The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

How to Identify and Address IoT Security Weaknesses

How to Identify and Address IoT Security Weaknesses
30 September 2022

Data-driven facilities management is now the expected norm, but security concerns about IoT systems still remain amongst FMs and tenants.

The Internet of Things (IoT) is becoming increasingly essential for many facilities managers. As wireless IoT sensors become more prevalent, providing a comprehensive, cost-effective, and simple approach to data collection, they are being applied to a wide range of functions across sectors. And for facilities managers, they enable the use of data to improve tenant well-being and enhance operational efficiency, energy efficiency, and security.

But as the use of IoT rises, more concerns are being expressed over security, leaving many businesses and facilities managers reluctant to take the risk, and consequently lagging behind in innovation. With proper deployment, it is possible for IoT adoption to go hand-in-hand with cutting-edge security. So, what can be done to help facilities managers and tenants feel confident that their data and systems are protected?

Pippa Boothman, Vice President of Marketing and Communications at Disruptive Technologies, outlines how FMs can gain confidence that their data and systems are protected, by assessing the security controls of IoT solutions.

Pippa has 15+ years of experience in global B2C and B2B marketing & sales, brand management & strategy and business development within technology, apparel and consumer goods. She holds a BA in sociology and criminology from Western University in Canada.



Picture: a photograph of Pippa. Image Credit: Disruptive Technologies


The Primary Security Issues of IoT


There is one major reason why IoT systems are often at risk of security breaches. This is due to the fact that in the early days of adoption, creators were more focused on being the first to market than they were on creating sustainable and secure products. At that time, security issues were less common and less advanced. External security protocols were considered effective enough to protect user data. But all forms of technology have evolved at a rapid pace, creating products that can now be considered inherently insecure. Unfortunately, you only need one entry point to gain access to an organisation’s entire technology suite, exposing the business to the risk of data loss and process disturbance with endless potential knock-on effects, including equipment misfiring, system shutdown, and the associated expenses of repair and reputational damage.

But this is a worst-case scenario. And by working with new IoT technology, where security protocols are onboarded at the earliest stages of development, it’s possible for organisations to enjoy the benefits of innovation without exposing themselves to security breaches. The first stage is to understand potential risks, what they could mean for your business, and how to assess IoT security controls.


How Does Complex IoT Architecture Leave Systems Vulnerable to Cyber-Attacks?


Most IoT systems require a wide variety of machine-to-machine interfaces. This can make security difficult. Especially when you have an IoT system comprising hardware, software, apps, firmware, and networks created or provided by various companies. In this instance, it can be unclear who is responsible for monitoring system-wide security or even individual elements of the system making it harder to guarantee your system has the necessary policies and protocols in place.

You also have the added concern of the integration of legacy hardware and software with new products because when older components are used for new purposes beyond their original intent, they often lack the security constraints of modern equipment, creating a point of weakness within the technology ecosystem, which the new IoT infrastructure may not be able to mitigate. There are various ways in which would-be attackers can make the most of this scenario, but 'man-in-the-middle cyber assaults' (MitM) are the most common modus operandi.


Man-in-the-Middle Attacks


The problem with first-generation IoT solutions is that they typically use generic gateways to connect sensors, devices, equipment, and the cloud. This means that they translate protocols and share data, presenting single points of failure. This makes them highly susceptible to MitM, a process where intruders intercept and disseminate private messages between two parties with a minimum risk of detection for long periods. Commonly referred to as digital eavesdropping, MitM attacks are an ideal way to intercept, capture, and manipulate sensitive information. Often in real-time, this leaves businesses and their customers vulnerable.

This is a major concern for all organisations but there are ways to address the problem. The most effective approach is to avoid complexity. 


Why Simplicity Is Central to Secure IoT Adoption


The typical response to online security is additions, adding in hardware, software and firmware. Unfortunately, this rarely works because, while it can give some protection, it will never be as effective as the security embedded into the IoT solution. In the latter case, the security has been endlessly tested to ensure not just efficiency but compatibility with its intended deployment. 

Smart sensor designs vary; some can be operated externally. Others are wireless. You reduce the risk of infiltration when you design a smart sensor that can be utilised independently, without legacy system integration, and on its own network. The simpler the system, the fewer access points and weak spots there are but it’s not the only consideration.


Cloud Connectivity Ensures IoT Security


IoT security is two-pronged. First, size. Small devices are harder to connect to and infiltrate electrically. This tactic reduces the likelihood that someone tries, but it won't stop a genuine attacker.

Second, construct the security system and sensors jointly. For example, Disruptive Technologies' Secure-Data-Shot uses end-to-end encryption to encrypt sensitive data until it reaches the cloud. Cloud Connectors convey sensor messages, which are never decoded by other devices. An encrypted sensor-to-cloud connection prevents MitM attacks. This architecture reduces attack vectors, making Disruptive Technologies sensors some of the most secure technology available.

IoT-based facilities management is the future. Every building could gain huge efficiencies as a result,  making fundamental changes that will revolutionise the way buildings are managed. If facilities managers deploy IoT technology that has been developed with security protocols prioritised from the outset, they can harness the power of IoT, confident in the knowledge they have the best defence against potential security threats.

Picture: a graphic showing a person holding a tablet. Image Credit: Pixabay

Article written by Pippa Boothman | Published 30 September 2022


Related Articles

Smart Buildings at Increased Risk of Cyber Attacks, Says Verdantix

The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...

 Read Full Article
Disruptive Technologies Named Property Tech Company Of The Year

Disruptive Technologies, the creator of the world’s smallest wireless sensors, has been named the Property Tech Company of the Year at the Global Business Tech...

 Read Full Article
Half of UK Employees Want Access to Workplace Virus Data

Infogrid has announced the results of a survey it conducted on what employees expectations for a healthy workplace are, as restrictions ease in England. Surveying...

 Read Full Article
Chicago's Smartest Building

800 Fulton Market, a gateway to one of Chicago’s fastest-growing neighbourhoods, has been completed.   Watch the...

 Read Full Article
How Technology and Smart Buildings Will Support the Daunting Retrofit Challenge

How will the intersection of retrofits, smart homes and digitally transformed building maintenance help the UK to achieve net-zero emissions by 2050? Nik Flytzanis,...

 Read Full Article
Monitoring Energy Usage at Met Office HQ

Ralph James, FM & Technical Services Manager at the Met Office, explains how the latest sensor technology has allowed him to monitor the temperature and gather air...

 Read Full Article
Smart Technology Comes to London Docklands Light Railway

PropTech company WeMaintain has signed a contract with KeolisAmey Docklands to supply smart maintenance solutions to all London Docklands Light Railway stations. The...

 Read Full Article
Flexible and Printed Sensors – Five Applications for FMs

Research shows that innovative printed and flexible sensors can offer several benefits over their more established rigid counterparts. Technology market research...

 Read Full Article
Cybersecurity – Are Smart Buildings and its Data Vulnerable to Malware Attacks?

As more and more of a building’s functions are automated and controlled via smart technology systems, has cybersecurity been an afterthought? In 2020, Boris...

 Read Full Article
Infogrid Raises $15.5m to Make “Any Building Smart”

Infogrid, the artificial intelligence technology company that automates facilities management and makes any building smart, has raised $15.5m from a combination of UK and...

 Read Full Article