Cybersecurity: The connected building, Achilles heel of the smart city
The poor protection of smart buildings against cyberattacks makes you fear the worst scenarios. A fear reinforced by non-existent ad hoc legislation.
Interview with Pascal Zératès for Le Moniteur des Travaux Publics et du Bâtiment.
In January 2017, ransomware disabled the security system of the Romantik Seehotel Jägerwirt, a four-star hotel in the Austrian Alps. This attack disabled the electronic key system, preventing vacationers from entering their rooms. In exchange for a ransom of 1,500 euros paid in bitcoins, the hotel was able to regain control of its locks but also of its cash register and its reservation system.
The scenario of tourists being kicked out of their rooms can make you smile. But applied to a 50-story tower, for example, it becomes much more worrying. "What we fear the most is taking control of the technical management of the building from a distance," says Pascal Zératès, CEO of Kardham Digital, a subsidiary of the Kardham group specializing in digital technologies applied to real estate. company. A disaster scenario would consist in triggering the tower alarm system while blocking the emergency exits, with heating pushed to 50 ° C and all the lights off. This could lead to panic situations and therefore human tragedies."
If one extends the reasoning to smart cities, the chain reactions would quickly become apocalyptic. We can thus imagine that an energy blackout occurs or that hackers take control of electronic billboards, broadcasting false messages that would disrupt the management of a crisis.
Mapping the network of a connected building or a smart city should make it possible to identify all of the elements that constitute them and, thereby, the potential threats. "Without this preliminary step, it is not possible to adopt a differentiated strategy based on risk," said Bertrand Trastour, BtoB sales director at Kaspersky. If you have insecure connected objects or old information systems running critical applications for your building, they should be treated separately. On the other hand, products running on recent, secure operating systems must be integrated into the building's overall security strategy. The latter may include, depending on the case, a security information and event management tool (SIEM) or a security operations center (SOC). "
Thus, Kardham Digital has forged a partnership with the French cybersecurity software publisher Wallix, to build an offer dedicated to the smart building market. “We address the three pillars of the value chain: simplification of the user's journey, energy management and cyber security management of the building. On this last aspect, Wallix supports us in the design, operation and maintenance of a SOC” says Pascal Zératès.
To read the full article, click here.