In 2020, expect to hear more about smart building security.

Brian Buntz

December 10, 2019

3 Min Read
Smart Building integration
Getty Images

In 2015, USA Networks aired one of the most realistic depictions of building hacking ever to be featured in a TV or movie. The lead character, Elliot, posing as a tech billionaire, walks into a highly secured data facility in upstate New York and obtains a tour. Afterward, he manages to sneak into a sensitive area where he attaches a Raspberry Pi board to the facility’s HVAC system, ultimately overheating the building to compromise the magnetic tape backup systems stored there. 

While obviously still in the realm of fiction, the episode did highlight the potential damage an adversary could cause to any networked facility that is a strategic target. Earlier this year, McAfee demonstrated in real time the feasibility of a similar attack on a networked data center.  

In general, as buildings become more infused with IT and networking technology, security professionals and building managers are becoming aware of the risk of smart building security. Mirel Sehic, global director of cybersecurity for Honeywell Building Solutions, points to a CEB (now a part of Gartner) study indicating nearly one in five organizations with IoT networks have already suffered an attack.

Financial services institutions and other organizations that are potentially valuable targets from a hacker’s perspective, in particular, should prioritize smart building security. Sehic recommends organizations of all stripes develop a broad view of their assets that includes buildings. Honeywell recently worked with a large financial services institution on such an initiative, which spanned multiple buildings and thousands of employees. “The team performed vulnerability testing, deploying advanced strategies for cybersecurity and creating a methodology for data management to help prevent leakage of valuable digital information,” Sehic said. 

[IoT World is North America’s largest IoT event where strategists, technologists and implementers connect, putting IoT, AI, 5G and edge into action across industry verticals. Book your ticket now.]

Andrew Howard, chief executive officer of Kudelski Security, pointed out that fragmentation within the vendors serving buildings — elevator, lighting, HVAC and so forth — would likely limit the scope of damage an attacker could do when targeting a networked structure. In addition, a famed Target credit card breach involving an HVAC vendor has had an eye-opening effect on many cybersecurity professionals, Howard said.  

Conversely, Sehic pointed out that segmentation is often not a deliberate priority in a new building’s pre-build specification documents. Furthermore, it is rare for a building to have a dedicated cybersecurity team from either an IT or OT persuasion, he said. 

As attacks against buildings increase, however, building managers are likely to create teams with responsibilities that include building cybersecurity. “We expect to see more preventative measures in the coming year, such as training focused on addressing potential cybersecurity threats and on conducting cybersecurity assessments to identify gaps in the building’s OT environment,” Sehic said.

Already, many organizations are beginning to prioritize OT cybersecurity. “More attention and more budget are being dedicated to furthering basic cyber hygiene upkeep and building OT cybersecurity incident readiness – and we expect that to continue in 2020,” Sehic explained. 

That expectation doesn’t mean Sehic is confident typical OT security measures are sufficient. “Cybersecurity assessments must be carried out across a building’s OT infrastructure to identify gaps,” he said. 

In general, there is a pronounced shortage of cybersecurity professionals with a forté in operational technology. The lack of workers in that domain could help drive interest in a managed service provider model, Sehic said. “[W]e are a firm believer in and practice a managed service provider model.” 

About the Author(s)

Brian Buntz

Brian is a veteran journalist with more than ten years’ experience covering an array of technologies including the Internet of Things, 3-D printing, and cybersecurity. Before coming to Penton and later Informa, he served as the editor-in-chief of UBM’s Qmed where he overhauled the brand’s news coverage and helped to grow the site’s traffic volume dramatically. He had previously held managing editor roles on the company’s medical device technology publications including European Medical Device Technology (EMDT) and Medical Device & Diagnostics Industry (MD+DI), and had served as editor-in-chief of Medical Product Manufacturing News (MPMN).

At UBM, Brian also worked closely with the company’s events group on speaker selection and direction and played an important role in cementing famed futurist Ray Kurzweil as a keynote speaker at the 2016 Medical Design & Manufacturing West event in Anaheim. An article of his was also prominently on kurzweilai.net, a website dedicated to Kurzweil’s ideas.

Multilingual, Brian has an M.A. degree in German from the University of Oklahoma.

Sign Up for the Newsletter
The most up-to-date news and insights into the latest emerging technologies ... delivered right to your inbox!

You May Also Like