Framework to assess cyber security maturity of smart buildings
Transcript of Framework to assess cyber security maturity of smart buildings
Framework to assess cyber security maturityof smart buildings
MSc Internship
CyberSecurity
SiddhantStudent ID: x18203884
School of Computing
National College of Ireland
Supervisor: Mr Vikas Sahni
www.ncirl.ie
National College of IrelandProject Submission Sheet
School of Computing
Student Name: Siddhant
Student ID: x18203884
Programme: CyberSecurity
Year: 2020
Module: MSc Internship
Supervisor: Mr Vikas Sahni
Submission Due Date: 07/09/2020
Project Title: Framework to assess cyber security maturity of smart build-ings
Word Count: 886
Page Count: 7
I hereby certify that the information contained in this (my submission) is informationpertaining to research I conducted for this project. All information other than my owncontribution will be fully referenced and listed in the relevant bibliography section at therear of the project.
ALL internet material must be referenced in the bibliography section. Students arerequired to use the Referencing Standard specified in the report template. To use otherauthor’s written or electronic work is illegal (plagiarism) and may result in disciplinaryaction.
I agree to an electronic copy of my thesis being made publicly available on NORMAthe National College of Ireland’s Institutional Repository for consultation.
Signature: Siddhant
Date: 6th September 2020
PLEASE READ THE FOLLOWING INSTRUCTIONS AND CHECKLIST:
Attach a completed copy of this sheet to each project (including multiple copies). �Attach a Moodle submission receipt of the online project submission, toeach project (including multiple copies).
�
You must ensure that you retain a HARD COPY of the project, both foryour own reference and in case a project is lost or mislaid. It is not sufficient to keepa copy on computer.
�
Assignments that are submitted to the Programme Coordinator office must be placedinto the assignment box located outside the office.
Office Use Only
Signature:
Date:
Penalty Applied (if applicable):
Framework to assess cyber security maturity of smartbuildings
Siddhantx18203884
1 Potential smart building attacks
Denial of service attack: Denial of service attack is used to shut down the targetedmachine or a network by flooding the junk request on the server [1]. For example Ifin smart buildings air conditioning of data server room stops working than organizationcan face huge loss and can also lead to ddos attack, Or server face lot of requests at thesame time than server will be busy on junk request and can not serve to the originalusers which can also impact the reputation of an organization by restricting user accessto resources.
Table 1 shows a matrix for checking cyber maturity of smart buildings. It describesabout impact areas of smart building’s, possible breach incidents, cyber defence compon-ents, preventative aspects.
Table 1: Matrix for checking cyber maturity of a smart buildingsImpact areas Cyber Breach in-
cidentsCyber defence com-ponents
Preventative as-pects
Users failure in Systems Identity validation Access to fire sys-tem (False alarm toevacuate building)
Third party remoteaccess
Nuisance tech-niques to lifethreatening dam-age
Security for endpoint devices
Access to securitysystem (Unauthor-ized access)
Physical access toapps, networks andconnected devices
Malicious soft-wares and virusinfections
Network security Access to commu-nication network
Integration plat-forms
Attack by unau-thorized outsider orfraud by staff
Data security Access to utility-installed device
Communicationgateway
Unintentionaldamage by thirdpart access becausethere infrastructuregot compromised
Multi layer security Hijack BAS forransomware
1
Improper access control: Improper access control can lead to very dangerousattack because if granting access is not proper than any person can access anything andwhich may lead to exposure of sensitive information.
Intrusion detection and prevention: Intrusion detection is a process of monitoringmalicious signs inside the network for predicting the incidents [2]. Moreover intrusionprevention is used to stop the potential threats found by analyzing the network. So ifintrusion detection and prevention system is compromised than anyone can hack intoyour smart buildings and can compromise your system and information.
Weak Encryption: If smart buildings are using weak encryption than anyone can doman in middle attack while transmitting data and can decrypt the information becauseencrypting technique is weak which will lead to exposure of sensitive information and canalso damage the reputation of an organization.
2 Matrix for checking smartness of smart buildings
Here is a matrix which checks about smartness of smart building by checking what arethe components present in that building and what is the impact of that component onsmart buildings in terms of smartness as well as security. Moreover according to impactcomponents is defined in three part low, medium and high.
Table 2: Matrix for checking smartness of smart buildingsSmart components Impact level on smart-
nessSecurity impact
Fire Detection devices High (Fire detectiondeal with human life)
High (False alarm can evacuatewhole building and attackers canattack in that specific time)
CCTV High (It can help inbacktracking)
High (If CCTV is compromisedthan attacker can monitor allyour activities and it will be diffi-cult to backtrack)
Access control High (Only allow au-thentic persons)
High (Attacker can easily get intoyou infrastructure if access con-trol gets compromised)
Command and control sys-tem
Medium (Systemtransform actionabledata into real time)
Medium (False public announce-ment can be made if system iscompromised)
Lightning control systems High (Helps to saveenergy)
Low (Impact is low because light-ning can impact the work in nightonly and that for few minutesonly)
Elevator Low (Fast mode oftravelling betweendifferent floors insidebuilding)
Low
2
Smart components Impact level on smart-ness
Security impact
Boiler Low (Helps to in-crease the temperat-ure of water )
Low
Databases High(Helps to main-tain the data of an or-ganization in an sys-tematic way)
High (Data is the main asset forevery organization because it in-cludes all the information aboutthe organization)
Generator High (Backup devicefor providing energyto an organization )
High (Organization can go un-der DDOS attack if energy sup-ply cut down and generator alsostops working)
Heating, Ventilation, Airconditioning (HVAC)
High (Helps in main-taining temperature ofan organization)
High (If air conditioning of dataserver room stops working thanorganization can face huge lossand can also lead to ddos attack)
Network monitoring devices High (Helps in monit-oring different activit-ies)
High (Looks for malicious activ-ities in an organisation and beepsalarm if anything suspicious )
3 Smart buildings survey
Survey is filled by industry specialist who are currently working in smart building securityin Ireland. In addition to this survey suggestions also gives real world flavour to this thesisfrom industry specialist inputs.
So here are some graphs from a survey filled by industry specialists of smart buildingssecurity.
Figure 1: Smart buildings considerations survey
3
Figure 2: Smart buildings threats survey
Figure 3: Smart buildings mitigation’s survey
4
Figure 4: Smart buildings potential surveys
Bar graphs give description about what do you consider as smart buildings, threatsto smart buildings, mitigation of those threats, and potential features for future smartbuildings.
5
4 Internship Task Report
6
References
[1] N. Komninos, E. Philippou, and A. Pitsillides, “Survey in smart grid and smart homesecurity: Issues, challenges and countermeasures,” IEEE Communications SurveysTutorials, vol. 16, no. 4, pp. 1933–1954, 2014.
[2] E. Bajramovic, K. Waedt, A. Ciriello, and D. Gupta, “Forensic readiness of smartbuildings: Preconditions for subsequent cybersecurity tests,” in 2016 IEEE Interna-tional Smart Cities Conference (ISC2), 2016, pp. 1–6.
7