Smart Buildings Enable Smarter Facilities Management
Shumon Choudhury, who has over 15 years of experience managing PRS & FM portfolios, writes about his experiences helping his clients to embrace smart...
Read Full ArticleAs more and more of a building’s functions are automated and controlled via smart technology systems, has cybersecurity been an afterthought?
In 2020, Boris Johnson’s announced a £16.5 billon increase to defence spending, he stated that a substantial amount of this will be spent on cybersecurity defences.
When it comes to property and smart building systems, a huge amount of data is collected about the building and the people who use it. What are the vulnerabilities of such systems and how can they be overcome?
ThisWeekinFM spoke to Mike Gillespie, Managing Director and Co-Founder of security consultancy Advent IM about this issue. Gillespie is an experienced, senior information security and data protection practitioner. Having been a member of the CSCIS Global Cybersecurity Select Committee for some time, he is now the Vice President of C3i Group on cybersecurity, cybercrime and cyber intelligence.
He also serves as a cyber spokesperson for the International Institute of Risk and Safety Management (IIRSM) and also as the Cyber Security Lead Adviser for the UK government’s Surveillance Camera Commissioner.
"Whether it is personal data or not, the cybersecurity of smart systems MUST become a functional requirement because, as the risk from nefarious actors in cyberspace increases, their ability to do actual harm to people and assets increases with it."
Some buildings are born smart, others have smartness thrust upon them. Many buildings fall into that latter category…
There is a whole industry growing up around web-enabling systems that were never meant to be internet-facing, sometimes because of a legitimate need, such as the need manage them more efficiently or frequently over multiple sites. The need to do this however, is not always supported by appropriate cybersecurity controls that are designed and implemented effectively, to enable that system to be safely and securely managed whilst achieving the functional needs. Even less focus is placed up on the longevity of resilience in this area.
It is accepted and expected that a building, new or in use, should comply with a wide range of regulatory requirements to be considered suitable and safe. There are a variety of standards that are employed for this, across health and safety, social inclusivity and the environment too. But there is nothing that says the systems that are integrated into a building, operating over cyberspace, systems that could potentially make both the building and its inhabitants vulnerable, should be robust and secure. Nothing that compels designers, engineers, architects, builders or users to embed and maintain a level of cybersecurity that is anywhere approaching the level of requirements that need to be fulfilled for health and safety, despite the fact these systems could in fact impact health and safety.
Picture: a photograph of Mike Gillespie
Indeed, in the smart building world, cybersecurity is seen as a bit of an inconvenience, at best it is considered a nice to have not a need to have which is a lost opportunity. At worst, it is considered something to avoid at all costs, which is tantamount to cutting corners with electrical or fabric safety... When it is considered, it is frequently an after-thought, and again this is a wasted opportunity to do it brilliantly and with an eye on the horizon. A bit like building a five-storey office block then deciding you want to put a lift in afterwards.
Modern building systems, by their very nature, generate data, lots of data. Not fully considering the management of the information lifecycle as part of a smart building strategy often also means losing the ability to use, manage, share and exploit this information as a critical asset.
Furthermore, some of this is actually personal data, and provision for its collection, management, storage and deletion should be compliant with The Data Protection Act (2018). It is vital therefore that smart buildings are considered from the perspective of Data Protection by design, Data Protection by default.
Whether it is personal data or not, the cybersecurity of smart systems MUST become a functional requirement because, as the risk from nefarious actors in cyberspace increases, their ability to do actual harm to people and assets increases with it. Assuming that data generated by a smart building system is not going to be of interest to someone is unwise. We have no idea what information may be useful to various threat actors, or what data they may be able to aggregate various sources into to make something useful to them. So, data creation, management and retention policies for the data these systems generate need to be in place to decide what stays, what goes and what needs to be protected.
Whilst you could take some interpretation of SABRE to cover information security, this is nowhere near adequate for a smart building:
Picture: a graphic showing a map of the world, with lock symbols across the top
Article written by Mike Gillespie | Published 17 December 2020
Shumon Choudhury, who has over 15 years of experience managing PRS & FM portfolios, writes about his experiences helping his clients to embrace smart...
Read Full Article800 Fulton Market, a gateway to one of Chicago’s fastest-growing neighbourhoods, has been completed. Watch the...
Read Full ArticleHow will the intersection of retrofits, smart homes and digitally transformed building maintenance help the UK to achieve net-zero emissions by 2050? Nik Flytzanis,...
Read Full ArticleArtificial intelligence is changing medical practice and the healthcare industry. Technologies including machine learning and digitised data acquisition are allowing...
Read Full ArticleAfter almost two years of stops and starts due to the pandemic, enduring resilience is defining the built environment – that’s according to Gensler’s...
Read Full ArticleWelcome to ThisWeekinFM’s new Smart Buildings & Technology category, a hub where you can learn all about the implications of new technologies on the built...
Read Full ArticleThe BCIA has revealed the finalists for its smart buildings award. This will award a manufacturer, installer or team in recognition of a project which demonstrates how...
Read Full ArticleWill Cowell de Gruchy from Infogrid puts forward his argument for why the government should mandate smart air quality monitors in offices and schools. Will is the...
Read Full ArticleSAV Systems' AirMaster AM 1000, a mechanical ventilation unit, has been awarded Passivhaus Component certification. The flagship AM 1000 is the first...
Read Full ArticleOne of the biggest growth barriers for the smart windows and glass market is a lack of end-user experience and education, according to trend analysis...
Read Full Article