4 research outputs found
A critical review of cyber-physical security for building automation systems
Modern Building Automation Systems (BASs), as the brain that enables the
smartness of a smart building, often require increased connectivity both among
system components as well as with outside entities, such as optimized
automation via outsourced cloud analytics and increased building-grid
integrations. However, increased connectivity and accessibility come with
increased cyber security threats. BASs were historically developed as closed
environments with limited cyber-security considerations. As a result, BASs in
many buildings are vulnerable to cyber-attacks that may cause adverse
consequences, such as occupant discomfort, excessive energy usage, and
unexpected equipment downtime. Therefore, there is a strong need to advance the
state-of-the-art in cyber-physical security for BASs and provide practical
solutions for attack mitigation in buildings. However, an inclusive and
systematic review of BAS vulnerabilities, potential cyber-attacks with impact
assessment, detection & defense approaches, and cyber-secure resilient control
strategies is currently lacking in the literature. This review paper fills the
gap by providing a comprehensive up-to-date review of cyber-physical security
for BASs at three levels in commercial buildings: management level, automation
level, and field level. The general BASs vulnerabilities and protocol-specific
vulnerabilities for the four dominant BAS protocols are reviewed, followed by a
discussion on four attack targets and seven potential attack scenarios. The
impact of cyber-attacks on BASs is summarized as signal corruption, signal
delaying, and signal blocking. The typical cyber-attack detection and defense
approaches are identified at the three levels. Cyber-secure resilient control
strategies for BASs under attack are categorized into passive and active
resilient control schemes. Open challenges and future opportunities are finally
discussed.Comment: 38 pages, 7 figures, 6 tables, submitted to Annual Reviews in Contro
An intelligent context-aware threat detection and response model for smart cyber-physical systems
Smart cities, businesses, workplaces, and even residences have all been converged by the Internet of Things (IoT). The types and characteristics of these devices vary depending on the industry 4.0 and have rapidly increased recently, especially in smart homes. These gadgets can expose users to serious cyber dangers because of a variety of computing constraints and vulnerabilities in the security-by-design concept. The smart home network testbed setup presented in this study is used to evaluate and validate the protection of the smart cyber-physical system. The context-aware threat intelligence and response model identifies the states of the aligned smart devices to distinguish between real-world typical and attack scenarios. It then dynamically writes specific rules for protection against potential cyber threats. The context-aware model is trained on IoT Research and Innovation Lab - Smart Home System (IRIL-SHS) testbed dataset. The labeled dataset is utilized to create a random forest model, which is subsequently used to train and test the context-aware threat intelligence SHS model's effectiveness and performance. Finally, the model's logic is used to gain rules to be included in Suricata signatures and the firewall rulesets for the response system. Significant values of the measuring parameters were found in the results. The presented model can be used for the real-time security of smart home cyber-physical systems and develops a vision of security challenges for Industry 4.0
A Multi-Stakeholder Information Model to Drive Process Connectivity In Smart Buildings
Smart buildings utilise IoT technology to provide stakeholders with efficient, comfortable, and secure experiences. However, previous studies have primarily focused on the technical aspects of it and how it can address specific stakeholder requirements. This study adopts socio-technical theory principles to propose a model that addresses stakeholders' needs by considering the interrelationship between social and technical subsystems. A systematic literature review and thematic analysis of 43 IoT conceptual frameworks for smart building studies informed the design of a comprehensive conceptual model and IoT framework for smart buildings.
The study's findings suggest that addressing stakeholder requirements is essential for developing an information model in smart buildings. A multi-stakeholder information model integrating multiple stakeholders' perspectives enhances information sharing and improves process connectivity between various systems and subsystems. The socio-technical systems framework emphasises the importance of considering technical and social aspects while integrating smart building systems for seamless operation and effectiveness.
The study's findings have significant implications for enhancing stakeholders' experience and improving operational efficiency in commercial buildings. The insights from the study can inform smart building systems design to consider all stakeholder requirements holistically, promoting process connectivity in smart buildings. The literature analysis contributed to developing a comprehensive IoT framework, addressing the need for holistic thinking when proposing IoT frameworks for smart buildings by considering different stakeholders in the building