The Honeywell Technology Day is an interactive event showcasing the evolution of the smart building concept and the benefits for organizations. This year’s focus was on how the Internet of Things (IoT) is transforming the built environment and how the latest integrated operations and IT solutions are boosting business performance.
Qbit supported a Honeywell business unit in the Netherlands with the implementation of ISO 27001, a well-known cyber security standard. During this project Honeywell and Qbit started talking about setting-up a partnership for cyber security. The idea is to combine Honeywell’s operational technology (OT) security knowledge and Qbit’s information technology (IT) security knowledge for smart buildings. Smart buildings use information technology during operation to connect a variety of subsystems which often use IoT solutions, which typically operate independently, so that these systems can share information to optimize total building performance. Traditionally building systems are managed with operational technology (using SCADA/PLC).
Smart buildings offer numerous advantages. Foremost when it comes to sustainability. Less waste of energy and space and a higher employee satisfaction. Naturally there is a financial gain as well. Smart buildings introduce IT security risks. An example being ransomware. In the near future we will see buildings that are taken hostage by attackers using ransomware.
Ransomware as a business model
Ransomware is the new business model for criminals. The odds of being arrested are low. The return on investment is high. In fact, ransomware is the fastest growing type of crime worldwide. Global damages are predicted to hit 20 billion US dollar in 2021 (Source: Cisco/Cybersecurity Ventures 2019 Cybersecurity Almanac). Ransomware attacks have shifted from individuals to organisations. Attacks seem random. Take SamSam for example. The attackers exploit a network vulnerability, disable the back-ups and encrypt all servers with different types of ransomware. Smart buildings that are taken hostage by ransomware are damaging for an organisation’s reputation, disrupt business continuity and could even threaten the safety of employees. Imagine doors in specific rooms won’t open, the temperature in the room is too high and the ventilation stops working.
Adapt and enforce security standards
It is not a question. The building industry should adapt and enforce security standards. Standards like ISO 27001, NIST Cyber Security Framework and ENISA baseline recommendations for IoT and so on. Governments, like the European Union, should stimulate and facilitate this. The industry on its own will not regulate itself quickly enough. Commercial interests, like time-to-market, prevent thorough security. Or to put it in other words, security increases the prices. A price that customers are not willing to pay.
Think like a hacker
Organisations can protect themselves by implementing measures like keeping systems up to date, enforcing strong passwords and two-factor authentication, creating offsite (remote) back-ups and continuously work on the knowledge, attitude and behaviour of employees. Train your employees to recognize phishing. Keep in mind that 100% security doesn’t exist. Try to design a secure and smart building, but also keep testing for vulnerabilities and monitoring for threats and incidents. It’s not a question if you will be hacked, but when. Think like a hacker to be sure you are ready for it and have a response plan.
Finally, people are key when it comes to security. We need a hacker mindset to continuously improve security and resilience: H4CK3R$ $33 tH1Ng$ d1FF3Rt tH3N 0tH3R$.
LinkedIn Live session
Erik Rutkens joined a LinkedIn Live session in the morning. You can watch it at Honeywell Live. In the afternoon the CEO gave his talk ‘You will be hacked!’.