3 steps to minimize cybersecurity risks while reaping the benefits of smart building tech
A networked system of IT infrastructure and building controls is the foundation of optimizing building performance. However, this system creates a source for new cybersecurity risks.
Editor's Note: The following is a guest post from Casey Talon, research director at Navigant Research.
Digital transformation has become the construct of innovation across industries in the last several years. Executives are investing in and relying on data-driven solutions as a competitive advantage for attracting and retaining staff, driving efficiencies, and improving the bottom line.
Intelligent building solutions are the catalysts for digital transformation in the real estate and facilities management arenas. Building owners and facilities executives can select between combinations of hardware, software, and services to aggregate and amplify the data associated with their facility operations. They are also able to drive new operational and energy efficiencies through analytics and automation.
A networked system of IT infrastructure and building controls is the foundation of this new approach to optimizing building performance. However, this system creates a source for new cybersecurity risks. Customers can realize the full benefits of smart building solutions and retain a cybersecure network environment through a three-pronged strategy encompassing people, processes, and technology.
1. Define human capital roles and responsibilities
Intelligent building solutions require a convergence of IT and OT (operations technologies, such as HVAC, lighting, and access controls). Yet, isolation between these two departments remains common for many organizations. The decision-making, implementation, and management of intelligent building solutions is difficult, and the associated cybersecurity can be at risk without collaboration between departments or awareness of new investments.
To complicate matters, the facilities management discipline is challenged by an aging workforce and a skills gap between legacy electrical and mechanical expertise and the new data and IT infrastructure expertise, a prowess necessary for smart building solutions.
Two paths can be taken to maximize cybersecurity safeguards for intelligent building technology deployments, both of which offer huge opportunities for intelligent building solutions providers. Redefining skill requirements and expectations for the workforce can enable vendors to provide advisory service offerings to help educate customers on skill sets they should require and build within their organization. Alternatively, partnering with intelligent building solutions providers allows vendors access to a more turnkey approach in selecting, implementing, and managing intelligent building offerings. For many customers, the idea of outsourcing is becoming attractive, and interest is being bolstered by the introduction of as a service business models that eliminate the upfront capital burden.
2. Deploy consistent and robust security processes
While ownership of cybersecurity is shared, the biggest influence within an enterprise starts at the top. Taking a top-down approach is the surest way to strengthen security measures, as cybersecurity is an investment in both time and money. Funding is necessary for hiring skilled IT personnel, training, and securing technologies. It is also important for the C-suite to lead and develop a community that prioritizes security.
Successful deployment comes down to process. In large organizations, the IT departments have well-established processes for securing corporate networks. Today, the challenge is to expand this expertise to the operational team and broader organization as intelligent building solutions are deployed.
One reliable method is proactive access control, in which the IT department sets a requirement for two- or three-point authentication to access network-connected systems and software. This approach combines a set of access points, including password/pin, physical access cards, and biometrics. There are also new ideas for lower access control that utilize employees’ mobile phones and biometrics. Issues of privacy arise with these options and in many cases an opt-in model is the solution. This amplified security garnered through biometrics is particularly useful for critical facilities, such as hospitals and data centers.
3. Invest in solutions with security protections
Intelligent building solution components are increasingly offered with embedded security protections. Cybersecurity must be addressed at each layer of the intelligent building solution stack—the sensors and control system, network, application layer, and cloud integration. Customers want the benefits of data, analytics, and control, but also demand protections from business disruption and employee and customer safety. In many cases, vendors are utilizing components with embedded security down to the chipset on one end and partnering with major cloud providers to demonstrate the security of their SaaS analytics offerings on the other end.
Customers are increasingly aware of the need for cyber secure systems, but see the protection as table stakes, which limits their willingness to pay a premium and limits increased margins for highly secure equipment—a near-term challenge for vendors that need to invest in R&D and product development. This demand for security but pushback on costs further underscores the benefits to vendors of a more comprehensive offering. If intelligent building vendors bundle best-in-class cybersecurity solutions with advisory services or deeper partnership approaches, they are well positioned to grow their businesses in today’s marketplace.