Characterizing Building Automation System Attacks and Attackers

Martino Tommasini; Martin Rosso; Emmanuele Zambon; Luca Allodi; Jerry den Hartog

doi:10.1109/EuroSPW55150.2022.00020

Characterizing Building Automation System Attacks and Attackers

Martino Tommasini, Martin Rosso, Emmanuele Zambon, Luca Allodi, Jerry den Hartog

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

2 Citations (Scopus)

67 Downloads (Pure)

Abstract

A building automation system (BAS) is an instance of a cyber-physical-system (CPS) in control of building functionalities like lighting, ventilation, CCTVs, and access control. The amount of “smart” buildings has been growing over the years, introducing new technologies which are now being targeted by attackers. In this work, we present the first collection of publicly disclosed security incidents involving Building Automation Systems (BAS). We then provide a qualitative study of attackers targeting BAS and unveil their main characteristics and differences to traditional CPS attackers. We learn that, generally speaking, BAS attackers show a lower sophistication level and that most BAS attacks target the smart IoT components present in modern buildings. Further, access to the BAS is often not the attacker's final goal but "just" a mean to achieve their actual goal. Lastly, we do not observe any advanced, state-sponsored BAS attacks hinting that these play less of a role in BAS (compared to CPS).

Original language	English
Title of host publication	Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022
Publisher	Institute of Electrical and Electronics Engineers
Pages	139-149
Number of pages	11
ISBN (Electronic)	978-1-6654-9560-8
ISBN (Print)	978-1-6654-9561-5
DOIs	https://doi.org/10.1109/EuroSPW55150.2022.00020
Publication status	Published - Jul 2022
Event	4th Workshop on Attackers and Cyber-Crime Operations - Genoa, Italy Duration: 6 Jun 2022 → 6 Jun 2022 Conference number: 4 https://wacco-workshop.org/past/2022

Workshop

Workshop	4th Workshop on Attackers and Cyber-Crime Operations
Abbreviated title	WACCO 2022
Country/Territory	Italy
City	Genoa
Period	6/06/22 → 6/06/22
Internet address	https://wacco-workshop.org/past/2022

Keywords

BAS
CPS
ICS
attack model
building automation system
cyber security
industrial control system

Access to Document

10.1109/EuroSPW55150.2022.00020Licence: Other

characterizing_building_automation_system_attacks_and_attackers_author_accepted_version_cc-byFinal author version , 357 KBLicence: CC BY

Cite this

@inproceedings{a671ffcc215b40338a463323c791d997,

title = "Characterizing Building Automation System Attacks and Attackers",

abstract = "A building automation system (BAS) is an instance of a cyber-physical-system (CPS) in control of building functionalities like lighting, ventilation, CCTVs, and access control. The amount of “smart” buildings has been growing over the years, introducing new technologies which are now being targeted by attackers. In this work, we present the first collection of publicly disclosed security incidents involving Building Automation Systems (BAS). We then provide a qualitative study of attackers targeting BAS and unveil their main characteristics and differences to traditional CPS attackers. We learn that, generally speaking, BAS attackers show a lower sophistication level and that most BAS attacks target the smart IoT components present in modern buildings. Further, access to the BAS is often not the attacker's final goal but {"}just{"} a mean to achieve their actual goal. Lastly, we do not observe any advanced, state-sponsored BAS attacks hinting that these play less of a role in BAS (compared to CPS).",

keywords = "BAS, CPS, ICS, attack model, building automation system, cyber security, industrial control system",

author = "Martino Tommasini and Martin Rosso and Emmanuele Zambon and Luca Allodi and {den Hartog}, Jerry",

year = "2022",

month = jul,

doi = "10.1109/EuroSPW55150.2022.00020",

language = "English",

isbn = "978-1-6654-9561-5",

pages = "139--149",

booktitle = "Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022",

publisher = "Institute of Electrical and Electronics Engineers",

address = "United States",

note = "4th Workshop on Attackers and Cyber-Crime Operations, WACCO 2022 ; Conference date: 06-06-2022 Through 06-06-2022",

url = "https://wacco-workshop.org/past/2022",

}

Tommasini, M, Rosso, M , Zambon, E , Allodi, L & den Hartog, J 2022, Characterizing Building Automation System Attacks and Attackers. in Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022. Institute of Electrical and Electronics Engineers, pp. 139-149, 4th Workshop on Attackers and Cyber-Crime Operations, Genoa, Italy, 6/06/22. https://doi.org/10.1109/EuroSPW55150.2022.00020

