in a smart building. • Building automation systems like those from Honeywell or Johnson Controls exist so property owners can take advantage of the power available in older structures.
  • 13. The Creation of a Smart Building
  • 14. The Creation of a Smart Building
  • 15. The benefits • Creating or transforming a building into a smart building is beneficial for both the owner and the organizations working within. • These benefits range from energy savings to productivity gains to sustainability. • Smart building strategies can reduce energy costs, increase the productivity of the facility staff, improve building operations, support sustainability efforts and enhance decision- making across the organization.
  • 17. The Benefits • One example of energy efficiency is the use of optimal start/stop, which allows the building automation system to learn when it should bring the air conditioning system online for a particular zone in the building. • Another feature is electrical loads that are grouped into categories from critical to high priority to non-essential.
  • 19. The Benefits • “When the building load is rising and approaching the high limit setting, the nonessential loads are turned off in their subgroup order, followed by the high- priority loads”
  • 21. Cyber-Security Vulnerabilities in Smart Buildings • Today’s smart buildings are increasingly enabled by Internet of Things (IoT) and made functional by the ongoing convergence of Operational Technology (OT) systems and Information Technology (IT) systems in buildings. • A host of new elements such as the cloud, remote access, data sharing and analytics, and connected and shared networks has fundamentally changed how built environments are being used and operated.
  • 24. Cyber-Security Vulnerabilities in Smart Buildings • However, buildings are exposed to a new threat that has been downplayed and undervalued for a long time. • After witnessing a recent slew of security breaches, stake holders of the smart buildings industry are recognizing the potential damaging impact cyber threats pose for the industry and its related businesses.
  • 26. Defining Smart Buildings And Cyber-Security • Smart Building can be defined as one that uses both technology and processes to create an environment that is safe, healthy, and comfortable and enables productivity and well-being for its occupants.
  • 27. Defining Smart Buildings And Cyber-Security
  • 28. Defining Smart Buildings And Cyber- Security • A smart building is characterized by active IT-aided intelligence, smart sensors and controls for seamless operation, real-time dissemination of operational information for predictive analytics, and diagnostics to facilitate better management, maintenance, and optimization over time.
  • 29. Defining Smart Buildings And Cyber-Security • Cyber security in the context of a smart building is defined as the quantum of technologies, processes, and practices designed to protect from unauthorized access all building systems and networks, including front-end physical and IT systems within the building, accessories and field-level devices, data and application platforms, and data aggregation systems such as all localized and remote systems that help in operating and maintaining a smart building.
  • 30. Cyber Risks in Smart Buildings • Technology Progression • The building automation system (BAS) or a building operating system (BOS) has moved considerably from the physical realm to one with IT enabling all aspects of its functioning. Furthermore, there is now a new generation of connected and intelligent buildings powered by IoT.
  • 31. The Integrated Building Network • The integrated network of a smart building is where the true benefits of a smart and converged infrastructure are realized by building owners and operators; however, this is also the point where extreme exposure to security vulnerabilities are manifest.
  • 32. Security Vulnerabilities of a Smart Building’s Integrated Network
  • 33. Security Vulnerabilities of a Smart Building’s Integrated Network • The integration portion of a smart building’s software is subject to extreme vulnerabilities, in which the BAS is connected to virtually any other aspect of the building, and from which a skilled hacker could access nearly any system in a corporate network.
  • 34. Security Vulnerabilities of a Smart Building’s Integrated Network
  • 35. IoT and Cyber Risks • Activities centering on IoT are delivering increasingly unique advantages and novel challenges. • The advantages include real-time access, vast data generation and analytics, and interconnectivity of systems and devices. • These advantages by themselves, however, offer little value unless the crucial decision to share the data and networks is simultaneously taken, thus permitting access to multiple service providers to tap into a smart building’s various systems and devices.
  • 36. IoT and Cyber Risks
  • 37. IoT and Cyber Risks • This access implies potential security breaches that could render a smart building, its occupants, and service providers powerless over an adversary’s damaging actions to corrupt networks, misuse critical information, and cause significant operational and financial loss.
