Security threats and risks of Intelligent Building Systems: Protecting facilities from current and emerging vulnerabilities
Faculty of Computing, Health and Science
School of Computer and Security Science
Intelligent Buildings (IB) are facility-wide systems that connect, control, and monitor the plant and equipment of a facility. The aim of IB is to ensure a facility is more efficient, productive, and safe, at a reduced cost. A typical IB integrates diverse subsystems into a common and open data communication network, using both software and hardware; however, IBs suffer from diverse generic vulnerabilities. Identified vulnerabilities may include limited awareness of security threats and system vulnerabilities, physical access to parts of the system, compromise of various networks, insertion of foreign devices, lack of physical security, and reliance on utility power. IB risks are contextual and aligned with the threat exposure of the facility. Nevertheless, there are generic mitigation strategies that can be put in place to protect IB systems. Strategies include threat-driven security risk management, an understanding of system criticality, greater integration of departments, network isolation, layered protection measures, and increased security awareness.