Back to Blog

Why Smart Building IoT Cybersecurity Standards Are Important

Image of Richard Miller
Richard Miller

There is no single set of cybersecurity standards for the design and installation of building control and automation systems. Instead, cybersecurity strategies have historically varied depending on how developers, designers, and vendors approached each building’s requirements. But the network-connected IoT devices used in smart buildings are highly susceptible to cyberattacks. According to a 2020 report:

  • 57% of IoT devices are vulnerable to medium- or high-severity attacks
  • 41% of attacks exploit device vulnerabilities

As smart buildings increasingly depend on IoT technology, understanding and following the best available IoT cybersecurity standards is critical to prevent cyber intrusions and protect valuable data.     

IoT Cybersecurity Standards for Smart Buildings 

The IT security standards series ISO 27000 and IEC 62443 are the two most common international cybersecurity standards series used for IT and OT networks in smart buildings. Stakeholders in smart building environments need to ensure that the equipment and processes used for building automation and control meet these standards to avoid security breaches.

safety-c-1

ISO 27000 

The ISO 27000 series includes 60 sub-standards for information security management systems. The series provides specific cybersecurity guidelines for smart building equipment including:

  • Digital controllers and automation components such as sensors
  • Building energy management systems
  • Distributed components of smart grid environments such as energy grids
  • Remote maintenance platforms for building systems

safety-c-1

IEC 62443

The IEC 62443 standards focus especially on security risks to OT networks, including those in smart buildings. The series outlines specific technical requirements for building automation systems with which service providers should comply and provides guidance for manufacturers of automation components.

The benefits of improving security and ensuring robust risk management through IoT cybersecurity standards in smart buildings include:

  • Unanimous security requirements: Robust standards create common security requirements for all building systems and make secure solutions possible.
  • Technical conformity: Common definitions of security terminology save time and reduce technical variations.
  • More controlled access to key users: Only allow users to access the information and functionality they need. 
  • Avoiding potential downtime between devices: Cybersecurity measures mitigate the chances of security breach and costly unplanned downtime between devices. 
  • Assurance to users: Building automation and control systems that pass conformance testing assure users that they have been developed according to the latest requirements.
  • Knowledge-sharing and implementation of best practices: A common understanding of cybersecurity concepts, terms, and definitions prevents errors and supports interoperability.

That last point is key: implementing standardized IT security processes and adhering to cybersecurity best practices are vital in smart buildings. 

Implementing Best Practices

In contrast to the traditional security models, the modern cybersecurity architecture is built on a Zero Trust approach that emphasizes the elimination of implicit trust on an organization’s inside network. The implicit trust enables all users within an organization’s network to move laterally and access sensitive data due to lack of granular security controls. Current cybersecurity best practices are rooted in the principle that every stage of digital interaction should be validated. 

The National Institute of Standards and Technology (NIST), a non-regulatory federal agency, is one of the most well-known names in the cybersecurity industry. The NIST Cybersecurity Framework offers guidelines on cybersecurity best practices and recommendations to help organizations prevent cyber intrusions into their networks. When applied to smart building environments, these best practices minimize cybersecurity risks

Best cybersecurity practices in smart buildings include:

  • Use Zero Trust approach: All internal and external users, devices, and applications must be verified before access is granted.

  • Inventory control networks: Periodically scanning the building’s control networks helps identify unknown devices that may pose a risk. 

  • Create unique user accounts: Unique user accounts are essential for tracking user activities.

  • Implement least privilege access: User access should be controlled according to the principle of least privilege, which states that users should only be given the level of access necessary to do their jobs.

  • Monitor network traffic: Along with monitoring frontend/application servers, network traffic should be monitored to detect any unusual device-to-device traffic.

  • Document response plan: A well-documented and practiced response plan that clearly defines the roles and responsibilities of stakeholders can minimize the impact of a cyberattack.

  • Develop a recovery plan: A majority of cyberattack victims do not have viable system backups in place. Developing a sound strategy for data backup can help you recover critical building data in the event of a security breach. 


When it comes to determining security vulnerabilities in your building and complying with IoT cybersecurity standards, you need customized strategies to protect your building systems and equipment. As building experts, Buildings IOT can help you incorporate industry-mandated security standards throughout your portfolio and keep your assets safe from cyber threats.

Learn more about zero trust cybersecurity in our Zero Trust for Operational Technologies (OT) whitepaper. Download the whitepaper here.

 

CONTACT US


Related Posts

Top 10 Buildings IoT Cybersecurity Challenges and Their Solutions

Image of Richard Miller
Richard Miller

Throughout the Coronavirus pandemic, Internet of Things (IoT) technology has provided important...

Read more

Maximize Cybersecurity in Smart Buildings to Protect Employee and Occupant Data

Image of Richard Miller
Richard Miller

Smart buildings offer tremendous benefits. From energy reduction to increased productivity to...

Read more