  • 38. IoT-influenced Cyber Risk Areas in a Smart Building
  • 39. Impact of Cyber Threats to BAS/BOS Infrastructure
  • 40. Why cyber criminals are targeting smart buildings ? • In countries like the United States, the growth of smart buildings is estimated to reach 16.6% by 2020 compared to 2014, although this expansion is not limited to the US but rather is taking place on a global scale. • This growth is largely due to the fact we live in a world increasingly permeated by technology, in which process automation and the search for energy efficiency contribute not only to sustainability, but also to cost reduction
  • 41. Why cyber criminals are targeting smart buildings ? • Smart buildings use technology to control a wide range of variables within their respective environments with the aim of providing more comfort and contributing to the health and productivity of the people inside them. • To do so, they use so-called Building Automation Systems (BAS).
  • 43. Why cyber criminals are targeting smart buildings ? • With the arrival of the Internet of Things (IoT), smart buildings have redefined themselves. • With the information they obtain from smart sensors, their technological equipment is used to analyse, predict, diagnose and maintain the various environments within them, as well as to automate processes and monitor numerous operational variables in real time. • Ambient temperature, lighting, security cameras, elevators, parking and water management are just some of the automatable services currently supported by the technology.
  • 45. Why cyber criminals are targeting smart buildings ?
  • 46. Why cyber criminals are targeting smart buildings ? • To put the possibilities of this smart infrastructure into perspective, is the example of a smart building in Las Vegas where, two years ago, they decided to install a sophisticated automation system to control the use of the air conditioning (keeping in mind Las Vegas has a hot desert climate and very little rain), so it is turned on only when there are people present. • This decision led to a saving of US$2m during the first year after the smart system was installed, due to the reduction in energy consumption achieved by automating the process. • Marriott Hotels implemented a similar system across the entire chain that is expected to generate an estimated US$9.9 m in energy savings.
  • 47. Marriott Hotels implemented a BAS system across the entire chain that is expected to generate an estimated US$9.9 m in energy savings
  • 48. Possibility of a smart building being attacked • The risk of a security incident taking place in an intelligent building is linked to the motivations of cyber criminals, who mainly seek to achieve economic gain through their actions, as well as to impact and spread fear. • There are already some tools such as Shodan that allow anybody to discover vulnerable and/or unsecured IoT devices connected publicly to the internet. • If you run a search using the tool, you can find thousands of building automation systems in its lists, complete with information that could be used by an attacker to compromise a device.
  • 49. Tools Such As Shodan That Allow Anybody To Discover Vulnerable And/Or Unsecured Iot Devices Connected Publicly To The Internet
  • 50. Possibility of a smart building being attacked • Smart homes and buildings are a new battlefield for hackers and security experts • Most people wouldn’t consider their heating, ventilation, and air conditioning (HVAC) system as a prized target for cyber criminals. After all, a successful hacking attempt could go as far as making us uncomfortable for a few minutes until we fix the problem.
  • 51. Smart homes and buildings are a new battlefield for hackers and security experts
  • 52. Possibility of a smart building being attacked • This wishful thinking, however, is what hackers are counting on. As we deploy a growing number of connected devices such as smart HVACs, intelligent cameras, and smart doorbells in our homes and offices, the complexity of the Internet of Things (IoT) ecosystem increases.
  • 53. Possibility of a smart building being attacked
  • 54. Possibility of a smart building being attacked • Gartner, a research and advisory company, predicts that 25 billion connected devices will be in use by 2021. • And many of these IoT devices will interact with each other through house automation servers like FHEM (Freundliche Hausautomatisierung und Energie- Messung) and Home Assistant, making our lives more comfortable, but less secure.
  • 55. Possibility of a smart building being attacked
  • 56. Possibility of a smart building being attacked
  • 57. Possibility of a smart building being attacked • Sure, having tech that automatically turns on the air conditioner and lights as people enter the room is convenient, but building automation systems (BAS) that integrate connected ‘things’ are often inadequately secured and configured.
