Applied Risk, which specialises in securing industry and infrastructure, investigated, among other things, how easy it is to manipulate certain commonly used access systems to gain access to buildings. “This is just the tip of the iceberg, because in this research we only looked at how vulnerable these systems are to digital intrusions via internet browsers,” says Applied Risk CEO Jalal Bouhdada. “Although Smart buildings access and management systems use a variety of different security schemes, they remain vulnerable to attacks by the idea that they should be centrally controlled. Our conclusion is therefore that the security of building management systems needs a lot of improvement. ”
The report provides a list of recommendations for improving the security of automated building management. Some examples are:
- Keep the network where the building management system is connected is completely separate from other networks.
- Use secure access systems such as VPN networks if it is necessary to have remote access to the building management system. Realise that VPN networks are as secure as the weakest link in the network: If you can easily hack into a device on the network, you’ll just as easily break the entire network.
- Hackers use software that allows them to try millions of password combinations. Therefore, always change the default passwords of digital systems, and use only strong passwords of at least eight characters – but the longer the better – which are replaced regularly.
- Ensure active traffic monitoring over the network, and have a response plan ready for intrusion attempts to be discovered.
- Minimise vulnerability through human action with regular training programs.