7 ways to boost cyber resilience in the smart building industry

(Credit: Unsplash)

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Henning Sandfort, Chief Executive Officer, Building Products, Smart Infrastructure, Siemens AG & Alina Matyukhina, Cybersecurity Manager, Smart Infrastructure, Siemens AG


  • Smart buildings are an important tool in bringing down energy consumption.
  • The technology smart buildings use is vulnerable to cybercrime, so the sector needs to improve its cybersecurity.
  • This involves getting processes in place to ensure that cybersecurity is a priority throughout the lifecycle of all the products used in smart buildings.

In order to deal with problems such as increased population and climate change, we will need smart infrastructure that operates efficiently and saves energy. In the European Union, for example, 40% of energy consumption is attributable to existing buildings. Smart buildings offer one way to bring consumption levels down, but in order to do this the sector needs to improve its cybersecurity.

A smart building uses automated processes to control operations such as heating, ventilation, air conditioning, lighting and security. Many smart buildings rely on Internet of Things (IoT) technology, which means they have sensors to collect data and software to manage it in order to minimize energy use and environmental impact.The demand for this building type will increase significantly in the coming years. According to recent studies, the global smart building market is forecasted to grow to $127.09 billion by 2027, with a compound annual growth rate of 12.5%.

The sector must address the security challenges presented by smart buildings. Studies have shown that 57% of IoT devices are vulnerable to medium or high-severity attacks. Cyberattacks have already harmed several businesses, including critical infrastructure such as hospitals, data centers, and hotels.

To protect against cybercrime, smart building companies should follow the following 7 principles.

Infographic showing the 7 principles of cybersecurity
There are seven ways in which companies can make sure their products contribute to smart buildings’ cybersecurity Image: Siemens

1) Governance

Companies need adequate security know-how. They need to be clear about roles and responsibilities in this area, and to develop a clear set of security messages about how incidents should be dealt with. Each team should ensure that its product, solution, or service has adequate built-in cybersecurity. Companies need to support customers in maintaining cybersecurity over the entire lifecycle of the product or building.

2) Secure supply chain

Companies should require partners throughout the supply chain to meet reasonable levels of security before establishing business agreements. They should integrate their security requirements into their terms and conditions and assess suppliers to find potential protection leaks. They also need a process to identify and manage the security risks of all externally sourced components. This can be done using an automated tool to monitor and track vulnerabilities.

An infographic showing that 'cybersecurity is everyone's responsibility'
Cyber security can only be achieved if building operators, system integrators, planners and owners all play their part Image: Siemens

3) Cybersecurity in product development

Companies should include cybersecurity in the initial design of products. This process could start with defining a cybersecurity target for each product based on market needs. It is more cost-effective to address security early in the lifecycle of a product, than it is to fix problems later on.

Security experts should perform threat and risk assessments throughout the lifecycle of the product, in order to identify and mitigate potential risks. This should start early in the product development process and should be repeated for every significant update. Before releasing a new product, companies should ask independent third-party organizations to test it for potential vulnerabilities.

4) Internal and external cybersecurity awareness

People are at the heart of a successful and effective cybersecurity strategy. Investing in continuous training and awareness will help safeguard organizations against cyberattacks. Employees who are involved in security-related processes should be adequately trained, and there should be clear guidance about who to contact with internal questions or problems.

Companies in the smart building sector also need to share information and work together to keep each other updated of new threats as well as best practices.

5) Vulnerability and incident handling

Any suspected incident should be treated as real until proven to be a false alarm. Every company needs a guide setting out how security incidents should be resolved in a timely manner. They must ensure that they’ve done everything possible to mitigate the risk of a breach.

It is vital that companies are transparent about incidents, informing customers and other required stakeholders when they find vulnerabilities. In the event of a problem, corporate communications are as important as fixing the technical defect, because cyberattacks may damage a business’ reputation and erode the customer’s trust.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority. World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation – to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience – to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

6) Risk-based asset management

The development environment of the product is one of the most critical assets of a company and needs to be protected. It is important to ensure that the product has not been altered or disclosed in any way during the development process. For example, a developer may unintentionally download a malicious program which could lead to an infection being distributed as part of a product. It is vital to perform the asset classification as well as protection and to repeat it on a regular basis. Critical assets should be identified and classified, and protection measures defined for each asset.

