Chris Bishop, Sales Director APAC & Marketing Director at Ipsotek examines the security risks posed by intelligent buildings.
The Chartered Institution of Building Services Engineers (CIBSE) defines an intelligent building as “one that provides a productive and cost-effective environment based on three basic elements: people, products and processes.” Where people are the building services users and facilities managers; the products are those employed in the building fabric and structure such as IoT devices, that form the facilities and processes, including automation, controls, systems, maintenance and performance and the interrelationships between them.
Given the prevalence of technologies in new and refurbished buildings and the drive to reduce carbon emissions, it is no surprise that the addressable market according to a report produced by MarketsandMarkets for Smart Buildings is expected to grow from US$66.3 billion in 2020 to US$108.9 billion by 2025, at a Compound Annual Growth Rate (CAGR) of 10.5% during the forecast period. This growth is linked to the increased adoption of Internet of Things (IoT) enabled technologies and components in intelligent buildings, the demand for energy efficient solutions, increased building standards and regulations and the desire to provide intelligent buildings with high social, environmental and economic values.
More than just surveillance and access control
In today’s world, safety and security systems typically found within an intelligent building extend to more than just CCTV and access control solutions. For example, the screening of visitors at all entrances to a building is now common practise, with building operators deploying portable thermal temperature screening devices to measure a person’s temperature data. In the case of mixed-use properties (offices and retail) these screening points, if covered by CCTV, can also be used to calculate the percentage occupancy for specific zones in accordance with local regulations along with heatmaps showing crowding levels.
The acronym IBMS stands for Intelligent Building Management System(s) which are designed to automatically control and monitor a building’s HVAC – heating, ventilation, air conditioning and security systems. All of which are connected via the building’s IT network infrastructure (LAN, Wan and WiFi) to a single unified interface for operators to manage. Whilst the IBMS is managed centrally, the sub-systems which comprise the IBMS will typically be modular and sourced from different manufacturers.
Examples of typical sub-systems include air handling and distribution units, air quality and humidity mechanisms, fire detection and suppression systems, lighting, heating, security solutions (CCTV, biometrics, and access control), lift controls, parking barriers and resource/room scheduling.
Monitoring the data produced from the systems connected to the IBMS within an intelligent building provides valuable insight into the operational “Status” of those systems and their components or parts. For instance, aggregating this data and analysing trends could be used as part of a “Predict and Prevent” policy to avoid downtime, expensive maintenance costs and inconvenience to the building’s occupants. Identifying in advance that a belt on an escalator is likely to fail within a specific time frame and can be replaced overnight, is preferrable to having the belt fail during the morning or evening rush hour.
An important consideration for owners or facility managers of intelligent buildings is their operational costs and how savings are pro-actively managed. If we consider lighting for example, how many times have you passed a lit-up building at night with no-one apparently in the building? Using smart sensors in open office areas it is possible to dim or brighten the lighting depending on the level of daylight. At night, the sensors can be automatically set to detection mode and switch on when triggered by motion or sound and during weekends all office lights are automatically programmed to switch off and to respond to movement or sound.
Energy usage is the largest operating expense for commercial and mixed usage properties and typically represents 30% of the operating budget according to Energy Star, a US energy efficiency certification organisation. With almost a third of energy consumed in buildings being wasted due to equipment inefficiencies. Given these statistics it is economically important for businesses to understand where they are losing energy efficiency and determine how they can improve their building’s performance.
This is where energy monitoring solutions can play an important role. These systems comprise a non-intrusive load monitor which identifies multiple electrical assets on a single line by their unique energy signature, resulting in a clear and concise picture of the building’s energy consumption down to a device level. Providing this level of granularity to facilities managers allows them to make data-driven decisions in order to target areas for efficiency improvements, thus reducing energy costs and their environmental impact.
Another term which is familiar to managers of Intelligent Buildings is BEMS or Building Energy Management Solutions. BEMS monitor a wide range of connected sub-systems for their operation, energy use, environmental conditions and status and provide controls to configure operational parameters. The real-time data which is captured includes energy usage and demand data which in turn allows facilities managers to make informed decisions regarding energy savings and maintenance programmes.
Whilst interoperability between all the sub-systems connected to an IBMS and/or BEMS are well documented and manageable, the increased use of IoT enabled technologies to provide real-time data collection and analysis has increased the risk of cyber-attacks through vulnerable systems and networks. This makes smart buildings increasingly susceptible to cyber-attacks with potentially expensive and destructive consequences.
Beware of cyber-attacks
According to a report by global security firm Kaspersky, intelligent buildings may be at greater risk of cyber-attacks than previously thought. The report analysed 40,000 smart buildings worldwide and found that 4 in 10 (37.8%) of these buildings had been affected by a malicious cyber-attack. In the majority of cases, these cyber-attacks were attempting to affect computers that controlled the building’s automation sub-systems.
As the report explains, the cyber-attacks were not “targeted” specifically at the buildings IBMS or connected sub-systems. Instead, it was identified that ordinary malware, the kind found on many corporate networks was the source behind the cyber-attack. In their report, Kaspersky broke down the malicious cyber-attacks by type and found that variants of spyware (11%), worms (10.8%), phishing (7.8%) and ransomware (4.2%) accounted for nearly all the cyber-attacks across the buildings surveyed.
Furthermore, as part of its investigation into the weaknesses of intelligent building automation systems, Kaspersky provided a breakdown on the type and nature of these smart building cyber-attacks. According to Kaspersky, 26% of the threats are being introduced into smart building automation systems via the web; 10% of attacks are coming from memory sticks, flash drives and external hard drives; 10% of attacks are coming from corrupted email links; and a further 1.5% of threats are coming from shared folders on a corporate network.
Given this breakdown, IT administrators responsible for managing smart buildings should ensure cybersecurity procedures and policies are understood by all employees and users within their building portfolio and remain vigilant for tell-tale signs that an intelligent buildings IBMS or BEMS has been compromised. For example, elevator systems that fail to work as planned, video surveillance cameras that go on and off, or alarm systems that go off for unknown reasons could all be an indication that systems may have been compromised.
With the proliferation of smart cities being planned and commissioned around the world, the adoption of intelligent buildings is now the norm with features that support energy efficiency, reduced carbon emissions and lower operational costs. Protecting the functionality of intelligent buildings as 5G deployments increase and the adoption of IoT devices continues will be crucial for all business and organisations.
This article was published in the May 2021 edition of International Security Journal. Pick up your FREE digital edition on the link here