The IoT Security Foundation and Institute of Workplace and Facilities Management offer guidance on securing Building Management Systems and Internet of Things systems.
The impact of the COVID-19 Pandemic is being felt right across society; with the primary focus being that of saving lives and maintaining public health. The current emergency has necessitated new ways of working and changes such as:
- Homeworking, contractor shutdowns or furlough of staff may mean new, inexperienced or possibly unqualified staff being given access to systems, to login remotely to Building Management Systems (BMS) for maintenance, updates or systems changes.
- Changes in staffing arrangements and routines may mean patching of software is delayed or not completed.
- Reduction or changes in on-site physical security arrangements may allow unauthorised access to server rooms or ICT infrastructure.
These new ways of working and changes add risk and creates opportunities for unauthorised exploitation or compromise of facilities and building management systems. Most buildings have a number of systems, which are connected to the internet and are used to control a variety of functions. These range from IP based CCTV and access control systems through Building Management Systems controlling heating, ventilation, lighting etc. to fully fledged “Smart Buildings” with sophisticated and fully integrated systems.
Any system, which is connected to the internet, is potentially vulnerable to attack from criminals, hacktivists and in some cases foreign state sponsored actors. Attacks on building systems may allow the attacker to not only take control of building systems, but also to use these systems to breach corporate IT networks to which they may be connected.
The Institute of Workplace and Facilities Management (IWFM) have been working with the Internet of Things Security Foundation (IoTSF) to produce guidance on managing potential security risks associated with building management systems and other IoT building systems in the current emergency. This guidance and a range of other valuable resources can be found on the IoTSF website.
The following guidance checklist is aimed at Building Owners and Facilities Managers and is intended to assist securing BMS/OT Systems and IoT Devices.
As we emerge from this crisis, we will find ourselves in a different world. The habits we develop now will provide a secure foundation for the digital world of the future.
It does not have to be expensive to improve IoT security, the IoTSF has free guides and checklists, which are easy to use and include:
The Institute of Workplace and Facilities Management (IWFM) is pleased to have worked with the IoTSF to produce this guidance which will assist the FM community in tackling some of the security challenges associated with the current COVID-19 emergency. Additional resources are available on the IWFM COVID-19 Hub here: Coronavirus (COVID-19) Resources