3 Cybersecurity Steps to Reduce Threats to your Electrical System

 3 Cybersecurity Steps to Reduce Threats to your Electrical System

When anyone mentions cybersecurity, you may automatically think they are referring to IT systems. That is because protecting IT networks – and their associated personal, financial, and other proprietary data – has been the responsibility of IT professionals for an exceptionally long time. But what about your operational technology (OT) infrastructures? Are they also at risk from cyberattacks? How can you protect them? In this post, we’ll discuss these questions, and three specific recommendations for protecting your electrical systems.

The electricity subsector cybersecurity Risk Management Process (RMP) guideline was developed by the Department of Energy (DOE), in collaboration with the National Institute of Standards and Technology (NIST) and the North American Electric Reliability Corporation (NERC).

OT Cyberattacks: An Increasing Threat

The Ponemon Institute emphatically states that, “Cyberattacks are relentless and continuous against OT environments.” In a survey of over 700 organizations from six countries they found that 50 percent had experienced a cyberattack against their OT infrastructure within the last two years that resulted in downtime. For large and critical operations, this can be devastating.

All you need to do is follow the news to see frequent examples of such attacks. For example, in early 2021, the fast action of a technician narrowly avoided the risk of thousands of people being poisoned due to a hacker gaining access to a Florida city’s water treatment plant. Going back a few years, a breach that came through the HVAC system caused international retailer Target to have 40 million credit and debit card accounts compromised, costing them $290 million.

 

The latter example is just one of many that show why building systems are now widely recognized as OT attack targets. The evolution toward smarter buildings is causing an explosion in the numbers of connected devices – already an estimated 200+ million in commercial buildings alone. With more devices comes more data that needs to be protected, but for facility and business management teams to extract the maximum value, data must be aggregated and shared across OT and IT systems.

This OT/IT interconnection means that a cyberattack on an OT system can:

·        Compromise operational safety or the health of building occupants

·        Impact productivity by taking down production lines or other equipment and processes; more about the relationship between Cybersecurity and Productivity.

·        Ultimately cause an IT threat by passing malware or a virus from the OT to IT infrastructure

The Attack Surface is Now Larger

Essentially, connected OT infrastructures have increased the ‘attack surface’ for hackers and, in many cases, have acted as an organization’s Achilles heel. Clearly, it is not enough anymore to focus attention only on protecting IT and data systems integrity. All organizations must ensure strong OT cybersecurity is in place.

But what OT systems are we talking about? Depending on your type of operation, these can include industrial automation systems (e.g. SCADA) and smart building systems like a building management system (BMS), building security, lighting systems, and the energy and power management system (EPMS) overseeing your facility’s electrical distribution. Navigant Research notes, “Cybersecurity issues are expected to grow in tandem with the digital transformation of real estate through intelligent building technologies.”

In this post, we will consider cybersecurity specifically for your EPMS and electrical distribution system. However, these recommendations and practices equally apply to other OT systems.

Connected Power Means Greater Vulnerability

Energy and power management systems are helping organizations boost efficiency and sustainability, optimize operating costs, maximize uptime, and get better performance and longevity from electrical assets. When combined with BMS, an EPMS can also help make the work environment healthier and more productive for occupants.

Enabling these EPMS benefits is a connected network of smart metering, analysis, control, and protection devices that share data continuously with onsite and/or cloud-based EPMS applications. The application provides extensive monitoring and analytics while providing mobile access to data and alerts to all facility stakeholders. Connection to the cloud also opens the door to expert power and asset advisory support that can augment a facility’s onsite team with 24/7 monitoring, predictive maintenance, energy management, and other services.

All these onsite, cloud, and mobile connections offer a potential target and entry for hackers so you can read our facility managers guide to building systems and cybersecurity.

 

Securing Your Electrical System: A Holistic Approach

A hacker only needs to find one ‘hole’ in one system, at one point of time, to be successful. What you need is a holistic approach to ensure that all potential vulnerabilities are secured. For new buildings, cybersecurity best practices should be a part of the design of all OT systems. For existing buildings, cybersecurity should be addressed when OT systems are starting to be digitized. For both scenarios, the following are three key considerations:

1. Seek Specialized, Expert Assistance

The priorities for IT systems are confidentiality, integrity, and availability. For OT, the top priorities are safety, resilience, and confidentiality. This means that OT security upgrades or problems need to be addressed in a different way from IT, with careful planning and procedures. For these reasons, you need to choose a cybersecurity partner who has proper OT experience, to help you comply with all relevant cybersecurity standards and best practices.