  • 58. Possibility of a smart building being attacked
  • 59. Possibility of a smart building being attacked • Hackers easily breach them by, for instance, finding a weak spot in an unprotected web login page of a fire detection system. • Once inside, hackers move to take over other parts of the BAS as well and can shut down the alarm or heating systems and demand ransom payment. • This threat, also known as ‘siegeware’, is growing in severity, and many companies and individuals have already fallen victim to these attacks.
  • 60. Hackers easily breach a weak spot in an unprotected web login page of a fire detection system
  • 62. Scope of The ‘Siegeware’ Threat • According to ForeScout, a cyber-security firm, the number of vulnerabilities in automation systems is constantly increasing. • Hospitals and schools are particularly unprotected from cyber-attacks, and they operate as much as 8,000 highly vulnerable devices. And taking full control of these devices can have major consequences.
  • 64. Scope of The ‘Siegeware’ Threat • ForeScout explains that control over smart devices can eventually provide hackers with access to private financial files and information stored in data centres. • Also, they can listen to conversations, review camera streams, delete files, reprogram automation rules, distribute malware, and provide unauthorised individuals with physical access to the building.
  • 65. Scope of The ‘Siegeware’ Threat
  • 66. Scope of The ‘Siegeware’ Threat • And although many of the vulnerabilities that hackers exploit are well known, only about half of them in industrial and IoT systems have been patched. • What’s worse, even hackers with limited resources can develop effective malware and hack smart buildings.
  • 67. Creating powerful malware isn’t as expensive as it may seem • For instance, it took ForeScout only $12,000 to develop proof-of-concept malware to show how easy it is to hack a smart building. • In that process, the security experts first spent some time analysing various automation systems and looking for weak spots.
  • 68. Scope of The ‘Siegeware’ Threat
  • 69. A hacker hijacked Nest devices in a family home • Arjun and Jessica Sud from Lake Barrington, a village in the US state of Illinois, certainly agree with ForeScout, as they were victims of a malicious cyber criminal. • He hacked their Nest cameras, speakers, and thermostat, and, at first, talked to their 7- month-old baby. • As Arjun grabbed the kid and went downstairs, he noted that the temperature, which was usually set to around 22°C, was turned up to 32°C.
  • 70. Nest camera hacked: Hacker spoke to baby, hurled obscenities
  • 71. Family Was Watched Through Nest Security Cameras • https://youtu.be/qrgn8zHpGfs • https://sagaciousnewsnetwork.com/family-was- watched-through-nest-security-cameras
  • 72. A hacker hijacked Nest devices in a family home • A deep male voice then yelled at him through the speaker in a security camera, using racial insults and cursing. • And as soon as the voice stopped screaming, Arjun and Jessica unplugged 17 Nest devices worth $4,000 and returned them to Google’s company.
  • 73. A hacker hijacked Nest devices in a family home
  • 74. Exfiltrating data through a fish tank and modem routers • But despite all the security measures in place, creative hackers are sometimes able to overcome any obstacle. • In Las Vegas, for instance, they hacked a casino through a high-tech fish tank that was connected to the internet. • The malware extracted ten gigabytes of data and transferred it to a remote server in Finland.
  • 75. Ex-filtrating data through a fish tank and modem routers
  • 76. Exfiltrating data through a fish tank and modem routers • The full scope of the breach was spotted only after the staff called in experts from Darktrace, a cyber-defence company, to analyse suspicious activity. • Darktrace says that “this was a clear case of data exfiltration but far more subtle than typical attempts at data theft.” • This, however, isn’t the only way hackers exploit the vulnerabilities of connected ecosystems.
  • 78. Exfiltrating data through a fish tank and modem routers • In one such example, cyber criminals hijacked DLink DSL modem routers and redirected all users that wanted to visit the website of Banco de Brasil to a fake website. • The attack was highly sophisticated in the sense that the hijacking succeeded without editing URLs in the victim’s browser. Also, the malicious code works on both Apple and Android phones and tablets. • The victims then enter their username and password, believing they’re accessing online banking accounts, while in reality, they’re delivering sensitive data to hackers.
