Securing smart buildings

Cybersecurity

Durgan Cooper, CEO at Juberi, discusses the imperative of cybersecurity in the era of intelligent infrastructure.

As our cities become smarter, the buildings within them are evolving into complex ecosystems of interconnected devices and systems. These smart buildings, designed to optimise energy efficiency, enhance occupant comfort and streamline operations, are becoming an increasingly common feature in modern urban landscapes. However, with this technological advancement comes a critical challenge: the need to secure the vast amounts of data these buildings generate and
the infrastructure that supports them. All whilst connecting smart buildings, and the data from them, to fit and enhance corporate ESG strategies.

In the realm of smart buildings, cybersecurity is no longer an optional consideration; it is
a fundamental requirement.

As buildings are fitted with sophisticated systems for managing HVAC, lighting and power consumption, the data produced by these systems becomes invaluable. This data is essential for making informed decisions that reduce energy consumption, lower operational costs and improve the overall efficiency of the building. However, if left unsecured, this data is at risk of being manipulated by malicious actors, leading to potentially devastating consequences.

The cybersecurity challenges
in smart buildings

One of the most pressing concerns in smart building cybersecurity is the integrity of the data generated by building management systems (BMS). If this data is tampered with, it can lead to a cascade of problems. For instance, manipulated energy consumption data could result in over or underheating of spaces, leading to discomfort for occupants and increased energy bills. In more extreme cases, such tampering could pose safety risks, such as disabling critical systems like fire alarms or security cameras.

Another challenge is the physical infrastructure that underpins these smart systems. Many buildings, particularly older ones, are operating with network infrastructures that were installed decades ago. These legacy fibre networks were not designed
to handle the data demands of modern smart buildings, which include bandwidth-intensive services such as HD CCTV. As
a result, these networks can become bottlenecks, limiting the effectiveness of the smart building systems they support.

Operational Technology (OT) and Internet of Things (IoT) devices add another layer of complexity. These devices, which include everything from smart thermostats to building access controls, are often slower
to receive updates and patches compared to traditional IT systems. This makes them particularly vulnerable to cyber attacks. While initiatives such as the UK’s recent launch of an IoT cybersecurity standard by Iasme are commendable steps forward, the industry still faces significant challenges in securing these devices.

The importance of securing network infrastructure

At the heart of a secure smart building lies a robust network infrastructure. Modern smart buildings require high-capacity, secure networks that can support the data demands of various systems. This means investing in updated fibre networks capable of handling not only current demands but also the increased loads that future technologies will bring.

Security appliances such as firewalls, intrusion detection systems and real-time monitoring tools are crucial components of a secure network infrastructure. These tools provide the necessary visibility to detect and respond to potential threats quickly. However, their effectiveness is contingent upon regular updates and maintenance.

A firewall is only as strong as its last update, and visibility tools are only useful if someone is actively monitoring them. Physical security is also an often overlooked aspect of cybersecurity in smart buildings. Ensuring that server rooms, network closets
and access points are secure from unauthorised access is just as important as securing the data that flows through them. A breach in physical security can lead to catastrophic results as attackers can gain direct access to the building’s network.

Proactive cybersecurity measures in smart building design

Server Rooms
Ensuring that server room, network closets and access points are secure from unauthorised access is just as important as securing the data which flows through them

To effectively secure a smart building, cybersecurity must be integrated from the very beginning of the design process. This proactive approach ensures that security measures are built into the building’s infrastructure rather than being added as an afterthought. By considering cybersecurity at the design stage, potential vulnerabilities can be identified and mitigated before they become issues.

Continuous monitoring and regular updates are also essential. The cybersecurity landscape is constantly evolving, with new threats emerging every day.
To stay ahead of these threats, smart building systems must be continuously monitored, and both software and hardware components must be regularly updated. This ongoing process is crucial for maintaining the integrity and security of the building’s systems.

Another key factor in maintaining a secure smart building is the human element. Even the most advanced security systems can be compromised
if the people who use them are not adequately trained. Building managers and occupants need to be aware of the potential risks and trained to recognise and respond to security threats. Regular training sessions and awareness campaigns can help ensure that everyone involved in the building’s operation understands their role in maintaining its security.

Looking ahead: Future trends
and considerations

As technology continues to advance, the cybersecurity challenges facing smart buildings will also evolve. Cybercriminals are constantly developing new methods to exploit vulnerabilities in smart systems, and the smart building industry must remain vigilant to stay ahead of these threats.

Regulatory compliance will also play an increasingly important role in the future of smart building cybersecurity. Governments and regulatory bodies around the world are beginning to recognise the importance of securing smart infrastructure, and new standards and regulations are
likely to emerge. Adhering to these standards will not only ensure the security of individual buildings but also contribute to the overall safety of our increasingly connected cities.

Finally, the need for collaboration between building developers, technology providers and cybersecurity experts cannot be overstated. Creating secure, resilient smart buildings requires a concerted effort from all stakeholders involved. By working together we can build a future where smart buildings are not only efficient and comfortable but also safe and secure.

Conclusion

In conclusion, as smart buildings continue to rise in prominence, the importance of cybersecurity within these structures cannot be ignored. From securing data to ensuring robust network infrastructure and proactive threat management, every aspect of a smart building must be designed with security in mind. By prioritising cybersecurity, the smart building industry can protect both the physical and digital assets within these advanced structures, ensuring that they remain safe, efficient and resilient in the face of evolving threats.

At Juberi Group, we are committed to providing the expertise and solutions needed
to secure the smart buildings
of today and tomorrow. As the industry continues to evolve, we stand ready to help our clients navigate the complex challenges of cybersecurity, ensuring that their buildings are not only smart but also secure.

Related links:
Related articles:



modbs tv logo

Four new appointments at BCIA

THE Building Controls Industry Association (BCIA) has appointed a new Vice-President and three new additions to its Management Committee.

Engineering services alliance welcomes retentions reporting legislation

Engineering services alliance Actuate UK has warmly welcomed the new secondary legislation which will require reporting of cash retentions held by the large construction companies under the Reporting Regulations.