Six Steps to a Fullstack Smart Building Cybersecurity Solution

Key Takeaways:

• Cybersecurity is only as good as your weakest process, posing a risk to occupant data and building safety.

• These six basic steps create blanket security for building data.

Cybersecurity is a multifaceted problem, requiring efforts and tools from a variety of disciplines to ensure data and operations remain safe. Thinking about all the angles of cybersecurity can be overwhelming, even for people in the cybersecurity industry itself. Because of the nuance involved in cybersecurity, it’s hard to cover it all in detail, but we can break down the major areas and products needed for a full-stack smart building cyber solution to give owners and managers a comprehensive overview of the issues.

Network Asset Discovery

Cybersecurity starts with network asset discovery. First, you have to know what you’re protecting. Detecting and collecting data creates a map and reveals pathways between devices that are used to create a baseline for anomaly and threat detection. A basic device inventory of OT hardware, IoT devices, PCs, software, and other connected electronic devices paints an up-to-date picture of a building’s technology landscape. Vendors offer passive and active discovery services to map assets, networks, and connectivity. Once you have an understanding of what’s in play, work can begin to minimize disruption and optimize cybersecurity. Think of network asset discovery as a basic checkup with your doctor, taking an inventory of issues before seeing a specialist.

Endpoint Cybersecurity and Patch Management

Endpoint cybersecurity and patch management are what many imagine when they hear the term cybersecurity. Endpoint security is focused on protecting PLCs, RTUs, database servers, manufacturing systems, workstations, and pretty much everything else with an operating system. Securing the ‘endpoints’ is about protecting access points to the network.

Endpoint security is often managed by centrally located security software installed on vulnerable devices, like antivirus protection, personal firewalls, and removable media sanitization agents. Patch management is also critical because threats are never stagnant, evolving security methods means pushing out the latest updates to the network. If network asset discovery is like a basic checkup with the doctor, endpoint security is like urgent care, treating specific issues.

Identity and Access Management

Remote work gaining popularity has brought ID and access management to the forefront of cybersecurity. Identity and Access Management (IAM) is a policy framework for electronic identities that gives users and devices access to certain areas of the network or subnet, often using software like a VPN to verify digital IDs.

Single sign-on, multi-factor authentication, and privileged access management can help keep data secure by ensuring only people with proper credentials can access data. Assigning roles to users and only giving them access to data pertinent to the role helps to isolate threats and prevent hackers from fully owning your network based on one user’s vulnerability.

Network Anomaly and Threat Detection

Often the first sign of a threat is an anomaly, when a device or user accesses something they normally wouldn’t, or at a time they normally wouldn’t. Deviations from standard use are a clear sign that something isn’t right. Unusual usage patterns get flagged for investigation, allowing swift action the minute something doesn’t seem right. Because this type of protection doesn’t rely on IDs or signatures, instead judging threats based on learned knowledge of specific network traffic, it offers a different form of protection that’s absolutely critical to prevent zero-day attacks and unknown threats.

Vendors can install powerful anomaly detection software that acts as a 24/7 traffic cop. Some software can even inspect data packets as they travel across the network, like cameras being able to see what’s in the trunk as cars pass by.

Network Segmentation

Jumping between subnets is one of the major signs your system has been compromised. Hackers look for entry points, often through simple systems or basic forms of access. Once they’re in, they look for bridges to the data they really want. Network segmentation is like building a moat around your castle of valuable data. Software can prevent communication between networks and lateral movement between networks segments.

Unidirectional gateways offer protection by only allowing data to move in one direction, forcing data transfers through the necessary firewalls. Unified Threat Management (UTM) and intrusion prevention systems (IPS) can help augment other forms of security by centralizing threat detection and creating firewalls and fail-safes for anomalous network traffic.

Risk Management/Managed Services

Even with all the above areas covered, threats are still possible. Hackers are constantly figuring out new ways to attack systems, staying ahead of the harm requires vigilance and discipline, that’s where risk management comes in. Risk Management involves team building, cybersecurity training, third-party risk assessments, and remote audits.

Think of these programs and services as getting a second opinion on your cybersecurity health. Working with firms that specialize in cybersecurity audits, training, and risk assessments can help uncover vulnerabilities before they become a problem.

This guide is meant to serve as a bird’s eye view of building cybersecurity. On the ground, things are far more complicated. Knowing what the main focus areas of cybersecurity are can help owners and asset managers understand the risk landscape more clearly and ask the right questions to cybersecurity experts.

Each area offers a variety of vendors and products to keep you safe, IT and OT teams will be able to tell you more. True security comes from a top-down approach to security where leadership is involved and invested in decision-making.