Introduction
Today, integrating cyber-physical systems into utilities’ management becomes a common practice for various businesses. These novelties reveal the need to address the risks of devices and utilities being connected and run by vulnerable networks and programs. Indeed, Rehman and Gruhn (2018) claim that “security requirements frameworks fail to accommodate security concerns outside of software boundaries” (p. 65). This paper aims to explore threats, attacks, and vulnerabilities affecting cyber-physical systems’ functioning in building and utility management.
Cyber-physical systems are based on the software embed into a device that allows a computer to operate the latter; thus, each issue with the central administrator significantly affects all dependants. For instance, in 2016, the Mirai Botnet’s massive denial of service attack disrupted the internet functioning at the U.S. east coast (Fruhlinger, 2018). Hackers earned money from the interruption of game servers by setting the malware bots and infecting various controllable devices. The 2016 attack forced the FBI investigation, which revealed that the growing implementation of the IoT was beneficial for cybercrime due to the unsecured data storing and dependence on an external computer or system (Fruhlinger, 2018). Consequently, program developers worldwide were urged to identify vulnerabilities and work on them to prevent significant cybercrime from repeating.
Analysis
The IoT devices are used in buildings and utilities for security, lightning or ventilation automation, emergency safety measures, and other management applications. Although implementing these cyber-physical systems is economically beneficial, several risks of malware attacks or functioning disruption exist. The primary threat is the vulnerability of the devices’ software due to external administration. The issue must be addressed from both ends of the cyber-physical systems as an operator can be unsecured, and a device might have no software to recognize a threat and protect itself (Rehman & Gruhn, 2018). Furthermore, the Mirai cybercriminals initiated massive attacks because interrupting one general computer led to the malware botnets creation based on all dependant physical items.
Data collection and privacy protection is another vulnerability that affects cyber-physical systems’ functioning in the management of buildings and utilities. The process data gathered by the automated doors, CCTV in access points, and other IoT conveniences are being sent to the main operating unit to provide feedback and submit functioning. The algorithms of retrieving information keep improving, however, there is no clear policy related to the records allowed to store, neither a regulation about further utilization (Bakakeu et al., 2017). The data shared from the building management devices threatens citizens’ privacy and security as a significant volume of information about them is being digitalized might be accessed by hackers. Moreover, the networks that provide a connection between the cyber-physical system’s items are vulnerable. Walker-Roberts et al. (2020) state that “limited computation, communication, and processing resources of common CPS devices make the application of classical data encryption and secure communication protocols impractical” (p. 2645). Consequently, the networks can easily be attacked, re-programmed, or disabled by cybercriminals leading to massive problems with the affected devices.
Summary
Cyber-physical systems integration for managing buildings and facilities automates and improves many processes; however, the security of IoT appliances must be evaluated. The example of Mirai Botnet attacks uncovered vulnerabilities of the novel approach showing that interrupting servers not only can lead to financial losses but also severely affect business functioning. The fundamental threats such as software disruption, data misuse, and networks’ damaging require preventative measures’ development.
References
Bakakeu, J., Schäfer, F., Bauer, J., Michl, M., & Franke, J. (2017). Building cyber‐physical systems – A smart building use case.Smart Cities: Foundations, Principles, and Applications, 605-639. Web.
Fruhlinger, J. (2018). The Mirai botnet explained: How teen scammers and CCTV cameras almost brought down the internet.CSO. Web.
Rehman, S. U., & Gruhn, V. (2018). An effective security requirements engineering framework for cyber-physical systems.Technologies, 6(3), 65. Web.
Walker-Roberts, S., Hammoudeh, M., Aldabbas, O., Aydin, M., & Dehghantanha, A. (2020). Threats on the horizon: Understanding security threats in the era of cyber-physical systems.The Journal of Supercomputing, 76(4), 2643-2664. Web.