Threat Level Green: The National Security Implications of Building Automation Systems in Green Buildings Josh Gellers, LEED Green Associate PhD Candidate, Political Science University of California, Irvine jgellers@uci.edu www.joshgellers.com In the 2012 James Bond film Skyfall, a cunning cyberterrorist accesses information obtained from a stolen hard drive to hack into a computer at the headquarters of MI6, the British Secret Intelligence Service. With the virtual gateway to the structure compromised, the hacker manipulates the building’s gas pipeline to blow up individual rooms. At the pleading of M, 007 is cajoled into active duty, this time to thwart the stealthy cyber attacker and protect England once again. Although this scenario may seem like a Hollywood action movie fantasy, the concept behind the attack is not altogether removed from reality. Given the increasing incorporation of building automation systems into the design of green buildings, the time has come to discuss the national security implications of building green. To this end, this article offers a starting point for a serious consideration of the issue by identifying the risks and threats associated with the employment of such systems in physical structures, highlighting potential solutions, and demonstrating the connection between national security and building automation systems in green buildings. According to LEEDuser, a building automation system (BAS) is a system which “uses computerbased monitoring to coordinate, organize, and optimize building control subsystems, including lighting, equipment scheduling, and alarm reporting.”1 Such systems can include on-site or remote smart devices which provide information about energy use, water consumption, or air quality, for example, and allow users to alter the building’s operations when necessary. Smart devices may be connected directly to the Internet and/or feed into a larger smart grid. Due to the high degree of integration with the web and other internal and external systems, green buildings with BASs remain vulnerable to malicious intrusions. Building automation systems in particular provide attractive targets for hackers because “they often contain sensitive information and they offer the ability to affect the physical world.”2 Cyber attackers thus seek to wreak havoc by infiltrating a BAS and using it as a gateway to invade other systems. In concrete terms, unsecure BASs pose potential risks to people who own, operate, and use the building; technological systems which impact the comfort, safety, and security of individuals who utilize the building; and both the technical and business operations related to building use.3 Broadly speaking, unauthorized access to a building’s BAS can result in financial, physical, and structural harms. For example, operational disruption could lead to a loss in employee productivity and service delivery; inappropriate changes to a building’s ventilation rate could negatively impact the health of occupants (i.e. “sick building syndrome”); and adjusting device settings beyond reasonable limits could damage equipment or the building itself. 1 Threats to the BAS of a green building could come from “internal disgruntled employees and external malicious hackers” who target “specific systems, subsystems, or multiple locations remotely.”4 Such individuals might focus their attack on the network in which the BAS is enmeshed (i.e. smart grid) or localize the assault to devices connected to external networks or specific building systems (i.e. heating, ventilation, and air conditioning (HVAC) system).5 The age of the system can also threaten the security of a BAS because “[t]he older the system, the more vulnerabilities become known in the aggressor community.”6 Given the numerous risks and present threats to BASs, how can operators protect green buildings, as well as their owners and occupants, from cyber-attacks? First, cyber security practices should be integrated into training and deployment practices for building administrators.7 Second, building operators should implement an array of technological safeguards including anti-virus protection software, firewalls, intrusion detection systems, online vulnerability map tools, passwords, secure communication utilities (i.e. virtual private networks), and user accounts.8 Third, building owners should develop contingency plans they are capable of executing in the event that a disruption in BAS functionality occurs in order to maintain an acceptable level of service.9 Now that the general security concerns related to green buildings and BASs have been articulated, what are the relevant implications for national