  • 79. Cyber Criminals Hijacked Dlink DSL Modem Routers
  • 80. Cyber Criminals Hijacked Dlink DSL Modem Routers And Redirected All Users That Wanted To Visit The Website Of Banco De Brasil To A Fake Website.
  • 81. Google Hacked By Its Own Employee • Even big tech companies aren’t immune to security flaws in IoT devices. • Google’s engineer David Tomaschik, for example, found a way to control smart locks used in the company’s Sunnyvale offices by replicating the encryption key and forging commands in the office controller software made by the tech firm Software House. • Even without the required RFID keycard, Tomaschik managed to open or lock the door and prevent people from entering the facility. And he could do all of this without leaving any digital traces behind.
  • 82. Google Hacked By Its Own Employee
  • 83. Hospital data breach left 1.5 million patients exposed • Meanwhile, cyber criminals stole the personal data of 1.5 million patients in Singapore, including their names, gender, identity card numbers, and addresses. • They stole even the prescription data of Prime Minister Lee Hsien Loong.
  • 84. Hospital data breach left 1.5 million patients exposed
  • 85. Hospital data breach left 1.5 million patients exposed • The attack took place between 27 June and 4 July 2018, as the hackers breached the network of Sing Health, Singapore’s largest group of healthcare institutions. • Luckily, records such as diagnoses or test results weren’t tampered with, but the authorities paused many of the country’s Smart Nation initiatives because of the attack.
  • 86. Hackers stole personal, medication data
  • 87. Hospital data breach left 1.5 million patients exposed • And many people fear that hackers could misuse their identities, as ID numbers are crucial for accessing various government services in Singapore. • Leonard Kleinman, the senior director of IT Security for the Australian Tax Office and cyber security advisor to the security company RSA, says that “such data can fetch a high price”. In 2017, a stolen or lost healthcare record was worth as much as $408 on the Dark Web.
  • 88. Hospital data breach left 1.5 million patients exposed
  • 89. Siegeware and BAS attacks, an emerging threat • As technological solutions to cybercrime become increasingly advanced, able to preempt attacks and weed out vulnerabilities before they’re widely known, attackers also become more adept at cloaking their presence and concealing their intent.
  • 90. Siegeware and BAS attacks, an emerging threat
  • 91. Siegeware and BAS attacks, an emerging threat • The targets of attacks also change with the times. • Hacking websites and bank accounts is old- hat, some of the most threatening dangers to the most modernized companies and even citizens are those that target technology that doesn’t yet have the robust security systems, or even standards, in place.
  • 92. Siegeware and BAS attacks, an emerging threat
  • 93. Siegeware and BAS attacks, an emerging threat • It’s sad, but well known that the average consumer doesn’t spend a lot of time worrying about whether the firmware on their IoT devices is up-to-date, leaving millions of devices around the world critically vulnerable to attack.
  • 94. Siegeware and BAS attacks, an emerging threat • However, you would be forgiven for assuming that companies implementing centralized control of a building’s life support functions such as HVAC, fire security, doors and windows, etc. along with more convenience focused building automation systems, would prioritize cyber security. • This is not always the case, and can lead to a potentially disastrous situation for the homes and organizations that implement Building Automation Systems (BAS) and the companies that manufacture, install, and maintain them.
  • 95. Siegeware and BAS attacks, an emerging threat
  • 96. Siegeware and BAS attacks • When attackers combine ransom ware with BAS vulnerabilities, we get Siegeware. • The attacker takes control of a building and shuts down critical operations such as heating, cooling, alarm systems, and even physical access, and will only rescind control once a ransom has been paid.
  • 97. When attackers combine ransom ware with BAS vulnerabilities, we get Siegeware
  • 98. Siegeware and BAS attacks • Gaining access to the BAS means the attacker becomes the digital overlord of the building. By controlling the automated system that governs the functionality of the building, they control the building itself. • They can turn off ventilation, heating, fire suppression systems, and potentially extend influence to other digital functionality of the building.
