Help! - my building has been hacked!
Updated: May 15, 2018
For every builder holding a hammer there is a waiting nail. In much the same way, traditional cybersecurity attack surfaces have been restricted almost exclusively to the domain of IT.
Many organisations separate the management of environmental and operational technology (OT) from information technology (IT). Unfortunately, these once separate (in many cases air-gapped) systems have now been joined.
This issue started to present itself a number of years ago with the security of SCADA systems. Traditionally, to attack these systems involved specialised knowledge, skills and physical access to the equipment.
With the coverage and ease of access to the Internet, device manufacturers and facilities managers embraced this new capability to connect their devices, thus making them more manageable, enabling remote monitoring and reducing cost associated with travel.
So what happens when you take equipment that relied on being inaccessible and complex to operate and connect it to the Internet with an easy to use Web interface?
In the meantime, the organisations' highly trained cyber security team remains blissfully unaware that their organisations systems are happily announcing their availability and vulnerable status to the world.
What would happen, for example if the buildings lifts and doors were locked and aircon disabled in a die hard style attack?
These issues join the ever increasing list of security issues in the Internet of Things (IoT).
So, enough about the problem - what can be done?
The answer is surprisingly simple - Take a good look at your building and its attack surfaces
Through the use of a site security assessment, we start by identifying credible risks based on relevant threats, followed by a systematic analysis of potential scenarios and impacts.
Author: Clinton Smith