OT systems also use different communication protocols compared to IT systems, such as BACNet, Modbus, etc. If you had your IT team attempt to perform OT security system scans, those scanning tools might cause serious conflicts, risking an OT system shutdown.

Cyberthreats are also constantly evolving, so you should seek a partner who offers ongoing OT monitoring services, updates, system maintenance, and incident response. All of these should be available remotely.

2. Put the Right Controls in Place

An OT cybersecurity specialist will help audit your EPMS and electrical systems to assess the current vulnerabilities and risks, including the gaps in any procedures and protocols.

You and the specialist must determine how secure your electrical system needs to be. The IEC 62443 standard helps protect IoT-enabled OT systems by defining seven foundational requirements (e.g. access control, use control, availability, response, etc.), each of which are designated a security level. Increased security levels offer greater protection against more sophisticated attacks. Your cybersecurity partner will help you determine the level of security you need for each requirement.

An example of one technique for securing networked systems is to break up systems into ‘zones,’ with each secured individually. OT will be separated from IT, and within OT there may be further segregation. A special ‘demilitarized’ zone is typically included, which is a perimeter subnetwork that sits between the public and private networks for an added layer of security. This makes it harder for hackers to find a way in from one system or zone to another. Where required, connections between networks are provided by specially secured data ‘conduits.’

Your electrical system should also be physically secured, with no access by unauthorized personnel. This same strategy applies to EPMS communications network security by means of controlled, multi-tiered permission-based access.

3. Train your Staff

Many cyberattacks are successful because employees have caused unintended errors. It is important that your people become aware of, and vigilant against, cyberthreats. This includes giving your operations team specialized OT cybersecurity training.

This training will typically include multiple steps, including training all individuals to spot social engineering cues, such as phishing attempts or attempts to access protected areas using pretexting (i.e. someone pretending to be a vendor to gain access). This will also include establishing protocols around the use of passwords, multi-factor authorization, policies around WiFi access (e.g., guest network that remains isolated from OT networks), regular auditing of user accounts and permissions, etc.

While the horizontal cybersecurity framework provides a solid basis, specific characteristics of the energy sector such as the need for fast reaction, risks of cascading effects and the need to combine new digital technology with older technologies necessitate specific legislation.

Thanks to Felix Ramos & Khaled Fakhuri to write this article.

Increase of BMS cables sale

Increase of BMS cables sale

The global IBMS market is highly fragmented with the presence of several global and local vendors. Global vendors mostly operate as original equipment manufacturers (OEMs), catering to the requirements of the end-user through distributors/dealers or system integrators. Technical knowledge and ability to customize based on end-user requirement by vendors will hold the key to a strong foothold in the market.

Building management system cables also commonly known as BMS cables, intelligent building cables or automation cables are used to automate all of the systems in place within a building or home. Research suggesting the BMS market will reach $19.25 million by 2023; it’s even more of an opportunity for electrical contractors to capitalize.

The global IBMS market will continue to grow at a healthy pace throughout the forecast period. Apart from energy and cost savings, other important drivers are the degree of flexibility provided by open IBMS solutions, the high degree of productivity it provides, and a higher return on investment along with enhanced security. These factors are attractive to many businesses, thus driving the market growth.

An advance Building Management System can control the safety in homes and offices, monitoring doors and windows for alarm systems and detect floods and fires. Equipment and installations are designed for the control, monitoring and optimization of various functions and services provided in a building that includes: heating, ventilation, air-conditioning, lighting, security systems and the operation of electric / electronic applications. 

A shielded cable that is not grounded does not work effectively. Any disruptions in the path can raise the impedance and lower the shielding effectiveness. Firstly make sure you have a cable with sufficient shielding for the application's needs. In moderately noisy environments, a foil alone may provide adequate protection. screened cable (plural screened cables) Wire for the transmission of electricity or electronic signals, protected by an enclosing web of earthed wire mesh to avoid electromagnetic interference from (or to) other signals. Grounding: a point in contact with the ground, a common return in an electric circuit and a arbitrary point of zero voltage potential. It also provides personal safety and protects the equipment. Control the voltages developed on the ground when the earth-phase short circuit returns through a near or distant source. Provide a stable voltage reference to signals and circuits. Minimize Electromagnetic Emission (EMI) effects.

Shielding: The shield must be connected to the signal reference potential of what is being protected. When there are multiple segments keep them connected, ensuring the same reference potential. The shielding is only efficient when it establishes a low impedance path to the ground. A floating shielding does not protect against interference. The use of non-magnetic metals around conductors does not shield against magnetic fields.

