If the Three Little Pigs lived in a smart building, the big bad wolf would no doubt use cyber attacks.
Rampant connectivity not only creates an indefensible number of entry points for attackers but can also provide access across building systems, meaning one small blow could bring the house down. The relative ease of mounting an attack means that smart buildings without adequate cyber security might as well be made of sticks and straw.
Through cyber attack, assailants could tamper with HVAC systems, disable lighting or even unlock doors, creating very real safety and security risks. Cyber attacks are also easier than ever to launch. Powerful hacking software is available freely to anyone with the skills and will to use it. Even without the skills, malevolent individuals can simply hire mercenary hackers for relatively affordable prices.
An environment has been created in which anyone who wants to cause harm to a person or organization can do so through our cyber physical world with relative anonymity. Harm could range from “nuisance attacks to larger scale physical security breaches that adversely impact the overall operational viability of a commercial building, render it unsafe for its occupants, expose building owners to significant liability risk, and cause indelible reputational damage to the business,” explains our new report: Cyber Security in Smart Commercial Buildings 2017 to 2021.
Thieves, vigilantes, activists or even disgruntled employees could use sophisticated software to severely disrupt buildings and enterprises. Despite this, facilities managers, operations managers, IT departments, CEOs and other stakeholders are still struggling to fully understand the nature of this complex and growing threat.
“The lack of understanding and awareness of the nature of the threat is understandable given the complex and varied set of cyber-threats we are faced with. The complexity of building, businesses and IT systems, is often increasing faster than the stakeholders ability to prevent, detect, and respond to cyber attacks,” states our report.
The “bricks” in this cyber-fairy tale are not well defined. Smart buildings need to protect all assets from a wide variety of attacks, at all times, and keep up with the rapid evolution of cyber threats. Vendors in the cyber security space must strive to create a strong offering and then struggle to represent that service in a confusing and disjointed market.
“For vendors looking to offer products and services in the market, conveying the value proposition of cyber defense investments to decision makers who lack a proper understanding of the nature of the risks can be challenging.
The market is also still highly fragmented, and many vendors have yet to establish defined propositions, making it hard for them to stand out from the crowd and establish a level of product or brand recognition,” we highlight.
Thankfully we are seeing a growing trend towards cyber security expertise in the smart building sector. This will have knock on effects, as cyber security takes greater priority in the industry it will also increase in value, lifting the whole sector. As it stands, however, smart building cyber security appears to be well behind in protecting buildings from the wide variety of threats that connectivity brings.
“Once the risks are better understood, security credentials of a particular device or system will take more of a central role in the purchasing decision, and security capabilities will become more of a unique-selling-point and differentiator for vendors. While steady improvements in terms of regulations, policies, standards and training will help, many stakeholders are still playing a game of catch up with the ever evolving risk landscape,” our report warns.
If we are to avoid a world where cyber attacks on smart buildings are commonplace, the issue must become a higher priority for buyers. For that, vendors must strive to excel and educate, while government should create better standards and cyber policing. The fight against escalating cyber crime cannot be won by any one group alone. We may not even be able to win the fight at all, but with a coordinated team effort we might at least manage it.
“The cyber security threat landscape is steadily growing in terms of sophistication, with new means to bypass implemented security measures. As threat actors evolve new tools and techniques to achieve their goals, all stakeholders in the business and the supply chain must work together to better understand the nature of the threat and keep pace with the changing nature of the threat,” states our brand new report: Cyber Security in Smart Commercial Buildings 2017 to 2021.
[contact-form-7 id="3204" title="memoori-newsletter"]