By Cameron Exley, Head of Technology and Commercialisation at Syntric
The need to protect buildings with a cyber security system can be correlated to the increasing profile
and volume of attacks against these assets. It is no longer possible to remain blissfully unaware that
buildings are valuable targets for cyber criminals. One of the first high-profile attacks in 2014 was
targeted at a large US retailer. A malicious outsider gained access to the Point-of-Sales systems
through the Operation Technology (OT) networks. They exfiltrated millions of credit card numbers
and access went unnoticed for several months. The initial point of access for this attack was the
HVAC remote access system – left wide open by the contractor for the convenience of remote
monitoring and service.
Prime Minister Scott Morrison also recently warned that spy agencies have witnessed increased
hacking activity targeting a wide range of assets. Foreign state-backed attackers appear to be
targeting buildings, public infrastructure and private OT systems.
Interest in cyber networks is on the increase
For proactive customers, interest is usually driven from fear. Customer conversations are now often
led with ‘I don’t understand any of this but I don’t want to be in the news either’. The amount of fear
mongering across the property industry amongst building owners is increasing. Businesses need to
have sensible conversations with a trusted partner to understand why they are purchasing a cyber
security solution – rather than just ticking a compliance box. Most corporate compliance policies
now require a cyber solution to safeguard against an attack. Fully understanding the threats will help
building owners formulate a plan to prevent or minimise the damage caused from a future cyber
attack.
Emerging cyber trends
Ransomware is on the increase. A growing number of customers are reporting OT networks that
have been infected with malware. This type of malware rarely has a single target in mind and whilst
it’s busy encrypting all the files on a computer, it is looking for the next target within the same
network. These infections quickly spread to every computer within the network and can sometimes
make their way onto unexpected equipment such as a CCTV camera or shopping centre way finder.
This type of malware is becoming more and more common as cyber criminals have realised how
effective this method can be to quickly raise funds. They usually spread through phishing emails
(“Click here to claim your free honey glazed ham!”) but have also been known to spread through
vulnerabilities in operating systems and equipment. Most of the world was affected by the
ransomware dubbed ‘WannaCry’ in 2017 with devastating consequences.
Common cyber mistakes
There are three common mistakes building owners are making including no network segmentation,
unmaintained hosts within networks and mixed use of the OT network.
The first step – segmenting the network is critical in reducing overall risk and reduces the blast radius
in the event something does happen. Depending on how the system is segmented, building owners
may mitigate the risk of a ransomware attack from their entire network down to only a small slice of
it
Second is maintenance of hosts operating on OT networks. Often, a contractor will supply and install
a server or workstation for their system to run. What is rarely discussed is who is responsible for the
ongoing maintenance of this machine? Building owners will assume the contractor, and the
contractor will assume the building owner. This results in a grey area with nobody applying updates,
ensuring anti-malware protection is installed etc. The previously referenced WannaCry attack could
not affect hosts that had the most current Windows updates applied.
Finally, a common mistake is the mixture of use cases for an OT network. Not only should the
network be segmented into chunks, but users should not be allowed to perform functions outside of
what is necessary to operate the OT in that building. The most common entry points for infections
stem from personal email use on the OT networks. Users often don’t have the luxury of email filters
that corporates install. Without any anti-malware or software updates installed, a single click on a
phishing link can quickly result in a total network takeover.
Cyber solutions protect buildings
There are several IT solutions to choose from. Some of the most popular include firewalls, intrusion
detection systems and endpoint protection. Building owners need to understand OT does not
operate in the same way IT equipment does. Choose cyber security equipment and policies that
cause limited disruption to the current network and technologies and work within the OT
ecosystem. Understanding how humans interact with the systems is also an important
consideration. Facility managers, HVAC technicians and CCTV installers all need to work together to
fully understand the technical requirements of the cyber security system to ensure it is effective.