In part one of our CRE cybersecurity series we discussed the perceived risks associated with IoT and how it’s often thought to lead to compromised cybersecurity. The unfortunate reality is that disconnected buildings are often just as vulnerable to cyberattacks as their connected counterparts, as older buildings can contain units that are internet-active and unencrypted, all without the facilities management (FM) team’s knowledge. In addition, an older BMS can expose your portfolio to information leaks and cyberattacks if not updated to protect against the latest malware.
If you’re not sure how vulnerable your organization is to cyberattacks, the first step should be to execute a comprehensive site audit, including the building network, BMS, all sub-systems, and any IoT devices. Log all previous contractors that have had maintenance contracts and ensure you consistently capture the software they use and how they gain external access to your buildings. Unfortunately, it’s not uncommon for critical systems to be commissioned and deployed from contractor laptops with no handover or internal back up of those files. The audit should therefore include the manufacturer, model, firmware versions, points of external access, usernames, passwords and the locations of all system configuration files.
A comprehensive audit should conclude with a Data Commissioning Report, evaluating the performance of each connected device and sensor. A Data Commissioning Report provides a list of issues that need to be resolved by a controls or network vendor, as well as a summary of the building systems capable of being integrated into a smart building platform. Some common issues highlighted by a Data Commissioning Report include:
While cybersecurity risks are typically hidden in the underlying IT and OT systems, this report should complement your cybersecurity audit, providing a comprehensive list of your sensors, highlighting which are disconnected, miscalibrated or broken.
Completing a site audit will create a foundation for your cybersecurity strategy and further investment into a scalable smart building program. Contrary to what the headlines lead us to believe, embracing IoT technology is key to improving cybersecurity, when implemented correctly. Having discovered your portfolio’s cybersecurity weaknesses, you’ll then need to address them - find out how in part 3 of our CRE cybersecurity series.
Talk to a smart building expert to learn more about how Switch helps portfolio managers reach their sustainability goals.
5 articles found
When it comes to being a building owner or operator, you have a lot to balance.
Switch team had the pleasure of participating in the Blueprint 2022 in Las Vegas last September, convening with the industry's thought leaders and key companies
Switch celebrates Wear It Purple Day 2022—an international movement of expression, celebration and support.
A good building management app helps commercial property managers streamline operations, save time and cut costs. Select the right one by following these tips.
With the onset of climate change to drive the global sustainability agenda, energy consumption in the educational sector is both an environmental and financial concern for schools and universities. How can universities leverage the adoption of intelligent building technology to improve energy efficiency?
Get to know our Switchers as we share our journeys in the smart building industry and what it’s like working at Switch!