6 minute read
Ask the Expert
from Condo August 2021
by MediaEdge
Home Smarts
The new crop of condos heading skyward are more connected than their predecessors. Technology, found in a condo unit or office, is creating a much smarter environment, with devices accessible from anywhere. Cybersecurity expert Bryan Zarnett, managing director of security consulting at Cytelligence, answers the question: What security and privacy threats should condo communities watch out for due to the rise of internet-connected smart home devices?
Smart environments have been around for several decades. Technology used to control microwaves, fridges and lights, has been emerging and proliferating since the ’90s. I remember then being able to hack a microwave using a software development platform called micro-java. Yes, I was successful and was very proud of my accomplishment. My name flashed on the screen whenever the timer ended.
What Is A Smart Environment?
A smart environment is a location (house, office, condo) in which technology is implemented into the building's structures to provide automation, monitoring and convenience. The technology can include mechanisms that monitor and control HVAC, security, temperature, fire suppression systems, lighting, window treatment, appliances and personal assistants.
From a security perspective, let’s break down a smart environment into two blocks: buildings and residents. Each block has their own technology, expectations, complexities, privacy concerns and connectivity practices.
Residents are concerned primarily with appliances, personal assistants and personally operated technology that operates from their personal WIFI and network access. In most circumstances, network connectivity is separate from that of the building. Tenant systems frequently have greater access to personal information, including access to computer systems and printers that are part of the home network.
Buildings are concerned with large-scale systems, including access control, environmental systems, security and employee management. The systems are frequently larger, more expensive and updated less frequently than tenant-based systems, thus decreasing the potential for security concerns to be addressed in a timely fashion. Building systems are frequently considered more accessible by the professional criminal due to their age and lack of security measures.
Four Preventive Measures
The type of threats and common problems associated with smart environments have not changed throughout the years. What has changed is the degree of awareness in owners and the proliferation of the technology, both which lead to a greater opportunity for attack. Unfortunately, as we see an increase in smart technology use, the fundamental practices associated with smart technology security have not changed or improved. Consider the following: 1 Close The Points Of Access. Points of access include network access ports (the holes in the wall for network cables) as well as wireless access points. Professional criminals will survey a building for different ways in which they can physically access a technology structure. The greater the number of access points, the greater the opportunity of success. Buildings and residents should provide WIFI access to authorized individuals only, with guest access being restricted to the Internet. In addition, buildings should be aware of what access ports are in use, disconnecting any that are not operational and physically reviewing ports on a frequent basis for unauthorized devices. These devices can be as small as a USB key.
2Update Your Technology. Smart technology has a lot of moving parts, even within some of the smaller bundles. It is important that every component of that technology bundle be updated consistently and replaced prior to being categorized as “end of life.” Unpatched and unsupported technology are two of the most common problems in smart environments and a leading cause of exploitation. For example, an HVAC system running Windows 7 can be exploited to permanently disable environmental controls, change settings or gain access to other systems. This is done by taking advantage of a vulnerability in an unpatched HVAC system or the associated operating system.
3Organize Your Technology Into Segments. Segmentation is a term in security, which essentially means to break into small groups. Think of it as disease control. By creating small, isolated groups we reduce the risk of one group being affected by the problems of another group. For example, if your HVAC system is affected by a hacker, the hacker does not have the ability to exploit the security or lighting system.
Segmentation occurs through network controls such as firewalls and routers and creates boundaries around technology addresses, creating closed communities. While operational teams can still access each technology, the technologies themselves are organized so they are unaware of each other, or access is permitted through small and wellcontrolled access points.
Buildings can create large groupings such as environmental, security, elevators or smaller groupings such as HVAC, lighting, fire suppression systems, elevator,
CONSULTING ENGINEERS
MODERN IDEAS PROFESSIONAL SOLUTIONS
Mechanical Electrical Energy Audits LEED Services
- Boiler Replacement Design - Domestic Piping - Chiller Design - Emergency Generator Design - Fire Protection Upgrade & Design - Maintenance Scheduling - Capital Planning Report / RFS - Building Audits - Project Mangement - Power & Lighting Design
416.250.7222 1700 Langstaff Rd. Ste 2002 www.me-eng.com info@me-eng.com Vaughan, Ontario L4K 3S3
door systems, camera systems, etc. Residents, at a minimum, should segment their computers for home and work from other technology.
4Add A Firewall. Firewalls are the foundation to security. They are the digital walls that protect your castle and reduce the opportunity for an attack to be successful. Firewalls are established to limit what services are available, where they can be accessed from and even who can access it. In addition, firewalls allow you to review and address potential attempts to gain access to different parts of your environment.
Be Sensible. Not Paranoid
It’s hard to avoid smart technologies. Technology that monitors and alerts us is part of everything from microwaves and dishwashers to air conditioning units, TVs and cameras. We can see who is at our front door through our phone and get alerts when the dryer turns off. What is important is to be sensible versus paranoid.
Know what is connected in your environment. Keep your environment updated and invest in a little bit of time to protect your home from outside threats. 1
Bryan Zarnett is managing director of security consulting at Cytelligence, a leading international cyber security boutique based in Toronto. Bryan has been a passionate and active member of the IT community since the late 1980s offering thought-leadership, coaching and consulting in the areas of computer security, software architecture, design and development, in addition to methodology implementation. Bryan has worked in a variety of industries including law enforcement, financial, manufacturing and legal. bzarnett@cytelligence.com
Power Your Home with Rogers Ignite Services
Ignite TV™ Get your perfect content lineup with Ignite TV. With shows, movies and more delivered from endless entertainment sources, the fun never stops! Powered by our most reliable internet.
Get reliable, stress-free WiFi that helps keep everyone connected no matter what your home needs.
FLEXIBLE CONTENT
RELIABLE PERFORMANCE EASY SEARCH AND DISCOVERY
SECURE CONNECTION IMMERSIVE EXPERIENCE
PERSONALIZED EXPERIENCE
Learn more at Rogers.com/bundles
Ignite Internet™
Learn more at Rogers.com/internet
Smart Home Monitoring Automate Protect and enjoy what matters most with a home security and automation system that can grow with your needs.
STAY IN CONTROL STAY IN THE KNOW STAY SAFE
Learn more at Rogers.com/home-monitoring/why
Ignite Home Phone™
Add Ignite Home Phone to any bundle with Ignite Internet and Ignite TV to stay connected with one convenient number for the whole family1 .
PEACE OF MIND FOR THE WHOLE FAMILY ONE CONVENIENT HOUSEHOLD NUMBER ON-THE-GO ACCESS TO HOME PHONE ACTIVITY
Learn more at Rogers.com/home-phone
Contact your Rogers representative to order now:
For consumer and general inquiries, please call 1-888-764-3771 For developer and builder inquiries, please visit www.rogers.com/ma/major-accounts
