The emergence of the Internet of Things (IoT) as a tool for building control has a tremendous number of positive implications for energy managers. But there is a dark side: The electronic linking of building devices and systems to centralized controls and the cloud raises intense security concerns.
Paul Jauregui, the Vice President of Marketing for penetration testing firm Praetorian discussed these dangers at LEDs Magazine. As the name implies penetration testing – known in the security industry as “pen testing” – is aimed at miming cyber criminals’ techniques to spot weaknesses in the security measure an organization has in place.
The piece focuses on LED lighting. Jauregui says that three major high level challenges are security weaknesses in the transport layer, the vulnerability of accounts and “shared, default secrets,” which refers to the laziness of users unwilling to automatically change pre-set passwords. Device level problems are whether or not debug services are enabled, missing patches and insecure updates, he wrote.
Lighting, of course, is just one smart element about which security professionals must worry. Indeed, smart cities include elements such as traffic control infrastructure, water and waste monitoring, security cameras and what in essence is an almost endless list of municipal elements that can be electronically monitored and controlled.
The security issues are intense, however. An article at Government Technology reports on a survey conducted by security firm Tripwire. The survey gathered opinions from more than 200 information technology professionals. The bottom line is sobering:
The results confirm that while the concern over smart city security is broadly distributed, actions to address these concerns are few and far between. To set the stage, the respondents overwhelmingly agreed (74 percent) that smart city initiatives are “very important.” At the same time, a majority (55 percent) said that cities do not devote adequate resources to cybersecurity for smart city initiatives. Clearly, while these initiatives are vital to the future of our cities, cybersecurity is a missing piece of the smart city puzzle today.
An important step is systematic, built-in cooperation between physical and IT teams, according to HD Global.