Seeing the potential for malicious actors to attack vulnerable elevator control systems linked to the internet, an industry group of elevator manufacturers has proposed a set of cybersecurity guidelines.
The National Elevator Industry Inc. (NEII)’s white paper outlines several possible pathways for hackers to compromise the software overseeing modern elevators. The recommendations are not only for manufacturers to heed, but also call for new training guidelines for installing and operating elevators.
“We published this as a proactive attempt to ensure elevator manufacturers are safeguarding their devices,” says Karen Penafiel, NEII director. “The elevators of today are already using a lot of technology, and the tools that service mechanics use could have vulnerabilities that need to be protected from malware,” she says.
While Penafiel doesn’t know of any specific example of a successful hack of elevator systems out in the wild, the increasing use of remote monitoring and diagnostic technology, as well as the vulnerability of systems designed to run smart buildings create many possible vectors for cyberattacks.
"To understand the cybersecurity threat to elevators one must understand the susceptibility of the elevator system itself. Almost all elevator systems until very recently, have been isolated systems mainly behind a locked door," says Barry Blackaby, managing director of B. Blackaby and Assoc., and one of the primary authors of the white paper.
Blackaby explains that while in past decades the physical isolation of elevator systems protected them from offsite meddling, that has changed somewhat in recent years. "The internet has become so ubiquitous that it is the only logical choice for digital communication to the installations for remote monitoring and diagnostic systems also for the delivery of software updates," he says. "The latest building code requires real time voice and video into every car again basically requiring the internet communications be integrated into the elevator system. Features like Occupant Evacuation Operation fill require the elevator system have communication to other systems within the building, introducing another path for potential cyber-attacks," notes Blackaby. "These latest systems absolutely require cybersecurity protection."
Blackaby wants to be clear that elevator manufacturers already take cybersecurity seriously, and any attempt to circumvent elevator software remotely would run into hardware safety systems that would prevent a dangerous command from being executed. But that doesn't mean a hacker could not theoretically cause mischief in the system. "The more probable threat will be ransomware on the management system or denial-of-service type of attacks," he says.
Penafiel says the report targets recommendations for the service technicians installing, certifying and repairing elevators. “What we are seeing is that the job of the elevator mechanic of the future will be more technology-focused—more computer knowledge will expected, and they’ll be doing a lot more of their job behind a computer screen and not with wrench in hand,” she says.
The report’s recommendations are nonbinding, but Penafiel sees the guidelines as a first step toward an international ISO standard for elevator cybersecurity. “The best-case scenario for this process is three years; our ambitious target is by 2022,” she says.