Abstract
Significant resources have been invested in making buildings “smart” by digitizing, networking and automating key systems and operations. Smart autonomous buildings create new energy efficiency, economic and environmental opportunities. But as buildings become increasingly networked to the Internet, they can also become more vulnerable to various cyber threats. Automated and Internet-connected buildings systems, equipment, controls, and sensors can significantly increase cyber and physical vulnerabilities that threaten the confidentiality, integrity, and availability of critical systems in organizations. Securing smart autonomous buildings presents a national security and economic challenge to the nation. Ignoring this challenge threatens business continuity and the availability of critical infrastructures that are enabled by smart buildings. In this chapter, the authors address challenges and explore new opportunities in securing smart buildings that are enhanced by machine learning, cognitive sensing, artificial intelligence (AI) and smart-energy technologies. The chapter begins by identifying cyber-threats and challenges to smart autonomous buildings. Then it provides recommendations on how AI enabled solutions can help smart buildings and facilities better protect, detect and respond to cyber-physical threats and vulnerabilities. Next, the chapter will provide case studies that examine how combining AI with innovative smart-energy technologies can increase both cybersecurity and energy efficiency savings in buildings. The chapter will conclude by proposing recommendations for future cybersecurity and energy optimization research for examining AI enabled smart-energy technology.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
As defined by Wikipedia at https://en.wikipedia.org/wiki/Zero-day_(computing), a zero-day (also known as zero-hour or 0-day) vulnerability is an undisclosed computer-software vulnerability that hackers can exploit to adversely affect computer programs, data, additional computers or a network. It is known as a “zero-day” because once the flaw becomes known, the software’s author has zero days in which to plan and advise any mitigation against its exploitation (for example, by advising workarounds or by issuing patches).
- 2.
As defined by Wikipedia at https://en.wikipedia.org/wiki/Whitelist, A whitelist is a list or register of entities that are being provided a privilege, service, mobility, access or recognition. Entities on the list will be accepted, approved and/or recognized. Whitelisting is the reverse of blacklisting, the practice of identifying entities that are denied, unrecognized, or ostracized.
- 3.
According to Technopedia at https://www.techopedia.com/definition/13835/patch-management, Patch management is a strategy for managing patches or upgrades for software applications and technologies. A patch management plan can help a business or organization handle these changes efficiently. Technopedia defined Network Inventory Management at https://www.techopedia.com/definition/29987/network-inventory-management as, Network inventory management is the process of keeping records of all the IT or network assets that make up the network.
Abbreviations
- AI:
-
Artificial Intelligence
- AITA:
-
Artificial Intelligence based Insider Threat Analyzer
- B2G:
-
Buildings-to-Grid
- BACnet:
-
Building Automation Control network
- BAS:
-
Building Automation System
- B-C2M2:
-
Building Cybersecurity Capability Maturity Model
- BCF:
-
Building Cybersecurity Framework
- BEMS:
-
Building Energy Management System
- CCA:
-
Critical Cyber Assets
- CCTV:
-
Closed-Circuit Television
- CFR:
-
Commercial, Federal, Residential buildings
- CI:
-
Critical Infrastructure
- CMT:
-
Configuration Management Tool
- DDoS:
-
Distributed Denial of Service
- DER:
-
Distributed Energy Resource
- DHS:
-
Department of Homeland Security
- DOE:
-
Department of Energy
- DoS:
-
Denial of Service
- EERE:
-
Office of Energy Efficiency and Renewable Energy
- EIA:
-
U.S. Energy Information Administration
- EIoT:
-
Energy Internet of Things
- FCU:
-
Fan Coil Unit
- FPS:
-
Federal Protective Service
- GAO:
-
U.S. Government Accountability Office
- HIDPS:
-
Host Intrusion Detection and Prevention System
- HIDS:
-
Host Intrusion Detection System
- HVAC:
-
Heating, Ventilation and Air Conditioning
- ICS:
-
