“Smart buildings are not an option for the 21st Century – they are a necessity,” begins a new whitepaper by Booz Allen Hamilton, in partnership with Johnson Controls – Cybersmart Buildings: Securing your investments in connectivity and automation. After summarizing the benefits and obstacles to smart building operation, the paper goes on to say, “It is no longer enough for a building to be smart – it must now be cybersmart.”
On the surface “cybersmart buildings,” appears to be another one of those tech-construction terms desperately trying to out-do and differentiate itself from all the others. Smart buildings, smarter buildings (IBM), better buildings (US Gov), efficient buildings, intelligent buildings and automated buildings all essentially mean the same thing. And while cybersmart buildings may also fall into those definitions, its birth comes with an important focus on what is, perhaps, the biggest danger to smart buildings – the threat of cyber attack.
“Investing in smart buildings is good business. But investing in cybersmart buildings—that’s great business. Without security, the truly transformative benefits of connectivity and automation are at risk. Embracing cyber security means protecting your customers and your bottom line,” says Sedar Labarre, vice president of the paper’s authors, Booz Allen Hamilton.
Labarre’s comments hit on a fundamental hole in our smart building ambitions. By adding connectivity across a building we are also adding vulnerability to cyber-attack. We are opening up the very places we live and work to the same threats we spend billions collectively trying and failing to protect our personal computers against. Begging the question; how smart is it to build smart buildings?
British insurance company Lloyd’s estimates that cyber attacks cost businesses as much as $400 billion a year; this includes direct damage plus post-attack disruption to the normal course of business. Some vendor and media forecasts place the cyber crime figure as high as $500 billion or more. The World Economic Forum (WEF), meanwhile, suggests that a significant portion of cyber crime remains undetected, suggesting the cost to businesses is even higher than we realize.
Creating greater connectivity means creating more access points for hackers to infiltrate and attack our systems. When Memoori’s webinar guest Billy Rios and his colleague Terry McCorkle hacked Google’s Australian headquarters in 2013, they gained access through the air conditioning system. Whilst the biggest cyber attack in history, in 2016, was launched using internet of things (IoT) enabled surveillance cameras and printers.
“In a relatively short time we’ve taken a system built to resist destruction by nuclear weapons and made it vulnerable to toasters,” tweeted Jeff Jarmoc, head of security for global business service Salesforce last year.
Microchip giant Intel claims that the number of connected devices could surge to 200 billion by 2020, up from 15 billion in 2015. While Cisco and Microsoft have both predicted 50 billion devices will be connected to the Internet by 2020. That’s a lot of vulnerability and much of it is coming from, and threatening, our smart buildings, cities and grids. Unless we are designing systems and devices in a cyber safe manner, we are simply creating more risk, undermining the very purpose of building smarter.
“While the inclusion of cyber-security during the design and construction of control systems will increase the cost of both design and construction, it is more cost-effective to implement these security controls starting at design than to implement them on a designed and installed system. Historically, control systems have not included these cyber-security requirements, so the addition of these cyber-security requirements will increase both cost and security. The increase in cost will be lower than the increase in cost of applying these requirements after design,” states The Unified Facilities Criteria, published by the US Department of Defense.
Cyber-security should be a fundamental element of the design process for any connected system. As buildings continue to lead the smart, cyber-physical revolution, it is important they also lead the cyber-security defense program. While cyber-security breaches are inevitable, their rate and size will have direct impacts on the adoption of smart technology. A sharp increase in large cyber attacks could potentially slow down the development of the smart building sector itself.
While “cybersmart buildings” may be another in a long list of terms. This promotional whitepaper by Booz Allen Hamilton, on behalf of Johnson Controls, underlines the key issue facing smart buildings today. It explains that only through smart design can we truly secure our smart buildings.
“Defending against cyber threats today and tomorrow requires the secure design, development and deployment of building automation systems and controls,” concludes Bill Jackson, president of global products for Johnson Controls.