In part one of this series on the convergence of energy and facilities management with Ethernet networks, we explored the benefits and challenges of IP-based building management systems. In part two, we discuss the security challenges that arise from networked facilities management.
For most IT professionals, converged networks are a good thing. Whether we're talking about convergence of data and voice networks, data and storage networks -- or more recently, data and facilities or power management networks -- convergence means more flexibility and lower costs by managing one less network. But networked facilities management systems bring with them new network security concerns.
For security professionals, two networks mean physical separation or a clear demarcation point -- the gateway between two networks -- for security controls. Convergence means collapsing two security zones into one and having to keep them logically separated.
Whenever convergence happens, security professionals must determine how to maintain logical separation once the physical separation is gone. For example, with voice networks, security teams often recommend using a dedicated VLAN for voice with a specific crossover point between the voice and data VLANs where controls can be applied.
When the security team is forgotten in networked facilities management
As companies converge their building management, environmental control, surveillance and physical access networks onto Ethernet, previously separate functions come into contact with each other. Immediately, security teams must add controls to protect the newly converged networks from the Trojan virus and denial-of-service infested Internet.
The problem is, security people often don't get invited to the party and are the last to find out about convergence. In the best-case scenario, they are simply told too late because security was not an early consideration. In the worst case scenario, they were not invited because they were expected to say no -- this happens often.
What's more, some security and networking teams remain in denial, thinking their company will never move facilities management onto the Ethernet network -- even once the move has already started. The reality is that energy and buildings management networks are already converged onto Ethernet, but are rare enough that no one has addressed security. For example, even if you don’t have wiz-bang building management systems for controlling the lights and A/C in your campus, you probably have data center mechanical plant systems that are Ethernet connected. Nobody thought to tell you, but they’re there.
Unchecked networked facilities management can mean viruses and worms
If your data center has cooling systems or a UPS with reporting and monitoring capabilities, in many cases they are plugged into an Ethernet switch. Those control systems use some standard protocols so that they can be managed by software running on Windows systems or through a Web interface. They probably support protocols such as HTTP, HTTPS, SMNP, SMTP, SSH, FTP and syslog. For convenience and lower cost, they also probably run various off-the-shelf software such as MySQL or MS-SQL databases, Apache or IIS Web servers, and off-the-shelf SNMP libraries. All of these carry vulnerabilities.
Amazingly, your company has probably spent millions of dollars ensuring that the data center has multiple redundant paths for electric power, cooling and network connectivity, with independent A/B cable runs, redundant UPS systems and generators. For all that redundancy, you could be one SQL or HTTP worm away from a simultaneous failure in both sides of your carefully designed independent and redundant systems. While the power feeds are fully independent, the control systems might be connected to a single Ethernet network, connected to each other and carrying the same vulnerabilities. All that redundancy has been converged into a single-point-of-failure, and no one has noticed.
This experience is of course not unique to power management. We should’ve learned this lesson with voice convergence (VoIP). Despite redundant designs with pairs of call controllers, many companies learned the lesson of converged vulnerabilities when the Slammer worm took out SQL databases in call management servers, shutting down the voice network.
Today, most companies take voice/data separation and security more seriously, logically separating the networks and protecting them from the threats that commonly infect data networks. Yet the same lesson has not obviously been absorbed when it comes to power management, building management, environmental control and physical security systems. But there is no longer room for complacency.
Best practices for securing converged networks with facilities management systems
To secure a converged network that now increasingly includes various facilities-related components, such as building management systems, data center controls and smart grid, you do not need to buy pallet loads of new equipment. For now, most companies can improve their security by implementing existing security best practices and tools. Consider the following roadmap for extending network security to building and power management systems:
- Find them: If you don’t know whether you have power management connected to your LAN, look at the data center, campus environmental controls and smart grid plans.
- Assess risk: Pay special attention to areas where previously redundant and separate systems are now inadvertently linked on a common TCP/IP network. Identify areas where systems need to be segmented from each other and from broader LAN access.
- Establish policies: Develop policies for procurement, connection and management of building and power management systems. Establish lines of authority, integrate IT policies and educate the facilities people who may not have security experience.
- Establish controls: Logically segment the networks, separating them from the broader LAN traffic and each other through network-layer controls. Separate systems that should be independent and redundant. Strengthen authentication and authorization mechanisms for building and power management.
- Monitor: Incorporate event logs and security logs from these systems into your broader monitoring infrastructure.
- Audit: Include the newly converged networks in your regular internal and external audit to ensure enforcement and that controls are effective.
If you are responsible for data security, your job has now expanded to include building, power and physical security systems. You may not know it yet, but such systems are already present in your data center and gradually expanding into your campus and branch offices. This time, you may be able to get ahead of the threats before the next worm takes out your data center or your campus by turning off the power.