Promotes cybersecurity best practices in evolving building management systems (BMS)

Release Date: June 18th, 2019

The IoT Security Foundation (IoTSF) has published a new, free to download whitepaper today titled: “Can you trust your smart building? Understanding the security issues and why they are important to you”.

It is aimed at a broad range of stakeholders that together design, specify, procure, install/integrate, validate, operate and maintain building automation systems (BAS). It is specifically targeted at building owners, facility managers, technology providers, architects and installers.

Smart Buildings are increasingly classified as IoT systems and offer benefits such as:

  • Savings in energy and water usage and the resulting reduction in costs and carbon footprint
  • Improved working conditions, safety and security for occupants
  • Improved customer service levels
  • Visibility and management of occupancy levels
  • Optimisation of resources (physical, space and human)
  • Reduced maintenance costs

However, with the increasing networking of systems and connections through the public Internet, this also increases the threat of hacking by criminals and other groups. It is therefore important to understand those threats and plan safeguards so the buildings systems are cyber-safe and continue to operate as intended.

The whitepaper discusses a number of vulnerabilities that exist and where solutions lie to protect people, assets and business investments. It further explores the evolving responsibilities that each building stakeholder has to consider across the design, integration, occupation and maintenance of the buildings lifecycle.

Duncan Purves, lead author and Director of Connect2 Systems said “You may ask yourself ‘Why would anybody want to hack our building, we’re not a bank; we have nothing a hacker would want’ and you may think no-one would be interested, but even if this is the case you may become the unintended victim of collateral damage as in the case of the WannaCry ransomware attack that infected over 200,000 devices across a wide sector of organisations in more than 150 nations including the UK’s National Health Service. It is important to understand and mitigate the risks posed to your tenants, staff, visitors and assets from vulnerabilities in Internet connected building systems.”

Prof Paul Dorey, Executive Steering Board member of IoTSF added “Many CISOs are planning their future IoT security strategy, but if they want real live examples they probably just need to pop down to their office basement and see the new smart building systems. I am therefore delighted to be part of this important initiative addressing IoT Security with stakeholders across facilities management and building systems.”

Duncan Purves concluded by saying “I encourage people to engage with the IoT Security Foundation and the dedicated Smart Buildings Working Group to develop, adopt and implement best practice security for Smart Buildings.”

The whitepaper can be downloaded for free from the IoT Security Foundation website at:

About the Internet of Things Security Foundation (IoTSF)

The mission of IoTSF is to help secure the Internet of Things through awareness and the adoption of best practices.

IoTSF promotes the security values of a security-first approach, fitness for purpose and resilience through operating life. The security values are targeted at key stages of the IoT eco-system – those that build, buy and use products and services: Build Secure. Buy Secure. Be Secure.

IoTSF was formed as a response to existing and emerging threats in the Internet of Things applications.

IoTSF is an international, collaborative and vendor-neutral members’ initiative, driven by the IoT eco-system and inclusive of all parties including technology providers and service beneficiaries.

For more information, news and further announcements, visit the official website at

Press Contact
[email protected]

twitter: @IoT_SF

A Smart Building System is a ‘System of Systems’

Duncan Purves
Lead Author & Director of Connect2 Systems

Prof Paul Dorey
Executive Steering Board Member