Smart building platforms, through the use of advanced technologies, can provide significant benefits in terms of energy efficiency and cost savings. However, as with any technology, these platforms also introduce cybersecurity risks that must be carefully managed. This article will provide an overview of possible strategies that can help mitigate such risks.
Single Sign-On (SSO)
One key risk mitigation strategy when deploying a smart building platform is to integrate Single Sign-On (SSO) authentication to it. SSO allows users to access multiple applications and systems using a single set of login credentials, eliminating the need to remember and manage multiple passwords. This not only makes it easier for users to access the smart building platform, but also reduces the risk of password-related security breaches. Modern SSO methodologies also come with dual/multi-factor authentication which can help minimize system access even when a user’s password is compromised.
A Secure VPN
Another important risk mitigation factor is to carefully control access to the smart building platform through the use of firewalls. Typically, cloud-based smart building platforms require a connection into the building network, which is carried out through a Virtual Private Network (VPN) connection. When setting up a VPN between the building and the platform, it is important to ensure that only the necessary head-ends and software applications are given access to the platform through the network firewall. This helps prevent unauthorized access to any other devices on the network in the unlikely scenario that the VPN is breached. It is beneficial to ask if platforms have other methods to connect to the building network, such as a reverse proxy, as these can provide an even more secure connection than VPNs.
Network Monitoring
If more drastic measures are desired, it is possible to implement network monitoring through the building network hardware, to detect and respond to potential cybersecurity threats. By monitoring network traffic, one can set rules that automatically identify unusual activity and trigger a response, such as activating a “kill switch” that terminates the VPN connection. This can help to prevent a cyberattack from spreading and minimize the impact of an incident. There are a number of add-on services or native services from network hardware providers that can allow for such functionality.
System Specific Measures
Based on the smart building integrations, there are certain system specific measures that can also be deployed that can minimize impact in light of a cybersecurity breach. A common example of this can be found when a building’s HVAC Controls / BAS is BACnet based. BACnet is a communication protocol that is widely used in the building automation industry and provides a number of security features, including the ability to set different priority levels for system overrides/commands. By restricting cloud platforms to lower priority levels and allowing local software to override at a higher priority, building owners and operators can better protect against unauthorized access and system manipulation.
Disaster Recovery Plan
Finally, when selecting a smart building platform, an operator should look to ensure that the platform has a robust disaster recovery plan and cybersecurity certifications in place. A smart building platform company’s ability to provide a detailed plan is an indicator of their preparedness to respond to a cybersecurity incident and the likelihood that they will be able to secure the building’s operation regardless of a breach.
Conclusion
As the adoption of smart building technologies continues to grow, it is more important than ever for building owners and operators to prioritize cybersecurity in the deployment of these systems. By taking a proactive approach to cybersecurity, building owners and operators can ensure the secure operation of their smart building platform and realize the full potential of such a promising technology.
About the Author
Saruf Alam is a smart buildings expert currently working as the Director of Smart Building Projects at KODE Labs Inc. He has a MSE and BSE in Electrical & Computer Engineering from the University of Michigan-Ann Arbor, with his work specializing in embedded systems. His interests lie in leveraging IoT technologies for CRE applications, and creating smart building technologies/processes that can provide meaningful insight while doing so at scale.
