subscribe: Daily Newsletter

 

Schneider whitepaper examines BMS security

1 comment

Organisations can reduce the risk of cyber-attacks on building management systems (BMS) by controlling Web access, applying software patches and managing user credentials (user names and passwords), according to a new white paper.
Schneider Electric, a global specialist in energy management, has released a guideline entitled, “Five Best Practices to Improve Building Management Systems (BMS) Cybersecurity”.

Although estimates vary, organisations worldwide lose USD300 billion and more each year to cybercrime, according to a report by McAfee and the Centre for Strategic and International Studies.

“Integration between a BMS and other enterprise systems enables organisations to closely align building operations with business objectives,” says Shaun Wilson, Partner Business manager for southern Africa at Schneider Electric. “However, the open protocols that make integration possible can also create greater cyber security vulnerabilities.”

Following a few recommended best practices can help safeguard building systems from cyber-attacks:
* Password management: Change default passwords before installing devices, make passwords more complex, and set up unique credentials for each site.
* Network management: Limit access to non-IP-based communication channels (including USB ports) and secure web interfaces from SQL injection attacks. Install firewalls and tighten physical security.
* User management: Grant users only the minimum amount of authority necessary to perform their jobs. This can help control any risks presented by unauthorised users or disgruntled employees.
* Software management: Apply software security patches as they become available and limit deployment to authorised users.
* Vulnerability management: Develop a vulnerability management plan covering all types of risks and establish a formal document for each installation.

During the implementation of a cybersecurity programme, organisations should bolster awareness of these types of risks across the enterprise, according to the white paper. Effective and regular cybersecurity training makes key personnel aware of vulnerabilities and helps to uncover potential cyber threats.

“Five Best Practices to Improve Building Management Systems (BMS) Cybersecurity” should provide a useful guide to any organisation interested in implementing a cybersecurity programme to help protect building management system operations.

  • ctopham

    Whilst I agree with the suggestions to improve security, one of the largest vulnerabilities isn’t mentioned, and that is remote access via the internet. The BMS industry needs to wake up to the fact that providing remote access to BMS via the internet is a security risk (even with SSL and VPN security). Check out this whitepaper which describes how to provide remote access securely: http://www.abtecnet.com/wp-content/uploads/2015/01/Remote-Connectivity-White-Paper.pdf