AutomatedBuildings.com Column - Cybersecurity for Modern Building Services

This article is a collection of odds and ends, brought out by the announcement that this month is the Holistic Cybersecurity issue. Security, including cybersecurity, is making sure the needed information or action is reliably available at the right time to the right people.

As noted elsewhere, many of the most useful and exciting changes in how we interact with the world, and the world with us, are in the hidden world of buildings and their services. In May 2008, I named this the Service Oriented Building (SOB) and called for it to be a full-fledged partner with the then emerging Service Oriented Architecture (SOA) for enterprise systems. Since then microservices have become the norm for assembling highly scalable, highly resilient, and highly secure systems.

Service integration treats remote systems as black boxes, and the only remote integration is requesting from or providing services to that black box. Service request does not care about the mechanisms in that black box, only about the service provided. This minimizes communication between systems, already a step forward in cybersecurity. A black box providing a service can be designed so that none but the other components in the box can see or interact with them. Service Oriented systems provide a smaller attack service.

Building system components are still designed with no attention to security; they are insecure by design. Protocols such a BACnet multicast their presence to all on the nearby network, and want to find out about all on the nearby network. The chattiness of these protocols has become the first test for system security. A control protocol of a sufficient size effectively performs a Distributed Denial of Service (DDOS) attack on itself, losing communication in the din of discovery.

The problems of insecurity by design can only be addressed by proper network design. Building systems must be broken down into small enough systems that the roar of discovery is muted. Their communication must be simplified so that they can be walled off, and protected by firewalls that let only a few well-defined protocols through.

Since I wrote about the SOB in 2008, BACnet has developed the tools for this. Building systems in defined local area networks can now communicate with other defined local networks through BACnet Broadcast Management Devices (BBMD). A BBMD defines how a device in one network can share information with a BBMD in another small network, and let the systems on both networks talk. This is a great improvement, but the communications between BBMDs are still not secure, and service offered by a BBMD is direct access to all devices and sensors.

One of the services offered by building systems is to consume or not to consume power at any moment. Balancing supply and demand of power moment by moment is the key services of the Smart Grid. The OpenADR Alliance is leading the way toward service communications with buildings that provide this service. OpenADR still often requires that the requester know too much about the internal controls of a system to be consistent with good security. Transactive Energy, particularly the efforts to bring TEMIX into the communication between the grid and buildings offer better, but only for the building that understands how it uses to power itself.

The adoption of proper segmentation is painfully slow. No one gets excited about buying security until after they have lost something because of poor security. Fortunately, we have new forces focused on the customer experience that inherently support better security.

Tiny Artificial Intelligence (AI) systems have demonstrated their ability to improve the user experience while consuming fewer resources. Tiny AI runs on small systems. (Microsoft has put a GitHub of AI for small devices online, even as small as a Nano-Pi. Edge-based AI systems enable faster decision-making at the edge of the Internet, which is to say inside your buildings. Tiny AI is a great way to translate building controls into service for service interactions. Because these decisions do not require constant communication with central sites, they are inherently more secure and resilient.

AI decision making is coming systems as small as single pumps and compressors (see d for example https://samcontrollers.com/). AI metering can bridge the gap between the traditional control system and smart energy systems that know what energy they need over time to provide services. Such agents will be a critical part of a future vision for smart energy. An AI-based system can move closer to providing the best service while reducing sensitivity to traditional attacks.

AI introduces new challenges and new means of a cyberattack. If your control communications are private and local, and the facts about that operation are stored locally, then the control system is inherently more cybersecure. But AI systems run on patterns of facts, and those facts can be a new vulnerability. If you can erase the store of facts, then the AI is not able to perform. If you can poison the facts, adding or changing records in the data store, then you can poison the information that the AI needs to make its decision. I’ll write more about fact protection in tiny systems some other time.

Even cybersecurity is becoming more secure and scalable by becoming service oriented. OpenC2 (Command and Control) to distribute cybersecurity information across systems without regard for the mechanisms in the systems. OpenC2 is a model for coordinating cybersecurity services and gathering situation awareness while relying on edge-based systems and controls. OpenC2 is supported by the most significant players in information technology, in industry, in defense, and in spy-craft.

OpenC2 1.0 is about to arrive, and it addresses traditional issues of network security, i.e., firewalls and packet management. The next steps are cyberdirectives to the Internet of Things (IoT). A demonstration cybersecurity interface in OpenC2 to a Tesla Power Wall can be found in Git. This may be the basis for a cybersecurity interface to storage systems generally, or even to microgrids.

I expect the requirement of OpenC2 interoperation and conformance will be expected in building systems. (Sounil Yu of Bank of America talked about his expectations at the 2019 RSA conference.) If the industry does not participate, this requirement will be painful. What people are pondering, though, is what do you tell a building, or a battery when you expect or are in the middle of a cyberattack….

If you think you know, I’d like to hear from you. You will certainly need to know more in the months ahead.

Events	Want Ads
Our Sponsors	Resources