Manage Learn to apply best practices and optimize your operations.

Smart building security: Cyber-resilience must be built in

As IoT and machine learning revolutionize the ways in which we live, work and play, it comes as no surprise that the market for smart buildings is expected to increase fourfold in the next 10 years. Enterprises in particular are implementing IoT and machine learning to manage office spaces and utilities more efficiently and to automate mundane, repetitive tasks. Organizations are optimizing all aspects of their corporate buildings with sensors and digital controllers for HVAC, electricity, surveillance systems and even parking spaces.

Although projections vary, industry experts agree that the smart building market is about to undergo a period of exponential growth. For example, Markets and Markets’ “Smart Building Market” report estimates the growth of smart buildings to rise from $7.42 billion today to $31.74 billion by 2022. Meanwhile, IoT device manufacturer ARM estimates that one trillion smart units will be built between 2017 and 2035.

While the progress towards smarter building infrastructure is impressive, it is important to remember that it is not without risk. Unfortunately, the diverse range of IoT systems within smart buildings are still running old, unpatched software and frequently communicate using nonstandard protocols. This makes malicious activity and potential security threats much harder to detect.

With a successful intrusion into the central control point or building automation system (BAS) within a smart building, the consequences could be dire. Upon access, hackers would have the ability to stop elevators from working, disconnect power supplies, hack into IP-connected cameras or create a botnet for launching distributed denial-of-service attacks on other systems. An intrusion into a government or financial institution’s BAS could even open up a gateway into their entire IT network, comprising personal information such as Social Security numbers or bank account information. Since smart buildings are such attractive targets for cyberattackers, cyber-resilience must be built in.

Built-in security

To enhance the security of IoT devices, U.S. Congress is considering passing the Cyber Shield Act of 2017 in order to eliminate the most common vulnerabilities in IoT design. Leading manufacturers like ARM are also working hard to strengthen security. ARM recently announced its Platform Security Architecture, a new systems architecture to help secure and protect connected devices by building in security at the design stage. According to ARM, one way to build in device protection is to prevent firmware tampering using strong, crypto-based boot architecture. Device management must be architected along similar trusted lines as well.

The next stage is to ensure intelligent systems communicate with one another securely by default. Virtual private networks (VPNs) provide encrypted connections to allow proprietary data in smart buildings to be transferred privately across the public internet between remote locations all over the world. Their flexibility means they can be readily scaled and adapted to meet any data exchange security requirements. With VPNs in place, even if a third party were able to eavesdrop on the network communication, the information itself would be indecipherable.

Moving forward, it is imperative that the building industry and developers strictly deploy smart systems that have security built in from the start. When it comes to connectivity, the implementation of VPNs is critical for protecting smart buildings and ensuring device data is kept private and secure.

In summary, as IoT and machine learning transform buildings into smart infrastructure, new security risks and vulnerabilities are bound to arise. While smart infrastructure offers a substantial amount of benefits, many IoT devices and management systems still run on legacy software and lack basic security measures. To decrease the risk of cyberattacks on smart buildings, infrastructure must have built-in cyber-resilience by securing all connection points using VPNs.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.