The promise of future cities and buildings built around a smart vision to reduce waste, drive efficiencies and optimise resources is great, but comes with many inherent challenges, with security being among the most significant, according to the whitepaper.
Smart technology enables the collection and analysis of data to create actionable and automated events that will streamline operations, but the whitepaper notes that to deliver this at far greater scale means bringing together a large number of very different systems and empowering them to communicate freely with access to important and often sensitive data.
Device interoperability will be a crucial component of its success, but to have full confidence in the way that these diverse ecosystems operate together, and to ultimately cede important decision-making to them, the whitepaper said stakeholders must be fully confident in the security of the systems.
One of the biggest challenges is the huge number and variety of stakeholders who all have a role to play and need to work in collaboration. These include building owners, property developers, landlords, building occupants, architects, technology suppliers, building services engineers, town planners, chief security officers, chief information security officers, data protection officers and more.
At the core of the security problem is the fact that many of the systems that smart building and cities will need to rely on will be linked to a wide variety of internet of things-connected (IoT) devices and sensors that are potentially vulnerable to cyber attacks.
The whitepaper underlines the importance of considering and evaluating cyber security throughout the whole supply chain to protect data, maintain privacy and keep risk associated with cyber threats to a minimum. According to the whitepaper, this process should always start by looking at device security and the supplier’s cyber maturity.
Managing cyber security in environments of this scale, the whitepaper said, involves drawing up thorough risk assessments to identify vulnerabilities throughout the supply chain and mitigating the potential for damage that they could cause.
The whitepaper reviews stakeholder roles and security risk management to better understand the security issues associated with smart building systems, and underlines the importance of understanding the vulnerabilities to a vast range of threats as well as the technologies and standards to be applied.
The whitepaper includes recommendations for stakeholders on how to get started, security standards and frameworks, product strategy, system and solution security, supply and purchasing, and converged cyber-physical security operations .
The associated disruption as a result of a cyber security breach of a smart system could be catastrophic, the whitepaper said, adding that it is “critically important” to ensure that converged security becomes a vital component of this “rapidly changing paradigm”.
Read more about converged security
- Convergence of threats and technologies and an increasingly complex regulatory environment are driving the need to implement new cyber security protections, says McAfee chief.
- IT execs must evaluate an organisation’s current on-prem and cloud setup before selecting a hyper-converged offering to avoid security holes, disjointed workflows and poor user experience.
- A lack of skills, visibility and clarity on which business function is responsible for securing operational technology are the biggest challenges to managing the risk , a study shows.
- Operational technology comes with its own unique challenges and benefits, but the IT department can shine a light on how to tackle its security issues .
Steven Kenny, industry liaison for architecture and engineering at Axis Communications, said the whitepaper is the third in a series of research projects aimed at contributing to the discussion on the urgent requirement for the worlds of physical and IT security to converge if the smart promise is to become a reality.
Security Is Not Privacy
“At Axis, we are passionate about using technology to help create a smarter and safer world. We believe that technology should be used in an ethical and responsible way, and this whitepaper reflects the very values of our business in that, used responsibly and with security front and centre, smart technology will help us address the big challenges of our time.”
The report is written by James Willison, the founder of Unified Security, and Sarb Sembhi, the CTO and CISO at Virtually Informed. “Security cannot be avoided in the context of a smart building or city, and yet in many cases stakeholders have not even thought about it. It is important that they all realise that they need to make a start somewhere, and this whitepaper aims to help with that,” said Sembhi. He is also critical of marketing campaigns that sell building surveillance technologies in terms of security. “That’s wrong. They tend to treat security and privacy as the same thing, but they are not. Using these terms interchangeably creates confusion and stakeholders are not clear about what they are trying to buy,” he told Computer Weekly.
We recommend hardware security keys like Yubico’s YubiKeys and Google’s Titan Security Key. But both manufacturers have recently recalled keys due to hardware flaws, and that sounds a little worrying. Physical security keys like Google’s Titan Security Key and Yubico’s YubiKeys use the WebAuthn standard, the successor to U2F , to help protect your accounts.
Kenny added: “We greatly admire the work that Virtually Informed and Unified Security are doing to help ensure that the worlds of physical and cyber security are aligned and working together to achieve a common goal of increased safety and security for all.”
Umbrella: Security made easy
Read more about IoT security
- Identity is key to security, but ensuring identity of all the things in an IoT de ployment can be challenging.
- The IoT Security Foundation has published a guide on security for smart buildings to highlight key issues and gather feedback to inform future guidance for industry stakeholders.
- The UK plans to introduce measures to require that basic cyber security features are built into internet-connected devices.
- The security of devices that make up the internet of things (IoT) is a top concern for many in the industry, but leaks from an IoT database highlights the importance of back-end security too.