Written by Shaun Cooley, founder and CEO of Mapped.
In an era increasingly dominated by the Internet of Things (IoT), buildings have become sophisticated software and hardware networks designed to monitor and control complex machines and operating systems. Building owners and operators rely on supplier teams to install and integrate these systems in multiple buildings, often in multiple buildings. These systems improve the quality of buildings for both users and managers. However, whenever a vendor connects to a system, that connection exposes the building to a security threat that can spread throughout its entire portfolio. Here are some important ways that cyber attackers can use your device to gain access to building systems:
- Open ports to all systems in the building
- Connect to remote support and software updates
- Search engines like Shodan that can identify servers connected to the internet
There is always some level of risk in integrating, managing, and updating a building’s myriad systems. The security habits of multiple vendors cannot be reliably predicted, and administration of those systems involves more than enforcing physical security. The cloud is a great asset, but multiple connections increase the potential for security breaches.
solution? Moving borders to the cloud
A secure cloud platform that manages access to your systems improves your security profile and reduces risks to your systems. There are certain key features you should look for in a cloud solution to help mitigate these potential security threats. These include:
Simplify access to the system A cloud platform with a single cloud API reduces security vulnerabilities by reducing access points to one. Vendors integrate systems through cloud APIs instead of ports in multiple buildings. This removes physical access to the system and greatly reduces the threat of on-premises attacks.
Integrates with all devices, systems and sensors in your environment A building can have more than 50 different systems, including BAS, HVAC, lighting control, Wi-Fi, digital signage, and more. Solutions must be able to integrate all systems and provide visibility and fine-grained control over the flow of data between building systems, devices, sensors and applications.
monitoring function You need to be able to track and monitor the current state of any environment, and to be able to control the data accessed by internal and external entities. A viable solution should have the ability to monitor the environment for operational data, firmware, and other updates. It should also provide a means of peer communication as an ideal source for detecting unexpected environmental changes and establishing zero trust policies. Quickly identify changes in access or data flow that could signal a cyberattack.
Visibility and fine-grained data control When collecting data from multiple vendors, the system may miss where the data originates, is transmitted, and landed. The solution should tag data for easy identification and provide controls to determine who has access to the data.
Some solutions provide account-level access to data types, but a security gap arises when granting access to real data. A preferred solution is one that allows you to tag data by location, system type, or personally identifiable information (PII). For example, if data from a badge reader is tagged with PII, you should be able to identify that information and restrict access to that information.
Protection with a single, secure pipeline solution
Vendors connect devices to building systems without considering the impact on the overall system. The absence of the security protocols that led to the Target attacks in 2013 does not remain an isolated incident. Hacker attacks in 2020 building access control system You have downloaded a malware that turns your system into a Distributed Denial of Service (DDoS) bot.
As ransomware and other attacks continue to grow, you need dynamic solutions to monitor and protect your environment. A secure and reliable API can change the dynamics of managing complex environments. Shifting access from a physical environment to a cloud platform with a single point of access and secure encryption reduces risk and protects your systems.
About the author
Shaun Cooley is the founder and CEO of Mapped, the first data infrastructure platform for commercial and industrial Internet of Things (IoT). Previously, he served as Vice President CTO of Cisco’s Internet of Things (IoT) business, where he was responsible for Cisco’s long-term IoT technology strategy. These include product architectures, security, privacy, and technology partnerships that Cisco IoT businesses implement; advising governments on IoT regulations; facilitating Cisco’s participation in IoT-related standards bodies and consortia; and addressing existing or anticipated industry needs. Including innovation support to
Prior to joining Cisco, Shaun served as Norton’s Distinguished Engineer at Symantec, where he played a leading role in Norton’s transition from utilities to security. For 18 years, Shaun has helped create and advance the products of the Norton portfolio, a portfolio of products with annual sales of over $2 billion.
Shaun has over 25 years of industry experience, holds a Master’s degree in Computer Science from the University of Illinois, and is a Certified Information Systems Security Specialist (CISSP). He was named inventor for 121 issued US patents, along with more than 100 pending US patents. He is an active angel investor at Acceleprise SF, a startup mentor and an advisor to Deep Angels. Shaun was previously a Director of the Open Connectivity Foundation and a former Director of Attivo Networks.
Shawn can be reached on Twitter at: @shauncooley More information about Mapped can be found here. mapping.com.
Fair Use Notice: “Fair use” laws allow other authors to make limited use of the original author’s work without permission. Under 17 US Code § 107, “It is not copyright infringement to use copyrighted material for purposes such as criticism, commentary, news reporting, education (including multiple copies for classroom use), scholarship, or research.” As a matter of policy, fair use is based on the belief that the public is free to use portions of copyrighted material for the purposes of comment and criticism. Fair use privileges are perhaps the most important restrictions on the exclusive rights of copyright owners. Cyber Defense Media Group is a news reporting company that reports cyber news, events, information and more free of charge on its website Cyber Defense Magazine. All images and reporting are conducted exclusively in accordance with the fair use of US copyright laws.