Maximize Cybersecurity in Smart Buildings to Protect Employee and Occupant Data
Smart buildings offer tremendous benefits. From energy reduction to increased productivity to...
There is no single set of cybersecurity standards for the design and installation of building control and automation systems. Instead, cybersecurity strategies have historically varied depending on how developers, designers, and vendors approached each building’s requirements. But the network-connected IoT devices used in smart buildings are highly susceptible to cyberattacks. According to a 2020 report:
As smart buildings increasingly depend on IoT technology, understanding and following the best available IoT cybersecurity standards is critical to prevent cyber intrusions and protect valuable data.
The IT security standards series ISO 27000 and IEC 62443 are the two most common international cybersecurity standards series used for IT and OT networks in smart buildings. Stakeholders in smart building environments need to ensure that the equipment and processes used for building automation and control meet these standards to avoid security breaches.
|
ISO 27000The ISO 27000 series includes 60 sub-standards for information security management systems. The series provides specific cybersecurity guidelines for smart building equipment including:
|
|
IEC 62443The IEC 62443 standards focus especially on security risks to OT networks, including those in smart buildings. The series outlines specific technical requirements for building automation systems with which service providers should comply and provides guidance for manufacturers of automation components. |
The benefits of improving security and ensuring robust risk management through IoT cybersecurity standards in smart buildings include:
That last point is key: implementing standardized IT security processes and adhering to cybersecurity best practices are vital in smart buildings.
In contrast to the traditional security models, the modern cybersecurity architecture is built on a Zero Trust approach that emphasizes the elimination of implicit trust on an organization’s inside network. The implicit trust enables all users within an organization’s network to move laterally and access sensitive data due to lack of granular security controls. Current cybersecurity best practices are rooted in the principle that every stage of digital interaction should be validated.
The National Institute of Standards and Technology (NIST), a non-regulatory federal agency, is one of the most well-known names in the cybersecurity industry. The NIST Cybersecurity Framework offers guidelines on cybersecurity best practices and recommendations to help organizations prevent cyber intrusions into their networks. When applied to smart building environments, these best practices minimize cybersecurity risks.
Best cybersecurity practices in smart buildings include:
|
When it comes to determining security vulnerabilities in your building and complying with IoT cybersecurity standards, you need customized strategies to protect your building systems and equipment. As building experts, Buildings IOT can help you incorporate industry-mandated security standards throughout your portfolio and keep your assets safe from cyber threats.
Learn more about zero trust cybersecurity in our Zero Trust for Operational Technologies (OT) whitepaper. Download the whitepaper here.
Richard Miller leads Buildings IOT's IT team to deliver managed services to smart buildings from data centers to shopping malls. He writes about cybersecurity for smart building systems, IT/OT collaboration and more.
Smart buildings offer tremendous benefits. From energy reduction to increased productivity to...
Chilled water-based cooling systems account for significant energy consumption and maintenance...