The potential attack surface continues to expand with virtual and multi-cloud networks, connected branch offices, growing volumes of IoT and endpoint devices, new SaaS applications, and the growth of Shadow IT. Most security teams, already suffering from understaffing and the looming cybersecurity skills gap, are struggling to keep up. The convergence of IT and OT is likewise adding to the challenges of securing today’s constantly evolving digital landscape. Everything from critical infrastructures, manufacturing floors, and transportation systems are being impacted. At the same time, new smart buildings are adding to the challenge, and many of these new interconnected environments are getting overlooked from a security perspective.
Smart buildings are part of a new trend in digital innovation that integrates technology into traditionally isolated devices and systems such as appliances, automobiles, and even entire cities. These things have historically been comprised of completely separate elements. Buildings are a perfect example. Lights, elevators, HVAC systems, physical access to rooms, floors, or the building itself, emergency and alarm systems, and security devices, to just name a few, all largely operate as independent systems that often don’t receive the same security attention as other IT-connected resources, such as financial or manufacturing systems. This has to change.
IoT and cloud computing are disrupting the construction industry as more organizations are looking to retrofit or build out new smart buildings. The benefits range from ensuring occupant comfort and safety to improved efficiency and sustainability and lower power consumption. However, connecting smart building technology to the IT infrastructure, or directly to the internet, increases the risk of a cyberattack. If cyber terrorists are able to remotely lock doors and disable fire suppression systems, for example, this could be a formula for disaster.
Smart building cyber security has generally not been included in the design, selection, or deployment of smart building technologies. The challenges of this approach are highlighted in a recent IDC report, sponsored by Fortinet, that not only examines a number of industries that have embraced smart building technology, but also identifies associated security implications and challenges and provides essential guidance for how to establish a security-first approach to smart building strategies.
Smart buildings expand the potential attack surface and increase risk due to the increased numbers of devices and connected assets involved. At the same time, security resources are already overtaxed and simply do not have the time or resources to bolt security into the smart building environment after the fact. Instead, smart building technology investments must begin with security front and center, with both physical security and cybersecurity being the highest priority as well as the core building block when developing a smart building.
Read the full IDC report on securing smart buildings.
Learn more about how Fortinet’s ICS/SCADA security solution designs security into complex OT infrastructures, extending security from the data center, to the cloud, to the network perimeter.