How to Bolster the Security of Your KNX System
Buildings are becoming more "intelligent" with the creation of software (such as KNX systems) that enables facilities managers to control aspects like heating/cooling, access to the building and the entertainment systems available. However, hackers who wish to disrupt services in the building or practice for bigger hacking tasks that they wish to perform elsewhere can target such systems. This article discusses some steps you can take to boost the security of your KNX system.
Restrict Login Attempts
Many building management systems (BMS) can be accessed via the internet so that users can execute commands remotely. This web feature creates some vulnerability since "eavesdroppers" can intercept messages being sent over the system. You can limit the chances of unauthorized access to your BMS by restricting how many times a user can attempt to login before the system automatically locks him/her out. For instance, limit login attempts to only three so that anyone trying to use a list of possible passwords to access the system is prevented from succeeding at the third attempt.
Create User Profiles and Roles
Many BMSs like KNX allow you to limit the roles that each user can perform when he or she gets access to the system. Use this functionality to step up the security of the system. For instance, you can create a profile that limits the electrician to electrical controls only. This will protect other aspects of the building from being affected in case a security breach takes place via the profile of the electrician.
Activate Remote Connectivity Rules
You can strengthen the security of your KNX system by using a VPN (virtual private network) or SSL (secure socket layer) to make traffic over your system invisible to other users of the internet. For instance, you can give authorized users passwords that they can use to access the VPN system over the internet. Such a measure will create a private network that will function as though it is not internet-based since traffic over that network will not show up on any internet spying system that has been set up by hackers.
Ask your system administrator to work very closely with the KNX system provider so that additional measures can be designed based on the specific cyber threats that your BMS faces. Keep upgrading your security measures so that you can cope with any emerging threats that your technical personnel are made aware of as they interface with the system developer.