  • 99. Siegeware and BAS attacks
  • 100. The hacker can access seven systems remotely once he hijacks the BAS: • Lighting control systems • Fire detection and alarm systems • Automated fire suppression systems • Integrated security and access control systems • Heating, ventilation, and Air conditioning • Power management and assurance systems • Command and control systems • The consequences of losing control of these systems may range from discomfort to potentially life-threatening situations.
  • 101. The hacker can access seven systems remotely once he hijacks the BAS
  • 102. An Emerging Threat • Siegeware is quickly becoming one of the most dangerous and effective methods of cyber-attack. • Many companies have already fallen victim to these attacks, and those that haven’t given in to the ransom demands have faced highly disrupted operations as a result.
  • 103. Siegeware is quickly becoming one of the most dangerous and effective methods of cyber-attack
  • 104. An Emerging Threat • BAS allows a single command center to control and automate all connected systems in a building so that a high level of comfort can be achieved efficiently. • But vulnerabilities exist in any connected system, and when the network is compromised the prospect of physical danger becomes very real.
  • 106. An Emerging Threat • With increasing numbers of organizations adopting BAS infrastructures, the number of potential targets rises, along with the time spent by attackers searching for as-yet unknown vulnerabilities. • To make things worse, many of these buildings are connected to the internet where anyone with the correct username and password can access it. • As of February 2019, there were 35,000 BAS systems connected to the public internet globally, and it’s highly likely that many of these are using default usernames and passwords.
  • 108. An Emerging Threat • Even if the majority of organizations implement adequate security, those that do not face severe consequences. • Countless schools, hospitals, universities, and banks have all fallen prey to ransomware attacks in the past few years, and this is likely to mutate into large-scale siegeware attacks in coming months to many BAS equipped buildings that do not have effectively secured networks.
  • 110. Siegeware: When Criminals Take Over Your Smart Building • Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities.
  • 111. Siegeware: When Criminals Take Over Your Smart Building • Imagine you are the person in charge of operations for a property company that manages a dozen buildings in a number of cities. What would you do if you got the following text on your phone? • “We have hacked all the control systems in your building at 400 Main Street and will close it down for three days if you not pay $50,000 in Bitcoin within 24 hours.”
  • 112. Siegeware: When Criminals Take Over Your Smart Building
  • 113. Siegeware: When Criminals Take Over Your Smart Building • In this scenario, the building at that address is one of several upscale medical clinics in your company’s portfolio. • The buildings all use something called a BAS or Building Automation System to remotely manage Heating, Air Conditioning, and Ventilation (HVAC), as well as fire alarms and controls, lighting, and security systems, and so on. • As many as eight different systems may be remotely accessible.
  • 114. Siegeware: When Criminals Take Over Your Smart Building
  • 115. BAS or Building Automation System
  • 116. Siegeware: When Criminals Take Over Your Smart Building • In this scenario, if someone has in fact gained control of the BAS, then it is entirely possible that the sender of the threatening message could make good on their threat.
  • 117. Siegeware: When Criminals Take Over Your Smart Building
  • 118. Siegeware: When Criminals Take Over Your Smart Building • Clearly, holding a building for ransom by leveraging its reliance upon software is now on the criminal agenda, part of the expanding arsenal of techniques for profiting from the abuse of technology
  • 119. Siegeware: When Criminals Take Over Your Smart Building
  • 120. Siegeware: When Criminals Take Over Your Smart Building • From Neolithic hilltop settlements to medieval castles and walled cities, human structures have always been a target for nefarious activity, often besieged by aggressors because access to them is essential to their functionality, be that living, working, meeting, trading, storage, or medical care.
  • 121. Siegeware: When Criminals Take Over Your Smart Building • Numerous practical and financial benefits can accrue from enabling remote access to a BAS, but when you combine criminal intent with poorly protected remote access to software that runs a building automation system, siegeware is a very real possibility. • To put it another way, siegeware is the code- enabled ability to make a credible extortion demand based on digitally impaired building functionality.
  • 122. Siegeware: When Criminals Take Over Your Smart Building
  • 123. Siegeware: When Criminals Take Over Your Smart Building • How widespread will the siegeware problem become in 2019? • That will depend on several factors: how aggressively cases are investigated by law enforcement; how many victims refuse to pay; and how many targets of opportunity the bad actors can find.
