Advertisement

Cybersecurity and Optimization in Smart “Autonomous” Buildings

  • Michael MylreaEmail author
  • Sri Nikhil Gupta Gourisetti
Chapter

Abstract

Significant resources have been invested in making buildings “smart” by digitizing, networking and automating key systems and operations. Smart autonomous buildings create new energy efficiency, economic and environmental opportunities. But as buildings become increasingly networked to the Internet, they can also become more vulnerable to various cyber threats. Automated and Internet-connected buildings systems, equipment, controls, and sensors can significantly increase cyber and physical vulnerabilities that threaten the confidentiality, integrity, and availability of critical systems in organizations. Securing smart autonomous buildings presents a national security and economic challenge to the nation. Ignoring this challenge threatens business continuity and the availability of critical infrastructures that are enabled by smart buildings. In this chapter, the authors address challenges and explore new opportunities in securing smart buildings that are enhanced by machine learning, cognitive sensing, artificial intelligence (AI) and smart-energy technologies. The chapter begins by identifying cyber-threats and challenges to smart autonomous buildings. Then it provides recommendations on how AI enabled solutions can help smart buildings and facilities better protect, detect and respond to cyber-physical threats and vulnerabilities. Next, the chapter will provide case studies that examine how combining AI with innovative smart-energy technologies can increase both cybersecurity and energy efficiency savings in buildings. The chapter will conclude by proposing recommendations for future cybersecurity and energy optimization research for examining AI enabled smart-energy technology.

Abbreviations

AI

Artificial Intelligence

AITA

Artificial Intelligence based Insider Threat Analyzer

B2G

Buildings-to-Grid

BACnet

Building Automation Control network

BAS

Building Automation System

B-C2M2

Building Cybersecurity Capability Maturity Model

BCF

Building Cybersecurity Framework

BEMS

Building Energy Management System

CCA

Critical Cyber Assets

CCTV

Closed-Circuit Television

CFR

Commercial, Federal, Residential buildings

CI

Critical Infrastructure

CMT

Configuration Management Tool

DDoS

Distributed Denial of Service

DER

Distributed Energy Resource

DHS

Department of Homeland Security

DOE

Department of Energy

DoS

Denial of Service

EERE

Office of Energy Efficiency and Renewable Energy

EIA

U.S. Energy Information Administration

EIoT

Energy Internet of Things

FCU

Fan Coil Unit

FPS

Federal Protective Service

GAO

U.S. Government Accountability Office

HIDPS

Host Intrusion Detection and Prevention System

HIDS

Host Intrusion Detection System

HVAC

Heating, Ventilation and Air Conditioning

ICS

Industrial Control System

ICS-CERT

Industrial Control Systems Cyber Emergency Response Team

ICT

Information and Communications Technology

ID

Identification

IDPS

Intrusion Detection and Prevention System

IDS

Intrusion Detection System

IED

Intelligent Electronic Device

IoT

Internet of Things

IPS

Intrusion Prevention System

IT

Information Technology

MAC

Media Access Control

NBAD

Network Behavior Anomaly Detection

NCA

Network Connected Assets

NIDPS

Network Intrusion Detection and Prevention System

NIDS

Network Intrusion Detection System

NIST

National Institute of Standards and Technology

OT

Operations Technology

PIDS

Physical Intrusion Detection System

PLC

Programmable Logic Controller

PNNL

Pacific Northwest National Laboratory

RCM

Risk Characterization Matrix

RFID

Radio Frequency Identification

RTU

Remote Terminal Unit

SCADA

Supervisory Control and Data Acquisition

SCI-RAD

Social Engineering Autonomy for Cyber Intrusion Monitoring and Real-time Anomaly Detecting

