A common IP-based infrastructure brings the Internet of Things to commercial buildings, but the considerable security risks must be comprehensively dealt with, as Fairhair’s Security White Paper explains.
Sharing a common, IP-based infrastructure can bring a host of benefits for building automation and control systems in commercial buildings. These include centralized monitoring and control, real-time insights and status updates across the entire building, remote access via the Internet, easier maintenance and more.
However, there are significant security risks for systems that are always connected and remotely accessible via public Internet. The security architecture developed by the Fairhair Alliance aims to address these risks by specifying device-, network- and application-level protections for systems operating in a more open, IP-based environment.
Fairhair is an alliance of leading companies from the lighting, building-automation, semiconductor and IT industries that aims to facilitate the Internet of Things (IoT) for commercial buildings. The organization is developing a set of technical specifications for a common IP-based infrastructure, independent of the application ecosystem, and based on open standards, with a strong emphasis on security.
Fairhair’s security approach is explained in a White Paper entitled “Security Architecture for the Internet of Things (IoT) in Commercial Buildings”. The White Paper, authored by Piotr Polak of Signify (formerly Philips Lighting), can be downloaded from the Fairhair website.
While no system is impervious to attack, the Fairhair security architecture is intended to clarify how building-automation systems can be secured to mitigate any attacks that occur. This is achieved by limiting the scope of what an attacker can do, enabling attack detection, and providing mechanisms to defend against the attacks (detection, response, and remediation).
Fairhair aims to provide a security architecture that is open and compliant with existing and new specifications of the Internet Engineering Task Force (IETF), the main Internet standardization body. The architecture should also support system designers to meet existing and emerging regulations and security standards, such as IEC 62443 or ANSI UL 2900.
The Fairhair security model takes a layered approach based on network segmentation, federated security zones, and application-level authorization. The approach can be applied on multiple networking technologies, including Ethernet, Wi-Fi and Thread (IEEE 802.15.4-based) networks.
The White Paper describes the timeline for the Fairhair security specification, which includes the finalization of application-level security topics, followed by a Proof-of-Concept (PoC) demonstrator that will validate the specification and show its practical feasibility. Findings from the PoC prototyping effort, as well as several standards currently being specified by IETF, will contribute to the maturity of the Fairhair security specification.
Fairhair intends to offer these technical specifications to the established building-automation application ecosystems (including BACnet, KNX and Zigbee), allowing these organizations to adapt the specifications as required and build them into their own standards.
About the Fairhair Alliance
Fairhair is an alliance of leading companies from the lighting, building-automation, semiconductor and IT industries that aims to facilitate the Internet of Things (IoT) for commercial buildings. Fairhair envisions a future where the building-automation and lighting-control industries use IoT technologies to build secure, cost-effective and scalable systems. This is enabled by the use of a single, unified, IP-based network infrastructure in commercial buildings.
Fairhair collects market requirements and uses these to develop a set of technical specifications based on open IEEE and IETF standards. The Alliance has liaison agreements with relevant organizations – such as BACnet, CABA, KNX, OCF, OpenAIS, Thread and Zigbee – to promote and support adoption of the Fairhair specifications.