Title

Intelligent buildings: An investigation into current and emerging security vulnerabilities in automated building systems using an applied defeat methodology

Document Type

Conference Proceeding

Publisher

secau Security Research Centre, Edith Cowan University, Perth, Western Australia

Faculty

Faculty of Computing, Health and Science

School

School of Computer and Security Science / Security Research Centre (secAU)

RAS ID

13100

Comments

This article was originally published as: Brooks, D. J. (2011). Intelligent buildings: An investigation into current and emerging security vulnerabilities in automated building systems using an applied defeat methodology. Paper presented at the 4th Australian Security and Intelligence Conference, Edith Cowan University, Perth, Western Australia.

Abstract

Intelligent Buildings (IB) have become increasing popular during the past decade, driven through the need to reduce energy, have more reactive and safer buildings, and increase productivity. IB integrate many systems that were in the past isolated from each other, including fire and life safety, HVAC, lighting, security, etc. Facilities contain commercial-in-confidence material and other valued assets; however, IB are integrated through open and common data communication protocols and hardware, leaving facilities exposed to external and internal threats. The study presents an investigation into IB, based on a defeat evaluation methdology. IB vulnerabilities considered two areas, namely physical and software vulnerabilties. Physical hardware vulnerabilities included physical access to the automation devices or workstations, communication networks, wiretapping, remote connectivity, foreign devices and local field programming. Software vulnerabilities included common connectivity protocols, restricted encryption and limited security considerations. These vulnerabilities could result in such attacks as denial of service, covert facilty entry or espionage. IB risks are contextual, aligned with the facility’s threat exposure; nevertheless, there are generic mitigation strategies that can be taken to protect IB systems. Protection includes situational threat driven security risk management, understanding system criticalities, integration of departments, a degree of network isolation and greater awareness.