With the rapid increase in connectivity of objects to the Internet, the notion of security in smart buildings has become a more critical issue. There were 1.1 billion “Internet of Things” devices active as of 2015, with 45 per cent of those being in smart homes and smart buildings, any issues with security has the potential for massive exposure, according to an article in Tech Republic.
In response to their attempt to quantify and otherwise explore the issue, IBM’s X-Force Security Research Group has recently released a research paper detailing their key findings, entitled “Penetration Testing a Building Automation System”.
Based on their research, the group offered several “Lessons learned”, which may be of use to individuals and companies attempting to secure their sites:
- Ensure all device software is up to date
- Disable remote access for items not requiring it for key functions, and employ two-factor verification when remote access is necessary
- Maintain password controls, restricting duplication between devices and accounts
- Employ secure engineering and coding practices
- Use tools to perform regular scans of networks to identify suspicious activity.
Sources:
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=SA&subtype=WH&htmlfid=WGL03110USEN
