From Building Management System to Design: Securing Smart Buildings
Smart buildings are the future.
From building management systems to IoT networks, many organizations are rapidly joining the smart building trend. The smart building market reached $57.30 billion in 2020, and is projected by Fortune Business Insights to grow to $265.37 billion by 2028.
And it’s no surprise many AEC professionals are joining the smart building movement. A connected smart building with a central building management system can increase the efficiency and performance of your buildings. If you install digital devices and sensors into every corner of your buildings and connect them to a central building management system, you can control your buildings’ operations in new, powerful ways.
Unfortunately, smart buildings and their central building management systems also create cybersecurity risk. If you do not secure your buildings’ digital assets and systems, then your buildings’ operations can be hacked by criminals.
To keep your smart building components safe, you must weave cybersecurity into every element of their design, construction, and management. And in this blog, we will share the five key elements of smart building security you must get right.
But before we dive in, let’s take a quick minute to define a couple key terms.
What is the Internet of Things, and How Does it Connect to Smart Buildings?
The Internet of Things (or IoT) is a network of devices that have sensors and applications that let them collect data and communicate with other devices. IoT devices can include standard computing devices — like mobile phones, laptops, and servers — but it can also include assets that typically aren’t considered to be computing devices.
For example, smart buildings often contain many assets that have been turned into IoT computing devices — like refrigerators, thermostats, elevators, and the like — by embedding chips and sensors into them. Within a smart building, these IoT devices create a network that turns the building itself into a controllable digital environment.
What is a Building Management System?
Smart buildings use a building management system (BMS) to collect data, review performance, and manage their core systems. These systems typically centralize all of the visibility and control created by their IoT devices and act as the “brain” of the building and are used to control the building’s various systems and services.
Secure Your Building Management System
Building management systems are often vulnerable to standard cybersecurity attacks and vulnerabilities. External threat actors can compromise building management systems through phishing and denial-of-service attacks, and internal threat actors can compromise these systems through intentional malicious actions or simple user error.
You must secure your building management system like any other critical, central software system in your organization. Specifically, you must:
• Investigate any system failure — even something simple like doors locking on their own can be the result of a malicious actor compromising your BMS
• Continuously monitor for and harden your system against fundamental software and network vulnerabilities that malicious actors could exploit
• Immediately remove access rights and old sets of credentials used by old employees who may be disgruntled after leaving your organization
Secure Your Digital Infrastructure
Smart buildings are powered by Internet of Things (IoT) assets like data-collection sensors for smart buildings. These connect to the building management system and building automation systems (BAS) to power its systems. However, security issues in IoT are pervasive — 57% of these assets host IoT vulnerabilities to large attacks. If you do not secure your smart building technology, then cybercriminals can compromise your IoT assets, take control of your building’s core operations and building management system, steal the sensitive data your building collects, and even demand a ransom to end their attack.
To prevent these issues, you must layer end-to-end IoT security over your building’s digital infrastructure. Specifically, you must:
• Create visibility into every IoT asset within your digital infrastructure
• Continuously monitor those assets for signs they’ve been compromised
• Maintain IT hygiene for those assets by keeping them patched and updated
• Proactively hunt for in-progress attacks already moving through your IoT network
• Build IoT devices security to contain, investigate, and respond to incidents you suffer before they cause harm
Secure Your Building’s Employees and Occupants
Smart buildings are only as secure as the people in them, and the devices that those people use. If one person has malware on their phone, tablet, or laptop, then they are a security risk to the entire building. If they connect their infected device to one of your building’s systems, that malware can spread and infect the building management system, your IoT assets, and the entire smart building. In addition, your building’s occupants and employees can create backdoors into your systems through simple errors like creating weak login credentials for their user profiles.
Smart buildings can have hundreds or thousands of employees and occupants accessing their systems and creating these risks. To prevent harm, you must:
• Educate your occupants on relevant security best practices
• Continuously train your employees on how to spot, prevent and report attacks
• Use practices like multi-factor authentication to decrease the chance of issues
• Monitor user behavior to detect anomalies when an account is compromised
Secure Your Design and Construction Process
Smart buildings are created by teams of architects, engineers, and construction professionals who use a wide range of digital devices in their work. Cybercriminals can target these professionals and their devices at any point during the design and construction process. If the criminal succeeds, they can steal the professional’s intellectual property and data, learn the building’s systems, and disrupt its creation.
To prevent these attacks, AEC professionals must secure every digital device they use and protect their work. Specifically, AEC professionals must:
• Only use secure digital devices (preferably with robust built-in defenses)
• Secure every step of their working process — from printing designs, to sharing documents with stakeholders, to managing construction projects
• Monitor, track, and secure documents containing intellectual property or client data, including files, drawings and designs, and contracts
• Perform fundamental security capabilities like monitoring, vulnerability scanning, compliance management, and incident response within digital networks
Enforce Governance Across Users, Buildings, Workflows, and Devices
Finally, you must establish and enforce strict governance guidelines to ensure security standards are applied across the lifecycle of a smart building using IoT. Remember — smart buildings are complex digital systems. They are constantly changing and adopting new IoT assets, software systems, and users, and changing configurations and access rights on their building management systems. They are constantly being exposed to new threats and vulnerabilities. And any security that you apply to your smart building must be constantly enforced, updated and reported on to keep your structure safe.
These governance guidelines can include, but are not limited to:
• Prioritizing IoT devices’ security
• Recognizing the need for stricter legislation in IoT
• Meeting IoT security standards and IoT security requirements
• Performing automated and manual stress testing of security systems
• Monitoring and hardening your building management system software
• Consuming threat intelligence to defend against new, emerging threats
• Maintaining a catalogue of all IoT assets within or entering your building
• Only using vendors that prioritize security and build it into their products
How HP Can Help You Secure Your Smart Building
At HP, we build security into all of our products. We provide a range of large format printers designed for the unique needs of architects, engineers, and construction professionals — and each of these devices includes built-in security features to defend your data, devices, and documents.
Out-of-the-box, our printers include multiple layers of authentication, security event logging, encryption of data at rest and in motion, encrypted printing, and more.
To learn more, contact an HP representative today.
Book a demo
While we can’t meet in person, why not to attend a live product demo or join live presentation from our experts.
To schedule it in advance, simply click the corresponding button below.