Your Smart Building Could Catch a Virus

A new research paper suggests the developers of smart building components are overlooking security risks that could lead to hacker invasions.

by / August 15, 2012

Designers of smart grids and intelligent buildings are overlooking security concerns, according to a research article published recently. David Fisk of the Laing O’Rourke Centre for Systems Engineering and Innovation at Imperial College London warned that the building blocks of intelligent buildings leave major vulnerabilities open for hackers.

Fisk admitted there has not been a successful and significant attack deployed against intelligent buildings since the technology was invented 40 years ago, but this is not a good reason to ignore security against potential threats. The landscape, Fisk argued, has changed in the post-9/11 world.

The author cites the Stuxnet virus, the sophisticated code that targeted the computer systems running Iran's nuclear power infrastructure, as the kind of future threat that could target smart buildings.

"One area where this threat is fully recognized, that is especially relevant to the intelligent building, is the ‘smart grid,’" Fisk wrote. "Whereas the intelligent buildings research community might require some convincing that they face a cyber-threat, power engineers are much more aware because they have already experienced on a massive scale the impact of malfunctioning control software." The author was alluding to a large-scale power failure in North America in 2003 blamed on a malfunctioning control system.

Fisk mentioned that in the U.S. there is "arguably a substantial collection of buildings that need to take loss of function seriously."

“If intelligent buildings are the future, then so too are cyber threats to building services,” Fisk wrote. “The plan is relatively simple. The correct strategy is to draw up a ‘plan for the worst’ rather
than rely on assertions by software and hardware providers. They will no doubt do their best but cannot offer comfort on ‘unknown unknowns.’”

The full article is available for free online.

Platforms & Programs