Industrial Control System
- ICS-CERT:
-
Industrial Control Systems Cyber Emergency Response Team
- ICT:
-
Information and Communications Technology
- ID:
-
Identification
- IDPS:
-
Intrusion Detection and Prevention System
- IDS:
-
Intrusion Detection System
- IED:
-
Intelligent Electronic Device
- IoT:
-
Internet of Things
- IPS:
-
Intrusion Prevention System
- IT:
-
Information Technology
- MAC:
-
Media Access Control
- NBAD:
-
Network Behavior Anomaly Detection
- NCA:
-
Network Connected Assets
- NIDPS:
-
Network Intrusion Detection and Prevention System
- NIDS:
-
Network Intrusion Detection System
- NIST:
-
National Institute of Standards and Technology
- OT:
-
Operations Technology
- PIDS:
-
Physical Intrusion Detection System
- PLC:
-
Programmable Logic Controller
- PNNL:
-
Pacific Northwest National Laboratory
- RCM:
-
Risk Characterization Matrix
- RFID:
-
Radio Frequency Identification
- RTU:
-
Remote Terminal Unit
- SCADA:
-
Supervisory Control and Data Acquisition
- SCI-RAD:
-
Social Engineering Autonomy for Cyber Intrusion Monitoring and Real-time Anomaly Detecting
- SIEM:
-
Security Information and Event Management/ Log Analyzer
- SSID:
-
Service Set Identifier
References
Alexander M, SANS (2016) Methods for Understanding and Reducing Social Engineering Attacks. https://www.sans.org/reading-room/whitepapers/critical/methods-understanding-reducing-social-engineering-attacks-36972
Allen M, SANS (2006) Social Engineering: A Means to Violate a Computer System. https://www.sans.org/reading-room/whitepapers/engineering/social-engineering-means-violate-computer-system-529
Automated Buildings, AutomatedBuildings.com (2014) Innovations in Comfort, Efficiency and Safety, Solutions. http://www.automatedbuildings.com/news/jun14/interviews/140528015505petock.html
BCF, Buildings Cybersecurity Framework (2016). Forthcoming publication by the U.S. Department of Energy’s Building Technology Office.
CERT., Cert.org (2016) insider threat. https://www.cert.org/insider-threat/
DOE/EIA (2015) Annual Energy Outlook 2015 with projections to 2040. https://www.eia.gov/outlooks/aeo/pdf/0383(2015).pdf
Gartner, Inc. (2015) Gartner Says 6.4 Billion Connected “Things” Will Be in Use in 2016, Up 30 Percent From 2015. http://www.gartner.com/newsroom/id/3165317
Hagerman J (2016) The National Opportunity to Secure Buildings and Facilities from Emerging Cyber Threats. Forthcoming White Paper to be published by U.S. Department of Energy, Buildings Technology Office.
Hardin DB, Corbin CD, Stephan EG, Widergren SE, Wang W (2015) Buildings Interoperability Landscape (No. PNNL-25124), Pacific Northwest National Laboratory (PNNL), Richland, WA. http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-25124.pdf
HP News (2014) HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack. http://www8.hp.com/us/en/hp-news/press-release.html?id=1744676#.V41Wm01f3X6
Ionesco P, IBM X-Force (2016) Research Penetration testing a building automation system. Is your smart office creating backdoors for hackers? https://securityintelligence.com/is-your-smart-office-creating-backdoors-for-cybercriminals/
Kim E (2016) The people you trust most could be planning the next big cyber attack on your company. http://www.businessinsider.com/ibm-report-says-majority-of-cyber-attacks-at-companies-involve-insiders-2016-6
Lord N (2016) Social Engineering Attacks: Common Techniques & How to Prevent an Attack. https://digitalguardian.com/blog/social-engineering-attacks-common-techniques-how-prevent-attack
Lord N, Digital Guardian (2016) The History of Data Breaches. https://digitalguardian.com/blog/history-data-breaches
Marr B (2016) What is the Difference Between Artificial Intelligence and Machine Learning? http://www.forbes.com/sites/bernardmarr/2016/12/06/what-is-the-difference-between-artificial-intelligence-and-machine-learning/#220efb3a687c
Martin C (2016) Intrusion Detection and Prevention Systems in the Industrial Automation and Control Systems Environment. http://docplayer.net/6290577-Intrusion-detection-and-prevention-systems-in-the-industrial-automation-and-control-systems-environment.html
Mylrea M (2015) Cyber Security and Optimization in Smart “Autonomous” Buildings. In: 2015 AAAI Spring Symposium Series.
Mylrea, M (2016) Energy Security 3.0: The Next Generation of Energy Wars and Diplomacy. U.S. Department of State, Ralph Bunch Library Speaker Series Lecture.
