DOME™: Device-Level Cybersecurity for New and Existing Building Networks
Eliminate cyber vulnerabilities in Building Management Systems with the Veridify DOME™ cybersecurity solution and top-of-the-line Advantech hardware
Buildings are becoming smarter and more efficient through the connection of building systems, controls, and sensors to IT networks and the Internet of Things (IoT). The rising cost of energy usage and the associated environmental impacts, along with increased data security and building needs, has led to a rise in the demand for cost-effective, easy-to-deploy smart building management.
The rise of the convergence of OT (Operational Technology) and IT (Information Technology) systems in building management systems, however, also exposes cybersecurity vulnerabilities that could disrupt a building’s operations. Cyberattacks bring with them financial, professional, and intellectual property risks, and can create an unsafe environment for building occupants. Disruptions of building operations from cyberattacks can adversely affect a building owner directly by means of revenue loss, rent interruptions, and more.
According to Accenture, cybercrime will come at a cost of $5.2 trillion worldwide within five years. For one data breach instance, the cost can range up to $4.24 million, according to IBM and the Ponemon Institute. As these cyber threats continue to exist and evolve, implementing and improving cybersecurity measures for buildings and OT networks is a top priority.
Recently, a building owner needed to address cyber vulnerabilities threatening their entire building’s network and associated systems. The OT networks and devices that were running the building’s daily operations lacked cyber protection, which made them susceptible to cyberattacks. Without proper security measures, connections to OT networks through IT or IoT networks can pose a vital threat to internal systems or result in cyberattacks. These attacks can wreak havoc on building systems, even threatening the safety of the occupants.
The customer recognized their Building Management System (BMS)—and the unsecured devices on every floor enabling building communication—presented easy entry points for a cyberattack. Any attack could disrupt building operations, impact revenue streams, and even allow outside access to valuable data stored on connected servers.
In addition to a necessary cybersecurity solution, the customer also had the challenge of retrofitting that solution into existing infrastructure—all without replacing the current system network or wiring. The current BMS system was relatively new and not scheduled for replacement any time soon. Due to cost and current occupants, a completely new BMS system was not a viable option and still may not have addressed the owner’s challenges. The building was still open and operational, so any cybersecurity system installations and upgrades could not interrupt building operations for its occupants. In order to address this challenge, the customer worked with its Intel® IoT Solution Aggregator Arrow Electronics and achieved its cybersecurity upgrade goals with software and hardware solutions from Veridify Security and Advantech.
The customer implemented a DOME™ system that creates a ‘VPN-like’ connection between all devices and controllers. DOME from Veridify creates a secure tunnel over the existing network, authenticates all connected devices, and encrypts data and commands creating a trusted environment for building devices running various aspects of building systems. Veridify and Advantech, working with Arrow and Intel, designed and deployed a full cybersecurity solution to secure the existing BMS without interfering with the existing building infrastructure.
Veridify’s DOME™ SaaS (Software as a Service) solution provides device-level security for new and existing building automation systems. DOME™ is a complete SaaS platform that delivers Zero Trust, real-time cybersecurity protection. It is protocol-agnostic, supporting both IP and non-IP networks, for added adaptability.
At the foundation of DOME™ are Veridify’s cybersecurity software tools that provide device-to-device authentication, management, and data protection to secure even the smallest connected devices at the edge of OT networks. Many cybersecurity systems only provide protection to the BMS controller due to processing requirements, while DOME delivers security to event the smallest processors at the edge of the network.
A key element of Veridify’s cybersecurity offering is its DOME™ Sentry, a standalone hardware device placed at the edge of a building to protect an installed device or system. A DOME™ Sentry features zero-touch on-boarding for fast and easy installation in front of a building device and then immediately provides authentication and data protection.
In addition to the sentry device, Veridify’s DOME™ Interface Appliance (DIA) manages all on-boarding, security credentials, and data logging within a building or campus. Powering the DIA is an Advantech industrial controller, the UNO-2271G-V2, which leverages Intel’s Elkhart Lake dual-core CPU. The Advantech UNO-2000 series of embedded automation computers are highly rugged with a fan-less and modular design, optimized I/O, and various stack expansion module options. The UNO-2271G-V2 means flexible and swift time-to-market support for smart building networks.
Advantech UNO-2271G-V2 Edge IoT Gateway
- Intel® Elkhart Lake Celeron® Dual core N6210
- 4GB/8GB DDR4 onboard memory
- Compact, robust, fanless, and cable-free system with high stability
- Operating temperature -20~60°C / -4~140°F for deployment
- Modular design offers optimized basic unit with 2 x GbE, 2 x USB 3.2 Gen1, 1 x HDMI 1.4
- Optional second stack for increasing functionality, including PoE, COM, wireless connectivity, or more than 20 additional I/O options via Advantech iDoor expansions
- Built-in TPM2.0 for hardware-based security
In addition to the DOME™ Sentry hardware and DIA, DOME™ Software Development Kits are available for a wide range of processors, which allows OEMs to add robust security quickly and easily to devices running at the edge of a building system OT network. DOME™ is the industry’s only solution that delivers end-to-end security on a cost-effective, easy on-boarding SaaS platform.
How it Works
For Smart Buildings, Veridify’s DOME™ solution protects a building’s management system right to the edge over existing network protocols, such as BACnet. The system provides zero-touch on-boarding to reduce time and errors from manual provisioning; a block chain pedigree ensuring only authorized controllers and other devices at the edge can issue commands; and a low-cost security gateway used to retrofit security for existing, deployed devices. It is also crypto-agile, supporting legacy and quantum-resistant security and safeguarding customers’ investments with long life cycle protection.
In addition to these features, DOME™ also incorporates the Veridify Security Dashboard so users can monitor building systems 24/7. Event logs are collected from all deployed DOME™ devices and processed locally for potential threats and anomalies. Notifications for such events can be sent to on-site personnel using the internal IT system (e.g., an email server). Additionally, the log files are uploaded to the DOME™ server for additional processing, archiving, and use in the Security Dashboard. Further notifications may be sent via SMS messaging and other means.
For the full end-to-end solution, the customer leaned on Advantech’s leadership in industrial computing hardware and Veridify’s cybersecurity software expertise to deliver a differentiated SaaS Cybersecurity solution running on Intel’s 10nm Elkhart Lake CPU. With the support of Arrow Electronics, the solution has scalability for other global systems integrators and end users.
Return on Investment
In implementing the DOME SaaS Solution for cybersecurity, the customer was able to achieve the following returns on their investment:
- Reduced the risk of future cyberattacks and the associated costs, financial and professional
- Ability to lower building insurance costs
- Maintained its reputation with building occupants and end-users
- Lowered the costs and complexities for systems integrators with an easy install
- Access to real-time, 24/7 security protection and monitoring for every building device
- Enhanced lease potential with a ‘cyber-safe’ building