Uniting the Physical and the Digital
Businesses are now choosing the cloud and IoT-based technologies
- By Steven Turney
- Jul 30, 2020
As the Internet of Things (IoT) becomes mainstream, companies are delving into the ramifications of adoption, including its benefits, challenges, and opportunities--not least, the implications to security and cybersecurity. Many see IoT solutions as a way to increase efficiency and reduce costs while providing new avenues for development and modernization for buildings.
Therefore, many businesses are now choosing to use cloud-and IoT-based technologies throughout their properties, including building management systems which integrate data on lighting, physical security, workplace wellness, HVAC and other systems into one display, and smart devices like power quality meters, digital power meters, and smart circuit breakers.
Over the past few years, the adoption of IoT technologies has increased at a rapid pace. And rightly so: the International Facility Management Association (IFMA) estimates that with active controls and IoT-enabled technology, properties can expect a 50 percent increase in cost efficiency, including maintenance, energy, and other recurring costs. Incorporating IoT capabilities into facilities enables building managers to implement analytics and even predictive maintenance, allowing facilities to operate as efficiently as possible while also helping to reduce the overall operating expenditures and maintenance costs.
But in order to ensure that this continued growth is sustainable, facility managers and owners alike must address increasing concerns about IoT security, developing effective strategies to protect building data, collected via the IoT and connected devices, from outside threats.
As smart buildings become equipped with AI and digital IoT technologies, they are better able to identify and implement efficiencies (particularly in the areas of sustainability, energy efficiency and operating costs), extend the performance and longevity of building infrastructure assets, and improve the experience, comfort, and productivity of building occupants.
Smart devices allow facility teams to gain unparalleled access to the entire operating environment and allow for measuring and collecting data, as well as providing functional control. By incorporating smart devices, not only are these systems monitoring equipment performance and sharing alarms on threats to reliability or efficiency, they make it possible to measure communications and electrical data and other parameters at key points throughout a facility’s power network, from the main utility to individual plug loads.
This capability also extends to the facilities lighting and security platforms, enabling tighter integration which historically has not been possible, while also increasing security staff effectiveness through automated deterrent actions, increased situational awareness and deeper reporting capabilities.
However, breaches of building systems or sensitive data can cost millions in regulatory penalties, disrupt core business functions, and threaten business reputations to a level that could impair consumer, employee, and investor confidence. Because of this, it is critically important that the systems of today, which will carry forward for years to come, be designed and deployed with a keen eye on cybersecurity and data protection.
There are many benefits that smart buildings can provide while simultaneously mitigating cybersecurity risks. Building owners, operators and even occupiers need to understand the way smart building control systems are architected and managed from a cybersecurity perspective to capture the full benefits of intelligent buildings.
Protecting Buildings Against Digital Threats
In order to secure buildings after implementing IoT-based systems, IT teams will need to implement similarly IoT-based cybersecurity solutions in order to thwart digital attacks. Adoption can include the use of encryption and multi-step authentication to protect communications between workstations, controllers, and mobile devices.
Deploying systems which start their development cycle with a focus on securing by design and leverage the latest in encryption are important factors that today's building designers and operators should take into consideration. Designers can no longer say that the security of the technology installed is the responsibility of the network which they reside on.
The best approach is to focus on built-in security. Having a comprehensive system that has a process to design, build, manufacture, and deliver solutions that are based largely on ISO 27034 cybersecurity standards and ISO 9001:2015 is key.
These help ensure that cybersecurity is not an afterthought, but is a critical fundamental aspect of the development cycles and incorporated from the outset, then managed and measured throughout the entire product development process, from concept to decommissioning. Saying that something is designed with cybersecurity in mind is important, but it is even more crucial to have dedicated cybersecurity test labs where platforms can be thoroughly tested and even include third-party validation.
For example, a team that uses leading open source and commercial grade cybersecurity tools along with in-house technologies and techniques are able to ensure cybersecurity from a project’s start to finish. IT would also be helpful to employ independent, CREST-certified laboratories to further validate the security of the building control solutions. Furthermore, having a product that has been validated by several large global companies from diverse industries such as banking and finance, hotels, healthcare, and more could be beneficial.
Similarly, there are now new standards and protocols that are being implemented to ensure cybersecurity is maintained and managed across each system connected to mobile applications. System manufacturers increasingly provide security training to application developers in the effort to ensure that their own clients are complying with these standards.
Simultaneously, business managers incorporate extensive testing, secure code practices, threat modeling, and more to make sure their teams are following security regulations. Equipment manufacturers, in another part of this equation, provide customers and partners with thorough instructions and documentation to indicate that they are deploying their equipment securely, effectively, and efficiently. A growing number of facility managers also have begun to allocate dedicated staff to cybersecurity teams to provide support, maintenance, and installation services to incidents or vulnerabilities.
As attacks become more common and sophisticated, businesses need to keep up to date with the latest solutions as hackers continue to familiarize themselves with existing security solutions and work around them. Evolving processes and procedures with changing security needs will be vital to ensuring facility success. Network managers should also plan to continually train staff to ensure cybersecurity systems and protocols continue to evolve and are continually updated and followed across the organization.
Protecting Against Physical Threats
With the adoption of IoT comes added benefits for access control and on-site security as well. As the use of cloud and IoT-enabled devices continues to grow, it is becoming more commonplace for security personnel to have mobile devices connected to their building’s systems.
Multiple industries are integrating mobile devices into their daily workflows, giving more opportunities for the benefits of remote access to be realized. It is likely that mobile tools with remote access will become an increasingly important part of building security and management, as security teams consistently use their devices to monitor various aspects of their building to ensure their occupants’ safety.
Through remote monitoring, security professionals can access all of their building’s security systems including video monitoring, intrusion detection, and visitor management through mobile devices. Moving beyond the control room, security teams can stay visible throughout the entire facility while also monitoring real time information through devices connected to the cloud-enabled services.
Security staff can make clearer decisions and provide faster responses by accessing this information at any time, from any place. As security management tools continue to develop, building managers, end users, dealers and integrators need to be aware of how they are changing building security management, and how they will affect its future.
Building managers are not alone in the effort to ensure that IoT-enabled systems for buildings are protected. This effort is being taken seriously across the industry, and as IoT-connected building management systems become more popular, new standards and protocols are being implemented to ensure cybersecurity is maintained and managed across each system connected to mobile applications.
Looking ahead, one of the biggest advances for all of security and building automation will be with analytics tools. Analytics will be able to unite all facility systems and their resulting data and metadata and turn them into actionable insights which can be used for improvements and innovations. Using such tools will make a profound impact on the support of the building, its occupants and assets, creating a significant change in the maintenance of facilities large and small.
We see a continued increase in the adoption of cloud services due to the overall benefits, and a growth in facial detection and recognition in the area of access control. Additionally, I expect the industry will evolve integration beyond traditional security. Today’s enterprise customers are looking for integration that goes beyond cameras, intrusion sensors, and intercoms and moves into integration with lighting, building management, services, tracking and even vehicle management systems.
By providing security professionals with the tools to work from anywhere, giving them a view of all their properties—inside the network infrastructure and outside the physical walls—buildings can be more secure than ever.