National Academies Press: OpenBook

Challenges in Federal Facility Control System Cyber Security, Including Level 0 and 1 Devices (2023)

Chapter: FACILITY CONTROL SYSTEM CYBER VULNERABILITIES

Get This Book
Unfortunately, this book can't be printed from the OpenBook. If you need to print pages from this book, we recommend downloading it as a PDF.

Visit NAP.edu/10766 to get more information about this book, to buy it in print, or to download it as a free PDF.
« Previous: FACILITY CONTROL SYSTEMS CYBERSECURITY
Page 11 Cite
Suggested Citation:"FACILITY CONTROL SYSTEM CYBER VULNERABILITIES." National Research Council. 2023. Challenges in Federal Facility Control System Cyber Security, Including Level 0 and 1 Devices. Washington, DC: The National Academies Press.
×
Save
Cancel
Page 11
Page 12 Cite
Suggested Citation:"FACILITY CONTROL SYSTEM CYBER VULNERABILITIES." National Research Council. 2023. Challenges in Federal Facility Control System Cyber Security, Including Level 0 and 1 Devices. Washington, DC: The National Academies Press.
×
Save
Cancel
Page 12

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

PDUs, main UPSs, air handling systems, and switchgear. Each of these components, if not properly secured, is vulnerable to cyber incidents. These events may be unintentional, such as when an update causing causes a system to become inoperative, or they might be malicious, like when a hacker shuts down a data center’s cooling systems, destroying a large number of computers (Weiss 2018). Because of the rapid technology growth of IIoT, new sensor devices are regularly introduced, tested, and incorporated into facilities. Evaluating the impact of new sensing technologies, as well as their integration with existing systems, is a significant research task that can provide crucial references and desirable guidelines to the building and HVAC industry (Bae et al. 2021). A sensor’s impact varies significantly depending on the characteristics of the building system (e.g., type, configuration, capacity, efficiency), as well as the control strategies used. Once sensors are deployed within a facility, some sensors may be subject to harsh conditions. Sensor readings may be corrupted as a result, which usually leads to faulty readings. What are the fault characteristics for different sensors? How do sensor faults affect building control performance? How does one distinguish between a sensor fault and a hacked sensor? How can one securely deliver sensor data to control systems? Data delivery for facility controls is a major component of sensor performance. Large commercial buildings might have tens of thousands of sensors, which make data transfer and management critical but challenging. Cyber threats are increasing, and sensor data delivery could be hacked. It is necessary to understand how hacked sensor data might affect building control performance. For instance, sensor data might be hacked, modified, and sent to control loops to create extreme control actions. Unfortunately, many of these challenges remain open questions in literature. Additionally, limited efforts have been made to develop a unified framework for evaluating and verifying sensor impacts through control systems on the building domain. How can such a framework be developed? One document states that, “to the best of the authors’ knowledge, no such study has examined this challenge” (Bae et al. 2021). Building control networks include both IT and OT networks. Figure 3 shows an example building control system architecture. The green networks are owned by organizations that manage IP networks. The control systems reside on serial and IP networks with specialized software. Similar to other industries, the facility OT networks are often subnets inside subnets with multiple organizational silos. Facilities can have multiple management platforms that have remote access, which can be a source of cyber vulnerabilities. The cybersecurity of facilities is currently addressed in industry organizations such as BacNet.org, with BACnet Secure (BACnet undated), and ISA111, Unified Automation for Buildings (ISA 2022b). However, these standards do not address the Level 0 and Level 1 devices, so parts of these systems remain vulnerable. FACILITY CONTROL SYSTEM CYBER VULNERABILITIES The number of control system suppliers is limited, and these suppliers serve all industries and organizations and their facilities. Consequently, almost all industries and facilities use similar control system devices with the same cyber vulnerabilities. For instance, some facilities may be using the same programmable logic controllers (PLCs) that were compromised in the Stuxnet attack on the Iranian centrifuge facility. 2 Cyberattacks on building facilities can also impact industrial facilities, as was the 1F case in a malicious Russian cyberattack on the Ukrainian power grid in 2015. Other cyberattacks have targeted the variable frequency drives (VFDs) and water pumps in facilities. This type of equipment is used throughout water and wastewater plants, chemical plants, power plants, refining facilities, manufacturing facilities, and compromising it can alter plant operations. As a result of an unintentional cyber event that resulted from an electrical event compounded by a programming logic error, the Pacific Gas & Electric (PG&E) gas pipeline exploded in 2010. 2 For more information on Stuxnet, see Wolf (2014) and Knapp and Langill (2015). Federal Facilities Council Control System Security White Paper 11

FIGURE 3 Basic building control system architecture. SOURCE: Courtesy of Lyn Gomes, based on and adapted from work by Ron Bernstein, RBCG Consulting. In the case of the 2015 Ukrainian cyberattack, the Russian government hacked the uninterruptible power supply (UPS) system (which is a commonly used building control system) in the communications center (a typical facility) before attacking the grid in order to block communications following the cyberattack. The cyberattack targeted the Simple Network Management Protocol (SNMP), an Internet Standard protocol that was also used in the SolarWinds software. The 2010 PG&E natural gas pipeline rupture in San Bruno, California, illustrated that UPS systems are not just data center vulnerabilities. After PG&E scheduled a SCADA UPS replacement, the UPS replacement led to a SCADA shutdown due to low voltage. As a result, PG&E’s control system logic opened the control valves which led to over-pressurization and the rupture of a weak pipe, destroying an entire San Bruno neighborhood. The SolarWinds attack was an especially regrettable event, not just because of the extent of the attack, but because this attack bypassed authenticated updates from the manufacturer. 3 Good security 2F practice is to have authenticated firmware updates. As the SolarWinds and Stuxnet hacks demonstrated, good security practice is rendered useless (and can provide a false sense of security) if the update is poisoned even before it is delivered. An attack of this sort could impact almost all building management control systems (Weiss and Hunter 2021). 3 For more information see Oladimeji and Kerner (2022). Federal Facilities Council Control System Security White Paper 12

Next: MONITORING RAW SENSOR DATA AND CONDITION: A PARADIGM CHANGE »
Challenges in Federal Facility Control System Cyber Security, Including Level 0 and 1 Devices Get This Book
×
Challenges in Federal Facility Control System Cyber Security, Including Level 0 and 1 Devices
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Cybersecurity for Level 0 and Level 1 devices - which include sensors, the Industrial Internet of Things, and operate on a time scales ranging from milliseconds to seconds - is underdeveloped. This Federal Facilities Council white paper addresses changes to improve cybersecurity, productivity, process safety, predictive maintenance, and resilience, while also breaking down cultural and organizational barriers.

This is not a publication of the National Academies of Sciences, Engineering, and Medicine. The views expressed in this publication are solely those of the author and do not necessarily reflect the views of the National Academies of Sciences, Engineering, and Medicine.

READ FREE ONLINE

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!