Characterizing Building Automation System Attacks and Attackers. / Tommasini, Martino; Rosso, Martin ; Zambon, Emmanuele et al.
Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022. Institute of Electrical and Electronics Engineers, 2022. p. 139-149.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Characterizing Building Automation System Attacks and Attackers

AU - Tommasini, Martino

AU - Rosso, Martin

AU - Zambon, Emmanuele

AU - Allodi, Luca

AU - den Hartog, Jerry

N1 - Conference code: 4

PY - 2022/7

Y1 - 2022/7

N2 - A building automation system (BAS) is an instance of a cyber-physical-system (CPS) in control of building functionalities like lighting, ventilation, CCTVs, and access control. The amount of “smart” buildings has been growing over the years, introducing new technologies which are now being targeted by attackers. In this work, we present the first collection of publicly disclosed security incidents involving Building Automation Systems (BAS). We then provide a qualitative study of attackers targeting BAS and unveil their main characteristics and differences to traditional CPS attackers. We learn that, generally speaking, BAS attackers show a lower sophistication level and that most BAS attacks target the smart IoT components present in modern buildings. Further, access to the BAS is often not the attacker's final goal but "just" a mean to achieve their actual goal. Lastly, we do not observe any advanced, state-sponsored BAS attacks hinting that these play less of a role in BAS (compared to CPS).

AB - A building automation system (BAS) is an instance of a cyber-physical-system (CPS) in control of building functionalities like lighting, ventilation, CCTVs, and access control. The amount of “smart” buildings has been growing over the years, introducing new technologies which are now being targeted by attackers. In this work, we present the first collection of publicly disclosed security incidents involving Building Automation Systems (BAS). We then provide a qualitative study of attackers targeting BAS and unveil their main characteristics and differences to traditional CPS attackers. We learn that, generally speaking, BAS attackers show a lower sophistication level and that most BAS attacks target the smart IoT components present in modern buildings. Further, access to the BAS is often not the attacker's final goal but "just" a mean to achieve their actual goal. Lastly, we do not observe any advanced, state-sponsored BAS attacks hinting that these play less of a role in BAS (compared to CPS).

KW - BAS

KW - CPS

KW - ICS

KW - attack model

KW - building automation system

KW - cyber security

KW - industrial control system

UR - https://github.com/wacco-workshop/WACCO/tree/main/WACCO-2022

UR - https://gitlab.tue.nl/sec-lab/bas-security/basattacks

UR - http://www.scopus.com/inward/record.url?scp=85134187493&partnerID=8YFLogxK

U2 - 10.1109/EuroSPW55150.2022.00020

DO - 10.1109/EuroSPW55150.2022.00020

M3 - Conference contribution

SN - 978-1-6654-9561-5

SP - 139

EP - 149

BT - Proceedings - 7th IEEE European Symposium on Security and Privacy Workshops, Euro S and PW 2022

PB - Institute of Electrical and Electronics Engineers

T2 - 4th Workshop on Attackers and Cyber-Crime Operations

Y2 - 6 June 2022 through 6 June 2022

ER -

Characterizing Building Automation System Attacks and Attackers

Abstract

Workshop

Keywords

Access to Document

Other files and links

Fingerprint

Data supplementary to the paper: "Characterizing Building Automation System Attacks and Attackers"

BAS Attack Database and Attacker Characterization

Cite this

Characterizing Building Automation System Attacks and Attackers

Abstract

Workshop

Keywords

Access to Document

Other files and links

Fingerprint

Datasets

Data supplementary to the paper: "Characterizing Building Automation System Attacks and Attackers"

BAS Attack Database and Attacker Characterization

Cite this