Cyber security: connectivity and new business models
"…home smart home..." – Cyber security as an enabler for digitization“
The danger of cyberattacks on companies and households has increased significantly, said Frauke Greven from the Federal Office for Information Security (BSI) at the Intersec Forum 2019 of Messe Frankfurt. In addition to attacks on operating systems, hardware would increasingly come under attack by, e.g., Meltdown and Spectre. Even encryption, the "cradle of security", has become vulnerable.
Cyberattacks are increasingly being carried out by specialised, industry-like companies with extensive know-how. According to Greven, the vectors of incidence are people, systems and networks. The increasing integration of building automation into building-wide networks creates additional risks. Manufacturers, integrators and operators would therefore have to rely on "Security by Design" and "Security as a Service" and communicate confidently with each other. The BSI supports all market players, from basic IT protection to handouts tailored specifically to building automation. The 27th Cyber Security Day here in Frankfurt am Main by end of March is dedicated to the trade, while the Cyber Security Day at the end of November 2019 will focus on building automation and industrial security.
Video interview with Frauke Greven
„Cyber security in building technology – an inventory“
An adequate protection of intelligent buildings against cyberattacks is not feasible with purely static approaches such as firewalls and security zones. Instead, Stephan Engel, Head of Cyber Security at Siemens Building Technologies Germany, advocates a dynamic solution at the Intersec Forum of Messe Frankfurt. "Cyber security in smart buildings must function like an immune system." Passive protection against hackers ("Protect") would require active detection of attacks ("Detect") with subsequent measures ("React"). Equally important is continuous monitoring of effectiveness ("maintenance").
Operators should act immediately, as attacks are increasingly being carried out more professionally and smarter. According to Engel, integrating building technology into the Internet of Things (IoT) involves additional risks: "As soon as one single function from building technology is connected to the Internet, it may be attacked". However, with the right defensive measures, the risk in connected environments is much lower than renouncing completely to digitization.
Video interview with Stephan Engel
“Cyber security strategy OT infrastructure“
Many building operators concentrate on securing their information technology (IT) systems. However, operational technology (OT) systems, such as sensitive security and building technology systems, are often underestimated. "When it comes to cyber security, OT systems in buildings are the weakest link in the chain today," stated Gernot Gadow, Customer Consultant Security – Regional Marketing Leader Germany & Central Europe at Honeywell Building Solutions at the Intersec Forum of Messe Frankfurt.
The need for action is urgent from his point of view, as the complexity of connected systems continues to increase. The number of components available on the Internet of Things (IoT) will rise to 20 billion by 2020. In 2030, the proportion of connected devices from connected buildings will rise to 81 percent of all components in the IoT. Since attacks are also becoming increasingly intelligent and dangerous, Gadow recommends that building operators address specialised providers of cyber security services.
Video interview with Gernot Gadow
„Secure remote connections for buildings – Case Study Caverion“
An essential basis for the protection of Smart Buildings against cyberattacks is a reliable connection of the components of a building. Michael Szücs, Head of Sales Germany at Tosibox, pleaded at the Intersec Forum of Messe Frankfurt for the use of prefabricated and security-tested connectivity solutions that also provide secure remote access. Building operators can thus concentrate on their core competencies and do not have to deal with unsecure or disrupted connections. The decisive factors in product selection are usability, certified security functions and high scalability.
Video interview with Michael Szücs
„Application of IT security requirements according to IEC62443 in building automation“
The risks caused by cyberattacks in smart buildings are increasing with the growing amount of connected components of building automation and building security. Effective protection is possible if graduated and effective measures are taken, such as those described in the IEC 62443 series of international standards. This was Peter Schönenberger’s point of view, Head of Marketing & Product Management at Sauter, at Messe Frankfurt's Intersec Forum 2019.
"The world is fundamentally unsecure and dangers exist everywhere. All depends on how to cope and deal with these risks responsibly in order to avoid and limit damage." Simple security measures are suitable as an effective basis. For example, information should only be disseminated when necessary. It should also be clarified who needs what information, when and with what access. For building automation, the division into zones is of great importance, e. g., on room automation and management levels. Depending on the requirements, these zones can be provided with safety and security levels from IEC 62443-3-3, which leads to appropriately graded measures. Every building operator should define individual safety and security targets based on a risk analysis.
Q & A session with the speakers on “Cyber security: connectivity and new business models”, Chaired by: Bernhard Heuvelmann
Digitising and connecting smart homes and smart buildings is impossible without sufficient cyber security. Only then can new business models be successful. All speakers in the "Cyber Security: Networking and New Business Models" session at the closing discussion of the first day of the Intersec Forum 2019 of Messe Frankfurt agreed on this.
Building operators are already aware today that risk and threat scenarios are constantly increasing. It is important to clarify what consequences cyberattacks may and will exert along the entire value chain. For building operators, simple recipes for daily use would have to be available to facilitate the implementation of security measures.
Digitisation can only be achieved if all those involved in the building sector and the BSI communicate openly and trustingly with each other. If risks are handled responsibly, networking and digitisation can be seen as an opportunity to increase comfort, efficiency and security.