By Tim Geiger, President, Stark Tech Group. The Stark Tech Group is a Master-level BMS EcoXpert™.
Today, many owners of buildings and smart buildings now recognize that implementing a robust cybersecurity strategy is good for business. Why? According to Cybersecurity Ventures, cybercrime damages will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. In addition to lost revenues, businesses that fall victim to a cyberattack can generate legal fees and can damage hard-earned reputations. Even small organizations and entities such as school districts and municipal governments can be held for ransom if their network infrastructure falls under the control of hackers with malicious intent.
Investments in cybersecurity reduce costs associated with unanticipated downtime, plus help building owners to establish competitive advantage. Cybersecure buildings are attractive to tenants because they lower occupant risk and actively promote protection of building occupant identity and privacy.
The rising frequency of cybersecurity attacks is a growing concern, especially for building owners that invest in “smart” technologies with open, more connected protocols. According to Memoori, a smart buildings research firm, global revenues for smart building cybersecurity will reach $8.65 billion by 2021, up from an estimated $4.26 billion in 2016.
Although cybersecurity investments in IT networks within buildings are common, funding for protection of the operations technology (OT) of a building portfolio (core power, cooling, heating, ventilation and building automation systems) is not as prevalent. However, as hackers seek new, more vulnerable areas for their cyberattacks, OT systems are becoming a bigger target. Organizations with holes in their building controls cyber platforms are at risk.
Reducing Cybersecurity Risk in Smart Buildings
At Stark Tech Group, we work as a Schneider Electric EcoXpert partner with expertise in the area of building automation. Our engineers encounter many situations where building and smart building owners need help to reduce energy costs and to secure the performance of their OT assets.
We see many of our building owner customers accruing the benefits of digitized energy management and building control technologies. These significant OT savings can now be freed up to build a more robust OT cybersecurity strategy. By using energy savings to future-proof the cybersecurity of building assets, building owners lower long-term risk and build competitive advantage.
Three Ways to Reduce Risk
When discussing energy management and cybersecurity risks with building owners, we suggest:
- Invest in energy efficient technologies – Assure that the building controls you have in place contribute to creating a pool of energy savings. This is an important first step in securing funds that allow better cybersecurity protection.
- Install cybersecure products and platform architecture – As you upgrade OT technologies over time, make sure those components are cybersecure by design. This strengthens your OT network backbone. Manufacturers like Schneider Electric apply a Secure Development Life Cycle (SDL) approach to all their core products (Achilles Level 2 Certified). Within the context of SDL, secure architecture reviews are performed, threat modeling of the conceptual security design takes place, secure coding rules are followed, specialized tools are used to analyze code, and security testing of the product is performed. These actions help to “harden” products, making them more resilient against cyberattacks. Cybersecurity is also imbedded in Schneider Electric’s EcoStruxure™ platform. The EcoStruxure platform provides a cybersecure envelope across the smart device, edge control, and apps and analytics layers of the building architecture.
- Establish cybersecurity operational best practices – Enhance protection further through practices such as vulnerability testing (to determine the biggest areas of exposure), application allow-listing (prevents unwanted software from running on your server by establishing a pre-approved “allow-list” of validated applications), tightening management of cybersecurity software updates (many successful malware and ransomware attacks can be traced to not installing available updates), and by training building facilities staff to be vigilant.
Access Resources on Smart Buildings
To learn more about how digitized building automation solutions can improve building performance, visit the Schneider Electric EcoStruxure for Buildings website.