© Deepak Karuppannan Raja | Dreamstime.com
A broken lock surrounded with commonly used passwords.

5 quick checks to bolster smart building cybersecurity

April 26, 2022
SBT contributor Andrew Froehlich identifies low-hanging fruit for property owners to deter hackers.

In recent years, the news has had no shortage of stories about companies succumbing to IT and OT cybersecurity threats. As property owners increasingly incorporate and rely on smart building technologies, they need to focus on cyberthreat prevention. Identifying and eliminating vulnerabilities and security gaps can seem daunting. In this article, I will point out common low-hanging fruit from which owners can begin building a cybersecurity posture that protects data, equipment, and occupants from threats—both known and imminent.

1. Consolidate remote access

Buildings frequently deploy multiple air-gapped networks. Because these networks are physically disparate—meaning data transmission from one network to another is impossible—they require independent remote access entry points via remote access connectivity, such as VPN (virtual private network). The result can be remote access policies that significantly differ from a cybersecurity standpoint.

Consolidating multiple networks into one physical network that has a singular remote access method is becoming an increasingly popular remedy. This strategy improves visibility, authentication control, and uniform security policy management as well as virtual segmentation, where appropriate from a cybersecurity standpoint.

2. Secure network zones

Even as air-gapped networks are being consolidated, different IT/OT systems can remain segregated to improve cybersecurity control and to restrict lateral movement if a breach occurs. Modern IP networks are typically integrated with Layer 4 to Layer 7 firewalls, which can identify the type of traffic in each networked packet. These firewalls can be used to create logical security zones that restrict interzone communications at a granular level. Restricting interzone communication lowers overall cybersecurity risk by limiting the ability of a hacker to move within the network, and thus lessening the chase.

3. Monitor cyberthreats

Visibility into whom your endpoints and IoT sensors are communicating with is an important part of a modern cybersecurity posture. Compromised IT/OT devices or platforms often start talking to command-and-control botnet servers, revealing that the device or platform has been compromised. Without the proper level of threat monitoring in place, hacked devices can live on networks indefinitely and potential affect other systems.

Countering this requires the right level of security visibility. The latest cyberthreat monitoring platform is known as a network detection and response (NDR). This suite of security tools sits on the network, watching all the passing traffic. NDR also categorizes and baselines all data flows of the building network. Once it establishes a baseline, NDR uses artificial intelligence to identify if and when a device, or group of devices, has an unexpected change in communication—indicating a possible network or device breach.

4. Keep up on the patchwork

Maintaining and monitoring IT, OT, and IoT patch management is critical. While perimeter security, such as a firewall, is great, a bad actor will inevitably sneak by and directly access applications and operating systems located on the building LAN. A company’s or facility’s IT security team must stay on top of security patch releases for every hardware and software component that a smart building contains. The sooner a device is patched with the latest security fixes, the less likely it will be compromised.

5. Monitor and restrict access

Smart buildings introduce a host of new hardware and software equipment—for starters, IoT sensors, intelligent surveillance cameras, and door controllers—that requires management and upkeep. While many platforms and systems allow for locally created usernames and passwords for administrative access, this can lead to lost, stolen, or rarely updated passwords. Using a centralized user and authentication server can combat this significant risk. Microsoft’s Active Directory (AD) and the Remote Authentication Dial-In User Service (RADIUS) protocol are two common methods for centralizing the creation of administrative accounts and providing access controls to restrict which systems an account can communicate with.

Cybersecurity is not about eliminating any and all risk. Instead, it’s about understanding the types of risks in a given network environment and focusing on those security gaps or lapses that malicious actors are likely to seek. By eliminating the “low-hanging fruit” technologies commonly hosted in a smart building, property owners will ideally deter hackers looking for easy prey, leaving their systems and data unharmed.

For more news, projects, and profiles in the smart buildings ecosystem, subscribe to the SBT newsletter and follow us on LinkedInTwitter, and Facebook.

About the Author

Andrew Froehlich | Contributor

As a highly regarded network architect and trusted IT consultant with worldwide contacts, Andrew Froehlich counts over two decades of experience and possesses multiple industry certifications in the field of enterprise networking. Andrew is the founder and president of Colorado-based West Gate Networks, which specializes in enterprise network architectures and data center build-outs. He’s also the founder of an enterprise IT research and analysis firm, InfraMomentum. As the author of two Cisco certification study guides published by Sybex, he is a regular contributor to multiple enterprise IT-related websites and trade journals with insights into rapidly changing developments in the IT industry.

Voice your opinion!

To join the conversation, and become an exclusive member of Buildings, create an account today!

Sponsored Recommendations

Building Security & Technology Series: Webinar 3 - Proptech

Date: May 22, 2024Time: 1:00 PM EDT / 12:00 PM CDT / 10:00 AM PDT / 5:00 PM GMTDuration: 1 Hour eachGold Sponsors: Genetec, ISSSilver Sponsors: EVOLV, OpenEye ...

Building Security & Technology Series: Webinar 4 - Lessons Learned

Date: May 29, 2024Time: 1:00 PM EDT / 12:00 PM CDT / 10:00 AM PDT / 5:00 PM GMTDuration: 1 Hour eachGold Sponsors: Genetec, ISSSilver Sponsors: EVOLV, OpenEye ...

Handwashing Survey Research Drives Industry Solutions

Sharing well researched data on consumer likes and dislikes in public bathrooms, this guide presents handwashing public restroom hygiene trends and survey insights for facility...