Remote Access and Application Gaps in Elevators

With developing technology, remote access to elevators emerges as a practicable option today. There are many reasons why remote access is needed:

• The ability of various companies to monitor and manage their buildings in different locations, both elevators and other equipment with security concerns.
• Monitoring the service performance of elevators and instantaneous malfunctions, and measuring maintenance performance of elevators.
• In fact, it is possible to access the controls in a closed loop when monitoring and intervention applications are installed in elevator groups in which a floor-call assignment system is installed.
• It is possible to manage elevators remotely, if the main computer is accessed from outside through various remote connection applications or similar software.

In addition, access to the system has become possible with reciprocal modules, recently started to be tested by global manufacturers, with connection to the internet without the need for a main computer. This type of access can be made through various infrastructures. Systems that can be used to send commands to modem-connected hardware placed in controllers through modules developed by cloud providers such as IBM, Amazon, Google for global manufacturers, or accessed via any internet browser and communicating through standard HTTP protocols, are now being used by brands such as Otis, KONE, Schindler and Mitsubishi.

In particular, newly developed IoT (Internet of Things)-based systems have led to the emergence of smart elevators. IoT systems allow electronic devices to communicate with each other and be managed by artificial intelligence (AI) software. While these systems can be used for many different devices, from refrigerators to car engines, they also create tools that are capable of receiving commands without direct human intervention. A system that can receive and transmit data once becomes open to being guided by many useful applications. Such an access facility for elevators allows data concerning user traffic, such as the number of calls received; the floors traveled by elevators; and the floors served the most. It also provides for transmission of fault-prevention information, such as fault sources, the most problematic parts and parts likely to cause failure of an access point. AI software in the access point can take measures to reduce the number of failures of the elevator by processing the data. These measures help reduce costs, since malfunction preventive maintenance is performed without the intervention of a technician.

Evaluation of data in global centers on the internet also aids the effectiveness of preventive maintenance. The storage and transfer of data with a cloud configuration is an open channel for development, which manufacturers are working on to optimize performance.

However, the widespread use of remote access brings along some security vulnerabilities. In fact, looking at the situation under the heading of remote access to mobile computers, rather than systems used in elevators, will provide a better understanding of the concerns. The incidents of hacking, exposure to viruses and exploitation of security vulnerabilities of the system, which we have seen many times in the media or that we are the victims of, are also very possible for elevators.

So what are the highest risk vulnerabilities for accessing these mobile computers?

Remote access systems are based on software; therefore, they do not have an infrastructure that we can physically access. As with any software-controlled system, there are vulnerabilities that expose them to bugs, viruses and attacks. The weakest moment of the system is during software updates. Updates open the door for potential spyware to send data to different addresses or for elevators to receive commands from uncertain sources. With such attacks occurring even in nuclear facilities that are very tightly protected today, cyberattacks on elevator controls with relatively low levels of security concerns are not remote possibilities.

Another risk is seen in cloud access. Unauthorized access to cloud areas where data is collected and controlled can allow elevators to be manipulated by third parties. Access through a browser, such as through HTTP protocols, essentially means that everyone who has access to the internet stops at the system’s door.

In April 2019, National Elevator Industry, Inc. (USA) published a series of recommendations to prevent such threats. Organizations such as the European Lift Association (ELA), the Pacific Asia Elevator and Escalator Association (PALEA) and the China Elevator Association (CEA) have stated that they will consider these recommendations. The recommendation generally envisages an improvement work at the ISO 14798:2009 Risk Assessment standard for Elevators and Escalators. It is recommended as a risk elimination method to place more than 1 security barrier in software-based access and to divide the access into stages (such as a password for accessing websites in banks and a method of approving the SMS sent to the phone). Also, another recommendation is the adaptation of the IEC 62443 Cyber Security Framework standard to elevators.

Eliminating remote access is not conceivable, even if it has risks. The benefits brought by the system will turn into inevitable necessities in the future. However, elevator manufacturers need to raise their awareness of these risk assessments, which are not their main area of expertise. A possible future cyber attack or the possibility of being part of a terrorist act should not be ignored.