Rabobank is deploying SilentDefense to improve building automation system (BAS) security.
Customer Profile
Rabobank is a Dutch multinational banking and financial services company headquartered in Utrecht. Serving approximately 8.3 million clients around the world [1], it is the second-largest bank in The Netherlands in terms of total assets, and among the world’s 25 largest financial institutions in terms of Tier 1 capital. With more than 400 offices only in The Netherlands, they offer the most finely-meshed banking network in the country.
The Challenge
Nowadays, a building is increasingly a cyber-physical system (CPS) whose physical components, such as HVAC, access control and elevators, escalators and moving walkways, are integrated and controlled through digital infrastructures. Building automation systems (BAS) integrate, connect and control the building’s different sub-systems to facilitate management operations. In addition, asset inventory is becoming crucial for efficient preventive maintenance and for compliance with the stringent requirements many countries are imposing on smart buildings.
BAS vulnerabilities have risen 500% YoY [2] in the last three years, and it is becoming increasingly important for owners and managers of critical buildings to address the key issues of asset inventory and cybersecurity.
BAS Threat Landscape
• 500% more BAS cyber vulnerabilities discovered in the last three years [2] • 75% of organizations don’t have a formalized cyber security strategy [3] • 1,500 access attempts every day on a single smart house exposed on the Internet [4] • 68,000 open BAS interfaces easily found on the Internet [4] • 50 billion IoT devices on the network in 2022 [5]
The Project
Rabobank has launched an initial BAS cybersecurity project to cope with the following challenges: ▪ Protecting networked BAS/IoT devices ▪ Inapplicability of IT security solutions to BAS devices ▪ Limited or no visibility into how devices are operating and whether they are communicating with the outside world
The scope of the OT network to be managed includes several different building automation systems for HVAC, surveillance, access control and lighting. The initial scope covers more than 500 devices. After a defined learning period, a thorough penetration testing will be performed to validate the bank’s improved security posture. SilentDefense has been deployed to automatically identify and protect each building automation system on the network, deliver an accurate asset inventory and capture all the relevant cyber and operational threats without the cost and complexity of software agents on endpoints.
Main Results
A complete inventory and network map has been extracted with a detailed view of hundreds of devices, including their current model, firmware and vulnerabilities.
Among the relevant findings, SilentDefense detected: • Unwanted communication links between the IT and OT network caused by firewall misconfiguration • Unwanted/unnecessary services and protocols enabled (e.g. file transfer and device discovery services) • Maintenance operations not adhering to policies (e.g. supplier connecting own laptop to the network) • Misconfigured devices (e.g. IP cameras with high bandwidth consumption) • Weak passwords to access IP-cameras, multiple vulnerable hosts and controllers with outdated firmware
Customer Value
• Full visibility into BAS network • Enforcement of compliance with internal network and maintenance policies • Detection of anomalies and cyber threats to operational continuity • Improvement of the overall security posture
Click below to share this article