BOTF4 how will we stay secure banner

How will we stay secure?

Internet of Things (IoT) will provide more entry points for hackers.

The first documented cyber attack of a building control system was the explosion of a gas pipeline in Siberia over 30 years ago in 1982.

Fast forward to 2018 and the rise in intelligent buildings means the opportunity for cyber attacks in property has grown exponentially. Cyber attacks have moved to being costly, time-consuming events as the resources to wreak havoc have become easier and cheaper to procure.

With IBM estimating that a single data breach costs a company close to USD 4 million on average, the cost of ignorance is far too high to ignore. The question we must ask ourselves is not if, but when, it happens – how can we protect against and manage this?

Firstly, it’s important to note customers are willing to share personal data in exchange for better service. Sixty-one per cent of millennials are happy to share personal data if it leads to a more personalised in-store or online shopping experience, while 58 per cent will share personal data to power product recommendations that match their needs.

As consumers continue to expect more from their buildings, they will also trade their personal information in exchange for a superior user experience in that building. However, we need to make sure that the trade-off is safe with many cybersecurity events now attempting extortion for data.

BOTF how do we stay secure already happened hexagon

How does data security relate to buildings?

Given our willingness to share our personal data, it’s also expected that residents are happy for hotels, concierges and body corporates to retain key information.

However, in many buildings a computer as old as the building typically runs the automation system application, graphics, and database. IT groups are not always aware of standalone computers for different facilities and therefore the device rarely receives critical security patches.

Often systems operate on legacy technology and, most building automation systems are old and not typically upgraded until a major update is absolutely necessary or something breaks.

Alarmingly, a failure to roll out mandatory security patches on employee computers caused the United Kingdom’s National Health Service to suffer a significant ransomware attack in 2017. The attack resulted in cancelled operations, diverted ambulances and patient records being made unavailable in England and Scotland.

Virtualising security patches in the cloud is one option of overcoming this ongoing challenge.

Education across functions is critical given few facility managers have an IT background. Systems are often designed, supplied and maintained under commercial contracts without cybersecurity protection ever being a top consideration. Vendors and products are not regularly assessed on their cybersecurity with landlords often failing to fully examine contracts to check who can access data generated.

What can be done?

The growing IoT will create more entry points for cyber attacks to happen in buildings of the future. As attacks become more prevalent and sophisticated, building systems will require an ongoing security strategy to maintain protection. Throwing tech inside a building is only part of the story – investment is also required to ensure that a building’s systems remain secure forever.

Designers, engineers and building developers and operators could be held liable if a cyber attack causes harm to building occupants. Conditions that seem benign, such as turning off all the lights, could result in unsafe conditions as people try to leave the building.

More severe situations could be caused by, for example, turning off ventilation to a chemical room, allowing harmful fumes to spread in a building. Building developers need to consider cyber attacks early in the design process with an emphasis on prevention, mitigation and recovery.

The growing IoT will create more entry points for cyber attacks to happen in buildings of the future.

Questions we should be asking 

  • Are we ready for the inevitable cyber attacks that will threaten our operation of buildings of the future?
  • We have become all too familiar with security breaches of our data – how much should we trust privacy of our online personal information?
  • How would this equate to buildings?
  • Which machines in buildings do we not want to connect?


BOTF4 how do we stay secure security compromised

Explore the rest of the report


To top

Unfortunately, you are using a web browser that Aurecon does not support.

Please change your browser to one of the options below to improve your experience.

Supported browsers: