Managing Cybersecurity Risk in Smart Buildings

We live in an era of disruption that is constantly reshaped by global forces in the form of new technologies, digital innovations and fast-changing social norms. From augmented intelligence applications, surging Internet of Things (IoT) deployments to pervasive mobility, the lives we live today would scarcely be recognised by someone from just a few decades ago.

Abstract art depicting Network of Cybersecurity

The Rise of Smart Buildings

Slowly, but surely, an evolution in smart buildings is taking place as more people move to cities than ever before. New buildings are equipped with a host of digital-centric amenities and capabilities designed to offer greater conveniences than ever, while older facilities are similarly upgraded.

The changes range from designs that allow them to be more user-friendly and energy efficient, to enhanced data-gathering capability that offers far better space management and data insights to reduce energy use. And smart buildings in the Asia Pacific are coming online at an extraordinary clip, in tandem with the rapid construction pace in the region.

While there is no question that smarter buildings offer ample benefits, inherent to this opportunity are real security risks, writes Annick Villeneuve of Schneider Electric in a recent blog post. Far too often, new technologies are deployed without adequate consideration into how to protect them from increasingly sophisticated hackers and malware.

Security Considerations

The risks are obvious in hindsight. Building management systems of yesteryear tend to have limited roles, typically revolving around core systems such as fire and safety, and air conditioning. On the other hand, demand for smarter buildings means that a smorgasbord of advanced systems ranging from access control systems, IP cameras, lighting systems and even door locks – among others – are being added to the mix.

These systems are being hooked up to traditional IT networks for ease of management and uniformity. On the flip side, this prevalent practice places them a short network hop away from the Internet, potentially exposing them to takeover attempts by malicious parties.

And for organisations mulling if they should reduce technology use to minimize risks, Josh Herrenkohl from Ernst & Young says that this won’t work given the extensive digitalisation of businesses today. Instead, he notes that organisations would be better served with a “well-planned, all-encompassing cyber strategy”.

Hand operating the digital image of security padlock with gesture interface technology.

Addressing the Topic

So how can organisations ensure that their smart buildings are adequately defended against cybersecurity threats? “Like many challenging issues, the first step in addressing these risks begins with a conversation,” explained Villeneuve.

Though getting the specialists who manage the building control system to talk with those in charge of IT security might be daunting, it represents a crucial first step that will eventually pay off. Among the topics they need to discuss are the steps to access and protect legacy “Operational Technology” or OT systems, and how they might be bridged through an IT Security Monitoring Zone for enhanced protection.

Where external expertise might be desired, trained cybersecurity consulting specialists who are experienced in securing commercial buildings can be engaged to facilitate or lead these conversations, and to offer expert advice.

For now, you can learn more about Schneider Electric’s extensive range of Real Estate solutions here.