Buildings will account for 81% of all connected things in 2020, ushering in a new era of smart office buildings, schools, hospitals and more that will improve efficiencies for building management and provide a more comfortable experience for occupants. However, buildings are also at an increased risk of cyberattacks as they collect more data, become more interconnected and extended outside of their original operating environment.
Cyberattacks can be catastrophic. A ransomware attack on a hospital’s building operating system could lock key staffers out of their computers, causing a multitude of issues including severe delays in accessing patient data and admitting new patients. Since it takes 23 days on average to resolve a ransomware attack, the impact of an event like this could be devastating.
That’s why a global standard for securing an intelligent building’s operational technology (OT) system is necessary. We must prevent these incidents from happening, while ensuring that connected building solutions continue to advance safely and securely.
Looking ahead to 2020, it is likely we’ll see a greater focus on standardization for building cybersecurity, with at least one framework emerging as a leading guide for securing a building’s OT system. And it all starts with understanding the probability and the severity of these attacks happening in the first place.
Buildings as a prime target
Research from Accenture shows that security breaches have increased by 65% within the last five years and cyber criminals are expected to continue exploiting building cybersecurity weaknesses in 2020 and beyond. However, even though cyber-related threats put people, assets, data and corporate reputations at risk, building OT systems often remain a less-guarded entry point.
There are a several ways a building’s OT system may become an attractive target for cyberattacks. For example, they may consider a building’s OT system a bridge to a larger breach – compromising sensitive IT data such as personnel information, financial records and more.
Successful entry could also grant cyber criminals control over power systems connected to the building’s lighting, HVAC, etc., leading to significant business challenges, lost productivity, occupant discomfort and asset destruction. For example, an extreme adjustment to temperature could seriously damage equipment or other stored material.
With so much at risk, the best thing an organization can do for their building’s OT system is to prepare accordingly and push for the development of a global standard.
Building cybersecurity: Redefining what it means to be secure
As the potential dangers associated with OT cyberattacks become more widely recognized, businesses will likely begin to consider cybersecurity a key safety and security metric. This holds especially true as digitization and the interconnectivity of building devices continue to open up new routes of access.
As a start, we are now seeing more and more companies incorporate basic cyber hygiene practices into their work. While this practice can help increase incident readiness, it may not be enough. Routine cybersecurity assessments must be implemented across a building’s OT infrastructure to identify gaps. For example, understanding a buildings network design, providing secure configuration to enlisting more advanced procedures, such as vulnerability testing and creating a unique methodology for data management, will better safeguard valuable assets.
The security professional of the future
As more connected building systems are expected to penetrate the market, the heightened vulnerability to cyberattacks will likely create a need for a new type of security specialist – one that is skilled in both OT and traditional IT.
While both OT and IT departments have been increasingly working together to respond to cyberattacks, the market will demand a new skillet that combines the capabilities of both functions. We’ve actually seen many employees take action on their own, and actively develop these broader abilities. As such, it is becoming increasingly common for IT cybersecurity professionals to learn more about OT, as well as for traditional OT engineers to grow their skillsets in IT.
In response, businesses in 2020 must recognize this emerging trend and foster a learning environment in which this new security professional can mature and further develop both OT and IT competence.
A pivotal year for the industry leading to increased building cybersecurity
Overall, 2020 will likely serve as a transformative year for building technology and the professionals working within this industry. Improved awareness and better understanding of building cybersecurity will pave the way for a global standard, and for bigger strides toward securing our OT systems against emerging and increasingly aggressive threats.
As more businesses implement plans to better protect OT infrastructure, foster an environment to nurture their security talent and ultimately work together toward developing a global standard, we can rest assured knowing that our buildings of the future will be able to function without fear.