Getting the best security practices in place for facility elevator systems involves both physical as well as digital interfaces. Elevator access control systems today, increasingly rely on embedded electronics controlled by smart chips. As such they are vulnerable to both onsite as well as remote hacking attacks. The safety and security of elevator access control systems is, therefore, crucial to ensuring the worth and value of properties and personnel on different floors within the building.
This article will discuss the best practices that facility managers need to put in place to ensure that people and offices stay safe and secure at different levels of access. Some of the practices need to be integrated into the elevator system design process itself, while others need to be implemented by facility and maintenance managers onsite.
Most intelligent elevators have interfaces connected to the communication lines within a facility. This includes wireless internet access points as well as fiber optical nodes joining the facility to the world wide web. But there are trusted zones within the elevator control design whose physical security is entirely dependent on the personnel working for building security. These include control units within the elevator cab as well as remote control systems in the machine room, motion control systems, drive or motor control systems, and the braking and safety systems. Hacks into the control systems from outside are what will be considered for the purposes of security in this article.
Maintain and harden assets: Elevator system designers need to have adequate training, tools, resources, and processes in place to harden and maintain the building elevator from cyber-attacks. This means training elevator designers and operators in dealing with cyber security threats, perceive risk correctly, and have the ability to respond to emerging crises.
Include cyber security best practices in elevator design: The selection of suitable strong firewalls, encryption of communicated information, threat modeling, and laying down a secure architecture, are among the most important recommendations of good elevator security practice.
Seek security assessments and reviews from the vendor: Your elevator vendor must be able to answer questions related to vulnerabilities within the software and its accompanying integrations that control your elevator system. In particular, ask the elevator vendor if they have results of penetration testing done upon their online systems.
Study elevator system attack response plans: Check documentation regarding the field issues, behavior of known threats over time, the strategies and patches that have been released to handle vulnerabilities, and the plan to decommission a machine when control becomes impossible as a result of a cyber-attack.
Some elevator systems have authentication procedures in place to allow selective access to different parts of the facility depending upon the level of the user involved. Check whether such authentication involves passwords and logins, whether the logins require multi-factor authentication (multiple password combinations before allowing access), whether other vendors that link to the elevator system are suitable trusted and have a mature security posture, and whether there are quick response strategies in place to respond with compromised system controls.
Lastly, but not the least, ask your elevator maintenance personnel whether they have all the system documentation in place to manage security at all the right places. Ask them if they can give you a rough guide to dos and don’ts for your facility elevators.
Following standard safety protocols, rules, and procedures sincerely can prevent elevator disasters from occurring and help maintain the reputation of your facility in perpetuity. Talk to an elevator design expert to get more security tips today.