FMJ Facilities Management magazine providing industry-specific intelligence to FM and property professionals
IoT expert Pippa Boothman VP Marketing & Communications at Norwegian tech company Disruptive Technologies, the developer of the world’s smallest wireless sensors and IoT infrastructure, explains how to address IoT security weak points
The Internet of Things (IoT) is rapidly becoming an indispensable technology for many facilities managers. Wireless IoT sensors provide a comprehensive, cost-effective, and simple method of data collection, allowing businesses to utilise this data in various ways to benefit occupants, operational and energy efficiency, and security.
However, for many FMs, the potential of IoT remains untapped, with concerns relating to security being the greatest barrier to IoT adoption. This prevents them from accessing cutting-edge technology and reduces their potential for driving efficiencies within their buildings. How can IoT security weak points be addressed so that both facilities managers and tenants can feel confident that their data and systems are protected?
WHAT IS THE ISSUE WITH IOT SECURITY?
IoT solutions come in many forms, and they all carry the question of how they’ll keep your critical systems and data secure. Almost all contemporary technology comes with the risk of being open to cyber threats. In the event of a cyber-attack, you not only risk losing data or having sensitive data leaked, but having information altered or processes disrupted, leading to equipment misfiring or even system shutdown. This can be expensive and time-consuming to resolve and carries a great risk of reputational damage. At a time of limited resources and intense competition, facilities management companies can’t afford to lag behind their peers, and security concerns shouldn’t prevent them from adopting IoT technology if it can increase efficiency.
Rather than simply avoiding IoT in order to evade the risks, it’s better to take steps toward understanding those risks, what they could mean and how to assess the security controls of any IoT solution.
HOW DOES COMPLEX IOT ARCHITECTURE OPEN THE DOOR TO CYBER-ATTACKS?
The main problem with IoT architecture and security is that any IoT ecosystem will involve the linking of multiple different technologies. The more systems and technologies you have working together, the greater the potential for the introduction of malware and security breaches. Unless you have the proper controls in place, managing the ways in which each technology product connects with the others, it becomes possible for those with ill intent to exploit security vulnerabilities in one area in order to gain access to the entire system – usually, without being detected. Many raced to be the first to launch first-generation IoT systems, and unfortunately, security wasn’t a primary concern. Now, it is key to ensure that the systems in place are capable of controlling any security threat.
The problem is that most IoT solutions involve a huge diversity of machine-to-machine connections, and that makes tackling the overall security complex; particularly when each component –hardware, applications, firmware, networks – is typically developed and managed by a different company. This means that it can often be unclear who is responsible for managing security across the system as a whole, making it more difficult for you to ensure that your entire system has the security protocols it requires.
This is especially true in Industrial IoT, where legacy hardware and software are frequently incorporated into an advanced, connected solution. The older components are used to perform new functions far beyond their original intent and without the security controls of new devices built into their code. This adds a further burden of responsibility to the newer IoT architecture, which may not have the capacity to handle the additional threat.
