“The cyber security workforce simply cannot scale in line with additional device connectivity, as budgets for cyber are not unlimited,” states the latest report from Memoori: Cyber Security in Smart Commercial Buildings 2017 to 2021. “Businesses will increasingly seek to develop adaptive, scalable solutions to match their changing network landscape,” the report suggests.
Cyber security skills are now widely recognized as the most in demand of all IT disciplines, with demand for skilled cyber security staff set to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million. The US Bureau of Labor Statistics predicts that demand will intensify still further, with “information security analysts” becoming the fastest growing job category with 37% overall growth between 2012 and 2022.
While such a significant skills shortage inevitably reduces the rate of growth in any industry, the nature of cyber security means a slowdown has other implications. Cyber security protects, and a slowdown in the face of rapid growth in connected technology means less protection, and therefore more opportunity for attack.
What’s more, as information technology (IT) spreads, especially through cyber physical systems like smart buildings, a new range of companies require skills they have never required before. Building owners, facility managers and even appliance manufacturers are surging into the connected world with little knowledge of cyber security and a lack of potential recruits who could add that knowledge.
“Many organizations simply do not have the experience or training necessary to develop a viable security policy, protect critical assets and network environments, or identify and respond to today’s more sophisticated attacks. This is driving the demand by businesses in all verticals are looking for experts with experience in cyber security specialties including threat management, attack mitigation, intrusion detection, and network monitoring,” the report highlights.
Cyber security for smart buildings protects people in a very direct sense. Attacks on smart buildings can literally leave occupants cold, scared and in the dark. Lighting, heating, ventilation, and air conditioning systems are all vulnerable to attack, hackers could even control door locking mechanisms to gain entry or trap occupants.
The cyber threats to smart buildings are very real. They also create unprecedented numbers of system end-points making defense more challenging. These two factors demand that smart buildings recruit top talent from the cyber security space, but that talent is increasingly hard to find as the skills gap widens.
“Competition for the brightest talents in the cyber security field will be intense, with inflated salaries on offer to the best candidates. Government, military and financial services companies will likely cream off much of the best talent, due to the criticality of their cyber operations,” the report predicts, leaving little for the expanding and unprotected smart buildings market to work with.
This is already forcing many organizations to use “off the shelf” products, such as automated firewalls or preconfigured anti-virus software, to protect against cyber attack. The scope of these products is limited for any application but even less so in the smart building space.
“These tools are unlikely to be compatible with building operation systems and may prove inadequate for securing highly dynamic and widely distributed networks. Besides this, installing new tools is not enough, they will and also require ongoing tuning, management and analysis by experienced staff to be effective,” the report warns.
The cyber security problem for smart buildings is two-fold; there is a general shortage of cyber security experts, and smart buildings require a specific skills set that reduces the talent pool even further. Cyber physical systems such as those found in smart buildings require a rare blend of operational technology (OT) and IT in order to devise effective security strategies.
The smart building sector must be proactive in developing its own cyber security talent pool for the future, to avoid spiraling salaries and unprotected assets. Yet this seems unlikely for a sector that still lacks the IT knowledge to prioritize cyber security investment. It’s not just building owners and facility managers but also the contractors installing building systems.
“When many of these systems are installed, contractors involved in the deployment had little or no cyber security training. Their skill set is more likely to revolve around deploying equipment and systems integration. These days, integrators and installers need new skills related to concepts such as network segregation and encryption in order to keep building systems secure,” the report points out.
In the face of rapid growth in connectivity, especially in the case of smart buildings, the cyber security sector faces a skills shortage with broad implications for our connected society. Developing talent takes time, which is all the more reason for the cyber security and buildings sectors to act now.