At some level, the overwhelming majority of fires are caused by human error, whether that’s by dropping a match or failing to maintain machinery. It should be of little surprise then that fire protection systems are increasingly being automated, in an attempt to remove this human component. In theory, networked systems can help to detect and suppress fires early, saving property and lives.
Like many new technologies, however, there is a danger that businesses don’t fully comprehend the risks involved. While networked fire protection systems offer many benefits, they are also subject to risks that would not affect a traditional system. As these systems become more commonplace, it’s vital that we consider the need to secure them, and hold manufacturers and software developers to account.
Networked systems
Active fire protection typically requires some sort of input, such as a person triggering a fire alarm. Where it is automatic, such as with sprinklers or alarms which detect smoke and fire, these systems are usually localised, operating only within a certain vicinity. To turn them off, you usually have to access a valve or control panel and make the change manually.
Networked fire protection systems have a number of advantages over these traditional ones. If an alarm goes off, for instance, a networked system can tell you exactly where it is and when it was activated, giving you more information that you can use to take action. It can also allow you to link different parts of a building or site without running cables between them, and can allow you to operate it remotely, either to turn it off or for testing.
With the ability to connect what are known as Internet of Things (IoT) sensors wirelessly, networked fire protection systems are increasingly seen as a low cost and high tech solution. With the use of ever more advanced Building Information Management (BIM) software, these systems can often be managed through a single interface, with the data being used to schedule maintenance and inform decision making.
Fatal flaws
The benefits of networking active fire protection systems are undeniable, and it is likely that there are greater improvements to come. It is not infeasible to imagine a time where computers intelligently assess risks, relay information to the fire brigade themselves, and schedule and book their own maintenance. However, the systems we have at present are a developing technology, and are open to flaws – chief among them the software they use.
In order to operate remotely and collect data, each aspect of a networked system (e.g. alarms or smoke detectors) has to contain a tiny computer, which runs a proprietary form of software. With few recognised standards at present, this software is often developed by the companies that make the hardware, many of which are based in China. This software is often not updated regularly, and may not be particularly secure in the first place.
For operators who are not used to networked fire protection, or are not familiar with a specific piece of hardware, this could introduce a number of holes in your network security. While it is possible to separate your fire protection and BIM systems from the internet, many of these sensors and devices are off-the-shelf, plug-and-play solutions. If you install them without configuring them in a certain way, they will often use default settings, passwords and firmware, which could easily allow them to be compromised by hackers.
There are numerous potential ramifications to this. By gaining remote access to an individual IoT device, such as a smoke detector, hackers could use the device as a ‘backdoor’ into your network, and access files on other computers. More simply, they could also tamper with your fire protection system or other aspects of your building control – triggering alarms remotely or disabling systems, and putting you at risk in an emergency situation.
Controlling risks
Thankfully, there are a number of different ways to address this. The most obvious is to stick with traditional active fire protection systems, which are not susceptible to these issues. You may face an increasing clamour to upgrade, however, and you will be missing out on information that could help you to respond to fires more effectively.
Short of this, you should look to improve the information security of your organisation. A cybersecurity risk assessment should take your Industrial Automation and Control Systems (IACS) into account alongside other forms of IT, and empower you to develop a comprehensive action plan. This will likely take the form of better training for staff across your organisation, and a plan to regularly maintain and update your IoT devices.
Security should also take centre stage when purchasing and installing new systems, with a focus on finding hardware and software from trusted sellers, who can evidence their track record in cybersecurity. Many of the issues with IoT and other networked devices come from acquiring cheaply made devices, which often have poorly developed software or non-English language interfaces, making them hard to manage.
If you are worried about the pitfalls of a networked active fire protection system, one option may be to invest more heavily in passive fire protection. While it is vital that you make every attempt to secure and protect your alarms and other devices, passive fire protection can increase safety and provide added peace of mind. Systems such as fire walls, barriers and doors can help to secure the structure of your building, protecting critical infrastructure and ensuring the integrity of evacuation routes.
As these networked devices continue to take hold within the fire protection industry, it’s important that we take notice, and club together to demand high standards. While cybersecurity may seem far removed from fire safety, and an area that people are not comfortable about exploring, the integrity of software is critical to ensure that these devices work as intended.
By working to instigate high standards and choosing the right suppliers, we can collectively ensure that the risk from the quality of the hardware and software is minimised. Beyond that, it will be the responsibility of individual businesses to ensure that their staff are trained to use the new equipment, keeping it up-to-date and shielded from the risk of online interference.
This post was written by James Beale, Operations Manager at Invicta Fire Protection. Invicta Fire Protection is a specialist division of The Invicta Group and the world’s leading installer of 4 hour passive fire protection systems using Promat Durasteel.