With exclusive insights from 22 Bishopsgate's Glenn Cowell on mitigating cybersecurity risks for smart buildings.
According to Kaspersky, nearly four in ten smart buildings have been affected by cyber attacks.
Smart buildings offer increasingly energy-efficient, comfortable, and highly-adaptive environments to work and live in. Yet as the range and sophistication of smart building functions expand, so do the associated cybersecurity risks. The rapid growth of IoT (Internet of Things) devices is generating more and more entry points to a building for 'bad actors' (malicious hackers) to exploit. While these risks are well known in the IT world, the building management sector is still bridging the gap between the technology available and technical knowledge needed to keep smart buildings secure.
Given the potentially devastating data security, financial, and reputational impacts of a cyber attack, cybersecurity is an issue smart building owners and managers simply cannot afford to underestimate. However, there are proven ways to mitigate these risks and keep smart buildings secure, as we’ll discuss here.
Why cybersecurity matters for smart buildings
Smart buildings offer the ability to control, monitor, and automate a variety of functions using technology: heating, ventilation and air-conditioning (HVAC), access to doors, lifts, and specified areas, lighting, power, fire alarm systems, CCTV, and more.
Over time, a smart building may end up with a tangle of systems and applications controlling different functions, all plugged into the building’s network. If careful attention isn’t paid to how each is created and managed, cybersecurity weak spots and gaps can be exploited.
Without stringent control and oversight of smart building functions, there risk of malicious access to the building's networks and systems through IoT devices (e.g. heating or lighting controls) increases with every connected device.
This can lead to sensitive data being stolen or leaked, such as confidential business documents and people’s personal information. In one infamous incident, hackers gained access to a casino’s database via an internet-connected fish tank. There are also examples of entire buildings being locked down until a ransom is paid, by disabling or taking over key functions such as door access, lighting, or power supply.
Aside from the immediate impacts, these kinds of breaches can lead to huge financial losses and reputational damage for the building’s owner. They may be sued by other companies whose businesses or websites were affected by the data breach, facing a government fine if regulations haven’t been properly upheld.
Mitigating cybersecurity risks for smart buildings
To prevent and manage cybersecurity risks, smart building management teams need to keep a firm grip on who can access and control networks, systems, and third-party applications (apps). Whenever new apps and systems are introduced, it’s vital to make sure they won’t compromise the security of the network or existing systems.
Glenn Cowell is Smart Systems Manager at the award-winning smart building 22 Bishopsgate in the City of London. He emphasises the importance of putting clear governance in place to mitigate cybersecurity risks, ideally when the building is in the early stages of development.
“Smart buildings need a cybersecurity governance policy which defines the owner’s requirements of the building, and the policies that smart functions need to work within. Try not to delve too far into what they might want in the future, but just set out clearly what they want out of the building, early on.”
At 22 Bishopsgate, third parties (such as application providers) are only allowed network access and control at a granular level. New apps and systems are introduced only after rigorous assessment by Glenn and his colleagues and with carefully defined and limited levels of control.
By keeping iron-clad control over access and permissions for all systems, 22 Bishopsgate ensures everyone in the building can go about their daily business, safe in the knowledge that all data and operations are secure.
The benefits of using a managed service provider
Because cybersecurity is still an emerging field in the facilities management sector, many smart buildings are now using a managed service provider (MSP) rather than seeking to do everything in-house.
Since its construction phase, 22 Bishopsgate has engaged network specialists Ideal to help plan for, mitigate, and reduce cybersecurity risks. As well as ongoing management and monitoring of the building’s converged network system (CNS), Ideal provide expert advice and guidance on cybersecurity issues.
Glenn explains the advantages of using an MSP:
“It’s reassuring to always have that professional expertise available at the end of the phone or in person. This building has a complex system, and while I understand it to a level, sometimes I need to go to someone and say, by doing X, can we do Y? Or: We want to try Z, what’s the best way to do it?
And Ideal have that expertise and capability. They fully understand the ins and outs of the converged network, and the security implications of different options. That's the advantage of having that managed service behind you – that reassurance.”
Ideal engineers work as an integral part of 22 Bishopsgate, collaborating with the Engineering and wider 22 teams, to resolve problems and keep everything running smoothly. This includes planning server downtime for routine maintenance to ensure minimal disruption to the building’s occupiers and visitors.
“The function that Ideal perform here is really critical to the building's function and operations." Glenn concludes.
Protecting smart buildings in summary
With cybercrime up by 600% since the start of the COVID-19 pandemic, smart building owners – and developers – cannot afford to be complacent about the ever-growing risks of IoT and network intrusion.
Developing and implementing an effective cybersecurity governance policy is crucial to keeping a smart building safe. It will help you avoid an ever-increasing sprawl of apps and systems with inconsistent, potentially inadequate access controls and other security settings.
But a policy is only as good as its actual implementation. Using an MSP like Ideal to protect and monitor your network and systems gives you peace of mind that your smart building and its tenants are kept secure around the clock. Good news for your organisation's operational, financial and reputational wellbeing.
Read more about how Ideal can help you keep your smart building running securely and smoothly. Or contact us on 01273 957500.