Applying Zero Trust to OT Networks For Smart Buildings
In December 2021, a ransomware attack locked a BAS firm and its building client out of the system, taking out 75% of smart building OT. Using device-level SaaS security in a NIST-compliant Zero Trust framework, BAS vendors can prevent smart building breaches. SaaS security for OT devices uses device-level identification and authentication, with no direct device access to the internet.
Replacing false assumptions about OT security
The premise that breaches will happen is a threat to smart buildings. When cybersecurity breaches occur, cybercriminals enjoy long dwell times. It can take an organization an average of 277 days to identify and contain a breach, according to the 2022 IBM Cost of a Data Breach report. When the organization discovers it, it’s too late to avoid the damage. According to IBM data, the average breach cost increased to USD 4.35 million in 2022. Allowing pervasive cloud and internet connections makes smart buildings vulnerable. Criminal hackers establish persistent connections for reconnaissance, planning, and attack execution. Pervasive, persistent connections make their work easier.
Cybercriminals can use compromised OT devices to reach an organization’s precious data. According to Deloitte, criminal hackers breaching smart building OT can gain control of retail tenants’ POS terminals, spreading malware through contactless payments to consumer devices. The cyber-thieves collect their credentials to log in to the corporate network, stealing intellectual property and customer databases. This is what happened to Target, and the notorious fish tank thermometer hack in a Vegas casino where 10GB of data was stolen.
Fortune Business Insights expects the global smart building market to grow from $80.62 billion in 2022 to $328.62 billion by 2029, at a CAGR of 22.2%. Twenty-seven percent of smart buildings surveyed saw cybersecurity breaches over 12 months, according to 2021 Honeywell building trend data. As with the proliferation of every connected technology, a growing OT attack surface invites increasing breaches and intolerable risks.
The Veridify DOME SaaS Cybersecurity platform prevents smart building breaches (or any building with a building automation system) by identifying and authenticating every OT device individually. The Zero Trust framework enforces mutual authentication: an unauthenticated device cannot talk to a secure one. DOME Sentry, part of the DOME solution,can be placed in front of existing systems/devices to protect them immediately. It easily implements device-level security, using the industry’s only real-time, NIST-compliant, device-level Zero Trust solution. Existing networks can onboard DOME Sentry devices in under a minute. DOME Sentry prevents cyberattacks, requiring that all commands emanate from an authenticated source. In a Veridify Zero Trust environment, DOME-enabled devices generate their own root of trust (RoT), identifying and authenticating the current device owner without cloud services or other entities: the solution avoids direct cloud connections and all internet exposure. DOME Sentry enforces real-time, device-level security to the edge of new and existing building automation networks. DOME is crypto-agile and supports quantum-resistant encryption methods, future-proofing OT devices with long-life security against emerging threats to device communications and data. Veridify designed the DOME SaaS solution for IP-based protocols used in industrial networks, buildings, and critical infrastructure such as BACnet/IP and Modbus TCP. The DOME Sentry complements existing BMS platforms, working seamlessly across multiple vendors and devices.
Would you like to know more?
Learn more about the Veridify DOME Cybersecurity Platform.