U.K.-based IoT Security Foundation (IoTSF) has published a new whitepaper discussing security issues related to smart buildings.
The entity said that the whitepaper is aimed at a broad range of stakeholders that design, specify, procure, install/integrate, validate, operate and maintain building automation systems (BAS). It is specifically targeted at building owners, facility managers, technology providers, architects and installers, IoTSF said.
The entity highlighted that smart buildings are increasingly classified as IoT systems and offer benefits such as savings in energy and water usage and the resulting reduction in costs and carbon footprint; improved working conditions, safety and security for occupants; improved customer service levels; visibility and management of occupancy levels; optimization of resources (physical, space and human) and reduced maintenance costs.
However, with the increasing networking of systems and connections through the public Internet, this also increases the threat of hacking by criminals and other groups. It is therefore important to understand those threats and plan safeguards so the buildings systems are cyber-safe and continue to operate as intended, according to the IoTSF.
The whitepaper discusses a number of vulnerabilities that exist and where solutions lie to protect people, assets and business investments. It explores the evolving responsibilities that each building stakeholder has to consider across the design, integration, occupation and maintenance of the buildings lifecycle.
“You may ask yourself ‘Why would anybody want to hack our building, we’re not a bank; we have nothing a hacker would want’ and you may think no one would be interested, but even if this is the case you may become the unintended victim of collateral damage. (…) It is important to understand and mitigate the risks posed to your tenants, staff, visitors and assets from vulnerabilities in Internet connected building systems,” said Duncan Purves, lead author and director of Connect2 Systems.
“Many chief information security officers (CISOs) are planning their future IoT security strategy, but if they want real live examples they probably just need to pop down to their office basement and see the new smart building systems,” said Paul Dorey, board member of IoTSF. “I am therefore delighted to be part of this important initiative addressing IoT security with stakeholders across facilities management and building systems.”
The mission of IoTSF is to help secure the IoT through awareness and the adoption of best practices. The entity was formed as a response to existing and emerging threats in the Internet of Things applications.
IoTSF is an international, collaborative and vendor-neutral members’ initiative, driven by the IoT eco-system and inclusive of all parties including technology providers and service beneficiaries.