2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018
Single-Pair Ethernet (SPE) is a transformative technology that is redefining the landscape of smart buildings by enabling efficient retrofitting of legacy systems, enhancing sustainability, and integrating information technology (IT) and operational technology (OT) networks. Beyond improving energy efficiency and operational effectiveness, SPE also introduces new cybersecurity challenges and opportunities. This article explores how SPE strengthens smart buildings’ security while facilitating the transition to Industry 4.0., the cybersecurity challenges facing smart buildings, notable cyberattacks that highlight their vulnerabilities, and how SPE is shaping a more secure and sustainable future for building automation. Leveraging Single-Pair Ethernet for Sustainable and Secure Smart Buildings By Yuri Luskind
FIGURE 1 : History of OT System Cyberattacks. Source: Zemfyre
NOTABLE CYBERSECURITY EVENTS Cyberattacks on buildings are not new, but their number is increasing (Figure 1). The timeline shown ends in 2019 but there have been several significant attacks since then. More recent examples of cyberattacks include: • 2023: Johnson Controls, a manufacturer of industrial control systems, air conditioners, security systems, and other building automation equipment was targeted by the Dark Angels ransom- ware gang. The attack forced the firm to shut down large portions of its IT infrastructure, which affected customer-facing systems. Dark Angels demanded a $51 million ransom to delete the data and provide a file decryptor. The company claimed in a 2024 SEC filing that the attack cost $27 million in dam- ages – although the company expected the costs to rise as they determined what data was stolen and worked with cybersecurity forensics and remediation experts. • 2021: A German automation engineering company was breached when attackers exploited an unsecured internet gateway to access its building automation system (BAS). The hackers managed to “brick” about
75 percent of the company’s automation devices including light switches, motion detectors and shuttered controls, locking the engineers out of the system. As a result of the cyberattack, engineers were forced to revert to manual controls such as flipping circuit breakers to turn on lights in the building. • 2021: Richmond Community Schools had to extend their winter break because of a cyberattack that originated with the district’s HVAC services provider. Several of the district’s tools, including heating, telephones, copiers, and classroom technology lost function as a result of the incident. The district had to re-image and reconnect systems one by one to ensure they were clear. WHERE TO START WITH OT CYBERSECURITY It is difficult to protect what cannot be seen or monitored. This is why SPE addresses a critical challenge in system security by bringing field-level devices into the security framework. By enabling direct Ethernet connectivity, SPE eliminates blind spots and ensures that every device can be actively monitored and secured. For too long, field-level devices were excluded from security frameworks because they were either
CYBER ATTACKS ON SMART BUILDINGS: A GROWING CONCERN As smart buildings become increasingly reliant on interconnected systems and cloud-based services, they also face mounting cybersecurity threats. The convergence of IT and OT networks in smart buildings introduces vulnerabilities that cybercriminals exploit for financial gain, data theft, or operational disruption. Smart buildings incorporate automation for critical functions like HVAC, lighting, security, and access control, making them attractive targets for cyber- criminals. Inadequate security practices—such as default passwords, lack of encryption, and exposed internet gateways—can allow attackers to disrupt operations, steal sensitive data, or even hijack control systems.
A 2024 report by Ordr found that unmanaged, agentless devices encompassing Internet of things (IoT), OT, and specialized systems, constituted 42 percent of enterprise assets and are responsible for 64 percent of mid- to high-level enterprise risks. Since 14 percent of these devices connect to both internal networks and the internet, each interacting with an average of 6.2 other devices, this increases the potential for lateral movement within networks. A 2019 Symantec report found that IoT devices experience an average of 5,200 cyberattacks per month. The majority of new IoT devices are still new, which means there is a growing attack surface for cybercriminals to target the vulnerabilities associated with them.
I
I
34
ICT TODAY
April/May/June 2025
35
Made with FlippingBook - Online catalogs