A growing number of commercial and private buildings are incorporating smart technology in their design and daily operations. Smart buildings bring a wide-range of conveniences to property managers, but the Internet of Things (IoT) technology that allows buildings and devices to communicate also presents a variety of security issues.
Smart buildings rely on a central building management system (BMS) that coordinates everything from air temperature to security profiles. A fully functioning BMS unlocks doors at the start of business, turns on the HVAC, and manages elevator usage to optimize intra-building traffic flow. In the wrong hands, the BMS can be used for everything from harassment to full-scale criminal activities.
The Five Big Targets
It doesn’t matter if the BMS is centrally located in the structure, off-site at a secure location, or in the cloud. Without the right security management protocols a BMS is a property manager’s biggest worry and a constant risk to unauthorized intrusions. Last year, Intel conducted a survey of over 500 building managers to determine which BMS components posed the greatest cybersecurity risks. The five systems that most concerned managers included are:
- Security systems
- IoT/M2M sensors or solutions
- People/Asset management
- Energy management
- Fire detection and alarms
Ultimately, any of these systems connects to wider and more inclusive devices with connectivity to sensitive data storage, servers, and even employee and customer information. As part of the BMS and connected through an array of IoT platforms, each is subject to malware attacks, identity and data theft, bots, and hackers among a variety of other threats. Keeping employees, corporate data, and clients safe is becoming a high priority for property managers who used to worry only about an intruder coming through the front lobby.
Stay a Step Ahead
One of the most important new technology advances for smart buildings is developing and implementing cyber resilience functionality. It requires that property managers work closely with a security partner specializing in IoT who can identify gaps and risks in a building’s smart-management platform. Even the most qualified property manager may not have the expertise and training to identify programming, connectivity, and other cyber-threat risks. The time to learn that your management team or security consultants are using last week’s technology isn’t after the elevators shutdown during morning rush.
A reliable IoT security firm is the one that understands tomorrow’s threats and technological attacks today and recognizes how to secure a BMS like a fortress.
In 2016, IBM ‘ethical hackers’ conducted a cyber-attack to determine BMS risks. The team was able to gain access to one BMS via use of three IP addresses. Once they had gained access, they found that the same password was used in various levels of security access — leaving the entire building vulnerable to their intrusion. At the close of the exercise, IBM pointed to a survey that found less than a third of building managers had taken measures to secure their BMS.
Over the next five years, smart buildings investment is expected to quadruple, meaning even more vulnerable technologies for hackers to exploit. In the world of BMS, the competition isn’t on the next block or across the street. It could be in a warehouse on the other side of the globe. Protecting property and personnel means finding and working with an IoT security firm with the vision to see the threat and stop it before it arrives.
This article was written by Roland Atoui, Managing Director & Founder of Red Alert Labs, expert in Information Security and Certification with more than 10 years of experience in the industry. From smart cards to smart phones to smart manufacturing, Roland is a new technology enthusiast with a current mission to bring trust to the Internet of Things. First the article appeared on Red Alert Labs blog.