JultikaUniversity of Oulu repository

Abstract

Building automation systems are used to create energy-efficient and customisable commercial and residential buildings. During the last two decades, these systems have become more and more interconnected to reduce expenses and expand their capabilities by allowing vendors to perform maintenance and by letting building users to control the machines remotely. This interconnectivity has brought new opportunities on how building data can be collected and put to use, but it has also increased the attack surface of smart buildings by introducing security challenges that need to be addressed. Traditional building automation systems with their proprietary communication protocols and interfaces are giving way to interoperable systems utilising open technologies. This interoperability is an important aspect in streamlining the data collection process by ensuring that different components of the environment are able to exchange information and operate in a coordinated manner. Turning these opportunities into actual products and platforms requires multi-sector collaboration and joint research projects, so that the buildings of tomorrow can become reality with as few compromises as possible. This work examines one of these experimental project platforms, KEKO ecosystem, with the focus on assessing the cyber security challenges faced by the platform by using the well-recognised MITRE ATT&CK knowledge base of adversary tactics and techniques. The assessment provides a detailed categorisation of identified challenges and recommendations on how they should be addressed. This work also presents one possible solution for improving the detection of offensive techniques targeting building automation by implementing a monitoring pipeline within the experimental platform, and a security event API that can be integrated to a remote SIEM system to increase visibility on the platform’s data processing operations.