The recent revelation that the data breach at Target originated with the theft of network credentials from one of their HVAC/R contractors has generated significant, and legitimate, attention to the issue of data security of Energy Management Systems (EMS).
If you are a developer or vendor of EMS systems you are undoubtedly hearing from customers and prospects alike, as are we. If you are an Energy Manager, you have probably already heard from IT and perhaps the C-suite.
The irony is that the breach apparently had nothing to do with the EMS. While earlier reports, such as this one from Information Week, pointed their fingers at the EMS system, the belief now is that the HVAC/R vendor was given access to the company’s electronic billing and contract management system, as reported by the Wall Street Journal.
That has not taken the spotlight away from EMS security, and so it is a good time to look at the issue of whether these systems are secure – and discuss ways to make sure that they are as secure as possible.
In fact, there is no reason why an EMS should not be fully secure – which is not the same as saying all of them are. Here are 3 ways to ensure that EMS systems cannot be used to open the door to data breaches.
- First and foremost, there is absolutely no reason for an EMS system to be on the same corporate network as the POS system, or as other critical systems with customer – or corporate – data. The EMS needs to communicate only among the system’s own components and the cloud, and therefore should be on a separate network, outside the firewall. This is what EMS vendors generally recommend (or insist on). Alternatively, the system could communicate entirely separately; for example, via a cellular network. These approaches may be more problematic with some older EMS, for which remote access was a recent addition, but there should be ways to make sure even those systems have no connection to secure networks carrying critical information.
- Second, separate from the network access question, many EMS vendors have voluntarily subjected their systems to PCI compliance testing, and companies looking to install or replace an EMS should insist on proof of such testing. (PCI compliance is orchestrated by the Payment Card Industry Security Standards Council, a global forum focused on implementation of security standards for account data protection). A properly designed EMS, from a security perspective, should have a minimal number of nodes that need to communicate outside the EMS, and be designed in a way that minimizes the chance of compromise. For example, communication between the EMS and the outside world should be initiated from the inside out – that is, from the EMS to the cloud, with no way to initiate communication from the cloud to the EMS. If you cannot get into the EMS, you cannot go beyond it. Moreover, EMS communications should use SSL or equivalent encryption, which protects whatever data transverses the EMS network.
- Finally, if for some reason a PCI-compliant EMS must connect to the corporate network, or EMS-related personnel must be given access to some network-based system, it is important to follow IT best practices. At a minimum, 2-factor authentication should be employed for all users. One instantiation of this gaining favor on secure sites such as banks is a call back to confirm that the user is the person issued the credentials, but there are other ways to achieve the goal, including challenge questions. 2-factor authentication significantly reduces risk in the event credentials are compromised.
Hopefully, the only fall-out from this sudden scrutiny will be to make EMS systems even more secure than they generally are.
And, hopefully, we can now get back to the business of reducing energy costs, enhancing operational efficiencies, and maintaining customer, guest, employee, and tenant comfort.
Martin Flusberg is CEO of Powerhouse Dynamics. Martin has spent most of his career developing innovative technologies that address climate change; the first half in transportation and the second half in energy. Most recently, he was co-founder and President of Nexus Energy Software, a pioneer in delivering on-line energy and carbon analysis to consumers and businesses. Nexus — sold to ESCO Technologies (NYSE:ESE) in 2005 and now part of Aclara Technologies — evolved into a global provider of software solutions to the utility industry focusing on smart grid, smart meter, energy efficiency and demand-response. Martin was CEO of software companies Multisystems, Inc. and REALink SystemsCorp. and ran an energy software unit of TASC. that later became Lodestar Corp., since acquired by Oracle. He has also served on the faculty of the Department of Civil and Environmental Engineering at MIT. Martin has an MSCE from MIT and a BEE from City University of New York.