Cisco Canada Blog

Smart Building Are Vulnerable – But Not If Measures are Taken

June 3, 2013

I was reading an interesting article about how a Tridium network gateway device at the Google Wharf 7 building in Sydney, Australia was hacked recently.  The Tridium device is used for visibility and control of various Building Management Systems (BMS) and by gaining access, the hacker would have visibility and control over all the building systems connected through the Tridium.  While this exposure could be very detrimental, the “hacker” was a security company who is working on a project to identify vulnerable Internet facing Industrial Control Systems (ICS).  Their intentions were not malicious.

My interest in the article was not in the ability to hack into a building system control device but rather the concern I sometimes hear about the vulnerability of Smart Buildings which utilize a converged network for all their Building Management Systems (BMS).

While the concern of unauthorized access into a building’s operations is real, a properly implemented converged network in a Smart Building is by far less vulnerable.

Traditional built buildings utilize multiple disparate, often unsecure networks for their BMS solutions.  Network quality and security are very low on the priority list as BMS companies specialize in delivering their solution, not in keeping up with best practices for secure networks and preventing unauthorized access.  In fact, the Tridium device which was hacked at the Wharf 7 Building had an older software release and did not utilize some of the security measures designed to prevent unauthorized access.  Measures such as the use of Strong Passwords, a Lockout Feature or VPN and Firewall software were not implemented.  More than likely, there was little thought given to locking down access.

Smart Buildings have a greater reliance on a converged building network shared by BMS solutions such as Heating, Ventilation and Air Conditioning (HVAC), lighting, security and access systems.  For this reason, the network is designed to be Enterprise Grade which includes not only reliability but also security.  These Smart Building converged networks should have all the characteristics, including security, of a network utilized to operate a company’s business.  The company which hacked Wharf 7 was looking for vulnerable Internet facing devices and exposing them.  A properly implemented and maintained Smart Building network would not even appear on their radar.

The point of this message is:  Don’t condemn Smart Buildings and their converged network because someone does not implement proper security practices.  After all, even the best security measures in the world will not prevent unauthorized access if they are not properly implemented.

Leave a comment