With the increasing popularity of smart buildings, there is a heightened need for ensuring cyber security.
With the increasing popularity of smart buildings, there is a heightened need for ensuring cyber security. The extensive connectivity not just makes the buildings vulnerable, but provide access across building systems, which means a single malicious entry could mean buildings across the network could be accessed.
In a recent web post, the research firm
Memoori pointed this out, suggesting that the relative ease of mounting an attack means smart buildings without proper cyber security “might as well be made of sticks and straw”.
Connected devices mean that a cyber attacker could have access to a variety of functions within the building. This could include the HVAC systems, lighting systems and even entry/exit points, giving rise to a variety of potential security threats. The worst part is that advanced hacking software are widely available for those with the knowledge to use them. And even if they don’t have the technical knowledge, malicious individuals can pay hackers to do the work for them.
“An environment has been created in which anyone who wants to cause harm to a person or organization can do so through our cyber physical world with relative anonymity,” said Memoori, citing their recent report on smart commercial buildings. “Harm could range from ‘nuisance attacks to larger scale physical security breaches that adversely impact the overall operational viability of a commercial building, render it unsafe for its occupants, expose building owners to significant liability risk, and cause indelible reputational damage to the business’.”
There are several kinds of potential threats to organizations and businesses. These include thieves, vigilantes, activists or even disgruntled employees. However, to several organizations and businesses, cyber security continues to be a struggle. Most of them are at a loss when it comes to understanding the complex nature of this increasing threat.
“The lack of understanding and awareness of the nature of the threat is understandable given the complex and varied set of cyber-threats we are faced with. The complexity of building, businesses and IT systems, is often increasing faster than the stakeholders’ ability to prevent, detect, and respond to cyber-attacks,” Memoori pointed out.
As far as vendors are concerned, this is an uphill struggle. They have to constantly attempt to strengthen their offering and present their products in a highly fragmented market.
“For vendors looking to offer products and services in the market, conveying the value proposition of cyber defense investments to decision makers who lack a proper understanding of the nature of the risks can be challenging,” Memoori said. “The market is also still highly fragmented, and many vendors have yet to establish defined propositions, making it hard for them to stand out from the crowd and establish a level of product or brand recognition,”
On the positive side, there is a growing tendency to ensuring cyber security in smart buildings. The research firm notes that if we are to avoid a world where cyber-attacks on smart buildings are common place, the issue must become a high priority for buyers. For that vendors must strive to excel and educate, while government should create better standards and cyber policing.
“The cyber security threat landscape is steadily growing in terms of sophistication, with new means to bypass implemented security measures. As threat actors evolve new tools and techniques to achieve their goals, all stakeholders in the business and the supply chain must work together to better understand the nature of the threat and keep pace with the changing nature of the threat,” Memoori said.
Check Memoori's
full report on "A crisis of connectivity? Cyber security in smart commercial buildings."