Sign up for the Design News Daily newsletter.
Achieving Cybersecurity in Smart Buildings: Leave Nothing to Chance
Panelists say a detailed plan and step-by-step actions increases the likelihood facilities can mitigate, though not prevent, most security breaches.
August 23, 2022
3 Min Read
Securing numerous legacy systems against cyberattacks is a key challenge in smart buildings.Image courtesy of Oxana Grivina / Alamy
Smart buildings, with systems in place to automatically control factors such as access, lighting, and climate, continue to become a greater part of our lives with their promises of energy savings and greater convenience for both users and building operators. But securing the myriad systems in these facilities is no easy task and requires careful planning and execution, according to participants at a Smart Buildings Summit session held earlier this week by FierceElectronics.
Even with the best preparation, there’s no guarantee any building can be completely safe from cybersecurity threats, said Osman Saleem, Director of Cybersecurity and Privacy, at PwC Canada, in a keynote speech preceding the panel session. “Cybersecurity takes time and is a journey. It continually evolves with threats out there.”
Saleem added that smart building operators need to take three steps to ensure a reasonable level of security. The first is conducting a risk assessment to define and understand the risks to the facility. The second is developing a cybersecurity policy that is adhered and enforced through a compliance process. The third is technology implementation, which he added is best accomplished through a conversion network that connects the various legacy systems already in the building.
The seriousness of cybersecurity, Saleem noted, is borne out in sobering statistics that state every 39 seconds some security breach occurs, and that the average security breach costs a company $4.2 million.
Panelists agreed the cybersecurity issue is very serious and is not brought to most people’s attention. “You still must deal with them,” said session panelist Fred Gordy, Director of Cybersecurity for Intelligent Buildings.
Gordy recalled an instance where ransomware invaded a building network. Instead of tracking down the source of the problem, the network was simply backed up, which in turn caused the ransomware to damage the remainder of the network and incur expensive repairs to system hardware.
The serious nature of cybersecurity breaches is a message that has to reach all people in an organization, said Gord Erickson, Co-Founder/Chief Strategist of Smart-Buildings.io. “There’s more talk about building cybersecurity now, but I am not sure it is trickling down. The C-suite executives realize it, but work needs to be done on filtering the message throughout an organization.”
Intelligent Buildings’ Gordy reiterated Erickson’s point, adding, “You have to engage all the stakeholders, down to the technician on the floor, and engage everyone in buying to cybersecurity practices.”
Carefully controlling who and how your internal systems are accessed and modified is part of this engagement. Gordy recalled a company he worked for which had a common username and password for everyone. One fired employee proceeded to log onto the system with those credentials and hacked the system, wiping out much of the information on the server.
One of the challenges in building cybersecurity is the number of separate legacy systems already in place that have to be protected, noted Marta Soncodi, Smart Buildings Program Director of the Telecommunications Industry Association (TIA). “We have to consider that buildings are systems of systems. When we see events come up, we can see rampant complexity, technology that we bring in outpaces security.”
Another issue complicating smart building cybersecurity is the dearth of uniform standards. There is no one-size-fits-all set of standards. “You need to see what legislation applies to you,” said Intelligent Buildings’ Gordy.
Spencer Chin is a Senior Editor for Design News covering the electronics beat. He has many years of experience covering developments in components, semiconductors, subsystems, power, and other facets of electronics from both a business/supply-chain and technology perspective. He can be reached at [email protected].
About the Author(s)
You May Also Like
Generative AI Can Be Like an Expert in Your Pocket, Says Industry ExpertFeb 29, 2024|3 Min Read
The Spy Who Loved Cars: James Bond Movie Cars GalleryFeb 28, 2024|18 Slides
How to Build a Better Thermoelectric CoolerFeb 28, 2024|2 Min Read
Vehicle Architecture Evolution Demands Cloud-Ready ECUsFeb 28, 2024|1 Min Read