SIEM

Security Information and Event Management/ Log Analyzer

SSID

Service Set Identifier

References

  1. Alexander M, SANS (2016) Methods for Understanding and Reducing Social Engineering Attacks. https://www.sans.org/reading-room/whitepapers/critical/methods-understanding-reducing-social-engineering-attacks-36972
  2. Allen M, SANS (2006) Social Engineering: A Means to Violate a Computer System. https://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-violate-computer-system-529
  3. Automated Buildings, AutomatedBuildings.com (2014) Innovations in Comfort, Efficiency and Safety, Solutions. http://www.automatedbuildings.com/news/jun14/interviews/140528015505petock.html
  4. BCF, Buildings Cybersecurity Framework (2016). Forthcoming publication by the U.S. Department of Energy’s Building Technology Office.Google Scholar
  5. CERT., Cert.org (2016) insider threat. https://www.cert.org/insider-threat/
  6. DOE/EIA (2015) Annual Energy Outlook 2015 with projections to 2040. https://www.eia.gov/outlooks/aeo/pdf/0383(2015).pdf
  7. Gartner, Inc. (2015) Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015. http://www.gartner.com/newsroom/id/3165317
  8. Hagerman J (2016) The National Opportunity to Secure Buildings and Facilities from Emerging Cyber Threats. Forthcoming White Paper to be published by U.S. Department of Energy, Buildings Technology Office.Google Scholar
  9. Hardin DB, Corbin CD, Stephan EG, Widergren SE, Wang W (2015) Buildings Interoperability Landscape (No. PNNL-25124), Pacific Northwest National Laboratory (PNNL), Richland, WA. http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-25124.pdf
  10. HP News (2014) HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack. http://www8.hp.com/us/en/hp-news/press-release.html?id=1744676#.V41Wm01f3X6
  11. Ionesco P, IBM X-Force (2016) Research Penetration testing a building automation system. Is your smart office creating backdoors for hackers? https://securityintelligence.com/is-your-smart-office-creating-backdoors-for-cybercriminals/
  12. Kim E (2016) The people you trust most could be planning the next big cyber attack on your company. http://www.businessinsider.com/ibm-report-says-majority-of-cyber-attacks-at-companies-involve-insiders-2016-6
  13. Lord N (2016) Social Engineering Attacks: Common Techniques & How to Prevent an Attack. https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
  14. Lord N, Digital Guardian (2016) The History of Data Breaches. https://digitalguardian.com/blog/history-data-breaches
  15. Martin C (2016) Intrusion Detection and Prevention Systems in the Industrial Automation and Control Systems Environment. http://docplayer.net/6290577-Intrusion-detection-and-prevention-systems-in-the-industrial-automation-and-control-systems-environment.html
  16. Mylrea M (2015) Cyber Security and Optimization in Smart “Autonomous” Buildings. In: 2015 AAAI Spring Symposium Series.Google Scholar
  17. Mylrea, M (2016) Energy Security 3.0: The Next Generation of Energy Wars and Diplomacy. U.S. Department of State, Ralph Bunch Library Speaker Series Lecture.Google Scholar
  18. Mylrea, M, Gouresetti, S (2017) Applying Blockchain Based Smart Contracts to Grid Modernization: A Path to Speed, Scale and Security at the Grid’s Edge. IEEE Resilience Week Publication. Forthcoming, September, 2017Google Scholar
  19. NIST (2014) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0. http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
  20. O’Harrow R, The Washington Post (2012) Cyber Search Engine Shodan Exposes Industrial Control Systems to New Risks. https://www.washingtonpost.com/investigations/cyber-search-engine-exposes-vulnerabilities/2012/06/03/gJQAIK9KCV_story.html
  21. Pentland A (2014) Social Physics: How Good Ideas Spread-The Lessons from a New Science – a textbook, Penguin.Google Scholar
  22. PNNL (2016) Buildings Cybersecurity Compatibility Maturity Model. https://bc2m2.pnnl.gov/
  23. Pullen D (2014). Smart Buildings Research for the Future. Science in ParliamentGoogle Scholar
  24. Radvanovsky B, Tofino Blog. (2013) Project SHINE: 1,000,000 Internet-Connected SCADA and ICS Systems and Counting. https://www.tofinosecurity.com/blog/project-shine-1000000-internet-connected-scada-and-ics-systems-and-counting
  25. Search Security, Searchsecurity.com (2005) Definition incident response. http://searchsecurity.techtarget.com/definition/incident-response
  26. Security Week (2014) Target HVAC Contractor Says It Was Breached by Hackers. http://www.securityweek.com/target-hvac-contractor-says-it-was-breached-hackers
  27. Somasundaram S, Pratt RG, Katipamula S, Mayhorn ET, Akyol BA, Somani A, Fernandez N, Steckley A, Foster N, Taylor ZT (2014) Transaction-Based Building Controls Framework, Volume 1: Reference Guide. PNNL-23302, Pacific Northwest National Laboratory, Richland, WA. http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-23302.pdf
  28. D. Tapscott, A. Tapscott (2016), The Blockchain Revolution: How the Technology Behind Bitcoin is Changing Money, Business, and the WorldGoogle Scholar
  29. PWC Global Power and Utilities (2017) Blockchain opportunity for energy producers and consumersGoogle Scholar
  30. GAO, The U.S. Government Accountability Office (2014) Federal Facility Cybersecurity DHS and GSA Should Address Cyber Risk to Building and Access Control Systems. www.gao.gov/assets/670/667512.pdf
  31. Towler J (2015) World Building Automation & Control Systems Market expected to be worth just over US$26 bn by 2019. https://www.bsria.co.uk/news/article/world-building-automation-control-systems-market-expected-to-be-worth-just-over-us26-bn-by-2019/
  32. DHS, U.S. Department of Homeland Security. (2016) Critical Infrastructure Sectors. https://www.dhs.gov/critical-infrastructure-sectors
  33. EIA, U.S. Energy Information Administration (2016) International Energy Outlook 2016. http://www.eia.gov/outlooks/ieo/pdf/0484(2016).pdf, http://www.eia.gov/outlooks/ieo/
  34. Verizon (2016) Data Breach Investigations Report.. http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
  35. Wombat Security, Wombat security Social Engineering (2016) Teaching Users to Recognize and Avoid Social Engineering Scams. https://www.wombatsecurity.com/suggested-programs/social-engineering
  36. Wueest C, Symantec (2015) Is IoT in the Smart Home giving away the keys to your kingdom? http://www.symantec.com/connect/blogs/iot-smart-home-giving-away-keys-your-kingdom

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Michael Mylrea
    • 1
    • 2
    Email author
  • Sri Nikhil Gupta Gourisetti
    • 3
    • 4
  1. 1.Cybersecurity and Energy TechnologyPacific Northwest National LaboratoryRichlandUSA
  2. 2.Executive Cybersecurity Doctoral ProgramGeorge Washington UniversityWashington, DCUSA
  3. 3.Research Engineer (Smart-Grid Cybersecurity), Electricity InfrastructurePacific Northwest National LaboratoryRichlandUSA
  4. 4.Engineering Sciences and Systems Doctoral ProgramUniversity of Arkansas at Little RockLittle RockUSA

Personalised recommendations