The cabling of the industrial communication systems (Modbus RS485) is different in some ways from the cabling used for power cabling and the electrician may experience some difficulties if he is not an expert in Modbus communication networks. A Modbus RS485 connects a Master device to one or more Slave devices. Henceforth, we shall consider Slave devices to be measuring instruments with serial communication, even if the cabling is similar for all Modbus devices.

Cable Selection

You should consider the following:

·         How many conductors do you need?

A minimum of three conductors, but the shield may be used as the common conductor, so shielded two conductor cable may be used. If you do not use shielded cable, then at least three conductors are required. Some RS-485 devices do not use a common connection, but we recommend always connecting common for reliable performance and to avoid damage due to surges.

·         What wire gauge do you need?

·         For unterminated networks, the current will generally be less than 10 mA and any gauge should work; we recommend #24 AWG to 18 AWG.

·         For terminated networks, the current can be 60 mA or higher, so heavier gauge wire may be needed for very long runs.

·         We recommend #22 to #20 AWG for runs up to 1000 ft. (~300 m).

·         We recommend #20 to #16 AWG for runs up to 4000 ft.(~1200 m).

·         What should the cable impedance and capacitance be?

Cables suitable for use in an RS-485 network should have an impedance of between 100 and 130 ohms, a capacitance between conductors of less than 30 pF per foot (100 pF per meter), and a capacitance between conductors and shield less than 60 pF per foot (200 pF per meter).

·         Do you need shielding?

Because RS-485 is differential, it is less susceptible to interference, so shielding is not always necessary. However, we recommend shielding for long runs and if there is electrically noisy equipment nearby like variable speed drives. If you use shielded cable, connect the shield to earth ground at one end (generally the PC or RS-485 master).

·         Do you need twisted wires?

Yes, especially for non-shielded cable.

·         What voltage rating do you need?

We recommend wire or cable rated for the highest voltage present. So if you are monitoring a 120/208 Vac panel, you should use 300 V rated cable. If you are monitoring a 480Y/277 volt circuit, use 600 V rated cable. If you have the WattNode in a separate enclosure and there is no way the mains wires can contact the Modbus output cable, then you could safely use lower voltage rated cable, such as 150 V or lower. Long runs of 300 V or 600 V rated cable may be expensive, so it may be more economical to use lower voltage rated cable and use a protective jacket in the regions where the cable is in the vicinity of dangerous voltages.

·         Can you run the RS-485 network cable adjacent to or in the same conduit with mains wires?

We strongly recommend against this. There may be interference from the high voltages and currents present on the mains wires, and if there is any insulation fault, arcing, etc. on the mains wires, it could put dangerous voltages on the low-voltage RS-485 network cable.

Most modern buildings now incorporate some form of BMS, focusing primarily on energy efficiency and saving costs. Whether that’s through proximity sensor lighting, climate control, door entry or security, they all work to achieve the same goal.

Efficient lighting control in a BMS system is just one way of reducing energy and saving costs for building owners. Using BMS, lighting can be automatically adjusted, depending on natural light detected or amount of people in the building. These cables are available in Low Smoke Halogen Free (LSHF), meaning they give off minimal smoke and toxic fumes. This is ideal for installation in public buildings such as schools, hospitals or airports where evacuation may be difficult in the event of a fire.

Unlike what happens in many energy distribution systems, the manner in which the devices are connected in parallel is important. The RS-485 system used for Modbus communication provides a main cable (Bus or backbone), to which all the devices have to be connected with branches (also known as stubs) that are as short as possible. The branches must be no longer than 1200 mtr.

Maximum distance and maximum number of devices. The main cable must be no longer than 700 m! This distance does not include the branches (which must nevertheless be short). The maximum number of devices that can be connected to a main cable is 32, including the Master.

In order to increase the extent of the Modbus network, repeaters can be used; and signal amplifying and regenerating devices provided with two communication ports that transfer to each what they receive from the other.

The cable shield must be earthed only in one point. Normally, this connection is made at one end of the main cable.

In order to avoid signal reflections, a 120 Ohm termination resistance must be fitted on each end of the main cable. The end resistance must be used only at the ends of the main cable. If the total length of the main cable is less than 50 m termination resistances can be avoided at the ends of the main cable.

Fire safety is another major reason why owners may consider installing a BMS system into their building. High performance fire survival cables provide an excellent solution for connecting BMS with fire systems. The data and coaxial ranges are designed to carry on functioning in the event of a fire and provide vital signals to voice alarm, CCTV and allow systems to be shut down in an orderly fashion. Meeting specific fire resistance requirements.

