The Cyber Threat to the Built Estate

893 views

Published on

Cyber Threat is now a very real physical threat to our buildings and national infrastructure. Hackers can now disable buildings, satellites, power stations, air traffic control and many other critical infrastructure elements. Learn more in this presentation from Mike Gillespie of Advent IM Ltd

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
893
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • So we have established that networked systems create potential vulnerabilities and that traditional geographically based threats have now been augmented with the threat from cyberspace. But what could that look like potentially.? No one goes in no one goes out No vehicles can get through barriers Security systems compromised leaving people and assets vulnerable – CCTV breached or ineffective. Fire alarms or fire prevention such as sprinklers disabled, emergency lighting not working Air conditioning not working and temperature and air quality out of control in a building no one can get in or out of.
  • Some definitions to help us along the way.
  • Even if a building was not built to be a ‘smart building’ it can be made into one. Fabulous integrated systems sit all over buildings, controlling our environments, our movements and our safety. As users we rarely consider it (unless we work in FM) and yet it has a massive part to play in everyone’s working day. Frequently these systems will be hooked into a central control unit of some description. This is the cost effective way – integration and remote control of systems.
  • There is good business logic behind decisions to integrate systems. They can compliment each other and clever use can see things like security adding value to a business. For instance – setting PIRs to report by exception in low usage areas, enabling Aircon and lighting to be turned off or down during trough occupancy. The savings in this area can be huge. The end result is a more efficient building that can be managed from almost anywhere. For instance Air Con that can be accessed remotely over the net by the FM and turned off, turned down or fixed to never go above or below a certain temp. Key to that sentence was, ‘accessed over the web’
  • So we have a fabulous building with some very impressive kit in both BM and Security. These systems are networked and they are controlling our air quality, our security systems and our access in or out of places. That building and its occupants could be threatened not only by whatever sits in its vicinity, like a nearby animal testing lab that might attract attention from pressure groups, or by location in a high crime area for instance. It’s systems are networked and if they aren't properly protected or were insecure in the first place, the building is now under threat from anyone with a computer, web access and a desire to do some harm.
  • So our networked building is now a potential target for anyone. You may know all about what your business does to protect it’s systems but what about Building Management? Do you share a building? Do you know what your neighbours do? Could a vulnerability in their systems affect everyone in the building? It could come from anywhere, it could come from the other side of the world or be state sponsored.
  • So we have established that networked systems create potential vulnerabilities and that traditional geographically based threats have now been augmented with the threat from cyberspace. But what could that look like potentially.? No one goes in no one goes out No vehicles can get through barriers Security systems compromised leaving people and assets vulnerable – CCTV breached or ineffective. Fire alarms or fire prevention such as sprinklers disabled, emergency lighting not working Air conditioning not working and temperature and air quality out of control in a building no one can get in or out of.
  • So we have a wonderfully capable building but we have by unintended consequence created a hugely vulnerable asset that is open to the whole of cyberspace if we don’t secure it properly and holistically. It’s like putting a door in the middle of cyberspace, its only a matter of time before someone walks through it. If you’re lucky it will be a pen tester.
  • We know we need to protect our Network, we use anti virus, we patch, we use firewalls and encryption. We educate our users in keeping our network safe. Do we take similar precautions with our networked systems.? We have just seen the speed with which a building can be effectively disabled. That may not be the only threat. The attack may be to take information for future attacks, such as stealing or using CCTV images. Perhaps entry data to find out when target staff members are on site. Or test disable an alarm system for a combined attack across several systems in the future. How did we source our systems in the first place? Some security systems are built insecurely and so the challenge is to buy well in the first place. The objective is security so buy secure and keep it secure, protect, patch and maintain it.
  • Our infrastructure is coming under the same threats. Satellites, nuclear power plants, mobile phone masts, air traffic control. It might be suppliers to these critical functions that get attacked. It may connected systems or other parts of the supply chain. All organisations have a role to play in our CNI at some point and we have to start by securing our own part of cyberspace that controls our building services.
  • In order to protect our CNI and our buildings properly we need to look at threat and its treatment, holistically. Virus can be introduced to our systems and we need to be able to protect them properly.
  • The Cyber Threat to the Built Estate

    1. 1. Mike Gillespie – Advent IM Ltd, Independent Holistic Security Consultancy The Cyber Threat to the Built Environment
    2. 2. • our buildings have become smarter creating new threats and vulnerabilities • some threats may not be geographically sensitive – the threat can come from anywhere • our infrastructure is under threat too • our attitude to ‘cyber’ needs to change • we need to secure our security systems • buying secure • protecting them once installed • cyber threat to our infrastructure and built estate has to be included in Threat Assessments coming up
    3. 3. Definitions Smart - systems operating as if by human intelligence by using automatic computer control, system or component that performs the correct action in a wide variety of complicated circumstances Integrated - To make into a whole by bringing all parts together; unify Holistic - Emphasizing the importance of the whole and the interdependence of its parts. Concerned with wholes rather than analysis or separation into parts Smart integrated holistic
    4. 4. aircon light access control restricted access heat parking control intruder detection fire & life safety cctv power management water & waste
    5. 5. Integrated systems providing big data and big benefits Security integrating with other systems such as heating, creating Efficiency improvement. A better environment for users and managers alike. Cross business silo adoption and application, returning actionable information. Helping move security from the cost column and into the investment column aircon light access control restricted access heat fire & life safety water & waste intruder detection cctv parking control power management
    6. 6. The creation of this new integrated entity is the creation of a not just a new and powerful building management system but that of a new asset. An asset without geographical location in the cyber world and that needs to be protected. a new truth
    7. 7. Cyber threat to the built environment: once your security systems are networked, your smart building’s geography fails to apply and your address becomes “Earth”… …which means an attack on a building’s security systems could come from anywhere on the globe, just ask Iran. made in the USA
    8. 8. within minutes a building could be totally disabled • door entry system disabled or locked down • automatic barriers disabled or locked down • CCTV disabled • fire & life safety systems disabled • Air conditioning disabled
    9. 9. Image courtesy www.explodingdog.com
    10. 10. Air quality and conditioning systems How secure are our security systems? Door entry systems CCTV and monitoring systems Alarm systems some visuals courtesy of freedigitalphotos.net
    11. 11. our buildings and our national infrastructure some visuals courtesy of freedigitalphotos.net
    12. 12. building cyber threat into Threat Assessments some visuals courtesy of freedigitalphotos.net
    13. 13. in summary • our buildings have become smarter creating new threats and vulnerabilities • some threats may not be geographically sensitive – the threat can come from anywhere • our infrastructure is under threat too • our attitude to ‘cyber’ needs to change • we need to secure our security systems • buying secure • protecting them once installed • cyber threat to our infrastructure and built estate has to be included in Threat Assessments
    14. 14. thank you The Cyber Threat to the Built Environment www.advent-im.co.uk

    ×