Cybersecurity for Real Estate: Securing Smart Buildings – Part 3
As the Internet of Things (IoT) for environmental, social and givernance (ESG) continues to expand, real estate organizations are turning to the technology to keep their buildings safe, energy-efficient, and comfortable for occupants. Unfortunately, if a security-first approach is not adhered to, smart building technology exposes a building to significant risk from cyber-criminals who may attempt to gain access to insecure IT systems.
The solution is to have the most robust smart building digital infrastructure in place, such as the Digital Spine operating system, which is a proptech solution for facilities managers that uses highly secure encryption technology.
The Risk of Not Using Encryption
Whenever data is sent or received through the IoT network of devices within a smart building, there is a chance that a third party can intercept the data within the signal. Unencrypted, this information can then be reinterpreted and read, putting businesses and individuals at enormous risk of identity theft, fraud, and theft of confidential data. Corruption and manipulation of IoT connected operations within a building puts the entire HVAC system or mechanical breathing of a building in jeopardy, not to mention elevators, life safety alarms, access points, and so much more. Frankly, the risk to property and human life of a potential breach is alarming. In real terms, the damage of such a breach would likely go far beyond tainting the reputation and damaging the brand of the building owner/operator involved.
With the rise of IoT across the built environment, the importance of protecting data has increased massively. Data breaches can happen to any organization, with unencrypted devices being one of the principal threat points. In many existing smart buildings, the combination of ad hoc installations, retrofitted IoT devices and older BMS protocols that do not put security first means these systems are at very real risk of cyber-attacks and data loss. Such breaches put a company at risk of fines, investigations, litigation, loss of business and threat to occupants.
What is Encryption?
Encryption is, therefore, a way to make any data that comes and goes through a BMS or a connected IoT device or ESG measures unreadable to both a computer and a human. This technology has been around for a while, with most web pages now using SSL certificates to encrypt the data transmitted to a website, making online transactions and data conveyance secure. For smart buildings, this technology becomes a vital enabling core that allows for secure layers and plugins.
Encryption scrambles the data so that only parties who have been authorized can understand the information at the other end. This interpretation relies upon a cryptographic key, a cipher that both the sender and recipient of the encrypted data agree on. The team at Standard Access are world leaders in real estate cybersecurity through their developed IP.
This process of encryption happens quickly and automatically, with no effect on performance or user experience. Almost all devices now use encryption, from sending private Whatsapp messages on your mobile phone to encrypted Zoom meetings on the laptop and, bluntly, some are more secure than others.
Encryption is vital to keeping the information we send over the internet private
Asymmetric and Symmetric Encryption
There are two types of encryption: asymmetric and symmetric.
With asymmetric encryption, there are two keys involved in encryption, public and private. While mathematically related, the two keys are distinct from one another. After data has been sent to a server, the public key encrypts it. This data can only be decrypted using the private key held by the intended recipient. This encryption method is used for increased data security and digital signatures such as SSL protocols, cryptocurrencies, and encrypted emails.
The other type of encryption is symmetric, which is faster but only uses one key to encrypt and decrypt data. Having only one key means symmetric encryption is less taxing on networks and device CPUs and has use-cases such as payment applications and message validation. There is only one key involved, which both encrypts and decrypts data.
128 Bit and 256 Bit Encryption
This single key, used in symmetric encryption, comes in two flavours: 128 Bit and 256 Bit. The numbers here pertain to the length of the randomly generated numbers in the encryption key involved. In other words, the key that locks and unlocks access to the secure data is either 128 digits long or 256.
This key is a series of binary digits: 1s and 0s, with the 128 Bit key having 2128 possible combinations and the 256 key 2256.
While, in theory, a hacker could decrypt the key by brute force checking every combination of digits, the reality is that it would take access to a supercomputer and many years of persistent attack to do so. For this reason, even governments and financial institutions are happy to use symmetric encryption to transact sensitive information and protect national secrets.
256 Bit Encryption is the Most Secure
Despite both encryption lengths being able to safeguard data well, having double the possible digit combinations means 256 Bit encryption is the more secure protocol. Having such an enormous amount of possible keys means it is impossible to crack, with lengths of time involved that are beyond our understanding.
As we connect our built environment to the wider world, it is critical to make sure the data coming and going is encrypted to prevent outside forces from accessing data or attacking building management systems.
About Standard Access:
Established in 2014 by Damien Browne, Standard Access is the global leader in IoT digital spine secure data transmission for smart building technologies, providing solutions for contactless building access through the patented Sonic Handshake®, along with a suite of AI-enabled solutions for building owners/operators and their tenants. www.standardaccess.co