7) Compliance with cybersecurity standards

Owners need to comply with latest cybersecurity regulations and make cybersecurity a part of tender specifications. There are three key cybersecurity standards for the smart building industry: two international (IEC 62443, ISO 27001) and one EU-level (European NIS Directive). Building operators benefit from the precise definition of requirements, the implementation of standardized processes and from the availability of documentation related to each respective standard. Nevertheless, no supplier can create IT security alone: building operators, system integrators, planners and owners are a crucial part of it.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

4 innovative renewable energy projects powering Europe’s green future

Financing economic recovery, written by United Nations Under-Secretary-General

Is your smart home as safe as you think?

45th Anniversary of the French Confederation (Confédération Nationale des Junior Entreprises)

A Europe that delivers: EU citizens expect more EU level action in future

Islamophobia is driving more US Muslims to become politically engaged, suggests report

MEPs condemn attacks on civilians, including children, in Yemen

The banks first to benefit from the new euro trillion ECB plans to print

8 fascinating and fearsome frontiers of science you should know about

Making the move to more sustainable mobility – three steps for companies

Colombia: Rights experts condemn killing of reintegrated former rebel fighter, call for respect of peace process

EU-Russia summit in the shadows of Kiev’s fumes

The Parliament sets the way for the European Banking Union

6.1 billion EUR for sustainable fisheries and safeguarding fishing communities

Thursday’s Daily Brief: Safeguarding civilians, strengthening Ebola response in DR Congo, marking Fistula Day, updates on CAR and Syria

This is how India can become the next Silicon Valley

Turkey: Commission continues humanitarian support for refugees

19th EU-China Summit: A historical advance in the Chino-European rapprochement

The woman who wanted to be treated the same as the man

These countries are the most peaceful – in 3 charts

Alternative proteins will transform food, mitigate climate change and drive profits. Here’s how

Estonia: use robust growth to improve income equality and well-being

The use of mobile technologies in Radiation Oncology: helping medical care

These countries are leading the way in green finance

Shenzhen just made all its buses electric, and taxis are next

4 eco-friendly products put sustainable spins on classic practices, from teacups to hankies

Why the future is bright for drone technology

‘Jerusalem is not for sale’ Palestinian President Abbas tells world leaders at UN Assembly

US-China trade war: Washington now wants control of the renminbi-yuan

Look Mom, even the House of Lords says the #righttobeforgotten is not right

Portuguese Presidency outlines priorities to EP committees

An economist explains how to value the internet

Investing in rural women and girls, ‘essential’ for everyone’s future: UN chief

Cum-ex tax fraud scandal: MEPs call for inquiry, justice, and stronger tax authorities

Libyan authorities must shoulder the burden to support country’s ‘vulnerable’ south

COVID 19 Vaccine: A new terror or a savior for mankind?

State aid: Commission approves €150 million Austrian subordinated loan to compensate Austrian Airlines for damages suffered due to coronavirus outbreak

The status of the Code of Medical Ethics: loading

UN Security Council offers Yemen Special Envoy ‘their full support’

Over 1 million health consultations provided in Yemen in 2019: UN migration agency

Why the ECB prepares to flood the markets with more and free of charge euro; everybody needs that now

“I believe that startups are for grown-up men, those, who have already achieved something “

Do not jeopardise future-oriented EU programmes, say EP’s budget negotiators

‘Global sisterhood’ tells perpetrators ‘time is up’ for pandemic of violence

One Hundred Years of Qipao History: from Shanghai to EU

Finland is a world leader in clean energy. Here’s what’s driving its success

Nearly four million North Koreans in urgent need, as food production slumps by almost 10 per cent

Will the Greek economy ever come back to growth?

3 important lessons from 20 years of working with social entrepreneurs

At this ‘critical moment’, UN chief urges anti-corruption conference to adopt united front

We are stronger than this pandemic (COVID-19)

EU lawmakers vote to reintroduce visas for Americans over “reciprocity principle”

‘Endemic’ sexual violence surging in South Sudan: UN human rights office

Public Policies for LGBT in Brazil

A faster, fairer way to retire carbon-emitting assets

Amid pandemic detours, mental health matters

Coronavirus: Commission concludes talks to secure future coronavirus vaccine for Europeans

Why hourly workers should have the same benefits as salaried ones

How do we design an inclusive energy transition?

State aid: Commission approves €300 million Austrian scheme to support organisers of events affected by coronavirus outbreak

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s