Design News is part of the Informa Markets Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Achieving Cybersecurity in Smart Buildings: Leave Nothing to Chance

Article-Achieving Cybersecurity in Smart Buildings: Leave Nothing to Chance

Image courtesy of Oxana Grivina / Alamy smartbldg.jpg
Securing numerous legacy systems against cyberattacks is a key challenge in smart buildings.
Panelists say a detailed plan and step-by-step actions increases the likelihood facilities can mitigate, though not prevent, most security breaches.

Smart buildings, with systems in place to automatically control factors such as access, lighting, and climate, continue to become a greater part of our lives with their promises of energy savings and greater convenience for both users and building operators. But securing the myriad systems in these facilities is no easy task and requires careful planning and execution, according to participants at a Smart Buildings Summit session held earlier this week by FierceElectronics.

Even with the best preparation, there’s no guarantee any building can be completely safe from cybersecurity threats, said  Osman Saleem, Director of Cybersecurity and Privacy, at PwC Canada, in a keynote speech preceding the panel session. “Cybersecurity takes time and is a journey. It continually evolves with threats out there.”

Saleem added that smart building operators need to take three steps to ensure a reasonable level of security. The first is conducting a risk assessment to define and understand the risks to the facility. The second is developing a cybersecurity policy that is adhered and enforced through a compliance process. The third is technology implementation, which he added is best accomplished through a conversion network that connects the various legacy systems already in the building.

The seriousness of cybersecurity, Saleem noted, is borne out in sobering statistics that state every 39 seconds some security breach occurs, and that the average security breach costs a company $4.2 million.

Panelists agreed the cybersecurity issue is very serious and is not brought to most people’s attention. “You still must deal with them,” said session panelist Fred Gordy, Director of Cybersecurity for Intelligent Buildings.

Gordy recalled an instance where ransomware invaded a building network. Instead of tracking down the source of the problem, the network was simply backed up, which in turn caused the ransomware to damage the remainder of the network and incur expensive repairs to system hardware.

The serious nature of cybersecurity breaches is a message that has to reach all people in an organization, said Gord Erickson, Co-Founder/Chief Strategist of Smart-Buildings.io.  “There’s more talk about building cybersecurity now, but I am not sure it is trickling down. The C-suite executives realize it, but work needs to be done on filtering the message throughout an organization.”

Intelligent Buildings’ Gordy reiterated Erickson’s point, adding, “You have to engage all the stakeholders, down to the technician on the floor, and engage everyone in buying to cybersecurity practices.”

Carefully controlling who and how your internal systems are accessed and modified is part of this engagement. Gordy recalled a company he worked for which had a common username and password for everyone. One fired employee proceeded to log onto the system with those credentials and hacked the system, wiping out much of the information on the server.

One of the challenges in building cybersecurity is the number of separate legacy systems already in place that have to be protected, noted Marta Soncodi, Smart Buildings Program Director of the Telecommunications Industry Association (TIA). “We have to consider that buildings are systems of systems. When we see events come up, we can see rampant complexity, technology that we bring in outpaces security.”

Another issue complicating smart building cybersecurity is the dearth of uniform standards. There is no one-size-fits-all set of standards. “You need to see what legislation applies to you,” said Intelligent Buildings’ Gordy.

Spencer Chin is a Senior Editor for Design News covering the electronics beat. He has many years of experience covering developments in components, semiconductors, subsystems, power, and other facets of electronics from both a business/supply-chain and technology perspective. He can be reached at [email protected]

Hide comments
account-default-image

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish