With the proliferation of smart devices in buildings around the world, cybersecurity is the concern of the day. There are many potent examples of smart buildings’ triumphs and follies: Target and Home Depot shocked the world with breaches a few years ago; universities, hotels, and others have followed suit. Growth in IoT can only mean increased security risks — right?
The problem isn’t always with smart devices themselves. While there are factory default passwords that often don’t get changed, many smart devices in buildings aren’t being secured the way they ought to be. Operational technology (OT) — including HVAC, lighting, and security — is regularly managed by IT departments alongside computers and phones. This is referred to as convergence, and it’s been seen as the simpler, cheaper approach to building management.
Convergence makes sense for devices with similar characteristics and management needs. This becomes difficult, though, as more OT devices are added to the building networks. Reports show that over eight billion connected devices will be installed globally by the end of 2017. It’s harder for IT departments to manage hundreds of smart OT devices — which often don’t support the traditional IT security methods — at this massive scale. OT devices have characteristic differences in management, Internet access, and update frequency. With OT devices left unsecured and connected to the IT network, hackers can target HVAC, lighting, and the like to reach IT devices and their data.
Of course, OT network security breaches are serious on their own; one Austrian hotel had to pay a ransom after hackers disabled all the doors that were accessible by electronic key-card, for example. Still, backdoor access through OT to supposedly secure data is seriously unsettling. What will hackers find, if they make their way into businesses’, universities’, or even governments’ IT networks? As hackers advance their techniques, it’s important to advance our defenses. Unfortunately, converged networks are an easy opportunity for criminal hackers.
Because OT devices have limited, specific, and predictable needs for Internet access, separation means OT networks can be aggressively firewalled, or even isolated entirely. The limited connection between IT and OT makes the OT network a less appealing target for hackers and mitigates attacks on IT. If the interconnection is necessary, it can be reduced to a single point and monitored closely for any signs of attack; this single point of connection can also be quickly and easily cut off in emergency situations.
It’s not enough to only separate your IT and OT networks. If your OT network is not protected, hackers can still take your device systems hostage and demand a ransom. Disabling security systems can allow criminals to enter your building without detection physically. For a truly impenetrable system, you need to secure both networks properly. Intrusion detection monitoring, locked and disabled ports, and regular monitoring and auditing of the network; these all help to ensure the building is running as it should, and the network is not vulnerable to outside interference.
Controlco and Optigo Networks are both advocates of separate OT networks. As smart buildings become increasingly common, separation is a best practice that cannot be ignored. We’re joining forces to advance the separation of OT networks, with a new primary distribution partnership of Optigo Connect.
Optigo’s suite of hardware products, Optigo Connect, offers easy-to-manage switches available with secure networks and a fraction of traditional infrastructure requirements. This partnership with Controlco makes these packages widely available in North America, with support from a leading operational technology distributor. This partnership makes integrating Optigo Connect and separating networks easier and more affordable.
Smart buildings are the future of where we work, play, and live. As we modernize our spaces, we must also modernize how we manage them.
Visit Controlco to buy Optigo Connect and keep your building secure. Watch our webinar on OT networks and this new primary distribution partnership.
This article was originally published on Automated Buildings.