In recent years, the news has had no shortage of stories about companies succumbing to IT and OT cybersecurity threats. As property owners increasingly incorporate and rely on smart building technologies, they need to focus on cyberthreat prevention. Identifying and eliminating vulnerabilities and security gaps can seem daunting. In this article, I will point out common low-hanging fruit from which owners can begin building a cybersecurity posture that protects data, equipment, and occupants from threats—both known and imminent.
1. Consolidate remote access
Buildings frequently deploy multiple air-gapped networks. Because these networks are physically disparate—meaning data transmission from one network to another is impossible—they require independent remote access entry points via remote access connectivity, such as VPN (virtual private network). The result can be remote access policies that significantly differ from a cybersecurity standpoint.
Consolidating multiple networks into one physical network that has a singular remote access method is becoming an increasingly popular remedy. This strategy improves visibility, authentication control, and uniform security policy management as well as virtual segmentation, where appropriate from a cybersecurity standpoint.
2. Secure network zones
Even as air-gapped networks are being consolidated, different IT/OT systems can remain segregated to improve cybersecurity control and to restrict lateral movement if a breach occurs. Modern IP networks are typically integrated with Layer 4 to Layer 7 firewalls, which can identify the type of traffic in each networked packet. These firewalls can be used to create logical security zones that restrict interzone communications at a granular level. Restricting interzone communication lowers overall cybersecurity risk by limiting the ability of a hacker to move within the network, and thus lessening the chase.
3. Monitor cyberthreats
Visibility into whom your endpoints and IoT sensors are communicating with is an important part of a modern cybersecurity posture. Compromised IT/OT devices or platforms often start talking to command-and-control botnet servers, revealing that the device or platform has been compromised. Without the proper level of threat monitoring in place, hacked devices can live on networks indefinitely and potential affect other systems.
Countering this requires the right level of security visibility. The latest cyberthreat monitoring platform is known as a network detection and response (NDR). This suite of security tools sits on the network, watching all the passing traffic. NDR also categorizes and baselines all data flows of the building network. Once it establishes a baseline, NDR uses artificial intelligence to identify if and when a device, or group of devices, has an unexpected change in communication—indicating a possible network or device breach.
4. Keep up on the patchwork
Maintaining and monitoring IT, OT, and IoT patch management is critical. While perimeter security, such as a firewall, is great, a bad actor will inevitably sneak by and directly access applications and operating systems located on the building LAN. A company’s or facility’s IT security team must stay on top of security patch releases for every hardware and software component that a smart building contains. The sooner a device is patched with the latest security fixes, the less likely it will be compromised.
5. Monitor and restrict access
Smart buildings introduce a host of new hardware and software equipment—for starters, IoT sensors, intelligent surveillance cameras, and door controllers—that requires management and upkeep. While many platforms and systems allow for locally created usernames and passwords for administrative access, this can lead to lost, stolen, or rarely updated passwords. Using a centralized user and authentication server can combat this significant risk. Microsoft’s Active Directory (AD) and the Remote Authentication Dial-In User Service (RADIUS) protocol are two common methods for centralizing the creation of administrative accounts and providing access controls to restrict which systems an account can communicate with.
Cybersecurity is not about eliminating any and all risk. Instead, it’s about understanding the types of risks in a given network environment and focusing on those security gaps or lapses that malicious actors are likely to seek. By eliminating the “low-hanging fruit” technologies commonly hosted in a smart building, property owners will ideally deter hackers looking for easy prey, leaving their systems and data unharmed.