Smart buildings contain multiple systems implemented as control loops comprised of networked cyber controllers effecting, or being affected by, physical devices such as thermostats, light switches and occupany sensors. These cyber-physical building systems are becoming increasingly vulnerable to both cyber and physical attacks. This project aims to produce a risk assessment methodology for smart buildings enabling building managers to make informed decisions as to whether any additional security measures or controls may be required to protect the building systems from unauthorised access and prevent the loss of sensitive data. The methodology will be developed following an initial security assessment of Newcastle University’s new £58 million Urban Sciences Building (USB) which contains many common ‘smart’ building systems. The USB houses the School of Computing, new Collaborative Laboratories and the Institute of Sustainability (http://www.ncl.ac.uk/sciencecentral/urban), and is intended to be used as a living laboratory allowing academics to work together in a sensor rich environment specifically designed to promote collaborative urban sciences research and innovation. The PETRAS programme will benefit by gaining a detailed insight into the design of the building systems in the USB.
- To produce a security assessment of the USB’s building management system with the aim of locating potential vulnerabilities and backdoors that may allow unauthorised access to, or manipulation of, the building systems. The investigation will explore what data types are being used, model the data flows and all inter-system actions.
- To review the architecture of the USB’s mechanical, electrical and building systems. The aim is to assess the resilience and security of the systems, identify any single points of failure, review the integration of third party systems and the protocols they use. As part of the review, the business criticality of labs and systems will be assessed.
- Undertake a proof-of-concept study for multidisciplinary multi-modelling of building management subsystems. The aim is to explore and develop the potential of multi-modelling and co-simulation to support the integrated analysis of emerging security and safety properties of cyber-physical systems. This work will use the INTO-CPS toolchain being partly developed at Newcastle (https://research.ncl.ac.uk/cplab/currentprojects/into-cps/), and will be one of the first such studies to include systematic multi-modelling of security concepts.