Booz Allen Hamilton, which has regional offices in Abu Dhabi, Beirut, Cairo, Doha, Dubai and Riyadh, says the UAE smart building industry needs to develop a cohesive ecosystem to safeguard against potential cyber risks
Growing automation and connectivity require buildings to be cybersmart
Hackers can exploit building vulnerabilities or IoT devices as the entry point into corporate and privately operated networks
Cybersecurity needs to be considered a business enabler, not just an IT issue or scare tactic
As smart cities become a reality in the GCC, smart buildings are increasingly becoming more prevalent because of the optimised efficiency and convenience they offer, for both operators and tenants.
A report entitled ‘Cybersmart Buildings’ co-authored by Booz Allen Hamilton and Johnson Controls states that the wider adoption of smart building technology should stimulate corporations and governments to ensure that they are adequately prepared for potential cyber risks.
Smart buildings operate as a link between the physical and digital world and leverage data to optimise operations and lower facility costs, while increasing safety and sustainability. However, unlike cyber risks in other industries, smart buildings are not just susceptible to data breaches and IT interference, they are also vulnerable to disruptions that could negatively impact several aspects of daily life.
Cyber threat actors have demonstrated capability and intent in hacking building automation systems, safety systems, and critical environmental technology. Smart system network designs must be secured, if integrated with IT systems and networks, to make sure internal systems are not exposed to new threat vectors from building automation systems.
For example, hackers can exploit vulnerabilities in Heating, Ventilating and Air Conditioning (HVAC) systems as the entry point into a corporate network, or hack into IoT devices to breach the privacy of residents.
His Highness Sheikh Mohammad Bin Rashid Al Maktoum, Vice-President and Prime Minister of the UAE and Ruler of Dubai, launched a smart building index across the UAE in 2016. The index outlines benchmarks for building designs and urges the deployment of modern construction methods that can render the construction process more efficient.
Smart buildings are further in line with Expo 2020’s theme ‘Connecting Minds, Creating the Future’ through ‘Opportunity, Mobility and Sustainability’ and solidify Dubai’s digital transformation into a full-grown smart city. With wider adoption of such smart technologies across the Emirates, the number of sensors and devices talking to one another increases.
Therefore, as automated systems control more of our environment, it is no longer enough for a building to be smart – it must now be cybersmart. This entails a blended approach of risk-based planning, technology, working with the right partners, assessing old and new infrastructure, processes and capabilities across the building lifecycle, and people skills.
Investing in smart buildings not only safeguards against potential cyber risks but also works towards energy efficiency goals. Smart buildings can supplement the Dubai Clean Energy Strategy 2050 which aims to provide 7% of Dubai’s power output from renewable sources by 2020, 25% by 2030 and 75% by 2050.
The stage is set globally where investment in energy efficiency continues to grow in the face of a decline in total energy investment. According to the International Energy Agency (IEA), energy efficiency investments continued to expand in 2016, reaching $231bn while total energy investment dropped for the second consecutive year by 12% to $1.7 trillion.
Dr. Adham Sleiman, Vice President, Booz Allen Hamilton, said: “There is tremendous business value in embracing building automation, including their cost savings, energy efficiency and the security and convenience they offer to their dwellers. Smart buildings are an essential component of a smart city, pushing the power of digital optimisation into the offices and homes.
“As such, it is of paramount importance to protect smart building investments for all stakeholders involved from developers to end-users. To achieve this, cross-functional cooperation between internal and external stakeholders is a must, including IT, cybersecurity and facility teams, external business partners and vendors. This will ensure that the truly transformative benefits of automation and connectivity can be protected so that smart buildings can achieve their full potential.”
Booz Allen Hamilton has created a core functions checklist to help assess and plan for threats throughout the following smart building lifecycle phases:
Consider Security Requirements: Work with vendors and technical partners to prioritise security as an integral part of any connected smart building solution. Define how you want the vendor to integrate with your existing network. Be prepared to articulate the budget for security operations throughout the building lifecycle.
Assess: Set a consistent assessment framework to evaluate security vendors and their solutions. Recognise that business imperatives like cost may supersede security concerns. So design a framework that evaluates the security implications and tradeoffs, but provides flexibility for add-on security controls.
Operations and maintenance
Build in Security: Understand vendor recommendations for how to securely deploy building automation systems and work with your IT department to follow those guidelines. Furthermore, understand how to incorporate additional controls over and above vendor recommendations based on your compliance and risk needs.
Test, Monitor, and Respond: Know your risk. Maintain situational awareness on what’s connected. Develop and implement an assessment framework that will identify security maturity across all domains in your ecosystem. Diligently and regularly stress-test your assumptions and technical vulnerabilities.
Merely having a compliance-focused approach of checking boxes is not enough. Wayne Loveless, Principal, Booz Allen Hamilton, said: “As the world evolves to smart neighborhoods and smart cities, potential challenges around cyber security will be inevitable. It is important to have a plan and be prepared to continually evolve. Cybersecurity isn’t a tax on the business, it is not simply an IT issue, and it certainly shouldn’t be a scare tactic. It is a business enabler and, when executed effectively, it is about insuring your investment and generating returns.”
For more information about cybersmart buildings, please download the full report here.