TÜV NORD: Many elevator systems are inadequately protected against cyber attacks

Elevators and other building management systems must not only be technically secure, they must also be protected against cyber attacks. However, this is not always the case. The problem is that there is a risk of attackers gaining access to other systems, such as access control or ventilation and air conditioning technology, through an inadequately secured gateway. “Operators should urgently think about the cyber security of their systems - even if they are not directly connected to the Internet,” advised Daniel Contreras Schaffeld, Business Development Manager at TÜV NORD during the specialist event ”Future Strategies: IoT, digitalization and cybersecurity for a networked world” in Bremen.

“People need to be protected from machines, but now machines also need to be protected from people,” says the expert, referring explicitly to protection against manipulation by cyber attacks. And these are possible at any time and with different techniques, both online and offline. What can happen if the door control of an elevator system is hacked? People can become trapped, accidents can occur - and ultimately the entire elevator system can be put “out of action”. Such a case becomes serious in hospitals, for example.

All unlikely? “Maybe,” says Contreras Schaffeld, ”but it's better to be careful and close all security gaps as far as possible than to face potentially immense damage and shut down the elevator for an extended period of time.” After all, you don't turn off the firewall and virus protection on your private computer either. After all, major damage can be caused with little effort, especially if the systems are networked: “If the elevator technology is directly connected to the ventilation technology, lighting and access control in the network, hackers can manipulate all of these systems.”

What does the expert recommend? For him, there are three key rules:

• The network structure should be separated so that all building management systems are independent of each other and zone transitions are closely controlled.
• The firewall should be configured in the best possible way so that it can fulfill its task.
• Secure all interfaces, both wireless and wired.

“In combination with other measures, the security of the systems is significantly increased,” says the expert, referring to corresponding information on the TÜV NORD website: https://www.tuev-nord.de/de/unternehmen/industrie/betreiber/pruefung-cybersicherheit

Cyber security is therefore not a theoretical problem, but an acute threat. For this reason, “inadequate or missing cybercrime defense” has been documented in the test report of elevator systems for several months. The basis for this is the technical rule TRBS 1115. The note in the test report is intended to raise awareness before failures or damage occur.

TRBS 1115-1

The Technical Rule for Operational Safety 1115-1 considers the cyber security of safety-relevant measurement and control technology in systems requiring monitoring. This also includes elevators. As part of their risk analysis, operators of these systems must not only consider mechanical or technical defects, but also cyber threats, and take protective measures against them and document them. If no such documentation is available during the inspection of an elevator system, this has been considered a minor defect since the summer and is noted in the inspection certificate.

Founded over 150 years ago, we stand for security and trust worldwide. As a knowledge company, we have our sights firmly set on the digital future. Whether engineers, IT security experts or specialists for the mobility of the future: in more than 100 countries, we ensure that our customers become even more successful in the networked world.