Know about BMS technical protocols

BMS - What you should know about technical protocols

If you or a client is choosing a building management system (or BMS), it’s important to understand how it communicates information with digital devices such as controllers, meters, and input/output boards, and computers.

The details are important because some BMS use languages—or technical protocols—that lock you into using their vendor’s proprietary technology. Use of such protocols may force you and your client to pay higher prices for software and hardware available from only one vendor or its licensees.

This article describes common categories of BMS protocols. It recommends that you avoid proprietary protocols and favor more open ones.

A BMS communicates through protocols

To exchange data, digital devices must use a common data structure and a common channel or medium of communication.

The figure below shows a master BMS that communicates with devices that use microprocessors. They include a roof-top unit (or RTU), refrigeration controllers, energy meters, and other input/output boards within a building. The building controller also uses the Internet to share temperature, operating parameters, or energy data with remote users through enterprise servers or personal computers.

A BMS protocol defines the format and meaning of each data element, in much the same way a dictionary defines the spelling and meaning of words.

The data exchange often occurs through a physical wire such as a twisted-pair RS485 or an Ethernet CAT5 cable). It may also occur wirelessly over wi-fi network, through an internet protocol (or IP).

The phrase “BACNet over IP” means the BACNet protocol communicates through an IP network.

Some protocols are more open than others

Protocols fit in one of four categories, depending on their relative “openness:”

1.       Open. The protocol is readily available to everyone.

2.       Standard. All parties agree to a common data structure. The protocol may be an industry standard, such as BACnet and Modbus.

3.       Inter-operable. The protocol is vendor agnostic. A controller from one vendor can replace one from a different vendor.

4.       Proprietary. The data structure is restricted to the creator of the device.

Why you want BMS with open protocols

A BMS with proprietary protocols locks the system owner into using a single BMS vendor. For example, you can’t remotely change the set points of a proprietary BMS unless you use the vendor’s software.

In contrast, with open and standard BMS protocols you can shop for alternative providers of digital devices and enterprise software.

This is why use of proprietary protocols is inconsistent with best practice. The lesson is clear:

In choosing a BMS, be sure its protocols are not proprietary.

How to know whether a BMS protocol is open

To determine whether a BMS protocol is open, ask the vendor two simple questions:

1.       Can your competitors exchange data with your BMS?

2.   Is the system’s protocol published in such a way that it’s easily accessible to everyone (including competitors)?

Best open protocols: BACNet, Modbus, and XML

For a master controller that exchanges data with devices and meters within a building, prefer the BACNet, Modbus or any other standard protocol. Otherwise, make sure it’s at least open enough so anyone with proper security access can read and write information.

For remote enterprise access (protocol B in the figure), organizations often use BACnet over IP.

The current trend is toward use of additional Internet technologies. Companies like Honeywell Tridium (Niagara framework) and many others have exchanged data through standard internet eXtensible Markup Language (or XML) with web services.

Even the ASHRAE BACNet committee has convened a working group to define use of XML with BACnet systems. The group is also working to define web services that will enable data exchange between building automation and control systems and various enterprise management systems.

Put in short, use these criteria when you’re choosing devices and BMS:

·         For devices such as RTUs and refrigeration controllers, look for ones that use open protocols such as BACnet or Modbus.

·        Make sure these devices give you both “read” and “write” capabilities so you can change set points.

·         For easy enterprise access, choose a BMS with web services and XML capabilities.

·         Make sure the web services of the BMS allow both read and write capabilities.

·      Be sure the BMS supplier provides the XML dictionary and definitions of web services to anyone, including competitors.

 

This Artical published on April 2019 at Safe secure Magazine.

Building Automation Protocol selecting

Building Automation Protocol selecting

Each of the competing protocols claims to be the best. So how do facility executives select the one that is best suited for the facility?

Data is communicated between devices through a Communication Protocol. It is the language that a particular device is able to interpret and forward to other devices on the network. Some common protocols are BACnet, Lon, and Modbus.

Protocols must be selected based on the needs of the facility and its ability to support a particular protocol. Each has been used many times to implement an interoperable system. Each has its advantages and disadvantages. Involve your information technology department. They generally are the controlling agency for the facility’s network infrastructure.

When selecting a control system choose one where the front end is compatible with a number of protocols. This will give greater flexibility as building equipment and devices change over time.

Why you want a BMS with open protocols

A BMS with proprietary protocols locks the system owner into using a single BMS vendor. For example, you can’t remotely change the set points of a proprietary BMS unless you use the vendor’s software.

In contrast, with open and standard BMS protocols you can shop for alternative providers of digital devices and enterprise software.

