Martin Chlupáč from Energocentrum spoke about the security of measurement and control systems in buildings. He identified the fact that the control of most systems controlling technical processes, such as heating, is insufficiently protected as a pressing problem. And whoever manages to connect to the systems can do anything under the circumstances, according to the expert. At least one password protects the control of only a small percentage of the systems available on the market, Chlupáč stressed.
As a compromise solution, Chlupáč mentioned a procedure where different passwords provide access to different levels of system administration. However, according to Chlupáč, this option is now virtually non-existent in technologies for conventional or office buildings. Chlupáč stressed the need for standardization of security systems in buildings. He noted that an initiative based on critical infrastructure requirements is a definite possibility, where standards from this area could eventually increase the pressure on manufacturers of systems for "ordinary" buildings.
Different types of cyber-attacks and personal responsibility of users in the protection of computer networks and data were discussed by Martin Samek, who heads the Centre of Computer Science and Informatics at the FEE CTU. Samek described several fundamental user mistakes - for example, the belief that all security is just a matter of paying for it, and the lack of communication with employees in institutions and companies. The cybersecurity expert also believes that many people believe that they are too uninteresting to be a target of an attack. Samek also pointed out that a user may only find out about an attack on his or her device with hindsight. "The variability (of attacks) is great. The question is not whether we will fall victim to attacks, it is just a question of when and how it will affect us. We have to try to delay it and minimize the impact. Cybersecurity affects us all," Samek stressed.
Martin Samek from FEL CTU spoke about the defence of households and companies against cyber attacks in Studio 6 of Czech Television https://www.ceskatelevize.cz/porady/1096902795-studio-6/222411010101215/cast/952257/
Michal Salát, a cyber threat expert from Avast Software, pointed out that the weak point of many systems is the use of passwords from available documentation instead of creating new credentials. He also spoke about the pitfalls of virtual private networks (VPNs) for accessing company systems from employees' homes. Salat said that people often use a username and password to access these systems instead of digital certificates, which carries the risk of leaking this data.
The trio of experts mentioned the topic of chips as a big and unresolved issue for home devices and systems in intelligent public buildings. The experts pointed out that often chip manufacturers for home automation also provide development tools and cloud solutions. Such systems are then often sold under different brands and logos, but they share common weaknesses in terms of security - typically weak protection of user data. Another problem, according to Chlupáč, Salát and Samek, is that many of the chips and other technologies used in the industry have in the past been expensively and laboriously certified and are used for as long as possible, even though the nature of the technology is outdated. The IT experts noted that while these devices tend to come with various security features, these are not part of the product itself, which is a handicap.
You can watch the whole seminar and the subsequent discussion moderated by the guarantor of the Intelligent Buildings programme, professor Pavel Ripka from FEE CTU, here.
