The Risks of Being Smart: Smart Buildings and Cybersecurity Standards

Executive Summary

Smart buildings and cybersecurity seem unrelated on the surface. Smart buildings are principally concerned with using connectivity to gain visibility into assets and capturing data for optimization of operational performance in terms of maximal conservation of water and energy.

Cybersecurity, on the other hand, is concerned with protecting communications networks, and the information on those networks, from foreign and domestic adversaries who could use unauthorized access to create outages, hold assets hostage and cause other damages. 

This presentation offers a comprehensive, albeit inexhaustive, exploration of the relationship between smart buildings and cybersecurity that: (i) explores the history of smart buildings; (ii) clarifies the difference between operational technology (OT) and information technology (IT) cybersecurity including the protocols that drive OT cybersecurity programs; (iii) provides recent examples of critical attacks on building controls; (iv) defines present designs standards, policies, and programs for cybersecurity in the built environment; (v) identifies common educational gaps among architecture, engineering and construction (AEC) and cybersecurity professionals; (vi) anticipates how the overlap between smart buildings, AI, and cybersecurity will continue to grow in importance over the coming years; (vii) recommends that the architects, engineers, contractors, owners, and operators of all smart buildings have a professional responsibility to become better educated about basic cybersecurity concepts; (viii) proposes that non-profit organizations such as ASHRAE, USGBC and GBI have an obligation to the public to incorporate cybersecurity standards into energy performance-based codes; and (ix) concludes with recommendations of practical next steps for smart building owners.

By the end of this presentation, you should be able to: (a) appreciate the history and key events in building cybersecurity; (b) understand the risks and best practices for smart buildings; (c) relate elements of cybersecurity to your responsibilities as a design or construction professional; and (d) effectively consider the implications of cybersecurity for the future of real estate assets.

Appendix A includes reference to incident report guidelines, and Appendix B includes the Quiz to qualify readers for the available Continuing Education Units (CEUs).

Keywords: smart buildings, green buildings, operational technology, building control systems, internet of things, artificial intelligence, cybersecurity, corporate risk, commercial real estate