  • 124. Siegeware: When Criminals Take Over Your Smart Building
  • 125. Siegeware: When Criminals Take Over Your Smart Building • So, if you are at all concerned about the possibility of a siegeware attack, ask around to see if there is any remote access for the BAS in “your” building. • Then try to find out how well protected it is. Has access been placed behind a firewall? • Does access require a VPN connection? • Is access protected with multi-factor authentication or just a password? • If the latter, then immediately call a meeting to get that fixed.
  • 126. Siegeware: When Criminals Take Over Your Smart Building
  • 127. Siegeware: When Criminals Take Over Your Smart Building • Frankly, anything less than hiding the BAS login behind a VPN with 2FA means a building is at risk from criminals wielding siegeware. • With 2FA now being so widely available and easy to use, failure to take advantage of it to protect a BAS is likely to fail a reasonable test, should building tenants sue in the wake of a siegeware attack.
  • 128. Siegeware: When Criminals Take Over Your Smart Building
  • 129. Preventing BAS hijacking • Any smart home or other BAS controlled building is a potential target for siegeware attacks. • If you live in a smart-home, or are the building manager or security officer at an organization that utilizes BAS to control functions of the building, then it’s critical to provide that the security systems are up to the task of controlling access to the BAS.
  • 130. Preventing BAS hijacking • Many contractors will simply set up the automated control system on a web-based login interface. • It makes it easier for them to make any changes later on or solve any issues that might appear. • However, such remote access is vulnerable to unauthorized access.
  • 131. Preventing BAS hijacking • If there is remote-access to your BAS it needs to be considered a critical IT system, see to it that you have the following, at the very minimum: • Up to date firmware • Firewall • Encrypted connection • Preferably VPN-only access from the building’s IP • Strong passwords • Multi-factor authentication • Lockout on failed password attempts • Notification of login attempts
  • 133. Preventing BAS Hijacking • If remote access to a BAS is vulnerable in even one of these areas, it’s susceptible to being hijacked. • By implementing at least three authentication types - password, possession, IP - unauthorized access can be discouraged, but not necessarily stopped entirely for a determined attacker.
  • 134. Preventing BAS Hijacking • In the case of smart-homes and IoT devices, one has to make sure that all connected devices utilize security that prevents any unauthorized access. • The security of the controlling BAS box, in this case, extends to each and every physical device controlled through the network.
  • 135. Preventing BAS Hijacking • The concept of a smart home, of top-tier technology that aspires to increase convenience and comfort, becomes one of the most powerful enablers of cyber-terrorism. • Here’s hoping that those companies and individuals implementing BAS into buildings will be working closely with IT departments and security researchers to protect our buildings’ critical support systems.
  • 137. Cyber Risk Management for Smart Buildings • Dealing with cyber risks and threats demands a sophisticated and robust approach for smart buildings, which essentially consists of a systematic review and analysis of aspects such as the following: • ICS vulnerabilities • Cost of damage • Scope and magnitude of cyber crimes • Technology initiatives and mitigation methods • A cyber-security management strategy
  • 138. Cyber Risk Management for Smart Buildings
  • 139. Scope and Magnitude of Cyber Crimes in Smart Buildings • Cyber crime encompasses a broad range of activities; however, cyber security professionals tend to group criminal activity into categories based on capabilities and impact. • It can be categorized in following 4 groups
  • 140. Scope and Magnitude of Cyber Crimes in Smart Buildings • Terrorist organizations are considered low- to-moderate in impact and directed mostly for propaganda and recruitment; however, they could potentially launch high-impact attacks in the future.
  • 142. Scope and Magnitude of Cyber Crimes in Smart Buildings • Hacktivists (e.g., politically motivated groups such as Anonymous and LulzSec) depict a steep upward trend since 2011and are prone to high and low fluctuations as technology changes and as the business, economic, and socio-political landscape changes over time.
