Power, they say, corrupts, and absolute power corrupts absolutely. While that was said about politics, it sure seems like it was tailor-made for smart buildings.
Facility-control technology is exploding because the concept is useful and often saves money. Unfortunately, smart devices have also proven to be an on-ramp for major intrusions. Smart buildings are surely absolutely powerful in a way; are they absolutely corruptible? Maybe, if we’re not very careful.
如果腐败意味着整体坏处,那么侵犯聪明的建筑物肯定会有资格。它可以让入侵者弄乱灯光,供暖和空调,也许还有其他关键系统。我们还从新闻报道中知道,黑客可以使用成功的智能建筑入侵潜入其他业务应用程序,并可能损害它们和关键公司信息。解决这些风险很重要,这意味着从它们的出现方式开始。
Hacking generally needs something to hack through, and smart buildings create two broad attack surfaces to worry about. The first is the interface through which the building is controlled, often a phone or browser. The second is the interface to the smart elements themselves, the protocol used by the IoT devices. The risk to each of these depends on how your building intelligence is organized.
There are two basic models of smart buildings, what you could call the military model and the mob model. Have you ever watched a parade where the military marched? There’s a big group, but they’re all marching in step based on some leader who counts cadence. That corresponds to the local-controller model of smart buildings; there’s a leader running things. Now consider the parking lot as a big event is letting out. Everyone-for-themselves doesn’t begin to describe how that usually turns out, and that corresponds to the autonomous-device model of smart buildings.
One reason the model is important in security is that the smaller and cheaper something is, the harder it is to secure. In the local-controller military model, all the smart IoT elements connect with a local device that provides the link between the smart building and the phones or keypads or switches that provide the human interface. There is one control interface, which means only one control point to defend against attack, and it’s pricey enough to get good security.
自主设备的“暴民”模型使各个设备通常使用自己的独立应用程序来完成自己的工作。您的门铃相机或恒温器就是一个例子。每个都通过其自己的应用程序来运行,通过您的LAN或使用Internet进行连接。这意味着入侵者可以使用每个设备。Since the devices are small, low-powered, and inexpensive, they’re less likely to have robust security than a local controller, and even if they’re used with a robust local controller, the controller usually connects through each of those separate apps, so there’s no security gain.
Real security for smart buildings starts by adopting the local controller model for all devices, particularly for large and complex facilities. With a proliferation of Wi-Fi autonomous devices, the number of possible attack points is simply too large to manage. With a local controller, you have one control interface to watch, one primary software element that connects the building to the control interface. It’s much easier to protect that, and to ensure that the software and any firmware are kept up-to-date.
控制器模型还有助于实现IoT链接的安全性。Controller-based smart buildings use a custom IoT protocol (common ones are LoRa, LoRaWAN, Z-Wave, and Zigbee) with limited capabilities to limit how they could be exploited, so even if the device link was hacked, there’s a limit to what damage could be done. The Internet and LAN are firewalled from the devices by the controller, making it much harder for an intruder to ride into the building by hacking an IoT device. Best of all, modern versions of the IoT protocols are themselves encrypted, which means that even if those protocols can reach outside the building, they’re very difficult to hack. The system isn’t foolproof, but it can lower the smart-building hacking risk to the point where it’s as low or lower than other hacking risks you already face.
“ can”是这里的手术单词。必须采取一些基本步骤以确保控制器模型能够实现其能力:
- 仔细查看控制器功能,寻找用于管理更新的特定工具,以及用于控制建筑物的Web/LAN界面上的防火墙和加密等基本功能。另一个有用的功能是日记活动,尤其是命令。定期审查日记本可以帮助现场尝试破解系统,或者只是做一些顽皮的事情。
- Know your device vendors and their practices. Review how firmware and software for your smart building components are kept up to date. Can you interrogate every device to learn its firmware? Does the manufacturer provide firmware updates regularly? Are your smart components from a reputable vendor with solid financials, so you don’t have to worry about their going out of business? Is there a federation that certifies smart devices for the protocol you’ve picked, and is your vendor a member?
- Avoid using WiFi-connected devices with your smart building controller. That would open a new interface, creating a new point of attack. Most Wi-Fi devices still require their original control connection, too, which creates a path through which to attack the controller.
- 考虑将您最关键的物联网元素划分到自己的控制器上。应将乘员(例如照明)操纵的事物应与控制热/空调,电梯等关键设施资源的控制。通过常规(常用的)路径降低进入关键系统的风险。
- 从所有控制器上的管理访问中单独的例程控制器访问。智能建筑物中使用的大多数物联网控制器都设计为可编程,以便即使没有通过电话或浏览器连接用户,它们也可以控制设施。如果可以访问控制器的人可以编写或更改程序,升级软件等,那么控制器就不安全。为了获得更大的安全性,仅通过键盘或其他有限功能设备提供路由设施控制,并仅使用电话或PC来进行管理功能。
Don’t be afraid of smart building technology; properly used it can actually enhance security by letting you review how your facility is being used, and sometimes even by whom. But remember my military analogy; if the wrong person is giving the commands, the whole formation can march over a cliff like proverbial lemmings. Follow these tips so you won’t join them.