Building Automation Controls Network (BACnet): BACnet is a network protocol specifically used for multiple devices to communicate across building automation systems by system users and building system manufacturers

Modbus: Modbus is a network protocol best used for industrial automation systems specifically for connecting electronic equipment. Although Modbus is best for industrial applications, its simplicity allows it to be a useful tool for building automation as well.

LonWorks: LonWorks is a communication network protocol useful for building automation applications designed on a low bandwidth, for networking devices through power lines, fiber optics, and other media.

Protocol	BACnet	Modbus	LonWorks
Full Name	Building Automation Controls	Serial Communication Protocol	Local Operational Networks
Developed By:	ASHRAE	Modicon Inc.	Echelon Corporation/ Motorola
Use	Communication across devices	Connection between devices	Networking devices through power lines, fiber optics, and other media
Markets	Industrial, Transportation, Energy Management, Building Automation, Regulatory and health and safety	HVAC, Lighting, Life Safety, Access Controls, transportation and maintenance	Home automation, industrial, transportation, and public utility control networks.
Examples	Boiler Control, Tank Level Measurements	Tasks such as request temperature reading, send status alarm, or fan schedule	Security, lighting systems, HVAC, machine control, manufacturing, metering
Proprietary	No	No	Yes
Transmission Modes	Ethernet, IP, MS/TP, Zigbee	ASCII, RTU, TCP/IP	MS/TP, network, SNVT
Standards	ANSI/ASHRAE Standard 185 ;ISO-16484-5; ISO-16484-6	IEC 61158	ANSI/EIA 709.1; ISO/IEC 14908-1, 14908-2, 14908-3, 14908-4
Costs	Low; No charge for usage or licensing fees	Low; No charge for usage or licensing fees	High (proprietary); Limited users (exclusive to actual members;  mostly manufacturers)
Network Interfaces	Existing LANs and LANs infrastructure	Traditional serial and Ethernet protocols	U10/U20 USB Network Interface; i.LON SmartServer; i.LON 600
Testing	BACnet Testing Labs	Modbus TCP Conformance Testing Program	Products must  conform to LonWorks protocol
Advantages	- Scalability between cost, performance and system size	- Easy connection to Modicon	- Web based tool; saves time and cost
	- Endorsement and adoption by nearly every major vendor in North America and many other countries	- Suitable for small/medium volumes of data (≤255 bytes)	- Numerous developers of LonWorks products in the market
	- Robust internetworking including multiple LAN types and dial-up	- Data transfer designed for industrial applications	- Less Architecture at device level
	- Unrestricted growth and the ability to add new innovations and new features anytime	- Openly published and royalty-free
		- Easy to deploy and maintain
		- Moves raw bits or words without placing restrictions on vendors
Disadvantages	- Limited the number of field devices that can connect to a master station except Ethernet TCP/IP	- Limited the number of data types; Large binary objects are not supported.	- Outdated
	- MT/TP-Wire Length	- No standard method for a node to find the description of a data object, i.e. finding a register value represents a temperature between 30◦ and 175◦.	- Controlled devices & variables are connected to a separate control device. (Not recommended due to network interruptions producing system failures)
	- Ethernet-Infrastructure	- No security against unauthorized commands or interception of data	- Extensions are allowed only through the LonMark Consortium.
	- New standard has security standard but not implemented in all devices	- Transmissions must be contiguous which limits the types of remote communications devices to those that can buffer data to avoid gaps in the transmission.	- Hardware specific, and requires the Neuron chip for network movement of the protocol.
		- Great amount of configuration and programming required	- Close to “plug & play” ability, yet still far from achieving interconnectivity using Microsoft Windows.
		- Protocol is not common in the SIMATIC family

To determine whether a BMS protocol is open, ask the vendor two simple questions:

1.     Can your competitors exchange data with your BMS?

2.     Is the system’s protocol published in such a way that it’s easily accessible to everyone (including competitors)?

Even the ASHRAE BACNet committee has convened a working group to define use of XML with BACnet systems. The group is also working to define web services that will enable data exchange between building automation and control systems and various enterprise management systems.

Use these criteria when you’re choosing devices and BMS:

1.     For devices such as RTUs and refrigeration controllers, look for ones that use open protocols such as BACnet or Modbus.

2.     Make sure these devices give you both “read” and “write” capabilities so you can change set points.

3.     For easy enterprise access, choose a BMS with web services and XML capabilities.

4.     Make sure the web services of the BMS allow both read and write capabilities.

5.     Be sure the BMS supplier provides the XML dictionary and definitions of web services to anyone, including competitors.