Mylrea, M, Gouresetti, S (2017) Applying Blockchain Based Smart Contracts to Grid Modernization: A Path to Speed, Scale and Security at the Grid’s Edge. IEEE Resilience Week Publication. Forthcoming, September, 2017
ICS-CERT, NCCIC/ICS-CERT Year in Review (2015). https://ics-cert.us-cert.gov/sites/default/files/Annual_Reports/Year_in_Review_FY2015_Final_S508C.pdf
NIST (2014) Framework for Improving Critical Infrastructure Cybersecurity, Version 1.0. http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214.pdf
O’Harrow R, The Washington Post (2012) Cyber Search Engine Shodan Exposes Industrial Control Systems to New Risks. https://www.washingtonpost.com/investigations/cyber-search-engine-exposes-vulnerabilities/2012/06/03/gJQAIK9KCV_story.html
Pentland A (2014) Social Physics: How Good Ideas Spread-The Lessons from a New Science – a textbook, Penguin.
PNNL (2012) Grid Friendly Appliance Controller. http://availabletechnologies.pnnl.gov/technology.asp?id=61, http://availabletechnologies.pnnl.gov/PDF/AT_61.pdf
PNNL (2016) Buildings Cybersecurity Compatibility Maturity Model. https://bc2m2.pnnl.gov/
Pullen D (2014). Smart Buildings Research for the Future. Science in Parliament
Radvanovsky B, Tofino Blog. (2013) Project SHINE: 1,000,000 Internet-Connected SCADA and ICS Systems and Counting. https://www.tofinosecurity.com/blog/project-shine-1000000-internet-connected-scada-and-ics-systems-and-counting
Search Security, Searchsecurity.com (2005) Definition incident response. http://searchsecurity.techtarget.com/definition/incident-response
Security Week (2014) Target HVAC Contractor Says It Was Breached by Hackers. http://www.securityweek.com/target-hvac-contractor-says-it-was-breached-hackers
Somasundaram S, Pratt RG, Katipamula S, Mayhorn ET, Akyol BA, Somani A, Fernandez N, Steckley A, Foster N, Taylor ZT (2014) Transaction-Based Building Controls Framework, Volume 1: Reference Guide. PNNL-23302, Pacific Northwest National Laboratory, Richland, WA. http://www.pnnl.gov/main/publications/external/technical_reports/PNNL-23302.pdf
D. Tapscott, A. Tapscott (2016), The Blockchain Revolution: How the Technology Behind Bitcoin is Changing Money, Business, and the World
PWC Global Power and Utilities (2017) Blockchain opportunity for energy producers and consumers
GAO, The U.S. Government Accountability Office (2014) Federal Facility Cybersecurity DHS and GSA Should Address Cyber Risk to Building and Access Control Systems. www.gao.gov/assets/670/667512.pdf
Towler J (2015) World Building Automation & Control Systems Market expected to be worth just over US$26 bn by 2019. https://www.bsria.co.uk/news/article/world-building-automation-control-systems-market-expected-to-be-worth-just-over-us26-bn-by-2019/
DHS, U.S. Department of Homeland Security. (2016) Critical Infrastructure Sectors. https://www.dhs.gov/critical-infrastructure-sectors
EIA, U.S. Energy Information Administration (2016) International Energy Outlook 2016. http://www.eia.gov/outlooks/ieo/pdf/0484(2016).pdf, http://www.eia.gov/outlooks/ieo/
Verizon (2016) Data Breach Investigations Report.. http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/
Wombat Security, Wombat security Social Engineering (2016) Teaching Users to Recognize and Avoid Social Engineering Scams. https://www.wombatsecurity.com/suggested-programs/social-engineering
Wueest C, Symantec (2015) Is IoT in the Smart Home giving away the keys to your kingdom? http://www.symantec.com/connect/blogs/iot-smart-home-giving-away-keys-your-kingdom
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this chapter
Cite this chapter
Mylrea, M., Gourisetti, S.N.G. (2017). Cybersecurity and Optimization in Smart “Autonomous” Buildings. In: Lawless, W., Mittu, R., Sofge, D., Russell, S. (eds) Autonomy and Artificial Intelligence: A Threat or Savior?. Springer, Cham. https://doi.org/10.1007/978-3-319-59719-5_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-59719-5_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-59718-8
Online ISBN: 978-3-319-59719-5
eBook Packages: Computer ScienceComputer Science (R0)