Smart Buildings are the subject of cyber attacks

RECENTLY SMART BUILDING INSTALLATIONS - INCLUDING ONES BASED ON KNX - ARE INCREASINGLY THE SUBJECT OF CYBER ATTACKS. THESE CYBER ATTACKS CAN BE EASILY AVOIDED IN CASE OF KNX BY ENSURING THAT INSTALLATIONS ARE NEVER DIRECTLY (WITHOUT VPN) ACCESSIBLE VIA THE INTERNET. FOR THIS KNX ALREADY WARNED YEARS AGO IN THE KNX SECURE CHECKLIST.

Following heavy investments from both the KNX members as well as the KNX Association, last year and this year tangible KNX Secure products saw the light. All of these products were submitted to the stringent KNX certification process, during which their conformity to implemented AES128 authentication and encryption mechanisms are put to the test. Together with the ETS, this allows the installer/integrator to now evaluate in which cases the use of KNX Secure products brings added value to the KNX installation.

How can this evaluation be done? For this, KNX designed already years ago the very valuable KNX Secure guide and a KNX Secure checklist for ensuring a higher security in KNX installations.

This checklist has been designed to make sure that people are not trying to take advantage of possible security loopholes in installations.

In many installations, such loopholes are unfortunately very straightforward. Some examples:

• If an installation is linked to Internet, the use of a VPN tunnel to access it via the internet is an absolute MUST. When using a KNX Secure Tunneling interface, be sure to use the strong passwords suggested by ETS and do not replace them with own weak ones.
• Special attention should go to installations with public areas, i.e. where persons are able to wander around without any surveillance: even a wired KNX system can then be vulnerable to attack;
• Installations using wireless communication are the number 1 attack target, as communication between devices is completely out in the open, compared to when devices communicate over a dedicated wire. Use of KNX Secure on this medium is therefore highly recommended;
• If you have a KNX IP Backbone and other IP networks, use a VLAN separation and allow communication between the KNX IP network and other networks only via a suitable firewall.

As the KNX Secure checklist says, many of the above can be overcome with very simple measures and of course by making use of KNX Secure. KNX offers so many opportunities to make buildings smart that it would be a shame to let this be spoiled by avoidable security attacks.

KNX provides all the required puzzle pieces: one just has to lay them in the right way.