How to ensure the security of building management systems
Computer security is a topic that keeps managers thinking at night, and the truth is that any system connected to the Internet is at risk - including a building automation system (BMS).
The basic functionality of the Building Management System (BMS) is to maintain the building climate within a specified range, to manage lighting according to a busy schedule, to monitor the performance of all systems and to provide fault alarms. Automation systems reduce electricity consumption and maintenance costs. They are usually financed by energy and insurance savings and other savings associated with preventive maintenance and rapid problem detection.
So, more and more often the owners decide to buy a building automation system, implement the solution and then "forget" about it, sometimes for decades, until an event occurs that attracts their attention again. This approach can lead to computer security issues that are not properly addressed. Unauthorized access to a BMS can compromise the security of the building and a period of unplanned shutdown of its systems with negative effects on tenants' business.
Here are three essential elements of BMS system security that facility managers need to pay attention to and what actions are needed to ensure it:
1. Define the required security levels
To meet the security needs of an organization's BMS system, the facility manager must define the operating time required for BMS controls. It is also necessary to know what type of information is stored on computers, as well as the type of information circulating on the network. The more valuable a piece of equipment and the information in it, the more likely it is to be targeted by a cyber-attack. Once the risk is known, it becomes easier to distribute resources and protect the most important devices.
Properly securing a network is an expensive endeavor; knowing which devices can cause damage if compromised can allocate resources efficiently. A component, such as a JACE server, must be seen as high risk because it is a critical device, and may face a high level of threat. Of course, there are ways to mitigate the risk as long as it is properly identified.
2. Use the appropriate configuration
Facility managers should be aware that because BMS often communicates with a host computer, BMS can be used in cyber or malware attacks to attack non-BMS systems. In some cases, an independent network specifically designed for BMS must be created to protect other information on the network.
The ideal configuration for a BMS would be for the network to take over a topology with information protected by layered security levels. The farther you enter the network, the higher the level of security with more methods to ensure the integrity of information. These methods may include firewalls and various one-way gateways to prevent access to sensitive information. In these regions of increased security, the most important devices must be placed, with a major effect on people's lives in the event of a cyber-attack.
Before allowing WI-FI communications on devices without the proper level of security, facility managers should be aware that it is easier to park near a building and attack a wireless BMS than to connect directly to the network. a building and not be detected.
3. Develop appropriate policies and procedures
Facility managers should consider the possibility of unauthorized access to BMS, as well as how authorized personnel will be granted access to it. There must be separate accounts for each user or developer and activity logs to keep track of access and any given commands. Logs are also useful when there is a breach of procedures and can help prevent further intrusions.
Having an IT security strategy for a BMS is essential in today's connected world. BMS systems operate connected to the rest of the building's infrastructure and systems. By assessing the three areas addressed in this article, facility managers can take a huge step toward securing the system and minimizing risks.
Another extremely important aspect is to work with companies specialized in facilities management, such as the FMS team, in order to benefit from their expertise, from the choice of the BMS system to its installation and administration.
Author: Lucian Anghel, Fondator și CEO, Timepal Romania și Facilities Management Services
Some of these cookies are essential, while others help us to improve your experience by providing insights into how the site is being used.
Accept Recommended Settings
Necessary cookies enable core functionality such as page navigation and access to secure areas. The website cannot function properly without these cookies, and can only be disabled by changing your browser preferences.
Analytical cookies help us to improve our website by collecting and reporting information on its usage.
We use marketing cookies to help us improve the relevancy of advertising campaigns you receive.
Social Sharing Cookies
We use some social sharing plugins, to allow you to share certain pages of our website on social media.