Smart Buildings Whitepaper Published by IoT Security Foundation

Promotes cybersecurity best practices in evolving building management systems (BMS)

Release Date: June 18th, 2019

The IoT Security Foundation (IoTSF) has published a new, free to download the whitepaper today titled: “Can you trust your smart building? Understanding the security issues and why they are important to you”.

It is aimed at a broad range of stakeholders that together design, specify, procure, install/integrate, validate, operate and maintain building automation systems (BAS). It is specifically targeted at building owners, facility managers, technology providers, architects and installers.

Smart Buildings are increasingly classified as IoT systems and offer benefits such as:

  • Savings in energy and water usage and the resulting reduction in costs and carbon footprint
  • Improved working conditions, safety and security for occupants
  • Improved customer service levels
  • Visibility and management of occupancy levels
  • Optimisation of resources (physical, space and human)
  • Reduced maintenance costs

However, with the increasing networking of systems and connections through the public Internet, this also increases the threat of hacking by criminals and other groups. It is therefore important to understand those threats and plan safeguards so the building's systems are cyber-safe and continue to operate as intended.

The whitepaper discusses a number of vulnerabilities that exist and where solutions lie to protect people, assets and business investments. It further explores the evolving responsibilities that each building stakeholder has to consider across the design, integration, occupation and maintenance of the building's lifecycle.

Duncan Purves, lead author and Director of Connect2 Systems said "You may ask yourself ‘Why would anybody want to hack our building, we’re not a bank; we have nothing a hacker would want’ and you may think no-one would be interested, but even if this is the case you may become the unintended victim of collateral damages in the case of the WannaCry ransomware attack that infected over 200,000 devices across a wide sector of organisations in more than 150 nations including the UK’s National Health Service. It is important to understand and mitigate the risks posed to your tenants, staff, visitors and assets from vulnerabilities in Internet-connected building systems.”

Prof Paul Dorey, Executive Steering Board member of IoTSF added “Many CISOs are planning their future IoT security strategy, but if they want real-life examples they probably just need to pop down to their office basement and see the new smart building systems. I am therefore delighted to be part of this important initiative addressing IoT Security with stakeholders across facilities management and building systems.”

Duncan Purves concluded by saying “I encourage people to engage with the IoT Security Foundation and the dedicated Smart Buildings Working Group to develop, adopt and implement best practice security for Smart Buildings.”

The whitepaper can be downloaded for free from the IoT Security Foundation website at: https://www.iotsecurityfoundation.org/best-practice-guidelines