Is your building a hack risk, by Colin Tankard, MD, Digital Pathways

Is your building a hack risk, by Colin Tankard, MD, Digital Pathways

The word smart is often applied to devices that are enhanced through Internet connectivity, with the best-known example currently being Smartphones that have transformed the way that we communicate. Such technology is also helping to make buildings smarter.


Smart buildings incorporate the use of building automation systems that provide automated, networked control over factors that include heating, ventilation, air conditioning and lighting. With all these systems interconnected, building performance can be optimised; creating much greater operational efficiency.


The ability to integrate and manage multiple systems centrally has advantages that go beyond achieving greater efficiency in operations. It also has far-reaching implications for security.


Commercial buildings and facilities face a range of security threats, including from natural hazards, as well as from disgruntled employees, terrorists and criminal groups and from geopolitical actions such as riots and political unrest.


There are also a number of other factors impacting building security owing to the nature of many commercial buildings, especially large complexes and high-rise buildings in dense urban environments that often are rented out to multiple companies.


Security in such environments is complicated by the relative anonymity of users and occupants which can lead to a poor security culture and can allow interlopers to go unnoticed, restricted movement in terms of elevators and lobby areas, which can hinder security and emergency teams and the fact that services such as utilities tend to be grouped together into one service core to make them easier to manage, but which also makes them easier to target.

In 2013 cybersecurity researchers, looking to test a theory, hacked into digital giant Google. What was interesting about this attack was that it wasn’t the search engine that was targeted but the building management system of their Wharf 7 office in Sydney, Australia. The hackers took advantage of the tens of thousands of control systems that connect everything within the building to the Internet.

The wealth of information that they were able to obtain about the building showed how vulnerabilities in security could be exploited for malicious intent. Blueprints of the floor and roof plans, images of the water pipe network and even the temperatures recorded in the building. More concerning though was the intimation that with a little further digging, which the researchers in question weren’t inclined to do, there could well have been access to security systems that would have unlocked otherwise restricted doors.

So, it is easy to see that with greater interconnectivity among systems, security becomes an increasing concern as electronic networks can be hacked or sabotaged. In terms of buildings, these can include video surveillance systems, access control systems, fire control systems, and sensitive internal files and other IT systems.


According to Gartner, 20% of smart buildings will have suffered from digital vandalism by the end of 2018. To ensure that security issues do not derail the opportunities made available by smart building technology, all systems—both physical and logical—must be efficiently integrated so that they can be effectively monitored, managed and centrally controlled through one platform using common processes and workflows. It is essential that the system provides alerts when abnormalities are flagged so that remedial action can quickly be taken and prioritised according to perceived levels of risk.


Through integration of all systems, physical and logical, organisations will be better able to manage their entire building system continuity and security needs. Combining all data feeds into one central management portal aggregates all information into one location for efficient incident reporting and escalation. It will enable building management to take a centralised view of all building control and network systems, integrating physical controls with data security controls. Hence, they can move from looking at islands of information in isolation with alerts related to just specific incidents to being able to see trends as they occur across the entire system, which is essential for countering advanced, persistent attacks that are the norm today.


Not only will greater integration increase operational efficiencies it will avoid the need to replace existing controls, since software applications that provide bespoke integrations add an additional layer of control to those systems so that they can be part of the overall integrated management system. The use of integrated, advanced analytics solutions to bring together all data feeds, the promise of smart buildings is one step closer to being realised.



Colin Tankard is MD data security company Digital Pathways which is a specialist in the design, implementation and management of systems that ensure the security of all data whether at rest within the network, mobile device, in-storage or data in-transit across public or private networks.

Add New Comment