- Growing automation and connectivity require buildings to be cybersmart
- Hackers can exploit building vulnerabilities or IoT devices as the entry point into corporate and privately operated networks
- Cybersecurity needs to be considered a business enabler, not just an IT issue or scare tactic
Dubai: As smart cities become a reality in the GCC, smart buildings are increasingly becoming more prevalent because of the optimized efficiency and convenience they offer, for both operators and tenants. However, wider adoption of smart building technology should stimulate corporations and governments to ensure that they are adequately prepared for potential cyber risks, stated in a comprehensive report titled ‘Cybersmart Buildings’ co-authored by Booz Allen Hamilton and Johnson Controls.
Smart buildings operate as a link between the physical and digital world and leverage data to optimize operations and lower facility costs, while increasing safety and sustainability. However, unlike cyber risks in other industries, smart buildings are not just susceptible to data breaches and IT interference, they are also vulnerable to disruptions that could negatively impact several aspects of daily life.
Cyber threat actors have demonstrated capability and intent in hacking building automation systems, safety systems, and critical environmental technology. Smart system network designs must be secured, if integrated with IT systems and networks, to make sure internal systems are not exposed to new threat vectors from building automation systems.
For example, hackers can exploit vulnerabilities in Heating, Ventilating and Air Conditioning (HVAC) systems as the entry point into a corporate network, or hack into IoT devices to breach the privacy of residents.
His Highness Sheikh Mohammad Bin Rashid Al Maktoum, Vice-President and Prime Minister of the UAE and Ruler of Dubai launched a smart building index across the UAE in 2016. The index outlines benchmarks for building designs and urges the deployment of modern construction methods that can render the construction process more efficient.
Smart buildings are further in line with Expo 2020’s theme ‘Connecting Minds, Creating the Future’ through ‘Opportunity, Mobility and Sustainability’ and solidify Dubai’s digital transformation into a full-grown smart city. With wider adoption of such smart technologies across the Emirates, the number of sensors and devices talking to one another increases.
Therefore, as automated systems control more of our environment, it is no longer enough for a building to be smart – it must now be cybersmart. This entails a blended approach of risk-based planning, technology, working with the right partners, assessing old and new infrastructure, processes and capabilities across the building lifecycle, and people skills.
Investing in smart buildings not only safeguards against potential cyber risks but also works towards energy efficiency goals. Smart buildings can supplement the Dubai Clean Energy Strategy 2050 which aims to provide 7% of Dubai’s power output from renewable sources by 2020, 25% by 2030 and 75% by 2050. The stage is set globally where investment in energy efficiency continues to grow in the face of a decline in total energy investment. According to the International Energy Agency (IEA), energy efficiency investments continued to expand in 2016, reaching $231bn while total energy investment dropped for the second consecutive year by 12 percent to $1.7 trillion.
Dr. Adham Sleiman, Vice President, Booz Allen Hamilton says, “There is tremendous business value in embracing building automation, including their cost savings, energy efficiency and the security and convenience they offer to their dwellers. Smart buildings are an essential component of a smart city, pushing the power of digital optimization into the offices and homes.
As such, it is of paramount importance to protect smart building investments for all stakeholders involved from developers to end-users. To achieve this, cross-functional cooperation between internal and external stakeholders is a must, including IT, cybersecurity and facility teams, external business partners and vendors. This will ensure that the truly transformative benefits of automation and connectivity can be protected so that smart buildings can achieve their full potential.”
Booz Allen Hamilton has created a core functions checklist to help assess and plan for threats throughout the following smart building lifecycle phases:
Consider Security Requirements: Work with vendors and technical partners to prioritize security as an integral part of any connected smart building solution. Define how you want the vendor to integrate with your existing network. Be prepared to articulate the budget for security operations throughout the building lifecycle.
Assess: Set a consistent assessment framework to evaluate security vendors and their solutions. Recognize that business imperatives like cost may supersede security concerns. So design a framework that evaluates the security implications and tradeoffs, but provides flexibility for add-on security controls.
Operations and maintenance
Build in Security: Understand vendor recommendations for how to securely deploy building automation systems and work with your IT department to follow those guidelines. Furthermore, understand how to incorporate additional controls over and above vendor recommendations based on your compliance and risk needs.
Test, Monitor, and Respond: Know your risk. Maintain situational awareness on what’s connected. Develop and implement an assessment framework that will identify security maturity across all domains in your ecosystem. Diligently and regularly stress-test your assumptions and technical vulnerabilities.
Merely having a compliance-focused approach of checking boxes is not enough. Wayne Loveless, Principal, Booz Allen Hamilton says: “As the world evolves to smart neighborhoods and smart cities, potential challenges around cyber security will be inevitable. It is important to have a plan and be prepared to continually evolve. Cybersecurity isn’t a tax on the business, it is not simply an IT issue, and it certainly shouldn’t be a scare tactic. It is a business enabler and, when executed effectively, it is about insuring your investment and generating returns.”
For more information about cybersmart buildings, please download the full report here.
About Booz Allen Hamilton:
Booz Allen Hamilton has been at the forefront of strategy and technology for more than 100 years. Today, the firm provides management and technology consulting and engineering services to leading Fortune 500 corporations, governments, and not-for-profits across the globe. In the Middle East and North Africa (MENA) region, Booz Allen builds on six decades of experience partnering with public and private sector clients to solve their most difficult challenges through a combination of business strategy, digital innovation, data analytics, cybersecurity and resilience, operations, supply chain, organization and culture, engineering and life-cycle project management expertise.
With regional MENA offices in Abu Dhabi, Beirut, Cairo, Doha, Dubai and Riyadh, and international headquarters in McLean, Virginia, the firm employs more than 23,300 people and had revenue of $5.80 billion for the 12 months ended March 31, 2017. (NYSE: BAH)
About Johnson Controls:
Johnson Controls is a global diversified technology and multi industrial leader serving a wide range of customers in more than 150 countries. Our 130,000 employees create intelligent buildings, efficient energy solutions, integrated infrastructure and next generation transportation systems that work seamlessly together to deliver on the promise of smart cities and communities. Our commitment to sustainability dates back to our roots in 1885, with the invention of the first electric room thermostat. We are committed to helping our customers win and creating greater value for all of our stakeholders through strategic focus on our buildings and energy growth platforms.