  • 144. Scope and Magnitude of Cyber Crimes in Smart Buildings • Organized crime (e.g., profit-seeking criminals and criminal organizations) is considered a medium/high threat in terms of capabilities and impact and is primarily focused on data theft and not directed at destroying the host system so as to maintain a lifeline to illicit revenues.
  • 146. Scope and Magnitude of Cyber Crimes in Smart Buildings • Espionage (e.g., corporate and government) is considered a high-skilled and high-impact growing threat involving computer and physical network attacks to obtain, destroy, and render critical information unavailable.
  • 147. Scope and Magnitude of Cyber Crimes in Smart Buildings • Among the 4 categories discussed above, the 2 considered most applicable to smart buildings, with the ability to inflict substantial damage, are espionage and organized crime. • However, the potential of hactivism impacting a smart building cannot be ruled out. • Similarly, depending upon the nature and strategic importance of the building, terrorist- devised cyber threats could be a strong possibility as well
  • 148. Cyber security Measures Adopted for Smart Buildings • Cyber security solutions currently being offered to the smart buildings industry combines IT and physical security options, in addition to technology deployment approaches that attempt at annomaly detection and reduce vulnerabilities for IT and OT staff.
  • 149. Cyber security Measures Adopted for Smart Buildings
  • 150. Cyber security Measures Adopted for Smart Buildings • In reviewing such technology options, it is important to begin by looking at a building’s critical vulnerability areas that gain top consideration.
  • 152. Cyber Risk Mitigation • The smart buildings industry is currently adopting mitigation methods that are varied and somewhat specific and/or proprietary to every organization. • Upon closer inspection, however, several best practices and commonalities in techniques have emerged from these approaches, which range from simple best practices to more rounded strategies based on life-cycle principles discussed below.
  • 153. Best Practices for Adoption • Industry experts agree that simple best practices can be applied for protection from cyber attacks. • These best practices include the following steps as examples: • Restricting BAS access to virtual private network (VPN)connections only • Using a Web server-based human machine interface (HMI) because it relies on IT technologies to secure access and restricts ports that need to be opened on a firewall • Segregating the BAS network from the IT backbone using virtual local area network (VLAN)IT technologies to restrict internal attacks/breakdowns
  • 154. Restricting BAS access to virtual private network
  • 155. Using a Web server-based human machine interface
  • 156. Segregating the BAS network from the IT backbone using virtual local area network (VLAN)IT
  • 157. Best Practices for Adoption • Maintaining password etiquette • Keeping BAS software and firmware up-to date and installing patches on a timely basis • Encrypting the data at rest to protect an organization further, and backing up to a separate system for access during a data breach • Conducting security audits to validate security measures to-help avoid complacency • Educating database users, owners, and operators on the need for, and methodology of cyber security
  • 159. Keeping BAS software and firmware up-to date
  • 160. Conducting security audits to validate security
  • 162. Conclusion • Smart buildings are creating new standards in technology, comforts, efficiency, and operational gains for owners, users, operators, service providers, and the community at large. • The influence of IoT in smart buildings has drastically changed both services and value delivery models; however, IoT has exposed buildings to unprecedented vulnerabilities of cyber space.
  • 163. IoT has exposed buildings to unprecedented vulnerabilities of cyber space
  • 164. Conclusion • While still in the early stages, cyber security concerns have the potential to derail an otherwise fast-growing smart buildings industry and its associated markets, primarily because of significant operational and financial loses that all stakeholders will have to sustain in the event of a cyber breach.
  • 166. Conclusion • Evolving technology, advances in connectivity, and an M2M environment will continue to shape the trajectory of smart buildings, thus raising the need for protection against cyber threats. • According to David Fisk, “If intelligent buildings are the future, then so too are cyber threats to building services.” • The question is not how but when a cyber attack will strike smart buildings. • It would be in the interests of all stakeholders if an appropriate response strategy is put in place without delay, such that cyber threats do not exert a destabilizing impact on the smart buildings industry.
  • 167. If intelligent buildings are the future, then so too are cyber threats to building services
  • 168. Terminology • Building Automation • Building automation is the automatic centralized control of a building's heating, ventilation and air conditioning, lighting and other systems through a building management system or building automation system (BAS).
