Data Analytics & Smart Building Science Articles | Buildings IOT Blog

Organizations increasingly turn to smart buildings to drive energy efficiency, productivity, occupant comfort, and environmental impact. While this has created great opportunities, it also introduces new vulnerabilities. A security-first approach that includes a data encryption strategy is essential to protect occupants, employees, and the building itself. By understanding data encryption benefits, you can create a robust security solution that keeps your assets safe. 

Smart buildings offer tremendous benefits. From energy reduction to increased productivity to better occupant experiences, it’s no wonder smart technology is becoming an essential part of modern buildings. But with increased connectivity and each device serving as a potential point of entry, smart buildings are vulnerable to cyber attacks in ways that traditional buildings are not. 

There is no single set of cybersecurity standards for the design and installation of building control and automation systems. Instead, cybersecurity strategies have historically varied depending on how developers, designers, and vendors approached each building’s requirements. But the network-connected IoT devices used in smart buildings are highly susceptible to cyberattacks. According to a 2020 report:

Making your building smart leads to significant improvements in efficiency, occupant comfort, and performance. But smart technology means more connectivity, and more connectivity means new vulnerabilities. 

The increasing connectivity of building control systems and the growing complexity of smart buildings has drastically increased the potential for IoT cybersecurity vulnerabilities. According to a 2019 report, nearly 40% of computers used in smart buildings automation control were affected by malicious cyberattacks in the first half of the year—and cybercrime shows no signs of stopping.

Information technology (IT) and operational technology (OT) within buildings have historically stayed in their own siloes. But smart buildings are changing that. In intelligent built environments, building systems are becoming more connected than ever before and collaboration with IT infrastructure is becoming not just possible, but necessary.

Digital transformation has uncovered new ways in which to leverage data and improve the performance of built environments. Perhaps chief among these innovations is the integration of smart technologies and analytics with automated building management systems (BMSs), allowing buildings to become more energy efficient, more responsive, and more comfortable.

Throughout the Coronavirus pandemic, Internet of Things (IoT) technology has provided important tools for countless industries. IoT enables doctors and other healthcare workers to diagnose and treat patients remotely, deliver vital medical equipment and medicines to remote areas, and IoT-enabled robots are even helping keep healthcare facilities clean, reducing the risk of transmission. Office buildings are turning to IoT devices to monitor air quality to prepare buildings for reopening and keep occupants safe. IoT sensors are increasingly being paired with intelligent analytics in all types of commercial buildings to improve fault detection and diagnostics to allow for remote monitoring and to minimize the need for on-site personnel.

Deployment of Internet of Things (IoT) devices in commercial buildings and the universal network connectivity of equipment is increasingly investigated and pursued by owners, facility managers, and contractors. Their impact on building automation systems can be significant, opening up opportunities for improved efficiency, better operational performance, and enhanced occupant comfort. But security concerns should be considered carefully to ensure the introduction of these technologies does not create new vulnerabilities.

In 2019, the U.S. Cybersecurity & Infrastructure Security Agency, a division of the Department of Homeland Security, issued a clear advisory about Optergy’s Proton/Enterprise Building Management System after finding that “successful exploitation of [specific] vulnerabilities could allow an attacker to achieve remote code execution and gain full system access.”