Smart Buildings & Cybersecurity Workgroup:
Managing the risks and benefits of IoT in smart buildings
The history of IT, Industrial Control Systems (ICS) and Operational Technology (OT) shows that security will always be an afterthought unless those who need good security can get their priorities in front of those that design systems. Combining a security mindset with design and innovation is really important, because the system is better, and always more cost effective, when security designed in from the start.
The Internet of Things Security Foundation (IoTSF) was established to make it safe to connect in the smart and hyper-connected era of IoT. Right now, we are witnessing the steady invasion of IoT into buildings and their networks, and we can see a growing need to support this area for a wide range of stakeholders – from designers, to integrators, to operators and users. There are a great many potential risks to buildings and those who own and occupy them, but that can be actively managed, cost effectively.
IoTSF has created a Smart Buildings Working Group and we need your help to make it safe for smart buildings.
We invite you to join the mission to make Smart Buildings safe and secure over their lifetime.
The goal of the Working Group is to establish a comprehensive set of guidelines to help each of the supply chain participants to specify, procure, install, integrate, operate and maintain IoT securely in buildings. This includes intelligent buildings equipment and controls such as audio visual (AV), fire, HVAC, lighting and building security.
Who should join-in and what do you get?
The workgroup will have a broad representation from a number of stakeholder groups, including:
Enterprises – owners and occupiers such as banks, technology companies and organisations with plant facilities with an active interest in the stability of their building control system or data centres. They will help define the security requirements to meet the business risks and describe how smart building systems should integrate into security management. Participants will learn more about the emerging risks, how to assess and manage them, as well as what to specify in procurement.
Facilities Management Companies – as risk owners and providers of services in smart buildings, facilities managers play a major role in planning, development and in day to day operations. They will help inform the working group as to how systems need to achieve on-going security goals within the practicalities of a cost effective service, using available skills. Participants will learn more about the direction of customer needs, contemporary and emerging risks, how to assess, specify and manage systems.
Systems integrators – help to define standard security solution sets and architectures for IoT in buildings. Integrators are key to making sure that BMS, IoT and related systems are specified, configured and installed with security in mind.
Physical security, fire and control systems manufacturers – as key suppliers, it is critical that security is designed in from the start, reducing exposure to owners and users to malevolent risk. This stakeholder group will help define security requirements for their product class and also demonstrate their systems are secure within the smart buildings environment.
IoT security specialists – a broader group contributing wide security experience to the context of smart buildings.
What will the workgroup deliver and what will it do?
The priorities and specific deliverables will be determined by the workgroup yet will likely include:
- Architectures, including secure systems management, services, devices and IT connectivity
- A set of best practice guides on how to apply and maintain IoT security for smart buildings
- Awareness material helping to show what good security looks like – examples of requirements statements or a procurement language for secure IoT in buildings
- Workshops and events
The work products will be adopted and maintained by the members of the IoTSF, and be made publically available in accordance with all IoTSF best practice and security advocacy materials.
Based on a firm foundation
IoTSF operates a number of working groups which cover both general (‘horizontal’) aspects of IoT security, as well as sector (‘vertical’) applications. A foundation of this work is the IoT Security Compliance Framework which can be generally applied by tailoring the security objectives for confidentiality, integrity and availability.
This working group will build on top of existing skills and experience within the Foundation and deliver fit for purpose security to those who need it, in a language they can understand.
To address the many challenges, we need to collaborate – as someone who has an interest in the success of Smart Buildings, we invite you join the working group.
How do you find out more or join-in?
Our first UK meeting was held in September 2018 in London with further meetings to be announced. You or your company do not need to be IoTSF members to attend the workshops at this prioritisation and scope phase. Naturally, we hope you become members if you share our concerns and have an interest in addressing the issues longer term.
This initiative is facilitated by industry experts Sarb Sembhi and James Willison who are working as Vice Chairs.