  • 170. Terminology • Home Automation • Home automation or domotics is building automation for a home, called a smart home or smart house. A home automation system will control lighting, climate, entertainment systems, and appliances. It may also include home security such as access control and alarm systems
  • 172. Terminology • Internet of Things • The Internet of Things (IoT) is a system of interrelated computing devices, mechanical and digital machines, objects, animals or people that are provided with unique identifiers (UIDs) and the ability to transfer data over a network without requiring human- to-human or human-to-computer interaction
  • 174. Terminology 5G • 5G is the fifth generation of cellular technology. It is designed to increase speed, reduce latency, and improve flexibility of wireless services. 5G technology has a theoretical peak speed of 20 Gbps, while the peak speed of 4G is only 1 Gbps. • 5G also promises lower latency, which can improve the performance of business applications as well as other digital experiences (such as online gaming, videoconferencing, and self-driving cars).
  • 175. 5G
  • 176. Terminology • Siegeware • Siegeware is what you get when cybercriminals mix the concept of ransomware with building automation systems: abuse of equipment control software to threaten access to physical facilities
  • 178. Terminology • Darknet • Dark Net (or Darknet) is the part of the Internet purposefully not open to public view, or hidden networks whose architecture is superimposed on that of the Internet. • "Darknet" is often associated with the encrypted part of the Internet called Tor network where illicit trading takes place such as the former infamous online drug bazaar called Silk Road. It is also considered part of the deep web
  • 180. Terminology • Electronic Harassment • Electronic harassment, electromagnetic torture, or psychotronic torture is a conspiracy theory that government agents make use of electromagnetic radiation radar, and surveillance techniques to transmit sounds and thoughts into people's heads, affect people's bodies, and harass people. • Individuals who claim to experience this call themselves "targeted individuals" ("TIs") .
  • 182. Terminology • Black Hat Hackers • Black hat hackers are the stereotypical illegal hacking groups often portrayed in popular culture, and are "the epitome of all that the public fears in a computer criminal". • Black hat hackers break into secure networks to destroy, modify, or steal data, or to make the networks unusable for authorized network users
  • 184. Books The Internet of Risky Things: Trusting the Devices That Surround Us - by Sean W. Smith
  • 185. The Smart Enough City Putting Technology in Its Place to Reclaim Our Urban Future By Ben Green
  • 186. Ted Talks • Avi Rubin: All your devices can be hacked • https://www.ted.com/talks/avi_rubin_all_your_devices_can_be_hacked?utm_c ampaign=tedspread&utm_medium=referral&utm_source=tedcomshare
  • 187. 'Future Crimes,' by Marc Goodman • https://www.ted.com/talks/marc_goodman_a_vision_of_crimes_in_the _future?utm_campaign=tedspread&utm_medium=referral&utm_sour ce=tedcomshare
  • 188. References • Building Automation & Control Systems An Investigation into Vulnerabilities, Current Practice & Security Management Best Practice • https://www.securityindustry.org/wp-content/uploads/2018/08/BACS-Report_Final- Intelligent-Building-Management-Systems.pdf • Cyber security In Smart Buildings in action Is Not An Option Anymore • https://www.switchautomation.com/wp-content/uploads/2015/12/Cybersecurity-in- Smart-Buildings_-Discussion-Paper.pdf • How Common Are Attacks Through The BAS? • https://www.facilitiesnet.com/buildingautomation/article/How-Common-Are-Attacks- Through-The-BAS---16713 • Siegeware: When criminals take over your smart building • https://www.welivesecurity.com/2019/02/20/siegeware-when-criminals-take-over-your- smart-building/ • What is a smart building? • https://www.rcrwireless.com/20160725/business/smart-building-tag31-tag99 • What is a Building Automation System (BAS)? • https://www.opensourcedworkplace.com/glossary/what-is-a-building-automation- system-bas- • Why cybercriminals are eyeing smart buildings • https://www.welivesecurity.com/2019/06/12/cybercriminals-eyeing-smart-buildings/
  • 189.
  • 190.
  • 191.