security? To be sure, this issue is already on the Federal Government’s radar, as evidenced by a 2012 FBI Cyber Alert describing an illegal hack into the Industrial Control System (ICS) of an air conditioning company in New Jersey.10 The most immediate analog at the federal level involves the security of governmentowned and operated buildings at home and abroad. As a case in point, the U.S. State Department’s Greening Diplomacy Initiative (GDI) has facilitated the design and construction of 49 buildings11 under various levels of Leadership in Energy and Environmental Design (LEED) certification throughout the world.12 Considering the likelihood that a U.S. embassy might contain or provide a means of accessing sensitive and privileged information, the presence of a BAS at any one of these sites could leave the United States potentially vulnerable to cyberattacks that result in breaches of national security. These risks increase exponentially in a world where hackers such as Julian Assange and Edward Snowden have demonstrated the alarming capacity of motivated individuals to obtain and rapidly disseminate mountains of classified material. In light of these threats posed to national security, the 2006 National Military Strategy for Cyberspace Operations13 provides a serviceable framework for addressing the concerns raised by the use of BASs in green buildings. First, the Department of Defense should continue to invest in developing technology designed to strengthen cyberspace security, and place special emphasis on augmenting the security of networks which interface with BASs. Second, collaborative partnerships should be established with members of industry, other government agencies, and foreign entities to share best practices and enhance the ability to coordinate responses to catastrophic events. Third, “critical infrastructure” should be interpreted broadly to include networks and devices which serve important physical structures around the world. 2 Providing a sense of security in a world of increasingly automated systems requires finding a balance between human decision making and intelligent operation, flexibility and control, and freedom and privacy. By utilizing building automation systems, green buildings have the potential to significantly reduce energy consumption and increase energy security. How we choose to balance competing interests will affect our ability to achieve sustainability and resilience. Hopefully this article serves as the catalyst for a fruitful discussion of the tensions, synergies, and possibilities surrounding green building and national security. “Building Automation System (BAS),” Glossary, LEEDuser, accessed 16 Nov. 2013, available at <http://www.leeduser.com/glossary/term/4691>. 2 “Security in Internet-Connected Building Automation and Energy Management Systems,” White Paper, Incenergy, accessed 15 Nov. 2013, available at <http://www.incenergy.com/resources/files/EMS_Security_White_Paper.pdf>. 3 Email Interview—Mark Petock and Ken Sinclair, May 2013, AutomatedBuildings.com, accessed 16 Nov. 2013, available at <http://www.automatedbuildings.com/news/may13/interviews/130418115505petock.html>. 4 Chee-Wooi Ten, Manimaran Govindarasu, and Chen-Ching Liu, 2007, “Cybersecurity for Electric Power Control and Automation Systems,” Proceedings of the eNetworks Cyberengineering Workshop, IEEE-SMC, Montreal, QC, Canada, 7-10 Oct. 2007, pp. 29-34. 5 Wolfgang Granzer, Wolfgang Kastner, Georg Neugschwandtner, and Fritz Praus, 2006, “Security in Networked Building Automation Systems, Proceedings of the IEEE International Workshop on Factory Communication Systems, pp. 283-292. 6 David Fisk, 2012, “Cyber Security, Building Automation, and the Intelligent Building,” Intelligent Buildings International, pp. 1-13. 7 Email Interview. 8 Chee-Wooi Ten et al., 32. 9 Fisk, 12. 10 “Vulnerabilities in Tridium Niagara Framework Result in Unauthorized Access to a New Jersey Company's Industrial Control System,” 23 Jul. 2012, Situational Information Report, Federal Bureau of Investigation, Newark Division, SIR-00000003417, accessed 15 Nov. 2013, available at <http://www.wired.com/images_blogs/threatlevel/2012/12/FBI-AntisecICS.pdf>. 11 As of December 2012. 12 “Eco-Diplomacy: Leading by Example,” United States Department of State, accessed 17 Nov. 2013, available at <http://www.state.gov/documents/organization/213762.pdf>. 13 “The National Military Strategy for Cyberspace Operations,” Dec. 2006, Chairman of the Joint Chiefs of Staff, United States Department of Defense, accessed 17 Nov. 2013, available at <http://www.dod.mil/pubs/foi/joint_staff/jointStaff_jointOperations/07-F-2105doc1.pdf>. 1 3