Aurecon - Global Expert Consulting Engineers Aurecon is the global leader in consulting engineering.

The Buildings Internet of Things (IoT) will provide more entry points for hackers.

Easy life, complex technology

How will we stay secure?

The Buildings Internet of Things (IoT) will provide more entry points for hackers. 

The first documented cyber attack of a building control system was the explosion of a gas pipeline in Siberia over 30 years ago in 1982. Fast forward to 2018 and the rise in intelligent buildings means the opportunity for cyber attacks in property has grown exponentially. Cyber attacks have moved to being costly, time-consuming
events as the resources to wreak havoc have become easier and cheaper to procure.

With IBM estimating that a single data breach costs a company close to USD 4 million on average, the cost of ignorance is far too high to ignore. The question we must ask ourselves is not if, but when, it happens – how can we protect against and manage this?

Firstly, it’s important to note customers are willing to share personal data in exchange for better service. Sixty-one per cent of millennials are happy to share personal data if it leads to a more personalised in-store or online shopping experience, while 58 per cent will share personal data to power product recommendations that match their needs. As consumers continue to expect more from their buildings, they will also trade their personal information in exchange for a superior user experience in that building. However, we need to make sure that the trade-off is safe with many cybersecurity events now attempting extortion for data.

How does data security relate to buildings?

Given our willingness to share our personal data, it’s also expected that residents are happy for hotels, concierges and body corporates to retain key information. However, in many buildings a computer as old as the building typically runs the automation system application, graphics, and database. IT groups are not always aware of standalone computers for different facilities and therefore the device rarely receives critical security patches.

Often systems operate on legacy technology and, most building automation systems are old and not typically upgraded until a major update is absolutely necessary or something breaks. Alarmingly, a failure to roll out mandatory security patches on employee computers caused the United Kingdom’s National Health Service to suffer a significant ransomware attack in 2017. The attack resulted in cancelled operations, diverted ambulances and patient records being made unavailable in England and Scotland.

Virtualising security patches in the cloud is one option of overcoming this ongoing challenge.

Education across functions is critical given few facility managers have an IT background. Systems are often designed, supplied and maintained under commercial contracts without cybersecurity protection ever being a top consideration. Vendors and products are not regularly assessed on their cybersecurity with landlords often failing to fully examine contracts to check who can access data generated.

What can be done?

The growing IoT will create more entry points for cyber attacks to happen in buildings of the future. As attacks become more prevalent and sophisticated, building systems will require an ongoing security strategy to maintain protection. Throwing tech inside a building is only part of the story – investment is also required to ensure that a building’s systems remain secure forever.

Designers, engineers and building developers and operators could be held liable if a cyber attack causes harm to building occupants. Conditions that seem benign, such as turning off all the lights, could result in unsafe conditions as people try to leave the building. More severe situations could be caused by, for example, turning off ventilation to a chemical room, allowing harmful fumes to spread in a building. Building developers need to consider cyber attacks early in the design process with an emphasis on prevention, mitigation and recovery.

Questions we should be asking

  • Are we ready for the inevitable cyber attacks that will threaten our operation of buildings of the future?
  • We have become all too familiar with security breaches of our data – how much should we trust privacy of our online personal information?
  • How would this equate to buildings?
  • Which machines in buildings do we not want to connect?

It's time to start asking the right questions

Take our quiz to find out if you are ready to navigate the complex world of the Building Internet of Things! At the end, download a certificate to showcase your credentials either as a technophobe, a cool customer or a tech nerd.

We will be collating the results to help you, and us, understand how far we have come, and how much further we need to go, to achieve an easy life, using complex technology.

Start the quiz

Return to Easy life, complex technology

To top