To ensure sustainable growth, facility managers and owners — with the help of security integrators — must address increasing concerns about IoT security.
As use of the Internet of Things (IoT) skyrockets, many companies are beginning to better understand the ultimate impact of these new technologies, especially on a company’s physical security and cybersecurity. With their abilities to increase efficiency and reduce costs, IoT- and Cloud-based technologies are made even more attractive to adopt throughout properties in order to integrate data on workplace wellness, HVAC, lighting, digital power meters, smart circuit breakers and security.
As more buildings start to embrace new technologies with artificial intelligence (AI) and digital IoT, they are able to identify and implement efficiencies and extend the performance and longevity of building infrastructure assets. Furthermore, smart devices allow those on the facility team to gain access to the entire power network and provide control functions.
Smart devices not only monitor equipment performance and share alarms on threats, but they also make it possible to measure meter energy and other parameters at each key point throughout a facility’s power network.
Currently, the International Facility Management Association (IFMA) estimates that facilities which implement active controls and IoT-enabled technologies can expect a 50% increase in cost-efficiency through maintenance, energy and other recurring costs. By incorporating IoT capabilities, building managers are able to implement analytics and even predict maintenance needs, which allows facilities to save up to 20% per year on energy maintenance costs.
However, in order to ensure that continued growth is sustainable, facility managers and owners — with the help of their security integrators and experts — must address increasing concerns about IoT security. Given appropriate information, preparation, and assistance, building staff are able to develop effective strategies to protect building data by collecting information via the IoT and connected devices while simultaneously safeguarding against any vulnerabilities posed by such data collection.
IoT for Cybersecurity
But building owners and security integrators alike must keep in mind that breaches of building control systems or sensitive data can cost millions in regulatory penalties, disrupt core business functions, and threaten business reputations that could impair employee, consumer, and investor confidence. In order to secure connected buildings, it is vital that IT teams implement IoT-based cybersecurity solutions in order to thwart potential attacks.
Choosing a system that includes the use of encryption and multi-step authentication to protect communications between workstations, controllers, and mobile devices is an important step all facilities should take.
Specifying and installing systems which start their development cycle with a focus on securing by design, leveraging the latest in encryption, will allow designers to take ownership of their system. But at the foundation of all security planning, the best place to start is built-in security.
A comprehensive system that has a process to manufacture, build, design, and deliver solutions that are based on ISO 9001:2015 and ISO 27034 cybersecurity standards is key. This ensures that cybersecurity is not an afterthought, but is instead a necessary, innate and integral application, and can be managed and measured throughout the entire product development process.
Additionally, it is important to have dedicated cybersecurity test labs to verify the utility and efficacy of the platform in question, even including third-party validation in the mix. A team that uses open source and commercial-grade cybersecurity tools as well as using in-house technologies and techniques are further able to ensure cybersecurity, from installation to decommission. Also helpful for facility managers? Employing independent, CREST-certified labs to validate the security of all specified and installed solutions. A product that has been validated by third-party participants who work in diverse industries such as banking and finance, hotels, healthcare and more can be especially beneficial.
There are standards and protocols that are now being implemented to maintain cybersecurity across each platform integrated with mobile apps. For example, system manufacturers today provide security training to application developers in the hopes of ensuring that their own clients are complying with these standards. Business managers are also incorporating testing, threat modeling, and secure code practices to ensure their teams are following the proper security protocols. Another stakeholder in this equation is equipment manufacturers.
They — alongside installers and integrators — provide partners and customers with the necessary instructions and documentation to educate them on the proper way to deploy their equipment. Facility managers have also initiated the allocation of staff to dedicated cybersecurity teams in order to support, install, and maintain services to mitigate incidents or find vulnerabilities.
Unfortunately, attacks are becoming more common and more sophisticated. It is important, now more than ever, for security integrators and salespeople to keep up to date with the latest available solutions as hackers continue to familiarize themselves with the security solutions that are already available. New processes and procedures that are being put into effect for changing security needs will be vital to ensuring facility success.
Along with keeping the technology up to date, network managers should plan to continually train staff to ensure that their systems and protocols also evolve with the times.
IoT for Physical Security
Along with benefiting internal protection, the adoption of the IoT comes with added benefits for access control and on-site security. In today’s smartphone era, it is becoming increasingly common — even expected — to see security personnel using mobile devices connected to their buildings’ systems. Mobile devices are integrated into daily workflows, so having them connected to the shared cloud allows workers remote access which will be an important part of building security and management.
Through remote monitoring, security teams can reach building systems like visitor management, intrusion detection, and video monitoring, all from wherever they are on campus — or even at home. Security professionals can also stay visible throughout the entire facility while also monitoring information through connected personal devices.
Security staff can make timely decisions and provide faster responses, particularly vital in emergency situations, by accessing occupant information, security alerts, and general building safety at any time, from any place. As security tools continue to develop, it is important for everyone — end users, integrators and sellers — to be aware of how new technologies are changing building security management, and to be aware of what they should expect to see in the future.
Remote monitoring is also helpful when it comes to analytics. One of the biggest advances for security and building automation as the industry evolves in the future will be with analytics tools. Analytics will be able to combine facility systems and their data with metadata, turning these disparate pieces into actionable insights that can be used for improvements and innovations.
Using these types of tools will make an incredible impact on the support of the building, workers, and occupants in both sprawling and compact facilities. Today, customers are looking for integration that goes beyond intrusion sensors, intercoms, and cameras. They want something that integrates lighting, building management, services, and tracking.
By providing tools that allow security teams to work from anywhere, buildings can now be more secure than ever.
Steven Turney is Director, Security Offers, for Schneider Electric.