Following on from Part 1 of our Smart Building Security series, which can be accessed here https://standardaccess.co/securing-smart-buildings, this week we look at at the rise in Internet of Things, or IoT, devices, why that is, and what are the security concerns around the ad hoc proliferation of devices within a smart building.
Massive rise in IoT devices
The phrase the Internet of Things, or IoT was actually coined by British technologist Kevin Ashton back in 1999 and there are many definitions, the simplest being, it refers to all of the devices around the world that are connected to the internet, collecting and sharing data. Almost anything within a building (and outside of it) can be designed or modified to become part of the IoT, from light bulbs and thermostats, right through to elevators, and everything in between. By adding sensors and connecting up all of these different devices, each becomes ‘smart’, communicating and sharing real-time data, and collectively, they transform the building into a so-called ‘smart building ‘. There are literally billions of IoT devices all around the world – connected ‘things’ are predicted to exceed 40 billion by 2025 – and the built environment has been fundamentally changed as a result, despite being relatively late to the digital transformation party. At an individual level, IoT powered by artificial intelligence, or AI, synthesizes data, makes decisions, and takes or prompts action that transforms buildings, making them more responsive, which enhances user comfort and ensures optimum performance from an energy perspective.
IoT is also instrumental in maintaining the digital twin of the physical building by helping building operators to understand and manage the asset, which is becoming increasingly important for the lifecycle of the building.
For every conceivable problem and pain point experienced within an older building, there is a potential solution enabled by IoT. There are many reasons why IoT is on the rise within the built environment, not least of all because this is a traditional industry that has transformed very little over the preceding decades, leaving many very obvious problems to be solved. Innovators globally are rising to the challenge and solving these problems, enabled by the roll out of 5G in many parts of the world.
This sounds like a good thing for the industry, more solutions means less problems, right? Unfortunately not. In practice, we are seeing the ad hoc installation of IoT solutions for relatively minor inconveniences, that have the potential to become points of vulnerability for the smart building if the right infrastructure, like the Digital Spine operating system, is not in place.
Industry trust in smart buildings and the security of the enabling infrastructure, or lack thereof, has yet to be tested in any meaningful way. However, it would be naive to think this won’t happen in the near future.
As mentioned above, ad hoc installation of seemingly benign IoT solutions can actually weaken and threaten the security of a smart building. At a basic level, network infrastructure is powering everything within a smart building. Without connectivity and robust security, the building is at best ‘dumb’ or at worst, vulnerable to cyberattack. This is due to the makeup of the IoT, which, unlike other IT systems, is not actually one system; it is a collection of devices from different sellers, with different operational and safety protocols that is constantly interacting with the physical world and therefore more open to external or malicious compromise. IoT solutions are vulnerable to attack through the hardware, which is the device itself, through the software or application, through the user interface or platform, and through the network itself.
Another key point of difference between IoT and more typical IT systems is the security solution (including encryption) required based on the memory and computational capacity of the devices in question, which we will be discussing further throughout this smart building security series. Next in this series, the team at Standard Access will explore the impact of cyber threats to the BAS, or Building Automation System, and to the BOS, or Building Operating System.
About Standard Access:
Established in 2014 by Damien Browne, Standard Access is the global leader in IoT digital spine secure data transmission for smart building technologies, providing solutions for contactless building access through the patented Sonic Handshake®, along with a suite of AI-enabled solutions for building owners/operators and their tenants. www.standardaccess.co