Smart Buildings are the subject of cyber attacks
Smart building installations, including those based on KNX, are increasingly the subject of cyber attacks. In the case of KNX, these attacks can be easily avoided by ensuring that installations are never directly accessible via the Internet unless it is via a VPN. The KNX Association issued a warning about this several years ago in the KNX Secure Checklist, which is free to download.
Following considerable investment from both KNX members, as well as the KNX Association, KNX Secure products have been available since last year. All of these products have been subjected to the stringent KNX certification process, during which their conformity to AES128 authentication and encryption mechanisms is tested.
Together with ETS, this allows the installer/integrator to evaluate where the use of KNX Secure products will bring added value to the KNX installation.
How can this evaluation be done? The KNX Association has published the very valuable KNX Secure guide and a KNX Secure Checklist for ensuring a higher level of security in KNX installations.
The checklist has been designed to make sure that hackers cannot take advantage of possible security loopholes in installations. In many installations, such loopholes are unfortunately very straightforward. Some examples are:
- If an installation is linked to Internet, the use of a VPN tunnel to access it via the Internet is an absolute MUST. When using a KNX Secure Tunnelling interface, be sure to use the strong passwords suggested by ETS and do not replace them with your own weak ones.
- Special attention should be paid to installations within public areas, i.e. where people are able to wander around without any surveillance; even a wired KNX system can be vulnerable to attack.
- Installations using wireless communication are the number 1 attack target, as communication between devices is completely out in the open, compared to when devices communicate over a dedicated wire. Use of KNX Secure on this medium is therefore highly recommended.
- If you have a KNX IP backbone and other IP networks, use a VLAN separation and only allow communication between the KNX IP network and other networks via a suitable firewall.
As the KNX Secure Checklist states, many of the above can be overcome with very simple measures, and of course by making use of KNX Secure.
KNX offers so many opportunities to make buildings smart and help you to avoid cyber security attacks: make sure you use them!