With an expected compound annual growth rate of 23% between 2020 and 20205, the smart building market is rapidly expanding. This explosion of new integrated building technologies has positive implications for management, efficiency and the environment, but it also opens up new attack vectors. Vulnerability to hijacking via siegeware requires smart building managers and cybersecurity professionals to update access management policies for improved security and protecting smart buildings from siegeware attacks.
What is Siegeware and How Does it Work?
Like any connected technology, building automation systems may have weaknesses in one or more devices. Hackers can exploit a single weak point in any part of the system to take control of the entire building and hold it for ransom. This is the basis of how siegeware works.
In a siegeware attack, hackers use ransomware to lock building managers out of smart systems and refuse to relinquish control until a ransom is paid. Ransom money is often requested in Bitcoin, which allows hackers to remain anonymous.
Consisting of over 35,000 building systems connected to public internet around the world, such a large threat landscape provides numerous opportunities for siegeware attacks. Unfortunately, connected devices operating on default settings can leave entire buildings vulnerable. Hackers need only to search online databases to find systems to target and log in with a device’s known default credentials to gain access.
Poor security on third-party networks can also enable infiltration via siegeware. A single building’s systems may be accessible by many third parties, and not all of them implement strong security on their own networks. If a hacker is able to steal third-party credentials via an unsecured device or account, the results can be the same as if the main building lacked proper security.
What are the Effects of Siegeware?
Once a siegeware attack has been launched, a hacker has the potential to connect to and control any system in a smart building. This may include:
• Network connectivity
• Fire suppression
• Physical access and security
Serious consequences can result if any one of these systems is hijacked. By manipulating different systems, a hacker could prevent occupants from leaving the building and create any number of life-threatening situations. In buildings such as hospitals, offices, schools and apartment complexes, these actions could lead to illnesses or even deaths. At the very least, siegeware attacks can halt the normal course of business and result in significant loss of capital for building owners and any businesses relying on compromised buildings for daily operations.
Hackers need not manipulate building systems to profit from a successful breach. A significant amount of information can be gleaned simply by using connected devices to listen to conversations, watch security footage and observe automation routines. This information may be used to infiltrate other systems or networks in the future.
How Can New Access Management Policies Protect Smart Buildings?
Properly securing any system against cyberattacks always begins with a thorough risk assessment. Vulnerabilities must be identified and addressed to minimize potential entry points for hackers. Assessments should include routine building automation system penetration tests and a review of known and emerging threats.
Once assessments have been completed and susceptibilities and threats documented, building managers should create written security policies and incident response plans. Regular practice of these plans ensures all parties are ready to protect the building and minimize damage in the event of a siegeware attack.
Access control is an essential part of siegeware protection. According to the Security Industry Association, 51% of security professionals integrate access control into smart building systems. However, physical access control isn’t sufficient; an identity and access management strategy must be included in every building security policy. This requires expanding IAM beyond its use in business networks and applying similar principles to connected building systems, including:
- Defining and enforcing access authorization policies for all users
- Performing due diligence before allowing access
- Keeping logs of all users with access to building systems
- Creating an audit trail with records of all access attempts
- Setting up login alerts
- Locking out users after failed login attempts
- Using firewalls, access rules and access requirements to control remote system connections
- Requiring the use of encryption or VPNs for access
- Regularly updating and patching all devices
- Checking for default settings throughout building systems
- Enforcing password creation policies for stronger passwords
- Separating building networks from the networks employees and customers use
- Managing device identities to control access to and with all types of devices
Identity and access management policies must evolve to meet the security challenges of smart building technology. Along with increased threat awareness, stronger access management is essential to reduce the risk of siegeware attacks and protect building owners and residents from the devastating effects of hijacking. It’s up to building managers and cybersecurity experts to work together and create strategic plans for access management in every smart building.