论文信息 - Smart Building Risk Assessment Case Study: Challenges, Deficiencies and Recommendations

Smart Building Risk Assessment Case Study: Challenges, Deficiencies and Recommendations

Inter-networked control systems make smart buildings increasingly efficient but can lead to severe operational disruptions and infrastructure damage. It is vital the security state of smart buildings is properly assessed so that thorough and cost effective risk management can be established. This paper uniquely reports on an actual risk assessment performed in 2018 on one of the world's most densely monitored, state-of-the-art, smart buildings. From our observations, we suggest that current practice may be inadequate due to a number of challenges and deficiencies, including the lack of a recognised smart building risk assessment methodology. As a result, the security posture of many smart buildings may not be as robust as their risk assessments suggest. Crucially, we highlight a number of key recommendations for a more comprehensive risk assessment process for smart buildings. As a whole, we believe this practical experience report will be of interest to a range of smart building stakeholders.

[1] Ali Ismail Awad,et al. Cyber and Physical Security Vulnerability Assessment for IoT-Based Smart Homes , 2018, Sensors.

[2] Lee T. Ostrom,et al. Risk Assessment: Tools, Techniques, and Their Applications , 2012 .

[3] A. H. Buckman,et al. What is a Smart Building , 2014 .

[4] Qusay H. Mahmoud,et al. Cyber physical systems security: Analysis, challenges and solutions , 2017, Comput. Secur..

[5] Sadie Creese,et al. Security Risk Assessment in Internet of Things Systems , 2017, IT Professional.

[6] Vikas Lamba,et al. Recommendations for smart grid security risk management , 2019, Cyber-Physical Systems.

[7] Sebastian Obermeier,et al. Security assessment methodology for industrial control system products , 2014, The 4th Annual IEEE International Conference on Cyber Technology in Automation, Control and Intelligent.

[8] Kevin Jones,et al. A review of cyber security risk assessment methods for SCADA systems , 2016, Comput. Secur..

[9] C. Watkinson. Risk assessment tools. , 1997, Professional nurse.

[10] Giannopoulos Georgios,et al. Risk Assessment Methodology for Critical Infrastructure Protection , 2013 .