Download document () of 20
Send email
Download
You have exceeded the download limit
By 2025, 41.6 billion connected devices will be generating 79.4 zettabytes (ZB) of data worldwide1. From manufacturing and testing to installation and service, it's a seismic shift already creating huge opportunities for organisations. But at the same time, the trend brings big risks.
At a minimum, a security breach can result in operational downtime and/or data loss, in turn seriously impacting reputation, customer loyalty and the bottom line. At worse, a breach could also have implications for personal safety – especially in the context of fire detection systems on which lives depend.
QUICK LINKS
Jump to a section of the article
Familiarise yourself with Eaton’s secure design principles, which are based on multiple industry standards and best practices, including IEC62443, UL, and OWASP.
Historically, fire detection systems were typically hardwired and un-networked. However, Internet of Things (IoT) technology now means they can be connected at any time and from anywhere – for example enabling them to communicate with heating, ventilation and air-conditioning (HVAC), security and other building management/safety systems, such as those in alarm receiving centres (ARCs).
If such networks are poorly designed and maintained, they're effectively leaving the door wide open to cyberattacks by bad actors. These can threaten an organisation's wider IT infrastructure driven by multiple motives ranging from the political and ideological, through to the purely financial.
Some of the risks
Did you know? 4 in 10 smart building automation control systems were attacked in the first half of 2019 alone2
Real-life examples of threats via building automation systems (BAS) are growing fast. Target stores in the US were hacked via the company’s HVAC system, which allowed the attackers to access lucrative customer data records3. A major incident in 2017, meanwhile, saw hackers sow panic and confusion in Dallas, Texas by setting off 156 fire sirens in the dead of night. While in the first half of 2019 alone four in ten smart building automation control systems were attacked2.
With BSRIA research showing that in the USA over 90% of all larger buildings have some kind of building automation and control system (BACS)4, business leaders are having to confront a big and growing problem. A perception that BACS data is in itself worthless, with building services and IT teams often working in their own separate silos, is all adding to the challenge.
One medium-term change set to have a big impact on the importance of fire market cybersecurity is the shutting down of PSTN networks – the traditional method of connecting fire systems to Alarm Receiving Centres (ARCs) – which will be replaced by digital IP. The switch-off, scheduled in the UK by 20255 and globally by 20306, reflects the fact that the PSTN system has become outdated, is expensive to maintain and there are fewer people around with the necessary PSTN skills.
Millions of alarms systems will need to be reconfigured to meet this change, including four million in the UK alone (2017 figures)5. The upside is that the shift to IP networks opens up possibilities to significantly improve the information that fire services have when attending a call out.
In the future, a 'critical information pack' on the event, including building layouts, fire zone charts and details of fire spread, could be sent directly from the fire system to 'smart' fire engines as they travel to the scene7. The system could also raise the alarm to an ARC.
Such improvements in how fire services respond will increase the chances of protecting people and property. However, as the data flow increases, the importance of cybersecurity becomes more critical.
The good news is that the IT industry has an established set of protocols for monitoring and protecting computer systems which can be introduced into all IoT ecosystems. These ensure all IoT devices and software follow protocols such as HTTPS, TLS, SIPS or SRTP by default.
A cybersecurity assessment is a good place to start – a thorough analysis of possible weak spots that takes the measure of likely risk. Ensuring that the latest software is always loaded is also good practice as manufacturers will often patch updates when 'back doors' are discovered. Even a tech giant like Google found itself on the wrong side of the equation when two security researchers managed to gain access to their systems in Sydney Australia bypassing a buildings BMS it had failed to update.
Ultimately, however, specifying products and systems that have been rigorously tested to take cybersecurity into account is key to underpinning this preventative approach.
xDetect is an Eaton secure-by-design panel that simplifies control of fire alarms and other peripherals in commercial buildings, protecting people, property and data.
At its heart is the highest level of cybersecurity, enabling secure communications and protecting both data and assets from hackers. Entirely future proof and ready for remote access, xDetect can be safely integrated into a Building Management System (BMS) and the Internet of Things (IoT).
Eaton's commitment to working at the highest cybersecurity standards is well-established and increasingly shaping its product range. The company introduced the first research and testing facility approved to participate in UL's Cybersecurity Client Lab Validation program in Pittsburgh, Pennsylvania. And in 2018, UL approved a second Eaton lab to join the programme — another industry first — in Pune, India. These accredited lab environments provide the global capability to test Eaton products with intelligence or embedded logic to key aspects of the UL 2900-1 1 Standard. 5
xDetect has followed Eaton’s cybersecurity assessment process through all stages of the design development. This process features protocol communication checks which are integral to ensuring the xDetect panel will only communicate with authorised peripherals. Tamper switches are also installed by default to ensure that any physical access to the panel is always recorded.
The vulnerability of fire detection and other building safety systems to 'back door' cyberthreat is clear, proven – and increasing. Working with a leader such as Eaton, who complies with rigorous cybersecurity process, requirements and testing standards, is a sure way to both minimise risk and maximise the opportunities offered by powerful, connected building safety technologies.
